diff --git a/.classpath b/.classpath
deleted file mode 100644
index 3c57589c2..000000000
--- a/.classpath
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
-	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v6.0"/>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
diff --git a/.codenvy/project.json b/.codenvy/project.json
new file mode 100644
index 000000000..df32873a0
--- /dev/null
+++ b/.codenvy/project.json
@@ -0,0 +1 @@
+{"builders":{"configs":{},"default":"maven"},"mixinTypes":["contribution"],"runners":{"configs":{"system:/java/codenvy-cli":{"ram":1000,"variables":{},"options":{}}},"default":"system:/java/codenvy-cli"},"type":"maven","attributes":{"languageVersion":["1.6"],"language":["java"],"contribute_branch":["master"],"contribute_mode":["contribute"]}}
\ No newline at end of file
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 000000000..74f99db34
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,77 @@
+# Autodetect text files
+#
+# In addition:
+#   Windows developers should set:
+#       git config --global core.autocrlf true
+#   UNIX / MacOS develoers should set:
+#       git config --global core.autocrlf input
+* text=auto
+
+#
+# And configure default EOL terminators for various text types
+#
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+*.java text
+*.properties text
+*.xml text
+*.xsd text
+*.dtd text
+*.MF text
+*.md text
+*.html text
+*.tld text
+*.json text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.cmd text eol=crlf
+*.bat text eol=crlf
+# Because *nix editors / paginators can handle either way, but braindead
+# Windoze notepad which is used by default to handle text files in Windows,
+# not so much, we also make the concession here to use CRLF for EOL.
+*.txt text eol=crlf
+# Ditto for Eclipse related preferences
+*.prefs text eol=crlf
+
+# Declare files that will always have LF line endings on checkout
+*.sh text eol=lf
+*.bsh text eol=lf
+*.ksh text eol=lf
+
+# Eclipse stuff
+.settings/* text eol=crlf
+.classpath text eol=crlf
+.project text eol=crlf
+
+# Miscellaneous text
+.gitattributes text eol=lf
+.gitignore text eol=lf
+*.MF text eol=crlf
+LICENSE text eol=crlf
+LICENSE-CONTENT text eol=crlf
+LICENSE-README text eol=crlf
+
+
+# Denote all files that are truly binary and should not be modified,
+# or simply replaced in whole if committed.
+*.jpg binary
+*.JPG binary
+*.png binary
+*.jks binary
+*.ser binary
+*.doc binary
+*.docx binary
+*.xls binary
+*.xlsx binary
+*.pptx binary
+*.odt binary
+*.pdf binary
+*.zip binary
+*.jar binary
+*.war binary
+*.ear binary
+*.7z binary
+*.rar binary
+*.tgz binary
+*.tar binary
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 000000000..106bef3e2
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+---
+
+[**NOTE:** Please do NOT just ask general questions here as they will _not_ be answered. Instead, please use the GitHub Discussions and create a new topic under 'Questions and Answers". Also, please delete the instructions and replace them with actual text and delete the sections that are not relevant.]
+
+#### Describe the bug
+A clear and concise description of what the bug is.
+
+#### Specify what ESAPI version(s) you are experiencing this bug in
+This is especially important if it is not the latest version of ESAPI. Also, if you are using the Jakarta version (e.g., '<classifier>jakarta</classier>'), then please note that as well.
+
+#### To Reproduce
+List the steps to reproduce the behavior or (ideally) attach a small JUnit test to reproduce the problem. Please _be specific_.
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+Note also any specific configuration changes that are needed to replicate the problem. That is especially important if you are not using the default configuration files (ESAPI.properties, validation.properties, antisamy-esapi.xml, etc.)
+
+#### Expected behavior
+A clear and concise description of what you expected to happen.
+
+#### Screenshots
+If applicable, add screenshots to help explain your problem.
+[**NOTE:** Please do NOT just ask general questions here as they will _not_ be answered. Instead, please use the GitHub Discussions and create a new topic under 'Questions and Answers".
+Please delete any irrelevant portion of this template before submitting your GitHub issue. Thanks.]
+
+#### Platform environment (please complete the following information)
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - JDK version used with ESAPI
+
+#### Additional context
+Add any other context about the problem here.
+If known, please select the label corresponding to the affected ESAPI component.
diff --git a/.github/ISSUE_TEMPLATE/enhancement-request.md b/.github/ISSUE_TEMPLATE/enhancement-request.md
new file mode 100644
index 000000000..c525b5a48
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/enhancement-request.md
@@ -0,0 +1,21 @@
+---
+name: Enhancement request
+about: Suggest an enhancment for this project
+title: ''
+labels: enhancement
+assignees: ''
+---
+
+[**NOTE:** Please do NOT just ask general questions here as they will _not_ be answered. Instead, please use the GitHub Discussions and create a new topic under 'Questions and Answers". Please delete any irrelevant portion of this template before submitting your GitHub issue. Thanks.]
+
+#### Is your feature request related to a problem? Please describe.
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+#### Describe the solution you'd like
+A clear and concise description of what you want to happen. Note that this may include some appropriate type of documentation that is lacking or unclear.
+
+#### Describe alternatives you've considered including other security libraries
+A clear and concise description of any alternative solutions or features you've considered.
+
+#### Additional context
+Add any other context or screenshots about the feature request here.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
new file mode 100644
index 000000000..a81c84710
--- /dev/null
+++ b/.github/workflows/maven.yml
@@ -0,0 +1,24 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
new file mode 100644
index 000000000..b263fddf9
--- /dev/null
+++ b/.github/workflows/superlinter.yml
@@ -0,0 +1,26 @@
+name: Super-Linter
+
+# Run this workflow every time a new commit pushed to your repository
+on: push
+
+jobs:
+  # Set the job key. The key is displayed as the job name
+  # when a job name is not provided
+  super-lint:
+    # Name the Job
+    name: Lint code base
+    # Set the type of machine to run on
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checks out a copy of your repository on the ubuntu-latest machine
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # Runs the Super-Linter action and ignore errors
+      - name: Run Super-Linter
+        uses: github/super-linter@v4
+        env:
+          DEFAULT_BRANCH: develop
+          DISABLE_ERRORS: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..a9b3cec31
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,20 @@
+# Eclipse / IntelliJ / Maven / backup editor files
+/target
+/.settings/**
+.classpath
+.java-version
+.project
+*.swp
+*~
+*.iml
+.idea/
+*.iws
+*.eml
+out/
+bin/
+
+# Leftover test files
+ciphertext-portable.ser
+ReferenceEncryptedProperties.test.txt
+test.out
+.DS_Store
diff --git a/.project b/.project
deleted file mode 100644
index b20935afd..000000000
--- a/.project
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>ESAPI_2.0</name>
-	<comment>The Enterprise Security API project is an OWASP project
-		to create simple strong security controls for every web platform.
-		Security controls are not simple to build. You can read about the
-		hundreds of pitfalls for unwary developers on the OWASP website. By
-		providing developers with a set of strong controls, we aim to
-		eliminate some of the complexity of creating secure web applications.
-		This can result in significant cost savings across the SDLC.</comment>
-	<projects>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.eclipse.wst.common.project.facet.core.builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.jdt.core.javabuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.maven.ide.eclipse.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.maven.ide.eclipse.maven2Nature</nature>
-		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-	</natures>
-</projectDescription>
diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs
deleted file mode 100644
index 2655b6477..000000000
--- a/.settings/org.eclipse.core.resources.prefs
+++ /dev/null
@@ -1,3 +0,0 @@
-#Thu Nov 26 01:50:11 HST 2009
-eclipse.preferences.version=1
-encoding/<project>=UTF-8
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
deleted file mode 100644
index 9e33fcc4b..000000000
--- a/.settings/org.eclipse.jdt.core.prefs
+++ /dev/null
@@ -1,6 +0,0 @@
-#Tue May 10 22:28:38 MDT 2011
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
-org.eclipse.jdt.core.compiler.compliance=1.5
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.5
diff --git a/.settings/org.eclipse.wst.common.component b/.settings/org.eclipse.wst.common.component
deleted file mode 100644
index b814064d1..000000000
--- a/.settings/org.eclipse.wst.common.component
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-  <wb-module deploy-name="ESAPI">
-    <wb-resource deploy-path="/" source-path="src/main/java"/>
-    <wb-resource deploy-path="/" source-path="src/main/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/test/java"/>
-        <wb-resource deploy-path="/" source-path="/src/test/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/main/java"/>
-  </wb-module>
-</project-modules>
diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml
deleted file mode 100644
index 613f29cbf..000000000
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<faceted-project>
-  <fixed facet="jst.java"/>
-  <fixed facet="jst.utility"/>
-  <installed facet="jst.utility" version="1.0"/>
-  <installed facet="jst.java" version="5.0"/>
-</faceted-project>
\ No newline at end of file
diff --git a/.settings/org.maven.ide.eclipse.prefs b/.settings/org.maven.ide.eclipse.prefs
deleted file mode 100644
index 310a30006..000000000
--- a/.settings/org.maven.ide.eclipse.prefs
+++ /dev/null
@@ -1,9 +0,0 @@
-#Fri Jul 10 01:10:33 EDT 2009
-activeProfiles=
-eclipse.preferences.version=1
-fullBuildGoals=process-test-resources
-includeModules=false
-resolveWorkspaceProjects=true
-resourceFilterGoals=process-resources resources\:testResources
-skipCompilerPlugin=true
-version=1
diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..79fa52da9
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,2 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.0
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 000000000..e390cfab6
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,17 @@
+language: java
+jdk:
+- oraclejdk7
+env:
+  global:
+    - secure: "aDhH/FBa9CSX3P3UucVJGghHkzHwmw8DhEdklUnb5HI44CpQs5rVNBQLG6ClqrJGl5BEghaHG9mQ0alVrZoqGCR4UA0qhGCmeRyo+SL7z44tHFq/VdWbZJcnSXeq+CzGc4rgkIg2XBrgGKKq5EfUxXjsYQUA/mIslWhnmQtfn0gjiobJkOdGAOJ4RY6cAyTtgNbv8AZg71hnPDusz+F/Somy1GPp2oFW0gAJyOUbDqol6bx8ajTl/+NJkQL9uSlUEGqyeMwXGW0Z901Vbn+Btwl7QtnrSFxOOOlQSUIAFGKTqAt/DzOeKi0Guv5uE4nqR50veOge5StbpgDqTq6a101DYNTyMFeE4plTNKHawnnyMe7v0yTDsnk+PeeSe8hkkdqiRLiBufriVnlzlfQt9TbWfE7aRhy6U0wqvlMvMgOOmXl5+eyLf1CtdRCbWeh2eZFISbD35y8EZbGY/bP33sC8jHlWROtykdMkVzcZ6N+mP+pB+SSqy+5hUMFUCDKyzRoIjHioVJS0S+Ul7CpEeLNKTy23IzO5VSh9dysH+hf+dbdAhgEe/XBEpUxZnV400fww5LW+vAlDpY+QwqdzwpabofTYaRfyRT7nQC3qAgMrQZopqwehdKyOTgpGIKM4lqqsSLz0F/LZ57fUh8DD2sZl2M4VKL6SQ3KPEM+DC/w="
+after_success:
+  - mvn clean cobertura:cobertura coveralls:report
+addons:
+  coverity_scan:
+    project:
+      name: "bkimminich/esapi-java-legacy"
+      description: "OWASP ESAPI 2.x (Legacy) build submitted via Travis CI"
+    notification_email: bjoern.kimminich@owasp.org
+    build_command_prepend: "mvn clean"
+    build_command: "mvn -DskipTests=true compile"
+    branch_pattern: coverity_scan
\ No newline at end of file
diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
new file mode 100644
index 000000000..970efcac1
--- /dev/null
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -0,0 +1,134 @@
+                        Contributing to ESAPI
+
+Getting Started:
+    If you have not already done so, go back and read the section
+    "Contributing to ESAPI legacy" in ESAPI's README.md file. It
+    may contain updates and advice not contained herein.
+
+A Special Note on GitHub Authentication:
+    GitHub has announced that they are deprecating password based authentication
+    using username / password and beginning 2021-08-13, you will no longer be
+    able to your password to authenticate to 'git' operations on GitHub.com.
+    Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
+    for details and plan accordingly.
+
+A Special Note Regarding Making Commits for PRs
+    Shortly after the 2.5.1.0 ESAPI release in late November 2022, the ESAPI
+    team decided to lock down the 'develop' amd 'main' branches. Merges from
+    PRs are done to the 'develop' branch. That means that if you intend to
+    contribute to ESAPI, you must be signing your commits. Please see the
+    GitHub instructions at
+        https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
+    for details.
+
+
+Finding Something Interesting to Work on:
+
+    See the section "Contributing to ESAPI legacy in
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/README.md
+    While you don't *have* to work on something labeled "good first issue"
+    or "help wanted", those are good places to start for someone not yet
+    familiar with the ESAPI code base.
+
+    You will need a account on GitHub though. Once you create one, let us know
+    what it is. Then if you want to work on a particular issue, we can assign
+    it to you so someone else won't take it.
+
+    If you have questions, email Kevin Wall (Kevin.W.Wall@gmail.com) or Matt
+    Seil (xeno6696@gmail.com).
+
+Overview:
+    We are following the branching model described in
+        https://nvie.com/posts/a-successful-git-branching-model
+    If you are unfamiliar with it, you would be advised to give it a quick
+    perusal. The major point is that the 'main' (formerly 'master') branch is
+    reserved for official releases (which will be tagged), the 'develop' branch
+    is used for ongoing development work and is the default branch, and we
+    generally work off 'issue' branches named 'issue-#' where # is the GitHub
+    issue number. (The last is not an absolute requirement, but rather a
+    suggested approach.)
+
+    Finally, we recommend setting the git property 'core.autocrlf' to 'input'
+    in your $HOME/.gitconfig file; e.g., that file should contain something
+    like this:
+
+        [core]
+            autocrlf = input
+
+Required Software:
+    We use Maven for building. Maven 3.3.9 or later is required. You also need
+    JDK 8 or later. [Note: If you use JDK 9 or later, there will be multiple
+    failures when you try to run 'mvn test' as well as some general warnings.
+    See ESAPI GitHub issue #496 for details. We welcome volunteers to address
+    this.]
+
+Building ESAPI:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Building-ESAPI briefly discusses how to
+    build ESAPI via Maven.
+
+    Also https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-for-Java-with-Eclipse
+    describes how to use ESAPI with Eclipse and
+    https://www.owasp.org/index.php/ESAPI-BuildingWithEclipse is a very old
+    overview of how to build ESAPI in Eclipse.
+
+    As always, any contributions to ESAPI's admittedly skimpy documentation
+    in this area is welcome.
+
+Steps to work with ESAPI:
+    I usually do everything from the bash command prompt in Linux Mint,
+    but other people use Windows. If you prefer an IDE, I can't help you
+    much, but I can help with at least modest problems. If you have more
+    difficult problems, I will probably refer you to my project co-leader,
+    Matt who groks git a lot better than I.
+
+    But the basic high level steps are:
+    1. Fork https://github.com/ESAPI/esapi-java-legacy to your own GitHub
+       repository using the GitHub web site.
+    2. On your local laptop, clone your own GitHub ESAPI repo (i.e, the
+       forked repo created in previous step)
+    3. Create a new branch to work on an issue. I usually name the branch
+       'issue-#' where '#' is the GitHub issue # is will be working on, but
+       you can call it whatever. E.g.,
+            git checkout -b issue-#
+    4. Work on the GitHub issue on this newly created issue-# branch. Be sure
+       that you also create new JUnit tests as required that confirm that the
+       issue is corrected, or if you are introducing new functionality, ensure
+       that functionality is sufficiently covered.
+    5. Make sure everything builds correctly and all the JUnit tests pass
+       ('mvn test'). [Note: There are some known issues with test failures if
+       your are running under Windows and your local ESAPI Git repo located
+       anywhere other than the C: drive, where the test
+       ValidatorTest.testIsValidDirectoryPath() fails. Also, if you are using
+       JDK 7 on Mac-OS, there is one know test failure in
+       SecurityProviderLoaderTest.testWithBouncyCastle(). That same test works
+       with JDK 8.]
+    6. If you have added any dependencies, please also run
+            mvn org.owasp:dependency-check-maven:check
+       to run OWASP Dependency-Check and look at the generated report
+       left in 'target/dependency-check-report.html' to make sure there
+       were not any CVEs introduced. (Alternately you can run 'mvn verify'
+       which will first run the tests and then run Dependency-Check.) Note
+       if this is the first time you have run Dependency-Check for ESAPI,
+       expect it to take a while (often 30 minutes or so!).
+    7. Commit your changes locally.
+    8. Push your 'issue-#' branch to your personal, forked ESAPI GitHub repo. E.g.,
+            $ git checkout issue-444
+            $ git remote -v | grep origin       # Confirm 'origin' refers to YOUR PERSONAL GitHub repo
+            $ git push origin issue-444         # Push the committed changes on the 'issue-444' branch
+    9. Go to your personal, forked ESAPI GitHub repo (web interface) and create a
+       'Pull Request' (PR) from your 'issue-#' branch.
+   10. Back on your local personal laptop / desktop, merge your issue branch with
+       your local 'develop' branch. I.e.,
+            $ git checkout develop
+            $ git merge issue-444
+   11. Do not remove your branch on your forked repository until your PR from your
+       branch has been merged into the ESAPI/esapi-java/legacy 'develop' branch.
+       Note at least one the 3 main contributors on will review your commits before
+       merging them and they may do a formal code review and request further changes.
+       Once they are satisfied, they will merge your PR.
+
+In theory, you can do all this 'git' magic from Eclipse and presumably other
+IDEs like Oracle NetBeans or IntelliJ IDEA). From Eclipse, it is right-click
+on the project and then select 'Team' to do the commits, etc. If you choose that
+route, you're pretty much on your own because none of us use that for Git
+interactions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..4c095cb35
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,118 @@
+# Contributing to ESAPI -- Details
+
+## Getting Started
+If you have not already done so, go back and read the section
+"[Contributing to ESAPI legacy](https://github.com/ESAPI/esapi-java-legacy/blob/develop/README.md#contributing-to-esapi-legacy)" in ESAPI's README.md file. It
+may contain updates and advice not contained herein.
+
+### A Special Note on GitHub Authentication
+GitHub has announced that they are deprecating password based authentication
+using username / password and beginning 2021-08-13, you will no longer be
+able to your password to authenticate to 'git' operations on GitHub.com.
+Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
+for details and plan accordingly.
+
+### A Special Note Regarding Making Commits for PRs
+Shortly after the 2.5.1.0 ESAPI release in late November 2022, the ESAPI
+team decided to lock down the 'develop' amd 'main' branches. Merges from
+PRs are done to the 'develop' branch. That means that if you intend to
+contribute to ESAPI, you must be signing your commits. Please see the
+GitHub instructions at
+        https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
+for details.
+
+### Git Branching Model
+We are following the branching model described in
+        https://nvie.com/posts/a-successful-git-branching-model
+If you are unfamiliar with it, you would be advised to give it a quick
+perusal. The major point is that the 'main' (formerly 'master') branch is
+reserved for official releases (which will be tagged), the 'develop' branch
+is used for ongoing development work and is the default branch, and we
+generally work off 'issue' branches named 'issue-#' where # is the GitHub
+issue number. (The last is not an absolute requirement, but rather a
+suggested approach.)
+
+Finally, we recommend setting the git property 'core.autocrlf' to 'input'
+in your $HOME/.gitconfig file; e.g., that file should contain something
+like this:
+
+    [core]
+        autocrlf = input
+
+
+### Required Software
+We use Maven for building. Maven 3.6.3 or later is required. You also need
+JDK 8 or later. [Note: If you use JDK 9 or later, there will be multiple
+failures when you try to run 'mvn test' as well as some general warnings.
+See [ESAPI GitHub issue #496](https://github.com/ESAPI/esapi-java-legacy/issues/496) for details. We welcome volunteers to address
+this.]
+## Finding Something Interesting to Work on
+
+See the section [Contributing to ESAPI Legacy](https://github.com/ESAPI/esapi-java-legacy/blob/develop/README.md#contributing-to-esapi-legacy)
+in the ESAPI README for suggestions. While you don't *have* to work on something labeled "good first issue"
+or "help wanted", those are good places to start for someone not yet familiar with the ESAPI code base.
+
+You will need a account on GitHub though. Once you create one, let us know
+what it is. Then if you want to work on a particular issue, we can assign
+it to you so someone else won't take it.
+
+If you have questions, email Kevin Wall (Kevin.W.Wall@gmail.com) or Matt
+Seil (xeno6696@gmail.com).
+
+
+## Building ESAPI
+See our local GitHub wiki page, [Building ESAPI](https://github.com/ESAPI/esapi-java-legacy/wiki/Building-ESAPI),
+which briefly discusses how to build ESAPI via Maven.
+
+You can also refer to [Using ESAPI for Java with Eclipse](https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-for-Java-with-Eclipse)
+if you prefer working from IDEs. There is also a much older ESAPI wiki page,
+[Building with Eclipse](https://www.owasp.org/index.php/ESAPI-BuildingWithEclipse)
+that might be useful.
+
+As always, any contributions to ESAPI's admittedly skimpy documentation in this area is welcome.
+In particular, contributing some hints about debugging applications using ESAPI
+would be very useful to our ESAPI clients.
+
+## Steps to work with ESAPI
+I usually do everything from the bash command prompt in Linux Mint,
+but other people use Windows. If you prefer an IDE, I can't help you
+much, but I can help with at least modest problems. If you have more
+difficult problems, I will probably refer you to my project co-leader,
+Matt who groks git a lot better than I.
+
+But the basic high level steps are:
+
+1. Fork https://github.com/ESAPI/esapi-java-legacy to your own GitHub repository using the GitHub web site.
+2. On your local laptop, clone your own GitHub ESAPI repo (i.e, the forked repo created in previous step)
+3. Create a new branch to work on an issue. I usually name the branch 'issue-#' where '#' is the GitHub issue # is will be working on, but you can call it whatever. E.g.,
+   ```bash
+        $ git checkout -b issue-#
+   ```
+4. Work on the GitHub issue on this newly created issue-# branch. Be sure that you also create new JUnit tests as required that confirm that the issue is corrected, or if you are introducing new functionality, ensure
+   that functionality is sufficiently covered.
+5. Make sure everything builds correctly and all the JUnit tests pass ('mvn test'). [Note: There are some known issues with test failures if your are running under Windows and your local ESAPI Git repo located anywhere other than the C: drive, where the test `ValidatorTest.testIsValidDirectoryPath()` fails. 
+6. If you have added any dependencies, please also run OWASP Dependency-Check and look at the generated report left in 'target/dependency-check-report.html' to make sure there were not any CVEs introduced. (Alternately you can run 'mvn verify' which will first run the tests and then run Dependency-Check.) Note if this is the first time you have run Dependency-Check for ESAPI, expect it to take a while (often 30 minutes or so!). To execute Dependency Check from Maven, run:
+   ```bash
+        $ mvn org.owasp:dependency-check-maven:check
+   ```
+7. Commit your changes locally.
+8. Push your 'issue-#' branch to your personal, forked ESAPI GitHub repo. E.g.,
+   ```bash
+        $ git checkout issue-444
+        $ git remote -v | grep origin       # Confirm 'origin' refers to YOUR PERSONAL GitHub repo
+        $ git push origin issue-444         # Push the committed changes on the 'issue-444' branch
+   ```
+9. Go to your personal, forked ESAPI GitHub repo (web interface) and create a 'Pull Request' (PR) from your 'issue-#' branch.
+10. Back on your local personal laptop / desktop, merge your issue branch with your local 'develop' branch. I.e.,
+        $ git checkout develop
+        $ git merge issue-444
+11. Do not remove your branch on your forked repository until your PR from your branch has been merged into the ESAPI/esapi-java/legacy 'develop' branch.
+   Note at least one the 3 main contributors on will review your commits before
+   merging them and they may do a formal code review and request further changes.
+   Once they are satisfied, they will merge your PR.
+
+In theory, you can do all this 'git' magic from Eclipse and presumably other
+IDEs like Oracle NetBeans or JetBrains IntelliJ IDEA. From Eclipse, it is right-click
+on the project and then select 'Team' to do the commits, etc. If you choose that
+route, you're pretty much on your own because none of us use that for Git
+interactions.
diff --git a/LICENSE b/LICENSE
index 5d0f11c51..20c1657fa 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,12 +1,12 @@
-The BSD License
-
-Copyright (c) 2007, The OWASP Foundation
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 
-Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 
-Neither the name of the OWASP Foundation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
+The BSD License
+
+Copyright (c) 2007, The OWASP Foundation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 
+Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 
+Neither the name of the OWASP Foundation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/LICENSE-CONTENT b/LICENSE-CONTENT
index 9d154ce74..b5b0f5e05 100644
--- a/LICENSE-CONTENT
+++ b/LICENSE-CONTENT
@@ -1,78 +1,78 @@
-Creative Commons
-Creative Commons Legal Code
-Attribution-ShareAlike 3.0 Unported
-
-    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. 
-
-License
-
-THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
-
-BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
-
-1. Definitions
-
-   1. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License.
-   2. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined below) for the purposes of this License.
-   3. "Creative Commons Compatible License" means a license that is listed at http://creativecommons.org/compatiblelicenses that has been approved by Creative Commons as being essentially equivalent to this License, including, at a minimum, because that license: (i) contains terms that have the same purpose, meaning and effect as the License Elements of this License; and, (ii) explicitly permits the relicensing of adaptations of works made available under that license under this License or a Creative Commons jurisdiction license with the same License Elements as this License.
-   4. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership.
-   5. "License Elements" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, ShareAlike.
-   6. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License.
-   7. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast.
-   8. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work.
-   9. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation.
-  10. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images.
-  11. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium.
-
-2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws.
-
-3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:
-
-   1. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections;
-   2. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified.";
-   3. to Distribute and Publicly Perform the Work including as incorporated in Collections; and,
-   4. to Distribute and Publicly Perform Adaptations.
-   5.
-
-      For the avoidance of doubt:
-         1. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License;
-         2. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and,
-         3. Voluntary License Schemes. The Licensor waives the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License.
-
-The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved.
-
-4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions:
-
-   1. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(c), as requested.
-   2. You may Distribute or Publicly Perform an Adaptation only under the terms of: (i) this License; (ii) a later version of this License with the same License Elements as this License; (iii) a Creative Commons jurisdiction license (either this or a later license version) that contains the same License Elements as this License (e.g., Attribution-ShareAlike 3.0 US)); (iv) a Creative Commons Compatible License. If you license the Adaptation under one of the licenses mentioned in (iv), you must comply with the terms of that license. If you license the Adaptation under the terms of any of the licenses mentioned in (i), (ii) or (iii) (the "Applicable License"), you must comply with the terms of the Applicable License generally and the following provisions: (I) You must include a copy of, or the URI for, the Applicable License with every copy of each Adaptation You Distribute or Publicly Perform; (II) You may not offer or impose any terms on the Adaptation that restrict the terms of the Applicable License or the ability of the recipient of the Adaptation to exercise the rights granted to that recipient under the terms of the Applicable License; (III) You must keep intact all notices that refer to the Applicable License and to the disclaimer of warranties with every copy of the Work as included in the Adaptation You Distribute or Publicly Perform; (IV) when You Distribute or Publicly Perform the Adaptation, You may not impose any effective technological measures on the Adaptation that restrict the ability of a recipient of the Adaptation from You to exercise the rights granted to that recipient under the terms of the Applicable License. This Section 4(b) applies to the Adaptation as incorporated in a Collection, but this does not require the Collection apart from the Adaptation itself to be made subject to the terms of the Applicable License.
-   3. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and (iv) , consistent with Ssection 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties.
-   4. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise.
-
-5. Representations, Warranties and Disclaimer
-
-UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
-
-6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-7. Termination
-
-   1. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License.
-   2. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above.
-
-8. Miscellaneous
-
-   1. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License.
-   2. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License.
-   3. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
-   4. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent.
-   5. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You.
-   6. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law.
-
-    Creative Commons Notice
-
-    Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor.
-
-    Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of the License.
-
-    Creative Commons may be contacted at http://creativecommons.org/.
-
+Creative Commons
+Creative Commons Legal Code
+Attribution-ShareAlike 3.0 Unported
+
+    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. 
+
+License
+
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
+
+BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
+
+1. Definitions
+
+   1. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License.
+   2. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined below) for the purposes of this License.
+   3. "Creative Commons Compatible License" means a license that is listed at http://creativecommons.org/compatiblelicenses that has been approved by Creative Commons as being essentially equivalent to this License, including, at a minimum, because that license: (i) contains terms that have the same purpose, meaning and effect as the License Elements of this License; and, (ii) explicitly permits the relicensing of adaptations of works made available under that license under this License or a Creative Commons jurisdiction license with the same License Elements as this License.
+   4. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership.
+   5. "License Elements" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, ShareAlike.
+   6. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License.
+   7. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast.
+   8. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work.
+   9. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation.
+  10. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images.
+  11. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium.
+
+2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws.
+
+3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:
+
+   1. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections;
+   2. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified.";
+   3. to Distribute and Publicly Perform the Work including as incorporated in Collections; and,
+   4. to Distribute and Publicly Perform Adaptations.
+   5.
+
+      For the avoidance of doubt:
+         1. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License;
+         2. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and,
+         3. Voluntary License Schemes. The Licensor waives the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License.
+
+The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved.
+
+4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions:
+
+   1. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(c), as requested.
+   2. You may Distribute or Publicly Perform an Adaptation only under the terms of: (i) this License; (ii) a later version of this License with the same License Elements as this License; (iii) a Creative Commons jurisdiction license (either this or a later license version) that contains the same License Elements as this License (e.g., Attribution-ShareAlike 3.0 US)); (iv) a Creative Commons Compatible License. If you license the Adaptation under one of the licenses mentioned in (iv), you must comply with the terms of that license. If you license the Adaptation under the terms of any of the licenses mentioned in (i), (ii) or (iii) (the "Applicable License"), you must comply with the terms of the Applicable License generally and the following provisions: (I) You must include a copy of, or the URI for, the Applicable License with every copy of each Adaptation You Distribute or Publicly Perform; (II) You may not offer or impose any terms on the Adaptation that restrict the terms of the Applicable License or the ability of the recipient of the Adaptation to exercise the rights granted to that recipient under the terms of the Applicable License; (III) You must keep intact all notices that refer to the Applicable License and to the disclaimer of warranties with every copy of the Work as included in the Adaptation You Distribute or Publicly Perform; (IV) when You Distribute or Publicly Perform the Adaptation, You may not impose any effective technological measures on the Adaptation that restrict the ability of a recipient of the Adaptation from You to exercise the rights granted to that recipient under the terms of the Applicable License. This Section 4(b) applies to the Adaptation as incorporated in a Collection, but this does not require the Collection apart from the Adaptation itself to be made subject to the terms of the Applicable License.
+   3. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and (iv) , consistent with Ssection 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties.
+   4. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise.
+
+5. Representations, Warranties and Disclaimer
+
+UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
+
+6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+7. Termination
+
+   1. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License.
+   2. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above.
+
+8. Miscellaneous
+
+   1. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License.
+   2. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License.
+   3. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
+   4. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent.
+   5. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You.
+   6. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law.
+
+    Creative Commons Notice
+
+    Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor.
+
+    Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of the License.
+
+    Creative Commons may be contacted at http://creativecommons.org/.
+
diff --git a/LICENSE-README b/LICENSE-README
index e7295e13e..6968b1478 100644
--- a/LICENSE-README
+++ b/LICENSE-README
@@ -1,7 +1,7 @@
-Please note that:
-
-1) The LICENSE file only refers to the licensing of the source and binary code of ESAPI. 
-   For example, the actual ESAPI JAR file is only licensed under "The BSD License".
-   
-2) The LICENSE-CONTENT file only refers to the licensing of the content and documentation of ESAPI. 
+Please note that:
+
+1) The LICENSE file only refers to the licensing of the source and binary code of ESAPI. 
+   For example, the actual ESAPI JAR file is only licensed under "The BSD License".
+   
+2) The LICENSE-CONTENT file only refers to the licensing of the content and documentation of ESAPI. 
    For example, the documentation directory is only licensed under the Creative Commons/ShareAlike 3.0 Unported license.
\ No newline at end of file
diff --git a/README.md b/README.md
index e4c8a3e3b..0c31f1de1 100644
--- a/README.md
+++ b/README.md
@@ -1,38 +1,262 @@
 Enterprise Security API for Java (Legacy)
 =================
-<table border=0>
+
+[![Build Status](https://travis-ci.org/bkimminich/esapi-java-legacy.svg?branch=master)](https://travis-ci.org/bkimminich/esapi-java-legacy)
+[![Coverage Status](https://coveralls.io/repos/github/bkimminich/esapi-java-legacy/badge.svg?branch=develop)](https://coveralls.io/github/bkimminich/esapi-java-legacy?branch=develop)
+[![Coverity Status](https://scan.coverity.com/projects/8517/badge.svg)](https://scan.coverity.com/projects/bkimminich-esapi-java-legacy)
+[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/137/badge)](https://bestpractices.coreinfrastructure.org/projects/137)
+
+<table border=10>
 <tr>
 <td>
-OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
+OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
 </td>
 </tr>
 </table>
 
-<b>What does Legacy mean?</b><br/>
-<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.
+# Jakarta EE Support
+**IMPORTANT:**
+ESAPI has supported the Jakarta Servlet API (i.e., **jakarta.servlet.api**) since release
+2.5.3.0.  (Unfortunately, this information was previously missing in this **README** file.)
+
+Therefore, for release 2.5.3.0 and later versions of ESAPI, ESAPI ought to be able to support Spring Boot 3, Spring 6, Tomcat 10,
+and other applications or libraries requiring Jarkata EE. (If you find a case where it does
+not, please file a GitHub issue for it.)
+
+The ESAPI jar file supporting Jakarta will be named esapi-_version_-jakarta.jar. To use that
+specific Jakarta version of ESAPI, in Maven, you would specify your ESAPI dependency in your
+**pom.xml** as:
+```xml
+<dependency>
+    <groupId>org.owasp.esapi</groupId>
+    <artifactId>esapi</artifactId>
+    <version>2.7.0.0</version>  <!-- Preferably the latest version, but > 2.5.3.0 -->
+    <classifier>jakarta</classifier>
+</dependency>
+```
+(or any other version later than 2.5.3.0). Thanks to Jonathon Putney for creating a PR to
+fix this. There is a long discussion in GitHub Discussion [#768](https://github.com/ESAPI/esapi-java-legacy/discussions/768)
+where this was first announced, for those of you have insomnia or really long attention
+spans and are interested in the approaches that were tried.
+
+Of course, ESAPI also still continues to support the older Java EE Servlet API (i.e., **javax.servlet** namespace) as well. In
+fact, without the
+```xml
+<classifier>jakarta</classifier>
+```
+that's the version that will be used by default.
+
+
+# A word about ESAPI vulnerabilities
+A summary of all the vulnerabilities that we have written about in either the
+ESAPI Security Bulletins or in the GitHub Security Advisories may be found
+in this [Vulnerability Summary](https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md).
+It is too lengthy, and if you are using the latest available ESAPI version--generally not relevant--to
+place in this **README** file.
+
+# Where are the OWASP ESAPI wiki pages?
+You can find the official OWASP ESAPI Project wiki pages at
+[https://owasp.org/www-project-enterprise-security-api/](https://owasp.org/www-project-enterprise-security-api/).
+The ESAPI legacy GitHub repo also has several useful [wiki pages](https://github.com/ESAPI/esapi-java-legacy/wiki).
+
+# What does Legacy mean?
+This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however significant *new* **feature development** for this branch will *not* be done. Features that have already been scheduled for the 2.x branch will move forward.
+Development for the "next generation" of ESAPI (starting with ESAPI 3.0), will be done at the
+GitHub repository at [https://github.com/ESAPI/esapi-java](https://github.com/ESAPI/esapi-java).
+
+**IMPORTANT NOTES:**
+* The default branch for ESAPI legacy is the 'develop' branch (rather than the 'main' (formerly 'master') branch), where future development, bug fixes, etc. are now being done. The 'main' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.5.3.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
+* Also, the *minimal* baseline Java version to use ESAPI is now Java 8. (This was changed from Java 7 during the 2.4.0.0 release.)
+* Support was dropped for Log4J 1 during ESAPI 2.5.0.0 release. If you need it, configure it via SLF4J. See  the
+  [2.5.0.0 release notes](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.0.0-release-notes.txt)
+for details.
+
+# Where can I find ESAPI 3.x?
+As mentioned above, you can find it at [https://github.com/ESAPI/esapi-java](https://github.com/ESAPI/esapi-java).
+
+Note however that work on ESAPI 3 has not yet begun in earnest and is only
+in its earliest planning stages. Even the code that is presently there
+will likely change.
+
+# ESAPI Release Notes
+The ESAPI release notes may be found in ESAPI's "documentation" directory. They are generally named "esapi4java-core-*2.#.#.#*-release-notes.txt", where "*2.#.#.#*" refers to the ESAPI release number (which uses semantic versioning).
+
+See the GitHub [Releases](https://github.com/ESAPI/esapi-java-legacy/releases) information for a list of releases which generally
+link to the specific release notes.
+
+### Really IMPORTANT information in release notes - Ignore at your peril
+* Starting with ESAPI 2.2.1.0, important details changed reading the ESAPI
+  Logger. If you have are getting things like ClassNotFoundException, you
+  probably have not read it. Please be sure to read this specific section
+  of the
+  [2.2.1.0 release notes](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.0-release-notes.txt#L128-L155)
+* Starting with ESAPI 2.2.3.0, ESAPI is using a version of AntiSamy that by default includes 'slf4j-simple' and
+  does XML schema validation on the AntiSamy policy files. Please **READ** this
+  section from the
+  [2.2.3.0 release notes](https://github.com/ESAPI/esapi-java-legacy/blob/1312102e79d4ed98d1396f5c56e12f437534d62b/documentation/esapi4java-core-2.2.3.0-release-notes.txt#L22-L34)
+  (at least the beginning portion) for some important notes that likely will affect your use of ESAPI! You have been warned!!!
+* ESAPI 2.3.0.0 is the last release to support Java 7 as the minimal JDK.
+  Starting with release 2.4.0.0, Java 8 or later is required.
+* Starting with ESAPI 2.5.4.0, if you were using ESAPI's default logger, JUL
+  (i.e., you had the property **ESAPI.Logger** set to "org.owasp.esapi.logging.java.JavaLogFactory"),
+  then you must remove (or rename) the old ESAPI configuration file **esapi-java-logger.properties**.
+  Failure to do so will cause ESAPI to throw a `ConfigurationException`, thereby
+  preventing your application from starting. For important additional details, please see
+  the ESAPI GitHub Discussion https://github.com/ESAPI/esapi-java-legacy/discussions/841.
+
+# Locating ESAPI Jar files
+The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.7.0.0.
+All the *regular* ESAPI jars, with the exception of the ESAPI configuration
+jar (i.e., esapi-2.#.#.#-configuration.jar) and its associated detached
+GPG signature, are available from Maven Central. The ESAPI configuration
+jars are linked under the 'Assets' section to each of the specific
+ESAPI releases under the
+GitHub [Releases page](https://github.com/ESAPI/esapi-java-legacy/releases).
+
+
+However, **before** you start a *new* project using ESAPI, but sure to read "[Should I use ESAPI?](https://owasp.org/www-project-enterprise-security-api/#div-shouldiuseesapi)".
+
+# ESAPI Deprecation Policy
+Unless we unintentionally screw-up, our intent is to keep classes, methods,
+and/or fields which have been annotated as "@deprecated" for a
+minimum of two (2) years or until the next major release number (e.g.,
+3.x as of now), which ever comes first, before we remove them. Note
+that this policy does not apply to classes under
+the **org.owasp.esapi.reference** package. You generally are not expected
+to be using such classes directly in your code. At the ESAPI team's discretion,
+it will also not apply for any known exploitable vulnerabilities for which
+no available workaround exists.
+
+## Exceptions to Deprecation Policy
+We will make some exceptions to the normal 2 year period. In particular, in the
+cases were we believe that keeping a specific deprecated class or method around
+can introduce security issues (generally because many of you have a habit of
+completely ignoring deprecation warnings), we sometimes will shorten that 2 year
+period. When we decide to do that, we will announce that as part of the
+deprecation message.
+
+## Log4J 1.x Removal
+**IMPORTANT NOTES:** As of ESAPI 2.5.0.0, all the Log4J 1.x related code
+has been removed from the ESAPI code base (with the exception of some
+references in documentation). If you must, you still should be able to
+use Log4J 1.x logging via ESAPI SLF4J support. See the ESAPI 2.5.0.0 release
+notes for further details.
+
+# Quickstart - Maven Example
+### Step 1: Add the required dependencies.
+See https://mvnrepository.com/artifact/org.owasp.esapi/esapi/latest, the tab for
+whatever build tool you are using. If you need the Jakarta version, make sure to
+add
+```xml
+    <classifier>jakarta</classifier>
+```
+and include whatever jakara.servlet:jakarta.servlet-api version you are using with
+```xml
+    <scope>provided</scope>
+```
+### Step 2: Obtain the 2 properties files ESAPI.properties and validation.properties
+1. Download these 2 files from the ESAPI release that you are using from https://github.com/ESAPI/esapi-java-legacy/releases
+   and download the esapi-<release>-configuration.jar file (and the .asc file if you wish to confirm the GPG signature).
+2. Unjar that configuration file that you just downloaded and find the 2
+   properties files under the "configuration/esapi" subdirectory where you
+   unjarred the config jar.
+3. Read through Javadoc for [DefaultSecurityConfiguration](https://javadoc.io/static/org.owasp.esapi/esapi/2.5.4.0/org/owasp/esapi/reference/DefaultSecurityConfiguration.html)
+   to understand the ways that ESAPI locates these files and then use the mechanism that works best for you. Copy the 2 properties
+   files from the 'configuration/esapi' directory to the directory where you
+   choose to have them reside. Note that you may also edit them to customize
+   them according to your needs.
+
+# Contributing to ESAPI legacy
+### How can I contribute or help with fix bugs?
+Fork and submit a pull request! Easy as pi! (How's that for an irrational
+statement, you math nerds? :) We generally only accept bug fixes, not
+new features because as a legacy project, we don't intend on adding new
+features that we will have to maintain long term (although we may make
+exceptions; see the 'New Features' section in this **README**). If
+you are interesting in doing bug fixes though, the best place to start is the
+[CONTRIBUTING-TO-ESAPI.txt](https://github.com/ESAPI/esapi-java-legacy/blob/develop/CONTRIBUTING-TO-ESAPI.txt)
+
+If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'good first issue'. (E.g., to find all open issues with that label, use [https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22](https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).)
+
+Again, please find additional important details in the file
+'[CONTRIBUTING-TO-ESAPI.txt](https://github.com/ESAPI/esapi-java-legacy/blob/develop/CONTRIBUTING-TO-ESAPI.txt)',
+which will also describe the tool requirements.
+
+#### Want to report an issue?
+If you have found a bug, then create an issue on the esapi-legacy-java repo at [https://github.com/ESAPI/esapi-java-legacy/issues](https://github.com/ESAPI/esapi-java-legacy/issues)
+As of May 11, 2022, we switched back to using (GitHub) issue templates. (We previously used issue templates when our source code repository was still on Google Code.) You can read more about our issue templates in this brief
+[announcement](https://github.com/ESAPI/esapi-java-legacy/discussions/700).
+
+NOTE: Please do **NOT** use GitHub issues to ask questions about ESAPI.
+If you wish to ask questions, instead, post to either of the 2 mailing
+lists (now on Google Groups) found the References section at the bottom
+of this page. If we find questions posted as GitHub issues, we simply will
+close them and direct you to do this anyhow. Alternately you may use the new
+[Q&A](https://github.com/ESAPI/esapi-java-legacy/discussions/categories/q-a) section of our GitHub
+[Discussions](https://github.com/ESAPI/esapi-java-legacy/discussions) page to ask questions.
+
+When reporting an issue or just asking a question, please be clear and try
+to ensure that the ESAPI development team has sufficient information to be
+able to reproduce your results or to understand your question. If you have
+not already done so, this might be a good time to read Eric S. Raymond's classic
+"[How to Ask Questions the Smart Way](http://www.catb.org/esr/faqs/smart-questions.html)"
+before posting your issue.
+
+#### Find a Vulnerability?
+If believe you have found a vulnerability in ESAPI legacy, for the sake of the
+ESAPI community, please practice Responsible Disclosure. (Note: We will be sure
+you get credit and will work with you to create a GitHub Security Advisory, and
+if you so choose, to pursue filing a CVE via the GitHub CNA.)
+
+You are of course encouraged to first search our GitHub issues list (see above)
+to see if it has already been reported. If it has not, then please contact
+both Kevin W. Wall (kevin.w.wall at gmail.com) and
+Matt Seil (matt.seil at owasp.org) directly. Please do not report
+vulnerabilities via GitHub issues or via the ESAPI mailing lists as
+we wish to keep our users secure while a patch is implemented and
+deployed. If you wish to be acknowledged for finding the vulnerability,
+then please follow this process. Also, when you post the email describing
+the vulnerability, please do so from an email address that you usually
+monitor.
 
-<b>Where can I find ESAPI 3.x</b><br/>
-https://github.com/ESAPI/esapi-java
+More detail is available in the file
+'[SECURITY.md](https://github.com/ESAPI/esapi-java-legacy/blob/develop/SECURITY.md)'.
+https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/blob/develop/SECURITY.md)'.
 
-<b>How can I contribute or fix bugs?</b><br/>
-Fork and submit a pull request! Simple as pi!
+### New Features
+If you wish to propose a new feature, the best place to discuss it is via
+new 'Discussions' board, probably under
+'[Ideas](https://github.com/ESAPI/esapi-java-legacy/discussions/categories/ideas)',
+or on the ESAPI-DEV mailing list mentioned below under the References section.
+As mentioned previously, we generally are not considering new features
+for ESAPI 2.x. This is because:
+- ESAPI is already too monolithic and has too many dependencies for its size.
+- We are trying to wind down support of ESAPI 2.x and get ESAPI 3.0 going so any
+  resources we throw at ESAPI 2.x will slow down that goal.
 
-<b>What happened to Google code?</b><br/>
-In mid-2014 ESAPI Migrated all code to GitHub, in November we started using JIRA/Confluence. 
+That said, if you believe you have an idea for an additional simple feature that
+does not pull in any additional 3rd party libraries, toss it out there for
+discussion or even show us how it works with a PR. (Note that we vet all pull
+requests, including coding style of any contributions, so please use the same
+coding style found in the files you are already editing.)
 
-<b>What about the issues still located on Google Code</b><br/>
-We will be migrating the issues from Google Code to JIRA as time allows, in the meantime - if you would like to work on a Google Code issue, please create a new issue in JIRA and reference the Google Code issue in the issue Description.
+# References: Where to Find More Information on ESAPI
+**OWASP Wiki:** https://owasp.org/www-project-enterprise-security-api/
 
-Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
+**GitHub ESAPI Wiki:** https://github.com/ESAPI/esapi-java-legacy/wiki
 
-Nightly Build: https://esapi.ci.cloudbees.com
+**General Documentation:** Under the '[documentation](https://github.com/ESAPI/esapi-java-legacy/tree/develop/documentation)' folder.
 
-JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG
+**OWASP Slack Channel:** [#owasp-esapi](https://owasp.slack.com/archives/CQ2ET27AN)
 
-Documentation: https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon)
+**GitHub Discussions:** [Discussions](https://github.com/ESAPI/esapi-java-legacy/discussions) - Not a lot there yet, but we only started this on May 11, 2022.
 
-Realtime Support available on our IRC Channel:<br/>
-Server: irc.freenode.net<br/>
-Channel: #esapi<br/>
-Webchat http://webchat.freenode.net/
+**Mailing lists:**
+* As of 2019-03-25, ESAPI's 2 mailing lists were officially moved OFF of their Mailman mailing lists to a new home on Google Groups.
+* The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to *after* you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join)" respectively.
+* Old archives for the old Mailman mailing lists for ESAPI-Users and ESAPI-Dev are still available at https://lists.owasp.org/pipermail/esapi-users/ and https://lists.owasp.org/pipermail/esapi-dev/ respectively.
+* For a general overview of Google Groups and its web interface, see [https://groups.google.com/forum/#!overview](https://groups.google.com/forum/#!overview)
+* For assistance subscribing and unsubscribing to Google Groups, see [https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593](https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593).
 
+----------
+OWASP is a registered trademark of the OWASP Foundation, Inc.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..c551662fc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,57 @@
+# Security Policy
+
+In general, because the ESAPI core development is so small (3 people, all
+working full time jobs), we can only support the latest version of ESAPI.
+If you are locked in to some previous version and are unable to upgrade
+to the latest version, perhaps one or more of us might consider back-porting
+a patch (especially if it is the only way to address an ESAPI vulnerability),
+but if it is anything but trivial, we would charge a TBD consulting fee.
+
+## Supported Versions
+
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.7.0.0 (latest) | :white_check_mark: |
+| 2.1.0.1-2.6.2.0 | :x:, upgrade to latest release |
+| <= 1.4.x  | :x:, no longer supported AT ALL |
+
+## Reporting a Vulnerability
+
+If you believe that you have found a vulnerability in ESAPI, first please search the
+GitHut issues list (for both open and closed issues) to see if it has already been reported.
+
+If it has not, then please contact **both** of the project leaders, Kevin W. Wall
+(kevin.w.wall at gmail.com) and Matt Seil (matt.seil at owasp.org) _directly_.
+Please do **not** report any suspected vulnerabilities via GitHub issues
+or via the ESAPI mailing lists as we wish to keep our users secure while a patch
+is implemented and deployed. This is because if this is reported as a GitHub
+issue or posted to either ESAPI mailing list, it more or less is equivalent to
+dropping a 0-day on all applications using ESAPI. Instead, we encourage
+responsible disclosure.
+
+If you wish to be acknowledged for finding the vulnerability, then please follow
+this process. One of the 2 ESAPI project leaders will try to contact you within
+at least 5 business days, so when you post the email describing the
+vulnerability, please do so from an email address that you usually monitor.
+If you eventually wish to have it published as a CVE, we will also work with you
+to ensure that you are given proper credit with MITRE and NIST. Even if you do
+not wish to report the vulnerability as a CVE, we will acknowledge you when we
+create a GitHub issue (once the issue is patched) as well as acknowledging you
+in any security bulletin that we may write up and use to notify our users. (If you wish
+to have your identity remain unknown, or perhaps you email address, we can work
+with you on that as well.)
+
+If possible, provide a working proof-of-concept or at least minimally describe
+how it can be exploited in sufficient details that the ESAPI development team
+can understand what needs to be done to fix it. Unfortunately at this time, we
+are not in a position to pay out bug bounties for vulnerabilities.
+
+Eventually, we would like to have BugCrowd handle this, but that's still a ways off.
+
+## ESAPI Security Bulletins and GitHub Security Advisories
+
+There are some ESAPI security bulletins published in the "documentation" directory on GitHub.
+GitHub also has published some Security Advisories for ESAPI.
+For details, see [Vulnerability Summary](https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md).
+
diff --git a/Vulnerability-Summary.md b/Vulnerability-Summary.md
new file mode 100644
index 000000000..e7eacb6d0
--- /dev/null
+++ b/Vulnerability-Summary.md
@@ -0,0 +1,30 @@
+# Summary of ESAPI Security Bulletins and GitHub Security Advisories</h1>
+This page attempts to summarize all the ESAPI Security Bulletins and GitHub Security Advisories in a table format. This started out as a lengthy email to the ESAPI User's Google group which you can find at
+"[A word about Log4J vulnerabilities in ESAPI - the TL;DR version](https://groups.google.com/a/owasp.org/g/esapi-project-users/c/_CR8d-dpvMU)",
+but then morphed into this current format as more and more Log4J 1.x vulnerabilities were discovered as well as one in ESAPI itself that we felt compelled to detail.
+
+Note that not all CVEs for ESAPI are reflected here as we only wrote ESAPI
+Security Bulletins for CVEs that we believed were either not exploitable via
+standard ESAPI configurations or that required special explanation above and beyond
+was provided in the description of the CVE.
+
+---
+
+
+|||||||
+|--- |--- |--- |--- |--- |--- |
+|**Relevant ESAPI Security Bulletin / GitHub Security Advisory**|**Summary**|**Relevant CWEs**|**Relevant Vuln ID**|**Notes regarding potential impact**|**ESAPI versions where default configuration is impacted**|
+|[1](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin1.pdf)|MAC bypass in ESAPI symmetric encryption|[CWE-310](https://cwe.mitre.org/data/definitions/310.html)|[CVE-2013-5679](https://nvd.nist.gov/vuln/detail/CVE-2013-5679)|MAC check may be bypassed thus not assuring the authenticity of the received ciphertext.|ESAPI 2.x versions before 2.1.0|
+|[2](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf)|Java deserialization vulnerability in Log4J 1 (via SocketServer) for ESAPI logging may lead to code injection|[CWE-502](https://cwe.mitre.org/data/definitions/502.html)|[CVE-2019-17571](https://nvd.nist.gov/vuln/detail/CVE-2019-17571)|SocketServer is a class presumably intended for aggregating Log4J log events. It is a server-side class. ESAPI does not use it, nor any Log4J 1 classes that use it.|None.ESAPI 2.x versions 2.2.1.0 and later default to use JUL (java.util.logging)|
+|[3](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf)|This flaw allows a specially-crafted XML file to manipulate the validation process in processed by Xerces’ XMLSchemaValidation class in certain cases.|[CWE-20](https://cwe.mitre.org/data/definitions/20.html)|[SNYK-JAVA-XERCES-608891](https://security.snyk.io/vuln/SNYK-JAVA-XERCES-608891) (related to [CVE-2020-14621](https://nvd.nist.gov/vuln/detail/CVE-2020-14621))|An analysis of the ESAPI and Xerces code shows that ESAPI does not use the vulnerable Xerces class either directly or indirectly.|None, but fixed even with respect to SCA tools for ESAPI 2.2.3.0 and later which AntiSamy 1.6.2, which uses Xerces 2.12.1, where this vulnerability is fixed.|
+|[4](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin4.pdf)|SMTPS (SMTP over SSL/TLS) can allow MITM attack if SMTPAppender is used with Log4J 1 ESAPI logging.|[CWE-295](https://cwe.mitre.org/data/definitions/295.html)|[CVE-2020-9488](https://nvd.nist.gov/vuln/detail/CVE-2020-9488)|If you are using Log4J 1’s SMTPAppender in your code, you already have a direct dependency that makes it exploitable. ESAPI does nothing to cause or prevent that.|None. ESAPI uses ConsoleAppender as the default appender even if ESAPI logging is configured to use Log4J 1.|
+|[5](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin5.pdf)|Invoking the method Commons IO method, FileNameUtils.normalize() with an improper input string could allow a limited path traversal.|[CWE-22](https://cwe.mitre.org/data/definitions/22.html)|[CVE-2021-29425](https://nvd.nist.gov/vuln/detail/CVE-2021-29425)|Commons IO is being pulled in via AntiSamy, which pulls in Apache Batik-CSS.  Batik-CSS is part of a larger Apache Xmlgraphics Batik family.Nothing in the Batik family of libraries uses org.apache.commons.io.FileNameUtils and neither ESAPI nor AntiSamy use Commons IO directly. Thus ESAPI is not affected by this CVE.|None. However may still show up in SCA output as AntiSamy using latest Apache Commons IO library version (2.6) that still support Java 7. AntiSamy 1.7 and later will require Java 8 as will ESAPI versions after 2.3.|
+|[6](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin6.pdf)|Flaw in Log4J 1’s JSMAppender could cause insecure deserialization potentially leading to remote code execution.|[CWE-502](https://cwe.mitre.org/data/definitions/502.html)|[CVE-2021-4104](https://nvd.nist.gov/vuln/detail/CVE-2021-4104)|All versions of ESAPI are vulnerable and impacted if your application is doing all 3 of the following:1) Using the deprecated ESAPI Log4J logging.2) You have changed your default log4j.xml (or log4j.properties) file to use JMSAppender.3) An attacker is able to overwrite the contents of your Log4J 1 configuration file.|None. ESAPI uses ConsoleAppender as the default appender even if ESAPI logging is configured to use Log4J 1.|
+|[7](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin7.pdf)|Improper validation (or, specifically, not using parameterized SQL queries) of a SQL statement makes Apache Log4j JDBCAppender vulnerable to SQL Injection. This potentially could allow attackers to execute unintended SQL statements by entering data that is logged via Log4J 1.|[CWE-89](https://cwe.mitre.org/data/definitions/89.html)|[CVE-2022-23305](https://nvd.nist.gov/vuln/detail/CVE-2022-23305)|All versions of ESAPI are vulnerable and impacted if your application is doing both of the following:1) Using the deprecated ESAPI Log4J logging.2) You have changed your default log4j.xml (or log4j.properties) file to use JDBCAppender.|None. ESAPI uses ConsoleAppender as the default appender even if ESAPI logging is configured to use Log4J 1.|
+|[8](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf)<br/>[GHSA-q77q-vx4q-xx6q](https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q)|Improper sanitization of user-controlled input permitted by an incorrect regular expression in an ESAPI configuration file can result in that input being unintentionally executing javascript: URLs, resulting in Cross-Site Scripting (XSS).|[CWE-79](https://cwe.mitre.org/data/definitions/79.html)|[CVE-2022-24891](https://nvd.nist.gov/vuln/detail/CVE-2022-24891)|A malformed regular expression in ESAPI’s default AntiSamy policy file, “antisamy-esapi.xml�, accidentally allowed the “:� character to match as a part of the “onsiteURL� regular expression. This allowed 'javascript:' pseudo-URIs to slip past ESAPI which could result in XSS vulnerabilities. Note that this vulnerability dates back at least to the ESAPI 1.4 release.|ESAPI 1.4 and all ESAPI 2.x versions before 2.3.0.0.|
+|[9](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin9.pdf)|Apache Log4j 1’s JMSSink is vulnerable to insecure deserialization of untrusted logged data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service that the attacker has access to. This may resulting in remote code execution.|[CWE-502](https://cwe.mitre.org/data/definitions/502.html)|[CVE-2022-23302](https://nvd.nist.gov/vuln/detail/CVE-2022-23302)|Remote Code Execution is possible.|None. ESAPI uses ConsoleAppender as the default appender even if ESAPI logging is configured to use Log4J 1.|
+|[10](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin10.pdf)|There is an RCE flaw caused by an insecure deserialization vulnerability in Apache Chainsaw, a Java-based GUI log viewer.            CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw 2.x prior to 2.1.0. However, prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists and remains unfixed.|[CWE-502](https://cwe.mitre.org/data/definitions/502.html)|[CVE-2022-23307](https://nvd.nist.gov/vuln/detail/CVE-2022-23307)|Remote Code Execution is possible if you are running Apache Chainsaw 1.x from the Apache Log4J 1.2.x jar.|None. ESAPI uses ConsoleAppender as the default appender even if ESAPI logging is configured to use Log4J 1.|
+|[GHSA-8m5h-hrqm-pxm2](https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2)|The default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path.|[CWE-22](https://cwe.mitre.org/data/definitions/22.html)|[CVE-2022-23457](https://nvd.nist.gov/vuln/detail/CVE-2022-23457)|Control-flow bypass may be possible.|ESAPI 2.x, prior to the ESAPI 2.3.0.0 release. Version 2.3.0.0 and later are patched.|
+|[11](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin11.pdf)|There is a DoS vulerablity in the FileUploadBase class of Apache Commons FileUpload for releases prior to 1.5. That DoS vulnerability is caused by not limiting the number of files that could be uploaded per single request.|[CWE-770](https://cwe.mitre.org/data/definitions/770.html)|[CVE-2023-24998](https://nvd.nist.gov/vuln/detail/CVE-2023-24998)|None. ESAPI uses a subclass of the affected FileUpladBase abstract class from Apache Commons FileUpload to which a new setFileCountMax() method was added.|Addressed in ESAPI 2.5.2.0 and later.|
+|[12](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin12.pdf)<br/>[GHSA-r68h-jhhj-9jvm](https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm)|Decribes why ESAPI's Validator.isValidSafeHTML is being deprecated and will be removed one year after the ESAPI 2.5.3.0 release date.|[CWE-80](https://cwe.mitre.org/data/definitions/80.html)|N/A (no CVE)|XSS may be possible depending on how the method is used.|All ESAPI versions (all 1.x and 2.x versions). No patch is available until the methods are deleted one year after the ESAPI 2.5.3.0 release date.|
+|[13](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf)|There is a bypass around ESAPI's Encoder.encodeForSQL interface (a method that always carried a strong warning) that be result in SQL injection vulnerabilities in code that use it.|[CWE-138](https://cwe.mitre.org/data/definitions/138.html)|[CVE-2025-5878](https://www.cve.org/CVERecord?id=CVE-2025-5878)|May leave applications that use Encoder.encodeForSQL vulnerable to SQL injection.|ESAPI 2.x versions before 2.7.0|
diff --git a/ant-javadoc.xml b/ant-javadoc.xml
deleted file mode 100644
index 084d4d1dc..000000000
--- a/ant-javadoc.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<project default="javadoc">
-    <target name="javadoc">
-        <javadoc access="private" additionalparam="-J-Xmx768m " author="true" classpath="C:\Users\kww\.m2\repository\org\beanshell\bsh-core\2.0b4\bsh-core-2.0b4.jar;C:\Users\kww\.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar;C:\Users\kww\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar;C:\Users\kww\.m2\repository\commons-io\commons-io\1.3\commons-io-1.3.jar;C:\Users\kww\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar;C:\Users\kww\.m2\repository\commons-fileupload\commons-fileupload\1.2\commons-fileupload-1.2.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis\1.3.03\xml-apis-1.3.03.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-util\1.7\batik-util-1.7.jar;C:\Users\kww\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar;C:\Users\kww\.m2\repository\xom\xom\1.2.5\xom-1.2.5.jar;C:\Users\kww\.m2\repository\junit\junit\4.4\junit-4.4.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils\1.7.0\commons-beanutils-1.7.0.jar;C:\Users\kww\.m2\repository\xerces\xercesImpl\2.8.0\xercesImpl-2.8.0.jar;C:\Users\kww\.m2\repository\commons-codec\commons-codec\1.2\commons-codec-1.2.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils-core\1.7.0\commons-beanutils-core-1.7.0.jar;C:\Users\kww\.m2\repository\net\sourceforge\nekohtml\nekohtml\1.9.12\nekohtml-1.9.12.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-css\1.7\batik-css-1.7.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis-ext\1.3.04\xml-apis-ext-1.3.04.jar;C:\Users\kww\.m2\repository\org\owasp\antisamy\antisamy\1.4.3\antisamy-1.4.3.jar;C:\Users\kww\.m2\repository\commons-httpclient\commons-httpclient\3.1\commons-httpclient-3.1.jar;C:\Users\kww\.m2\repository\javax\servlet\servlet-api\2.4\servlet-api-2.4.jar;C:\Users\kww\.m2\repository\commons-lang\commons-lang\2.3\commons-lang-2.3.jar;C:\Users\kww\.m2\repository\log4j\log4j\1.2.16\log4j-1.2.16.jar;C:\Users\kww\.m2\repository\commons-digester\commons-digester\1.8\commons-digester-1.8.jar;C:\Users\kww\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar;C:\Users\kww\.m2\repository\commons-configuration\commons-configuration\1.5\commons-configuration-1.5.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-ext\1.7\batik-ext-1.7.jar;C:\Users\kww\.m2\repository\javax\servlet\jsp-api\2.0\jsp-api-2.0.jar;target/test-classes" destdir="doc" doctitle="OWASP ESAPI 2.1.0 API" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" packagenames="org.owasp.esapi.waf.rules,org.owasp.esapi.waf.actions,org.owasp.esapi.tags,org.owasp.esapi.waf.configuration" source="1.5" sourcefiles="src/main/java/org/owasp/esapi/errors/ConfigurationException.java,src/main/java/org/owasp/esapi/AccessController.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java,src/main/java/org/owasp/esapi/Encryptor.java,src/main/java/org/owasp/esapi/Authenticator.java,src/main/java/org/owasp/esapi/errors/AccessControlException.java,src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java,src/main/java/org/owasp/esapi/errors/EncodingException.java,src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java,src/main/java/org/owasp/esapi/AccessReferenceMap.java,src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java,src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/main/java/org/owasp/esapi/Randomizer.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java,src/main/java/org/owasp/esapi/errors/ValidationUploadException.java,src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java,src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/main/java/org/owasp/esapi/Logger.java,src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/main/java/org/owasp/esapi/IntrusionDetector.java,src/main/java/org/owasp/esapi/filters/SecurityWrapper.java,src/main/java/org/owasp/esapi/EncoderConstants.java,src/main/java/org/owasp/esapi/Encoder.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java,src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java,src/main/java/org/owasp/esapi/errors/AuthenticationException.java,src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java,src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java,src/main/java/org/owasp/esapi/reference/JavaLogFactory.java,src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java,src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java,src/main/java/org/owasp/esapi/errors/ExecutorException.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java,src/main/java/org/owasp/esapi/codecs/UnixCodec.java,src/main/java/org/owasp/esapi/codecs/WindowsCodec.java,src/main/java/org/owasp/esapi/waf/ConfigurationException.java,src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java,src/main/java/org/owasp/esapi/Validator.java,src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java,src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java,src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java,src/main/java/org/owasp/esapi/AccessControlRule.java,src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java,src/main/java/org/owasp/esapi/ValidationErrorList.java,src/main/java/org/owasp/esapi/ValidationRule.java,src/main/java/org/owasp/esapi/codecs/MySQLCodec.java,src/main/java/org/owasp/esapi/EncryptedProperties.java,src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java,src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java,src/main/java/org/owasp/esapi/util/NullSafe.java,src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java,src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/main/java/org/owasp/esapi/PreparedString.java,src/main/java/org/owasp/esapi/errors/IntrusionException.java,src/main/java/org/owasp/esapi/crypto/CryptoHelper.java,src/main/java/org/owasp/esapi/crypto/CipherText.java,src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java,src/main/java/org/owasp/esapi/codecs/Codec.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/main/java/org/owasp/esapi/SecurityConfiguration.java,src/main/java/org/owasp/esapi/errors/AvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java,src/main/java/org/owasp/esapi/codecs/Hex.java,src/main/java/org/owasp/esapi/codecs/PercentCodec.java,src/main/java/org/owasp/esapi/codecs/Trie.java,src/main/java/org/owasp/esapi/codecs/HashTrie.java,src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/main/java/org/owasp/esapi/ESAPI.java,src/main/java/org/owasp/esapi/reference/Log4JLogger.java,src/main/java/org/owasp/esapi/crypto/PlainText.java,src/main/java/org/owasp/esapi/SafeFile.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java,src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java,src/main/java/org/owasp/esapi/crypto/CipherSpec.java,src/main/java/org/owasp/esapi/StringUtilities.java,src/main/java/org/owasp/esapi/codecs/OracleCodec.java,src/main/java/org/owasp/esapi/codecs/CSSCodec.java,src/main/java/org/owasp/esapi/waf/internal/Parameter.java,src/main/java/org/owasp/esapi/util/CollectionsUtil.java,src/main/java/org/owasp/esapi/crypto/CryptoToken.java,src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java,src/main/java/org/owasp/esapi/HTTPUtilities.java,src/main/java/org/owasp/esapi/codecs/PushbackString.java,src/main/java/org/owasp/esapi/filters/ESAPIFilter.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java,src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java,src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java,src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java,src/main/java/org/owasp/esapi/errors/EncryptionException.java,src/main/java/org/owasp/esapi/codecs/Base64.java,src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java,src/main/java/org/owasp/esapi/reference/DefaultExecutor.java,src/main/java/org/owasp/esapi/errors/IntegrityException.java,src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java,src/main/java/org/owasp/esapi/User.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java,src/main/java/org/owasp/esapi/reference/DefaultEncoder.java,src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java,src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java,src/main/java/org/owasp/esapi/util/ObjFactory.java,src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java,src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java,src/main/java/org/owasp/esapi/reference/DefaultUser.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java,src/main/java/org/owasp/esapi/filters/ClickjackFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java,src/main/java/org/owasp/esapi/reference/DefaultValidator.java,src/main/java/org/owasp/esapi/reference/DefaultAccessController.java,src/main/java/org/owasp/esapi/codecs/DB2Codec.java,src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java,src/main/java/org/owasp/esapi/errors/ValidationException.java,src/main/java/org/owasp/esapi/Executor.java,src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java,src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java,src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/main/java/org/owasp/esapi/util/ByteConversionUtil.java,src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java,src/main/java/org/owasp/esapi/LogFactory.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java,src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/main/java/org/owasp/esapi/errors/CertificateException.java,src/main/java/org/owasp/esapi/ExecuteResult.java" sourcepath="src/test/resources;src/test/java;src/main/java" splitindex="true" use="true" version="true">
-            <link href="http://java.sun.com/javase/7/docs/api/"/>
-        </javadoc>
-    </target>
-</project>
diff --git a/configuration/esapi/ESAPI-AccessControlPolicy.xml b/configuration/esapi/ESAPI-AccessControlPolicy.xml
index 2ed0732bc..4d2ca74b5 100644
--- a/configuration/esapi/ESAPI-AccessControlPolicy.xml
+++ b/configuration/esapi/ESAPI-AccessControlPolicy.xml
@@ -1,127 +1,127 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-
-<AccessControlPolicy>
-	<AccessControlRules>
-		<AccessControlRule
-			name="AlwaysTrue"
-			description="Access is always granted"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="AlwaysFalse"
-			description="Access is always denied"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameter"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoPolicyParameter"
-			description="Access depends on the value of the policy parameter: isTrue"
-			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="true"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- 
-			The following Rules are for backwards compatibility with
-			the deprecated AcessController 1.0 reference implementation
-			specification
-		-->
-		<AccessControlRule
-			name="AC 1.0 Data"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 File"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Function"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Service"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 URL"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
-	</AccessControlRules>
-</AccessControlPolicy>
-
-
-
-<!-- 
-We have these as runtime tests, but not as policy file load tests yet.
-		<AccessControlRule
-			name="EchoRuntimeParameterClassCastException"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueNull"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="null"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueEmpty"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value=""/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueMissing"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean"/>
-			</Parameters>
-		</AccessControlRule>
--->
-
-<!-- we should add tests for name and type errors too -->
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+
+<AccessControlPolicy>
+	<AccessControlRules>
+		<AccessControlRule
+			name="AlwaysTrue"
+			description="Access is always granted"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="AlwaysFalse"
+			description="Access is always denied"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameter"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoPolicyParameter"
+			description="Access depends on the value of the policy parameter: isTrue"
+			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="true"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- 
+			The following Rules are for backwards compatibility with
+			the deprecated AcessController 1.0 reference implementation
+			specification
+		-->
+		<AccessControlRule
+			name="AC 1.0 Data"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 File"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Function"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Service"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 URL"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
+	</AccessControlRules>
+</AccessControlPolicy>
+
+
+
+<!-- 
+We have these as runtime tests, but not as policy file load tests yet.
+		<AccessControlRule
+			name="EchoRuntimeParameterClassCastException"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueNull"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="null"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueEmpty"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value=""/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueMissing"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean"/>
+			</Parameters>
+		</AccessControlRule>
+-->
+
+<!-- we should add tests for name and type errors too -->
diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 35c9d0870..2df6e7804 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -1,459 +1,585 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help.
-# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
-# default for reasons of backward compatibility with earlier ESAPI versions.
-ESAPI.printProperties=true
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when 
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: Do NOT forget to replace these with your own values! *****
-# To calculate these values, you can run:
-#		java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-#
-#Encryptor.MasterKey=
-#Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-# DISCUSS: Better name?
-Encryptor.cipher_modes.additional_allowed=CBC
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an *example* for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-
-# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
-# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
-# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
-# the MAC, mostly to keep the overall size at a minimum.)
-#
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# the JDKs support it.  See the ESAPI 2.0 Symmetric Encryption User Guide
-# further details.
-Encryptor.KDF.PRF=HmacSHA256
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - This should be made OS independent. Don't use unsafe defaults.
-# # Examples only -- do NOT blindly copy!
-#   For Windows:
-#     Executor.WorkingDirectory=C:\\Windows\\Temp
-#     Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-#   For *nux, MacOS:
-#     Executor.WorkingDirectory=/tmp
-#     Executor.ApprovedExecutables=/bin/bash
-Executor.WorkingDirectory=
-Executor.ApprovedExecutables=
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-Validator.ConfigurationFile=validation.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-
-#the word TEST below should be changed to your application 
-#name - only relative URL's are supported
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
-Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
-Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
+# 
+# This file is part of the Open Worldwide Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# https://owasp.org/www-project-enterprise-security-api/
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help.
+# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
+# default for reasons of backward compatibility with earlier ESAPI versions.
+ESAPI.printProperties=true
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
+# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
+#    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
+# and do whatever other normal SLF4J configuration that you normally would do for your application.
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when 
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+#		***** IMPORTANT: Do NOT forget to replace these with your own values! *****
+# To calculate these values, you can run:
+#		java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+#
+#Encryptor.MasterKey=
+#Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# DISCUSS: Better name?
+Encryptor.cipher_modes.additional_allowed=CBC
+
+# Default key size to use for cipher specified by Encryptor.EncryptionAlgorithm.
+# Note that this MUST be a valid key size for the algorithm being used
+# (as specified by Encryptor.EncryptionAlgorithm). So for example, if AES is used,
+# it must be 128, 192, or 256. If DESede is chosen, then it must be either 112 or 168.
+#
+# Note that 128-bits is almost always sufficient and for AES it appears to be more
+# somewhat more resistant to related key attacks than is 256-bit AES.)
+#
+# Defaults to 128-bits if left blank.
+#
+# NOTE: If you use a key size > 128-bits, then you MUST have the JCE Unlimited
+#       Strength Jurisdiction Policy files installed!!!
+#
+Encryptor.EncryptionKeyLength=128
+
+# This is the _minimum_ key size (in bits) that we allow with ANY symmetric
+# cipher for doing encryption. (There is no minimum for decryption.)
+#
+# Generally, if you only use one algorithm, this should be set the same as
+# the Encryptor.EncryptionKeyLength property.
+Encryptor.MinEncryptionKeyLength=128
+
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
+Encryptor.ChooseIVMethod=random
+
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false. That is because ESAPI takes the master key and
+# derives 2 keys from it--a key for the MAC and a key for encryption--and
+# because ESAPI is not itself FIPS 140-2 verified such intermediary aterations
+# to keys from FIPS approved sources would have the effect of making your FIPS
+# approved key generation and thus your FIPS approved JCE provider unapproved!
+# More details in
+#       documentation/esapi4java-core-2.0-readme-crypto-changes.html
+#       documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# You have been warned.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+
+# Was 'SHA1withDSA', but that won't support 2048 key sizes. Change back for
+# backward compatibility.
+Encryptor.DigitalSignatureAlgorithm=SHA256withDSA
+
+# Was 1024. Change this back if you require backward compatibility.
+Encryptor.DigitalSignatureKeyLength=2048
+# SHA1 is fine as a CSRNG; no need to use anything else.
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+
+# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
+# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
+# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
+# the MAC, mostly to keep the overall size at a minimum.)
+#
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# the JDKs support it.  See the ESAPI 2.0 Symmetric Encryption User Guide
+# further details.
+Encryptor.KDF.PRF=HmacSHA256
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+#
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP header key--the validator regex may have additional values. 
+HttpUtilities.MaxHeaderNameSize=256
+# Maximum size of HTTP header value--the validator regex may have additional values. 
+HttpUtilities.MaxHeaderValueSize=4096
+# Maximum size of JSESSIONID for the application--the validator regex may have additional values.  
+HttpUtilities.HTTPJSESSIONIDLENGTH=50
+# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
+HttpUtilities.URILENGTH=2000
+# Maximum length of a redirect 
+HttpUtilities.maxRedirectLength=512
+# Maximum length for an http scheme
+HttpUtilities.HTTPSCHEMELENGTH=10
+# Maximum length for an http host
+HttpUtilities.HTTPHOSTLENGTH=100
+# Maximum length for an http path
+HttpUtilities.HTTPPATHLENGTH=150
+#Maximum length for a context path 
+HttpUtilities.contextPathLength=150
+#Maximum length for an httpServletPath 
+HttpUtilities.HTTPSERVLETPATHLENGTH=100
+#Maximum length for an http query parameter name
+HttpUtilities.httpQueryParamNameLength=100
+#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
+HttpUtilities.httpQueryParamValueLength=500
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+HttpUtilities.MaxUploadFileBytes=500000000
+# Maximum # of files that can be uploaded per HTTP request.
+# Set to -1 for no maximum. Related to CVE-2023-24998.
+HttpUtilities.MaxUploadFileCount=20
+
+# Allowing anonymous users to do file uploads via HTTPUtilities.getFileUploads
+# can make it easier for DoS attacks via uploading files easier. (See Security Bulletin #11,
+# https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin11.pdf
+# for details).
+#
+# By default, we allow anonymous users to upload files because we can only rely on
+# ESAPI.authenticator().getCurrentUser() to determine if a user associated
+# with the current HTTP session is authenticated and almost no one uses the
+# ESAPI Authenticator because the reference implementation is just a toy
+# implementation and is not enterprise scalable.
+#
+# If you are using the ESAPI Authenticator (the ESAPI reference implementation
+# or you've implemented your own custom one), then you can set this property value
+# to 'false' to disallow anonymous (i.e., unauthenticated) users to upload
+# files. However, if you are not using the ESAPI Authenticator, then you should
+# probably leave this set to 'false', otherwise you will completely prevent the
+# use of HTTPUtilities.getFileUploads methods.
+#
+HttpUtilities.FileUploadAllowAnonymousUser=true
+
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+#Sets whether or not we will overwrite http status codes to 200.
+HttpUtilities.OverwriteStatusCodes=true
+#Sets the application's base character encoding.  This is forked from the Java Encryptor property.
+HttpUtilities.CharacterEncoding=UTF-8
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - This should be made OS independent. Don't use unsafe defaults.
+# # Examples only -- do NOT blindly copy!
+#   For Windows:
+#     Executor.WorkingDirectory=C:\\Windows\\Temp
+#     Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+#   For *nux, MacOS:
+#     Executor.WorkingDirectory=/tmp
+#     Executor.ApprovedExecutables=/bin/bash
+Executor.WorkingDirectory=
+Executor.ApprovedExecutables=
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# Determines whether ESAPI should log the user info.
+Logger.UserInfo=true
+# Determines whether ESAPI should log the session id and client IP.
+Logger.ClientInfo=true
+
+# Determines whether ESAPI should log the prefix of [EVENT_TYPE - APPLICATION NAME].
+# If all above Logger entries are set to false, as well as LogPrefix, then the output would be the same as if no ESAPI was used
+Logger.LogPrefix=true
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+# Use '\p{L}' (without the quotes) within the character class to match
+# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
+# You can also use any of the regex flags as documented at
+# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
+#
+Validator.ConfigurationFile=validation.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+
+#the word TEST below should be changed to your application 
+#name - only relative URL's are supported
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
+# Note that headerName and Value length is also configured in the HTTPUtilities section
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
+
+
+# Contributed by Fraenku@gmx.ch
+# Github Issue 126 https://github.com/ESAPI/esapi-java-legacy/issues/126
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
+
+#                       ~~~~~ Important Note ~~~~~
+# This is a workaround to make sure that a commit to address GitHub issue #509
+# doesn't accidentally break someone's production code. So essentially what we
+# are doing is to reverting back to the previous possibly buggy (by
+# documentation intent at least), but, by now, expected legacy behavior.
+# Prior to the code changes for issue #509, if invalid / malicious HTML input was
+# observed, AntiSamy would simply attempt to sanitize (cleanse) it and it would
+# only be logged. However, the code change made ESAPI comply with its
+# documentation, which stated that a ValidationException should be thrown in
+# such cases. Unfortunately, changing this behavior--especially when no one is
+# 100% certain that the documentation was correct--could break existing code
+# using ESAPI so after a lot of debate, issue #521 was created to restore the
+# previous behavior, but still allow the documented behavior. (We did this
+# because it wasn't really causing an security issues since AntiSamy would clean
+# it up anyway and we value backward compatibility as long as it doesn't clearly
+# present security vulnerabilities.)
+# More defaults about this are written up under GitHub issue #521 and
+# the pull request it references. Future major releases of ESAPI (e.g., ESAPI 3.x)
+# will not support this previous behavior, but it will remain for ESAPI 2.x.
+# Set this to 'throw' if you want the originally intended behavior of throwing
+# that was fixed via issue #509. Set to 'clean' if you want want the HTML input
+# sanitized instead.
+#
+# Possible values:
+#   clean -- Use the legacy behavior where unsafe HTML input is logged and the
+#            sanitized (i.e., clean) input as determined by AntiSamy and your
+#            AntiSamy rules is returned. This is the default behavior if this
+#            new property is not found.
+#   throw -- The new, presumably correct and originally intended behavior where
+#            a ValidationException is thrown when unsafe HTML input is
+#            encountered.
+#
+#Validator.HtmlValidationAction=clean
+Validator.HtmlValidationAction=throw
+
+# With the fix for #310 to enable loading antisamy-esapi.xml from the classpath
+# also an enhancement was made to be able to use a different filename for the configuration.
+# You don't have to configure the filename here, but in that case the code will keep looking for antisamy-esapi.xml.
+# This is the default behaviour of ESAPI.
+#
+#Validator.HtmlValidationConfigurationFile=antisamy-esapi.xml
+
+########################################################################################
+# The following methods are now disabled in the default configuration and must
+# be explicity enabled. If you try to invoke a method disabled by default, ESAPI
+# will thrown a NotConfiguredByDefaultException.
+#
+# The reason for this varies, but ranges from they are not really suitable for
+# enterprise scale to that are only marginally tested (if at all) versus the are
+# unsafe for general use, although them may be fine when combined with other
+# security-in-depth techiques.
+#
+# The disabled-by-default methods are:
+#   org.owasp.esapi.reference.DefaultEncoder.encodeForSQL
+#   org.owasp.esapi.ESAPI.accessController  [FUTURE; will correspond to deprecation notice]
+#
+# Mote details to explain this may be found in the ESAPI GitHub wiki article at
+#   https://github.com/ESAPI/esapi-java-legacy/wiki/Reducing-the-ESAPI-Library's-Attack-Surface
+###########
+# The format is a comma-separated list of fully.Qualified.ClassName.methodName;
+# all class names must begin with "org.owasp.esapi.".
+ESAPI.dangerouslyAllowUnsafeMethods.methodNames=
+###########
+# Normally you would put some text here (that will be logged) that provides some
+# justification as to why you have enabled these functions. This can be
+# anythuing such as a Jira or ServiceNow ticket number, a security exception
+# reference, etc. If it is left empty, it will just like "Justification: none".`
+ESAPI.dangerouslyAllowUnsafeMethods.justification=
diff --git a/configuration/esapi/antisamy-esapi.xml b/configuration/esapi/antisamy-esapi.xml
index 500ab5943..bcb53aed1 100644
--- a/configuration/esapi/antisamy-esapi.xml
+++ b/configuration/esapi/antisamy-esapi.xml
@@ -1,492 +1,172 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-	
-<!-- 
-W3C rules retrieved from:
-http://www.w3.org/TR/html401/struct/global.html
--->
-	
-<!--
-Slashdot allowed tags taken from "Reply" page:
-<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
--->
-
-<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:noNamespaceSchemaLocation="antisamy.xsd">
-	
-	<directives>
-		<directive name="omitXmlDeclaration" value="true"/>
-		<directive name="omitDoctypeDeclaration" value="true"/>
-		<directive name="maxInputSize" value="500000"/>
-		<directive name="embedStyleSheets" value="false"/>
-	</directives>
-	
-	
-	<common-regexps>
-		
-		<!-- 
-		From W3C:
-		This attribute assigns a class name or set of class names to an
-		element. Any number of elements may be assigned the same class
-		name or names. Multiple class names must be separated by white 
-		space characters.
-		-->
-		
-		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
-		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
-		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
-	
-	</common-regexps>
-	
-	<!-- 
-	
-	Tag.name = a, b, div, body, etc.
-	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
-	Attribute.name = id, class, href, align, width, etc.
-	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
-	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
-	 
-	 -->
-
-	<!-- 
-	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
-	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
-	-->
-
-	<common-attributes>
-		
-
-		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
-		 	<regexp-list>
-		 		<regexp value="[a-zA-Z]{2,20}"/>
-		 	</regexp-list>
-		 </attribute>
-		 
-		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
-		 	<regexp-list>
-		 		<regexp name="htmlTitle"/>
-		 	</regexp-list>
-		 </attribute>
-
-		<attribute name="href" onInvalid="filterTag">
-			<regexp-list>
-				<regexp name="onsiteURL"/>
-				<regexp name="offsiteURL"/>
-			</regexp-list>
-		</attribute>
-	
-		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
-			<literal-list>
-				<literal value="center"/>
-				<literal value="left"/>
-				<literal value="right"/>
-				<literal value="justify"/>
-				<literal value="char"/>
-			</literal-list>
-		</attribute>
-
-	</common-attributes>
-
-
-	<!--
-	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
-	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
-	a while?
-	 -->
-	
-	<global-tag-attributes>
-		<attribute name="title"/>
-		<attribute name="lang"/>
-	</global-tag-attributes>
-
-
-	<tag-rules>
-
-		<!-- Tags related to JavaScript -->
-
-		<tag name="script" action="remove"/>
-		<tag name="noscript" action="remove"/>
-		
-		<!-- Frame & related tags -->
-		
-		<tag name="iframe" action="remove"/>
-		<tag name="frameset" action="remove"/>
-		<tag name="frame" action="remove"/>
-		<tag name="noframes" action="remove"/>
-		
-
-		<!-- All reasonable formatting tags -->
-		
-		<tag name="p" action="validate">
-			<attribute name="align"/>
-		</tag>
-
-		<tag name="div" action="validate"/>		
-		<tag name="i" action="validate"/>
-		<tag name="b" action="validate"/>
-		<tag name="em" action="validate"/>
-		<tag name="blockquote" action="validate"/>
-		<tag name="tt" action="validate"/>
-		
-		<tag name="br" action="truncate"/>
-
-		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
-		
-		<tag name="quote" action="validate"/>
-		<tag name="ecode" action="validate"/> 
-		
-						
-		<!-- Anchor and anchor related tags -->
-		
-		<tag name="a" action="validate">
-
-			<attribute name="href" onInvalid="filterTag"/>
-			<attribute name="nohref">
-				<literal-list>
-					<literal value="nohref"/>
-					<literal value=""/>
-				</literal-list>
-			</attribute>
-			<attribute name="rel">
-				<literal-list>
-					<literal value="nofollow"/>
-				</literal-list>
-			</attribute>
-		</tag>
-
-		<!-- List tags -->
-
-		<tag name="ul" action="validate"/>
-		<tag name="ol" action="validate"/>
-		<tag name="li" action="validate"/>
-		
-	</tag-rules>
-
-
-
-	<!--  No CSS on Slashdot posts -->
-
-	<css-rules>
-	</css-rules>
-
-
-	<html-entities>
-		<entity name="amp" cdata="&amp;"/>
-		<entity name="nbsp" cdata="&amp;#160;"/>
-		
-		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
-		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
-		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
-		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
-		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
-		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
-		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
-		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
-		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
-		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
-		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
-		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
-		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
-		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
-		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
-		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
-		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
-		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
-		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
-		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
-		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
-		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
-		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
-		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
-		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
-		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
-		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
-		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
-		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
-		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
-		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
-		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
-		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
-		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
-		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
-		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
-		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
-		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
-		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
-		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
-		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
-		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
-		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
-		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
-		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
-		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
-		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
-		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
-		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
-		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
-		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
-		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
-		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
-		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
-		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
-		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
-		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
-		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
-		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
-		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
-		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
-		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
-		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
-		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
-		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
-		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
-		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
-		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
-		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
-		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
-		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
-		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
-		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
-		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
-		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
-		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
-		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
-		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
-		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
-		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
-		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
-		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
-		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
-		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
-		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
-		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
-		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
-		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
-		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
-		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
-		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
-		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
-		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
-		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
-		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
-		                                  
-		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
-		
-		<!-- Greek -->
-		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
-		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
-		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
-		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
-		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
-		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
-		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
-		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
-		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
-		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
-		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
-		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
-		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
-		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
-		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
-		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
-		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
-		<!-- there is no Sigmaf, and no U+03A2 character either -->
-		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
-		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
-		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
-		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
-		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
-		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
-		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
-		
-		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
-		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
-		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
-		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
-		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
-		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
-		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
-		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
-		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
-		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
-		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
-		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
-		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
-		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
-		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
-		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
-		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
-		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
-		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
-		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
-		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
-		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
-		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
-		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
-		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
-		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
-		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
-		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
-		
-		<!-- General Punctuation -->
-		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
-		<!-- bullet is NOT the same as bullet operator, U+2219 -->
-		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
-		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
-		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
-		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
-		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
-		
-		<!-- Letterlike Symbols -->
-		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
-		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
-		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
-		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
-		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
-		<!-- alef symbol is NOT the same as hebrew letter alef,
-		     U+05D0 although the same glyph could be used to depict both characters -->
-		
-		<!-- Arrows -->
-		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
-		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
-		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
-		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
-		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
-		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
-		                                     = carriage return, U+21B5 NEW -->
-		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
-		
-		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
-		    but also does not have any other character for that function. So ? lArr can
-		    be used for 'is implied by' as ISOtech suggests -->
-		    
-		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
-		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
-		
-		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
-		     another character with this function so ?
-		     rArr can be used for 'implies' as ISOtech suggests -->
-		     
-		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
-		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
-		
-		<!-- Mathematical Operators -->
-		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
-		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
-		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
-		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
-		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
-		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
-		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
-		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
-	
-		<!-- should there be a more memorable name than 'ni'? -->
-		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
-		
-		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
-		     the same glyph might be used for both -->
-		     
-		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
-		
-		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
-		     though the same glyph might be used for both -->
-		
-		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
-		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
-		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
-		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
-		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
-		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
-		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
-		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
-		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
-		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
-		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
-		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
-		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
-		
-		<!-- tilde operator is NOT the same character as the tilde, U+007E,
-		     although the same glyph might be used to represent both  -->
-		     
-		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
-		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
-		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
-		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
-		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
-		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
-		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
-		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
-		
-		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
-		     font encoding and is not included. Should it be, for symmetry?
-		     It is in ISOamsn  --> 
-		
-		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
-		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
-		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
-		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
-		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
-		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
-		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
-		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
-		
-		<!-- Miscellaneous Technical -->
-		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
-		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
-		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
-		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
-		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
-		<!-- lang is NOT the same character as U+003C 'less than' 
-		     or U+2039 'single left-pointing angle quotation mark' -->
-		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
-		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
-		
-		<!-- Geometric Shapes -->
-		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
-		
-		<!-- Miscellaneous Symbols -->
-		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
-		<!-- black here seems to mean filled as opposed to hollow -->
-		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
-		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
-		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
-		
-		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
-		<!-- Latin Extended-A -->
-		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
-		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
-		<!-- ligature is a misnomer, this is a separate character in some languages -->
-		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
-		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
-		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
-		
-		<!-- Spacing Modifier Letters -->
-		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
-		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
-		
-		<!-- General Punctuation -->
-		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
-		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
-		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
-		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
-		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
-		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
-		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
-		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
-		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
-		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
-		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
-		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
-		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
-		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
-		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
-		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
-		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
-		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
-		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
-		<!-- lsaquo is proposed but not yet ISO standardized -->
-		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
-		<!-- rsaquo is proposed but not yet ISO standardized -->
-		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
-	</html-entities>
-
-</anti-samy-rules>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+	
+<!-- 
+W3C rules retrieved from:
+http://www.w3.org/TR/html401/struct/global.html
+-->
+	
+<!--
+Slashdot allowed tags taken from "Reply" page:
+<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
+-->
+
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:noNamespaceSchemaLocation="antisamy.xsd">
+	
+	<directives>
+		<directive name="omitXmlDeclaration" value="true"/>
+		<directive name="omitDoctypeDeclaration" value="true"/>
+		<directive name="maxInputSize" value="500000"/>
+		<directive name="embedStyleSheets" value="false"/>
+        <directive name="noopenerAndNoreferrerAnchors" value="true" />
+	</directives>
+	
+	
+	<common-regexps>
+		
+		<!-- 
+		From W3C:
+		This attribute assigns a class name or set of class names to an
+		element. Any number of elements may be assigned the same class
+		name or names. Multiple class names must be separated by white 
+		space characters.
+		-->
+		
+		<regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+		<regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
+	
+	</common-regexps>
+	
+	<!-- 
+	
+	Tag.name = a, b, div, body, etc.
+	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
+	Attribute.name = id, class, href, align, width, etc.
+	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
+	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
+	 
+	 -->
+
+	<!-- 
+	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
+	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
+	-->
+
+	<common-attributes>
+		
+
+		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
+		 	<regexp-list>
+		 		<regexp value="[a-zA-Z]{2,20}"/>
+		 	</regexp-list>
+		 </attribute>
+		 
+		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
+		 	<regexp-list>
+		 		<regexp name="htmlTitle"/>
+		 	</regexp-list>
+		 </attribute>
+
+		<attribute name="href" onInvalid="filterTag">
+			<regexp-list>
+				<regexp name="onsiteURL"/>
+				<regexp name="offsiteURL"/>
+			</regexp-list>
+		</attribute>
+	
+		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
+			<literal-list>
+				<literal value="center"/>
+				<literal value="left"/>
+				<literal value="right"/>
+				<literal value="justify"/>
+				<literal value="char"/>
+			</literal-list>
+		</attribute>
+
+	</common-attributes>
+
+
+	<!--
+	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
+	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
+	a while?
+	 -->
+	
+	<global-tag-attributes>
+		<attribute name="title"/>
+		<attribute name="lang"/>
+	</global-tag-attributes>
+
+
+	<tag-rules>
+
+		<!-- Tags related to JavaScript -->
+
+		<tag name="script" action="remove"/>
+		<tag name="noscript" action="remove"/>
+		
+		<!-- Frame & related tags -->
+		
+		<tag name="iframe" action="remove"/>
+		<tag name="frameset" action="remove"/>
+		<tag name="frame" action="remove"/>
+		<tag name="noframes" action="remove"/>
+		
+
+		<!-- All reasonable formatting tags -->
+		
+		<tag name="p" action="validate">
+			<attribute name="align"/>
+		</tag>
+
+		<tag name="div" action="validate"/>		
+		<tag name="i" action="validate"/>
+		<tag name="b" action="validate"/>
+		<tag name="em" action="validate"/>
+		<tag name="blockquote" action="validate"/>
+		<tag name="tt" action="validate"/>
+		
+		<tag name="br" action="truncate"/>
+
+		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
+		
+		<tag name="quote" action="validate"/>
+		<tag name="ecode" action="validate"/> 
+		
+						
+		<!-- Anchor and anchor related tags -->
+		
+		<tag name="a" action="validate">
+
+			<attribute name="href" onInvalid="filterTag"/>
+			<attribute name="nohref">
+				<literal-list>
+					<literal value="nohref"/>
+					<literal value=""/>
+				</literal-list>
+			</attribute>
+			<attribute name="rel">
+				<literal-list>
+					<literal value="nofollow"/>
+				</literal-list>
+			</attribute>
+		</tag>
+
+		<!-- List tags -->
+
+		<tag name="ul" action="validate"/>
+		<tag name="ol" action="validate"/>
+		<tag name="li" action="validate"/>
+		
+	</tag-rules>
+
+
+
+	<!--  No CSS on Slashdot posts -->
+
+	<css-rules>
+	</css-rules>
+
+</anti-samy-rules>
diff --git a/configuration/esapi/validation.properties b/configuration/esapi/validation.properties
index 18e037f3b..6a3363b03 100644
--- a/configuration/esapi/validation.properties
+++ b/configuration/esapi/validation.properties
@@ -1,29 +1,29 @@
-# The ESAPI validator does many security checks on input, such as canonicalization
-# and whitelist validation. Note that all of these validation rules are applied *after*
-# canonicalization. Double-encoded characters (even with different encodings involved,
-# are never allowed.
-#
-# To use:
-#
-# First set up a pattern below. You can choose any name you want, prefixed by the word
-# "Validation." For example:
-#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-# 
-# Then you can validate in your code against the pattern like this:
-#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
-# Where maxLength and allowNull are set for you needs, respectively.
-#
-# But note, when you use boolean variants of validation functions, you lose critical 
-# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and 
-# and use the returned user input which is in canonical form. Consider the following:
-#  
-# try {
-#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
-#
-Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
-Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
-Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
-Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
-
+# The ESAPI validator does many security checks on input, such as canonicalization
+# and whitelist validation. Note that all of these validation rules are applied *after*
+# canonicalization. Double-encoded characters (even with different encodings involved,
+# are never allowed.
+#
+# To use:
+#
+# First set up a pattern below. You can choose any name you want, prefixed by the word
+# "Validation." For example:
+#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+# 
+# Then you can validate in your code against the pattern like this:
+#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
+# Where maxLength and allowNull are set for you needs, respectively.
+#
+# But note, when you use boolean variants of validation functions, you lose critical 
+# canonicalization. It is preferable to use the "get" methods (which throw exceptions) 
+# and use the returned user input which is in canonical form. Consider the following:
+#  
+# try {
+#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
+#
+Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
+Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
+Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&;%\\$#_]*)?$
+Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
+Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
+
diff --git a/configuration/esapi/waf-policies/add-header-policy.xml b/configuration/esapi/waf-policies/add-header-policy.xml
index b2d8efc49..0a48ed2d0 100644
--- a/configuration/esapi/waf-policies/add-header-policy.xml
+++ b/configuration/esapi/waf-policies/add-header-policy.xml
@@ -1,29 +1,29 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-header rule.
-
-	Protection #1: Any response for a resource will contain a header "FOO" with
-	               a value "BAR".
-
-	Exception #1:  Any request for /marketing/* will not have any such header
-	               returned.
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-header name="FOO" value="BAR" path="/.*">
-			<path-exception type="regex">/marketing/.*</path-exception>
-		</add-header>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-header rule.
+
+	Protection #1: Any response for a resource will contain a header "FOO" with
+	               a value "BAR".
+
+	Exception #1:  Any request for /marketing/* will not have any such header
+	               returned.
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-header name="FOO" value="BAR" path="/.*">
+			<path-exception type="regex">/marketing/.*</path-exception>
+		</add-header>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/add-httponly-policy.xml b/configuration/esapi/waf-policies/add-httponly-policy.xml
index 1232f5997..4420e6ce0 100644
--- a/configuration/esapi/waf-policies/add-httponly-policy.xml
+++ b/configuration/esapi/waf-policies/add-httponly-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-http-flag rule.
-
-	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<add-http-only-flag>
-			<cookie name=".*"/>
-		</add-http-only-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-http-flag rule.
+
+	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<add-http-only-flag>
+			<cookie name=".*"/>
+		</add-http-only-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/add-secure-policy.xml b/configuration/esapi/waf-policies/add-secure-policy.xml
index 12298a45a..80067da42 100644
--- a/configuration/esapi/waf-policies/add-secure-policy.xml
+++ b/configuration/esapi/waf-policies/add-secure-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-secure-flag rule.
-
-	Protection #1: Any cookie set by the application will have the secure flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-secure-flag>
-			<cookie name=".*"/>
-		</add-secure-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-secure-flag rule.
+
+	Protection #1: Any cookie set by the application will have the secure flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-secure-flag>
+			<cookie name=".*"/>
+		</add-secure-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/authentication-policy.xml b/configuration/esapi/waf-policies/authentication-policy.xml
index 1c1a485be..5a77e6c0b 100644
--- a/configuration/esapi/waf-policies/authentication-policy.xml
+++ b/configuration/esapi/waf-policies/authentication-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an authentication rule.
-
-	Authentication applies to: /.*
-	Session variable whose existence implies authentication: sessionUserObjKey
-	Static exception:   <path-exception>/index.html</path-exception>
-	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>>
-
-	<!--
-		Set authentication rules by path.
-	-->
-	<authentication-rules path="/.*"  key="sessionUserObjKey" >
-		<path-exception>/index.html</path-exception>
-		<path-exception type="regex">/images/.*</path-exception>
-	</authentication-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an authentication rule.
+
+	Authentication applies to: /.*
+	Session variable whose existence implies authentication: sessionUserObjKey
+	Static exception:   <path-exception>/index.html</path-exception>
+	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>>
+
+	<!--
+		Set authentication rules by path.
+	-->
+	<authentication-rules path="/.*"  key="sessionUserObjKey" >
+		<path-exception>/index.html</path-exception>
+		<path-exception type="regex">/images/.*</path-exception>
+	</authentication-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/bean-shell-policy.xml b/configuration/esapi/waf-policies/bean-shell-policy.xml
index 2e3f7bb93..76711c82d 100644
--- a/configuration/esapi/waf-policies/bean-shell-policy.xml
+++ b/configuration/esapi/waf-policies/bean-shell-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies different custom bean shell rules.
-	
-	
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<!--
-		Import the rules.
-	-->
-	<bean-shell-rules>	
-		<bean-shell-script 
-			name="example1" 
-			file="src/test/resources/.esapi/waf-policies/bean-shell-rule.bsh" 
-			stage="before-request-body"/>
-	</bean-shell-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies different custom bean shell rules.
+	
+	
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<!--
+		Import the rules.
+	-->
+	<bean-shell-rules>	
+		<bean-shell-script 
+			name="example1" 
+			file="src/test/resources/.esapi/waf-policies/bean-shell-rule.bsh" 
+			stage="before-request-body"/>
+	</bean-shell-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/bean-shell-rule.bsh b/configuration/esapi/waf-policies/bean-shell-rule.bsh
index 2a1f423e7..08c8424c4 100644
--- a/configuration/esapi/waf-policies/bean-shell-rule.bsh
+++ b/configuration/esapi/waf-policies/bean-shell-rule.bsh
@@ -1,5 +1,5 @@
-import org.owasp.esapi.waf.actions.*;
-
-session.setAttribute("simple_waf_test", "true");
-
+import org.owasp.esapi.waf.actions.*;
+
+session.setAttribute("simple_waf_test", "true");
+
 action = new RedirectAction();
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/detect-outbound-policy.xml b/configuration/esapi/waf-policies/detect-outbound-policy.xml
index 8312be95d..ac756aefa 100644
--- a/configuration/esapi/waf-policies/detect-outbound-policy.xml
+++ b/configuration/esapi/waf-policies/detect-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a detect-content rule.
-
-	Protection #1: The rule should fire whenever the string "2008" appears in
-	               a response body.
-	Exception #1:  The rule should -not- fire when the content type is anything
-	               but text/*.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a detect-content rule.
+
+	Protection #1: The rule should fire whenever the string "2008" appears in
+	               a response body.
+	Exception #1:  The rule should -not- fire when the content type is anything
+	               but text/*.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/dynamic-insertion-policy.xml b/configuration/esapi/waf-policies/dynamic-insertion-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/configuration/esapi/waf-policies/dynamic-insertion-policy.xml
+++ b/configuration/esapi/waf-policies/dynamic-insertion-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/enforce-https-policy.xml b/configuration/esapi/waf-policies/enforce-https-policy.xml
index ab123b7e6..beb88513a 100644
--- a/configuration/esapi/waf-policies/enforce-https-policy.xml
+++ b/configuration/esapi/waf-policies/enforce-https-policy.xml
@@ -1,28 +1,28 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an enforce-https rule.
-
-	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
-	Exception #1: Static path /index.html
-	Exception #2: Pattern path /images/.*
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<enforce-https path="/.*">
-			<path-exception>/index.html</path-exception>
-			<path-exception type="regex">/images/.*</path-exception>
-		</enforce-https>
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an enforce-https rule.
+
+	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
+	Exception #1: Static path /index.html
+	Exception #2: Pattern path /images/.*
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<enforce-https path="/.*">
+			<path-exception>/index.html</path-exception>
+			<path-exception type="regex">/images/.*</path-exception>
+		</enforce-https>
+	</url-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/must-match-policy.xml b/configuration/esapi/waf-policies/must-match-policy.xml
index 721fa4cfa..af26fc4cd 100644
--- a/configuration/esapi/waf-policies/must-match-policy.xml
+++ b/configuration/esapi/waf-policies/must-match-policy.xml
@@ -1,35 +1,35 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a must-match rule.
-
-	Protection #1:
-	Protection applies to: /admin/.*
-	Header name needed to access: x-roles
-	Header value needs to *contain* the string: admin
-
-	Protection #2:
-	Protection applies to: /superadmin/.*
-	Header name needed to access: x-roles
-	Header value needs to *equal* the string: superadmin
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<must-match path="^/admin/.*" variable="request.header.x-roles"
-			operator="contains" value="admin" />
-		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
-			operator="equals" value="superadmin" />
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a must-match rule.
+
+	Protection #1:
+	Protection applies to: /admin/.*
+	Header name needed to access: x-roles
+	Header value needs to *contain* the string: admin
+
+	Protection #2:
+	Protection applies to: /superadmin/.*
+	Header name needed to access: x-roles
+	Header value needs to *equal* the string: superadmin
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<must-match path="^/admin/.*" variable="request.header.x-roles"
+			operator="contains" value="admin" />
+		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
+			operator="equals" value="superadmin" />
+	</authorization-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/replace-outbound-policy.xml b/configuration/esapi/waf-policies/replace-outbound-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/configuration/esapi/waf-policies/replace-outbound-policy.xml
+++ b/configuration/esapi/waf-policies/replace-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/restrict-content-type-policy.xml b/configuration/esapi/waf-policies/restrict-content-type-policy.xml
index a9b8a4a38..b766f19d3 100644
--- a/configuration/esapi/waf-policies/restrict-content-type-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-content-type-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-content-type rule.
-
-	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
-	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-content-type deny=".*multipart.*">
-			<path-exception type="regex">/fileupload.jsp</path-exception>
-		</restrict-content-type>
-
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-content-type rule.
+
+	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
+	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-content-type deny=".*multipart.*">
+			<path-exception type="regex">/fileupload.jsp</path-exception>
+		</restrict-content-type>
+
+	</header-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/restrict-extension-policy.xml b/configuration/esapi/waf-policies/restrict-extension-policy.xml
index fe1dbe193..a572bd4ea 100644
--- a/configuration/esapi/waf-policies/restrict-extension-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-extension-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny=".*\.log$" />
-		<restrict-extension allow=".*\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny=".*\.log$" />
+		<restrict-extension allow=".*\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/restrict-method-policy.xml b/configuration/esapi/waf-policies/restrict-method-policy.xml
index 5a2337cf7..c1eb5a36e 100644
--- a/configuration/esapi/waf-policies/restrict-method-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-method-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny="\.log$" />
-		<restrict-extension allow="\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny="\.log$" />
+		<restrict-extension allow="\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/restrict-source-ip-policy.xml b/configuration/esapi/waf-policies/restrict-source-ip-policy.xml
index d23d87a02..72860a7d3 100644
--- a/configuration/esapi/waf-policies/restrict-source-ip-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-source-ip-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-source-ip rule.
-
-	The restriction applies to: /admin/.*
-	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<restrict-source-ip
-			type="regex"
-			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
-
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-source-ip rule.
+
+	The restriction applies to: /admin/.*
+	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<restrict-source-ip
+			type="regex"
+			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
+
+	</authorization-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/restrict-user-agent-policy.xml b/configuration/esapi/waf-policies/restrict-user-agent-policy.xml
index 7cdebd595..c550a2c61 100644
--- a/configuration/esapi/waf-policies/restrict-user-agent-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-user-agent-policy.xml
@@ -1,26 +1,26 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-user-agent rule.
-
-	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
-	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-user-agent deny=".*GoogleBot.*">
-			<path-exception type="regex">/index.html</path-exception>
-		</restrict-user-agent>
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-user-agent rule.
+
+	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
+	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-user-agent deny=".*GoogleBot.*">
+			<path-exception type="regex">/index.html</path-exception>
+		</restrict-user-agent>
+	</header-rules>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policies/virtual-patch-policy.xml b/configuration/esapi/waf-policies/virtual-patch-policy.xml
index 61c93fa88..8b989dd6e 100644
--- a/configuration/esapi/waf-policies/virtual-patch-policy.xml
+++ b/configuration/esapi/waf-policies/virtual-patch-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a virtual-patch rule.
-
-	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
-	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
-				   fails validation, the message "zomg attax" will be logged.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<virtual-patches>
-		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
-			pattern="[0-9a-zA-Z]" message="zomg attax" />
-	</virtual-patches>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a virtual-patch rule.
+
+	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
+	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
+				   fails validation, the message "zomg attax" will be logged.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<virtual-patches>
+		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
+			pattern="[0-9a-zA-Z]" message="zomg attax" />
+	</virtual-patches>
+
 </policy>
\ No newline at end of file
diff --git a/configuration/esapi/waf-policy.xsd b/configuration/esapi/waf-policy.xsd
index 4287e792b..1ddc99039 100644
Binary files a/configuration/esapi/waf-policy.xsd and b/configuration/esapi/waf-policy.xsd differ
diff --git a/configuration/log4j.dtd b/configuration/log4j.dtd
deleted file mode 100644
index 1aabd96c3..000000000
--- a/configuration/log4j.dtd
+++ /dev/null
@@ -1,227 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements.  See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<!-- Authors: Chris Taylor, Ceki Gulcu. -->
-
-<!-- Version: 1.2 -->
-
-<!-- A configuration element consists of optional renderer
-elements,appender elements, categories and an optional root
-element. -->
-
-<!ELEMENT log4j:configuration (renderer*, appender*,plugin*, (category|logger)*,root?,
-                               (categoryFactory|loggerFactory)?)>
-
-<!-- The "threshold" attribute takes a level value below which -->
-<!-- all logging statements are disabled. -->
-
-<!-- Setting the "debug" enable the printing of internal log4j logging   -->
-<!-- statements.                                                         -->
-
-<!-- By default, debug attribute is "null", meaning that we not do touch -->
-<!-- internal log4j logging settings. The "null" value for the threshold -->
-<!-- attribute can be misleading. The threshold field of a repository	 -->
-<!-- cannot be set to null. The "null" value for the threshold attribute -->
-<!-- simply means don't touch the threshold field, the threshold field   --> 
-<!-- keeps its old value.                                                -->
-     
-<!ATTLIST log4j:configuration
-  xmlns:log4j              CDATA #FIXED "http://jakarta.apache.org/log4j/" 
-  threshold                (all|trace|debug|info|warn|error|fatal|off|null) "null"
-  debug                    (true|false|null)  "null"
-  reset                    (true|false) "false"
->
-
-<!-- renderer elements allow the user to customize the conversion of  -->
-<!-- message objects to String.                                       -->
-
-<!ELEMENT renderer EMPTY>
-<!ATTLIST renderer
-  renderedClass  CDATA #REQUIRED
-  renderingClass CDATA #REQUIRED
->
-
-<!-- Appenders must have a name and a class. -->
-<!-- Appenders may contain an error handler, a layout, optional parameters -->
-<!-- and filters. They may also reference (or include) other appenders. -->
-<!ELEMENT appender (errorHandler?, param*,
-      rollingPolicy?, triggeringPolicy?, connectionSource?,
-      layout?, filter*, appender-ref*)>
-<!ATTLIST appender
-  name 		CDATA 	#REQUIRED
-  class 	CDATA	#REQUIRED
->
-
-<!ELEMENT layout (param*)>
-<!ATTLIST layout
-  class		CDATA	#REQUIRED
->
-
-<!ELEMENT filter (param*)>
-<!ATTLIST filter
-  class		CDATA	#REQUIRED
->
-
-<!-- ErrorHandlers can be of any class. They can admit any number of -->
-<!-- parameters. -->
-
-<!ELEMENT errorHandler (param*, root-ref?, logger-ref*,  appender-ref?)> 
-<!ATTLIST errorHandler
-   class        CDATA   #REQUIRED 
->
-
-<!ELEMENT root-ref EMPTY>
-
-<!ELEMENT logger-ref EMPTY>
-<!ATTLIST logger-ref
-  ref CDATA #REQUIRED
->
-
-<!ELEMENT param EMPTY>
-<!ATTLIST param
-  name		CDATA   #REQUIRED
-  value		CDATA	#REQUIRED
->
-
-
-<!-- The priority class is org.apache.log4j.Level by default -->
-<!ELEMENT priority (param*)>
-<!ATTLIST priority
-  class   CDATA	#IMPLIED
-  value	  CDATA #REQUIRED
->
-
-<!-- The level class is org.apache.log4j.Level by default -->
-<!ELEMENT level (param*)>
-<!ATTLIST level
-  class   CDATA	#IMPLIED
-  value	  CDATA #REQUIRED
->
-
-
-<!-- If no level element is specified, then the configurator MUST not -->
-<!-- touch the level of the named category. -->
-<!ELEMENT category (param*,(priority|level)?,appender-ref*)>
-<!ATTLIST category
-  class         CDATA   #IMPLIED
-  name		CDATA	#REQUIRED
-  additivity	(true|false) "true"  
->
-
-<!-- If no level element is specified, then the configurator MUST not -->
-<!-- touch the level of the named logger. -->
-<!ELEMENT logger (level?,appender-ref*)>
-<!ATTLIST logger
-  name		CDATA	#REQUIRED
-  additivity	(true|false) "true"  
->
-
-
-<!ELEMENT categoryFactory (param*)>
-<!ATTLIST categoryFactory 
-   class        CDATA #REQUIRED>
-
-<!ELEMENT loggerFactory (param*)>
-<!ATTLIST loggerFactory
-   class        CDATA #REQUIRED>
-
-<!ELEMENT appender-ref EMPTY>
-<!ATTLIST appender-ref
-  ref CDATA #REQUIRED
->
-
-<!-- plugins must have a name and class and can have optional parameters -->
-<!ELEMENT plugin (param*, connectionSource?)>
-<!ATTLIST plugin
-  name 		CDATA 	   #REQUIRED
-  class 	CDATA  #REQUIRED
->
-
-<!ELEMENT connectionSource (dataSource?, param*)>
-<!ATTLIST connectionSource
-  class        CDATA  #REQUIRED
->
-
-<!ELEMENT dataSource (param*)>
-<!ATTLIST dataSource
-  class        CDATA  #REQUIRED
->
-
-<!ELEMENT triggeringPolicy ((param|filter)*)>
-<!ATTLIST triggeringPolicy
-  name 		CDATA  #IMPLIED
-  class 	CDATA  #REQUIRED
->
-
-<!ELEMENT rollingPolicy (param*)>
-<!ATTLIST rollingPolicy
-  name 		CDATA  #IMPLIED
-  class 	CDATA  #REQUIRED
->
-
-
-<!-- If no priority element is specified, then the configurator MUST not -->
-<!-- touch the priority of root. -->
-<!-- The root category always exists and cannot be subclassed. -->
-<!ELEMENT root (param*, (priority|level)?, appender-ref*)>
-
-
-<!-- ==================================================================== -->
-<!--                       A logging event                                -->
-<!-- ==================================================================== -->
-<!ELEMENT log4j:eventSet (log4j:event*)>
-<!ATTLIST log4j:eventSet
-  xmlns:log4j             CDATA #FIXED "http://jakarta.apache.org/log4j/" 
-  version                (1.1|1.2) "1.2" 
-  includesLocationInfo   (true|false) "true"
->
-
-
-
-<!ELEMENT log4j:event (log4j:message, log4j:NDC?, log4j:throwable?, 
-                       log4j:locationInfo?, log4j:properties?) >
-
-<!-- The timestamp format is application dependent. -->
-<!ATTLIST log4j:event
-    logger     CDATA #REQUIRED
-    level      CDATA #REQUIRED
-    thread     CDATA #REQUIRED
-    timestamp  CDATA #REQUIRED
-    time       CDATA #IMPLIED
->
-
-<!ELEMENT log4j:message (#PCDATA)>
-<!ELEMENT log4j:NDC (#PCDATA)>
-
-<!ELEMENT log4j:throwable (#PCDATA)>
-
-<!ELEMENT log4j:locationInfo EMPTY>
-<!ATTLIST log4j:locationInfo
-  class  CDATA	#REQUIRED
-  method CDATA	#REQUIRED
-  file   CDATA	#REQUIRED
-  line   CDATA	#REQUIRED
->
-
-<!ELEMENT log4j:properties (log4j:data*)>
-
-<!ELEMENT log4j:data EMPTY>
-<!ATTLIST log4j:data
-  name   CDATA	#REQUIRED
-  value  CDATA	#REQUIRED
->
diff --git a/configuration/log4j.xml b/configuration/log4j.xml
deleted file mode 100644
index 6f895d580..000000000
--- a/configuration/log4j.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-<!-- main resources -->
-<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
-  <appender name="console" class="org.apache.log4j.ConsoleAppender"> 
-    <param name="Target" value="System.out"/> 
-    <layout class="org.apache.log4j.PatternLayout"> 
-      <param name="ConversionPattern" value="%-5p %m%n"/> 
-    </layout> 
-  </appender> 
-
-  <logger name="org.owasp.esapi.reference.TestTrace">
-    <level value="trace"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestDebug">
-    <level value="debug"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestInfo">
-    <level value="info"/>
- </logger>
-
-  <logger name="org.owasp.esapi.reference.TestWarning">
-    <level value="warn"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestError">
-    <level value="error"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestFatal">
-    <level value="fatal"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference">
-    <level value="info"/>
-  </logger>
-
-  <root> 
-    <priority value ="debug" /> 
-    <appender-ref ref="console" /> 
-  </root>
-
-  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
-  
-</log4j:configuration>
diff --git a/configuration/properties/ESAPI_en_US.properties b/configuration/properties/ESAPI_en_US.properties
index 9b43d1a23..04f043b21 100644
--- a/configuration/properties/ESAPI_en_US.properties
+++ b/configuration/properties/ESAPI_en_US.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Error creating randomizer
-
-This.is.test.message=This {0} is {1} a test {2} message
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Error creating randomizer
+
+This.is.test.message=This {0} is {1} a test {2} message
+
+# Validation Messages
+
+# Log Messages
+
diff --git a/configuration/properties/ESAPI_fr_FR.properties b/configuration/properties/ESAPI_fr_FR.properties
index 89ebcba7d..3e5a7a8f5 100644
--- a/configuration/properties/ESAPI_fr_FR.properties
+++ b/configuration/properties/ESAPI_fr_FR.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Erreur lors de la création aléatoire
-
-This.is.test.message=Ceci est un message de test message singh
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Erreur lors de la création aléatoire
+
+This.is.test.message=Ceci est un message de test message singh
+
+# Validation Messages
+
+# Log Messages
+
diff --git a/documentation/ESAPI-configuration-user-guide.md b/documentation/ESAPI-configuration-user-guide.md
new file mode 100644
index 000000000..420a4fb27
--- /dev/null
+++ b/documentation/ESAPI-configuration-user-guide.md
@@ -0,0 +1,138 @@
+# ESAPI security configuration API enhancements - user guide
+
+## Motivation
+High number of open Google Issues against security configuration component
+highlighted problem with ESAPI configuration. Moreover, the rules for how and
+where the ESAPI.properties file is found are overly complicated making questions
+about it one of the most frequently asked questions.
+
+The ESAPI interface for its configuration (SecurityConfiguration) is overly
+complicated; it has a 'getter' method specific to almost every ESAPI
+configuration property. This complication leads to a unduly intricate,
+non-modular reference implementation (DefaultSecurityConfiguration) that makes
+it difficult to extend in terms of new functionality; e.g., when desiring to
+introduce a new ESAPI property name in ESAPI.properties.
+
+A new, simpler security configuration interface and implementation is needed.
+Such an implementation would not only be useful for ESAPI 2.x, but could very
+well be used to build the configurator needed by ESAPI 3.
+
+This document describes following changes to ESAPI security API:
+
+1. API simplification
+2. XML configuration support.
+3. Multiple configuration files support.
+
+## API simplification
+
+New interface is introduced: EsapiPropertyLoader, which contains four general
+methods for extraction of configuration properties:
+
+```
+public int getIntProp(String propertyName) throws ConfigurationException;
+public byte[] getByteArrayProp(String propertyName) throws ConfigurationException;
+public Boolean getBooleanProp(String propertyName) throws ConfigurationException;
+public String getStringProp(String propertyName) throws ConfigurationException;
+```
+
+SecurityConfiguration interface is extended with this new contract. Old methods
+have been deprecated as a result, in favor of these new methods. (TBD how long
+until these deprecated methods are removed, but it will be a minumum of 2 years
+or 1 major release [e.g., 3.x], whichever comes first. Also, we may not
+necessarily remove all of them at once, depending on community feedback.)
+
+DefaultSecurityConfiguration implements the new contract. New contract methods implementations work as described in
+'Multiple configuration files support' paragraph.
+
+## Multiple configuration files support
+
+EsapiPropertyManager is the new implementation for getting properties, which uses prioritized property loaders (each one associated with a specific configuration file). This allows to have multiple configuration files existing with priority connected to each one. At this moment, there
+are two configuration files possible to use, the path to them is set through following Java
+system properties:
+
+* org.owasp.esapi.opsteam = <full_path_to_file> (higher priority config)
+* org.owasp.esapi.devteam = <full_path_to_file> (lower priority config)
+
+The first is intended for deployment by an operations team responsible for
+enforcing security for configuration management enterprise-wide. The intent here
+is to allow this operations team to enforce global / company-wide policies such
+as the minimum encryption key size or permitted cryptographic algorithms.
+
+The second is intended for deployment by development teams and is more likely to
+be useful and be tailored for each individual project based on project needs.
+
+If an ESAPI property is set via the configuration file identified by
+org.owasp.esapi.opsteam then that property takes precedence over any property
+set by the configuration file identified by org.owasp.esapi.devteam system
+property. (A warning message will be logged if a property defined in the higher
+priority configuration file is also defined in the configuration file of lower
+priority.)
+
+The DefaultSecurityConfiguration class now uses this mechanism through the new
+API for retrieving  properties.
+
+It is not mandatory to have both files configured or even any of them for
+DefaultSecurityConfiguration to work property. It can still use the single
+ESAPI.properties to search for a property. In case of any of the configurations
+or both of the existing,  ESAPI.properties has LOWEST priority, so it will be
+searched as last.
+
+### Example properties extraction through DefaultSecurityConfiguration
+
+```java
+ESAPI.securityConfiguration().getBooleanProp("propertyXXX");
+```
+
+where "propertyXXX" is some property name relevant to ESAPI (and
+in this case, one that would hold a boolean value). See ESAPI.properties
+for a list of current property names known to ESAPI.
+
+In above example, following happens:
+
+1. org.owasp.esapi.opsteam configuration is used to get propertyXXX and return it as boolean.
+2. If (1) fails to find property, org.owasp.esapi.devteam is used to get propertyXXX and return it as boolean.
+3. If (2) fails to find property, ESAPI.properties is used to get propertyXXX and return it as boolean.
+4. If (3) fails to find property, unchecked ConfigurationException will be thrown.
+
+A ConfigurationException will be also thrown if propertyXXX was found in one
+of the configurations, but it is impossible to convert it to boolean value.
+
+## XML configuration support
+
+XML configuration storage is supported. Both org.owasp.esapi.opsteam and
+org.owasp.esapi.devteam can be XML files, but they must comply to the
+following XSD schema:
+
+```xml
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="properties">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="property" maxOccurs="unbounded" minOccurs="0">
+                    <xs:complexType>
+                        <xs:simpleContent>
+                            <xs:extension base="xs:string">
+                                <xs:attribute type="xs:string" name="name" use="optional"/>
+                            </xs:extension>
+                        </xs:simpleContent>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+### XML configuration example:
+```
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property" type="string">test_string_property</property>
+    <property name="int_property" type="int">5</property>
+    <property name="invalid_int_property" type="int">invalid int</property>
+    <property name="boolean_property" type="boolean">true</property>
+    <property name="boolean_yes_property" type="boolean">yes</property>
+    <property name="boolean_no_property" type="boolean">no</property>
+    <property name="invalid_boolean_property" type="boolean">invalid boolean</property>
+</properties>
+```
diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
new file mode 100644
index 000000000..455863aba
Binary files /dev/null and b/documentation/ESAPI-release-steps.odt differ
diff --git a/documentation/ESAPI-release-steps.pdf b/documentation/ESAPI-release-steps.pdf
new file mode 100644
index 000000000..96db0481d
Binary files /dev/null and b/documentation/ESAPI-release-steps.pdf differ
diff --git a/documentation/ESAPI-security-bulletin1.docx b/documentation/ESAPI-security-bulletin1.docx
index 65d941b93..55cc3ba39 100644
Binary files a/documentation/ESAPI-security-bulletin1.docx and b/documentation/ESAPI-security-bulletin1.docx differ
diff --git a/documentation/ESAPI-security-bulletin1.pdf b/documentation/ESAPI-security-bulletin1.pdf
index 38abe2514..ba2f68a83 100644
Binary files a/documentation/ESAPI-security-bulletin1.pdf and b/documentation/ESAPI-security-bulletin1.pdf differ
diff --git a/documentation/ESAPI-security-bulletin10.odt b/documentation/ESAPI-security-bulletin10.odt
new file mode 100644
index 000000000..87db70d4d
Binary files /dev/null and b/documentation/ESAPI-security-bulletin10.odt differ
diff --git a/documentation/ESAPI-security-bulletin10.pdf b/documentation/ESAPI-security-bulletin10.pdf
new file mode 100644
index 000000000..90b84b442
Binary files /dev/null and b/documentation/ESAPI-security-bulletin10.pdf differ
diff --git a/documentation/ESAPI-security-bulletin11.odt b/documentation/ESAPI-security-bulletin11.odt
new file mode 100644
index 000000000..b1386c80d
Binary files /dev/null and b/documentation/ESAPI-security-bulletin11.odt differ
diff --git a/documentation/ESAPI-security-bulletin11.pdf b/documentation/ESAPI-security-bulletin11.pdf
new file mode 100644
index 000000000..b553f69b9
Binary files /dev/null and b/documentation/ESAPI-security-bulletin11.pdf differ
diff --git a/documentation/ESAPI-security-bulletin12.odt b/documentation/ESAPI-security-bulletin12.odt
new file mode 100644
index 000000000..d1abf5d82
Binary files /dev/null and b/documentation/ESAPI-security-bulletin12.odt differ
diff --git a/documentation/ESAPI-security-bulletin12.pdf b/documentation/ESAPI-security-bulletin12.pdf
new file mode 100644
index 000000000..126f06751
Binary files /dev/null and b/documentation/ESAPI-security-bulletin12.pdf differ
diff --git a/documentation/ESAPI-security-bulletin13.odt b/documentation/ESAPI-security-bulletin13.odt
new file mode 100644
index 000000000..ee9cb8ef8
Binary files /dev/null and b/documentation/ESAPI-security-bulletin13.odt differ
diff --git a/documentation/ESAPI-security-bulletin13.pdf b/documentation/ESAPI-security-bulletin13.pdf
new file mode 100644
index 000000000..8d272b042
Binary files /dev/null and b/documentation/ESAPI-security-bulletin13.pdf differ
diff --git a/documentation/ESAPI-security-bulletin2.odt b/documentation/ESAPI-security-bulletin2.odt
new file mode 100644
index 000000000..793f0ffbf
Binary files /dev/null and b/documentation/ESAPI-security-bulletin2.odt differ
diff --git a/documentation/ESAPI-security-bulletin2.pdf b/documentation/ESAPI-security-bulletin2.pdf
new file mode 100644
index 000000000..6925ad568
Binary files /dev/null and b/documentation/ESAPI-security-bulletin2.pdf differ
diff --git a/documentation/ESAPI-security-bulletin3.odt b/documentation/ESAPI-security-bulletin3.odt
new file mode 100644
index 000000000..8026a3936
Binary files /dev/null and b/documentation/ESAPI-security-bulletin3.odt differ
diff --git a/documentation/ESAPI-security-bulletin3.pdf b/documentation/ESAPI-security-bulletin3.pdf
new file mode 100644
index 000000000..98af7cfd3
Binary files /dev/null and b/documentation/ESAPI-security-bulletin3.pdf differ
diff --git a/documentation/ESAPI-security-bulletin4.odt b/documentation/ESAPI-security-bulletin4.odt
new file mode 100644
index 000000000..59c930f27
Binary files /dev/null and b/documentation/ESAPI-security-bulletin4.odt differ
diff --git a/documentation/ESAPI-security-bulletin4.pdf b/documentation/ESAPI-security-bulletin4.pdf
new file mode 100644
index 000000000..7a125584d
Binary files /dev/null and b/documentation/ESAPI-security-bulletin4.pdf differ
diff --git a/documentation/ESAPI-security-bulletin5.odt b/documentation/ESAPI-security-bulletin5.odt
new file mode 100644
index 000000000..9edbd72d1
Binary files /dev/null and b/documentation/ESAPI-security-bulletin5.odt differ
diff --git a/documentation/ESAPI-security-bulletin5.pdf b/documentation/ESAPI-security-bulletin5.pdf
new file mode 100644
index 000000000..b3a215f05
Binary files /dev/null and b/documentation/ESAPI-security-bulletin5.pdf differ
diff --git a/documentation/ESAPI-security-bulletin6.odt b/documentation/ESAPI-security-bulletin6.odt
new file mode 100644
index 000000000..88d0c98a5
Binary files /dev/null and b/documentation/ESAPI-security-bulletin6.odt differ
diff --git a/documentation/ESAPI-security-bulletin6.pdf b/documentation/ESAPI-security-bulletin6.pdf
new file mode 100644
index 000000000..970d79d96
Binary files /dev/null and b/documentation/ESAPI-security-bulletin6.pdf differ
diff --git a/documentation/ESAPI-security-bulletin7.odt b/documentation/ESAPI-security-bulletin7.odt
new file mode 100644
index 000000000..6688b3b87
Binary files /dev/null and b/documentation/ESAPI-security-bulletin7.odt differ
diff --git a/documentation/ESAPI-security-bulletin7.pdf b/documentation/ESAPI-security-bulletin7.pdf
new file mode 100644
index 000000000..38d60ebda
Binary files /dev/null and b/documentation/ESAPI-security-bulletin7.pdf differ
diff --git a/documentation/ESAPI-security-bulletin8.odt b/documentation/ESAPI-security-bulletin8.odt
new file mode 100644
index 000000000..2b73a5e2b
Binary files /dev/null and b/documentation/ESAPI-security-bulletin8.odt differ
diff --git a/documentation/ESAPI-security-bulletin8.pdf b/documentation/ESAPI-security-bulletin8.pdf
new file mode 100644
index 000000000..646050e51
Binary files /dev/null and b/documentation/ESAPI-security-bulletin8.pdf differ
diff --git a/documentation/ESAPI-security-bulletin9.odt b/documentation/ESAPI-security-bulletin9.odt
new file mode 100644
index 000000000..68b1ba79a
Binary files /dev/null and b/documentation/ESAPI-security-bulletin9.odt differ
diff --git a/documentation/ESAPI-security-bulletin9.pdf b/documentation/ESAPI-security-bulletin9.pdf
new file mode 100644
index 000000000..ed46ea87a
Binary files /dev/null and b/documentation/ESAPI-security-bulletin9.pdf differ
diff --git a/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md b/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md
new file mode 100644
index 000000000..bc4956ab0
--- /dev/null
+++ b/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md
@@ -0,0 +1,108 @@
+# GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2022-008`
+
+The [GitHub Security Lab](https://securitylab.github.com) team has identified a potential security vulnerability in [The OWASP Enterprise Security API](https://github.com/ESAPI/esapi-java-legacy).
+
+We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively coordinate a resolution of this issue with the GHSL team.
+
+If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `securitylab@github.com` (please include `GHSL-2022-008` as a reference).
+
+If you are _NOT_ the correct point of contact for this report, please let us know!
+
+## Summary
+
+`getValidDirectoryPath` incorrectly treats sibling of a root directory as a child.
+
+## Product
+
+The OWASP Enterprise Security API
+
+## Tested Version
+
+v2.2.3.1 (The latest version of ["Legacy" 2.x branch](https://github.com/ESAPI/esapi-java-legacy#what-does-legacy-mean) as [ESAPI 3.x](https://github.com/ESAPI/esapi-java) is in early development and has no releases yet.)
+
+## Details
+
+### Issue: `getValidDirectoryPath` bypass (`GHSL-2022-008`)
+
+`parent` [1] - the third parameter in [`getValidDirectoryPath`](https://github.com/ESAPI/esapi-java-legacy/blob/07dd60a8cc9edf0c872d68ae8ae84c70f008d3d8/src/main/java/org/owasp/esapi/reference/DefaultValidator.java#L447-L483) is used to validate that the `input` [2] path is "inside specified parent" directory [3].
+
+```java
+public String getValidDirectoryPath(String context, String input /* [2] */, File parent /* [1] */, boolean allowNull) throws ValidationException, IntrusionException {
+    try {
+	if (isEmpty(input)) {
+		if (allowNull) return null;
+       	throw new ValidationException( context + ": Input directory path required", "Input directory path required: context=" + context + ", input=" + input, context );
+	}
+
+	File dir = new File( input );
+
+	// check dir exists and parent exists and dir is inside parent
+	if ( !dir.exists() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, does not exist: context=" + context + ", input=" + input );
+	}
+	if ( !dir.isDirectory() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not a directory: context=" + context + ", input=" + input );
+	}
+	if ( !parent.exists() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent does not exist: context=" + context + ", input=" + input + ", parent=" + parent );
+	}
+	if ( !parent.isDirectory() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
+	}
+	if ( !dir.getCanonicalPath().startsWith(parent.getCanonicalPath() ) ) { // <---------- [3]
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
+	}
+
+	// check canonical form matches input
+	String canonicalPath = dir.getCanonicalPath();
+	String canonical = fileValidator.getValidInput( context, canonicalPath, "DirectoryName", 255, false);
+	if ( !canonical.equals( input ) ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
+	}
+	return canonical;
+    } catch (Exception e) {
+	throw new ValidationException( context + ": Invalid directory name", "Failure to validate directory path: context=" + context + ", input=" + input, e, context );
+    }
+}
+```
+
+If the result of `parent.getCanonicalPath()` is not slash terminated it allows for partial path traversal.
+
+Consider `"/usr/outnot".startsWith("/usr/out")`. The check is bypassed although `outnot` is not under the `out` directory.
+The terminating slash may be removed in various places. On Linux `println(new File("/var/"))` returns `/var`, but `println(new File("/var", "/"))` - `/var/`, however `println(new File("/var", "/").getCanonicalPath())` - `/var`.
+
+PoC (based on a unittest):
+```java
+Validator instance = ESAPI.validator();
+ValidationErrorList errors = new ValidationErrorList();
+assertTrue(instance.isValidDirectoryPath("poc", "/tmp/test2", new File("/tmp/test/"), false, errors));
+assertEquals(0, errors.size());
+```
+
+#### Impact
+
+This issue allows to break out of expected directory.
+
+#### Remediation
+
+Consider using `getCanonicalFile().toPath().startsWith` to compare `Path`:
+
+```java
+if ( !dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath() ) )
+```
+
+## GitHub Security Advisories
+
+We recommend you create a private [GitHub Security Advisory](https://help.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory) for this finding. This also allows you to invite the GHSL team to collaborate and further discuss this finding in private before it is [published](https://help.github.com/en/github/managing-security-vulnerabilities/publishing-a-security-advisory).
+
+## Credit
+
+This issue was discovered and reported by GHSL team member [@JarLob (Jaroslav Loba�evski)](https://github.com/JarLob).
+
+## Contact
+
+You can contact the GHSL team at `securitylab@github.com`, please include a reference to `GHSL-2022-008` in any communication regarding this issue.
+
+## Disclosure Policy
+
+This report is subject to our [coordinated disclosure policy](https://securitylab.github.com/advisories#policy).
diff --git a/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf b/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf
new file mode 100644
index 000000000..c77efef05
Binary files /dev/null and b/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf differ
diff --git a/documentation/LoggerDesignAndTesting.md b/documentation/LoggerDesignAndTesting.md
new file mode 100644
index 000000000..d3542a48a
--- /dev/null
+++ b/documentation/LoggerDesignAndTesting.md
@@ -0,0 +1,27 @@
+(Gleaned from an email from Jeremiah J. Stacey to Kevin W. Wall on 2021-03-21.  Some minor alterations were made for contextual understanding by Kevin Wall because the original email thread was not included.)
+
+The testing (for SLF4J logging at least) is tested with Mockito and Powermock.  For the SLF4J logging, the tests are in Slf4JLoggerTest.  It uses mocks to assert that the slf4j logging implementation gets the data we expect in the calls we support.
+
+I was very deliberate in the breakout of the classes to isolate specific functionality to enable this type of testing.  At a high level, there are four classes that make up the logging structure.
+I tried to encapsulate a subset of functionality into each one:
+
+**LogFactory** - Constructs Loggers to be used by clients.  Responsible for building the LogBridge and the LevelHandler.
+
+**Logger** - The ESAPI interface implementation which uses the LogBridge and a delegate Logger to forward events to the underlying log implementation.
+
+**LogBridge** - Logical handler for determining the delegate handler for a known ESAPI log event, and forwarding the Log event to that handler.  Also responsible for prefixing the client/server info content and applying the newline replacement behavior.
+
+**LogLevelHander** - This is actually where the log event gets sent to SLF4J!  The Handler enumeration is assembled as part of a map in the static block of the LogFactory, and is used by the LogBridge to route a log event at a defined ESAPI log level to the correct API of the delegate Logger.
+
+
+The general workflow is:
+
+    LogFactory static block creates the LogPrefixAppender, LogScrubber, and LogBridge.
+
+    LogFactory.getLogger(...)  Creates Logger with the delegate slf4j logger implementation and the LogBridge.
+
+    Logger.info/warn/etc(message) -> forwards to LogBridgelog(logger, esapiLevel, type, message) -> forwards to LogHandler.log(...) -> forwards to slf4j Logger implementation with appropriate level and composed message.
+
+So each of the tests for each of the classes verifies data in -> data out based on the Logging API.  The structure for JUL and SLF4J are almost identical.  There are a few differences in the interaction with the underlying Logger interactions and expectations.  As a result, the tests are also almost full duplications (again accounting for differences in the underlying logging API).
+
+-J
diff --git a/documentation/esapi4java-2.0-readme.txt b/documentation/esapi4java-2.0-readme.txt
index de7c40dda..7fd25e068 100644
--- a/documentation/esapi4java-2.0-readme.txt
+++ b/documentation/esapi4java-2.0-readme.txt
@@ -1,60 +1,61 @@
-
-                            Welcome to ESAPI for Java!
-
-(This file best viewed full screen.)
-
-Here are the most significant directories and files included the zip file for this release:
-
-File / Directory                                                        Description
-=========================================================================================
-<root>/	
-|
-+---configuration/                                                      Directory of ESAPI configuration files
-|     |
-|     |---.esapi/
-|     |     |---waf-policies/                                           Directory containing Web Application Firewall policies
-|     |     |---ESAPI.properties                                        The main ESAPI configuration file
-|     |     `---validation.properties                                   Regular expressions used by the ESAPI validator
-|     |
-|     `---properties/                                                   Examples of how to internationalize error messages???
-|           |---ESAPI_en_US.properties                                      in US/English
-|           |---ESAPI_fr_FR.properties                                      in French
-|           `---ESAPI_zhs_CN.properties                                     in Chinese
-|
-|---documentation/                                                      ESAPI documentation
-|     |
-|     |---esapi4java-2.0-readme.txt                                     The file you are now reading
-|     |---esapi4java-core-2.0-release-notes.pdf                         ESAPI 2.0 release notes (draft)
-|     |---esapi4java-core-2.0-install-guide.doc                         ESAPI 2.0 installation guide (draft)
-|     |---esapi4java-2.0rc6-override-log4jloggingfactory.txt            How to use log4j to override User logging
-|     |---esapi4java-core-2.0-ciphertext-serialization.pdf              Describes serialization layout of ESAPI 2.0 ciphertext representation
-|     |---esapi4java-core-2.0-crypto-design-goals.doc (draft)           Describes ESAPI 2.0 crypto design goals & design decisions
-|     |---esapi4java-core-2.0-readme-crypto-changes.html                Describes why crypto was changed from what was in ESAPI 1.4
-|     |---esapi4java-core-2.0-symmetric-crypto-user-guide.html          User guide for using symmetric encryption in ESAPI 2.0
-|     |---esapi4java-core-2.1-release-notes.txt                         ESAPI 2.1 release notes
-|     `---esapi4java-waf-2.0-policy-file-spec.pdf                       Describes how to configure ESAPI 2.0's Web Application Firewall
-|
-|---libs/                                                               ESAPI dependencies
-|
-|---site/
-|     |---apidocs                                                       ESAPI Javadoc
-|     |---cobertura
-|     `---testapidocs                                                   ESAPI Javadoc for its JUnit test cases
-|
-|---src/                                                                ESAPI source code
-|
-|---esapi-<vers>.jar                                                    The ESAPI jar for version <vers> (e.g., <vers> == 2.0_rc10)
-|
-|---LICENSE.txt                                                         ESAPI license for source code and documentation
-|
-`---pom.xml                                                             Maven's pom.xml for building ESAPI from source via mvn.
-
-===========================================================
-
-Where to go from here -- please see the installation guide and the release
-notes.
-
-Please address comments and questions concerning the API and this document to
-the ESAPI Users mailing list, <esapi-user@lists.owasp.org>.
-
-Copyright (C) 2009-2010 The OWASP Foundation.
+
+                            Welcome to ESAPI for Java!
+
+(This file best viewed full screen.)
+
+Here are the most significant directories and files included the zip file for this release:
+
+File / Directory                                                        Description
+=========================================================================================
+<root>/
+|
++---configuration/                                                      Directory of ESAPI configuration files
+|     |
+|     |---esapi/
+|     |     |---waf-policies/                                           Directory containing Web Application Firewall policies
+|     |     |---ESAPI.properties                                        The main ESAPI configuration file
+|     |     `---validation.properties                                   Regular expressions used by the ESAPI validator
+|     |
+|     `---properties/                                                   Examples of how to internationalize error messages???
+|           |---ESAPI_en_US.properties                                      in US/English
+|           |---ESAPI_fr_FR.properties                                      in French
+|           `---ESAPI_zhs_CN.properties                                     in Chinese
+|
+|---documentation/                                                      ESAPI documentation
+|     |
+|     |---esapi4java-2.0-readme.txt                                     The file you are now reading
+|     |---esapi4java-core-2.0-release-notes.pdf                         ESAPI 2.0 release notes (draft)
+|     |---esapi4java-core-2.0-install-guide.doc                         ESAPI 2.0 installation guide (draft)
+|     |---esapi4java-2.0rc6-override-log4jloggingfactory.txt            How to use log4j to override User logging
+|     |---esapi4java-core-2.0-ciphertext-serialization.pdf              Describes serialization layout of ESAPI 2.0 ciphertext representation
+|     |---esapi4java-core-2.0-crypto-design-goals.doc (draft)           Describes ESAPI 2.0 crypto design goals & design decisions
+|     |---esapi4java-core-2.0-readme-crypto-changes.html                Describes why crypto was changed from what was in ESAPI 1.4
+|     |---esapi4java-core-2.0-symmetric-crypto-user-guide.html          User guide for using symmetric encryption in ESAPI 2.0
+|     |---esapi4java-core-2.1-release-notes.txt                         ESAPI 2.1 release notes
+|     |---esapi4java-core-2.2.0.0-release-notes.txt                     ESAPI 2.2.0.0 release notes
+|     `---esapi4java-waf-2.0-policy-file-spec.pdf                       Describes how to configure ESAPI 2.0's Web Application Firewall
+|
+|---libs/                                                               ESAPI dependencies
+|
+|---site/
+|     |---apidocs                                                       ESAPI Javadoc
+|     |---cobertura
+|     `---testapidocs                                                   ESAPI Javadoc for its JUnit test cases
+|
+|---src/                                                                ESAPI source code
+|
+|---esapi-<vers>.jar                                                    The ESAPI jar for version <vers> (e.g., <vers> == 2.0_rc10)
+|
+|---LICENSE.txt                                                         ESAPI license for source code and documentation
+|
+`---pom.xml                                                             Maven's pom.xml for building ESAPI from source via mvn.
+
+===========================================================
+
+Where to go from here -- please see the installation guide and the release
+notes.
+
+Please address comments and questions concerning the API and this document to
+the ESAPI Users mailing list, <esapi-user@lists.owasp.org>.
+
+Copyright (C) 2009-2019 The OWASP Foundation.
diff --git a/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt b/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt
index 891f76935..35290f5e6 100644
--- a/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt
+++ b/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt
@@ -1,71 +1,71 @@
-This release includes critical changes to the ESAPI Log4JLogger that will now allow you to over-ride the user specific 
-message using your own User or java.security.Principal implementation.
-
-There are a three critical steps that need to be taken to over-ride the ESAPI Log4JLogger:
-
-1)  Please make a copy of http://owasp-esapi-java.googlecode.com/svn/trunk/src/main/java/org/owasp/esapi/reference/ExampleExtendedLog4JLogFactory.java and change the package and the class name (something like com.yourcompany.logging.ExtendedLog4JFactory). This class (not very big at all) gives you the exact “shell� that you will need to over-ride the user message of the ESAPI Log4JLogger.
-
-2)  In your new class, please change the following function to use your user object:
-
-        public String getUserInfo() {
-            return "-EXTENDEDUSERINFO-";
-    }
-
-3)  Change your copy of ESAPI.properties to use your new logging class
-
-The ESAPI.properties entry looks like this now:
-
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-
-Please change it to the following, based on how you renamed your new logging class
-
-ESAPI.Logger=com.yourcompany.logging.ExtendedLog4JFactory
-
-And you should be all set!
-
-PS: The original ESAPI Log4JLogging class used a secure random number as a replacement to logging the session ID. This allowed 
-us to tie log messages from the same session together, without exposing the actual session id in the log file. The code looks 
-like this, and you may wish to use it in your over-ridden version of getUserInfo.
-
-HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-if ( request != null ) {
-    HttpSession session = request.getSession( false );
-    if ( session != null ) {
-        sid = (String)session.getAttribute("ESAPI_SESSION");
-        // if there is no session ID for the user yet, we create one and store it in the user's session
-        if ( sid == null ) {
-            sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
-            session.setAttribute("ESAPI_SESSION", sid);
-        }
-    }
-}
-
-In fact, here is the entire original getUserInfo() implementation (that was tied to the ESAPI request and user object) – 
-you may wish to emulate some of this.
-
-public String getUserInfo() {
-    // create a random session number for the user to represent the user's 'session', if it doesn't exist already
-    String sid = null;
-    HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-    if ( request != null ) {
-        HttpSession session = request.getSession( false );
-        if ( session != null ) {
-            sid = (String)session.getAttribute("ESAPI_SESSION");
-            // if there is no session ID for the user yet, we create one and store it in the user's session
-            if ( sid == null ) {
-                sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
-                session.setAttribute("ESAPI_SESSION", sid);
-            }
-        }
-    }
-    
-    // log user information - username:session@ipaddr
-    User user = ESAPI.authenticator().getCurrentUser();            
-    String userInfo = "";
-    //TODO - make type logging configurable
-    if ( user != null) {
-        userInfo += user.getAccountName()+ ":" + sid + "@"+ user.getLastHostAddress();
-    }
-    
-    return userInfo;
-}
+This release includes critical changes to the ESAPI Log4JLogger that will now allow you to over-ride the user specific
+message using your own User or java.security.Principal implementation.
+
+There are a three critical steps that need to be taken to over-ride the ESAPI Log4JLogger:
+
+1)  Please make a copy of http://owasp-esapi-java.googlecode.com/svn/trunk/src/main/java/org/owasp/esapi/reference/ExampleExtendedLog4JLogFactory.java and change the package and the class name (something like com.yourcompany.logging.ExtendedLog4JFactory). This class (not very big at all) gives you the exact “shell� that you will need to over-ride the user message of the ESAPI Log4JLogger.
+
+2)  In your new class, please change the following function to use your user object:
+
+        public String getUserInfo() {
+            return "-EXTENDEDUSERINFO-";
+    }
+
+3)  Change your copy of ESAPI.properties to use your new logging class
+
+The ESAPI.properties entry looks like this now:
+
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+
+Please change it to the following, based on how you renamed your new logging class
+
+ESAPI.Logger=com.yourcompany.logging.ExtendedLog4JFactory
+
+And you should be all set!
+
+PS: The original ESAPI Log4JLogging class used a secure random number as a replacement to logging the session ID. This allowed
+us to tie log messages from the same session together, without exposing the actual session id in the log file. The code looks
+like this, and you may wish to use it in your over-ridden version of getUserInfo.
+
+HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+if ( request != null ) {
+    HttpSession session = request.getSession( false );
+    if ( session != null ) {
+        sid = (String)session.getAttribute("ESAPI_SESSION");
+        // if there is no session ID for the user yet, we create one and store it in the user's session
+        if ( sid == null ) {
+            sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
+            session.setAttribute("ESAPI_SESSION", sid);
+        }
+    }
+}
+
+In fact, here is the entire original getUserInfo() implementation (that was tied to the ESAPI request and user object) –
+you may wish to emulate some of this.
+
+public String getUserInfo() {
+    // create a random session number for the user to represent the user's 'session', if it doesn't exist already
+    String sid = null;
+    HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+    if ( request != null ) {
+        HttpSession session = request.getSession( false );
+        if ( session != null ) {
+            sid = (String)session.getAttribute("ESAPI_SESSION");
+            // if there is no session ID for the user yet, we create one and store it in the user's session
+            if ( sid == null ) {
+                sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
+                session.setAttribute("ESAPI_SESSION", sid);
+            }
+        }
+    }
+
+    // log user information - username:session@ipaddr
+    User user = ESAPI.authenticator().getCurrentUser();
+    String userInfo = "";
+    //TODO - make type logging configurable
+    if ( user != null) {
+        userInfo += user.getAccountName()+ ":" + sid + "@"+ user.getLastHostAddress();
+    }
+
+    return userInfo;
+}
diff --git a/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf b/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf
index 9d1dc3399..37d68a467 100644
Binary files a/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf and b/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf differ
diff --git a/documentation/esapi4java-core-2.0-ciphertext-serialization.xls b/documentation/esapi4java-core-2.0-ciphertext-serialization.xls
index 7f3106ea0..86b7de7a0 100644
Binary files a/documentation/esapi4java-core-2.0-ciphertext-serialization.xls and b/documentation/esapi4java-core-2.0-ciphertext-serialization.xls differ
diff --git a/documentation/esapi4java-core-2.0-readme-crypto-changes.html b/documentation/esapi4java-core-2.0-readme-crypto-changes.html
index 8687f5ca6..db403b9c9 100644
--- a/documentation/esapi4java-core-2.0-readme-crypto-changes.html
+++ b/documentation/esapi4java-core-2.0-readme-crypto-changes.html
@@ -63,7 +63,7 @@ <H3>Symmetric Encryption in ESAPI 2.0rc1 and 2.0rc2</H3>
 always encrypt to the same ciphertext block, thus revealing patterns
 in the plaintext input. For example, these images from Wikipedia's
 <A HREF="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">Block
-cipher modes of operation</A> illustrate this point well: 
+cipher modes of operation</A> illustrate this point well:
 </P>
 <TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0>
 	<TR>
@@ -92,7 +92,7 @@ <H3>Symmetric Encryption in ESAPI 2.0rc1 and 2.0rc2</H3>
 <P>Ciphertext encrypted with ECB cipher mode are also subject to
 &quot;block replay attacks&quot;. See Bruce Schneier's <A HREF="http://www.google.com/url?sa=t&amp;source=web&amp;ct=res&amp;cd=2&amp;url=http%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DA6ZO2D6ayNwC%26pg%3DPT216%26lpg%3DPT216%26dq%3Decb%2B%2522block%2Breplay%2522%26source%3Dbl%26ots%3DiEbAWQpu0e%26sig%3D8xiUva4XKaAOfPJEPsULPAJPk88%26hl%3Den%26ei%3Da6yISoLQPJOuMI-Z_OkE%26sa%3DX%26oi%3Dbook_result%26ct%3Dresult%26resnum%3D2&amp;ei=a6yISoLQPJOuMI-Z_OkE&amp;rct=j&amp;q=ecb+%22block+replay%22&amp;usg=AFQjCNF-IjrE4dL7M2LELh48hYPP6A_bpQ"><I>Applied
 Cryptography: protocols, algorithms, and source code</I> </A>for
-details. 
+details.
 </P>
 <P>In both ESAPI 2.0-rc1 and 2.0-rc2, one can choose other block
 ciphers (e.g. Blowfish) or other key sizes (e.g., 512-bit AES), but
@@ -123,7 +123,7 @@ <H3>Problems with Symmetric Encryption in ESAPI 2.0-rc1 and 2.0-rc2</H3>
 </OL>
 <H2>The Encryption Changes in ESAPI 2.0-rc3 and Later</H2>
 <P>Briefly speaking, the changes being implemented for ESAPI Java 2.0
-are: 
+are:
 </P>
 <OL>
 	<LI><P STYLE="margin-bottom: 0in">Starting in ESAPI Java 2.0-rc3,
@@ -156,7 +156,7 @@ <H2>The Encryption Changes in ESAPI 2.0-rc3 and Later</H2>
 	response was deafening. There literally was but a single response
 	and that was to kill off <CODE>LegacyJavaEncryptor</CODE><CODE><FONT FACE="Thorndale AMT, serif">.</FONT></CODE>
 	(By this time, the two symmetric encryption interfaces in <CODE>Encryptor</CODE>
-	had already been deprecated.) 
+	had already been deprecated.)
 	</P>
 	<LI><P>The byte-encoding has been changed from native byte encoding
 	to UTF-8 byte-encoding throughout ESAPI 2.0 and not just for
@@ -167,7 +167,7 @@ <H2>The Encryption Changes in ESAPI 2.0-rc3 and Later</H2>
 	guaranteed.</P>
 </OL>
 <H2>The Good, the Bad, and the Ugly</H2>
-<P>Or put another way, there are always trade-offs to be made... 
+<P>Or put another way, there are always trade-offs to be made...
 </P>
 <H3>The Good</H3>
 <P>We get improved security by encouraging the use of stronger cipher
@@ -205,9 +205,9 @@ <H3>The Bad</H3>
 both to encrypt and decrypt. While it is not required that the IV be
 kept secret from adversaries, there are some attacks that are
 possible if the adversary is permitted to alter the IV at will and
-observe the results of the ensuing decryption attempt. 
+observe the results of the ensuing decryption attempt.
 </P>
-<P>So that leaves two choices for the IV: 
+<P>So that leaves two choices for the IV:
 </P>
 <UL>
 	<LI><P STYLE="margin-bottom: 0in">Using a <I><B>fixed IV</B></I>:
@@ -223,7 +223,7 @@ <H3>The Bad</H3>
 	persisted (e.g., to a database) or transmitted to the recipient this
 	random IV must be stored / made known. Therefore, the raw ciphertext
 	can no longer suffice; whatever random IV that was chosen must be
-	communicated. 
+	communicated.
 	</P>
 </UL>
 <P>Likewise, the use of padding is going to add some overhead to the
@@ -360,7 +360,7 @@ <H3>The Bad</H3>
 cipher block size is 128-bits, but more typically, a cipher's block
 size is 64-bits so the padding would be between 1 to 16 bytes for AES
 and 1 to 8 bytes for a 64-bit block size cipher and the IV would be
-IV would be 16 bytes for AES and 8 bytes for most other ciphers. 
+IV would be 16 bytes for AES and 8 bytes for most other ciphers.
 </P>
 <H3>The Ugly</H3>
 <P>Well, so far, this &quot;bad&quot; news may be bad for you but
@@ -370,7 +370,7 @@ <H3>The Ugly</H3>
 <P>But wait Skippy, don't go running off just quite yet. As Robert
 Heinlein wrote in his 1966 novel <I>The Moon is a Harsh Mistress</I>
 &quot;There ain't no such thing as a free lunch&quot;. (Some of us
-more hardened cynics know it more commonly as <I>TANSTAAFL</I>.) 
+more hardened cynics know it more commonly as <I>TANSTAAFL</I>.)
 </P>
 <P>As mentioned earlier, backward compatibility with ESAPI 1.4
 (originally planned via <CODE>LegacyJavaEncryptor</CODE>) has been
@@ -395,11 +395,11 @@ <H3>The Ugly</H3>
 complexity of handling the ciphertext result from encryption
 operations. And then there are new encryption and decryption methods
 for the <CODE>Encryptor</CODE> interface. Specifically, the encrypt
-and decrypt methods have been generalized as: 
+and decrypt methods have been generalized as:
 </P>
 <PRE STYLE="margin-left: 0.49in"><FONT COLOR="#000000"><FONT FACE="Monospace">CipherText encrypt(SecretKey key, PlainText plaintext)</FONT></FONT>
 <FONT COLOR="#000000">        <FONT FACE="Monospace">throws EncryptionException;</FONT></FONT></PRE><P STYLE="margin-bottom: 0in">
-and 
+and
 </P>
 <PRE STYLE="margin-left: 0.49in"><FONT COLOR="#000000"><FONT FACE="Monospace">PlainText decrypt(SecretKey key, CipherText ciphertext)</FONT></FONT>
 <FONT COLOR="#000000">        <FONT FACE="Monospace">throws EncryptionException</FONT></FONT></PRE><P>
@@ -409,7 +409,7 @@ <H3>The Ugly</H3>
 based on <FONT FACE="DejaVu Sans Mono, sans-serif">Encryptor.MasterKey</FONT>.)</P>
 <P>The two existing interfaces from ESAPI 1.4 and earlier:</P>
 <PRE STYLE="margin-left: 0.49in; margin-bottom: 0.2in">String encrypt(String plaintext) throws EncryptionException</PRE><P STYLE="margin-bottom: 0in">
-and 
+and
 </P>
 <PRE STYLE="margin-left: 0.49in; margin-bottom: 0.2in">String decrypt(String ciphertext) throws EncryptionException</PRE><P>
 are still supported but have been <I>deprecated</I>, mainly because
diff --git a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
index 2091cadc8..19298d4c2 100644
--- a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+++ b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
@@ -2,7 +2,7 @@
 <HTML>
 <HEAD>
 	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
-	<TITLE>ESAPI 2.0 Symmetric Encryption User Guide</TITLE>
+	<TITLE>ESAPI 2.x Symmetric Encryption User Guide</TITLE>
 	<META NAME="GENERATOR" CONTENT="OpenOffice.org 3.0  (Linux)">
 	<META NAME="CREATED" CONTENT="20100214;0">
 	<META NAME="CHANGEDBY" CONTENT="Kevin W. Wall">
@@ -12,17 +12,9 @@
 <TABLE BORDER="0" BORDERCOLOR="#000000" CELLPADDING=4 CELLSPACING=0 STYLE="page-break-before: auto; page-break-after: auto; page-break-inside: auto">
 <TR>
 <TD>
-<OBJECT TYPE="audio/x-mpeg" data="http://www.catonmat.net/download/crypt-o.mp3"
-WIDTH="500" HEIGHT="64" AUTOPLAY="false">
-    <PARAM NAME="src" VALUE="http://www.catonmat.net/download/crypt-o.mp3" />
-    <PARAM NAME="controller" VALUE="true" />
-    <PARAM NAME="autoplay" VALUE="false" />
-    <PARAM NAME="autostart" VALUE="0" />
-</OBJECT>
-</TD>
-<TD>
 <FONT COLOR="#00a444" SIZE="+2">
-<I>Crypto song. Take a listen and enjoy! Harry Belafonte never sounded this good. ;-)</I>
+    <A HREF="http://www.catonmat.net/download/crypt-o.mp3" TARGET="_blank"i
+        REL="noopener noreferrer nofollow">Crypto song</A>: <I>Take a listen and enjoy! Harry Belafonte never sounded this good. ;-)</I>
 </FONT>
 </TD>
 </TABLE>
@@ -121,10 +113,29 @@ <H2>ESAPI.properties Properties Relevant to Symmetric Encryption</H2>
 			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>128</FONT></FONT></PRE>
 		</TD>
 		<TD WIDTH=226>
-			<P><FONT SIZE=2>Key size, in bits. Required for cipher algorithms
+			<P><FONT SIZE=2>Default key size, in bits. Required for cipher algorithms
 			that support multiple key sizes.</FONT></P>
 		</TD>
 	</TR>
+	<TR VALIGN=TOP>
+		<TD WIDTH=249>
+			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>Encryptor.MinEncryptionKeyLength</FONT></FONT></PRE>
+		</TD>
+		<TD WIDTH=202>
+			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>128</FONT></FONT></PRE>
+		</TD>
+		<TD WIDTH=226>
+			<P><FONT SIZE=2>Minimum key size, in bits, that ESAPI will support
+                for <I>encryption</I>. (Note that any legitimate size is
+                accepted for <I>decryption</I>.) So, for example, if you needed
+                to be able to do encryption for 2-key Triple DES (aka, 2TDEA),
+                then you would have to change this to '112'. Note that for a
+                minimum key size of <U>larger</U> than 128-bits, you will need
+                to have the JCE Unlimited Strength Jurisdiction Policy files
+                installed on your runtime system.
+			</FONT></P>
+		</TD>
+	</TR>
 	<TR VALIGN=TOP>
 		<TD WIDTH=249>
 			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>Encryptor.ChooseIVMethod</FONT></FONT></PRE>
@@ -138,6 +149,9 @@ <H2>ESAPI.properties Properties Relevant to Symmetric Encryption</H2>
 			compatibility with legacy or third party software. If set to
 			“fixed�, then the property Encryptor.fixedIV must also be
 			set to hex-encoded specific IV that you need to use.
+            <B>NOTE:</B> "fixed" had been deprecated since 2.2.0.0 and finally
+            was removed for release 2.3.0.0. Using it in versions 2.3.0.0 or
+            later will result in a <code>ConfigurationException</code> being thrown.
             </FONT></P><P><FONT SIZE=2>
             <B>CAUTION:</B> While it is not required that the IV be kept
             secret, encryption relying on fixed IVs can lead to a known
@@ -339,7 +353,7 @@ <H2>ESAPI.properties Properties Relevant to Symmetric Encryption</H2>
 <H2>How the Old (Deprecated) Methods Were Used</H2>
 <P>To encrypt / decrypt using the String-based, deprecated methods
 carried over from ESAPI 1.4, code similar to the following would be
-used. 
+used.
 </P>
 <PRE>    String myplaintext = &quot;My plaintext&quot;;
     try {
@@ -397,10 +411,10 @@ <H2>Encrypting / Decrypting with the New Methods -- The Simple Usage</H2>
 <P>Using the new encryption / decryption methods is somewhat more
 complicated, but this is in part because they are more flexible and
 that flexibility means that more information needs to be communicated
-as to the details of the encryption. 
+as to the details of the encryption.
 </P>
 <P>A code snippet using the new methods that use the master
-encryption key would look something like this: 
+encryption key would look something like this:
 </P>
 <PRE>    String myplaintext = &quot;My plaintext&quot;;
     try {
@@ -418,7 +432,7 @@ <H2>Encrypting / Decrypting with the New Methods -- The Simple Usage</H2>
 mode is chosen.</P>
 <P>Also, these new methods allow a general byte array to be
 encrypted, not just a Java String. If one needed to encrypt a byte
-array with the old deprecated method, one would first have to use 
+array with the old deprecated method, one would first have to use
 </P>
 <PRE>    byte[] plaintextByteArray = { /* byte array to be encrypted */ };
     String plaintext = new String(plaintextByteArray, &quot;UTF-8&quot;);</PRE><P>
@@ -527,7 +541,7 @@ <H3>Encrypting / Decrypting with the New Methods</H3>
 encrypted bank account numbers are to be sent to one recipient and
 the encrypted credit card numbers are to be sent to a different
 recipient. Obviously in such cases, you do not want to share the same
-key for both recipients. 
+key for both recipients.
 </P>
 <P>In ESAPI 1.4 there was not much you can do, but in ESAPI 2.0 and
 later, there are new encryption / decryption methods that allow you
@@ -539,14 +553,14 @@ <H3>Encrypting / Decrypting with the New Methods</H3>
 distributed to the recipients out-of-band. On you could distribute
 them dynamically via asymmetric encryption assuming that you've
 previously exchanged public keys with the recipients.)</P>
-<P>The following illustrates how these new methods might be used. 
+<P>The following illustrates how these new methods might be used.
 </P>
 <P>First, we would generate some appropriate secret keys and
 distribute them securely (e.g., perhaps over SSL/TLS) or exchange
 them earlier out-of-band to the intended recipients. (E.g., one could
 put them on two separate thumb drives and use a trusted courier to
 distribute them to the recipients or one could use PGP-mail or S/MIME
-to securely email them, etc.) 
+to securely email them, etc.)
 </P>
 <PRE>    // Generate two random, 128-bit AES keys to be distributed out-of-band.
     import javax.crypto.SecretKey;
@@ -573,10 +587,10 @@ <H3>Encrypting / Decrypting with the New Methods</H3>
 Second, these keys would be printed out and stored somewhere secure
 by our application, perhaps using something like ESAPI's
 <CODE>EncryptedProperties</CODE> class, where they could later be
-retrieved and used. 
+retrieved and used.
 </P>
 <P>In the following code, we assume that the <CODE>SecretKey</CODE>
-values have already been initialized elsewhere. 
+values have already been initialized elsewhere.
 </P>
 <PRE>    SecretKey bankAcctKey = ...;        // These might be read from EncryptedProperties
     SecretKey credCardKey = ...;        // or from a restricted database, etc.
@@ -788,7 +802,7 @@ <H2>Acknowledgments</H2>
 KDF more in line with NIST's recommendations for KDFs as described in
 NIST Special Publication 800-108 (and specifically section 5.1). You can
 read about Jeff's review at
-<a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/Analysis-of-ESAPI-2.0-KDF.pdf">
+<a href="https://github.com/ESAPI/esapi-java-legacy/blob/main/documentation/Analysis-of-ESAPI-2.0-KDF.pdf">
 Analysis of ESAPI 2.0's Key Derivation Function
 </a>
 </p>
diff --git a/documentation/esapi4java-core-2.1-release-notes.txt b/documentation/esapi4java-core-2.1-release-notes.txt
index 3570d0f88..e97e56c93 100644
--- a/documentation/esapi4java-core-2.1-release-notes.txt
+++ b/documentation/esapi4java-core-2.1-release-notes.txt
@@ -1,68 +1,68 @@
-ESAPI for Java - 2.1.0 Release Notes
-
-1) Fixed security issue #306, a vulnerability discovered by Phillipe Arteau.
-   This fix necessitated removing the deprecated encrypt() and decrupt() methods
-   that were intended to provide backward compatibility with ESAPI 1.4.
-   As it turns out, there was no way to fix this bug without a major rewrite
-   unless these methods were removed. However, as these two methods have been
-   deprecated more than 2 years ago and they are known to be insecure
-   (they are vulnerable to padding oracle attacks), the ESAPI team has
-   decided to remove them in accordance to their support policy.
-   
-   See comments for issue #306 for further details, as well as additional
-   safety precautions that you may wish to take in the unlikely, but possible
-   event that this vulnerability resulted in an actual security breach.
-
-   Finally, since the removal of these methods constitute an interface change
-   (to the Encryptor interface), this is considered a minor release (2.1)
-   rather than simply a patch release (2.0.2).
-
-   Please note that there are further updates planned to further strengthen
-   the MAC that ESAPI crypt uses. However, because they will require some
-   design changes, they may not be out for another month. Note that these
-   fixes do not correct any *known* vulnerabilities, but will address
-   some potential weaknesses in what is not included in the MAC (such as
-   the crypto version).
-
-2) Other Google Issues fixed: 257, 271, and 292 are all fixed in this release.
-
-3) Fixed Javadoc for Encoder.encryptForJavaScript(). [Revision r1879]
-
-4) DefaultEncryptedProperties - made minor Javadoc changes.
-
-5) The ESAPI 2.0 Encryptor.encrypt() methods now all throw an appropriate
-   IllegalArgumentException if any of the arguments are null. Previously,
-   if any of the arguments were null you would either get an AssertionError
-   (if you had assertions enabled) or a default NullPointerException when
-   assertions were disabled.  While IllegalArgumentException is still an
-   unchecked RuntimeException, note that if you were previously catching
-   NullPointerExceptions for these cases, you may need to change your code.
-
-6) The public constructor, CiphertextSerializer(CipherText ct), was changed
-   to explicitly check that the parameter is not null. Previously it had
-   checked with assertions which might later result in a NullPointerException
-   being thrown if assertions were disabled. Now if the parameter is null,
-   an appropriate IllegalArgumentException is thrown. This should not really
-   affect existing code (unless you are experimenting implementing your own
-   crypto) since user code should not really be using CiperTextSerializer
-   directly.
-
-7) Some of the setter methods in KeyDerivationFunction were changed to explicitly
-   check for invalid arguments and throw an IllegalArgumentException rather than
-   checking these parameters via assertions. This should not affect general
-   user code as most would not be calling the KeyDerivationFunction class
-   directly.
-
-8) Other miscellaneous minor code clean-up, mostly to remove compiler warnings.
-
-NOTE: A follow-up patch release is scheduled within the next few months to
-      address some questionable design decisions regarding what data in
-      the serialized ciphertext should be authenticated via the MAC. For
-      instance, presently only the IV+ciphertext is MAC'd (as would be the
-      equivalent case of when you would use an authenticated combined cipher
-      mode such as GCM or CCM). A deeper analysis of the design is required
-      based on findings in Google Issue # 306. I will periodically try
-      to keep the ESAPI mailing lists updated with the progress so watch
-      there for emerging details and anticipated schedule.
-      
--Kevin W. Wall <kevin.w.wall@gmail.com>, 2013-08-30
+ESAPI for Java - 2.1.0 Release Notes
+
+1) Fixed security issue #306, a vulnerability discovered by Phillipe Arteau.
+   This fix necessitated removing the deprecated encrypt() and decrupt() methods
+   that were intended to provide backward compatibility with ESAPI 1.4.
+   As it turns out, there was no way to fix this bug without a major rewrite
+   unless these methods were removed. However, as these two methods have been
+   deprecated more than 2 years ago and they are known to be insecure
+   (they are vulnerable to padding oracle attacks), the ESAPI team has
+   decided to remove them in accordance to their support policy.
+
+   See comments for issue #306 for further details, as well as additional
+   safety precautions that you may wish to take in the unlikely, but possible
+   event that this vulnerability resulted in an actual security breach.
+
+   Finally, since the removal of these methods constitute an interface change
+   (to the Encryptor interface), this is considered a minor release (2.1)
+   rather than simply a patch release (2.0.2).
+
+   Please note that there are further updates planned to further strengthen
+   the MAC that ESAPI crypt uses. However, because they will require some
+   design changes, they may not be out for another month. Note that these
+   fixes do not correct any *known* vulnerabilities, but will address
+   some potential weaknesses in what is not included in the MAC (such as
+   the crypto version).
+
+2) Other Google Issues fixed: 257, 271, and 292 are all fixed in this release.
+
+3) Fixed Javadoc for Encoder.encryptForJavaScript(). [Revision r1879]
+
+4) DefaultEncryptedProperties - made minor Javadoc changes.
+
+5) The ESAPI 2.0 Encryptor.encrypt() methods now all throw an appropriate
+   IllegalArgumentException if any of the arguments are null. Previously,
+   if any of the arguments were null you would either get an AssertionError
+   (if you had assertions enabled) or a default NullPointerException when
+   assertions were disabled.  While IllegalArgumentException is still an
+   unchecked RuntimeException, note that if you were previously catching
+   NullPointerExceptions for these cases, you may need to change your code.
+
+6) The public constructor, CiphertextSerializer(CipherText ct), was changed
+   to explicitly check that the parameter is not null. Previously it had
+   checked with assertions which might later result in a NullPointerException
+   being thrown if assertions were disabled. Now if the parameter is null,
+   an appropriate IllegalArgumentException is thrown. This should not really
+   affect existing code (unless you are experimenting implementing your own
+   crypto) since user code should not really be using CiperTextSerializer
+   directly.
+
+7) Some of the setter methods in KeyDerivationFunction were changed to explicitly
+   check for invalid arguments and throw an IllegalArgumentException rather than
+   checking these parameters via assertions. This should not affect general
+   user code as most would not be calling the KeyDerivationFunction class
+   directly.
+
+8) Other miscellaneous minor code clean-up, mostly to remove compiler warnings.
+
+NOTE: A follow-up patch release is scheduled within the next few months to
+      address some questionable design decisions regarding what data in
+      the serialized ciphertext should be authenticated via the MAC. For
+      instance, presently only the IV+ciphertext is MAC'd (as would be the
+      equivalent case of when you would use an authenticated combined cipher
+      mode such as GCM or CCM). A deeper analysis of the design is required
+      based on findings in Google Issue # 306. I will periodically try
+      to keep the ESAPI mailing lists updated with the progress so watch
+      there for emerging details and anticipated schedule.
+
+-Kevin W. Wall <kevin.w.wall@gmail.com>, 2013-08-30
diff --git a/documentation/esapi4java-core-2.1.0.1-release-notes.txt b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
new file mode 100644
index 000000000..4c599ff59
--- /dev/null
+++ b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
@@ -0,0 +1,129 @@
+Release notes for ESAPI 2.1.0.1
+    Release date: 2016-Feb-05
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Chris Schmidt <chris.schmidt@owasp.org>
+
+Previous release: ESAPI 2.1.0, Sept 2013
+
+
+-----------------------------------------------------------------------------
+                GitHub Issues fixed in this release:
+                          36 issues closed
+
+32 - URLs in doc for HTTPUtilities.setNoCacheHeaders are wrong
+58 - Separate Crypto Related Properties into Separate File
+     Fixed as part of issue #350. Can be addressed by placing sensitive
+     ESAPI crypto properties into a separate properties file controlled by
+     the operations team and not checked into your SCM. For further details,
+     see documentation/ESAPI-configuration-user-guide.md and use system property
+     org.owasp.esapi.opsteam.
+96 - Need validation configuration enhancements
+103 - Make ESAPI configuration XML
+200 - DefaultHttpUtilities.sendRedirect should throw AccessControlException, not IOException
+205 - BaseValidationRule.assertValid(String context, String input) causes NPE if input is not valid.
+221 - IntrusionException should extend EnterpriseRuntimeException
+229 - printStackTrace when loading configuration file
+237 - how can we use esapi in java for validation,please see files attached containing java code and for errors
+254 - Patch for /trunk/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+261 - Could not set multiple cookies one by one at single request
+275 - Log4JLogger.java doesn't output correct file & line number because FQCN isn't forwarded to Log4J
+276 - Patch for /branches/2.1/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+287 - Patch for /branches/2.1/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+288 - Patch for /trunk/src/test/java/org/owasp/esapi/reference/UserTest.java
+289 - ClickjackFilter after doFilter
+306 - Canonicalizing "&#37;Device&#37; changes the meaning of the input string
+313 - Insecure default configuation for Executor.ApprovedExecutables in ESAPI.properties file
+315 - ValidatorTest.testIsValidDate fails if default locale is not US
+318 - Incorrect Equality test on floating point values
+319 - Resource leak: FileInputStream is not closed on method exit
+321 - Unsynchronized get method, synchronized set method
+322 - RequestRateThrottleFilter may not work as expected with hits=1 or hits=2
+323 - PolicyFactory Sanitize method weird output
+328 - StringUtils.union broken which has minor impact on CSRF Protection and random file name generation
+330 - setHeader blocks legitimate headers due to header name size limit being too low
+331 - Log4j configuration with no root level causes NPE in Log4jLogger.java
+334 - Regex in ESAPI.properties is not considering few of the french characters
+336 - Log4JLogger.java doesn't output correct file & line number-Similar issue as reported in Issue 268
+344 - JUnit test failure in ValidatorTest.testGetValidSafeHTML()
+345 - JUnit test failure in ValidatorTest.testIsValidDate()
+347 - Fixes #345 - JUnit test failure in ValidatorTest.testIsValidDate()
+349 - Package correctly the esapi.tld into ESAPI jar
+350 - [ESAPI Spring Code Sprint – May / June 2015] Implementation of requirements
+351 - getHeader length limit error
+354 - Add stern javadoc warning about Base64.decodeToObject() being unsafe and mark method as deprecated.
+      Note: This method no longer functions unless the system property org.owasp.esapi.enableUnsafeSerialization
+      is set to "true". This breaks backward compatibility in favor of taking a more secure posture.
+355 - Temp files created by org.owasp.esapi.waf.internal.InterceptingServletOutputStream not removed by WAF JUnit tests
+356 - Make end-of-line terminators consistent for .java, .xml, and other ESAPI source files.
+359 - CodecTest unit tests never test with a populated char array.
+
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release not tracked via GitHub issues
+
+* Miscellaneous minor javadoc fixes and updates.
+* Fixed grammatical error in CipherTextSerializer class error message.
+* Upgraded versions of several ESAPI dependencies (i.e., 3rd party jars), including several that had unpatched CVEs.
+* Added the Maven plug-in for OWASP Dependency Check so 3rd party dependencies can be kept up-to-date.
+* Added .gitignore file so that certain files won't get accidentally commited such as IDE files.
+* Added .gitattributes file so to help resolve end-of-line issues. (Part of issue 356.)
+* Added new documentation (documentation/ESAPI-configuration-user-guide.md) describing new ESAPI configuration feature.
+* Changed many assertions in ESAPI crypto to explicit runtime checks that
+  throw IllegalArgumentException instead.
+
+-----------------------------------------------------------------------------
+                    ATTENTION: Other Important Notes
+
+The JUnit test AuthenticatorTest.setCurrentUser() is periodically failing
+due to an apparent race condition either in the test itself or in
+FileBasedAuthenticator. See GitHub issue #360 for details, including
+why we don't think it is worth holding up the release for.
+
+-----------------------------------------------------------------------------
+
+                Contributors for ESAPI 2.1.0.1 release
+
+Notice: My appologies if I've missed anyone, but you did have an opportunity
+        to send me your names. (I solicited for contributors names to emails
+        to the ESAPI-Dev and ESAPI-User mailing lists sent on 1/23/2016.)
+        If I missed you and you contributed to THIS release, please send
+        me an email with your first and last name and what your SPECIFIC
+        contribution was and I will see you name is added to this list.
+                                                    - Kevin W. Wall
+
+Project co-leaders
+    Kevin W. Wall (kwwall)
+    Chris Schmidt (chrisisbeef)
+
+Special shout-outs to:
+    Matt Seil (xeno6696)
+    Jeremiah Stacey (jeremiahjstacey)
+
+Special contributions:
+    ESAPI Hackathon participants - November 18, 2014 - January 20, 2014
+        Daniel Amodio
+        Eric Kobrin
+        Eric Citaire
+        Eamonn Washington
+        John Melton
+        Special thanks to Samantha Groves for assisting with the ESAPI hackathon
+
+    Professor and students involved in ESAPI Spring Code Sprint (May - June, 2015):
+        Marek Zachara - instructor
+        Patryk Bak - student
+        Marcin Siedlarz - student
+        Szymon Bobowiec - student
+        Karol Kapcia - student
+        Fabio Cerullo - OWASP board coordination for code sprint
+
+Other Contributors:
+    Karan Sanwal
+    Arpit Gupta
+    Constantino Cronemberger
+    Tàrin Gamberìni
+    Kad Dembele
+    Anthony Musyoki
+    Andrew VanLoo
+    Ashish Tripathy
+    Brad Schoening
diff --git a/documentation/esapi4java-core-2.2.0.0-release-notes.txt b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
new file mode 100644
index 000000000..b43efc743
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
@@ -0,0 +1,421 @@
+Release notes for ESAPI 2.2.0.0
+    Release date: 2019-June-24
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.1.0.1, February 5, 2016
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+* Upgrade to require JDK 7 or later. JDK 6 is no longer supported by ESAPI.
+* Upgrade to require Java Servlet API 3.0.1 or later. See "Appendix: Dependency Updates (as reflected in pom.xml)" below for additional details.
+* 100+ GitHub issues closed. (Note: Includes previously incorrectly closed issues that were reopened, fixed, and then closed again.)
+* Upgraded versions of several ESAPI dependencies (i.e., 3rd party jars), including several that had unpatched CVEs. See "Appendix: Dependency Updates (as reflected in pom.xml)" below for full details.
+* Known vulnerabilities still not addressed:
+    - There is this critical CVE in log4j 2.x before 2.8.2: CVE-2017-5645. It is a Java deserialization vulnerability that can lead to arbitrary remote code execution. Some private vulnerability databases claim that this same vulnerability is present in log4j 1.x even though the CVE itself does not claim that. However, examination of this CVE shows that the vulnerability is associated with implementations of TcpSocketServer and UdpSocketServer, which implement fully functional socket servers that can be used to listen on network connections and record log events sent to server from various client applications. For ESAPI to be vulnerable to that, first someone would have to have an implementation of wone of those servers running and secondly, they would have to change ESAPI's log4j.xml configuration file so that it uses log4j's SocketAppender rather than the default ConsoleAppender that ESAPI's default deployment uses. Thus even if this vulnerability were present in log4j 1.x, ESAPI's use of ConsoleAppender makes it a non-issue.
+    - There is a known and unpatched vulnerability in the SLF4J Extensions that some vulnerability scanners may pick up and associate with ESAPI's use of slf4j-api-1.7.25.jar. (Note that OWASP Dependency Check does NOT flag this vulnerability [CVE-2018-8088], but others may.) According to NVD, this vulnerability is associated with "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2". Fortunately, I have confirmed that this Java deserialization does not impact ESAPI. First off, the default configuration of ESAPI.properties does not use SLF4J, but even if an application should choose to use it, ESAPI does not include the slf4j-ext jar and it has been confirmed that the vulnerable class (org.slf4j.ext.EventData) is not included in the slf4j-api jar that ESAPI does. Unfortunately, this CVE is not patched in the latest SLF4J packages, so even if we were to update it to latest version (currently 1.80-beta2, as of 12/31/2018), any scanners that associate ESAPI with CVE-2018-8088 would still have this false positive. But the important thing to ESAPI users is to know that if this CVE is identified for ESAPI, that it is a false positive.
+    - There is a recently discovered issue (see https://app.snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-30077) that is related to CVE-2014-0114 that is a Java deserialization issue in Apache Commons BeanUtils 1.9.3 that can lead to remote command execution attacks. This had been fixed in 1.9.2, but apparently they missed a place where the fix was needed. A GitHub commit (https://github.com/apache/commons-beanutils/pull/7/commits/2780a77600e6428b730e3a5197b7c5baf1c4cca0) has been made to mster branch of the BeanUtils repo, but thus far, no official patch has been released. ESAPI only uses BeanUtils in its AccessController (specifically, DynaBeanACRParameter class), where it has a dependency on org.apache.commons.beanutils.LazyDynaMap. Based on the BeanUtils commit, the fix was in org.apache.commons.beanutils2.PropertyUtilsBean. Based on a cursory examination, the ESAPI team does not believe that this vulnerability reported by Snyk is exploitable given that manner that it is used within ESAPI, or if it is, it is not externally exploitable based on the default access control rules that are provided with ESAPI. However, the ESAPI team will be watching for an official patch to Apache Commons BeanUtils and we will release a patched version of ESAPI as patch point release once a patch is officially available in Maven Central.
+    - Otherwise, ESAPI 2.2.0.0 addresses all know CVEs except for CVE-2013-5960 (which I have fixed in a private BitBucket repo, but getting it to be backward compatible is proving to be more difficult than anticipated.) Besides, if you want to use encryption in Java, I'd highly recommend using Google Tink, which is much more fully featured than ESAPI. (Tink allows key rotation, storing keys in various cloud HSMs, etc.)
+
+
+It was mainly because of these first two bullet items above that we bumped the release to 2.2.0.0 rather than to 2.1.0.2. (See GitHub Issue #471 for details.)
+=================================================================================================================
+
+                Basic ESAPI facts
+
+ESAPI 2.1.0.1 release:
+    177 Java source files
+    1547 Junit tests in 88 Java source files
+
+ESAPI 2.2.0.0 release:
+    194 Java source files
+    4150 JUnit tests in 118 Java source files
+
+That's 2603 NEW tests since the 2.1.0.1 release!!!
+
+                GitHub Issues fixed in this release
+            [i.e., since 2.1.0.1 release on 2016-Feb-05]
+                          More than 100 issues closed
+
+Issue #			GitHub Issue Title
+----------------------------------------------------------------------------------------------
+30		ESAPIFilter in RI should allow login page destination to be configured
+31		MySQL CODEC : "_" character not handled properly ?
+37		RandomAccessReferenceMap.update() can randomly corrupt the map
+71		java.lang.ExceptionInInitializerError in 2.0 version
+129		Add Logging support for SLF4J
+157		minimum-config deployment fails
+188		SecurityWrapperRequest seems to mishandle/swallow allowNull argument
+209		Build an encoding function specific to HTTP/Response Splitting (tactical remediation)
+213		Provide a taglib descriptor (.tld file)
+223		DecodeFromURL fails when the input is &quot;&amp;#37;&quot; (without quotes)
+228		EncodeForHTML or other Encoding methods fail if there is a windows style path being encoded.
+234		Canonicalization might not be performed
+244		Unable to use the esapi taglib as esapi.tld file is missing in the ESAPI 2.0 GA release
+246		CryptoHelper::arrayCompare - leaks info about arrays
+247		XSS Cheat sheet on safe vs unsafe CSS property value syntax is inaccurate
+253		tag library will not function without ESAPI configuration
+255		Patch for /trunk/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+258		isValidDate fails to identify injection attack      [[Note: closed as duplicate of 299]]
+259		JavascriptCodec is removing all backslashes
+265		Canonicalize function for the DefaultEncoder class does not handle URLs properly
+267		java.lang.ClassNotFoundException: org.owasp.validator.html.PolicyException
+273		Could not initialize class org.owasp.esapi.reference.crypto.JavaEncryptor
+274		Logger.log is is slow
+277		NPE in SafeFile.doDirCheck() on empty file path, needs null check.
+278		ValidatorTest fails with German default Locale
+280		HTMLEntityCodec.getNamedEntity not case sensitive
+281		missing assertions in SafeFileTest.java
+282		Difference between encodeForHTMLAttribute and encodeForHTML
+283		nekohtml fails ESAPI.validator().getValidSafeHTML();
+284		ESAPI.validator().getValidInput() returns misleading Exception
+285		Incorrect treatement of named html entities
+286		JavaLogFactory not thread safe
+289		ClickjackFilter after doFilter
+291		DefaultEncoder.canonicalize() Bug
+292		jsessionid validator regex in esapi.properties not applicable to ids generated by tomcat
+293		Canoniclizing out of EncodeforLdap or EncodeForDN if contains specific characters like &quot;(, ) #&quot; etc. messes up the input.
+294		Config Error
+295		ESAPI validator isValidRedirectLocation does not work
+296		CSS and images not working with ESAPIWebApplicationFirewallFilter
+297		ClassNotFoundException: org.owasp.esapi.reference.accesscontrol.DefaultAccessController AccessController class
+299		isValidDate fails with patterns ending with "yyyy"
+300		non-BMP characters incorrectly encoded
+301		encodeForHTMLAttribute escapes the forward slash
+302		HTMLEntityCodec#decode incorrectly decodes upper-case accented letters as their lower-case counterparts
+303		HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters
+304		encodeForCSS breaks color values
+305		ClassCastException when using ESAPI logger
+307		Issue with decodeFromURL method in the DefaultEncoder
+308		AuthenticatedUser isCredentialsNonExpired() have todo comment, but default return false;
+309		Eliminate eclipse code warnings to improve quality
+316		Deprecate current HttpUtilities.setRememberToken() and replace with one not requiring user password
+317		Resource leak: This FileReader is not closed on method exit
+325		ClassCastException on SecurityWrapperResponse
+327		Construct &quot;&amp;amp;&quot; in Validator.URL is simple character class, not reference to ampersand
+329		AbstractAccessReferenceMap.addDirectReference not invariant
+333		logger is gettin class cast exception
+352		Possible threading issue in EnterpriseSecurityExceptionTest
+360		AuthenticatorTest.setCurrentUser() periodically fails.
+361		Update pom.xml to use latest Maven plugins
+364		Possible null deference found by Coverity (id # 1352406) in CipherTextSerializer class
+365		TLD not in Jar
+366		Need instructions for building and developing ESAPI in IntelliJ
+371		Synchronize instance with GitHub issues
+372		Use of vulnerable commons-httpclient:commons-httpclient:3.1 dependency
+373		Create File Validator that checks Magic Bytes as Opposed to Extensions
+374		Email Validator does not accept + and longed domain names while it is allowed in ICANN
+375		java.lang.NoClassDefFoundError - .StrTokenizer
+376		Infinite or very long loop in URL validation URL
+379		WAF: GeneralAttackSignatureRule fails to process request with single parameter.
+381		Update ESAPI&#39;s pom.xml to address vulnerable 3rd party components
+383		SecurityWrapperResponse is overwriting http status codes that conflicts with RESTful Web Service protocols
+385		Method logSpecial in DefaultSecurityConfiguration is private and cannot be overriden by subclasses
+386		Avoid using System.err in EsapiPropertyManager
+387		&#39;mvn site&#39; fails for FindBugs report, causing &#39;site&#39; goal to fail
+389		Provide an option for the encodeForLDAP method to not encode wildcard characters
+394		Refactor Validator.getCanonicalizedUri into Encoder.
+395		Issues when I am passing htttp://localhost:8080/user=admin&amp;prodversion=no
+396		Trust Boundary Violation - while triggering veracode
+397		Update Resource path search to maintain legacy behavior in DefaultSecurityConfiguration.java
+398		addHeader in SecurityWrapperResponse has an arbitrary limit of 20 for the length of the Header name
+399		Fix Build Error when using mvn site
+400		Create a unit test for SecurityWrapperResponse
+403		Refactor all &quot;Magic Numbers&quot; in the baseline to use ESAPI.properties configurations
+414		canonicalize falsely recognizes HTML named entities
+417		Add additional protection against CVE-2016-1000031
+422		Inconsistent dependency structure and vulnerable xml (xerces, xalan, xml-apis ...) dependencies
+424		issue with Filename encoding for executeSystemCommand
+425		Project build error: Non-resolvable parent POM for org.owasp.esapi:esapi:2.1.0.2-SNAPSHOT: Could not transfer artifact
+427		HTTP cookie validation rules too restrictive?
+429		Miscellaneous updates to pom.xml
+432		ESAPI.properties not found.
+433		Class Cast Exception when trying to run JUnit Tests
+435		DefaultEncoder exhibits &quot;double checked locking&quot; anti-pattern
+437		CVE-2016-2510
+438		EncryptorTest.testNewEncryptDecrypt() fails for 112-bit (2-key) DESede if Bouncy Castle provider is installed as preferred provider
+439		Tighten ESAPI defaults to disallow dubious file suffixes
+442		Remove deprecated fields in Encoder interface
+444		Delete deprecated method Base64.decodeToObject() and related methods
+445		A bunch of dependencies are out of date , I will list them below with the associated vulnerability
+447		can&#39;t generate MasterKey / MasterSalt
+448		Clean up pom.xml
+454		about code eclipse formatter template question
+455		New release for mitigation of CVEs
+457		when run jetty ,can not find  esapi\ESAPI.properties
+461		Eclipse setup issues
+462		Allow configurable init parameter in ESAPIFilter for unauthorized requests
+463		Create release notes for next ESAPI release
+465		Update both ESAPI.properties files to show comment for ESAPI logger support for SLF4J
+471		Bump ESAPI release # to 2.2.0.0
+476		DefaultValidator.getValidInput implementation ignores 'canonicalize' method parameter
+478		Remove obsolete references to Google Code in pom.xml and any other release prep
+482		ESAPI 2.2.0.0 release date?
+483		More miscellaneous prep work for ESAPI 2.2.0.0 release
+485		Update Maven dependency check plugin to 5.0.0-M2
+488		Missed a legal input case in DefaultSecurityConfiguration.java
+492		Release candidates on maven central
+493		wrong regex validation
+499		ValidatorTest.isValidDirectoryPath() has tests that fail under Windows if ESAPI tests run from different drive where Windows installed
+500		Suppress noise from ESAPI searching for properties and stop ignoring important IOExceptions
+
+
+-----------------------------------------------------------------------------
+
+        Changes requiring special attention
+
+* Various deprecated methods were _actually_ deleted! This could break existing application code.
+
+    Issue 442		Remove deprecated fields in Encoder interface
+
+        Specifically, if you are using any of these previously deprecated fields from the Encoder interface, you need to update your application code to refer insteat to the constances from org.owasp.esapi.EncoderConstants:
+
+                public final static char[] CHAR_LOWERS = EncoderConstants.CHAR_LOWERS;
+                public final static char[] CHAR_UPPERS = EncoderConstants.CHAR_UPPERS;
+                public final static char[] CHAR_DIGITS = EncoderConstants.CHAR_DIGITS;
+                public final static char[] CHAR_SPECIALS = EncoderConstants.CHAR_SPECIALS;
+                public final static char[] CHAR_LETTERS = EncoderConstants.CHAR_LETTERS;
+                public final static char[] CHAR_ALPHANUMERICS = EncoderConstants.CHAR_ALPHANUMERICS;
+                public final static char[] CHAR_PASSWORD_LOWERS = EncoderConstants.CHAR_PASSWORD_LOWERS;
+                public final static char[] CHAR_PASSWORD_UPPERS = EncoderConstants.CHAR_PASSWORD_UPPERS;
+                public final static char[] CHAR_PASSWORD_DIGITS = EncoderConstants.CHAR_PASSWORD_DIGITS;
+                public final static char[] CHAR_PASSWORD_SPECIALS = EncoderConstants.CHAR_PASSWORD_SPECIALS;
+                public final static char[] CHAR_PASSWORD_LETTERS = EncoderConstants.CHAR_PASSWORD_LETTERS;
+
+    Issue 444		Delete deprecated method Base64.decodeToObject() and related methods
+
+        Specifically, the following methods were removed from the org.owasp.esapi.codecs.Base64 class. If you will using any of these methods, you likely already had vulnerabilities in your application code. If any of these methods were being used, you will need to rewrite your application code:
+
+                public static String encodeObject( java.io.Serializable serializableObject )
+                public static String encodeObject( java.io.Serializable serializableObject, int options )
+                public static Object decodeToObject( String encodedObject )
+
+    Issue 483     More miscellaneous prep work for ESAPI 2.2.0.0 release
+        Specifically, CipherText.getSerialVersionUID() and DefaultSecurityConfiguration.MAX_FILE_NAME_LENGTH have actually been deleted from the ESAPI code base. For the former, use CipherText.cipherTextVersion() instead. For the latter, there is no replacement. (This wasn't being used, but it was set to 1000 in case you're wondering.)
+
+* Various properties in ESAPI.properties were changed in a way that might affect your application:
+    Issue 439		Tighten ESAPI defaults to disallow dubious file suffixes
+
+        Specifically, the property HttpUtilities.ApprovedUploadExtensions changed from
+            HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+        to:
+            HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+        so if you were relying on your application to legimately accept an of the dangerous file types that were removed, you will need to update this property in your application's ESAPI.properties file accordingly.
+
+    - Several other properties related to the ESAPI Validator interface (typically through one of the isValid() methods) have had their default values which it uses modified. This mostly affects the use ESAPI.validator().isValid() calls, use of the class org.owasp.esapi.filters.SecurityWrapperRequest (which extends HttpServletRequestWrapper and is often used separately), as well as the ESAPI servlet filter, org.owasp.esapi.filters.SecurityWrapper, that uses it SecurityWrapperRequest. The following ESAPI properties are affected. If you are relying on any of these properties, you should review your application to see if / how it might be impacted.
+
+            Validator.HTTPContextPath:      Changed so that '/' is no longer a valid character.
+            Validator.HTTPHeaderName:       Changed so that the max size of a valid HTTP header name increased from 50 to 256.
+            Validator.HTTPJSESSIONID:       Changed so that valid HTTP JSESSIONID length increased from 30 to 32 characters.
+            Validator.HTTPParameterName:    Changed so that '-' is now considered a valid character for an HTTP parameter name.
+            Validator.HTTPParameterValue:   Changed so that some additional characters are allowed and length is limited to 1000 characters; i.e., changed from:
+                                                    Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
+                                                to:
+                                                    Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+            Validator.HTTPQueryString:      Changed lots of things. Specifically, changed from:
+                                                    Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
+                                                to:
+                                                    Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+                                                (Left as an exercise for the reader to figure out what exactly this means. ;-)
+            Validator.HTTPURI:              Changed to be much more restrictive; i.e., changed from:
+                                                    Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+                                                to:
+                                                    Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+* Other changes:
+    Issue 500		Suppress noise from ESAPI searching for properties and stop ignoring important IOExceptions
+
+        Fixing this required changes to the CTORs of the following classes:
+
+                org.owasp.esapi.configuration.EsapiPropertyManager
+                org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
+                org.owasp.esapi.configuration.EsapiPropertyLoaderFactory
+                org.owasp.esapi.configuration.StandardEsapiPropertyLoader
+                org.owasp.esapi.configuration.XmlEsapiPropertyLoader
+
+        These CTORs now explicitly throw IOException if the specified ESAPI property file is not found or not readable. Note that this should not affect most people as most use DefaultSecurityCOnfigurator and it still only throws ConfigurationException. (IOExceptions from these other classes are caught and rethrow as ConfigurationException.) Use of these classes directly should be very rare.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+* Updated minimal version of Maven from 3.0 to 3.1 required to build ESAPI.
+* Miscellaneous minor javadoc fixes and updates.
+* Added the Maven plug-in for OWASP Dependency Check so 3rd party dependencies can be kept up-to-date.
+* Updated .gitignore file with additional files to be ignored.
+* Changed many additional assertions in ESAPI crypto to explicit runtime checks that throw IllegalArgumentException instead. If you were using ESAPI crypto correctly, it shouldn't affect you, but if you were calling it incorrectly, you may now immediately get an IllegalArgumentException rather than something like a mysterious MullPointerException much later on.
+
+-----------------------------------------------------------------------------
+
+                Contributors for ESAPI 2.2.0.0 release
+
+Notice:
+    My appologies if I've missed anyone, but I have went solely by GitHub's record or *merged* PRs closed since 2.1.0.1 (i.e., > 2016-02-05).  If you submitted a patch file that was included with some other PR or worked with someone else that contributed a merged PR, drop me an email.  It is not my intention to slight anyone's contribution. If you can provide evidence of this, we will add your GitHub ID to this list.
+
+    Note that some of you may have submitted PRs that were rejected or closed for other reasons (such as being a duplicate, etc.) If you feel that you should still be mentioned here, shoot me an email and make your case and I will discuss it with my project co-lead, and you might be added to these release notes retroactively.
+                                                    - Kevin W. Wall
+
+Project co-leaders
+    Kevin W. Wall (kwwall)
+    Matt Seil (xeno6696)
+
+Special shout-outs to:
+    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
+    Dave Wichers (davewichers) - for Maven Central / Sonatype help
+
+List of all PRs closed since 2.1.0.1 (2016-Feb-05) -
+        List includes merged AND rejected PRs
+
+  53 Closed PRs since 2.1.0.1 release
+  ===================================
+#362 by artfullyContrived was merged on Feb 9, 2016 -- Update pom.xml to use latest Maven plugins
+#367 by drm2 was merged on Apr 9, 2016 -- Adding IntelliJ Tests setup documentation
+#368 by bkimminich was closed on May 7, 2016 -- Enable Travis CI build
+#369 by artfullyContrived was merged on Apr 22, 2016 -- Packages the esapi.tld into the jar file.
+#370 by kravietz was closed on Sep 23, 2018 • Changes requested  -- Integer overflow in for loop
+#378 by sunnypav was merged on Jul 21, 2017 • Changes requested  -- #302 HTMLEntityCodec Now decodes cased accented letters properly
+#380 by mickilous was merged on Jul 16, 2017 • Approved  -- Support of Cookie without maxAge set
+#384 by matthiaslarisch was closed on Oct 5, 2018 -- this commit fixes #385 changed visibility of method 'logSpecial(...)' from private to protected and #386 to avoid System.err output
+#388 by augustd was merged on May 13, 2017 -- Suppress CVE-2016-1000031 in dependency check Build-Maven
+#390 by JoelRabinovitch was merged on Jul 3, 2017 -- Issue 389
+#391 by xeno6696 was merged on Jun 18, 2017 • Approved  -- Issue #376 -- Addressed Kevin Wall's CR comments.
+#392 by xeno6696 was merged on Jun 18, 2017 -- Issue 376 -- Added missed null check on regex pattern.
+#393 by xeno6696 was merged on Jul 16, 2017 -- Issue 316 -- updated code to account for httpOnly and Secure cookie …
+#401 by xeno6696 was merged on Jul 16, 2017 -- Updated pom.xml so the base compile version is 1.7 instead of 1.6. T…
+#402 by xeno6696 was merged on Jul 16, 2017 -- Issue #398 -- Fixed hardcoded instance of HTTP header and made it con…
+#404 by xeno6696 was merged on Jul 21, 2017 -- Added simple unit test to validate changes that made HTML entities al…
+#405 by xeno6696 was merged on Jul 24, 2017 -- Multiple issues, #403, #400, #383, #405
+#406 by xeno6696 was merged on Jul 24, 2017 -- Issue #317 -- Fixed resource leak. Special thanks to eamonn.
+#407 by augustd was merged on Jul 27, 2017 -- Update antisamy xom
+#409 by xeno6696 was merged on Jul 27, 2017 -- Issue #327 got rid of misleading HTML entity in URL regex.
+#410 by xeno6696 was merged on Jul 28, 2017 -- Issue #292 && Issue #403 -- Updated default regex size for jsessionid…
+#411 by xeno6696 was merged on Jul 30, 2017 -- Merging commits related to #403.
+#413 by xeno6696 was merged on Aug 11, 2017 • Approved  -- Issue #300 -- Fixing ESAPI's inability to handle non-BMP codepoints.
+#415 by xeno6696 was merged on Aug 11, 2017 -- Issue #281 -- Updated unit tests with missing assertions.
+#416 by xeno6696 was merged on Aug 11, 2017 -- Issue #278 -- Added default local to date test to avoid non-us unit t…
+#418 by xeno6696 was merged on Aug 11, 2017 -- Issue #281 -- added windows escape char to blacklist in SafeFile to a…
+#419 by xeno6696 was merged on Aug 21, 2017 -- Catching up ESAPI.properties prod and test version.
+#420 by xeno6696 was merged on Aug 26, 2017 -- Issue #284 -- Restored original canonicalization behavior due to issu…
+#421 by xeno6696 was merged on Aug 26, 2017 -- Adding mocking frameworks for testing. Also added joda-time in preparation for date fixes.
+                                               [Note: A later PR removed joda-time, as it was not really needed.]
+#426 by NiklasMehner was merged on Nov 6, 2017 -- Fix configuration loading: Use value instead of constants also update vulnerable dependencies
+#428 by JoelRabinovitch was merged on Nov 26, 2017 -- Fixed the encoderForLDAP method to use a "switch" statement as was suggested by the maintainer.
+#430 by kwwall was merged on Feb 22, 2018 -- Close issue #429.
+#431 by jeremiahjstacey was merged on Feb 22, 2018 • Approved  -- Jstacey 135
+#434 by xeno6696 was merged on May 13, 2018 -- Moved esapi.tld into the correct resources location. Fixes issues #2…
+#436 by tom-leahy was closed on Aug 27, 2018 -- Add unicode letter/number support for fileName validation enhancement
+#440 by kwwall was merged on Sep 23, 2018 -- Close #439 by racheting down default allowed file suffixes used with file uploads
+#441 by kwwall was merged on Sep 23, 2018 -- Close #438 by loosening JUnit test case assertion
+#443 by kwwall was merged on Sep 23, 2018 -- Issue 442
+#446 by jeremiahjstacey was merged on Sep 26, 2018 -- Issue #129 SLF4J Logging Structures
+#449 by kwwall was merged on Oct 8, 2018 -- Close issue #448
+#450 by kwwall was merged on Oct 8, 2018 -- Issue 444
+#451 by kwwall was merged on Oct 8, 2018 -- Log special
+#453 by jackycct was merged on Nov 2, 2018 -- #304 encodeForCSS breaks color values
+#456 by JasperXgwang was closed on Nov 8, 2018 -- fix bug not found in classpath when run with jetty or tomcat
+#459 by simon0117 was merged on Dec 20, 2018 -- Eclipse setup updates
+#460 by simon0117 was closed on Dec 20, 2018 -- ESAPIFilter in RI should allow login page destination to be configured #30
+#464 by kwwall was merged on MMM DD, 2019 -- Misc release cleanup
+#467 by jeremiahjstacey was merged on Jan 06, 2019 -- AuthenticatorTest Stability #360
+#468 by jeremiahjstacey was merged on Jan 22, 2019 -- Date validation rule 299
+#469 by jeremiahjstacey was merged on Jan 15, 2019 -- AbstractAccessReferenceMap Issues #37 #329
+#470 by jeremiahjstacey was merged on Jan 15, 2019 -- JavaLogFactory Thread Safety #286
+#472 by jeremiahjstacey was merged on Jan 21, 2019 -- Issue #31 MySQLCodec Updates
+#475 by jeremiahjstacey was merged on Jan 27, 2019 -- Issue #188 resolution proof: Test updates
+#477 by jeremiajjstacey was merged on Feb 02, 2019 -- $476 DefaultValidator.getValidInput uses canonicalize method argument
+#487 by kwwall was merged on Apr 29, 2019 -- Master branch updates for ESAPI-2.2.0.0-RC2
+#490 by hellyguo was closed on May 12, 2019 -- enhance: cache class and method to avoid reading each time
+#491 by hellyguo was merged on May 27, 2019 -- enhance: improve the performance of ObjFactory
+
+
+List of contributors of *merged* PRs, listed (rather naively) by # of merged PRs:
+        # merged PRs    GitHub ID
+        -------------------------
+             19         xeno6696
+             10         jeremiahjstacey
+              9         kwwall
+              2         artfullyContrived
+              2         augustd
+              2         JoelRabinovitch
+              1         drm2
+			  1         hellyguo
+              1         jackycct
+              1         mickilous
+              1         NiklasMehner
+              1         simon0117
+              1         sunnypav
+
+Developer Activity Report (Changes between release 2.1.0.1 and 2.2.0.0, i.e., between 2015-02-05 and 2019-06-09 <UPDATE>)
+As created by 'mvn site', however this data was slighty edited to remove email ids replace them with GitHub ids when those were known, or with the developer name.
+Sorted first by # of commits and then by developer id / name..
+
+Developer       Total commits       Total Number
+                                  of Files Changed
+=====================================================
+kwwall                  362                 351
+xeno6696                 64                  82
+jeremiahjstacey          55                  68
+davewichers               7                  49
+Anthony Musyoki           4                   2
+Kad DEMBELE               4                   2
+augustd                   3                   7
+drmyersii                 2                   2
+JoelRabinovitch           2                   4
+Ben Sleek                 1                   1
+chrisisbeef               1                   5
+hellyguo                  1                   3
+Jackycct                  1                   2
+mickilous                 1                   2
+NiklasMehner              1                   2
+Pavan Kumar               1                   1
+simon0117                 1                   3
+taringamberini            1                   1
+=====================================================
+Totals:                 512                 399 (unique files changed)
+
+
+Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
+
+:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+Appendix:   Dependency Updates (as reflected in pom.xml)
+
+
+Many 3rd party dependencies had known vulnerabilities (e.g., CVEs reported to NIST's NVD, those reported via VulnDB, BlackDuck, SourceClear, etc.). We have tried to address all those of which we were aware and have updated the dependent 3rd party libraries to (where possible) the latest patched version.
+
+Note that in many places, these 3rd party dependencies were not *direct* dependencies, but rather *transitive* and since we are not able to force a direct 3rd party dependency to update their dependencies, in several cases, we have used Maven's <exclusions> tag to exclude specific transitive dependencies andthen explictly included their latest patched versions that did not cause JUnit test failures.
+
+Because the landscape of known vulnerabilities in 3rd party components is constantly changing and the OWASP ESAPI contributors do not have access to all private vulnerability databases, we may have inevitably missed some. In other cases, we have examined reported vulnerabilities and confirmed that as ESAPI uses and deploys the code in its default configuration, the claimed vulnerabilities are not exploitable.
+
+The following lists all new and updated dependencies. If a dependency is not listed below, the version used since ESAPI release 2.1.0.1 has not changed.
+
+New compile-time / runtime direct dependencies:
+    org.slf4j:slf4j-api:1.7.25 - Not actually needed in your application's classpath unless ESAPI.Logger is configured to use org.owasp.esapi.logging.slf4j.Slf4JLogFactory.
+
+New JUnit dependencies
+    org.bouncycastle:bcprov-jdk15on:1.61
+    org.powermock:powermock-api-mockito2:2.0.0-beta.5
+    org.powermock:powermock-module-junit4:2.0.0-beta.5
+
+Updated direct dependencies, by Maven scope
+  provided:
+    javax.servlet:javax.servlet-api:            2.5   -> 3.0.1
+    javax.servlet.jsp:javax.servlet.jsp-api:    2.0   -> 2.3.3
+
+  compile:
+    commons-fileupload:commons-fileupload:      1.3.1 -> 1.3.3
+    org.apache.commons:commons-collections4:    3.2.2 -> 4.3
+    commons-beanutils:commons-beanutils-core:   1.8.3 -> 1.9.3
+    com.io7m.xom:xom:                           1.2.5 -> 1.2.10
+    org.apache-extras.beanshell:bsh:            2.0b4 -> 2.0b6
+    org.owasp.antisamy:antisamy:                1.5.3 -> 1.5.8
+    org.apache.xmlgraphics:batik-css:           1.8   -> 1.11
+
+    Transitive runtime dependencies that ESAPI has now directly taken control off because of known vulnerabilities or other incompatibilities:
+        xalan:xalan:                            2.7.0 -> 2.7.2
+        xml-apis:xml-apis:                     1.3.03 -> 1.4.01
+        xerces:xercesImpl:                      2.8.0 -> 2.12.0
+
+  test:
+    commons-io:commons-io:                      2.4   -> 2.6
diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
new file mode 100644
index 000000000..e32e0ad8c
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -0,0 +1,316 @@
+Release notes for ESAPI 2.2.1.0
+    Release date: 2020-July-12
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.0.0, 2019-June-24
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+This is a minor release. It's main purpose was to update dependencies to eliminate potential vulnerabilities arising from dependencies with known CVEs. See the section "Changes requiring special attention" below for additional details.
+
+Also special props to Bill Sempf for stepping up and volunteering to prepare the initial cut of these release notes. Had he not done so, this release either would not have release notes or it would have been delayed another 6 months while I procrastinated further with various distractions. (Squirrel!)
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.0.0 release:
+    194 Java source files
+    4150 JUnit tests in 118 Java source files
+
+ESAPI 2.2.1.0 release:
+    211 Java source files
+    4309 JUnit tests in 134 Java source files
+
+39 GitHub Issues closed in this release
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+
+143 - Enhance encodeForOS to auto-detect the underling OS
+173 - DOMConfigurator is being used inappropriately in the ESAPIWebApplicationFirewallFilter
+226 - Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
+232 - SecurityWrapperResponse.createCookieHeader modification request  (closed; marked 'wontfix')
+235 - exception is java.lang.NoClassDefFoundError: org.owasp.esapi.codecs.Codec
+245 - KeyDerivationFunction::computeDerivedKey - possible security level mismatch
+256 - Whitespace in JavaEncryptor
+263 - I am getting validation exception while validating a parameter coming from http request
+268 - SecurityWrapperResponse setStatus should not always set SC_OK
+269 - org.owasp.esapi.reference.DefaultValidator reports ValidationException with IE 9
+271 - Add Constructor to DefaultSecurityConfiguration to accept a properties file (1.4)
+276 - Patch for /branches/2.1/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+310 - Make HTMLValidationRule to look for antisamy-esapi.xml in classpaths enhancement
+382 - Build Fails on path with space
+465 - Update both ESAPI.properties files to show comment for ESAPI logger support for SLF4J
+488 - Missed a legal input case in DefaultSecurityConfiguration.java
+494 - Encoder's encodeForCSS doesn't handle RGB Triplets
+495 - Maven Install Requires GPG Key
+499 - ValidatorTest.isValidDirectoryPath() has tests that fail under Windows if ESAPI tests run from different drive where Windows installed
+500 - Suppress noise from ESAPI searching for properties and stop ignoring important IOExceptions
+503 - Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
+509 - HTMLValidationRule.getValid(String,String) does not follow documented specifications
+511 - Add missing documentation to Validator.addRule() and Validator.getRule()
+512 - Update Apache Commons Bean Utils to 1.9.4
+515 - NullPointerException can result from line 163 of SecurityWrapperRequest.java:
+521 - JUnit test ValidatorTest.testIsValidSafeHTML() now failing
+522 - javadoc corrections for Encoder.canonicalize()
+523 - Links in README to users list and dev list are reversed
+527 - Configuration flag for disabling Logger User and App Information
+530 - Apply default logging content to SLF4J messages
+532 - Update JUL and Log4J code structure and workflow to match SLF4J
+536 - SecurityWrapperResponse setHeader error message is unclear
+538 - Addressing log4j 1.x CVE-2019-17571
+542 - Write up ESAPI release notes for planned 2.2.1.0 release
+552 - Rewrite implementation of some ESAPI classes to remove Java 8 dependencies
+554 - CryptoHelper.arrayCompare() fails with NPE under Java 7 when one of the arguments is null
+555 - JUnit test org.owasp.esapi.reference.AccessControllerTest.testIsAuthorizedForData fails when run against Java 7 on Linux
+556 - Major overhaul to ESAPI Encoder Javadoc based on ESAPI Encoder Usability Study
+558 - ValidatorTest.testIsValidDirectoryPath() JUnit test fails under MacOS
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+The new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+Related to that CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is not affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+Notable dependency updates (excludes those only used with JUnit tests):
+    antiSamy            1.5.8   ->  1.5.10
+    batik-css           1.11    ->  1.13
+    commons-beansutil   1.9.3   ->  1.9.4
+    slf4j-api           1.7.26  ->  1.7.30
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.)
+
+-----------------------------------------------------------------------------
+
+        Known Issues / Problems
+
+-----------------------------------------------------------------------------
+If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+    https://www.bouncycastle.org/latest_releases.html
+and
+    https://github.com/bcgit/bc-java/issues/477
+I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+    C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
+
+
+    *** IMPORTANT WORKAROUND for 2.2.1.0 ESAPI Logging ***
+
+Lastly, if you try to use the new ESAPI 2.2.1.0 logging, you will notice that you need to change ESAPI.Logger and also possibly provide some other logging properties as well. This is because the logger packages were reorganized to improve maintainability, but we failed to mention it. To use ESAPI logging in ESAPI 2.2.1.0 (and later), you MUST set the ESAPI.Logger property to one of:
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *must* supply an "esapi-java-logging.properties" file in your classpath. Unfortunately, we failed to drop add that to the ESAPI configuration jar under the GitHub 'Releases', so this file has been added explicitly to the 2.2.1.0 release 'Assets' for this release (for details, see https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.1.0). Even worse, there was a logic error in the static initializer of JavaLogFactory (now fixed in the 2.2.1.1 patch release) that causes a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory or Slf4JLogFactory, you will also want to ensure that you have the following ESAPI logging properties set to get the logs to appear what you are used to with Log4J 1.x logging:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+Documentation updates for locating Jar files
+Unneeded code removed from ExtensiveEncoderURI test
+Inline reader added to ExtensiveEncoder
+Additional time for windows to always sleep more than given seconds in CryptoTokenTest
+Change required by tweak to CipherText.toString() method
+Removed call to deprecated CryptoHelper.computeDerivedKey() method
+New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class
+Miscellaneous documentation and tests
+JavaLogger moved to new package
+Log4J 1.x no longer ESAPI's default logger
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-07-11)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+davewichers      2              1               0
+HJW8472         11              8               1
+jeremiahjstacey 78             70               6
+kwwall          67             64               8
+Michael-Ziluck  3               2               2
+sempf           1               1               1
+wiitek          6               4               2
+xeno6696        3               5               1
+========================================================
+                                        Total: 21
+
+
+-----------------------------------------------------------------------------
+
+
+21 Closed PRs merged since 2.2.0.0 release (those rejected not listed)
+======================================================================
+PR#    GitHub ID                Description
+----------------------------------------------------------------------
+504 -- kwwall           -- New scripts to suppress noise for 'mvn test'
+505 -- kwwall           -- Close issue #256. White-space clean up.
+506 -- kwwall           -- Closes Issue 245
+508 -- Michael-Ziluck   -- Resolves #226 - Corrected docs for the bounded, numeric, random methods
+510 -- Michael-Ziluck   -- Resolve #509 - Properly throw exception when HTML fails
+513 -- kwwall           -- Close issue #512 by updating to 1.9.4 of Commons Beans Util.
+514 -- xeno6696         -- Fixed issues #503 by writing a new addReferer method, also temporarily…
+516 -- jeremiahjstacey  -- Issue 515
+518 -- jeremiahjstacey  -- Issue #511 Copying Docs from DefaultValidator
+519 -- jeremiahjstacey  -- Issue 494 CSSCodec RGB Triplets
+520 -- jeremiahjstacey  -- OS Name DefaultExecutorTests #143
+533 -- jeremiahjstacey  -- #532 JUL and Log4J match SLF4J class structure and Workflow
+535 -- kwwall           -- Issue 521
+537 -- jeremiahjstacey  -- Issue 536
+539 -- wiiitek          -- upgrade for convergence
+540 -- wiiitek          -- Issue 382: Build Fails on path with space
+541 -- HJW8472          -- Fixed issue #310
+543 -- sempf            -- Release notes for 2.2.1.0
+551 -- kwwall           -- Misc cleanup
+553 -- kwwall           -- Fix for GitHub Issue 552
+557 -- kwwall           -- Final prep for 2.2.1.0 release
+
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --since=2019-06-25 --reverse --pretty=medium
+
+    which will show all the commits since just after the last (2.2.0.0) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO]
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.1.0
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO]
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.1.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.5.10:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.12:compile
+        [INFO] |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
+        [INFO] |  \- commons-codec:commons-codec:jar:1.14:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.13:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.13:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.4:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xerces:xercesImpl:jar:2.12.0:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.0.4:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional)
+        [INFO] +- junit:junit:jar:4.13:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.65.01:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+
+    Release notes written by Bill Sempf (bill.sempf@owasp.org), but please direct any communication to the project leaders.
+
+Special shout-outs to:
+    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire and for refactoring ESAPI loggers.
+    Dave Wichers (davewichers) - for several extremely useful pom.xml improvements.
+    Bill Sempf (sempf) -- for these release notes. Awesome job, Bill. I owe you a brew.
+    Chamila Wijayarathna <cdwijayarathna@gmail.com> and Nalin A. G. Arachchilage <nalin.arachchilage@gmail.com> for their authorship and subsequent extensive discussion of their paper "Fighting Against XSS Attacks: A Usability Evaluation of OWASP ESAPI Output Encoding" (https://scholarspace.manoa.hawaii.edu/bitstream/10125/60167/0727.pdf). Their paper and their willingness to engage with me to discuss it was what led to the (hopefully) improved Javadoc for the ESAPI Encoder interface.
+    And lastly a special thanks to first-time contributors Michael-Ziluck, wiiitek, and HJW8472.
+
+Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.2.1.1-release-notes.txt b/documentation/esapi4java-core-2.2.1.1-release-notes.txt
new file mode 100644
index 000000000..4670706f7
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.1.1-release-notes.txt
@@ -0,0 +1,237 @@
+Release notes for ESAPI 2.2.1.1
+    Release date: 2020-July-26
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.1.0, 2020-July-12
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+This is a patch release to address GitHub issue #560. See that GitHub issue and
+
+Also special props to Bill Sempf for stepping up and volunteering to prepare the initial cut of these release notes. Had he not done so, this release either would not have release notes or it would have been delayed another 6 months while I procrastinated further with various distractions. (Squirrel!)
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.1.0 release:
+    211 Java source files
+    4309 JUnit tests in 134 Java source files
+
+ESAPI 2.2.1.1 release:
+    211 Java source files
+    4312 JUnit tests in 134 Java source files
+
+39 GitHub Issues closed in this release
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+
+560 -           Could not initialize class org.owasp.esapi.logging.java.JavaLogFactory (ESAPI 2.2.1.0)
+561 -           Update ESAPI-release-steps.odt to note how to do 'Release' on GitHub
+564 -           Create release notes for 2.2.1.1 patch release
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+As of ESAPI 2.2.1.0 (the previous release), the new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+However, if you try to juse the new ESAPI 2.2.1.0 logging you will notice that you need to change ESAPI.Logger and also possibly provide some other properties as well to get the logging behavior that you desire.
+
+To use ESAPI logging in ESAPI 2.2.1.0 (and later), you will need to set the ESAPI.Logger property to
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *MUST* supply an "esapi-java-logging.properties" file in your classpath. This file is included in the 'esapi-2.2.1.1-configuration.jar' file provided under the 'Assets' section of the GitHub Release at
+    https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.1.1
+
+Unfortunately, there was a logic error in the static initializer of JavaLogFactory (now fixed in this release) that caused a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory, you will also want to ensure that you have the following ESAPI logging properties set:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+
+
+Related to that aforemented Log4J 1.x CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is *NOT* affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.)
+
+-----------------------------------------------------------------------------
+
+        Known Issues / Problems
+
+-----------------------------------------------------------------------------
+If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+    https://www.bouncycastle.org/latest_releases.html
+and
+    https://github.com/bcgit/bc-java/issues/477
+I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+    C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Updates to README.md fileg
+* Minor Javadoc fixes to org.owasp.esapi.Encoder
+* Fixes / cleanup to 2.2.1.0 release notes (documentation/esapi4java-core-2.2.1.0-release-notes.txt)
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.1.0 and 2.2.1.1, i.e., between 2020-07-12 and 2020-07-26)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  5              5               1
+kwwall          67             64               8
+========================================================
+                                        Total: 21
+
+
+-----------------------------------------------------------------------------
+
+
+2 Closed PRs merged since 2.2.1.0 release (those rejected not listed)
+======================================================================
+PR#    GitHub ID                Description
+----------------------------------------------------------------------
+559 -- synk-bot         -- Upgrade com.github.spotbugs:spotbugs-annotations from 4.0.4 to 4.0.5
+562 -- jeremiahjstacey  -- Issue #560 JUL fixes
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --since=2020-07-13 --reverse --pretty=medium
+
+    which will show all the commits since just after the last (2.2.1.0) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO]
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.1.1
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO]
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.1.1
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.5.10:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.12:compile
+        [INFO] |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
+        [INFO] |  \- commons-codec:commons-codec:jar:1.14:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.13:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.13:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.4:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xerces:xercesImpl:jar:2.12.0:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.0.5:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional)
+        [INFO] +- junit:junit:jar:4.13:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.65.01:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+
+elangoravi for bringing GitHub issue #560 to our attention. This is one where we thought the workaround instructions was harder than just trying to fix it and thus we were encouraged to release a patch.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.2.2.0-release-notes.txt b/documentation/esapi4java-core-2.2.2.0-release-notes.txt
new file mode 100644
index 000000000..833d1b94e
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.2.0-release-notes.txt
@@ -0,0 +1,250 @@
+Release notes for ESAPI 2.2.2.0
+    Release date: 2020-November-27
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.1.1, 2020-July-26
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+This is a patch release with the primary intent of updating some dependencies with known vulnerabilities.  The main vulnerability that was remediated was CVE-2020-13956, which was a vulnerability introduced through the ESAPI transitive dependency org.apache.httpcomponents:httpclient:4.5.12, potentially exposed through org.owasp.antisamy:antisamy:1.5.10. Updating to AntiSamy 1.5.11 remediated that issue.  In addition, that update to AntiSamy 1.5.11 also addressed AntiSamy issue #48 (https://github.com/nahsra/antisamy/issues/48), which was a low risk security issue that potentially could be exposed via phishing.
+
+For those of you using a Software Configuration Analysis (SCA) services such as Snyk, BlackDuck, Veracode SourceClear, OWASP Dependency Check, etc., you might notice that there is vulnerability in xerces:xercesImpl:2.12.0 that ESAPI uses (also a transitive dependency) that is similar to CVE-2020-14621. Unfortunately there is no official patch for this in the regular Maven Central repository. Further details are described in Security Bulletin #3, which is viewable here
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf
+and associated with this release on GitHub. Manual workarounds possible. See the security bulletin for further details.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.1.1 release:
+    211 Java source files
+    4312 JUnit tests in 134 Java source files
+
+ESAPI 2.2.2.0 release:
+    212 Java source files
+    4313 JUnit tests in 135 Java source files
+
+10 GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2020-07-26)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+303 -           HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters
+561 -           Update ESAPI-release-steps.odt to note how to do 'Release' on GitHub
+566 -           API doc comments are not shown when using ESAPI in Intellij Idea (wontfix)
+567 -           Release 2.2.1.1 Not Loading Properties in dependant JARs
+568 -           encoder-esapi is not aware of changes in esapi 2.2.1.1, making it to crash (wontfix)
+569 -           Unable to print the proper package and method name
+571 -           Logger.always() fails to log all the time when ESAPI is using org.owasp.esapi.logging.java.JavaLogFactory
+574 -           Multiple encoding issue for Google Chrome
+577 -           ESAPI decodes html entities without trailing ';'
+581 -           Updates to pom.xml to update AntiSamy and other dependencies
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+[If you have already successfully been using ESAPI 2.2.1.0 or later, you probably can skip this section.]
+
+Since ESAPI 2.2.1.0, the new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+However, if you try to juse the new ESAPI 2.2.1.0 or later logging you will notice that you need to change ESAPI.Logger and also possibly provide some other properties as well to get the logging behavior that you desire.
+
+To use ESAPI logging in ESAPI 2.2.1.0 (and later), you will need to set the ESAPI.Logger property to
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *MUST* supply an "esapi-java-logging.properties" file in your classpath. This file is included in the 'esapi-2.2.2.0-configuration.jar' file provided under the 'Assets' section of the GitHub Release at
+    https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.2.0
+
+Unfortunately, there was a logic error in the static initializer of JavaLogFactory (now fixed in this release) that caused a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory, you will also want to ensure that you have the following ESAPI logging properties set:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+
+
+Related to that aforemented Log4J 1.x CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is *NOT* affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.)
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+    https://www.bouncycastle.org/latest_releases.html
+and
+    https://github.com/bcgit/bc-java/issues/477
+I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+    C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
+
+
+Lastly, some SCA services may continue to flag vulnerabilties in ESAPI 2.2.2.0 related to log4j 1.2.17 and xerces 2.12.0.  We do not believe the way that ESAPI uses either of these in a manner that leads to any exploitable behavior.  See the security bulletins
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf
+and
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf
+respectively, for additional details.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.1.1 and 2.2.2.0, i.e., between 2020-07-26 and 2020-11-27)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  8              6               1
+dependabot       1              1               1
+kwwall           7              8               0
+========================================================
+                                    Total PRs:  2
+
+There were also several snyk-bot PRs that were rejected for various reasons, mostly because 1) I was already making the proposed changes and preferred to do them in single commit or 2) there were other reasons for rejecting them (such as the dependency requiring Java 8). The proposed changes that were not outright rejected were included as part of commit a8a79bc5196653500ce664b7b063284e60bddaa0.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2020-07-26 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.2.1.1) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO]
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.2.0
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO]
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.2.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.5.11:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
+        [INFO] |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
+        [INFO] |  \- commons-codec:commons-codec:jar:1.15:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.13:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.13:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.4:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xerces:xercesImpl:jar:2.12.0:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.1.4:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional)
+        [INFO] +- junit:junit:jar:4.13.1:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.65.01:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.749 s
+        [INFO] Finished at: 2020-11-25T16:55:26-05:00
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for promptly releasing AntiSamy 1.5.11.  And thanks to Matt Seil, Jeremiah Stacey, and Dave for reviewing these boring release notes and Security Bulletin #3. Despite their assistance, I take full responsibility for any errors.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.2.3.0-release-notes.txt b/documentation/esapi4java-core-2.2.3.0-release-notes.txt
new file mode 100644
index 000000000..1b96a6657
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.3.0-release-notes.txt
@@ -0,0 +1,288 @@
+Release notes for ESAPI 2.2.3.0
+    Release date: 2021-03-23
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.2.0, 2020-11-27
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+Important news for this current release
+---------------------------------------
+This is a patch release with the primary intent of updating some dependencies, some with known vulnerabilities. Main update are:
+        -- AntiSamy, from 1.5.11 to 1.6.2.
+        -- As a result of the AntiSamy upgrade, the transitive dependency xercesImpl was updated from 2.12.0 to 2.12.1 which should address CVE-2020-14338.
+        -- Apache batik-css, updated from 1.13 to 1.14.
+
+Details follow.
+
+    * IMPORTANT: Effects of updating to AntiSamy 1.6.2
+        - AntiSamy 1.6.2 which we are now using, is not doing XML schema validation of AntiSamy policy files. It is IMPORTANT that you read through
+                https://github.com/nahsra/antisamy#note-schema-validation-behavior-change-starting-with-antisamy-160
+          to know how that affects you as an ESAPI user. In particular, changes important to ESAPI users include:
+                o AntiSamy now includes the dependency 'slf4j-simple'. This means if you are using an SLF4J library *other* than that, you should add
+                        <exclusion>
+                            <groupId>org.slf4j</groupId>
+                            <artifactId>slf4j-simple</artifactId>
+                        </exclusion>
+                  in your dependency for ESAPI in your application's pom.xml. (You Gradle, Ivy, etc. other build tool users will have to figure out how to do this yourself.)
+                  This is especially important if you are using SLF4J logging in ESAPI with some other SLF4J logger such as slf4j-log4j2, etc. If you don't do that, your logging may not come out as expected. See <https://github.com/nahsra/antisamy#note-schema-validation-behavior-change-starting-with-antisamy-160>, under its section discussing Logging for more details.
+
+                o Previously, ESAPI shipped with a default AntiSamy policy file called 'antisamy-esapi.xml'. For 10 plus years, unbeknownst to anyone, that file contained an unused '<html-entities>' node that not only did ESAPI not directly used, but was also completely ignored by AntiSamy! However, starting with AntiSamy 1.6.0, AntiSamy does XML schema validation by default, so that causes any non-compliant AntiSamy policy file to be rejected. This may result in some rather obtuse error messages and you may want to set the AntiSamy system property 'owasp.validator.validateschema' to "false" temporarily until you have time to correct your AntiSamy policy file(s).
+
+    Old News
+    --------
+    * For those of you using a Software Configuration Analysis (SCA) services such as Snyk, BlackDuck, Veracode's SourceClear, OWASP Dependency Check, etc., you will get a notice for CVE-2020-9488 (related to log4j 1.2.17) and you might get a notice that there is still a vulnerability in xerces:xercesImpl:2.12.1 that ESAPI uses (as a transitive dependency of AntiSamy) that is identical or similar to CVE-2020-14338. (A certain SCA service, which I won't mention, referred to CVE-2020-14621, but it's certainly not obvious from the description that this has anything to do with Xerces. But, on the hand, this is for Oracle products, and they are more obtuse than most when it comes to their vulnerability descriptions.) Unfortunately there is no official patch for the former CVE-2020-9488, as log4j 1.x is now well past its end-of-life. And for the latter CVE(s), it (they?) supposedly is (are?) fixed in the 2.12.1 release, but based on the CPEs in NVD for CVE-2020-14621, it's not clear if all SCA services would detect that.
+      Further details of these vulnerabilities and there potential impact on ESAPI are analyzed in ESAPI Security Advisories #2, #3 and #3, which are viewable here
+            https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf -- The Log4j 1.x CVE
+            https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf -- The XercesImpl CVE
+                https://pastebin.com/Pm6AbcF7 (A somewhat more in-depth analysis that late to security bulletin #3.)
+            *NEW* -- https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf -- Another Log4j 1.x CVE
+      and associated with this release on GitHub. Manual workarounds possible for each. See the security bulletin for further details.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.2.0 release:
+     212 Java source files
+    4313 JUnit tests in 135 Java source files
+
+ESAPI 2.2.3.0 release:
+     212 Java source files
+    4316 JUnit tests in 136 Java source files
+
+12 GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2020-11-27)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+408             Update Travis CI configuration
+517             Encoded input is not treated as an attack
+586             Upgrade pom.xml to use AntiSamy 1.5.12 Vulnerable Dependencies
+588             Possible bug in StringValidationRule.getValid with canonicalize
+592             Not able to turn off Java.util.Logging for ESAPI
+593             Logger.LogLevel in ESAPI.properties not working if set to ERROR/FATAL
+594             Not able to turn off ESAPI logging
+599             encodeForCSS changes '#' character after upgrading from 2.0.1 to 2.2.1.1
+602             Update failing ValidatorTest in 'Java CI with Maven' GitHub workflow
+606             Vulnerability in transitive dependency of esapi
+609             Change log4j dependency scope to provided Build-Maven Component-Docs Component-Logger Configuration
+614             Potentlial XXE Injection vulnerability in loading XML version of ESAPI properties file
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+Search for 'IMPORTANT: Effects of updating to AntiSamy 1.6.2' and read that section. The details are all covered there.
+
+
+Old News -- Important Logging Changes
+-------------------------------------
+[If you have already successfully been using ESAPI 2.2.1.0 or later, you probably can skip this section, which discusses important logging changes.]
+
+Since ESAPI 2.2.1.0, the new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+However, if you try to juse the new ESAPI 2.2.1.0 or later logging you will notice that you need to change ESAPI.Logger and also possibly provide some other properties as well to get the logging behavior that you desire.
+
+To use ESAPI logging in ESAPI 2.2.1.0 (and later), you will need to set the ESAPI.Logger property to
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *MUST* supply an "esapi-java-logging.properties" file in your classpath. This file is included in the 'esapi-2.2.2.0-configuration.jar' file provided under the 'Assets' section of the GitHub Release at
+    https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.2.0
+
+Unfortunately, there was a logic error in the static initializer of JavaLogFactory (now fixed in this release) that caused a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory, you will also want to ensure that you have the following ESAPI logging properties set:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\ESAPI\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+
+
+Related to that aforemented Log4J 1.x CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is *NOT* affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.) We need to do this out of necessity because some of our dependencies are no longer doing updates that support Java 7.
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+
+New News
+--------
+See UPDATE, below, in next sub-section under Old News.
+
+
+Old News - Failing JUnit tests
+------------------------------
+    If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+    I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+        https://www.bouncycastle.org/latest_releases.html
+    and
+        https://github.com/bcgit/bc-java/issues/477
+    I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+    Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+        C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+    UPDATE: We now believe these at least some of these failures may be because the maven-surefire-plugin is, by default, not creating a new JVM process for each test class. We are looking into this. For now, we have only have observed this behavior on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it. (And yes, we are aware of '<reuseForks>false</reuseForks>' in the pom for the maven-surefire-plugin, but that causes other tests to fail that we haven't had time to fix.) See GitHub issue #604 (https://github.com/ESAPI/esapi-java-legacy/issues/604) for additional details.
+
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, most of which were not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Added GitHub CI workflow to run 'mvn package' to test if PRs pass tests.
+* Added GitHub workflow for "Super Linter".
+* Minor updates to README.md file (still trying to get 'Build Status' badge to work)
+* Updated deployment process documentation for ESAPI release steps.
+* Updated Security Advisory #3 with new links.
+* Created Security Advisory #4.
+* Updated ESAPI.properties file to reflect new OWASP wiki page.
+* Miscellaneous pom.xml changes related to plugins.
+* Updates to CONTRIBUTING-TO-ESAPI.txt to add paragraph on GitHub deprecating passwords for git operations.
+* Remove invalid <html-entities> node from antisamy-esapi.xml AntiSamy policy file used by ESAPI.
+* Add prominent warnings in log4j.xml about ESAPI's use of Log4J 1.x being deprecated.
+
+-----------------------------------------------------------------------------
+
+Closed PRs Activity Report (Changes between release 2.2.2.0 and 2.2.3.0, i.e., between 2020-11-27 and 2021-03-23)
+
+    See     https://github.com/ESAPI/esapi-java-legacy/pulls?q=type%3Apr+state%3Aclosed+closed%3A%3E2020-11-27+updated%3A%3C2021-03-24
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2020-11-27 --until=2021-03-23 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.2.2.0) and until the current (2.2.3.0) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        [INFO] Scanning for projects...
+        [INFO]
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.3.0-SNAPSHOT
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO]
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.3.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.6.2:compile
+        [INFO] |  +- commons-codec:commons-codec:jar:1.15:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
+        [INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
+        [INFO] |  +- org.slf4j:slf4j-simple:jar:1.7.30:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.1:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+        [INFO] |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.2.0:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional)
+        [INFO] +- junit:junit:jar:4.13.1:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.68:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.906 s
+        [INFO] Finished at: 2021-03-21T22:03:50-04:00
+[INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for promptly releasing AntiSamy 1.6.2. A special shout-out to @simon0117 for adding the Maven and Super-Linter GitHub Actions (PR #583)
+    And lastly, thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.2.3.1-release-notes.txt b/documentation/esapi4java-core-2.2.3.1-release-notes.txt
new file mode 100644
index 000000000..f53aa8360
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.3.1-release-notes.txt
@@ -0,0 +1,165 @@
+Release notes for ESAPI 2.2.3.1
+    Release date: 2021-05-07
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.3.0, 2021-03-23
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a very small patch release with the primary intent of updating some dependencies.
+
+Major changes:
+    * Restores Apache Commons IO from 1.3.1 (what it was in 2.2.3.0) to 2.6 (what it was in 2.2.2.0).
+    * Updates AntiSamy from 1.6.2 to 1.6.3
+
+Unless you have already updated to ESAPI 2.2.3.0 and read those release notes, you should read those release notes for additional details. You can find it at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.3.0-release-notes.txt
+
+That discusses things like security bulletins and other important details that I am not going into for this release.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.3.1 release (no change since last release):
+     212 Java source files
+    4316 JUnit tests in 136 Java source files
+
+3 GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2021-03-23)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+614             Potentlial XXE Injection vulnerability in loading XML version of ESAPI properties file
+617             Unresolved Reference for com.ibm.uvm.tools in an OSGI Bundle
+624             Update pom.xml to use AntiSamy 1.6.3 and Apache Commons IO 2.6
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+See this section from the previous release notes at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.3.0-release-notes.txt
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+See this section from the previous release notes at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.3.0-release-notes.txt
+
+NEW since last release (ESAPI 2.2.3.0) - CVE-2021-29425
+    https://nvd.nist.gov/vuln/detail/CVE-2021-29425
+
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+None known.
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.3.0 and 2.2.3.1, i.e., between 2021-03-23 and 2021-05-07)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  8              6               1
+dependabot       1              1               1
+kwwall           7              8               0
+========================================================
+                                    Total PRs:  2
+
+There were also several snyk-bot PRs that were rejected for various reasons, mostly because 1) I was already making the proposed changes and preferred to do them in single commit or 2) there were other reasons for rejecting them (such as the dependency requiring Java 8). The proposed changes that were not outright rejected were included as part of commit a8a79bc5196653500ce664b7b063284e60bddaa0.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2021-03-23 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.2.3.0) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO]
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.3.1-SNAPSHOT
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO]
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.3.1-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.6.3:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
+        [INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+        [INFO] |  +- org.slf4j:slf4j-simple:jar:1.7.30:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.1:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.2.2:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.68:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.28:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.759 s
+        [INFO] Finished at: 2021-05-07T01:13:27-04:00
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for promptly releasing AntiSamy 1.6.2 and for the PR to fix GitHub issue #614.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.3.0.0-release-notes.txt b/documentation/esapi4java-core-2.3.0.0-release-notes.txt
new file mode 100644
index 000000000..e4cdefb1d
--- /dev/null
+++ b/documentation/esapi4java-core-2.3.0.0-release-notes.txt
@@ -0,0 +1,211 @@
+Release notes for ESAPI 2.3.0.0
+    Release date: 2022-04-17
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.3.1, 2021-05-07
+
+Important Announcement
+----------------------
+Do NOT:  Do NOT use GitHub Issues to ask questions about this of future releases. That is what the ESAPI Google groups are for. (See our GitHub README.md for further details.) If you can't do the ESAPI Google groups, then drop and email to either one or both of the project leaders (email addresses provided above). We will NOT respond to questions posted in GitHub Issues.
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a very important ESAPI release, as it remediates several potentially exploitable vulnerabilities. Part of the remediation may include reviewing and updating your antisamy-esapi.xml configuration file, so be sure to read through ALL the details thoroughly or you may not be fully protected even though you have installed the new ESAPI 2.3.0.0 jar. This will also certainly be the last ESAPI release to support Java 7, so you would do well to prepare to move to Java 8 or later if you have not already done so.
+
+The primary intent of this release is to patch several potentially exploitable vulnerabilities in ESAPI. Many of these are related to AntiSamy and were introduced by vulnerable transitive dependencies. All but one those (a DoS vulnerability in an AntiSamy dependency) is believed to have been fixed with an update to use the new AntiSamy 1.6.7 release. There are also two vulnerabilities within ESAPI itself which have been remediated as part of this release, one of which dates back to at least ESAPI 1.4.
+
+In addition to these patches (discussed in a bit more detail later under the section 'Changes Requiring Special Attention'), there were other updates to dependencies made in this release done to simply to keep them as up-to-date as possible. We have also added the generation of an SBOM (Software Bill of Materials) generated via the cyclonedx:cyclonedx-maven-plugin.
+
+Lastly, support for the deprecated value of "fixed" for the ESAPI property "Encryptor.ChooseIVMethod" has been completely removed from this release. It had been deprecated since 2.2.0.0 and it's removal long scheduled for the 2.3.0.0 release. See the GitHub issue 679 for further details.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.3.1 release (previous release):
+     212 Java source files
+    4316 JUnit tests in 136 Java source files
+
+ESAPI 2.3.0.0 release (current / new release):
+     212 Java source files
+    4325 JUnit tests in 136 Java source files (1 test ignored)
+
+24 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+[Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2021-05-07]
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+163             Limit max size of entire cookies Component-Validator enhancement good first issue help wanted imported Priority-High
+198             Uninitialized esapi logging assumes logging to System.out/System.err - Make configurable/extensible bug imported wontfix
+324             ClassCastException during web application redeploy due to the grift logging classes enhancement imported
+564             Create release notes for 2.2.1.1 patch release Component-Docs
+567             Release 2.2.1.1 Not Loading Properties in dependent JARs
+574             Multiple encoding issue for Google Chrome wontfix
+608             Move HTMLValidationRule static Classpath handling into DefaultSecurityConfiguration
+624             Update pom.xml to use AntiSamy 1.6.3 and Apache Commons IO 2.6 Build-Maven
+629             Define .snyk ignore content
+630             Incorrect result for isEnabled() in Slf4JLogger
+631             Create Default Logging level configuration for ESAPI library wontfix
+634             Removing \ from JSON string by ESAPI.encoder().canonicalize(value)
+640             Decouple from AntiSamy slf4j-api dependency & Update dependency
+648             Log4J CVE-2021-4104
+652             Fix code scanning alert - tracker 3 duplicate
+653             java.io.FileNotFoundException Error in Logs When ESAPI.properties and validation.properties are in resources.
+657             Need to update Xerces transitive dependency to fix CVE-2022-23437
+658             Vulnerability issue on dependency commons-io
+664             ValidationException exposing potentially sensitive user supplied input to log wontfix
+669             JavaEncryptor.java HARDCODED_CREDENTIALS
+671             Version 2.2.3.1 contains 5 vulnerabilities in ESAPI dependencies
+672             HTMLEntityCodec Bug Decoding "Left Angular Bracket" Symbol
+673             Validator.HTTPHeaderValue changed automatically
+679             Completely remove support for fixed IVs and throw a ConfigurationException if encountered
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+1) This likely will be the LAST ESAPI release supporting Java 7. There are just some vulnerabilities (notably a DoS one in Neko HtmlUnit that was assigned CVE-2022-28366 after the ESAPI 2.3.0.0 release) that because they are transitive dependencies, that we simply cannot remediate without at least moving on to Java 8 as the minimally supported JDK. Please plan accordingly.
+
+2) If you are not upgrading to ESAPI release 2.3.0.0 from 2.2.3.1 (the previous release), then you NEED to read at least the release notes in 2.2.3.1 and ideally, all the ones in all the previous ESAPI release notes from where you are updating to 2.3.0.0. In particular, if you were using ESAPI 2.2.1.0 or earlier, you need to see those ESAPI release notes in regards to changes in the ESAPI.Logger property.
+
+                                        !!!!! VULNERABILITY ALERTS !!!!!
+
+3) There is one VERY SERIOUS (as in easy to exploit) vulnerability in ESAPI's default antisamy-esapi.xml configuration file. This problem seems to date back to at least ESAPI release 1.4. If you do nothing else, you should update your antisamy-esapi.xml to the one provided in the esapi-2.3.0.0-configuration.jar that can be found on GitHub under "https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.3.0.0". The ESAPI team will be submitting an official CVE for this, but the bottom line is that the default ESAPI antisamy-esapi.xml configuration file does not properly sanitize 'javascript:' URLs in most cases, but instead accepts the input as "safe". A few more details regarding the configuration is provided in the section "Important checks you take as a developer using ESAPI" given below. (Update: This vulnerability was assigned CVE ID CVE-2022-24891. See GitHub Security Adivisory https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q and ESAPI Security Bulletin 8 at https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf for further details.)
+
+4) Several other vulnerabilities associated with AntiSamy have been patched via the AntiSamy 1.6.7 (or prior) release. See the AntiSamy release notes for 1.6.7, 1.6.6.1, 1.6.6, 1.6.5 and 1.6.4 at https://github.com/nahsra/antisamy/releases for further details on what has been remediated. Note that the default ESAPI.properties and ESAPI AntiSamy configuration did not really leave ESAPI vulnerable to CVE-2021-35043 which was fixed in AntiSamy 1.6.4, but that was a moot point because of #3, above.
+
+5) A vulnerability found by GitHub Security Lab that is an example of CWE-22 [Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')], was discovered by GHSL security researcher Jaroslav Loba�evski. You can find details of it under "documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md" or "documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf" on ESAPI's GitHub repo or from the ESAPI source zip or tarball files associated with this (or later) release. (Update: After this release, this vulnerability was assigned CVE ID CVE-2022-23457. See GitHub Security Adivisory https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 for further details.)
+
+6) There remains one known unpatched, potentially exploitable vulnerability (a DoS vulnerability in the transitive dependency Neko HtmlUnit) in ESAPI 2.3.0.0. That vulnerability was later assigned CVE-20222-28366, but it is fixed in certain versions of Neko HtmlUnit after release 2.24.0. However, release 2.24.0 is the last Neko HtmlUnit release that supports Java 7 and thus is the latest one that we can use. That vulnerability is patched only fixed in a version of Neko HtmlUnit that was compiled with Java 8. Since ESAPI (as of release 2.3.0.0) only supports Java 7, we are currently unable to patch to remediate this DoS vulnerability. (This is why we are currently committed for this 2.3.0.0 release to be last release at least to support Java 7). The ESAPI team plans to release a 2.4.0.0 release that will require Java 8 or later as the minimal JDK, and with that release, we will update to AntiSamy 1.7.0 (which requires Java 8) and which uses Neko HtmlUnit 2.60.0 (which also requires Java 8 or later) and that addresses the DoS vulnerability. For further information, see the JUnit test testNekoDOSWithAnHTMLComment in "src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java". (Note that currently, this JUnit test is annotated as '@Ignore' since it would not pass under Java 7 and using Neko HtmlUnit 2.24.0.)
+
+7) *NEW* It later came to our attention that there was a unknown XSS vulnerability in AntiSamy [later identified as CVE-2022-29577] that was patched in AntiSamy 1.6.8, which was not available at the time of the ESAPI 2.3.0.0 release. (Someone on the AntiSamy team probably told me about this, but I just forgot. Sorry ESAPI folks!)
+
+NOTE: We plan on issuing an updated README.md and updated security bulletins on #3 and #4 soon, but we wanted to focus on getting the patches out rather than getting the documentation out. This probably will not be in a separate release, but we will announce in on the ESAPI Users and ESAPI Dev Google lists once we drop them on our GitHub repo under the "documentation" folder.
+
+
+FALSE POSITIVE ALERT ==> A final word on vulnerabilities -- CVE-2020-5529 is a False Positive
+
+Dependency Check picks up a false positive CVE in ESAPI 2.3.0.0. Other SCA tools may as well. Specifically, Dependency Check flags CVE-2020-5529 in a different (the original) Neko HtmlUnit then the one that AntiSamy is using. In Dependency Check, this is a False Positive caused by a mismatch of the CPE (i.e., Common Platform Enumeration) identifier. If you follow the "Hyperlink" section referenced on https://nvd.nist.gov/vuln/detail/CVE-2020-5529 page, you will see that it ultimately references https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0, which is the old, unmaintained version of Neko that AntiSamy had been using up until recently. Dependency Check is incorrectly matching "net.sourceforge.htmlunit:htmlunit" rather than matching "net.sourceforge.htmlunit:neko-htmlunit", which it what if should be matching. This CPE matching confusion is a common problem with Dependency Check, but it's by design. Understandably, Jeremy Long and other Dependency Check contributors have deliberately tweaked Dependency Check to fall more on the side of False Positives so as to avoid False Negatives, because False Positives are a lot easier to vet and rule out, and one can--if so desired--create a suppressions.xml entry for it to ignore them. (I've decided against suppressing it in Dependency Check--at least for the time being--because there are likely other SCA tools that will also flag this as a False Positive.) For now, it's easier to just acknowledge it in the release notes. (Especially since we'll be releasing a 2.4.0.0 version soon after the 2.3.0.0 version that will support Java 8 as the minimal SDK so this problem will disappear.) Note however that Snyk does not flag ESAPI as being vulnerable to CVE-2020-5529.
+
+----------------------------------------------------------------------------e
+
+Important security checks you SHOULD take as a developer using ESAPI
+
+Simply upgrading to the esapi-2.3.0.0.jar may not be enough. This 2.3.0.0 release patches a bypass around some AntiSamy related sanitization that has been present since at least the ESAPI 1.4 release. It is specifically fixed in the esapi-2.3.0.0-configuration.jar, which you may download from https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.3.0.0/esapi-2.3.0.0-configuration.jar. From that, you will want to extract the configuration/esapi/antisamy-esapi.xml file and use it to replace your previous stock antisamy-esapi.xml file. However, if you have customized your antisamy-esapi.xml file, then to address the vulnerability, you MUST find the vulnerable configuration line where the "onsiteURL" attribute is defined and change the regular expression.
+
+    The original (vulnerable) line will look like:
+        <regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
+
+    The corrected line should look like:
+        <regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+
+We have also updated the other regular expressions in the '<common-regexps>' node for our antisamy-esapi.xml file to reflect the latest regex values from AntiSamy's antisamy.xml configuration file in their official AntiSamy 1.6.7 release. This was done as a precautionary measure only, as the regex pattern seemed to be malformed along the same lines of "onsiteURL" and thus potentially could allow unintended characters to be passed through as "safe". Note however that there are no vulnerabilities known to the ESAPI team regarding these other 2 regular expressions for "htmlTitle" and "offsiteURL". If these prove to be problematic with your applications using ESAPI, you may decide to change the probablematic ones to the original values.
+
+    The original (possibly vulnerable???) regular expression values for htmlTitle and offsiteURL:
+        <regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/>
+        <regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+
+    The updated regular expression values for them:
+        <regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+        <regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
+
+In future ESAPI releases, we may consider just replacing ESAPI's antisamy-esapi.xml file with AntiSamy's antisamy.xml, but we will not be doing that lightly. We tested with the latter and it broke some ESAPI JUnit tests so such a change now likely would break some client ESAPI code as well. However, the changes to the "<common-regexps>" node did not break any of our ESAPI JUnit tests so we believe they are probably okay. (If not, we apologize in advance, but we prefer to error on the side of caution here.)
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.3.1 and 2.3.0.0, i.e., between 2021-05-07 and 2022-04-17)
+
+Normally, I (Kevin) write up lots of other details in the release notes, especially to credit those who have contributed PRs to address ESAPI issues. I apologize for not spending time on this right now, but I will try to update this set of release notes for 2.3.0.0 in the near future to add such things.
+
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May we suggest:
+
+        git log --stat --since=2021-05-07 --reverse --pretty=medium
+
+    or clone the ESAPI/esapi-java-legacy repo and then run
+
+        mvn site
+
+    and finally, point your browser at
+
+        target/site/changelog.html
+
+    Both approaches should show all the commits since just after the previous (2.2.3.1) release. [Note that the both approaches may include commits after the 2.3.0.0 release, but the first allows to to easily add an end date via '--until=2022-04-17'.]
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.3.0:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.3.0.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.6.7:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.1.3:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.1.3:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.1.3:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- net.sourceforge.htmlunit:neko-htmlunit:jar:2.24:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.6.0:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.35:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+        ...
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    * A special shout out to Jaroslav Loba�evski, a security researcher at GitHub Security Labs, who notified the ESAPI team via responsible disclosure and allowed us sufficient time to address GHSL-2022-008.
+    * A huge hat-tip to Dave Wichers and Sebastian Passaro for promptly addressing vulnerabilities in AntiSamy, many of which were caused by poorly maintained dependencies of AntiSamy.
+    * A special thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI contributors whom I've undoubtedly forgotten.
+    * Finally, to all the ESAPI users who make our efforts worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.4.0.0-release-notes.txt b/documentation/esapi4java-core-2.4.0.0-release-notes.txt
new file mode 100644
index 000000000..bfc50362d
--- /dev/null
+++ b/documentation/esapi4java-core-2.4.0.0-release-notes.txt
@@ -0,0 +1,147 @@
+Release notes for ESAPI 2.4.0.0
+    Release date: 2022-04-24
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.3.0.0, 2022-04-17
+
+Important Announcement
+----------------------
+Do NOT:  Do NOT use GitHub Issues to ask questions about this of future releases. That is what the ESAPI Google groups are for. (See our GitHub README.md for further details.) If you can't do the ESAPI Google groups, then drop and email to either one or both of the project leaders (email addresses provided above). We will NOT respond to questions posted in GitHub Issues.
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a very important ESAPI release as it is the first release to be FULLY INCOMPATIBLE WITH JAVA 1.7!  This was expedited in response to some dependencies to resolve prior CVEs (see release notes in 2.3.0.0) that could not be updated as those versions required a JDK > 1.7 which we were forced to.  The slightly premature update to Java 1.8 is done to address CVE-2022-28366 that had to be fixed with a version of the transitive depenedency via AntiSamy of NekoHTML that was Java 1.8+ only.  (Wrapped into issue #682)  It is important to note that the solution to fix CVE-2022-28366 does not exist in ESAPI 2.3.0.0 and there is no intention to fix it for Java 1.7.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.3.0.0 release (previous release):
+     212 Java source files
+    4325 JUnit tests in 136 Java source files (1 test ignored)
+
+ESAPI 2.4.0.0 release (current / new release):
+     212 Java source files
+    4326 JUnit tests in 136 Java source files
+
+3 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+[Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2022-04-17]
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+644             Do not include a logging implementation as a dependency slf4j-simple
+672             (wontfix) HTMLEntityCodec Bug Decoding "Left Angular Bracket" Symbol
+679             Completely remove support for fixed IVs and throw a ConfigurationException if encountered.
+682             Update baseline to Java 1.8
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+1) This is the first ESAPI release that does not support Java 1.7.  This library will no longer work if your application is that old.
+
+                                        !!!!! VULNERABILITY ALERTS !!!!!
+
+2) This release fixes the known vulnerability ESAPI 2.3.0.0 that had to wait until we supported Java 8 to be patched. The patch was in Neko-HtmlUntil and was fixed in version 2.27, which required Java 8 or later. It was a transitive dependency via AntiSamy and we picked it up by updating to AntiSamy 1.6.8.  This was a DoS vulnerability discovered in HtmlUnit-Neko affecting all versions up to 2.26.  Full details from MITRE are here:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28366
+
+3) This release also patches the (known, but forgotten?) XSS vulnerability ESAPI 2.3.0.0 in AntiSamy 1.6.7 but was fixed in 1.6.8.  (The 2.3.0.0 release notes have been updated to mention this.) Full details from MITRE are here:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29577
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.3.0.0 and 2.4.0.0, i.e., between 2022-04-17 and 2022-04-24)
+
+Special thanks to Dave Wichers and Sebastian Pessaro from AntiSamy for their work to provide version 1.6.8 which patched 2 CVEs.
+Special thanks to Jeremiah J. Stacey for his work to update and prep the library to support java 1.8.  (He literally created the PR the day after 2.3.0.0's release.)
+Special thanks to Kevin Wall for support in pushing out this release.
+
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May we suggest:
+
+        git log --stat --since=2022-04-17 --reverse --pretty=medium
+
+    or clone the ESAPI/esapi-java-legacy repo and then run
+
+        mvn site
+
+    and finally, point your browser at
+
+        target/site/changelog.html
+
+    Both approaches should show all the commits since just after the previous (2.2.3.1) release. [Note that the both approaches may include commits after the 2.3.0.0 release, but the first allows to to easily add an end date via '--until=2022-04-17'.]
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+		[INFO] org.owasp.esapi:esapi:jar:2.4.0.0-SNAPSHOT
+		[INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+		[INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+		[INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+		[INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+		[INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+		[INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+		[INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+		[INFO] +- commons-lang:commons-lang:jar:2.6:compile
+		[INFO] +- commons-fileupload:commons-fileupload:jar:1.4:compile
+		[INFO] +- log4j:log4j:jar:1.2.17:compile
+		[INFO] +- org.apache.commons:commons-collections4:jar:4.4:compile
+		[INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+		[INFO] +- org.owasp.antisamy:antisamy:jar:1.6.8:compile
+		[INFO] |  +- net.sourceforge.htmlunit:neko-htmlunit:jar:2.61.0:compile
+		[INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.1.3:compile
+		[INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.1.3:compile
+		[INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.1.3:compile
+		[INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+		[INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+		[INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+		[INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+		[INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+		[INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+		[INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+		[INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+		[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
+		[INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+		[INFO] +- commons-io:commons-io:jar:2.11.0:compile
+		[INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.6.0:compile
+		[INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+		[INFO] +- commons-codec:commons-codec:jar:1.15:test
+		[INFO] +- junit:junit:jar:4.13.2:test
+		[INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+		[INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+		[INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+		[INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+		[INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+		[INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+		[INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+		[INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+		[INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+		[INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+		[INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+		[INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+		[INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+		[INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+		[INFO] \- org.openjdk.jmh:jmh-core:jar:1.35:test
+		[INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+		[INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+        ...
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    * A huge hat-tip to Dave Wichers and Sebastian Passaro for promptly releasing AntiSamy 1.6.8 which simplified this releaese
+    * A special thanks to Jeremiah Stacey to wrote the PR #683, that addressed the updates for Java 8.
+    * Finally, to all the ESAPI users who make our efforts worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)   <== (Him too, this time! :)
diff --git a/documentation/esapi4java-core-2.5.0.0-release-notes.txt b/documentation/esapi4java-core-2.5.0.0-release-notes.txt
new file mode 100644
index 000000000..b47b084e0
--- /dev/null
+++ b/documentation/esapi4java-core-2.5.0.0-release-notes.txt
@@ -0,0 +1,254 @@
+Release notes for ESAPI 2.5.0.0
+    Release date: 2022-07-20
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.4.0.0, 2022-04-24
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+In addition to this summary, please also be sure to thoroughly read the section "Changes Requiring Special Attention", below.
+
+Major changes:
+    Logging:
+        The major change in ESAPI 2.5.0.0 is the removal of the Log4J 1 dependency (specifically, log4j-1.2.17). It has been removed because in accordance with the ESAPI deprecation policy (see the README.md file), the Log4J supported logger has been deprecated for 2 years.
+
+        For those of you using a Software Configuration Analysis (SCA) services such as Snyk, BlackDuck, Veracode SourceClear, OWASP Dependency Check, etc., you will notice that the 4 Log4J 1.x related CVEs are no longer flagged. This is because of removal of the Log4J 1.2.17 dependency.
+
+        Any remaining flagged vulnerabilities (e.g., CVE-2020-7791 for transitive dependency batik-i18n-1.14) are believed to be false positives.
+
+        You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+    AntiSamy 1.7.0 and potentially breaking changes
+        We have updated to AntiSamy 1.7.0. If you have a custom version of antisamy-esapi.xml,then be sure to read the section "Changes Requiring Special Attention", below.
+
+Minor changes:
+    Miscellaneous bug fixes, Javadoc enhancements, and minor dependency updates.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.4.0.0 release:
+     212 Java source files
+    4325 JUnit tests in 136 Java source files (1 test skipped)
+
+ESAPI 2.5.0.0 release:
+     206 Java source files
+    4274 JUnit tests in 131 Java source files (0 tests skipped)
+
+19 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2022-04-24)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+717             Update to AntiSamy 1.7.0 once it is officially released
+715             ESAPI - Not working with Eclipse bug
+713             Should '/' be encoded for LDAP searches? bug
+705             Add more details to DefaultValidator class-level javadoc on ESAPI canonicalization properties Component-Docs Component-Validator javadoc
+702             ValidatorTest#testIsValidDirectoryPathGHSL_POC fails on Mac
+695             Esapi 2.3.0.0 does not supported in opensaml 2.6.6 bug
+692             Multiple (2x) encoding detected in from PercentCodec question
+690             Plugin/Dependency Version Updates
+689             Clean-up ESAPI Javadoc Component-Docs javadoc
+686             ESAPI canonicalization in DefaultEncoder ignoring Encoder.DefaultCodecList property bug Component-Encoder
+684             Hello world
+682             Update baseline to java 1.8
+674             Add the missing Javadoc for the Validator interface Component-Docs Component-Validator good first issue
+656             DefaultHTTPUtility uses hard coded Header name/value lengths (Note: Actually fixed in ESAPI 2.3.0.0, but just closed this release. - kww)
+644             Do not include a logging implementation as a dependency slf4j-simple
+620             Move the default property names and values out of a reference implementation class Component-SecurityConfiguration
+587             Drop Xerces dependency from pom.xml Build-Maven Vulnerable Dependencies
+534             Delete Deprecated Log4J implementation and Dependencies wait4future
+507             LDAP encoding of slash character
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it having first been deprecated.) Thus, your only choice for ESAPI logging are:
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implementation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+        * Create your own custom logger.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+Potentially Breaking Changes in AntiSamy 1.7.0
+
+* This version of ESAPI has upgraded to the latest version of AntiSamy (1.7.0 at the time of our release). AntiSamy 1.7.0 has some breaking changes to its SDK and the way that it processes AntiSamy policy files, of which the antisamy-esapi.xml file, included in our esapi-2.5.0.0-configuration.jar found at https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.5.0.0/esapi-2.4.0.0-configuration.jar, is the one we include.
+
+* None of the AntiSamy SDK changes affected how ESAPI, in its default configuration, uses it, but you may be affected if you have customized your AntiSamy policy file. If your regression tests fail when you upgrade to ESAPI 2.5.0.0 sand they seem to be related to AntiSamy, then please review https://github.com/nahsra/antisamy/blob/main/README.md#important---api-breaking-changes-in-170. Also, as a temporary workaround, you could do something like this (in Maven, but similar exclusion can be done with Gradle) to allow you time to correct your customized AntiSamy policy file:
+
+        <dependency>
+            <groupId>org.owasp.esapi</groupId>
+            <artifactId>esapi</artifactId>
+            <version>2.5.0.0</version>
+            <exclusions>
+                <!-- Exclude breaking version of AntiSamy 1.7.0 to allow time to fix our AntiSamy policy file, antisamy-esapi.xml -->
+                <exclusion>
+                    <groupId>org.owasp.antisamy</groupId>
+                    <artifactId>antisamy</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.owasp.antisamy</groupId>
+            <artifactId>antisamy</artifactId>
+            <version>1.6.8</version>
+        </dependency>
+
+Indeed the only change that we had to make is to alter a JUnit test that was intended to ensure that invalid AntiSamy policy files could be disabled by setting
+    Policy.setSchemaValidation(false);
+before processing any AntiSamy policy file not conforming to its schema. This specific (previously deprecated) method was removed in AntiSamy 1.7.0 so the schema validation checks can no longer be ignored. (And hence the reason for the workaround noted above.)
+
+Instead, we simply changed the JUnit test to check that the expected AntiSamy org.owasp.validator.html.PolicyException class is thrown when the invalid policy file is loaded.
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+* 'mvn site' fails to build these two reports:
+    "Tag reference" report           --- maven-taglib-plugin:2.4:tagreference
+    "Taglibdoc documentation" report --- maven-taglib-plugin:2.4:taglibdoc
+
+  Thus no tag library documentation will be generated. :-(
+
+  We are attempting to find a solution, but on the surface, it seems like the maven-taglib-plugin does not play nicely with versions of Java after Java 6. (So, this probably has been happening for a while and we just noticed it.)
+
+* We have had to suppress CVE-2017-10355, related to the transitive dependency xercesImpl-2.12.2.jar via antisamy-1.7.0.jar. It is the same jar that has been used for the past 2 years but the CVE just started popping up now, apparently because of changes to Sonatype's OSS Index. More details are available in the OWASP Dependency Check suppression rules contained in the 'suppressions.xml' file. Note that other SCA tools such as Snyk or GitHub Dependabot are not presently reporting it, but it bears watching.
+
+* Trying to run 'mvn test' with Java 11 or later results in multiple errors in maven-surefire-plugin, so for now, that should be avoided. We think we may have a solution, but at this point, it is too late to test for this release.
+
+* No others problems are known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.4.0.0 and 2.5.0.0, i.e., between 2022-04-24 and 2022-07-20)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+#
+# 34 PRs merged since ESAPI 2.4.0.0 release
+#   Apparent disparement in the figures below may be explained by serveral things:
+#       * My failure to do proper counting and basic arithmetic after 4 hours of tweak release notes.
+#       * Different basis for calculations:
+#           - Figures here may not agree with generated Change Log Report, which is date-based, as some commits included in this release were prior to ESAPI 2.4.0.0 and thus not included in the Change Log Report.
+#           - Some commits are done without PRs. Generally, we don't require PRs when we don't require code reviews. That generally is restricted to documenation files, making simple config file changes, and correcting obvious typos. Commits without PRs are resricted to the 3 ESAPI core team members.
+#           - Sometimes in a PR, multiple commits touch a file multiple times so we count those files once for each commit.
+#
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey 265            180               24
+kwwall           39             69                5
+xeno6696          1            267                1
+noloader          5              2                1
+stevebosman-oc    4              3                2
+VinodAnandan      1              1                1
+========================================================
+                                     Total PRs:  34
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2022-04-24 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.4.0.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.3.0:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.5.0.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.7:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.4:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.4:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.0:compile
+        [INFO] |  +- net.sourceforge.htmlunit:neko-htmlunit:jar:2.63.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.1.3:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.1.3:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.1.4:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.11.0:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.7.1:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.35:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+        ...
+
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    A special shout-out our new contributors noloader, stevebosman-oc, and VinodAnandan.
+    Another hat tip to Dave Wichers, Sebastián Passaro, and the rest of the AntiSamy crew for promptly releasing AntiSamy 1.7.0.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.5.1.0-release-notes.txt b/documentation/esapi4java-core-2.5.1.0-release-notes.txt
new file mode 100644
index 000000000..b8bfb220e
--- /dev/null
+++ b/documentation/esapi4java-core-2.5.1.0-release-notes.txt
@@ -0,0 +1,203 @@
+Release notes for ESAPI 2.5.1.0
+    Release date: 2022-11-27
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.5.0.0, 2022-07-20
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a patch release with the primary intent of updating some dependencies, some which addressed known vulnerabilities in these dependencies, but which we do not believe were exploitable via ESAPI. The major updates are:
+    * Updates to latest versions of direct dependencies, including:
+        - An update to AntiSamy:        1.7.0  --> 1.7.2
+        - An update to SLFJ4 API:       1.7.36 --> 2.0.4    (Note: 2.0.5 is available and likely would would result in "convergence" issues with the version AntiSamy 1.7.2 pulls in)
+    * A new codec (org.owasp.esapi.codecs.JSONCodec) is provided that provides JSON output encoding as per section 7 of RFC 8259. It is made available via Encoder.encodeForJSON(). (Note unlike other encoders, there is no corresponding decoder (i.e., decodeForJSON()) made available. Since that would normally be done by your JavaScript code, it wasn't deemed essential.
+    * Executing 'mvn site' now creates Javadoc for the ESAPI tag library (GitHub issue #733).
+
+For those of you using a Software Configuration Analysis (SCA) services such as Snyk, BlackDuck, Veracode SourceClear, OWASP Dependency Check, etc., you will notice that the 4 Log4J 1.x related CVEs are no longer flagged. This is because we have finally removed the Log4J 1.2.17 dependency in ESAPI 2.5.0.0.
+
+Any remaining flagged vulnerabilities (e.g., CVE-2017-10355 for transitive dependency apache:xerces2_java:2.12.2) are believed to be false postives.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.5.0.0 release:
+     206 Java source files
+    4274 JUnit tests in 131 Java source files (0 tests skipped)
+
+ESAPI 2.5.1.0 release:
+    207 Java source files
+    4292 JUnit tests in 131 Java source files (0 tests skipped)
+
+15 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2022-07-20)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+757             again .. [falsepositive]
+755             Upgrade batik-css-1.14 because of vulnerability
+754             JSON encoder
+749             Error in initializing org.owasp.esapi.logging.java.JavaLogFactory. [Converted to discussion #750.]
+747             Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception [Converted to discussion #751]
+743             Indirect dependency to vulnerable Xerces, CVE-2017-10355 [falsepositive, wontfix]
+740             Update SLF4J log bridge to allow NULL EventTypes
+735             Improve ConfigurationException message thrown from EsapiPropertyLoaderFactory.createPropertyLoader()
+734             Change skin for mvn site report to use fluido Build-Maven
+733             Executing 'mvn site' does not produce tag documentation
+727             ESAPI - Not working with Eclipse [falsepositive, wontfix]
+710             JavaLogFactory configuration should not override custom java LogManager configuration
+610             Add Deprecation Logging content for Log4JLogFactory Usage
+527             Configuration flag for disabling Logger User and App Information [falsepositive]
+433             Class Cast Exception when trying to run JUnit Tests [question, wontfix]
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.5.0.0 and 2.5.1.0, i.e., between 2022-07-20 and 2022-11-27)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  10             10              3
+noloader          4            316              4
+Jeff-Walker       2              3              1
+HenriquePinto333  2              1              1
+davewichers       2              3              1
+xeno6696         31              6              1
+kwwall           17              9              0
+========================================================
+                             Total Merged PRs: 11
+
+    (Note: Total # commits as reflected in CHANGELOG [see below] are less since commits from PRs are generally "squashed" when the are merged.)
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2022-07-20 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.5.0.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.3.0:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.5.1.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.8:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.4:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.4:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.2:compile
+        [INFO] |  +- net.sourceforge.htmlunit:neko-htmlunit:jar:2.66.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.2:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.2:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.16:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.16:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.16:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.16:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.16:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.7:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.4:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.11.0:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.7.3:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.36:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Special thanks to
+        noloader, Jeff-Walker, HenriquePinto333, & davewichers
+    for submitting PRs to ESAPI.
+
+    Another hat tip to the AntiSamy crew for promptly releasing AntiSamy 1.7.2.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.5.2.0-release-notes.txt b/documentation/esapi4java-core-2.5.2.0-release-notes.txt
new file mode 100644
index 000000000..b695e9b05
--- /dev/null
+++ b/documentation/esapi4java-core-2.5.2.0-release-notes.txt
@@ -0,0 +1,188 @@
+Release notes for ESAPI 2.5.2.0
+    Release date: 2023-04-12
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.5.1.0, 2022-11-27
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a patch release with the primary intent of updating some dependencies, one with a known DoS vulnerability and a more recent one with a potential RCE. From a vulnerability perspective, it addresses CVE-2023-24998 by upgrading to version 1.5 of Apache Commons File Uploads and adding the necessary call to FileBaseUpload.setFileCountMax(). It also updates to version 1.7.3 of AntiSamy to address CVE-2023-26119, a vulnerability in one of their dependencies.
+
+If you are not updating from the previous ESAPI release (2.5.1.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to this release (2.5.2.0), you should MINIMALLY
+read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.5.2.0, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!!
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.5.1.0 release:
+     207 Java source files
+    4292 JUnit tests in 131 Java source files (0 tests skipped)
+
+ESAPI 2.5.2.0 release: (unchanged since previous release)
+     207 Java source files
+    4293 JUnit tests in 131 Java source files (0 tests skipped, 1 commented out)
+
+7 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2022-11-27)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+773             Esapi giving issue working with graal native image bug
+770             latest version of ESAPI 2.5.1.0 not working with spring boot 3.0, it gives classNotFound for javax.servlet. duplicate enhancement
+769             ESAPI 2.5.1.0 not working with spring boot 3.0, spring 6 bug
+767             Add support for Jakarta Servlet API Specification enhancement [converted to Discussion #768]
+764             unable to locate resource: esapi-java-logging.properties
+761             JavaLogFactory is not loaded from ESAPI.properties file bug
+760             Could not initialize class org. Owasp. Esapi. Reference. DefaultValidator bug
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+* We are aware that ESAPI does not support Spring Boot 3.x or later or Spring Framework 6.x or later.
+    - This is because these projects use a version of Jakarta Servlet API that is incompatible with the the Java EE Servlet API. (The package names are different!)
+    - See Discussion #768 for more details. Please do NOT report this as an issue.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.5.1.0 and 2.5.2.0, i.e., between 2022-11-27-ish and 2023-04-12)
+Generated manually based on merged PRs.  All errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total # of Unique   # Merged
+(GitHub ID)     commits       Files Changed        PRs
+========================================================
+davewichers      2              4                   2
+josephWitthuhnTR 2              2                   1
+dependabot       1              1                   1
+kwwall          40             31                   2
+========================================================
+                                Total merged PRs:   6
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2022-11-27 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.5.1.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.5.0:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.5.2.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.8:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.4:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.2:compile
+        [INFO] |  +- net.sourceforge.htmlunit:neko-htmlunit:jar:2.66.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.2:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.2:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.16:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.16:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.16:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.16:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.16:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.7:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.6:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.11.0:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.7.3:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.36:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Thanks to my ESAPI co-contributors Matt Seil, Jeremiah Stacey, as well as all the ESAPI users who make our efforts worthwhile.  Without you, there would be little point in maintaining this project.  Lastly, a special shout-out to Joseph Witthuhn for submitting 2 PRs for this release.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.5.3.0-release-notes.txt b/documentation/esapi4java-core-2.5.3.0-release-notes.txt
new file mode 100644
index 000000000..953e1e0c5
--- /dev/null
+++ b/documentation/esapi4java-core-2.5.3.0-release-notes.txt
@@ -0,0 +1,210 @@
+Release notes for ESAPI 2.5.3.0
+    Release date: 2023-11-24
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.5.2.0, 2023-04-12
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a patch release with the primary intent of providing a Jakarta compatible version of ESAPI (see ESAPI Discussion https://github.com/ESAPI/esapi-java-legacy/discussions/768) as well as updating some dependencies, some with known vulnerabilities. Details follow.
+* We updated ESAPI's AntiSamy dependency from 1.7.3 to 1.7.4. AntiSamy 1.7.4 was released to address an XSS vulnerability in AntiSamy (CVE-2023-43643). Testing ESAPI's use of AntiSamy along with ESAPI's default antsamy-esapi.xml AntiSamy policy file, indicated there was no exploitable path of this CVE via ESAPI. This is because ESAPI's AntiSamy policy file is ultra-strict. (Of course, YMMV if you are not using the default AntiSamy policy file or are customized it to disable the 'preserveComments' directive.)
+* We have deprecated both of ESAPI's Validator.isValidSafeHTML interfaces, as we discovered that they cannot be guaranteed safe. Note that we intend to REMOVE both of these interfaces one year after the ESAPI 2.5.3.0 release. For more details, see GitHub Security Advisory https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm. There is also an accompanying "ESAPI Security Bulletin 12" (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin12.pdf). The Security Bulletin explains why we did not submit this as a CVE as well as explains some potential workarounds that may work for you.
+* Changed ESAPI so that the default RSA modulus length (sometimes referred to as the key size) from 1024-bits to 2048-bits. Note that if you are using an old version of ESAPI.properties file prior to 2.5.3.0 and are using any of the Encryptor interfaces that directly or indirectly use digital signatures (i.e., sign, verifySignature, seal, unseal, verifySeal), you may wish to consider updating properties:
+        Encryptor.DigitalSignatureAlgorithm=SHA256withDSA       # The old SHA1withDSA doesn't support 2048-bit RSA modulus length
+        Encryptor.DigitalSignatureKeyLength=2048
+    Note that if you have persisted previous digital signatures that you must continue to verify, you will have to regenerate them.
+* Thanks to a PR by @jcputney (PR #799), I have attempted to upload additional artifacts to Maven Central that will be a transformed jar suitable for use with the new 'jakarata.servlet' changes for Jakarata EE 9 and later. (Previously, 'javax.servlet' was the name space). Because we are still supporting JDK 8 at this point, we still need to support the 'javax.servlet' namespace as well. In addition to the standard jar artifacts, there should be a new esapi-<release>-jakarta.jar (which uses 'jakarta.servlet' instead of 'javax.servlet' namespace) as well as corresponding *-javadoc.jar and *-sources.jar files. I am not sure it will work as we have no tests for it, but looing at the binaries, it seems like it should.
+    For additional details, see:
+        https://github.com/ESAPI/esapi-java-legacy/pull/799
+        https://github.com/ESAPI/esapi-java-legacy/discussions/768
+
+Notes if you are not updating from the immediate previous release. release 2.5.2.0:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.5.2.0 release:
+     207 Java source files
+    4293 JUnit tests in 131 Java source files (0 tests skipped, 1 commented out)
+
+ESAPI 2.5.3.0 release:
+     207 Java source files
+    4293 JUnit tests in 131 Java source files (0 failures, 0 errors, 0 tests skipped)
+
+8 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2023-04-12)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+560             Could not initialize class org.owasp.esapi.logging.java.JavaLogFactory (ESAPI 2.2.1.0)
+760             Could not initialize class org. Owasp. Esapi. Reference. DefaultValidator
+775             Add documenttion to CONTRIBUTING-TO-ESAPI.txt to mention signed commits are now required.
+792             хз
+796             Logs printed using println() are always printed and no option to disable them.
+798             Insecure default signature key length
+805             Does esapi-java-legacy support jDK17
+808             Fix typo in comment in validation.properties files
+812             Fix Encoder.encodeForLDAP and Encoder.encodeForDN so they are strictly conformant with Section 3 of RFC 4515
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+Deprecated methods to be removed 1 year after the 2.5.3.0 release
+* As of the ESAPI 2.5.3.0 release, both Validator.isValidSafeHTML have been deprecated and will be removed one year after the 2.5.3.0 release date.
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+The effect of upgrade to AntiSamy 1.7.4 in ESAPI 2.5.3.0 can result in ESAPI's Validator.getValidSafeHTML returning a different cleansed (i.e., sanitized) string than previous versions of ESAPI which used earlier versions of AntiSamy did. There presently is no concern for alarm as all these observed different sanitized strings returned by AntiSamy 1.7.4 still all appear to be "safe"; they are just different than before. However, as a result, this could break any regression tests that you previously had that involved ESAPI's Validator.getValidSafeHTML. See https://github.com/nahsra/antisamy/issues/389 and https://github.com/nahsra/antisamy/pull/388 for additional details.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.5.2.0 and 2.5.3.0, i.e., between 2023-04-12 and 2023-11-24)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+kwwall          40	             37             2
+noloader	     6	             12             3
+preetgami      	 1                1             1
+robstoll         2                2             1
+jcputney         1                1             1
+========================================================
+                                    Total PRs:  8
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2023-04-12 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.5.2.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.6.1:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.5.3.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.4:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.4:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:3.6.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.2.1:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.2.3:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.17:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.17:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.17:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.9:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.6:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.14.0:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.8.1:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  1.701 s
+        [INFO] Finished at: 2023-11-24T13:01:00-05:00
+        [INFO] ------------------------------------------------------------------------
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Thanks to @noloader, @preetgami, and @jcputney for submitting PRs to help move ESAPI forward.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.5.3.1-release-notes.txt b/documentation/esapi4java-core-2.5.3.1-release-notes.txt
new file mode 100644
index 000000000..810cb55ca
--- /dev/null
+++ b/documentation/esapi4java-core-2.5.3.1-release-notes.txt
@@ -0,0 +1,184 @@
+Release notes for ESAPI 2.5.3.1
+    Release date: 2023-12-01
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.5.3.0, 2023-11-24
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+* Rewrite the Javadoc for Validator.isValidSafeHTML to make the dangers more evident.\
+* Changes to the DefaultValidator.isValidSafeHTM method so that a warning is always logs one time about the method being deprecated and a reference to the relevant GitHub Security Advisory.
+
+Notes if you are not updating from the immediate previous release. release 2.5.3.0:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.5.3.0 release:
+     207 Java source files
+    4293 JUnit tests in 131 Java source files (0 failures, 0 errors, 0 tests skipped)
+
+ESAPI 2.5.3.1 release: (unchanged)
+     207 Java source files
+    4293 JUnit tests in 131 Java source files (0 failures, 0 errors, 0 tests skipped)
+
+1 GitHub Issue closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2023-11-24)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+794             canonicalize sees entity which isn't there (wontfix)
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.5.3.0 and 2.5.3.1, i.e., between 2023-11-24 and 2023-12-01)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+kwwall           14             16              2
+========================================================
+                                    Total PRs:  2
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2023-11-24 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.5.3.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.6.1:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.5.3.1
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.4:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.4:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:3.6.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.2.1:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.2.3:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.17:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.17:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.17:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.9:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.6:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.14.0:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.8.2:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.16.0:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        ...
+
+        -----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for suggesting logging a warning via the deprecated isValidSafeHTML method.
+    And, as always, thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.5.4.0-release-notes.txt b/documentation/esapi4java-core-2.5.4.0-release-notes.txt
new file mode 100644
index 000000000..665c1d280
--- /dev/null
+++ b/documentation/esapi4java-core-2.5.4.0-release-notes.txt
@@ -0,0 +1,205 @@
+Release notes for ESAPI 2.5.4.0
+    Release date: 2024-05-29
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.5.3.1, 2023-12-01
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a patch release with a few bug fixes and dependency updates. While the AntiSamy 1.7.5 update was intended to address an XSS vulnerability (CVE-2024-23635), the ESAPI team verified that this vulnerability did not affect the default configuration of ESAPI and its strict AntiSamy policy file, antisamy-esapi.xml. (Our AntiSamy policy file has the 'preserveComments' directive disabled.)
+
+There is one important issue that was patched (GitHub issue # 839) that has a side-effect. In particular, if you have ESAPI configured to use JUL (i.e., Java Util Logging) as your default logger (i.e., you have ESAPI.Logger set to 'org.owasp.esapi.logging.java.JavaLogFactory', then you MUST delete your 'esapi-java-logging.properties' to set some of the JUL properties. This file was conflicting with the other uses of JUL not used through ESAPI. If you start ESAPI 2.5.4.0 and this file is found as a resource, then a ConfigurationException will be thrown and the exception message will direct you to our GitHub wiki page, https://github.com/ESAPI/esapi-java-legacy/wiki/Configuring-the-JavaLogFactory
+
+Notes if you are not updating from the immediate previous release. release 2.5.3.1:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.5.3.1 release:
+     207 Java source files
+    4293 JUnit tests in 131 Java source files (0 failures, 0 errors, 0 tests skipped)
+
+ESAPI 2.5.4.0 release:
+     207 Java source files
+    4297 JUnit tests in 131 Java source files (0 failures, 0 errors, 0 tests skipped)
+
+8 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2023-12-01)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+824     DefaultEncoder / getCanonicalizedURI returns mix encoding for HTML special characters
+826     Fix Encoder.getCanonicalizedURI(URI) for the test case of a double-ampersand in the HTML Query
+827     HTMLEntityCodec Mysteriously decodes &or
+831     java.io.FileNotFoundException Error in Logs When ESAPI.properties and validation.properties are in resources. and the application is up ,features are not working.
+832     easpi .properties and validation properties are present but still it is throwing error and the application is failing do you have any solution for this
+835     Validator.isValidSafeHTML() is vulnerable as per CVE-2023-4780
+837     Validation does not work with esapi jakarta jar
+839     ConcurrentModificationException
+
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+Important Note affecting ESAPI 2.5.4.0 and later:
+* If you are using JUL for ESAPI logging, you will need to delete esapi-java-logging.properties file so it is not found as a resource stream. Failure to do so will result in a ConfigurationException being thrown. For details, see our GitHub wiki page, https://github.com/ESAPI/esapi-java-legacy/wiki/Configuring-the-JavaLogFactory
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (with your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.5.3.1 and 2.5.4.0, i.e., between 2023-12-01 and 2024-05-29)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+xeno6696         5              4               1
+jeremiahjstacey  2              4               1
+dependabot       1              1               1
+mpreziuso        1              2               1
+kwwall          11              6               0 (direct merge)
+========================================================
+                                    Total PRs:  4
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2023-12-01 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.5.3.1) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.6.1:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.5.4.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.5.0-M1:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.5:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.3.1:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2.4:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.2.4:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.17:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.17:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.17:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.9:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:3.11.1:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.13:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.15.1:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.8.5:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.17.0:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.903 s
+        [INFO] Finished at: 2024-05-29T18:31:30-04:00
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    A special hat tip to Arshan Dabirsiaghis, original creator of AntiSamy and the creator of the antisamy-esapi.xml file, the ultrastrict AntiSamy policy used by ESAPI. That avoided a vulnerability that affected AntiSamy itself, so kudos to that foresite.
+    A shutout to Michele Preziuso for the PR that updated AntiSamy, added a test, and avoided the convergence issue that resulted in me having to reject the Snyk and Dependabot PRs. I appreciate you saving me having to do the work.
+    And special kudos to Jerry Devis for one of the best bug reports (GitHub issue #839) that I've seen since I began working on ESAPI in 2009. I hope your bug report can be an example to all. Excellent work.
+
+    Lastly, our usual special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.5.5.0-release-notes.txt b/documentation/esapi4java-core-2.5.5.0-release-notes.txt
new file mode 100644
index 000000000..69a4e6e77
--- /dev/null
+++ b/documentation/esapi4java-core-2.5.5.0-release-notes.txt
@@ -0,0 +1,199 @@
+Release notes for ESAPI 2.5.5.0
+    Release date: 2024-10-07
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.5.4.0, 2024-05-30
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a minor release. All changes should be backward compatible with the previous ESAPI version.
+The updates cover the following areas:
+* Updates to dependencies and Maven plugins.
+* New logging feature added which should be useful in cloud environments where you are paying for log storage.
+  See GitHub issue https://github.com/ESAPI/esapi-java-legacy/issues/844 for details.
+* Documentation clean-up.
+
+Notes if you are not updating from the immediate previous release. release 2.5.4.0:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.5.4.0 release:
+     207 Java source files
+    4297 JUnit tests in 131 Java source files (0 failures, 0 errors, 0 tests skipped)
+
+ESAPI 2.5.5.0 release:
+     207 Java source files
+    4315 JUnit tests in 133 Java source files (0 failures, 0 errors, 0 tests skipped)
+
+8 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive')
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2024-05-30)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+844     Update the logging properties to opt-out of the prefix events Component-Logger enhancement
+846     ESAPI.encoder().canonicalize() converts "&or" or similar strings without having trailing semicolon as logical operator
+847     Update ESAPI pom to use latest version of AntiSamy (1.7.6)
+851     Fix typos
+
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.5.4.0 and 2.5.5.0, i.e., between 2024-05-30 and 2024-10-07)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+Note: This only lists merged PRs, not those that were closed as rejected.
+
+Developer           Total       Total Number        # Merged
+(GitHub ID)         commits   of Files Changed        PRs
+============================================================
+DebajitKumarPhukan   7              1                   1
+DarioViva42         57             44                   1
+mickeyz07           10             12                   1
+kwwall              11              8                   2
+============================================================
+                                            Total PRs:  5
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2024-05-30 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.5.4.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.5.5.0-SNAPSHOT
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO] 
+        [INFO] --- maven-dependency-plugin:3.7.1:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.5.5.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.5.0-M2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.6:compile
+        [INFO] |  +- commons-io:commons-io:jar:2.16.1:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.3.1:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2.4:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.2.5:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.17:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.17:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.17:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.17:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.9:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:4.3.0:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.13:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.8.6:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- commons-codec:commons-codec:jar:1.17.0:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.78.1:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    A special shout-out to our new ESAPI contributors, mickeyz07, DarioViva42, and DebajitKumarPhukan.
+    Another hat tip to Dave Wichers and the AntiSamy crew for promptly releasing AntiSamy 1.7.0.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.6.0.0-release-notes.txt b/documentation/esapi4java-core-2.6.0.0-release-notes.txt
new file mode 100644
index 000000000..1a9d41759
--- /dev/null
+++ b/documentation/esapi4java-core-2.6.0.0-release-notes.txt
@@ -0,0 +1,192 @@
+Release notes for ESAPI 2.6.0.0
+    Release date: 2024-11-25
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.5.5.0, 2024-10-08
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This ESAPI release removes the Validator.isValidSafeHTML methods and references to it from ESAPI code. We will NOT be replacing it. This is to fulfill GitHub Security Advisory https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm and GitHub issue #859.
+
+ESAPI was also updated to use the latest version of AntiSamy, 1.7.7.
+
+Notes if you are not updating from the immediate previous release. release 2.5.5.0:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.5.5.0 release:
+     207 Java source files
+    4297 JUnit tests in 131 Java test files
+
+ESAPI 2.6.0.0 release:
+     207 Java source files
+    4312 JUnit tests in 133 Java source files
+
+2 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2024-10-08)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+204             DefalutValidator.isValidSafeHTML() doesn't work (wontfix)           
+859             Remove deprecated Validator.isValidSafeHTML methods
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+Breaking Change - deprecated methods removed
+* As of 2.6.0.0, the methods Validator.isValidSafeHTML are deleted. We won't be bring them back. See https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm and the associated Security Bulletin for details.
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file with respect to version information.
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.5.5.0 and 2.6.0.0, i.e., between 2024-10-08 and 2024-11-25)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+Figures do not include rejected PRs.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+kwwall           15              13               1
+========================================================
+                                      Total PRs:  1
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2024-10-08 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.5.5.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.8.0:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.6.0.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.5.0-M2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.7:compile
+        [INFO] |  +- commons-io:commons-io:jar:2.18.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.4.1:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.3.1:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.3.1:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.18:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.18:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.18:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.18:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.18:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.10:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:4.6.0:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.16:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.8.6:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- commons-codec:commons-codec:jar:1.17.1:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.78.1:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.884 s
+        [INFO] Finished at: 2024-11-25T15:35:40-05:00
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers and the AntiSamy crew for promptly releasing AntiSamy 1.7.7.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.6.1.0-release-notes.txt b/documentation/esapi4java-core-2.6.1.0-release-notes.txt
new file mode 100644
index 000000000..e81f3bda0
--- /dev/null
+++ b/documentation/esapi4java-core-2.6.1.0-release-notes.txt
@@ -0,0 +1,189 @@
+Release notes for ESAPI 2.6.1.0
+    Release date: 2025-05-19
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.6.0.0, 2024-11-25
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a patch release with the primary intent of updating the AntiSamy dependency from v1.7.7 to v1.7.8. Among other fixes, AntiSamy 1.7.8 updated HttpClient 5.x to address CVE-2025-27820, which potentially could affect ESAPI users if they had customized their aAntiSamy Policy File (by default, antisamy-esapi.xml) to allow certain CSS constructs. (The default policy file does not allow CSS markup at all, and I don't believe that it would be exploitable via ESAPI.)
+
+
+Notes if you are not updating from the immediate previous release. release 2.6.0.0:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.6.0.0 release:
+     207 Java source files
+    4312 JUnit tests in 133 Java source files
+
+ESAPI 2.6.1.0 release:
+     207 Java source files
+    4312 JUnit tests in 133 Java source files
+
+9 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2024-11-25)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+204             DefalutValidator.isValidSafeHTML() doesn't work - bug, Component-Validator, imported, Milestone-Release2.2, Priority-Medium, wontfix
+838             Getting org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. - bug, wontfix
+858             Fail to run Linux command with double quotes using executeSystemCommand - question, ConvertedToDiscussion
+859             Remove deprecated Validator.isValidSafeHTML methods - bug (Note: fixed in previous release, 2.6.0.0)
+863             2.6.0.0 still using javax HttpServletRequest - enhancement, falsepositive
+867             How to turn off ESAPI logs or change its log level - question, ConvertedToDiscussion
+868             Do not depend on commons-collections4 milestone (use 4.4 instead) - bug, Vulnerable Dependencies, wontfix
+874             jakarta.servlet-api 5.0(Jakarta EE 9) change the package name from javax.xxx to jakarta.xxxx - enhancement, duplicate, NothingToFixHere
+876             Upgrade version of antisamy to 1.7.8 to update transitive dependency affected by CVE-2025-27820 - enhancement, duplicate, NothingToFixHere
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Changes since last release 2.6.0.0 and 2.6.1.0, i.e., changes between 2025-11-25 and 2025-05-19.
+
+    Note: I am no longer going to provide the 'Developer Activity Report' that I used to this manually create in tabluar form. This is in part because I use to use 'mvn site' to assist with its creation, but neither the 'Developer Activiity' nor 'File Activity' sections of the 'mvn site' output is currently working.
+
+          That said, I don't care as this was always a major PITA and I think it had dubious value to start with.
+
+          Therefore, I am replacing it to a stock GitHub tag comparison of the current and previous release, which I can automate.
+
+    Please see,
+
+        https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.6.0.0...esapi-2.6.1.0
+
+    for details. It contains all the information that the previous 'Developer Activity Reports' did and then some.
+
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2024-11-25 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.6.0.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.8.1:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.6.1.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.5.0-M2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.8:compile
+        [INFO] |  +- commons-io:commons-io:jar:2.19.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.4.4:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.3.4:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.3.4:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.19:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.19:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.19:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.19:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.19:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.11:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:4.11.0:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.16:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.9.3:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- commons-codec:commons-codec:jar:1.17.1:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.78.1:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    A special thanks to the AntiSamy team in getting a new AntiSamy release out in short order. And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.6.2.0-release-notes.txt b/documentation/esapi4java-core-2.6.2.0-release-notes.txt
new file mode 100644
index 000000000..a909feea2
--- /dev/null
+++ b/documentation/esapi4java-core-2.6.2.0-release-notes.txt
@@ -0,0 +1,180 @@
+Release notes for ESAPI 2.6.2.0
+    Release date: 2025-06-02
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.6.1.0, 2025-05-19
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a minor patch release with the intent of updating the Apache Commons BeanUtils dependency from v1.9.4 to v1.11.0 to CVE-2025-48734. This CVE wouuld only potentially affect application code that uses the ESAPI's AccessController component. It is extremently unlikely that anyone is using that because the default implmentation for that (the class "org.owasp.esapi.reference.DefaultAccessController") is really a toy implementation that doesn't scale to enterprise levels with out some customization. (The class "org.owasp.esapi.filters.ESAPIFilter" also uses "DefaultAccessController", but it is unlikely that anyone is using that either, unless they are using a customized AccessController implementation.) We plan to deprecate this ESAPI "DefaultAccessControler" shortly in a future release.
+
+Notes if you are not updating from the immediate previous release. release 2.6.1.0:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.6.1.0 release:
+     207 Java source files
+    4312 JUnit tests in 133 Java source files
+
+ESAPI 2.6.2.0 release:
+     207 Java source files
+    4312 JUnit tests in 133 Java source files
+
+1 GitHub Issue closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2025-05-19)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+883             Update Apache Commons BeanUtils from 1.9.4 to 1.11.0 to address CVE-2025-48734
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub and that 'mvn site' fails to properly build some pieces as the ESAPI tag library Javadoc. I suspect this is related to problems with one or more of the Maven plugins.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Changes since last release 2.6.1.0 and 2.6.2.0, i.e., changes between 2025-05-19 and 2025-06-02).
+
+    Note: I am no longer going to provide the 'Developer Activity Report' that I used to this manually create in tabluar form. This is in part because I use to use 'mvn site' to assist with its creation, but neither the 'Developer Activiity' nor 'File Activity' sections of the 'mvn site' output is currently working.
+
+          That said, I don't care as this was always a major PITA and I think it had dubious value to start with.
+
+          Therefore, I am replacing it to a stock GitHub tag comparison of the current and previous release, which I can automate.
+
+    Please see,
+
+        https://github.com/ESAPI/esapi-java-legacy/compare/esapi-...esapi-2.6.2.0
+
+    for details. It contains all the information that the previous 'Developer Activity Reports' did and then some.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2025-05-19 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.6.1.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.8.1:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.6.1.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.11.0:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.5:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.5.0-M2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.8:compile
+        [INFO] |  +- commons-io:commons-io:jar:2.19.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.4.4:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.3.4:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.3.4:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.19:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.19:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.19:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.19:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.19:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.11:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:4.11.0:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.16:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.9.3:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- commons-codec:commons-codec:jar:1.17.1:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.78.1:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        [INFO] ------------------------------------------------------------------------
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Thanks to GitHub Advanced Security's Dependabot SCA tool for flagging and fixing this one. And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/esapi4java-core-2.7.0.0-release-notes.txt b/documentation/esapi4java-core-2.7.0.0-release-notes.txt
new file mode 100644
index 000000000..f88656067
--- /dev/null
+++ b/documentation/esapi4java-core-2.7.0.0-release-notes.txt
@@ -0,0 +1,194 @@
+Release notes for ESAPI 2.7.0.0
+    Release date: 2025-06-27
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.6.2.0, 2025-06-02
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a major patch release with the primary intent of addressing CVE-2025-5878. See https://nvd.nist.gov/vuln/detail/CVE-2025-5078 and especially Security Bulletin #13 (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf) for details. It also updates Apache Commons FileUploads to 1.6.0 to address CVE-2025-48976. That CVE likely does not affect the HTTP.getFileUloads interfaces (which is the only methods that use that library), but we have not had time to analyze it fully given the CVE cited against ESAPI. Apache Commons BeanUtils was also updated to 1.11.0 to address CVE-2025-48734 which potentially could anyone using ESAPI's AccessController and has placed their access control policy in a place where an attacker may be overwrite it. That is highly unlikely, but better safe than sorry.
+
+This 2.7.0.0 release also has significant Javadoc clarifications. Security Bulletin #13 explains why.
+
+If you fail to read Security Bulletin #13 and you are affected by CVE-2025-5878, your application using ESAPI 2.7.0.0 will not work, so it is VERY IMPORTANT that you read that.
+
+Notes if you are NOT updating from the immediate previous release. release 2.6.2.0:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.6.2.0 release:
+     207 Java source files
+    4312 JUnit tests in 133 Java source files
+
+ESAPI 2.7.0.0 release:
+     208 Java source files
+    4312 JUnit tests in 134 Java source files
+
+1 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2025-06-02)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+883             Update Apache Commons BeanUtils from 1.9.4 to 1.11.0 to address CVE-2025-48734
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+IMPORTANT: Read Security Bulletin #13 (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf)
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it having first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implementation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Changes since last release 2.6.2.0 and 2.7.0.0, i.e., changes between 2025-06-02 and 2025-06-27).
+
+    Note: I am no longer going to provide the 'Developer Activity Report' that I used to this manually create in tabular form. This is in part because I use to use 'mvn site' to assist with its creation, but neither the 'Developer Activity' nor 'File Activity' sections of the 'mvn site' output is currently working.
+
+          That said, I don't care as this was always a major PITA and I think it had dubious value to start with.
+
+          Therefore, I am replacing it to a stock GitHub tag comparison of the current and previous release, which I can automate.
+
+    Please see,
+
+        https://github.com/ESAPI/esapi-java-legacy/compare/esapi-...esapi-2.7.0.0
+
+    for details. It contains all the information that the previous 'Developer Activity Reports' did and then some.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2025-06-02 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.6.2.0) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.8.1:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.7.0.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- xom:xom:jar:1.3.9:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.11.0:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.3.5:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.6.0:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.5.0-M2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.7.8:compile
+        [INFO] |  +- commons-io:commons-io:jar:2.19.0:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.4.4:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.3.4:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.3.4:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.19:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.19:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.19:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.19:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.19:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.11:compile
+        [INFO] |  +- org.htmlunit:neko-htmlunit:jar:4.11.0:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:2.0.16:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.9.3:compile (optional)
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional)
+        [INFO] +- commons-codec:commons-codec:jar:1.17.1:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.78.1:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:2.2:test
+        [INFO] |  \- org.hamcrest:hamcrest:jar:2.2:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.9:test
+        [INFO] +- org.mockito:mockito-core:jar:3.12.4:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.11.13:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
+        [INFO] |  \- org.objenesis:objenesis:jar:3.2:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.9:test
+        [INFO] |  \- org.javassist:javassist:jar:3.27.0-GA:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.9:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.9:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.9:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.37:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.6.1:test
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    A whole bunch of folks to thank this time:
+        - Longlong Gong (uglory-gll) - The security researcher who discovered the vulnerability that became CVE-2025-5878. 
+          Most people curse those who find CVEs in their software, but because of Longlong's work, we feel ESAPI is a better library and has a more secure future. (See the "Lessons Learned" section of Security Bulletin #13 for an explanation.)
+        - The VulDB CNA team.
+        - In no particular order, Jeff Williams, Matt Seil, Jeremiah Stacey, Erika von Kampen, Bill Sempf, and Ken Pyle, all who provided me with excellent feedback on the documentation and code changes and help me keep my sanity for the past 3 weeks.
+        - My wife for tolerating my long evenings for the past 3 weeks. I know I've been cranky and it's been stressful for us both, but thanks for being so understanding and supportive.
+        - And finally, thanks to all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/documentation/how-to-build-and-develop-with-intellij.md b/documentation/how-to-build-and-develop-with-intellij.md
new file mode 100644
index 000000000..c73fcdafa
--- /dev/null
+++ b/documentation/how-to-build-and-develop-with-intellij.md
@@ -0,0 +1,14 @@
+# How to Build and Develop ESAPI with IntelliJ
+
+IntelliJ is set up to run pretty seamlessly out of the box, but there are still a few configuration options we need to change in order to get Unit Tests to run properly.
+
+1. Click `Run` > `Edit Configurations...`
+2. Click `+` > `JUnit` to add a new Run Configuration for JUnit
+3. Set the `Name:` field to `JUnit Config`
+4. Set the `Test kind:` field to `All in package`
+5. Set the `Search for tests:` field to `In whole project`
+6. Set the `Working directory:` field to **your** project root directory (e.g. ~/workspace/esapi-java-legacy)
+
+In order to Run ESAPI with Tests, you just need to select `Run` > `Run 'JUnit Config' with Coverage`
+
+That's it!
diff --git a/esapi.iml b/esapi.iml
deleted file mode 100644
index 5729ef276..000000000
--- a/esapi.iml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
-  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false">
-    <output url="file://$MODULE_DIR$/target/classes" />
-    <output-test url="file://$MODULE_DIR$/target/test-classes" />
-    <content url="file://$MODULE_DIR$">
-      <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
-      <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
-      <sourceFolder url="file://$MODULE_DIR$/src/test/resources" isTestSource="true" />
-      <excludeFolder url="file://$MODULE_DIR$/target" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" name="Maven: commons-configuration:commons-configuration:1.5" level="project" />
-    <orderEntry type="library" name="Maven: commons-collections:commons-collections:3.2" level="project" />
-    <orderEntry type="library" name="Maven: commons-lang:commons-lang:2.3" level="project" />
-    <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.1" level="project" />
-    <orderEntry type="library" name="Maven: log4j:log4j:1.2.16" level="project" />
-    <orderEntry type="library" name="Maven: logkit:logkit:1.0.1" level="project" />
-    <orderEntry type="library" name="Maven: avalon-framework:avalon-framework:4.1.3" level="project" />
-    <orderEntry type="library" scope="PROVIDED" name="Maven: javax.servlet:servlet-api:2.4" level="project" />
-    <orderEntry type="library" name="Maven: commons-digester:commons-digester:1.8" level="project" />
-    <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.7.0" level="project" />
-    <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils-core:1.7.0" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.4" level="project" />
-    <orderEntry type="library" scope="PROVIDED" name="Maven: javax.servlet:jsp-api:2.0" level="project" />
-    <orderEntry type="library" name="Maven: commons-fileupload:commons-fileupload:1.2" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: commons-io:commons-io:1.3" level="project" />
-    <orderEntry type="library" name="Maven: xom:xom:1.1" level="project" />
-    <orderEntry type="library" name="Maven: xerces:xmlParserAPIs:2.6.2" level="project" />
-    <orderEntry type="library" name="Maven: xerces:xercesImpl:2.6.2" level="project" />
-    <orderEntry type="library" name="Maven: xalan:xalan:2.7.0" level="project" />
-    <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.0.b2" level="project" />
-    <orderEntry type="library" name="Maven: jaxen:jaxen:1.1-beta-8" level="project" />
-    <orderEntry type="library" name="Maven: dom4j:dom4j:1.6.1" level="project" />
-    <orderEntry type="library" name="Maven: jdom:jdom:1.0" level="project" />
-    <orderEntry type="library" name="Maven: org.beanshell:bsh-core:2.0b4" level="project" />
-    <orderEntry type="library" name="Maven: org.owasp.antisamy:antisamy:1.4.3" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-css:1.7" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-ext:1.7" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-util:1.7" level="project" />
-    <orderEntry type="library" name="Maven: xml-apis:xml-apis-ext:1.3.04" level="project" />
-    <orderEntry type="library" name="Maven: net.sourceforge.nekohtml:nekohtml:1.9.12" level="project" />
-    <orderEntry type="library" name="Maven: commons-httpclient:commons-httpclient:3.1" level="project" />
-    <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.2" level="project" />
-  </component>
-</module>
-
diff --git a/javadoc.xml b/javadoc.xml
index daa7ba95f..791f62ae7 100644
--- a/javadoc.xml
+++ b/javadoc.xml
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<project default="javadoc">
-    <target name="javadoc">
-        <javadoc access="public" author="true" classpath="lib/xml-apis-ext.jar;lib/xml-apis.jar;lib/nekohtml.jar;lib/batik-util.jar;C:\eclipse\plugins\org.junit_3.8.2.v20080602-1318\junit.jar;lib/antisamy-bin.1.2.jar;lib/servlet-api.jar;lib/commons-fileupload-1.2.jar;lib/xercesImpl.jar;lib/batik-css.jar;lib/commons-io-1.3.2.jar;lib/jsp-api.jar" destdir="doc" doctitle="OWASP Enterprise Security API (ESAPI)" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" overview="C:\Work\Aspect\ESAPI_Live\javadoc\overview-summary.html" packagenames="org.owasp.esapi.codecs,org.owasp.esapi.tags" source="1.4" sourcefiles="src/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/org/owasp/esapi/reference/DefaultUser.java,src/org/owasp/esapi/filters/SafeResponse.java,src/org/owasp/esapi/errors/IntegrityException.java,src/org/owasp/esapi/Encoder.java,src/org/owasp/esapi/reference/JavaLogFactory.java,src/org/owasp/esapi/reference/DefaultValidator.java,src/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/org/owasp/esapi/AccessReferenceMap.java,src/org/owasp/esapi/HTTPUtilities.java,src/org/owasp/esapi/StringUtilities.java,src/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/org/owasp/esapi/reference/DefaultEncoder.java,src/org/owasp/esapi/AccessController.java,src/org/owasp/esapi/errors/ExecutorException.java,src/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/org/owasp/esapi/Encryptor.java,src/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/org/owasp/esapi/ValidationErrorList.java,src/org/owasp/esapi/reference/DefaultExecutor.java,src/org/owasp/esapi/Executor.java,src/org/owasp/esapi/SecurityConfiguration.java,src/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/org/owasp/esapi/errors/CertificateException.java,src/org/owasp/esapi/errors/AuthenticationLoginException.java,src/org/owasp/esapi/reference/FileBasedAccessController.java,src/org/owasp/esapi/errors/ValidationException.java,src/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/org/owasp/esapi/IntrusionDetector.java,src/org/owasp/esapi/errors/IntrusionException.java,src/org/owasp/esapi/Authenticator.java,src/org/owasp/esapi/errors/AuthenticationException.java,src/org/owasp/esapi/filters/SafeRequest.java,src/org/owasp/esapi/User.java,src/org/owasp/esapi/EncryptedProperties.java,src/org/owasp/esapi/LogFactory.java,src/org/owasp/esapi/errors/EncryptionException.java,src/org/owasp/esapi/Logger.java,src/org/owasp/esapi/filters/SafeHTTPFilter.java,src/org/owasp/esapi/reference/JavaEncryptor.java,src/org/owasp/esapi/SafeFile.java,src/org/owasp/esapi/errors/ValidationUploadException.java,src/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/org/owasp/esapi/reference/DefaultRandomizer.java,src/org/owasp/esapi/Randomizer.java,src/org/owasp/esapi/ESAPI.java,src/org/owasp/esapi/errors/EncodingException.java,src/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/org/owasp/esapi/errors/AccessControlException.java,src/org/owasp/esapi/errors/AuthenticationHostException.java,src/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/org/owasp/esapi/errors/AvailabilityException.java,src/org/owasp/esapi/filters/ESAPIFilter.java,src/org/owasp/esapi/reference/DefaultEncryptedProperties.java,src/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/org/owasp/esapi/Validator.java" sourcepath="test;src" splitindex="true" use="true" version="true"/>
-    </target>
-</project>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project default="javadoc">
+    <target name="javadoc">
+        <javadoc access="public" author="true" classpath="lib/xml-apis-ext.jar;lib/xml-apis.jar;lib/nekohtml.jar;lib/batik-util.jar;C:\eclipse\plugins\org.junit_3.8.2.v20080602-1318\junit.jar;lib/antisamy-bin.1.2.jar;lib/servlet-api.jar;lib/commons-fileupload-1.2.jar;lib/xercesImpl.jar;lib/batik-css.jar;lib/commons-io-1.3.2.jar;lib/jsp-api.jar" destdir="doc" doctitle="OWASP Enterprise Security API (ESAPI)" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" overview="C:\Work\Aspect\ESAPI_Live\javadoc\overview-summary.html" packagenames="org.owasp.esapi.codecs,org.owasp.esapi.tags" source="1.4" sourcefiles="src/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/org/owasp/esapi/reference/DefaultUser.java,src/org/owasp/esapi/filters/SafeResponse.java,src/org/owasp/esapi/errors/IntegrityException.java,src/org/owasp/esapi/Encoder.java,src/org/owasp/esapi/reference/JavaLogFactory.java,src/org/owasp/esapi/reference/DefaultValidator.java,src/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/org/owasp/esapi/AccessReferenceMap.java,src/org/owasp/esapi/HTTPUtilities.java,src/org/owasp/esapi/StringUtilities.java,src/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/org/owasp/esapi/reference/DefaultEncoder.java,src/org/owasp/esapi/AccessController.java,src/org/owasp/esapi/errors/ExecutorException.java,src/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/org/owasp/esapi/Encryptor.java,src/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/org/owasp/esapi/ValidationErrorList.java,src/org/owasp/esapi/reference/DefaultExecutor.java,src/org/owasp/esapi/Executor.java,src/org/owasp/esapi/SecurityConfiguration.java,src/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/org/owasp/esapi/errors/CertificateException.java,src/org/owasp/esapi/errors/AuthenticationLoginException.java,src/org/owasp/esapi/reference/FileBasedAccessController.java,src/org/owasp/esapi/errors/ValidationException.java,src/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/org/owasp/esapi/IntrusionDetector.java,src/org/owasp/esapi/errors/IntrusionException.java,src/org/owasp/esapi/Authenticator.java,src/org/owasp/esapi/errors/AuthenticationException.java,src/org/owasp/esapi/filters/SafeRequest.java,src/org/owasp/esapi/User.java,src/org/owasp/esapi/EncryptedProperties.java,src/org/owasp/esapi/LogFactory.java,src/org/owasp/esapi/errors/EncryptionException.java,src/org/owasp/esapi/Logger.java,src/org/owasp/esapi/filters/SafeHTTPFilter.java,src/org/owasp/esapi/reference/JavaEncryptor.java,src/org/owasp/esapi/SafeFile.java,src/org/owasp/esapi/errors/ValidationUploadException.java,src/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/org/owasp/esapi/reference/DefaultRandomizer.java,src/org/owasp/esapi/Randomizer.java,src/org/owasp/esapi/ESAPI.java,src/org/owasp/esapi/errors/EncodingException.java,src/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/org/owasp/esapi/errors/AccessControlException.java,src/org/owasp/esapi/errors/AuthenticationHostException.java,src/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/org/owasp/esapi/errors/AvailabilityException.java,src/org/owasp/esapi/filters/ESAPIFilter.java,src/org/owasp/esapi/reference/DefaultEncryptedProperties.java,src/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/org/owasp/esapi/Validator.java" sourcepath="test;src" splitindex="true" use="true" version="true"/>
+    </target>
+</project>
diff --git a/pom.xml b/pom.xml
index 89c9b250d..6797acc2a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,32 +1,35 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.1.1-SNAPSHOT</version>
+    <version>2.7.1.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
-    <parent>
-        <groupId>org.sonatype.oss</groupId>
-        <artifactId>oss-parent</artifactId>
-        <version>5</version>
-    </parent>
+    <distributionManagement>
+      <repository>
+        <id>central</id>
+          <url>https://central.sonatype.org/publish/publish-portal-maven/</url>
+        </repository>
+        <!-- You can pick up the ESAPI configuration jars here, under the Assets section of each release. -->
+        <downloadUrl>https://github.com/ESAPI/esapi-java-legacy/releases</downloadUrl>
+    </distributionManagement>
 
     <licenses>
         <license>
             <name>BSD</name>
-            <url>http://www.opensource.org/licenses/bsd-license.php</url>
+            <url>https://www.opensource.org/licenses/bsd-license.php</url>
             <comments>Code License - New BSD License</comments>
         </license>
         <license>
             <name>Creative Commons 3.0 BY-SA</name>
-            <url>http://creativecommons.org/licenses/by-sa/3.0/</url>
+            <url>https://creativecommons.org/licenses/by-sa/3.0/</url>
             <comments>Content License - Create Commons 3.0 BY-SA</comments>
         </license>
     </licenses>
 
     <name>ESAPI</name>
-    <url>http://www.esapi.org/</url>
+    <url>https://owasp.org/www-project-enterprise-security-api/</url>
     <description>The Enterprise Security API (ESAPI) project is an OWASP project
         to create simple strong security controls for every web platform.
         Security controls are not simple to build. You can read about the
@@ -37,25 +40,25 @@
     </description>
 
     <organization>
-        <name>The Open Web Application Security Project (OWASP)</name>
-        <url>http://www.owasp.org/index.php</url>
+        <name>The Open Worldwide Application Security Project (OWASP)</name>
+        <url>https://owasp.org/</url>
     </organization>
 
     <mailingLists>
         <mailingList>
-            <name>ESAPI-Users</name>
-            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</subscribe>
-            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</unsubscribe>
-            <post>mailto:esapi-users@lists.owasp.org</post>
-            <archive>https://lists.owasp.org/pipermail/esapi-users/</archive>
+            <name>ESAPI-Project-Users</name>
+            <subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join</subscribe>
+            <unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/unsubscribe</unsubscribe>
+            <post>mailto:esapi-project-users@owasp.org</post>
+            <archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-users/</archive>
             <!--This is the OWASP ESAPI mailing list for ESAPI users, regardless of programming language. For example, ESAPI users with questions about ESAPI for Java or ESAPI for PHP would both post here.-->
         </mailingList>
         <mailingList>
-            <name>ESAPI-Developers</name>
-            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</subscribe>
-            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</unsubscribe>
-            <post>mailto:esapi-dev@lists.owasp.org</post>
-            <archive>https://lists.owasp.org/pipermail/esapi-dev/</archive>
+            <name>ESAPI-Project-Dev</name>
+            <subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join</subscribe>
+            <unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/unsubscribe</unsubscribe>
+            <post>mailto:esapi-project-dev@owasp.org</post>
+            <archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-dev/</archive>
             <!--This is the OWASP ESAPI mailing list for ESAPI for Java developers. While the list is not closed, the topics of discussion are likely to be less relevant to those only using ESAPI. Note that this is the list for ESAPI for Java. Most other language implementations, such ESAPI for PHP, have their own mailing lists.-->
         </mailingList>
         <mailingList>
@@ -66,36 +69,50 @@
     </mailingLists>
 
     <scm>
-        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/trunk</connection>
-        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/trunk</developerConnection>
-        <url>http://code.google.com/p/owasp-esapi-java/source/checkout</url>
+        <connection>scm:git:git://github.com/ESAPI/esapi-java-legacy.git</connection>
+        <developerConnection>scm:git:git@github.com:ESAPI/esapi-java-legacy.git</developerConnection>
+        <url>https://github.com/ESAPI/esapi-java-legacy</url>
     </scm>
 
     <issueManagement>
-        <system>Google Code Issue Tracking</system>
-        <url>http://code.google.com/p/owasp-esapi-java/issues/list</url>
+        <system>GitHub Issue Tracking</system>
+        <url>https://github.com/ESAPI/esapi-java-legacy/issues</url>
     </issueManagement>
 
     <developers>
         <developer>
             <name>Jeff Williams</name>
-            <organization>Aspect Security</organization>
+            <organization>Contrast Security</organization>
             <roles>
-                <role>Project Inventor</role>
+                <role>Project Founder</role>
             </roles>
         </developer>
         <developer>
-            <name>Chris Schmidt</name>
-            <organization>Aspect Security</organization>
+            <name>Kevin W. Wall</name>
+            <organization>Verisign</organization>
             <roles>
-                <role>Project Owner</role>
+                <role>Project Co-leader</role>
             </roles>
         </developer>
         <developer>
-            <name>Kevin W. Wall</name>
-            <organization>Wells Fargo</organization>
+          <name>Matt Seil</name>
+          <organization>OWASP</organization>
+          <roles>
+            <role>Project Co-leader</role>
+          </roles>
+        </developer>
+        <developer>
+            <name>Jeremiah J. Stacey</name>
+            <roles>
+                <role>JUnit SME</role>
+                <role>Jack of all trades, master of many</role>
+            </roles>
+        </developer>
+        <developer>
+            <name>Chris Schmidt</name>
+            <organization>Fluid Truck</organization>
             <roles>
-                <role>Project Manager</role>
+                <role>Former project co-leader</role>
             </roles>
         </developer>
     </developers>
@@ -103,7 +120,6 @@
     <contributors>
         <contributor>
             <name>Dave Wichers</name>
-            <organization>Aspect Security</organization>
         </contributor>
         <contributor>
             <name>Jim Manico</name>
@@ -112,105 +128,507 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <version.jmh>1.37</version.jmh>
+        <version.findsecbugs>2.0.0-M3</version.findsecbugs>
+        <version.fluido>2.0.0-M11</version.fluido>  <!-- Version 2.1.0 is available, but fails with this min Maven. -->
+        <version.powermock>2.0.9</version.powermock>
+        <version.spotbugs>4.9.3</version.spotbugs>
+        <version.spotbugs.maven>4.9.3.1</version.spotbugs.maven>
+        <version.surefire>3.5.3</version.surefire>
+        <project.java.target>1.8</project.java.target>
+            <!-- TODO: Be sure to update. Should be date of previous official release -->
+            <!-- Exact date in the form 'yyyy-dd-yy 00:00:00' should be used. You can find the previous release date -->
+            <!-- in the previous release notes file under the 'documentation/' directory. -->
+        <date.prev_release>2025-06-02 00:00:00</date.prev_release>
     </properties>
 
     <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>3.1.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet.jsp</groupId>
+            <artifactId>javax.servlet.jsp-api</artifactId>
+            <version>2.3.3</version>
+            <scope>provided</scope>
+            <!-- Note: Because this dependency is provided, this exclusion doesn't actually do anything.
+                 But we include it so the convergence report will report 100% convergence.
+                 Deleting this does not cause the convergence check to fail.
+            -->
+            <exclusions>
+                <exclusion>
+                    <groupId>javax.servlet</groupId>
+                    <artifactId>javax.servlet-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>xom</groupId>
+            <artifactId>xom</artifactId>
+            <version>1.3.9</version>
+            <exclusions>
+                <exclusion>
+                    <!-- xom tries to pull this in, but a newer version is in Java 7 and later
+                         so we want to exclude this transitive dependency. Don't need to include
+                         it explicity since we use the one from the JDK.
+                    -->
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <!-- We need to use 1.11.0 (or later) here to address various CVEs. -->
+            <version>1.11.0</version>
+            <!-- NOTE: commons-beanutils uses commons-collections 3.2.2. We use
+                 commons-collections 4.2. Package names are different so this shouldn't
+                 cause any problems as long as 3.x doesn't have any CVEs. May have to
+                 rethink / exclude / etc. if there are.
+                 -->
+        </dependency>
         <dependency>
             <groupId>commons-configuration</groupId>
             <artifactId>commons-configuration</artifactId>
             <version>1.10</version>
+            <exclusions>
+                <!-- excluded because multiple dependencies import newer version. -->
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+                <!-- Note: Because the following dependency is marked as provided to commons-configuration,
+                     this exclusion doesn't actually do anything. But we include it so the convergence report
+                     will report 100% convergence. Deleting this does not cause the convergence check to fail.
+                -->
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
-            <groupId>commons-beanutils</groupId>
-            <artifactId>commons-beanutils-core</artifactId>
-            <version>1.8.3</version>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>2.6</version>
         </dependency>
         <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.5</version>
+            <groupId>commons-fileupload</groupId>
+            <artifactId>commons-fileupload</artifactId>
+            <version>1.6.0</version>
+            <exclusions>
+                <!-- excluded because we directly import newer version below. -->
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-collections4</artifactId>
+            <version>4.5.0-M2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache-extras.beanshell</groupId>
+            <artifactId>bsh</artifactId>
+            <version>2.0b6</version>
+        </dependency>
+        <dependency>
+            <groupId>org.owasp.antisamy</groupId>
+            <artifactId>antisamy</artifactId>
+            <version>1.7.8</version>
+            <exclusions>
+                <!-- excluded because we directly import newer version below. -->
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+                <!-- excluded because commons-beanutils imports a newer version. -->
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>2.0.16</version>
+        </dependency>
+        <dependency>
+            <groupId>xml-apis</groupId>
+            <artifactId>xml-apis</artifactId>
+            <!-- 1.4.01 is NEWER THAN 2.0.2
+                Check the release dates in maven central
+                https://mvnrepository.com/artifact/xml-apis/xml-apis
+
+                DO NOT UPDATE THIS DEPENDENCY
+                 -->
+            <version>1.4.01</version>
+        </dependency>
+
+        <!-- SpotBugs dependencies -->
+        <dependency>
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs-annotations</artifactId>
+            <version>${version.spotbugs}</version>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Dependencies which are ONLY used for JUnit tests -->
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.17.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-            <version>2.5</version>
-            <scope>provided</scope>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.13.2</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.hamcrest</groupId>
+                    <artifactId>hamcrest-core</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>jsp-api</artifactId>
-            <version>2.0</version>
-            <scope>provided</scope>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk18on</artifactId>
+            <version>1.78.1</version>
+            <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.3.1</version>
-            <scope>compile</scope>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-core</artifactId>
+            <version>2.2</version>
+            <scope>test</scope>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
         <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.4</version>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-api-mockito2</artifactId>
+            <version>${version.powermock}</version>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.mockito</groupId>
+                    <artifactId>mockito-core</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+        <!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with
+             another import by a dependency of powermock-api-mockito2. -->
         <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <version>3.2.1</version>
-            <scope>compile</scope>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <!-- Cannot upgrade past 3.x due to PowerMock compatibility
+            https://github.com/powermock/powermock/issues/1109
+             -->
+            <version>3.12.4</version>
+            <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>1.2.16</version>
-            <scope>compile</scope>
-            <type>jar</type>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-core</artifactId>
+            <version>${version.powermock}</version>
+            <scope>test</scope>
+            <exclusions>
+                 <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy-agent</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
-            <groupId>xom</groupId>
-            <artifactId>xom</artifactId>
-            <version>1.2.5</version>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-module-junit4</artifactId>
+            <version>${version.powermock}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>junit</groupId>
+                    <artifactId>junit</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.hamcrest</groupId>
+                    <artifactId>hamcrest-core</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
-            <groupId>org.beanshell</groupId>
-            <artifactId>bsh-core</artifactId>
-            <version>2.0b4</version>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-reflect</artifactId>
+            <version>${version.powermock}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.objenesis</groupId>
+                    <artifactId>objenesis</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy-agent</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
-            <groupId>org.owasp.antisamy</groupId>
-            <artifactId>antisamy</artifactId>
-            <version>1.5.3</version>
+            <groupId>org.openjdk.jmh</groupId>
+            <artifactId>jmh-core</artifactId>
+            <version>${version.jmh}</version>
+            <scope>test</scope>
         </dependency>
     </dependencies>
 
     <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-assembly-plugin</artifactId>
+                    <version>3.7.1</version>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-dependency-plugin</artifactId>
+                    <version>3.8.1</version>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-release-plugin</artifactId>
+                    <version>3.1.1</version>
+                </plugin>
+                <plugin>
+                     <groupId>org.codehaus.mojo</groupId>
+                     <artifactId>versions-maven-plugin</artifactId>
+                     <version>2.18.0</version>
+                     <configuration>
+                         <rulesUri>file:${project.basedir}/versionRuleset.xml</rulesUri>
+                     </configuration>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+
         <plugins>
             <plugin>
+              <groupId>org.sonatype.central</groupId>
+              <artifactId>central-publishing-maven-plugin</artifactId>
+              <version>0.9.0</version>
+              <extensions>true</extensions>
+              <configuration>
+                <deploymentName>${project.name}-${project.version}</deploymentName>
+                <publishingServerId>central</publishingServerId>
+              </configuration>
+            </plugin>
+                <!-- Create SBOM -->
+            <plugin>
+                <groupId>org.cyclonedx</groupId>
+                <artifactId>cyclonedx-maven-plugin</artifactId>
+                <version>2.9.1</version>
+                <executions>
+                  <execution>
+                    <phase>package</phase>
+                    <goals><goal>makeBom</goal></goals>
+                  </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>${version.spotbugs.maven}</version>
+                <dependencies>
+                  <!-- Overwrite dependency on SpotBugs if you want to specify the version of SpotBugs.
+                       SpotBugs itself is frequently several versions ahead of the spotbugs-maven-plugin -->
+                  <dependency>
+                    <groupId>com.github.spotbugs</groupId>
+                    <artifactId>spotbugs</artifactId>
+                    <version>${version.spotbugs}</version>
+                  </dependency>
+                </dependencies>
+            </plugin>
+
+            <plugin>
+                <groupId>com.h3xstream.findsecbugs</groupId>
+                <artifactId>findsecbugs-plugin</artifactId>
+                <version>${version.findsecbugs}</version>
+            </plugin>
+            <plugin>
+                <groupId>io.github.weblegacy</groupId>
+                <artifactId>taglib-maven-plugin</artifactId>
+                <version>2.6</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-changelog-plugin</artifactId>
+                    <!-- 3.0.0-M1 is a "milestone" release, which is generally
+                         to an alpha or beta release. Normally we would avoid
+                         those, but generating a changelog is not an essential
+                         task, so we're fine with this.
+                    -->
+                <version>3.0.0-M1</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-clean-plugin</artifactId>
+                <version>3.5.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.1</version>
+                <version>3.14.0</version>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>${project.java.target}</source>
+                    <target>${project.java.target}</target>
+                    <testSource>${project.java.target}</testSource>
+                    <testTarget>${project.java.target}</testTarget>
                     <debug>true</debug>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>false</showDeprecation>
+                    <compilerArgs>
+                        <!-- This fails:
+                                <arg>-Xmaxwarns 2000</arg>
+                             Must be passed as two separate args, as shown
+                             below.
+                         -->
+                        <arg>-Xmaxwarns</arg>
+                        <arg>2000</arg>
+                        <arg>
+                            <!-- Eventually desire is to use just
+                                    -Xlint:all
+                                 here, but for now, this is just to cross off
+                                 another criteria for CII Badging process.
+                                 However, this is main reason we increased
+                                 maxwarns above.
+                            -->
+                            -Xlint:all,-deprecation,-rawtypes,-unchecked
+                        </arg>
+                     </compilerArgs>
                 </configuration>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-eclipse-plugin</artifactId>
-                <version>2.9</version>
+                <version>2.10</version>
                 <configuration>
                     <downloadSources>true</downloadSources>
                 </configuration>
             </plugin>
 
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>3.5.0</version>
+                <dependencies>
+                  <dependency>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>extra-enforcer-rules</artifactId>
+                    <version>1.10.0</version>
+                  </dependency>
+                  <dependency>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>animal-sniffer-enforcer-rule</artifactId>
+                    <version>1.24</version>
+                  </dependency>
+                </dependencies>
+
+                <executions>
+                    <execution>
+                        <id>enforce-maven</id>
+                        <goals><goal>enforce</goal></goals>
+                        <configuration>
+                          <rules>
+                            <requireMavenVersion>
+                              <version>[3.6.3,)</version>
+                              <message>Building ESAPI 2.x now requires Maven 3.6.3 or later.</message>
+                            </requireMavenVersion>
+                          </rules>
+                        </configuration>
+                    </execution>
+                    <execution>
+                      <id>check-java-versions</id>
+                      <phase>compile</phase>
+                      <goals><goal>enforce</goal></goals>
+                      <configuration>
+                        <rules>
+                          <dependencyConvergence/>
+                          <requireJavaVersion>
+                            <version>${project.java.target}</version>
+                            <message>
+                                ESAPI 2.x now uses the JDK1.8 for its baseline. Please make sure that your
+                                JAVA_HOME environment variable is pointed to a JDK1.8 or later distribution.
+                            </message>
+                          </requireJavaVersion>
+                          <enforceBytecodeVersion>
+                            <maxJdkVersion>${project.java.target}</maxJdkVersion>
+                            <ignoreOptionals>true</ignoreOptionals>
+                            <ignoredScopes/><!--  'test' scopes not ignored so we can actually test on Java 8. -->
+                            <message>Dependencies shouldn't require Java 9+</message>
+                          </enforceBytecodeVersion>
+                        </rules>
+                        <fail>true</fail>
+                      </configuration>
+                    </execution>
+                    <execution>
+                      <id>check-java8API-signatures</id>
+                      <phase>compile</phase>
+                      <goals><goal>enforce</goal></goals>
+                      <configuration>
+                        <rules>
+                          <checkSignatureRule implementation="org.codehaus.mojo.animal_sniffer.enforcer.CheckSignatureRule">
+                            <signature>
+                              <groupId>org.codehaus.mojo.signature</groupId>
+                              <!-- Check against Java 8 API -->
+                              <artifactId>java18</artifactId>
+                              <version>1.0</version>
+                            </signature>
+                          </checkSignatureRule>
+                        </rules>
+                      </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>3.2.7</version>
+                <executions>
+                  <execution>
+                    <id>sign-artifacts</id>
+                    <phase>verify</phase>
+                    <goals> <goal>sign</goal> </goals>
+                  </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>3.1.4</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>2.4</version>
+                <version>3.4.2</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -221,19 +639,136 @@
                 </configuration>
             </plugin>
 
-            <!-- Check for updates to dependencies and report on them. -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>3.11.2</version>
+               <configuration>
+                 <source>8</source>
+                 <doclint>none</doclint>    <!-- none, missing, simple, or all -->
+               </configuration>
+               <!-- generate esapi-VERSION.javadoc.jar -->
+               <executions>
+                 <execution>
+                   <id>attach-javadocs</id>
+                   <phase>package</phase>
+                   <goals><goal>jar</goal></goals>
+                 </execution>
+               </executions>
+            </plugin>
+
+            <plugin>
+              <groupId>org.apache.maven.plugins</groupId>
+              <artifactId>maven-jxr-plugin</artifactId>
+              <version>3.6.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-pmd-plugin</artifactId>
+                <version>3.27.0</version>
+            </plugin>
+
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-project-info-reports-plugin</artifactId>
+               <version>3.9.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>3.3.1</version>
+            </plugin>
+
+            <plugin>
+                <!-- Note: This uses the maven-fluido-skin version specified next.
+                     The skin is referenced in src/site/site.xml. -->
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-site-plugin</artifactId>
+                <version>4.0.0-M16</version>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.apache.maven.skins</groupId>
+                        <artifactId>maven-fluido-skin</artifactId>
+                        <version>${version.fluido}</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-source-plugin</artifactId>
+               <version>3.3.1</version>
+               <executions>
+                 <execution>
+                   <id>attach-sources</id>
+                   <phase>package</phase>
+                   <goals><goal>jar-no-fork</goal></goals>
+                 </execution>
+               </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>${version.surefire}</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>${version.surefire}</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
+                <artifactId>cobertura-maven-plugin</artifactId>
+                <version>2.7</version>
+                <configuration>
+                    <formats>
+                        <format>html</format>
+                        <format>xml</format>
+                    </formats>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>io.github.jiangxincode</groupId>
+                <artifactId>jdepend-maven-plugin</artifactId>
                 <version>2.1</version>
+            </plugin>
+            <plugin>
+                <groupId>org.eluder.coveralls</groupId>
+                <artifactId>coveralls-maven-plugin</artifactId>
+                <version>4.3.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <!-- Version 12.x is the latest, but 10.0.4 is the latest that we can use beccause 11.x has a breaking
+                     change that requires Java 11 or later and our mimimal JDK is Java 8.
+                -->
+                <!-- Note: As of 2025-05-18, I (kwwall) unable to get:
+                        $ mvn -B org.owasp:dependency-check-maven:check
+                    to work with OpenJDK 8 even though this same version of the Dependency Check plugin worked the previous
+                    ESAPI release last November. I do not have time presently to track the reason for this down, but will
+                    try to follow up with the OWASP Depencency Check team. In the meantime, I thought I would mention it
+                    in case someone else tried it and ran into the problem. It is non-essential though, since I also use
+                    GHAS Dependabot and Snyk SCA tools to monitor unpatched vulnerabilities in ESAPI dependencies.
+                -->
+                <version>10.0.4</version>
+                <configuration>
+                    <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
+                    <failBuildOnCVSS>1.0</failBuildOnCVSS>
+                    <suppressionFiles>./suppressions.xml</suppressionFiles>
+                </configuration>
                 <executions>
                     <execution>
-                        <id>check-for-dependency-updates</id>
-                        <phase>compile</phase> <!-- Eclipse q4e plugin needs this -->
                         <goals>
-                            <goal>display-dependency-updates</goal>
-                            <goal>display-plugin-updates</goal>
-                            <!--<goal>display-property-updates</goal>-->
+                            <goal>purge</goal>
+                            <!-- <goal>check</goal> -->
                         </goals>
                     </execution>
                 </executions>
@@ -244,74 +779,84 @@
 
     <reporting>
         <plugins>
+         <plugin>
+                <groupId>io.github.weblegacy</groupId>
+                <artifactId>taglib-maven-plugin</artifactId>
+            </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>2.5.3</version>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-changelog-plugin</artifactId>
                 <configuration>
-                    <findbugsXmlOutput>true</findbugsXmlOutput>
-                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
-                    <xmlOutput>true</xmlOutput>
-                    <threshold>Low</threshold>
-                    <effort>Max</effort>
-                    <relaxed>false</relaxed>
+                    <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
+                    <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
+                    <type>date</type>
+                    <dates>
+                        <!-- TODO: Be sure to update. Should be date of 10revious official release -->
+                        <!-- Exact date should be in previous release notes file under 'documentation/' directory. -->
+                        <date>${date.prev_release}</date>
+                    </dates>
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>2.6</version>
+                <!-- Generate /site/apidocs and /site/testapidocs -->
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
                 <configuration>
-                    <formats>
-                        <format>html</format>
-                        <format>xml</format>
-                    </formats>
+                    <doclint>none</doclint>
+                    <source>8</source>
+                    <failOnError>true</failOnError>
+                    <failOnWarnings>true</failOnWarnings>
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>jdepend-maven-plugin</artifactId>
-                <version>2.0</version>
+              <!-- This plugin required in reporting section, as other maven reporting plugins use the Source XRef this plugin generates.
+                   Without it, you get these errors when running mvn site: [WARNING] Unable to locate Source XRef to link to - DISABLED -->
+              <groupId>org.apache.maven.plugins</groupId>
+              <artifactId>maven-jxr-plugin</artifactId>
             </plugin>
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.1</version>
                 <configuration>
-                    <targetJdk>1.5</targetJdk>
+                    <targetJdk>${project.java.target}</targetJdk>
                     <sourceEncoding>utf-8</sourceEncoding>
+                    <!-- excludeFromFailureFile>exclude-pmd.properties</excludeFromFailureFile -->
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.9.1</version>
-                <configuration>
-                    <detectJavaApiLink>false</detectJavaApiLink>
-                    <detectLinks>false</detectLinks>
-                </configuration>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-project-info-reports-plugin</artifactId>
+               <reportSets>
+                 <reportSet>
+                   <reports>
+                     <report>index</report>
+                     <report>dependency-convergence</report>
+                   </reports>
+                 </reportSet>
+               </reportSets>
+               <configuration>
+                 <!-- setting this is supposed to make generating this report much faster, but didn't affect me without it, so I turned it off (DRW) -->
+                 <!-- dependencyLocationsEnabled>false</dependencyLocationsEnabled -->
+               </configuration>
             </plugin>
             <plugin>
-                <groupId>net.sourceforge.maven-taglib</groupId>
-                <artifactId>maven-taglib-plugin</artifactId>
-                <version>2.4</version>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-changelog-plugin</artifactId>
-                <version>2.2</version>
-                <configuration>
-                    <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
-                    <issueLinkUrl>http://code.google.com/p/owasp-esapi-java/issues/detail?id=%ISSUE%</issueLinkUrl>
-                    <type>date</type>
-                    <dates>
-                        <date>2013-09-02 00:00:00</date>
-                    </dates>
-                </configuration>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <!--  Using this introduces these errors: Skipped "JDepend" report (jdepend-maven-plugin:2.0:generate), file "jdepend-report.html" already exists.
+                      but don't know how to eliminate them, without disabling this plugin. -->
+                <groupId>io.github.jiangxincode</groupId>
+                <artifactId>jdepend-maven-plugin</artifactId>
             </plugin>
+            <!-- Check for available updates to dependencies and report on them. -->
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.1</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -322,24 +867,12 @@
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.owasp</groupId>
-                <artifactId>dependency-check-maven</artifactId>
-                <version>1.1.4</version>
-                <configuration>
-                    <externalReport>false</externalReport>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>2.17</version>
-            </plugin>
+
         </plugins>
     </reporting>
 
     <profiles>
-        <profile>
+       <profile>
             <!-- Activate to sign jars and build distributable download. -->
             <id>dist</id>
 
@@ -354,118 +887,43 @@
                 </property>
             </activation>
 
-            <distributionManagement>
-                <snapshotRepository>
-                    <id>sonatype-nexus-snapshots</id>
-                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-                </snapshotRepository>
-                <repository>
-                    <id>sonatype-nexus-staging</id>
-                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
-                </repository>
-            </distributionManagement>
-
             <build>
                 <plugins>
 
-                    <!-- Signs all artifacts prior to deploying to maven central -->
                     <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.5</version>
+                        <artifactId>maven-jar-plugin</artifactId>
+<!--
                         <executions>
                             <execution>
-                                <id>sign-artifacts</id>
-                                <phase>deploy</phase>
+                                <phase>package</phase>
                                 <goals>
                                     <goal>sign</goal>
                                 </goals>
-                                <configuration>
-                                    <keyname>9F460575</keyname>
-                                </configuration>
                             </execution>
                         </executions>
-                    </plugin>
-					
-					<plugin>
-						<groupId>org.apache.maven.plugins</groupId>
-						<artifactId>maven-jar-plugin</artifactId>
-						<version>2.4</version>
-<!--
-						<executions>
-							<execution>
-								<phase>package</phase>
-								<goals>
-									<goal>sign</goal>
-								</goals>
-							</execution>
-						</executions>
 -->
-						<configuration>
+                        <configuration>
 <!--
-							<keystore>codesign.keystore</keystore>
-							<alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
-							<verify>true</verify>
+                            <keystore>codesign.keystore</keystore>
+                            <alias>OWASP Foundation, Inc.'s GoDaddy.com ID</alias>
+                            <verify>true</verify>
 -->
-							<archive>
-								<manifest>
-									<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
-									<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
-								</manifest>
-								<manifestEntries>
-									<Sealed>true</Sealed>
-								</manifestEntries>
-							</archive>
-						</configuration>
-					</plugin>
-					
-                    <!-- Baseline for ESAPI 2.1 is JDK1.6 - Enforces that a JDK1.6 compiler is being
-                         used to build this release -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-enforcer-plugin</artifactId>
-                        <version>1.3.1</version>
-                        <executions>
-                            <execution>
-                                <id>enforce-jdk-version</id>
-                                <goals>
-                                    <goal>enforce</goal>
-                                </goals>
-                                <configuration>
-                                    <rules>
-                                        <requireJavaVersion>
-                                            <version>1.6</version>
-                                            <message>
-                                                ESAPI 2.1 uses the JDK1.6 for it's baseline. Please make sure that your
-                                                JAVA_HOME environment variable is pointed to a JDK1.6 distribution.
-                                            </message>
-                                        </requireJavaVersion>
-                                    </rules>
-                                </configuration>
-                            </execution>
-                        </executions>
-                    </plugin>
-
-                    <!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>2.9.1</version>
-                        <executions>
-                            <execution>
-                                <id>attach-javadocs</id>
-                                <goals>
-                                    <goal>jar</goal>
-                                </goals>
-                            </execution>
-                        </executions>
+                            <archive>
+                                <manifest>
+                                    <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                                    <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+                                </manifest>
+                                <manifestEntries>
+                                    <Sealed>true</Sealed>
+                                </manifestEntries>
+                            </archive>
+                        </configuration>
                     </plugin>
 
                     <!-- For building the distribution zip file. -->
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-assembly-plugin</artifactId>
-                        <version>2.4</version>
                         <configuration>
                             <descriptors>
                                 <descriptor>src/main/assembly/dist.xml</descriptor>
@@ -484,17 +942,89 @@
 
                     <!-- Performs a full release. See release documentation for information on how to
                          perform an ESAPI release using Maven -->
+            <!--
+                 mvn release:prepare was not working as expected, so I'm commenting this out and we
+                 are doing all this SCM magic manually for now.  - kevin wall, 2019-04-09
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-release-plugin</artifactId>
-                        <version>2.5</version>
                         <configuration>
-                            <tagBase>https://owasp-esapi-java.googlecode.com/svn/tags/releases/</tagBase>
+                            <tagBase>https://github.com/ESAPI/esapi-java-legacy/tags</tagBase>
                         </configuration>
                     </plugin>
+            -->
 
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>jakarta</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.eclipse.transformer</groupId>
+                        <artifactId>transformer-maven-plugin</artifactId>
+                        <version>0.5.0</version>    <!-- 1.0.0 is available, but requires newer JDK than ESAPI minimum. -->
+                        <extensions>true</extensions>
+                        <configuration>
+                            <rules>
+                                <jakartaDefaults>true</jakartaDefaults>
+                            </rules>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <id>default-jar</id>
+                                <goals>
+                                    <goal>jar</goal>
+                                </goals>
+                                <configuration>
+                                    <classifier>jakarta</classifier>
+                                    <artifact>
+                                        <groupId>org.owasp.esapi</groupId>
+                                        <artifactId>esapi</artifactId>
+                                        <version>${project.version}</version>
+                                    </artifact>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>javadoc-jar</id>
+                                <goals>
+                                    <goal>jar</goal>
+                                </goals>
+                                <configuration>
+                                    <skip>false</skip>
+                                    <classifier>jakarta-javadoc</classifier>
+                                    <artifact>
+                                        <groupId>org.owasp.esapi</groupId>
+                                        <artifactId>esapi</artifactId>
+                                        <version>${project.version}</version>
+                                        <classifier>javadoc</classifier>
+                                    </artifact>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>source-jar</id>
+                                <goals>
+                                    <goal>jar</goal>
+                                </goals>
+                                <configuration>
+                                    <skip>false</skip>
+                                    <classifier>jakarta-sources</classifier>
+                                    <artifact>
+                                        <groupId>org.owasp.esapi</groupId>
+                                        <artifactId>esapi</artifactId>
+                                        <version>${project.version}</version>
+                                        <classifier>sources</classifier>
+                                    </artifact>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 </project>
diff --git a/scripts/README.txt b/scripts/README.txt
new file mode 100644
index 000000000..0e28bb29c
--- /dev/null
+++ b/scripts/README.txt
@@ -0,0 +1,16 @@
+This directory is for utilities used for building / packaging / releasing ESAPI.
+
+The scripts and configuration files in this directory are mostly used to create ESAPI release notes.
+(The 2 'mvnQuietTest' scripts are the major exceptions to that.)
+
+========================
+
+README.txt          -- This readme file.
+mvnQuietTest.bat    -- Run 'mvn test' from DOS cmd prompt with logSpecial output suppressed.
+mvnQuietTest.sh     -- Run 'mvn test' from bash with logSpecial output suppressed.
+createVarsFile.sh   -- Bash script to create a vars.2.x.y.z file that is 'sourced' by the 'newReleaseNotes.sh' script.
+esapi4java-core-TEMPLATE-release-notes.txt - Basic template used to create the new release notes file.
+newReleaseNotes.sh  -- Bash script to create the release notes boillerplate from the provided release argument and the TEMPLATE file.
+vars.2.?.?.?        -- File that is 'sourced' (as in "source ./filename") and used with newReleaseNotes.sh
+                       and is associated with the release number associated with the file name.
+vars.template       -- Template to construct the release specific vars files
diff --git a/scripts/createVarsFile.sh b/scripts/createVarsFile.sh
new file mode 100755
index 000000000..ad19a5747
--- /dev/null
+++ b/scripts/createVarsFile.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+# Purpose: Answer some questions and provide a new 'vars.<version>' from 'vars.template' to use for creating release notes.
+
+prog="${0##*/}"
+
+function iprompt    # prompt_message
+{
+    typeset ANS
+    read -p "$@ (y|n): " ANS
+    case "$ANS" in
+    [Yy]|[Yy][Ee][Ss])  return 0    ;;
+    *)  return 1    ;;
+    esac
+}
+
+read -p "Enter release # for NEW ESAPI version you are doing release notes for: " VERSION
+if [[ -f "vars.$VERSION" ]]
+then
+    iprompt "File 'vars.$VERSION' already exists. Continuing will overwrite it.  Continue?" || exit 1
+fi
+
+
+read -p "Enter release # for the PREVIOUS ESAPI version: " PREV_VERSION
+read -p "Enter (planned) release date of NEW / current version you are preparing in YYYY-MM-DD format: " YYYY_MM_DD_RELEASE_DATE
+read -p "Enter release date of PREVIOUS ESAPI version in YYYY-MM-DD format: " PREV_RELEASE_DATE
+
+echo You entered:
+echo =================================================
+echo VERSION=$VERSION
+echo PREV_VERSION=$PREV_VERSION
+echo YYYY_MM_DD_RELEASE_DATE=$YYYY_MM_DD_RELEASE_DATE
+echo PREV_RELEASE_DATE=$PREV_RELEASE_DATE
+echo =================================================
+echo
+
+if iprompt "Are ALL your previous answers correct?"
+then
+    # Create the new    vars.${VERSION} file based on vars.template
+    sed -e "s/^VERSION/VERSION=$VERSION/" \
+        -e "s/^PREV_VERSION/PREV_VERSION=$PREV_VERSION/" \
+        -e "s/^YYYY_MM_DD_RELEASE_DATE/YYYY_MM_DD_RELEASE_DATE=$YYYY_MM_DD_RELEASE_DATE/" \
+        -e "s/^PREV_RELEASE_DATE/PREV_RELEASE_DATE=$PREV_RELEASE_DATE/" \
+                vars.template > "vars.$VERSION"
+else
+    echo "$prog: Aborting. Rerun the script to correct your answers." >&2
+    exit 1
+fi
diff --git a/scripts/esapi4java-core-TEMPLATE-release-notes.txt b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
new file mode 100644
index 000000000..d03f64be6
--- /dev/null
+++ b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
@@ -0,0 +1,151 @@
+@@@@ IMPORTANT: Be sure to 1) save in DOS text format, and 2) Delete this line and others starting with @@@@
+@@@@             Edit this file in vim with       :set tw=0
+@@@@            Meant to be used with   scripts/newReleaseNotes.sh and the 'vars.*' scripts there.
+@@@@    There are specific references to ESAPI 2.5.0.0 and other old releases in this file. Do NOT change the version #s. They are there for a reason.
+Release notes for ESAPI ${VERSION}
+    Release date: ${YYYY_MM_DD_RELEASE_DATE}
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI ${PREV_VERSION}, ${PREV_RELEASE_DATE}
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+@@@@ View previous release notes to see examples of what to put here. This is typical. YMMV.
+@@@@ Obviously, you should summarize any major changes / new features here.
+This is a patch release with the primary intent of updating some dependencies, some with known vulnerabilities. Details follow.
+@@@@ Provide a sentence or to
+
+Notes if you are not updating from the immediate previous release. release ${PREV_VERSION}:
+    * You need to read through the series of release notes FIRST, going in order.
+    * For example, if you were updating from an older ESAPI release (say, 2.3.0.0), you should go back and FIRST read all the subsequent release notes in turn. For instance, if you are currently on release 2.3.0.0 and upgrading to (say) release 2.x.y.z, you should MINIMALLY read the sections "Changes Requiring Special Attention" in each of the subsequent release notes. So, going from release 2.3.0.0 to 2.x.y.z, you should in turn, read:
+
+    esapi4java-core-2.4.0.0-release-notes.txt
+    esapi4java-core-2.5.0.0-release-notes.txt
+    esapi4java-core-2.5.1.0-release-notes.txt
+    esapi4java-core-2.5.2.0-release-notes.txt
+    ...etc., up through the current set of release notes...
+    esapi4java-core-2.x.y.z-release-notes.txt
+
+in that order. YOU HAVE BEEN WARNED!!! (These release notes are too large to put all this in a given document; very few read them thoroughly as it is.)
+
+If your SCA tool is reporting any CVE from a direct or transitive dependency in ESAPI, before reporting it as an GitHub issue, please make sure that you review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md. Please email us or contact us in our GitHub Discussions page if you have questions about this. See also the SECURITY.md file to report any security issues with ESAPI.
+
+You are encouraged to review the vulnerability analysis written up in https://github.com/ESAPI/esapi-java-legacy/blob/develop/Vulnerability-Summary.md and email us or contact us in our GitHub Discussions page if you have questions.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI ${PREV_VERSION} release:
+@@@@ Look up the figures from the previous release notes.
+    #### Java source files
+    #### JUnit tests in #### Java test files
+
+ESAPI ${VERSION} release:
+@@@@ Count them and run 'mvn test' to get the # of tests.
+@@@@ Count Java source files by executing:
+@@@@        find src/main -type f -name '*.java' | wc -l
+    #### Java source files
+    #### JUnit tests in #### Java source files
+
+XXX GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D${PREV_RELEASE_DATE})
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+@@@@ Capture issue #s and 1 line desription from above GitHub url
+@@@@ Insert here and massage until it looks pretty. Recommend alignment with spaces instead of tabs.
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+@@@@ NOTE any special notes here. Probably leave this one, but I would suggest noting additions BEFORE this.
+
+Important JDK Support Announcement
+* ESAPI 2.3.0.0 was the last Java release to support Java 7. ESAPI 2.4.0 requires using Java 8 or later. See the ESAPI 2.4.0.0 release notes (https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.4.0.0-release-notes.txt) for details as to the reason.
+    - This means if your project requires Java 7, you must use ESAPI 2.3.0.0 or earlier.
+
+Important ESAPI Logging Changes
+
+* Since ESAPI 2.5.0.0, support for logging directly via Log4J 1 has been removed. (This was two years after it haveing first been deprecated.) Thus, you only choice of ESAPI logging are
+    - java.util.logging (JUL), which as been the default since ESAPI 2.2.1.0.
+        * Set ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory in your ESAPI.properties file.
+    - SLF4J (which your choice of supported SLF4J logging implemmentation)
+        * Set ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory in your ESAPI.properties file.
+* Logger configuration notes - If you are migrating from prior to ESAPI 2.2.1.1, you will need to update your ESAPI.properties file as logging-related configuration as per the ESAPI 2.2.1.1 release notes, which may be found at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.1.1-release-notes.txt#L39-L78
+
+If you use ESAPI 2.5.0.0 or later, you will get an ClassNotFoundException as the root cause if you still have your ESAPI.Logger property set to use Log4J because the org.owasp.esapi.logger.log4j.Log4JFactory class has been completely removed from the ESAPI jar.  If you are dead set on continuing to use Log4J 1, you ought to be able to do so via SLF4J. The set up for Log4J 1 (which has not be tested), should be similar to configure ESAPI to use SLF4J with Log4J 2 as described here:
+    https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#slf4j-using-log4j-2x
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+None known, other than the remaining open issues on GitHub.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Changes since last release ${PREV_VERSION} and ${VERSION}, i.e., changes between ${PREV_RELEASE_DATE} and ${YYYY_MM_DD_RELEASE_DATE}).
+
+    Note: I am no longer going to provide the 'Developer Activity Report' that I used to this manually create in tabluar form. This is in part because I use to use 'mvn site' to assist with its creation, but neither the 'Developer Activiity' nor 'File Activity' sections of the 'mvn site' output is currently working.
+
+          That said, I don't care as this was always a major PITA and I think it had dubious value to start with.
+
+          Therefore, I am replacing it to a stock GitHub tag comparison of the current and previous release, which I can automate.
+
+    Please see,
+
+        https://github.com/ESAPI/esapi-java-legacy/compare/esapi-${PREVIOUS_VERSION}...esapi-${VERSION}
+
+    for details. It contains all the information that the previous 'Developer Activity Reports' did and then some.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=${PREV_RELEASE_DATE} --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (${PREV_VERSION}) release.
+
+    Alternately, you can download the most recent ESAPI source and run
+
+        mvn site
+
+    which will create a CHANGELOG file named 'target/site/changelog.html'
+
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+@@@@ Include output from 'mvn -B dependency:tree' here
+@@@@ RECOMMENDATION: Run the above only after ensuring you are using the latest 
+@@@@                 plugins and dependencies so you only have to do this once.
+@@@@                 Check via:
+@@@@                    mvn -U versions:display-plugin-updates
+@@@@                    mvn -U versions:display-dependency-updates
+@@@@                    mvn -U versions:display-property-updates
+
+-----------------------------------------------------------------------------
+
+@@@@ Review these notes, especially the reference to the AntiSamy version information.
+Acknowledgments:
+    Another hat tip to Dave Wichers and the AntiSamy crew for promptly releasing AntiSamy 1.7.0.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/scripts/mvnQuietTest.bat b/scripts/mvnQuietTest.bat
new file mode 100644
index 000000000..ccf76dcb1
--- /dev/null
+++ b/scripts/mvnQuietTest.bat
@@ -0,0 +1,8 @@
+@ECHO off
+rem Purpose: Run      'mvn test'      with system property
+rem                       'org.owasp.esapi.logSpecial.discard'
+rem          set to true, so that all of the logSpecial output is suppressed.
+rem          This reduces the total output of 'mvn test' by about 2000 or so
+rem          lines.
+
+mvn -Dorg.owasp.esapi.logSpecial.discard=true test %*
diff --git a/scripts/mvnQuietTest.sh b/scripts/mvnQuietTest.sh
new file mode 100644
index 000000000..b66ca2913
--- /dev/null
+++ b/scripts/mvnQuietTest.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Purpose: Run      'mvn test'      with system property
+#                       'org.owasp.esapi.logSpecial.discard'
+#          set to true, so that all of the logSpecial output is suppressed.
+#          This reduces the total output of 'mvn test' by about 2000 or so
+#          lines.
+
+exec mvn -Dorg.owasp.esapi.logSpecial.discard=true test $@
diff --git a/scripts/newReleaseNotes.sh b/scripts/newReleaseNotes.sh
new file mode 100755
index 000000000..c9f3d351a
--- /dev/null
+++ b/scripts/newReleaseNotes.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Purpose: Provide an assistance towards writing new ESAPI release notes. Still a lot of manual editing though.
+#
+# Usage: ./newReleaseNotes.sh new_esapi_vers_#
+#        Should be run from the 'scripts' directory.
+
+prog=${0##*/}
+template="esapi4java-core-TEMPLATE-release-notes.txt"
+
+newVers=${1?Missing new ESAPI version number}
+
+if [[ -r vars.${newVers} ]]
+then    source vars.${newVers}
+else    echo "$prog: Can't find vars.${newVers} to source. Did you forget to create it based on vars.template?" >&2
+        echo "      Execute './createVarsFile.sh' from the 'scripts' directory to create vars.${newVers}." >&2
+        exit 1
+fi
+
+hereDocBanner="__________@@@@@___@@@@@__________"
+tmpfile="/tmp/relNotes.$$"
+trap "rm $tmpfile" EXIT
+
+if [[ -r $template ]]
+then
+        echo "#!/bin/bash"  > $tmpfile
+        echo "source vars.${newVers}" >> $tmpfile
+        echo "set -o allexport" >> $tmpfile
+        echo "cat >esapi4java-core-${VERSION}-release-notes.txt <<${hereDocBanner}" >> $tmpfile
+        cat $template >> $tmpfile
+        echo "${hereDocBanner}" >> $tmpfile
+        echo "ls -l esapi4java-core-${VERSION}-release-notes.txt" >> $tmpfile
+        bash $tmpfile
+else    echo "$prog: Can't find or read release notes template file $template" >&2
+        exit 1
+fi
+
+echo
+echo "Now move the file 'esapi4java-core-${VERSION}-release-notes.txt' to the 'documenation/' directory" 
+echo "and finish editing it there. Be sure to remove all the instructional lines starting with @@@"
+echo "before committing it to GitHub."
diff --git a/scripts/vars.2.2.3.0 b/scripts/vars.2.2.3.0
new file mode 100644
index 000000000..7c43cccef
--- /dev/null
+++ b/scripts/vars.2.2.3.0
@@ -0,0 +1,13 @@
+# Do NOT edit this file directly. It will be created by the new newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.2.3.0
+
+# Previous ESAPI version
+PREV_VERSION=2.2.2.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2021-03-23
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2021-11-27
diff --git a/scripts/vars.2.2.3.1 b/scripts/vars.2.2.3.1
new file mode 100644
index 000000000..284e4f7fc
--- /dev/null
+++ b/scripts/vars.2.2.3.1
@@ -0,0 +1,13 @@
+# Do NOT edit this file directly. It will be created by the new newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.2.3.1
+
+# Previous ESAPI version
+PREV_VERSION=2.2.3.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2021-05-07
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2021-03-23
diff --git a/scripts/vars.2.3.0.0 b/scripts/vars.2.3.0.0
new file mode 100644
index 000000000..4695f1f6f
--- /dev/null
+++ b/scripts/vars.2.3.0.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.3.0.0
+
+# Previous ESAPI version
+PREV_VERSION=2.2.3.1
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2022-04-16
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2021-05-07
diff --git a/scripts/vars.2.4.0.0 b/scripts/vars.2.4.0.0
new file mode 100644
index 000000000..9e2f84ded
--- /dev/null
+++ b/scripts/vars.2.4.0.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.4.0.0
+
+# Previous ESAPI version
+PREV_VERSION=2.3.0.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2022-04-24
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2022-04-16
diff --git a/scripts/vars.2.5.0.0 b/scripts/vars.2.5.0.0
new file mode 100644
index 000000000..4d33532ea
--- /dev/null
+++ b/scripts/vars.2.5.0.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.5.0.0
+
+# Previous ESAPI version
+PREV_VERSION=2.4.0.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2022-07-20
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2022-04-24
diff --git a/scripts/vars.2.5.1.0 b/scripts/vars.2.5.1.0
new file mode 100644
index 000000000..ab72bcf74
--- /dev/null
+++ b/scripts/vars.2.5.1.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.5.1.0
+
+# Previous ESAPI version
+PREV_VERSION=2.5.0.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2022-11-27
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2022-07-20
diff --git a/scripts/vars.2.5.2.0 b/scripts/vars.2.5.2.0
new file mode 100644
index 000000000..750ab57b8
--- /dev/null
+++ b/scripts/vars.2.5.2.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.5.2.0
+
+# Previous ESAPI version
+PREV_VERSION=2.5.1.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2023-04-12
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2022-11-27
diff --git a/scripts/vars.2.5.3.0 b/scripts/vars.2.5.3.0
new file mode 100644
index 000000000..8fd04fa0a
--- /dev/null
+++ b/scripts/vars.2.5.3.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.5.3.0
+
+# Previous ESAPI version
+PREV_VERSION=2.5.2.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2023-11-24
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2023-04-12
diff --git a/scripts/vars.2.5.3.1 b/scripts/vars.2.5.3.1
new file mode 100644
index 000000000..0de9b1416
--- /dev/null
+++ b/scripts/vars.2.5.3.1
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.5.3.1
+
+# Previous ESAPI version
+PREV_VERSION=2.5.3.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2023-12-01
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2023-11-24
diff --git a/scripts/vars.2.5.4.0 b/scripts/vars.2.5.4.0
new file mode 100644
index 000000000..a5423489c
--- /dev/null
+++ b/scripts/vars.2.5.4.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.5.4.0
+
+# Previous ESAPI version
+PREV_VERSION=2.5.3.1
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2024-05-29
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2023-12-01
diff --git a/scripts/vars.2.5.5.0 b/scripts/vars.2.5.5.0
new file mode 100644
index 000000000..3f483d045
--- /dev/null
+++ b/scripts/vars.2.5.5.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.5.5.0
+
+# Previous ESAPI version
+PREV_VERSION=2.5.4.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2024-10-08
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2024-05-30
diff --git a/scripts/vars.2.6.0.0 b/scripts/vars.2.6.0.0
new file mode 100644
index 000000000..e44bce867
--- /dev/null
+++ b/scripts/vars.2.6.0.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.6.0.0
+
+# Previous ESAPI version
+PREV_VERSION=2.5.5.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2024-11-25
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2024-10-08
diff --git a/scripts/vars.2.6.1.0 b/scripts/vars.2.6.1.0
new file mode 100644
index 000000000..b067cb61f
--- /dev/null
+++ b/scripts/vars.2.6.1.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.6.1.0
+
+# Previous ESAPI version
+PREV_VERSION=2.6.0.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2025-05-19
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2024-11-25
diff --git a/scripts/vars.2.6.2.0 b/scripts/vars.2.6.2.0
new file mode 100644
index 000000000..244aeaf3b
--- /dev/null
+++ b/scripts/vars.2.6.2.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.6.2.0
+
+# Previous ESAPI version
+PREV_VERSION=2.6.1.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2025-06-02
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2025-05-19
diff --git a/scripts/vars.2.7.0.0 b/scripts/vars.2.7.0.0
new file mode 100644
index 000000000..829c1663c
--- /dev/null
+++ b/scripts/vars.2.7.0.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.7.0.0
+
+# Previous ESAPI version
+PREV_VERSION=2.6.2.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2025-06-27
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2025-06-02
diff --git a/scripts/vars.template b/scripts/vars.template
new file mode 100644
index 000000000..7e127c7a3
--- /dev/null
+++ b/scripts/vars.template
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION
+
+# Previous ESAPI version
+PREV_VERSION
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE
diff --git a/src/examples/README b/src/examples/README
index 9421f8819..126b6d85f 100644
--- a/src/examples/README
+++ b/src/examples/README
@@ -7,7 +7,7 @@ scripts - Some scripts to run that interact with the Java examples (but see
 
 
 NOTE:   All scripts are meant to be run under *nix (or using something like
-        Cygwin under Windows) from under the 'scripts' directory using either
+        Cygwin or WSL under Windows) from under the 'scripts' directory using either
         bash or KornShell
 
         E.g., to compile the Java examples, execute:
@@ -17,8 +17,8 @@ NOTE:   All scripts are meant to be run under *nix (or using something like
                 $ # "Dot" the appropriate environment file. Either
                 $ #     . ./setenv-zip.sh
                 $ # if ESAPI downloaded via zip file or
-                $ #     . ./setenv-svn.sh
-                $ # if ESAPI downloaded from SVN repository. For the
+                $ #     . ./setenv-git.sh
+                $ # if ESAPI downloaded from a Git or Svn repository. For the
                 $ # example of this README file, we will assume it was
                 $ # downloaded via the zip file.
                 $ . ./setenv-zip.sh
@@ -29,9 +29,9 @@ NOTE:   All scripts are meant to be run under *nix (or using something like
 
 
         Note that as delivered, these scripts are configured to run from
-        Eclipse or Maven as pulled directly from the ESAPI Subversion
-        repository or from pulled down from the zip file on Google Code at:
-            http://code.google.com/p/owasp-esapi-java/downloads/list
+        Eclipse or Maven as pulled directly from the ESAPI GitHub
+        repository or from pulled down from the zip file on GitHub at:
+            https://github.com/ESAPI/esapi-java-legacy/archive/refs/heads/develop.zip
 
         If you get it from any other place, then all bets are off.
                             -- Kevin Wall <kevin.w.wall@gmail.com>
diff --git a/src/examples/java/DisplayEncryptedProperties.java b/src/examples/java/DisplayEncryptedProperties.java
index d71ac7d83..ba0ce15ef 100644
--- a/src/examples/java/DisplayEncryptedProperties.java
+++ b/src/examples/java/DisplayEncryptedProperties.java
@@ -8,7 +8,7 @@
 //          that were encrypted using ESAPI's EncryptedProperties class.
 //
 // Usage: java -classpath <cp> DisplayEncryptedProperties encryptedPropFileName
-//        where <cp> is proper classpath, which minimally include esapi.jar & log4j.jar
+//        where <cp> is proper classpath, which minimally includes the esapi.jar.
 public class DisplayEncryptedProperties {
 
     public DisplayEncryptedProperties() {
diff --git a/src/examples/java/ESAPILogging.java b/src/examples/java/ESAPILogging.java
index 338e77e89..e2b1fc85c 100644
--- a/src/examples/java/ESAPILogging.java
+++ b/src/examples/java/ESAPILogging.java
@@ -4,14 +4,14 @@
 // Purpose: Short code snippet to show how ESAPI logging works.
 //
 // Usage: java -classpath <cp> ESAPILogging
-//        where <cp> is proper classpath, which minimally include esapi.jar & log4j.jar
+//        where <cp> is proper classpath, which minimally includes the esapi.jar.
 public class ESAPILogging {
 
     public static void main(String[] args) {
 
         try {
             Logger logger = ESAPI.getLogger("ESAPILogging");
-            
+
             logger.warning(Logger.SECURITY_FAILURE, "This is a warning.");
             logger.always(Logger.SECURITY_AUDIT, "This is an audit log. It always logs.");
         } catch(Throwable t) {
diff --git a/src/examples/java/PersistedEncryptedData.java b/src/examples/java/PersistedEncryptedData.java
index a034d0a50..1cabc04bb 100644
--- a/src/examples/java/PersistedEncryptedData.java
+++ b/src/examples/java/PersistedEncryptedData.java
@@ -4,7 +4,6 @@
 import org.owasp.esapi.errors.*;
 import org.owasp.esapi.codecs.*;
 import javax.servlet.ServletRequest;
-import org.apache.log4j.Logger;
 
 /** A slightly more complex example showing encoding encrypted data and writing
  *  it out to a file. This is very similar to the example in the ESAPI User
@@ -72,7 +71,7 @@ public static int persistEncryptedData(PlainText plaintext,
         fos.close();
         return serializedBytes.length;
     }
- 
+
     /** Read the specified file name containing encoded encrypted data,
      *  and then decode it and decrypt it to retrieve the original plaintext.
      *
diff --git a/src/examples/scripts/compile.sh b/src/examples/scripts/compile.sh
index 95203d72b..eb5aa33e0 100755
--- a/src/examples/scripts/compile.sh
+++ b/src/examples/scripts/compile.sh
@@ -2,11 +2,11 @@
 
 if [[ -z "$esapi_classpath" ]]
 then
-    echo 2>&1 "esapi_classpath not set. Did you dot the appropriate env file?"
-    echo 2>&1 "If you are using ESAPI from downloaded zip file, use:"
-    echo 2>&1 "        . ./setenv-zip.sh"
-    echo 2>&1 "If you are using ESAPI pulled from SVN repository, use:"
-    echo 2>&1 "        . ./setenv-svn.sh"
+    echo >&2 "esapi_classpath not set. Did you dot the appropriate env file?"
+    echo >&2 "If you are using ESAPI from downloaded zip file, use:"
+    echo >&2 "        . ./setenv-zip.sh"
+    echo >&2 "If you are using ESAPI pulled from SVN repository, use:"
+    echo >&2 "        . ./setenv-git.sh"
     exit 1
 fi
 cd ../java
diff --git a/src/examples/scripts/encryptProperties.sh b/src/examples/scripts/encryptProperties.sh
index bc606830b..7b09e3985 100755
--- a/src/examples/scripts/encryptProperties.sh
+++ b/src/examples/scripts/encryptProperties.sh
@@ -9,11 +9,11 @@ USAGE="Usage: encryptedProperties.sh {-display|-create} [encrypted_properties_fi
 
 if [[ -z "$esapi_classpath" ]]
 then
-    echo 2>&1 "esapi_classpath not set. Did you dot the appropriate env file?"
-    echo 2>&1 "If you are using ESAPI from downloaded zip file, use:"
-    echo 2>&1 "        . ./setenv-zip.sh"
-    echo 2>&1 "If you are using ESAPI pulled from SVN repository, use:"
-    echo 2>&1 "        . ./setenv-svn.sh"
+    echo >&2 "esapi_classpath not set. Did you dot the appropriate env file?"
+    echo >&2 "If you are using ESAPI from downloaded zip file, use:"
+    echo >&2 "        . ./setenv-zip.sh"
+    echo >&2 "If you are using ESAPI pulled from SVN repository, use:"
+    echo >&2 "        . ./setenv-git.sh"
     exit 1
 fi
 
@@ -49,8 +49,7 @@ cd ../java
 if [[ "$action" == "-display" ]]
 then
     set -x
-    java -Dlog4j.configuration="file:$log4j_properties" \
-         -Dorg.owasp.esapi.resources="$esapi_resources_test" \
+    java -Dorg.owasp.esapi.resources="$esapi_resources_test" \
          -classpath "$esapi_classpath" \
          DisplayEncryptedProperties "$filename"
 else
@@ -61,12 +60,14 @@ else
     echo "The property value will be encrypted and the value will be in plaintext"
     echo "and they will be placed in the specified output file."
     echo "End entering key/value pairs by entering an empty key & value."
+    echo
+    echo "Using your TEST version of ESAPI.properties file: $esapi_resources_test/ESAPI.properties"
     echo ===========================================================
     echo
     echo "Hit <Enter> to continue..."; read GO
     set -x
-    java -Dlog4j.configuration="file:$log4j_properties" \
-         -Dorg.owasp.esapi.resources="$esapi_resources_test" \
+    java -Dorg.owasp.esapi.resources="$esapi_resources_test" \
+         -Djava.util.logging.config.file="$esapi_resources/esapi-java-logging.properties" \
          -classpath "$esapi_classpath" \
       org.owasp.esapi.reference.crypto.DefaultEncryptedProperties "$filename" &&
       echo "Output of encrypted properties in file: $filename"
diff --git a/src/examples/scripts/findjar.sh b/src/examples/scripts/findjar.sh
index 611c32909..882c12b52 100755
--- a/src/examples/scripts/findjar.sh
+++ b/src/examples/scripts/findjar.sh
@@ -10,8 +10,13 @@ PROG=${0##*/}
 #   Default starting directory is Maven2 repository under $HOME ...
 starting_dir=$HOME/.m2/repository
 
+# If we are on Cygwin on Windows, the Maven repo may be under $USERPROFILE.
+if [[ $(uname -o) == "Cygwin" && ! -d "$starting_dir" ]]
+then    starting_dir="$(cygpath --unix ${USERPROFILE:-$HOME}/.m2/repository)"
+fi
+
 case "$1" in
--start) shift; starting_dir="$1"; shift ;;
+-start) shift; starting_dir="$1"; shift ;;  # Expected to be right if provided
 -\?)    echo "$USAGE" >&2; exit 2 ;;
 -*)     echo "$PROG: Unknown option: $1; treating as a jar pattern." >&2 ;;
 esac
@@ -25,5 +30,11 @@ esac
 
 # echo "Starting location: $starting_dir"   # DEBUG
 # echo "Jar pattern: $jar_pattern"          # DEBUG
-find "$starting_dir" -type f -name "$jar_pattern" -print |
-    egrep -v 'javadoc|sources'
+if [[ -d "$starting_dir" ]]
+then
+    find "$starting_dir" -type f -name "$jar_pattern" -print |
+        egrep -v 'javadoc|sources'
+else
+    echo "$PROG: Can't find starting directory for Maven repo: $starting_dir" >&2
+    exit 1
+fi
diff --git a/src/examples/scripts/persistEncryptedData.sh b/src/examples/scripts/persistEncryptedData.sh
index e7dbbe42b..a63fce2c9 100755
--- a/src/examples/scripts/persistEncryptedData.sh
+++ b/src/examples/scripts/persistEncryptedData.sh
@@ -10,20 +10,21 @@
 
 if [[ -z "$esapi_classpath" ]]
 then
-    echo 2>&1 "esapi_classpath not set. Did you dot the appropriate env file?"
-    echo 2>&1 "If you are using ESAPI from downloaded zip file, use:"
-    echo 2>&1 "        . ./setenv-zip.sh"
-    echo 2>&1 "If you are using ESAPI pulled from SVN repository, use:"
-    echo 2>&1 "        . ./setenv-svn.sh"
+    echo >&2 "esapi_classpath not set. Did you dot the appropriate env file?"
+    echo >&2 "If you are using ESAPI from downloaded zip file, use:"
+    echo >&2 "        . ./setenv-zip.sh"
+    echo >&2 "If you are using ESAPI pulled from SVN repository, use:"
+    echo >&2 "        . ./setenv-git.sh"
     exit 1
 fi
 
 cd ../java
-set -x
 # Since this is just an illustration, we will use the test ESAPI.properties in
 # $esapi_resources_test. That way, it won't matter if the user has neglected
 # to run the 'setMasterKey.sh' example before running this one.
-java -Dlog4j.configuration="file:$log4j_properties" \
-    -Dorg.owasp.esapi.resources="$esapi_resources_test" \
-    -ea -classpath "$esapi_classpath" \
-    PersistedEncryptedData "$@"
+echo "Using your TEST version of ESAPI.properties file: $esapi_resources_test/ESAPI.properties"
+set -x
+java -Dorg.owasp.esapi.resources="$esapi_resources_test" \
+     -Djava.util.logging.config.file="$esapi_resources/esapi-java-logging.properties" \
+     -ea -classpath "$esapi_classpath" \
+     PersistedEncryptedData "$@"
diff --git a/src/examples/scripts/runClass.sh b/src/examples/scripts/runClass.sh
index 1c79082c9..c8fbf4b8e 100755
--- a/src/examples/scripts/runClass.sh
+++ b/src/examples/scripts/runClass.sh
@@ -3,11 +3,11 @@
 
 if [[ -z "$esapi_classpath" ]]
 then
-    echo 2>&1 "esapi_classpath not set. Did you dot the appropriate env file?"
-    echo 2>&1 "If you are using ESAPI from downloaded zip file, use:"
-    echo 2>&1 "        . ./setenv-zip.sh"
-    echo 2>&1 "If you are using ESAPI pulled from SVN repository, use:"
-    echo 2>&1 "        . ./setenv-svn.sh"
+    echo >&2 "esapi_classpath not set. Did you dot the appropriate env file?"
+    echo >&2 "If you are using ESAPI from downloaded zip file, use:"
+    echo >&2 "        . ./setenv-zip.sh"
+    echo >&2 "If you are using ESAPI pulled from SVN repository, use:"
+    echo >&2 "        . ./setenv-git.sh"
     exit 1
 fi
 
@@ -18,11 +18,10 @@ if [[ ! -r ${className}.class ]]
 then echo >2&1 "Can't find class file: ${className}.class"
      exit 1
 fi
-echo "Your ESAPI.properties file: ${esapi_resources_test:?}/ESAPI.properties"
-echo "Your log4j properties file: ${log4j_properties:?}"
+echo "Using your TEST version of ESAPI.properties file: ${esapi_resources_test:?}/ESAPI.properties"
 echo
 set -x
-java -Dlog4j.configuration="file:$log4j_properties" \
-     -Dorg.owasp.esapi.resources="$esapi_resources_test" \
+java -Dorg.owasp.esapi.resources="$esapi_resources_test" \
+     -Djava.util.logging.config.file="$esapi_resources/esapi-java-logging.properties" \
      -classpath "$esapi_classpath" \
      ${className} "$@"
diff --git a/src/examples/scripts/setMasterKey.sh b/src/examples/scripts/setMasterKey.sh
index 7075532bc..74b1fa3ae 100755
--- a/src/examples/scripts/setMasterKey.sh
+++ b/src/examples/scripts/setMasterKey.sh
@@ -1,22 +1,29 @@
 #!/bin/sh
 
-if [[ -z "$esapi_classpath" ]]
+if [ -z "$esapi_classpath" ]
 then
-    echo 2>&1 "esapi_classpath not set. Did you dot the appropriate env file?"
-    echo 2>&1 "If you are using ESAPI from downloaded zip file, use:"
-    echo 2>&1 "        . ./setenv-zip.sh"
-    echo 2>&1 "If you are using ESAPI pulled from SVN repository, use:"
-    echo 2>&1 "        . ./setenv-svn.sh"
+    echo >&2 "esapi_classpath not set. Did you dot the appropriate env file?"
+    echo >&2 "If you are using ESAPI from downloaded zip file, use:"
+    echo >&2 "        . ./setenv-zip.sh"
+    echo >&2 "If you are using ESAPI pulled from Git or Svn repository, use:"
+    echo >&2 "        . ./setenv-git.sh"
     exit 1
 fi
 
 cd ../java
-echo "Your ESAPI.properties file: $esapi_properties"
+echo "This will generate the properties Encryptor.MasterKey and Encryptor.MasterSalt"
+echo "which you will have to paste into your production ESAPI.properties file."
 echo
-# set -x
+echo "Do NOT copy those properties from your TEST ESAPI.properties as they are"
+echo "the same for everyone and therefore are not secret."
+echo
+echo "Your PRODUCTION version of ESAPI.properties file: $esapi_resources/ESAPI.properties"
+echo "Hit <Enter> to continue..."; read GO
+echo
+set -x
 # This should use the real ESAPI.properties in $esapi_resources that does
 # not yet have Encryptor.MasterKey and Encryptor.MasterSalt yet set.
-java -Dlog4j.configuration="file:$log4j_properties" \
-     -Dorg.owasp.esapi.resources="$esapi_resources" \
+java -Dorg.owasp.esapi.resources="$esapi_resources" \
+     -Djava.util.logging.config.file="$esapi_resources/esapi-java-logging.properties" \
      -classpath "$esapi_classpath" \
      org.owasp.esapi.reference.crypto.JavaEncryptor "$@"
diff --git a/src/examples/scripts/setenv-git.sh b/src/examples/scripts/setenv-git.sh
new file mode 100755
index 000000000..99b9a86f8
--- /dev/null
+++ b/src/examples/scripts/setenv-git.sh
@@ -0,0 +1,40 @@
+#/bin/bash
+# Purpose:  Use to set up environment to compile and run examples if ESAPI
+#           downloaded from an Svn or Git repository.
+# Usage:    From csh, tcsh:
+#               $ source ./setenv-git.sh
+#           From most other *nix shells:
+#               $ . ./setenv-git.sh
+#
+#           where '$' represents the shell command line prompt.
+###########################################################################
+
+esapi_resources="$(\cd ../../../configuration/esapi >&- 2>&- && pwd)"
+esapi_resources_test="$(\cd ../../../src/test/resources/esapi >&- 2>&- && pwd)"
+
+
+# IMPORTANT NOTE:  These dependency versions may need updated. Should match
+#                  what is in ESAPI's pom.xml.
+esapi_classpath=".:\
+../../../target/classes:\
+$(ls ../../../target/esapi-*.jar 2>&- || echo .):\
+$(./findjar.sh commons-fileupload-1.5.jar):\
+$(./findjar.sh servlet-api-2.4.jar)"
+
+if [[ ! -r "$esapi_resources"/ESAPI.properties ]]
+then echo >&2 "setenv-git.sh: Can't read ESAPI.properties in $esapi_resources"
+     return 1   # Don't use 'exit' here or it will kill their current shell.
+fi
+
+if [[ ! -r "$esapi_resources_test"/ESAPI.properties ]]
+then echo >&2 "setenv-git.sh: Can't read ESAPI.properties in $esapi_resources_test"
+     return 1   # Don't use 'exit' here or it will kill their current shell.
+fi
+
+echo ############################################################
+echo "esapi_resources=$esapi_resources"
+echo "esapi_resources_test=$esapi_resources_test"
+echo "esapi_classpath=$esapi_classpath"
+echo ############################################################
+
+export esapi_classpath esapi_resources esapi_resources_test
diff --git a/src/examples/scripts/setenv-svn.sh b/src/examples/scripts/setenv-svn.sh
index 41024857f..a60a498cf 100755
--- a/src/examples/scripts/setenv-svn.sh
+++ b/src/examples/scripts/setenv-svn.sh
@@ -1,6 +1,6 @@
 #/bin/bash
 # Purpose:  Use to set up environment to compile and run examples if ESAPI
-#           downloaded from the SVN repository.
+#           downloaded from the Svn or Git repository.
 # Usage:    From csh, tcsh:
 #               $ source ./setenv-svn.sh
 #           From most other *nix shells:
@@ -9,44 +9,32 @@
 #           where '$' represents the shell command line prompt.
 ###########################################################################
 
-# IMPORTANT NOTE:  Since you may have multiple (say) log4j jars under
-#                  your Maven2 repository under $HOME/.m2/respository, we
-#                  look for the specific versions that ESAPI was using as of
-#                  ESAPI 2.0_RC10 release on 2010/10/18. If these versions
-#                  changed, they will have to be reflected here.
-#
+# IMPORTANT NOTE:  These dependency versions may need updated. Should match
+#                  what is in ESAPI's pom.xml.
 esapi_classpath=".:\
 ../../../target/classes:\
 $(ls ../../../target/esapi-*.jar 2>&- || echo .):\
-$(./findjar.sh log4j-1.2.16.jar):\
-$(./findjar.sh commons-fileupload-1.2.jar):\
-$(./findjar.sh servlet-api-2.4.jar)"
+$(./findjar.sh commons-fileupload-1.4.jar):\
+$(./findjar.sh servlet-api-3.1.0.jar)"
 
 esapi_resources="$(\cd ../../../configuration/esapi >&- 2>&- && pwd)"
 esapi_resources_test="$(\cd ../../../src/test/resources/esapi >&- 2>&- && pwd)"
 
-log4j_properties="../../../src/test/resources/log4j.xml"
 
 if [[ ! -r "$esapi_resources"/ESAPI.properties ]]
-then echo 2>&1 "setenv-svn.sh: Can't read ESAPI.properties in $esapi_resources"
+then echo >&2 "setenv-svn.sh: Can't read ESAPI.properties in $esapi_resources"
      return 1   # Don't use 'exit' here or it will kill their current shell.
 fi
 
 if [[ ! -r "$esapi_resources_test"/ESAPI.properties ]]
-then echo 2>&1 "setenv-svn.sh: Can't read ESAPI.properties in $esapi_resources_test"
-     return 1   # Don't use 'exit' here or it will kill their current shell.
-fi
-
-if [[ ! -r "$log4j_properties" ]]
-then echo 2>&1 "setenv-svn.sh: Can't read log4j.xml: $log4j_properties"
+then echo >&2 "setenv-svn.sh: Can't read ESAPI.properties in $esapi_resources_test"
      return 1   # Don't use 'exit' here or it will kill their current shell.
 fi
 
 echo ############################################################
 echo "esapi_resources=$esapi_resources"
 echo "esapi_resources_test=$esapi_resources_test"
-echo "log4j_properties=$log4j_properties"
 echo "esapi_classpath=$esapi_classpath"
 echo ############################################################
 
-export esapi_classpath esapi_resources esapi_resources_test log4j_properties
+export esapi_classpath esapi_resources esapi_resources_test
diff --git a/src/examples/scripts/setenv-zip.sh b/src/examples/scripts/setenv-zip.sh
index 2a455791c..8bf714c97 100755
--- a/src/examples/scripts/setenv-zip.sh
+++ b/src/examples/scripts/setenv-zip.sh
@@ -9,42 +9,33 @@
 #           where '$' represents the shell command line prompt.
 ###########################################################################
 
+esapi_resources="$(\cd ../../../configuration/esapi >&- 2>&- && pwd)"
+esapi_resources_test="$(\cd ../../../src/test/resources/esapi >&- 2>&- && pwd)"
+
 # Here we don't look for the specific versions of the dependent libraries
 # since the specific version of the library is delivered as part of the
 # ESAPI zip file. In this manner, we do not have to update this if these
-# versions change. For the record, at the time of this writing, these were
-# log4j-1.2.16.jar, commons-fileupload-1.2.jar, and servlet-api-2.4.jar.
+# versions change.
 esapi_classpath=".:\
 $(ls ../../../esapi*.jar):\
-$(./findjar.sh -start ../../../libs log4j-*.jar):\
 $(./findjar.sh -start ../../../libs commons-fileupload-*.jar):\
 $(./findjar.sh -start ../../../libs servlet-api-*.jar)"
 
-esapi_resources="$(\cd ../../../configuration/esapi >&- 2>&- && pwd)"
-esapi_resources_test="$(\cd ../../../src/test/resources/esapi >&- 2>&- && pwd)"
-
-log4j_properties="../../../src/test/resources/log4j.xml"
-
 if [[ ! -r "$esapi_resources"/ESAPI.properties ]]
-then echo 2>&1 "setenv-svn.sh: Can't read ESAPI.properties in $esapi_resources"
+then echo >&2 "setenv-zip.sh: Can't read ESAPI.properties in $esapi_resources"
      return 1   # Don't use 'exit' here or it will kill their current shell.
 fi
 
 if [[ ! -r "$esapi_resources_test"/ESAPI.properties ]]
-then echo 2>&1 "setenv-svn.sh: Can't read ESAPI.properties in $esapi_resources_test"
+then echo >&2 "setenv-zip.sh: Can't read ESAPI.properties in $esapi_resources_test"
      return 1   # Don't use 'exit' here or it will kill their current shell.
 fi
 
-if [[ ! -r "$log4j_properties" ]]
-then echo 2>&1 "setenv-svn.sh: Can't read log4j.xml: $log4j_properties"
-     return 1   # Don't use 'exit' here or it will kill their current shell.
-fi
 
 echo ############################################################
 echo "esapi_resources=$esapi_resources"
 echo "esapi_resources_test=$esapi_resources_test"
-echo "log4j_properties=$log4j_properties"
 echo "esapi_classpath=$esapi_classpath"
 echo ############################################################
 
-export esapi_classpath esapi_resources esapi_resources_test log4j_properties
+export esapi_classpath esapi_resources esapi_resources_test
diff --git a/src/main/assembly/dist.xml b/src/main/assembly/dist.xml
index b192b906f..676039c82 100644
--- a/src/main/assembly/dist.xml
+++ b/src/main/assembly/dist.xml
@@ -37,9 +37,7 @@
             <directory>configuration</directory>
             <outputDirectory>configuration</outputDirectory>
             <includes>
-                <include>.esapi/**/*</include>
-                <include>log4j.dtd</include>
-                <include>log4j.xml</include>
+                <include>esapi/**/*</include>
                 <include>properties/**/*</include>
             </includes>
         </fileSet>
@@ -52,4 +50,4 @@
             <useProjectArtifact>false</useProjectArtifact>
         </dependencySet>
     </dependencySets>
-</assembly>
\ No newline at end of file
+</assembly>
diff --git a/src/main/java/META-INF/MANIFEST.MF b/src/main/java/META-INF/MANIFEST.MF
index 5e9495128..254272e1c 100644
--- a/src/main/java/META-INF/MANIFEST.MF
+++ b/src/main/java/META-INF/MANIFEST.MF
@@ -1,3 +1,3 @@
-Manifest-Version: 1.0
-Class-Path: 
-
+Manifest-Version: 1.0
+Class-Path: 
+
diff --git a/src/main/java/org/owasp/esapi/AccessControlRule.java b/src/main/java/org/owasp/esapi/AccessControlRule.java
index becdb9971..51458ff3b 100644
--- a/src/main/java/org/owasp/esapi/AccessControlRule.java
+++ b/src/main/java/org/owasp/esapi/AccessControlRule.java
@@ -1,8 +1,8 @@
-package org.owasp.esapi;
-
-
-public interface AccessControlRule<P, R> {
-	public void setPolicyParameters(P policyParameter);
-	public P getPolicyParameters();
-	public boolean isAuthorized(R runtimeParameter) throws Exception;
-}
+package org.owasp.esapi;
+
+
+public interface AccessControlRule<P, R> {
+    void setPolicyParameters(P policyParameter);
+    P getPolicyParameters();
+    boolean isAuthorized(R runtimeParameter) throws Exception;
+}
diff --git a/src/main/java/org/owasp/esapi/AccessController.java b/src/main/java/org/owasp/esapi/AccessController.java
index e6269e1d5..ad23d14c7 100644
--- a/src/main/java/org/owasp/esapi/AccessController.java
+++ b/src/main/java/org/owasp/esapi/AccessController.java
@@ -1,351 +1,359 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AccessControlException;
-
-
-
-/**
- * The AccessController interface defines a set of methods that can be used in a wide variety of applications to
- * enforce access control. In most applications, access control must be performed in multiple different locations across
- * the various application layers. This class provides access control for URLs, business functions, data, services, and
- * files.
- * <P>
- * The implementation of this interface will need to access the current User object (from Authenticator.getCurrentUser())
- * to determine roles or permissions. In addition, the implementation
- * will also need information about the resources that are being accessed. Using the user information and the resource
- * information, the implementation should return an access control decision. 
- * <P>
- * Implementers are encouraged to implement the ESAPI access control rules, like assertAuthorizedForFunction() using 
- * existing access control mechanisms, such as methods like isUserInRole() or hasPrivilege(). While powerful, 
- * methods like isUserInRole() can be confusing for developers, as users may be in multiple roles or possess multiple 
- * overlapping privileges. Direct use of these finer grained access control methods encourages the use of complex boolean 
- * tests throughout the code, which can easily lead to developer mistakes.
- * <P>
- * The point of the ESAPI access control interface is to centralize access control logic behind easy to use calls like 
- * assertAuthorized() so that access control is easy to use and easy to verify. Here is an example of a very 
- * straightforward to implement, understand, and verify ESAPI access control check: 
- * 
- * <pre>
- * try {
- *     ESAPI.accessController().assertAuthorized("businessFunction", runtimeData);
- *     // execute BUSINESS_FUNCTION
- * } catch (AccessControlException ace) {
- * ... attack in progress
- * }
- * </pre>
- * 
- * Note that in the user interface layer, access control checks can be used to control whether particular controls are
- * rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent
- * attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business
- * function or access any data in your application. Therefore, access control checks in the user interface should be
- * repeated in both the business logic and data layers.
- * 
- * <pre>
- * &lt;% if ( ESAPI.accessController().isAuthorized( "businessFunction", runtimeData ) ) { %&gt;
- * &lt;a href=&quot;/doAdminFunction&quot;&gt;ADMIN&lt;/a&gt;
- * &lt;% } else { %&gt;
- * &lt;a href=&quot;/doNormalFunction&quot;&gt;NORMAL&lt;/a&gt;
- * &lt;% } %&gt;
- * </pre>
- * 
- * @author Mike H. Fauzy (mike.fauzy@aspectsecurity.com) ESAPI v1.6-
- * @author Jeff Williams (jeff.williams@aspectsecurity.com) ESAPI v0-1.5
- */
-public interface AccessController {
-
-	/**
-	 * <code>isAuthorized</code> executes the <code>AccessControlRule</code> 
-	 * that is identified by <code>key</code> and listed in the 
-	 * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It returns 
-	 * true if the <code>AccessControlRule</code> decides that the operation 
-	 * should be allowed. Otherwise, it returns false. Any exception thrown by 
-	 * the <code>AccessControlRule</code> must result in false. If 
-	 * <code>key</code> does not map to an <code>AccessControlRule</code>, then 
-	 * false is returned. 
-	 *  
-	 * Developers should call isAuthorized to control execution flow. For 
-	 * example, if you want to decide whether to display a UI widget in the 
-	 * browser using the same logic that you will use to enforce permissions
-	 * on the server, then isAuthorized is the method that you want to use.
-	 * 
-	 * Typically, assertAuthorized should be used to enforce permissions on the 
-	 * server.
-	 *  
-	 * @param key <code>key</code> maps to 
-	 * <code>&lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
-	 *     &lt;AccessControlRule name="key"</code>
-	 * @param runtimeParameter runtimeParameter can contain anything that 
-	 *        the AccessControlRule needs from the runtime system. 
-	 * @return Returns <code>true</code> if and only if the AccessControlRule specified 
-	 *        by <code>key</code> exists and returned <code>true</code>. 
-	 *        Otherwise returns <code>false</code> 
-	 */
-	public boolean isAuthorized(Object key, Object runtimeParameter);
-	
-	/**
-	 * <code>assertAuthorized</code> executes the <code>AccessControlRule</code> 
-	 * that is identified by <code>key</code> and listed in the 
-	 * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It does 
-	 * nothing if the <code>AccessControlRule</code> decides that the operation 
-	 * should be allowed. Otherwise, it throws an 
-	 * <code>org.owasp.esapi.errors.AccessControlException</code>. Any exception
-	 * thrown by the <code>AccessControlRule</code> will also result in an 
-	 * <code>AccesControlException</code>. If <code>key</code> does not map to 
-	 * an <code>AccessControlRule</code>, then an <code>AccessControlException
-	 * </code> is thrown.  
-	 *  
-	 * Developers should call {@code assertAuthorized} to enforce privileged access to 
-	 * the system. It should be used to answer the question: "Should execution 
-	 * continue." Ideally, the call to <code>assertAuthorized</code> should
-	 * be integrated into the application framework so that it is called 
-	 * automatically. 
-	 *  
-	 * @param key <code>key</code> maps to 
-	 * &lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
-	 *     &lt;AccessControlRule name="key"
-	 * @param runtimeParameter runtimeParameter can contain anything that 
-	 *        the AccessControlRule needs from the runtime system.
-	 */
-	public void assertAuthorized(Object key, Object runtimeParameter)
-		throws AccessControlException;
-
-		
-
-	
-	/*** Below this line has been deprecated as of ESAPI 1.6 ***/ 
-	
-	
-	
-	
-    /**
-     * Checks if the current user is authorized to access the referenced URL. Generally, this method should be invoked in the
-     * application's controller or a filter as follows:
-     * <PRE>ESAPI.accessController().isAuthorizedForURL(request.getRequestURI().toString());</PRE>
-     * 
-     * The implementation of this method should call assertAuthorizedForURL(String url), and if an AccessControlException is 
-     * not thrown, this method should return true. This way, if the user is not authorized, false would be returned, and the 
-     * exception would be logged.
-     * 
-     * @param url 
-     * 		the URL as returned by request.getRequestURI().toString()
-     * 
-     * @return 
-     * 		true, if is authorized for URL
-     */
-    boolean isAuthorizedForURL(String url);
-
-    /**
-     * Checks if the current user is authorized to access the referenced function. 
-     * 
-     * The implementation of this method should call assertAuthorizedForFunction(String functionName), and if an 
-     * AccessControlException is not thrown, this method should return true.
-     * 
-     * @param functionName 
-     * 		the name of the function
-     * 
-     * @return 
-     * 		true, if is authorized for function
-     */
-    boolean isAuthorizedForFunction(String functionName);
-
-
-    /**
-     * Checks if the current user is authorized to access the referenced data, represented as an Object. 
-     * 
-     * The implementation of this method should call assertAuthorizedForData(String action, Object data), and if an 
-     * AccessControlException is not thrown, this method should return true.
-     * 
-     * @param action
-     *      The action to verify for an access control decision, such as a role, or an action being performed on the object 
-     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
-     * 
-     * @param data
-     * 		The actual object or object identifier being accessed or a reference to the object being accessed.
-     * 
-     * @return 
-     * 		true, if is authorized for the data
-     */
-    boolean isAuthorizedForData(String action, Object data);
-    
-    /**
-     * Checks if the current user is authorized to access the referenced file. 
-     * 
-     * The implementation of this method should call assertAuthorizedForFile(String filepath), and if an AccessControlException 
-     * is not thrown, this method should return true.
-     *   
-     * @param filepath 
-     * 		the path of the file to be checked, including filename
-     * 
-     * @return 
-     * 		true, if is authorized for the file
-     */
-    boolean isAuthorizedForFile(String filepath);
-
-    /**
-     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
-     * provide access to a variety of back end services.
-     * 
-     * The implementation of this method should call assertAuthorizedForService(String serviceName), and if an 
-     * AccessControlException is not thrown, this method should return true.
-     * 
-     * @param serviceName 
-     * 		the service name
-     * 
-     * @return 
-     * 		true, if is authorized for the service
-     */
-    boolean isAuthorizedForService(String serviceName);
-
-    /**
-     * Checks if the current user is authorized to access the referenced URL. The implementation should allow
-     * access to be granted to any part of the URL. Generally, this method should be invoked in the
-     * application's controller or a filter as follows:
-     * <PRE>ESAPI.accessController().assertAuthorizedForURL(request.getRequestURI().toString());</PRE> 
-     * 
-     * This method throws an AccessControlException if access is not authorized, or if the referenced URL does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * @param url 
-     * 		the URL as returned by request.getRequestURI().toString()
-     * 
-     * @throws AccessControlException 
-     * 		if access is not permitted
-     */
-    void assertAuthorizedForURL(String url) throws AccessControlException;
-    
-    /**
-     * Checks if the current user is authorized to access the referenced function. The implementation should define the
-     * function "namespace" to be enforced. Choosing something simple like the class name of action classes or menu item
-     * names will make this implementation easier to use.
-     * <P>
-     * This method throws an AccessControlException if access is not authorized, or if the referenced function does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the function exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param functionName 
-     * 		the function name
-     * 
-     * @throws AccessControlException 
-     * 		if access is not permitted
-     */
-    void assertAuthorizedForFunction(String functionName) throws AccessControlException;
-    
-
-    /**
-     * Checks if the current user is authorized to access the referenced data.  This method simply returns if access is authorized.  
-     * It throws an AccessControlException if access is not authorized, or if the referenced data does not exist.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param action
-     *      The action to verify for an access control decision, such as a role, or an action being performed on the object 
-     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
-     * 
-     * @param data
-     * 		The actual object or object identifier being accessed or a reference to the object being accessed.
-     * 
-     * @throws AccessControlException 
-     * 		if access is not permitted
-     */
-    void assertAuthorizedForData(String action, Object data) throws AccessControlException;
-   
-    /**
-     * Checks if the current user is authorized to access the referenced file. The implementation should validate and canonicalize the 
-     * input to be sure the filepath is not malicious.
-     * <P>
-     * This method throws an AccessControlException if access is not authorized, or if the referenced File does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the File exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param filepath
-     * 			Path to the file to be checked
-     * @throws AccessControlException if access is denied
-     */
-    void assertAuthorizedForFile(String filepath) throws AccessControlException;
-    
-    /**
-     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
-     * provide access to a variety of backend services.
-     * <P>
-     * This method throws an AccessControlException if access is not authorized, or if the referenced service does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the service exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param serviceName 
-     * 		the service name
-     * 
-     * @throws AccessControlException
-     * 		if access is not permitted
-     */				
-    void assertAuthorizedForService(String serviceName) throws AccessControlException;
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007-2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AccessControlException;
+
+/**
+ * The AccessController interface defines a set of methods that can be used in a wide variety of applications to
+ * enforce access control. In most applications, access control must be performed in multiple different locations across
+ * the various application layers. This class provides access control for URLs, business functions, data, services, and
+ * files.
+ * <P>
+ * The implementation of this interface will need to access the current User object (from Authenticator.getCurrentUser())
+ * to determine roles or permissions. In addition, the implementation
+ * will also need information about the resources that are being accessed. Using the user information and the resource
+ * information, the implementation should return an access control decision.
+ * <P>
+ * Implementers are encouraged to implement the ESAPI access control rules, like assertAuthorizedForFunction() using
+ * existing access control mechanisms, such as methods like isUserInRole() or hasPrivilege(). While powerful,
+ * methods like isUserInRole() can be confusing for developers, as users may be in multiple roles or possess multiple
+ * overlapping privileges. Direct use of these finer grained access control methods encourages the use of complex boolean
+ * tests throughout the code, which can easily lead to developer mistakes.
+ * <P>
+ * The point of the ESAPI access control interface is to centralize access control logic behind easy to use calls like
+ * assertAuthorized() so that access control is easy to use and easy to verify. Here is an example of a very
+ * straightforward to implement, understand, and verify ESAPI access control check:
+ *
+ * <pre>
+ * try {
+ *     ESAPI.accessController().assertAuthorized("businessFunction", runtimeData);
+ *     // execute BUSINESS_FUNCTION
+ * } catch (AccessControlException ace) {
+ * ... attack in progress
+ * }
+ * </pre>
+ *
+ * Note that in the user interface layer, access control checks can be used to control whether particular controls are
+ * rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent
+ * attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business
+ * function or access any data in your application. Therefore, access control checks in the user interface should be
+ * repeated in both the business logic and data layers.
+ *
+ * <pre>
+ * &lt;% if ( ESAPI.accessController().isAuthorized( "businessFunction", runtimeData ) ) { %&gt;
+ * &lt;a href=&quot;/doAdminFunction&quot;&gt;ADMIN&lt;/a&gt;
+ * &lt;% } else { %&gt;
+ * &lt;a href=&quot;/doNormalFunction&quot;&gt;NORMAL&lt;/a&gt;
+ * &lt;% } %&gt;
+ * </pre>
+ *
+ * @author Mike H. Fauzy (mike.fauzy@aspectsecurity.com) ESAPI v1.6-
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com) ESAPI v0-1.5
+ */
+public interface AccessController {
+
+    /**
+     * <code>isAuthorized</code> executes the <code>AccessControlRule</code>
+     * that is identified by <code>key</code> and listed in the
+     * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It returns
+     * true if the <code>AccessControlRule</code> decides that the operation
+     * should be allowed. Otherwise, it returns false. Any exception thrown by
+     * the <code>AccessControlRule</code> must result in false. If
+     * <code>key</code> does not map to an <code>AccessControlRule</code>, then
+     * false is returned.
+     *
+     * Developers should call isAuthorized to control execution flow. For
+     * example, if you want to decide whether to display a UI widget in the
+     * browser using the same logic that you will use to enforce permissions
+     * on the server, then isAuthorized is the method that you want to use.
+     *
+     * Typically, assertAuthorized should be used to enforce permissions on the
+     * server.
+     *
+     * @param key <code>key</code> maps to
+     * <code>&lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
+     *     &lt;AccessControlRule name="key"</code>
+     * @param runtimeParameter runtimeParameter can contain anything that
+     *        the AccessControlRule needs from the runtime system.
+     * @return Returns <code>true</code> if and only if the AccessControlRule specified
+     *        by <code>key</code> exists and returned <code>true</code>.
+     *        Otherwise returns <code>false</code>
+     */
+    boolean isAuthorized(Object key, Object runtimeParameter);
+
+    /**
+     * <code>assertAuthorized</code> executes the <code>AccessControlRule</code>
+     * that is identified by <code>key</code> and listed in the
+     * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It does
+     * nothing if the <code>AccessControlRule</code> decides that the operation
+     * should be allowed. Otherwise, it throws an
+     * <code>org.owasp.esapi.errors.AccessControlException</code>. Any exception
+     * thrown by the <code>AccessControlRule</code> will also result in an
+     * <code>AccesControlException</code>. If <code>key</code> does not map to
+     * an <code>AccessControlRule</code>, then an <code>AccessControlException
+     * </code> is thrown.
+     *
+     * Developers should call {@code assertAuthorized} to enforce privileged access to
+     * the system. It should be used to answer the question: "Should execution
+     * continue." Ideally, the call to <code>assertAuthorized</code> should
+     * be integrated into the application framework so that it is called
+     * automatically.
+     *
+     * @param key <code>key</code> maps to
+     * &lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
+     *     &lt;AccessControlRule name="key"
+     * @param runtimeParameter runtimeParameter can contain anything that
+     *        the AccessControlRule needs from the runtime system.
+     */
+    void assertAuthorized(Object key, Object runtimeParameter)
+        throws AccessControlException;
+
+
+
+
+    /*** Below this line has been deprecated as of ESAPI 1.6 ***/
+
+
+
+
+    /**
+     * Checks if the current user is authorized to access the referenced URL. Generally, this method should be invoked in the
+     * application's controller or a filter as follows:
+     * <PRE>ESAPI.accessController().isAuthorizedForURL(request.getRequestURI().toString());</PRE>
+     *
+     * The implementation of this method should call assertAuthorizedForURL(String url), and if an AccessControlException is
+     * not thrown, this method should return true. This way, if the user is not authorized, false would be returned, and the
+     * exception would be logged.
+     *
+     * @param url
+     *         the URL as returned by request.getRequestURI().toString()
+     *
+     * @return
+     *         true, if is authorized for URL
+     */
+    @Deprecated
+    boolean isAuthorizedForURL(String url);
+
+    /**
+     * Checks if the current user is authorized to access the referenced function.
+     *
+     * The implementation of this method should call assertAuthorizedForFunction(String functionName), and if an
+     * AccessControlException is not thrown, this method should return true.
+     *
+     * @param functionName
+     *         the name of the function
+     *
+     * @return
+     *         true, if is authorized for function
+     */
+    @Deprecated
+    boolean isAuthorizedForFunction(String functionName);
+
+
+    /**
+     * Checks if the current user is authorized to access the referenced data, represented as an Object.
+     *
+     * The implementation of this method should call assertAuthorizedForData(String action, Object data), and if an
+     * AccessControlException is not thrown, this method should return true.
+     *
+     * @param action
+     *      The action to verify for an access control decision, such as a role, or an action being performed on the object
+     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
+     *
+     * @param data
+     *         The actual object or object identifier being accessed or a reference to the object being accessed.
+     *
+     * @return
+     *         true, if is authorized for the data
+     */
+    @Deprecated
+    boolean isAuthorizedForData(String action, Object data);
+
+    /**
+     * Checks if the current user is authorized to access the referenced file.
+     *
+     * The implementation of this method should call assertAuthorizedForFile(String filepath), and if an AccessControlException
+     * is not thrown, this method should return true.
+     *
+     * @param filepath
+     *         the path of the file to be checked, including filename
+     *
+     * @return
+     *         true, if is authorized for the file
+     */
+    @Deprecated
+    boolean isAuthorizedForFile(String filepath);
+
+    /**
+     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
+     * provide access to a variety of back end services.
+     *
+     * The implementation of this method should call assertAuthorizedForService(String serviceName), and if an
+     * AccessControlException is not thrown, this method should return true.
+     *
+     * @param serviceName
+     *         the service name
+     *
+     * @return
+     *         true, if is authorized for the service
+     */
+    @Deprecated
+    boolean isAuthorizedForService(String serviceName);
+
+    /**
+     * Checks if the current user is authorized to access the referenced URL. The implementation should allow
+     * access to be granted to any part of the URL. Generally, this method should be invoked in the
+     * application's controller or a filter as follows:
+     * <PRE>ESAPI.accessController().assertAuthorizedForURL(request.getRequestURI().toString());</PRE>
+     *
+     * This method throws an AccessControlException if access is not authorized, or if the referenced URL does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     *         <li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *      <li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol>
+     * @param url
+     *         the URL as returned by request.getRequestURI().toString()
+     *
+     * @throws AccessControlException
+     *         if access is not permitted
+     */
+    @Deprecated
+    void assertAuthorizedForURL(String url) throws AccessControlException;
+
+    /**
+     * Checks if the current user is authorized to access the referenced function. The implementation should define the
+     * function "namespace" to be enforced. Choosing something simple like the class name of action classes or menu item
+     * names will make this implementation easier to use.
+     * <P>
+     * This method throws an AccessControlException if access is not authorized, or if the referenced function does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the function exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     *         <li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *      <li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol>
+     *
+     * @param functionName
+     *         the function name
+     *
+     * @throws AccessControlException
+     *         if access is not permitted
+     */
+    @Deprecated
+    void assertAuthorizedForFunction(String functionName) throws AccessControlException;
+
+
+    /**
+     * Checks if the current user is authorized to access the referenced data.  This method simply returns if access is authorized.
+     * It throws an AccessControlException if access is not authorized, or if the referenced data does not exist.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     *         <li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *      <li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol>
+     *
+     * @param action
+     *      The action to verify for an access control decision, such as a role, or an action being performed on the object
+     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
+     *
+     * @param data
+     *         The actual object or object identifier being accessed or a reference to the object being accessed.
+     *
+     * @throws AccessControlException
+     *         if access is not permitted
+     */
+    @Deprecated
+    void assertAuthorizedForData(String action, Object data) throws AccessControlException;
+
+    /**
+     * Checks if the current user is authorized to access the referenced file. The implementation should validate and canonicalize the
+     * input to be sure the filepath is not malicious.
+     * <P>
+     * This method throws an AccessControlException if access is not authorized, or if the referenced File does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the File exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     *         <li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *      <li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol>
+     *
+     * @param filepath
+     *             Path to the file to be checked
+     * @throws AccessControlException if access is denied
+     */
+    @Deprecated
+    void assertAuthorizedForFile(String filepath) throws AccessControlException;
+
+    /**
+     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
+     * provide access to a variety of backend services.
+     * <P>
+     * This method throws an AccessControlException if access is not authorized, or if the referenced service does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the service exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     *         <li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *      <li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol>
+     *
+     * @param serviceName
+     *         the service name
+     *
+     * @throws AccessControlException
+     *         if access is not permitted
+     */
+    @Deprecated
+    void assertAuthorizedForService(String serviceName) throws AccessControlException;
+
+}
diff --git a/src/main/java/org/owasp/esapi/AccessReferenceMap.java b/src/main/java/org/owasp/esapi/AccessReferenceMap.java
index a20338e18..5f7e4e73c 100644
--- a/src/main/java/org/owasp/esapi/AccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/AccessReferenceMap.java
@@ -1,176 +1,176 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AccessControlException;
-
-import java.io.Serializable;
-import java.util.Iterator;
-import java.util.Set;
-
-
-/**
- * The AccessReferenceMap interface is used to map from a set of internal
- * direct object references to a set of indirect references that are safe to
- * disclose publicly. This can be used to help protect database keys,
- * filenames, and other types of direct object references. As a rule, developers
- * should not expose their direct object references as it enables attackers to
- * attempt to manipulate them.
- * <P>
- * Indirect references are handled as strings, to facilitate their use in HTML.
- * Implementations can generate simple integers or more complicated random
- * character strings as indirect references. Implementations should probably add
- * a constructor that takes a list of direct references.
- * <P>
- * Note that in addition to defeating all forms of parameter tampering attacks,
- * there is a side benefit of the AccessReferenceMap. Using random strings as indirect object
- * references, as opposed to simple integers makes it impossible for an attacker to
- * guess valid identifiers. So if per-user AccessReferenceMaps are used, then request
- * forgery (CSRF) attacks will also be prevented.
- * 
- * <pre>
- * Set fileSet = new HashSet();
- * fileSet.addAll(...); // add direct references (e.g. File objects)
- * AccessReferenceMap map = new AccessReferenceMap( fileSet );
- * // store the map somewhere safe - like the session!
- * String indRef = map.getIndirectReference( file1 );
- * String href = &quot;http://www.aspectsecurity.com/esapi?file=&quot; + indRef );
- * ...
- * // if the indirect reference doesn't exist, it's likely an attack
- * // getDirectReference throws an AccessControlException
- * // you should handle as appropriate
- * String indref = request.getParameter( &quot;file&quot; );
- * File file = (File)map.getDirectReference( indref );
- * </pre>
- * 
- * <P>
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author Chris Schmidt (chrisisbeef@gmail.com)
- */
-public interface AccessReferenceMap<K> extends Serializable {
-
-	/**
-	 * Get an iterator through the direct object references. No guarantee is made as 
-	 * to the order of items returned.
-	 * 
-	 * @return the iterator
-	 */
-	Iterator iterator();
-
-	/**
-	 * Get a safe indirect reference to use in place of a potentially sensitive
-	 * direct object reference. Developers should use this call when building
-	 * URL's, form fields, hidden fields, etc... to help protect their private
-	 * implementation information.
-	 * 
-	 * @param directReference
-	 * 		the direct reference
-	 * 
-	 * @return 
-	 * 		the indirect reference
-	 */
-	<T> K getIndirectReference(T directReference);
-
-	/**
-	 * Get the original direct object reference from an indirect reference.
-	 * Developers should use this when they get an indirect reference from a
-	 * request to translate it back into the real direct reference. If an
-	 * invalid indirect reference is requested, then an AccessControlException is
-	 * thrown.
-    *
-    * If a type is implied the requested object will be cast to that type, if the
-    * object is not of the requested type, a AccessControlException will be thrown to
-    * the caller.
-    *
-    * For example:
-    * <pre>
-    * UserProfile profile = arm.getDirectReference( indirectRef );
-    * </pre>
-    *
-    * Will throw a AccessControlException if the object stored in memory is not of type
-    * UserProfile.
-    *
-    * However,
-    * <pre>
-    * Object uncastObject = arm.getDirectReference( indirectRef );
-    * </pre>
-    *
-    * Will never throw a AccessControlException as long as the object exists. If you are
-    * unsure of the object type of that an indirect reference references you should get
-    * the uncast object and test for type in the calling code.
-    * <pre>
-    * Object uncastProfile = arm.getDirectReference( indirectRef );
-    * if ( uncastProfile instanceof UserProfile ) {
-    *     UserProfile userProfile = (UserProfile) uncastProfile;
-    *     // ...
-    * } else {
-    *     EmployeeProfile employeeProfile = (EmployeeProfile) uncastProfile;
-    *     // ...
-    * }
-    * </pre>
-	 * 
-	 * @param indirectReference
-	 * 		the indirect reference
-	 * 
-	 * @return 
-	 * 		the direct reference
-	 * 
-	 * @throws AccessControlException 
-	 * 		if no direct reference exists for the specified indirect reference
-    * @throws ClassCastException
-    *       if the implied type is not the same as the referenced object type
-	 */
-	<T> T getDirectReference(K indirectReference) throws AccessControlException;
-
-	/**
-	 * Adds a direct reference to the AccessReferenceMap, then generates and returns 
-	 * an associated indirect reference.
-	 *  
-	 * @param direct 
-	 * 		the direct reference
-	 * 
-	 * @return 
-	 * 		the corresponding indirect reference
-	 */
-	<T> K addDirectReference(T direct);
-	
-	/**
-	 * Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
-	 * 
-	 * @param direct 
-	 * 		the direct reference to remove
-	 * 
-	 * @return 
-	 * 		the corresponding indirect reference
-	 * 
-	 * @throws AccessControlException
-    *          if the reference does not exist.
-	 */
-	<T> K removeDirectReference(T direct) throws AccessControlException;
-
-	/**
-	 * Updates the access reference map with a new set of direct references, maintaining
-	 * any existing indirect references associated with items that are in the new list.
-	 * New indirect references could be generated every time, but that
-	 * might mess up anything that previously used an indirect reference, such
-	 * as a URL parameter. 
-	 * 
-	 * @param directReferences
-	 * 		a Set of direct references to add
-	 */
-	void update(Set directReferences);
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AccessControlException;
+
+import java.io.Serializable;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * The AccessReferenceMap interface is used to map from a set of internal
+ * direct object references to a set of indirect references that are safe to
+ * disclose publicly. This can be used to help protect database keys,
+ * filenames, and other types of direct object references. As a rule, developers
+ * should not expose their direct object references as it enables attackers to
+ * attempt to manipulate them.
+ * <P>
+ * Indirect references are handled as strings, to facilitate their use in HTML.
+ * Implementations can generate simple integers or more complicated random
+ * character strings as indirect references. Implementations should probably add
+ * a constructor that takes a list of direct references.
+ * <P>
+ * Note that in addition to defeating all forms of parameter tampering attacks,
+ * there is a side benefit of the AccessReferenceMap. Using random strings as indirect object
+ * references, as opposed to simple integers makes it impossible for an attacker to
+ * guess valid identifiers. So if per-user AccessReferenceMaps are used, then request
+ * forgery (CSRF) attacks will also be prevented.
+ *
+ * <pre>
+ * Set fileSet = new HashSet();
+ * fileSet.addAll(...); // add direct references (e.g. File objects)
+ * AccessReferenceMap map = new AccessReferenceMap( fileSet );
+ * // store the map somewhere safe - like the session!
+ * String indRef = map.getIndirectReference( file1 );
+ * String href = &quot;http://www.aspectsecurity.com/esapi?file=&quot; + indRef );
+ * ...
+ * // if the indirect reference doesn't exist, it's likely an attack
+ * // getDirectReference throws an AccessControlException
+ * // you should handle as appropriate
+ * String indref = request.getParameter( &quot;file&quot; );
+ * File file = (File)map.getDirectReference( indref );
+ * </pre>
+ *
+ * <P>
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author Chris Schmidt (chrisisbeef@gmail.com)
+ */
+public interface AccessReferenceMap<K> extends Serializable {
+
+    /**
+     * Get an iterator through the direct object references. No guarantee is made as
+     * to the order of items returned.
+     *
+     * @return the iterator
+     */
+    Iterator iterator();
+
+    /**
+     * Get a safe indirect reference to use in place of a potentially sensitive
+     * direct object reference. Developers should use this call when building
+     * URL's, form fields, hidden fields, etc... to help protect their private
+     * implementation information.
+     *
+     * @param directReference
+     *         the direct reference
+     *
+     * @return
+     *         the indirect reference
+     */
+    <T> K getIndirectReference(T directReference);
+
+    /**
+     * Get the original direct object reference from an indirect reference.
+     * Developers should use this when they get an indirect reference from a
+     * request to translate it back into the real direct reference. If an
+     * invalid indirect reference is requested, then an AccessControlException is
+     * thrown.
+    *
+    * If a type is implied the requested object will be cast to that type, if the
+    * object is not of the requested type, a AccessControlException will be thrown to
+    * the caller.
+    *
+    * For example:
+    * <pre>
+    * UserProfile profile = arm.getDirectReference( indirectRef );
+    * </pre>
+    *
+    * Will throw a AccessControlException if the object stored in memory is not of type
+    * UserProfile.
+    *
+    * However,
+    * <pre>
+    * Object uncastObject = arm.getDirectReference( indirectRef );
+    * </pre>
+    *
+    * Will never throw a AccessControlException as long as the object exists. If you are
+    * unsure of the object type of that an indirect reference references you should get
+    * the uncast object and test for type in the calling code.
+    * <pre>
+    * Object uncastProfile = arm.getDirectReference( indirectRef );
+    * if ( uncastProfile instanceof UserProfile ) {
+    *     UserProfile userProfile = (UserProfile) uncastProfile;
+    *     // ...
+    * } else {
+    *     EmployeeProfile employeeProfile = (EmployeeProfile) uncastProfile;
+    *     // ...
+    * }
+    * </pre>
+     *
+     * @param indirectReference
+     *         the indirect reference
+     *
+     * @return
+     *         the direct reference
+     *
+     * @throws AccessControlException
+     *         if no direct reference exists for the specified indirect reference
+    * @throws ClassCastException
+    *       if the implied type is not the same as the referenced object type
+     */
+    <T> T getDirectReference(K indirectReference) throws AccessControlException;
+
+    /**
+     * Adds a direct reference to the AccessReferenceMap, then generates and returns
+     * an associated indirect reference.
+     *
+     * @param direct
+     *         the direct reference
+     *
+     * @return
+     *         the corresponding indirect reference
+     */
+    <T> K addDirectReference(T direct);
+
+    /**
+     * Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
+     *
+     * @param direct
+     *         the direct reference to remove
+     *
+     * @return
+     *         the corresponding indirect reference
+     *
+     * @throws AccessControlException
+    *          if the reference does not exist.
+     */
+    <T> K removeDirectReference(T direct) throws AccessControlException;
+
+    /**
+     * Updates the access reference map with a new set of direct references, maintaining
+     * any existing indirect references associated with items that are in the new list.
+     * New indirect references could be generated every time, but that
+     * might mess up anything that previously used an indirect reference, such
+     * as a URL parameter.
+     *
+     * @param directReferences
+     *         a Set of direct references to add
+     */
+    void update(Set directReferences);
+}
diff --git a/src/main/java/org/owasp/esapi/Authenticator.java b/src/main/java/org/owasp/esapi/Authenticator.java
index 9cb401345..4e83903d5 100644
--- a/src/main/java/org/owasp/esapi/Authenticator.java
+++ b/src/main/java/org/owasp/esapi/Authenticator.java
@@ -1,324 +1,345 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Set;
-
-
-/**
- * The Authenticator interface defines a set of methods for generating and
- * handling account credentials and session identifiers. The goal of this
- * interface is to encourage developers to protect credentials from disclosure
- * to the maximum extent possible.
- * <P>
- * One possible implementation relies on the use of a thread local variable to
- * store the current user's identity. The application is responsible for calling
- * setCurrentUser() as soon as possible after each HTTP request is received. The
- * value of getCurrentUser() is used in several other places in this API. This
- * eliminates the need to pass a user object to methods throughout the library.
- * For example, all of the logging, access control, and exception calls need
- * access to the currently logged in user.
- * <P>
- * The goal is to minimize the responsibility of the developer for
- * authentication. In this example, the user simply calls authenticate with the
- * current request and the name of the parameters containing the username and
- * password. The implementation should verify the password if necessary, create
- * a session if necessary, and set the user as the current user.
- * 
- * <pre>
- * public void doPost(ServletRequest request, ServletResponse response) {
- * try {
- * User user = ESAPI.authenticator().login(request, response);
- * // continue with authenticated user
- * } catch (AuthenticationException e) {
- * // handle failed authentication (it's already been logged)
- * }
- * </pre>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Authenticator {
-
-	/**
-	 * Clears the current User. This allows the thread to be reused safely.
-     * 
-     * This clears all threadlocal variables from the thread. This should ONLY be called after
-     * all possible ESAPI operations have concluded. If you clear too early, many calls will
-     * fail, including logging, which requires the user identity.  
-	 */
-	void clearCurrent();
-
-	/**
-	 * Calls login with the *current* request and response.
-	 * @return Authenticated {@code User} if login is successful.
-	 * @see HTTPUtilities#setCurrentHTTP(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	User login() throws AuthenticationException;
-	
-	/**
-	 * This method should be called for every HTTP request, to login the current user either from the session of HTTP
-     * request. This method will set the current user so that getCurrentUser() will work properly. 
-	 * 
-	 * Authenticates the user's credentials from the HttpServletRequest if
-	 * necessary, creates a session if necessary, and sets the user as the
-	 * current user.
-	 * 
-	 * Specification:  The implementation should do the following:
-     * 	1) Check if the User is already stored in the session
-     * 		a. If so, check that session absolute and inactivity timeout have not expired
-     * 		b. Step 2 may not be required if 1a has been satisfied
-     * 	2) Verify User credentials
-     * 		a. It is recommended that you use 
-     * 			loginWithUsernameAndPassword(HttpServletRequest, HttpServletResponse) to verify credentials
-     * 	3) Set the last host of the User (ex.  user.setLastHostAddress(address) )
-     * 	4) Verify that the request is secure (ex. over SSL)
-     * 	5) Verify the User account is allowed to be logged in
-     * 		a. Verify the User is not disabled, expired or locked
-     * 	6) Assign User to session variable      	
-	 * 
-	 * @param request
-	 *            the current HTTP request
-	 * @param response
-	 *            the HTTP response
-	 * 
-	 * @return 
-	 * 		the User
-	 * 
-	 * @throws AuthenticationException
-	 *             if the credentials are not verified, or if the account is disabled, locked, expired, or timed out
-	 */
-	User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException;
-
-	/**
-	 * Verify that the supplied password matches the password for this user. Password should
-	 * be stored as a hash. It is recommended you use the hashPassword(password, accountName) method
-	 * in this class.
-	 * This method is typically used for "reauthentication" for the most sensitive functions, such
-	 * as transactions, changing email address, and changing other account information.
-	 * 
-	 * @param user 
-	 * 		the user who requires verification
-	 * @param password 
-	 * 		the hashed user-supplied password
-	 * 
-	 * @return 
-	 * 		true, if the password is correct for the specified user
-	 */
-	boolean verifyPassword(User user, String password);
-	
-	/**
-	 * Logs out the current user.
-	 * 
-	 * This is usually done by calling User.logout on the current User. 
-	 */
-    void logout();
-
-	/**
-	 * Creates a new User with the information provided. Implementations should check
-	 * accountName and password for proper format and strength against brute force 
-	 * attacks ( verifyAccountNameStrength(String), verifyPasswordStrength(String, String)  ).
-	 * 
-	 * Two copies of the new password are required to encourage user interface designers to
-	 * include a "re-type password" field in their forms. Implementations should verify that 
-	 * both are the same. 
-	 * 
-	 * @param accountName 
-	 * 		the account name of the new user
-	 * @param password1 
-	 * 		the password of the new user
-	 * @param password2 
-	 * 		the password of the new user.  This field is to encourage user interface designers to include two password fields in their forms.
-	 * 
-	 * @return 
-	 * 		the User that has been created 
-	 * 
-	 * @throws AuthenticationException 
-	 * 		if user creation fails due to any of the qualifications listed in this method's description
-	 */
-	User createUser(String accountName, String password1, String password2) throws AuthenticationException;
-
-	/**
-	 * Generate a strong password. Implementations should use a large character set that does not
-	 * include confusing characters, such as i I 1 l 0 o and O.  There are many algorithms to
-	 * generate strong memorable passwords that have been studied in the past.
-	 * 
-	 * @return 
-	 * 		a password with strong password strength
-	 */
-	String generateStrongPassword();
-
-	/**
-	 * Generate strong password that takes into account the user's information and old password. Implementations
-	 * should verify that the new password does not include information such as the username, fragments of the
-	 * old password, and other information that could be used to weaken the strength of the password.
-	 * 
-	 * @param user 
-	 * 		the user whose information to use when generating password
-	 * @param oldPassword 
-	 * 		the old password to use when verifying strength of new password.  The new password may be checked for fragments of oldPassword.
-	 * 
-	 * @return 
-	 * 		a password with strong password strength
-	 */
-	String generateStrongPassword(User user, String oldPassword);
-
-	/**
-	 * Changes the password for the specified user. This requires the current password, as well as 
-	 * the password to replace it with. The new password should be checked against old hashes to be sure the new password does not closely resemble or equal any recent passwords for that User.
-	 * Password strength should also be verified.  This new password must be repeated to ensure that the user has typed it in correctly.
-	 * 
-	 * @param user 
-	 * 		the user to change the password for
-	 * @param currentPassword 
-	 * 		the current password for the specified user
-	 * @param newPassword 
-	 * 		the new password to use
-	 * @param newPassword2 
-	 * 		a verification copy of the new password
-	 * 
-	 * @throws AuthenticationException 
-	 * 		if any errors occur
-	 */
-	void changePassword(User user, String currentPassword, String newPassword, String newPassword2) throws AuthenticationException;
-	
-	/**
-	 * Returns the User matching the provided accountId.  If the accoundId is not found, an Anonymous
-	 * User or null may be returned.
-	 * 
-	 * @param accountId
-	 *            the account id
-	 * 
-	 * @return 
-	 * 		the matching User object, or the Anonymous User if no match exists
-	 */
-	User getUser(long accountId);
-		
-	/**
-	 * Returns the User matching the provided accountName.  If the accoundId is not found, an Anonymous
-	 * User or null may be returned.
-	 * 
-	 * @param accountName
-	 *            the account name
-	 * 
-	 * @return 
-	 * 		the matching User object, or the Anonymous User if no match exists
-	 */
-	User getUser(String accountName);
-
-	/**
-	 * Gets a collection containing all the existing user names.
-	 * 
-	 * @return 
-	 * 		a set of all user names
-	 */
-	Set getUserNames();
-
-	/**
-	 * Returns the currently logged in User.
-	 * 
-	 * @return 
-	 * 		the matching User object, or the Anonymous User if no match
-	 *         exists
-	 */
-	User getCurrentUser();
-
-	/**
-	 * Sets the currently logged in User.
-	 * 
-	 * @param user
-	 *          the user to set as the current user
-	 */
-	void setCurrentUser(User user);
-
-	/**
-	 * Returns a string representation of the hashed password, using the
-	 * accountName as the salt. The salt helps to prevent against "rainbow"
-	 * table attacks where the attacker pre-calculates hashes for known strings.
-	 * This method specifies the use of the user's account name as the "salt"
-	 * value. The Encryptor.hash method can be used if a different salt is
-	 * required.
-	 * 
-	 * @param password
-	 *            the password to hash
-	 * @param accountName
-	 *            the account name to use as the salt
-	 * 
-	 * @return 
-     * 		the hashed password
-     * @throws EncryptionException
-	 */
-	String hashPassword(String password, String accountName) throws EncryptionException;
-
-	/**
-	 * Removes the account of the specified accountName.
-	 * 
-	 * @param accountName
-	 *            the account name to remove
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception if user does not exist
-	 */
-	void removeUser(String accountName) throws AuthenticationException;
-
-	/**
-	 * Ensures that the account name passes site-specific complexity requirements, like minimum length.
-	 * 
-	 * @param accountName
-	 *            the account name
-	 * 
-	 * @throws AuthenticationException
-	 *             if account name does not meet complexity requirements
-	 */
-	void verifyAccountNameStrength(String accountName) throws AuthenticationException;
-
-	/**
-	 * Ensures that the password meets site-specific complexity requirements, like length or number 
-	 * of character sets. This method takes the old password so that the algorithm can analyze the 
-	 * new password to see if it is too similar to the old password. Note that this has to be
-	 * invoked when the user has entered the old password, as the list of old
-	 * credentials stored by ESAPI is all hashed.
-	 * Additionally, the user object is taken in order to verify the password and account name differ.
-	 * 
-	 * @param oldPassword
-	 *            the old password
-	 * @param newPassword
-	 *            the new password
-	 * @param user
-	 * 			  the user
-	 * 
-	 * @throws AuthenticationException
-	 *				if newPassword is too similar to oldPassword or if newPassword does not meet complexity requirements
-	 */
-	void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException;
-
-	/**
-	 * Determine if the account exists.
-	 * 
-	 * @param accountName
-	 *            the account name
-	 * 
-	 * @return true, if the account exists
-	 */
-	boolean exists(String accountName);
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Set;
+
+
+/**
+ * The Authenticator interface defines a set of methods for generating and
+ * handling account credentials and session identifiers. The goal of this
+ * interface is to encourage developers to protect credentials from disclosure
+ * to the maximum extent possible.
+ * <P>
+ * One possible implementation relies on the use of a thread local variable to
+ * store the current user's identity. The application is responsible for calling
+ * setCurrentUser() as soon as possible after each HTTP request is received. The
+ * value of getCurrentUser() is used in several other places in this API. This
+ * eliminates the need to pass a user object to methods throughout the library.
+ * For example, all of the logging, access control, and exception calls need
+ * access to the currently logged in user.
+ * <P>
+ * The goal is to minimize the responsibility of the developer for
+ * authentication. In this example, the user simply calls authenticate with the
+ * current request and the name of the parameters containing the username and
+ * password. The implementation should verify the password if necessary, create
+ * a session if necessary, and set the user as the current user.
+ *
+ * <pre>
+ * public void doPost(ServletRequest request, ServletResponse response) {
+ * try {
+ * User user = ESAPI.authenticator().login(request, response);
+ * // continue with authenticated user
+ * } catch (AuthenticationException e) {
+ * // handle failed authentication (it's already been logged)
+ * }
+ * </pre>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Authenticator {
+
+    /**
+     * Clears the current User. This allows the thread to be reused safely.
+     *
+     * This clears all threadlocal variables from the thread. This should ONLY be called after
+     * all possible ESAPI operations have concluded. If you clear too early, many calls will
+     * fail, including logging, which requires the user identity.
+     */
+    void clearCurrent();
+
+    /**
+     * Calls login with the *current* request and response.
+     * @return Authenticated {@code User} if login is successful.
+     * @see HTTPUtilities#setCurrentHTTP(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+     */
+    User login() throws AuthenticationException;
+
+    /**
+     * This method should be called for every HTTP request, to login the current user either from the session of HTTP
+     * request. This method will set the current user so that getCurrentUser() will work properly.
+     *
+     * Authenticates the user's credentials from the HttpServletRequest if
+     * necessary, creates a session if necessary, and sets the user as the
+     * current user.
+     *
+     * Specification:  The implementation should do the following:
+     *     1) Check if the User is already stored in the session
+     *         a. If so, check that session absolute and inactivity timeout have not expired
+     *         b. Step 2 may not be required if 1a has been satisfied
+     *     2) Verify User credentials
+     *         a. It is recommended that you use
+     *             loginWithUsernameAndPassword(HttpServletRequest, HttpServletResponse) to verify credentials
+     *     3) Set the last host of the User (ex.  user.setLastHostAddress(address) )
+     *     4) Verify that the request is secure (ex. over SSL)
+     *     5) Verify the User account is allowed to be logged in
+     *         a. Verify the User is not disabled, expired or locked
+     *     6) Assign User to session variable
+     *
+     * @param request
+     *            the current HTTP request
+     * @param response
+     *            the HTTP response
+     *
+     * @return
+     *         the User
+     *
+     * @throws AuthenticationException
+     *             if the credentials are not verified, or if the account is disabled, locked, expired, or timed out
+     */
+    User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException;
+
+    /**
+     * Verify that the supplied password matches the password for this user. Password should
+     * be stored as a hash. By default, this method verifies password hashes created via the
+     * {@code hashPassword(password, accountName)} method in this class, however see WARNING
+     * the {@code hashPassword} method.
+     * <p>
+     * This method is typically used for "reauthentication" for the most sensitive functions, such
+     * as transactions, changing email address, and changing other account information.
+     *
+     * @param user
+     *         the user who requires verification
+     * @param password
+     *         the hashed user-supplied password
+     *
+     * @return
+     *         true, if the password is correct for the specified user
+     *
+     * @see #hashPassword(String password, String accountName)
+     */
+    boolean verifyPassword(User user, String password);
+
+    /**
+     * Logs out the current user.
+     *
+     * This is usually done by calling User.logout on the current User.
+     */
+    void logout();
+
+    /**
+     * Creates a new User with the information provided. Implementations should check
+     * accountName and password for proper format and strength against brute force
+     * attacks ( verifyAccountNameStrength(String), verifyPasswordStrength(String, String)  ).
+     *
+     * Two copies of the new password are required to encourage user interface designers to
+     * include a "re-type password" field in their forms. Implementations should verify that
+     * both are the same.
+     * <p>
+     * <b>WARNING:</b> The implementation of this method as defined in the
+     * default reference implementation class, {@code FileBasedAuthenticator},
+     * uses a password hash algorithm that is known to be weak. You are advised
+     * to replace the default reference implementation class with your own custom
+     * implementation that uses a stronger password hashing algorithm.
+     * See class comments in * {@code FileBasedAuthenticator} for further details.
+     *
+     * @param accountName
+     *         the account name of the new user
+     * @param password1
+     *         the password of the new user
+     * @param password2
+     *         the password of the new user.  This field is to encourage user interface designers to include two password fields in their forms.
+     *
+     * @return
+     *         the User that has been created
+     *
+     * @throws AuthenticationException
+     *         if user creation fails due to any of the qualifications listed in this method's description
+     */
+    User createUser(String accountName, String password1, String password2) throws AuthenticationException;
+
+    /**
+     * Generate a strong password. Implementations should use a large character set that does not
+     * include confusing characters, such as i I 1 l 0 o and O.  There are many algorithms to
+     * generate strong memorable passwords that have been studied in the past.
+     *
+     * @return
+     *         a password with strong password strength
+     */
+    String generateStrongPassword();
+
+    /**
+     * Generate strong password that takes into account the user's information and old password. Implementations
+     * should verify that the new password does not include information such as the username, fragments of the
+     * old password, and other information that could be used to weaken the strength of the password.
+     *
+     * @param user
+     *         the user whose information to use when generating password
+     * @param oldPassword
+     *         the old password to use when verifying strength of new password.  The new password may be checked for fragments of oldPassword.
+     *
+     * @return
+     *         a password with strong password strength
+     */
+    String generateStrongPassword(User user, String oldPassword);
+
+    /**
+     * Changes the password for the specified user. This requires the current password, as well as
+     * the password to replace it with. The new password should be checked against old hashes to be sure the new password does not closely resemble or equal any recent passwords for that User.
+     * Password strength should also be verified.  This new password must be repeated to ensure that the user has typed it in correctly.
+     *
+     * @param user
+     *         the user to change the password for
+     * @param currentPassword
+     *         the current password for the specified user
+     * @param newPassword
+     *         the new password to use
+     * @param newPassword2
+     *         a verification copy of the new password
+     *
+     * @throws AuthenticationException
+     *         if any errors occur
+     */
+    void changePassword(User user, String currentPassword, String newPassword, String newPassword2) throws AuthenticationException;
+
+    /**
+     * Returns the User matching the provided accountId.  If the accoundId is not found, an Anonymous
+     * User or null may be returned.
+     *
+     * @param accountId
+     *            the account id
+     *
+     * @return
+     *         the matching User object, or the Anonymous User if no match exists
+     */
+    User getUser(long accountId);
+
+    /**
+     * Returns the User matching the provided accountName.  If the accoundId is not found, an Anonymous
+     * User or null may be returned.
+     *
+     * @param accountName
+     *            the account name
+     *
+     * @return
+     *         the matching User object, or the Anonymous User if no match exists
+     */
+    User getUser(String accountName);
+
+    /**
+     * Gets a collection containing all the existing user names.
+     *
+     * @return
+     *         a set of all user names
+     */
+    Set getUserNames();
+
+    /**
+     * Returns the currently logged in User.
+     *
+     * @return
+     *         the matching User object, or the Anonymous User if no match
+     *         exists
+     */
+    User getCurrentUser();
+
+    /**
+     * Sets the currently logged in User.
+     *
+     * @param user
+     *          the user to set as the current user
+     */
+    void setCurrentUser(User user);
+
+    /**
+     * Returns a string representation of the hashed password, using the
+     * accountName as the salt. The salt helps to prevent against "rainbow"
+     * table attacks where the attacker pre-calculates hashes for known strings.
+     * This method specifies the use of the user's account name as the "salt"
+     * value. The Encryptor.hash method can be used if a different salt is
+     * required.
+     * <p>
+     * <b>WARNING:</b> The implementation of this method as defined in the
+     * default reference implementation class, {@code FileBasedAuthenticator},
+     * is know to be extremely weak. The reference implementation class was
+     * meant to be an example implementation and generally should be avoided
+     * and replaced with your own implementation. See class comments in
+     * {@code FileBasedAuthenticator} for further details.
+     *
+     * @param password
+     *            the password to hash
+     * @param accountName
+     *            the account name to use as the salt
+     *
+     * @return
+     *         the hashed password
+     * @throws EncryptionException
+     *
+     * @see org.owasp.esapi.reference.FileBasedAuthenticator FileBasedAuthenticator,
+     *                          the default reference implementation of this interface.
+     */
+    String hashPassword(String password, String accountName) throws EncryptionException;
+
+    /**
+     * Removes the account of the specified accountName.
+     *
+     * @param accountName
+     *            the account name to remove
+     *
+     * @throws AuthenticationException
+     *             the authentication exception if user does not exist
+     */
+    void removeUser(String accountName) throws AuthenticationException;
+
+    /**
+     * Ensures that the account name passes site-specific complexity requirements, like minimum length.
+     *
+     * @param accountName
+     *            the account name
+     *
+     * @throws AuthenticationException
+     *             if account name does not meet complexity requirements
+     */
+    void verifyAccountNameStrength(String accountName) throws AuthenticationException;
+
+    /**
+     * Ensures that the password meets site-specific complexity requirements, like length or number
+     * of character sets. This method takes the old password so that the algorithm can analyze the
+     * new password to see if it is too similar to the old password. Note that this has to be
+     * invoked when the user has entered the old password, as the list of old
+     * credentials stored by ESAPI is all hashed.
+     * Additionally, the user object is taken in order to verify the password and account name differ.
+     *
+     * @param oldPassword
+     *            the old password
+     * @param newPassword
+     *            the new password
+     * @param user
+     *               the user
+     *
+     * @throws AuthenticationException
+     *                if newPassword is too similar to oldPassword or if newPassword does not meet complexity requirements
+     */
+    void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException;
+
+    /**
+     * Determine if the account exists.
+     *
+     * @param accountName
+     *            the account name
+     *
+     * @return true, if the account exists
+     */
+    boolean exists(String accountName);
+
+}
diff --git a/src/main/java/org/owasp/esapi/ESAPI.java b/src/main/java/org/owasp/esapi/ESAPI.java
index de93a73f7..55e4d896d 100644
--- a/src/main/java/org/owasp/esapi/ESAPI.java
+++ b/src/main/java/org/owasp/esapi/ESAPI.java
@@ -1,195 +1,201 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2008 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @author Rogan Dawes <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2008
  */
 package org.owasp.esapi;
 
+import java.util.Arrays;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.owasp.esapi.util.ObjFactory;
+import org.owasp.esapi.errors.ConfigurationException;
 
 /**
  * ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
  * Use the set methods to override the reference implementations with instances of any custom ESAPI implementations.
  */
 public final class ESAPI {
-	private static String securityConfigurationImplName = System.getProperty("org.owasp.esapi.SecurityConfiguration", "org.owasp.esapi.reference.DefaultSecurityConfiguration");
-
-	/**
-	 * prevent instantiation of this class
-	 */
-	private ESAPI() {
-	}
-	
-    /**
-	 * Clears the current User, HttpRequest, and HttpResponse associated with the current thread. This method
-	 * MUST be called as some containers do not properly clear threadlocal variables when the execution of
-	 * a thread is complete. The suggested approach is to put this call in a finally block inside a filter.
-	 * <pre>
-		public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException {
-			try {
-				HttpServletRequest request = (HttpServletRequest) req;
-				HttpServletResponse response = (HttpServletResponse) resp;
-				ESAPI.httpUtilities().setCurrentHTTP(request, response);
-				ESAPI.authenticator().login();
-				chain.doFilter(request, response);
-			} catch (Exception e) {
-				logger.error( Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e );
-			} finally {
-				// VERY IMPORTANT
-				// clear out ThreadLocal variables
-				ESAPI.clearCurrent();
-			}
-		}
-	 * </pre>
-	 * The advantages of having identity everywhere are worth the risk here.
-	 */
-	public static void clearCurrent() {
-		authenticator().clearCurrent();
-		httpUtilities().clearCurrent();
-	}
-
-	/**
-	 * Get the current HTTP Servlet Request being processed.
-	 * @return the current HTTP Servlet Request.
-	 */
-	public static HttpServletRequest currentRequest() {
-		return httpUtilities().getCurrentRequest();
-	}
-	
-	/**
-	 * Get the current HTTP Servlet Response being generated.
-	 * @return the current HTTP Servlet Response.
-	 */
-	public static HttpServletResponse currentResponse() {
-		return httpUtilities().getCurrentResponse();
-	}
-	
-	/**
-	 * @return the current ESAPI AccessController object being used to maintain the access control rules for this application. 
-	 */
-	public static AccessController accessController() {
+    private static String securityConfigurationImplName = System.getProperty("org.owasp.esapi.SecurityConfiguration", "org.owasp.esapi.reference.DefaultSecurityConfiguration");
+
+    /**
+     * prevent instantiation of this class
+     */
+    private ESAPI() {
+    }
+
+    /**
+     * Clears the current User, HttpRequest, and HttpResponse associated with the current thread. This method
+     * MUST be called as some containers do not properly clear threadlocal variables when the execution of
+     * a thread is complete. The suggested approach is to put this call in a finally block inside a filter.
+     * <pre>
+        public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException {
+            try {
+                HttpServletRequest request = (HttpServletRequest) req;
+                HttpServletResponse response = (HttpServletResponse) resp;
+                ESAPI.httpUtilities().setCurrentHTTP(request, response);
+                ESAPI.authenticator().login();
+                chain.doFilter(request, response);
+            } catch (Exception e) {
+                logger.error( Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e );
+            } finally {
+                // VERY IMPORTANT
+                // clear out ThreadLocal variables
+                ESAPI.clearCurrent();
+            }
+        }
+     * </pre>
+     * The advantages of having identity everywhere are worth the risk here.
+     */
+    public static void clearCurrent() {
+        authenticator().clearCurrent();
+        httpUtilities().clearCurrent();
+    }
+
+    /**
+     * Get the current HTTP Servlet Request being processed.
+     * @return the current HTTP Servlet Request.
+     */
+    public static HttpServletRequest currentRequest() {
+        return httpUtilities().getCurrentRequest();
+    }
+
+    /**
+     * Get the current HTTP Servlet Response being generated.
+     * @return the current HTTP Servlet Response.
+     */
+    public static HttpServletResponse currentResponse() {
+        return httpUtilities().getCurrentResponse();
+    }
+
+    /**
+     * @return the current ESAPI AccessController object being used to maintain the access control rules for this application.
+     */
+    public static AccessController accessController() {
         return ObjFactory.make( securityConfiguration().getAccessControlImplementation(), "AccessController" );
-	}
+    }
 
-	/**
-	 * @return the current ESAPI Authenticator object being used to authenticate users for this application. 
-	 */
-	public static Authenticator authenticator() {
+    /**
+     * @return the current ESAPI Authenticator object being used to authenticate users for this application.
+     */
+    public static Authenticator authenticator() {
         return ObjFactory.make( securityConfiguration().getAuthenticationImplementation(), "Authenticator" );
-	}
+    }
 
-	/**
-	 * @return the current ESAPI Encoder object being used to encode and decode data for this application. 
-	 */
-	public static Encoder encoder() {
+    /**
+     * The ESAPI {@code Encoder} is primarily used to provide <i>output</i> encoding to
+     * prevent Cross-Site Scripting (XSS).
+     * @return the current ESAPI {@code Encoder} object being used to encode and decode data for this application.
+     */
+    public static Encoder encoder() {
         return ObjFactory.make( securityConfiguration().getEncoderImplementation(), "Encoder" );
-	}
+    }
 
-	/**
-	 * @return the current ESAPI Encryptor object being used to encrypt and decrypt data for this application. 
-	 */
-	public static Encryptor encryptor() {
+    /**
+     * ESAPI {@code Encryptor} provides a set of methods for performing common encryption, random number, and
+     * hashing operations.
+     * @return the current ESAPI {@code Encryptor} object being used to encrypt and decrypt data for this application.
+     */
+    public static Encryptor encryptor() {
         return ObjFactory.make( securityConfiguration().getEncryptionImplementation(), "Encryptor" );
-	}
+    }
 
-	/**
-	 * @return the current ESAPI Executor object being used to safely execute OS commands for this application. 
-	 */
-	public static Executor executor() {
+    /**
+     * @return the current ESAPI Executor object being used to safely execute OS commands for this application.
+     */
+    public static Executor executor() {
         return ObjFactory.make( securityConfiguration().getExecutorImplementation(), "Executor" );
-	}
+    }
 
-	/**
-	 * @return the current ESAPI HTTPUtilities object being used to safely access HTTP requests and responses 
-	 * for this application. 
-	 */
-	public static HTTPUtilities httpUtilities() {
+    /**
+     * @return the current ESAPI HTTPUtilities object being used to safely access HTTP requests and responses
+     * for this application.
+     */
+    public static HTTPUtilities httpUtilities() {
         return ObjFactory.make( securityConfiguration().getHTTPUtilitiesImplementation(), "HTTPUtilities" );
-	}
+    }
 
-	/**
-	 * @return the current ESAPI IntrusionDetector being used to monitor for intrusions in this application. 
-	 */
-	public static IntrusionDetector intrusionDetector() {
+    /**
+     * @return the current ESAPI IntrusionDetector being used to monitor for intrusions in this application.
+     */
+    public static IntrusionDetector intrusionDetector() {
         return ObjFactory.make( securityConfiguration().getIntrusionDetectionImplementation(), "IntrusionDetector" );
-	}
-
-	/**
-	 * Get the current LogFactory being used by ESAPI. If there isn't one yet, it will create one, and then 
-	 * return this same LogFactory from then on.
-	 * @return The current LogFactory being used by ESAPI.
-	 */
-	private static LogFactory logFactory() {
+    }
+
+    /**
+     * Get the current LogFactory being used by ESAPI. If there isn't one yet, it will create one, and then
+     * return this same LogFactory from then on.
+     * @return The current LogFactory being used by ESAPI.
+     */
+    private static LogFactory logFactory() {
         return ObjFactory.make( securityConfiguration().getLogImplementation(), "LogFactory" );
-	}
-	
-	/**
-	 * @param clazz The class to associate the logger with.
-	 * @return The current Logger associated with the specified class.
-	 */
-	@SuppressWarnings("unchecked")		// Because Eclipse wants Class<T> instead.
-	public static Logger getLogger(Class clazz) {
-		return logFactory().getLogger(clazz);
-	}
-	
-	/**
-	 * @param moduleName The module to associate the logger with.
-	 * @return The current Logger associated with the specified module.
-	 */
-	public static Logger getLogger(String moduleName) {
-		return logFactory().getLogger(moduleName);
-	}
-	
-	/**
-	 * @return The default Logger.
-	 */
-	public static Logger log() {
+    }
+
+    /**
+     * @param clazz The class to associate the logger with.
+     * @return The current Logger associated with the specified class.
+     */
+    public static Logger getLogger(Class clazz) {
+        return logFactory().getLogger(clazz);
+    }
+
+    /**
+     * @param moduleName The module to associate the logger with.
+     * @return The current Logger associated with the specified module.
+     */
+    public static Logger getLogger(String moduleName) {
+        return logFactory().getLogger(moduleName);
+    }
+
+    /**
+     * @return The default Logger.
+     */
+    public static Logger log() {
         return logFactory().getLogger("DefaultLogger");
     }
-	
-	/**
-	 * @return the current ESAPI Randomizer being used to generate random numbers in this application. 
-	 */
-	public static Randomizer randomizer() {
+
+    /**
+     * @return the current ESAPI Randomizer being used to generate random numbers in this application.
+     */
+    public static Randomizer randomizer() {
         return ObjFactory.make( securityConfiguration().getRandomizerImplementation(), "Randomizer" );
-	}
+    }
 
     private static volatile SecurityConfiguration overrideConfig = null;
 
-	/**
-	 * @return the current ESAPI SecurityConfiguration being used to manage the security configuration for 
-	 * ESAPI for this application. 
-	 */
-	public static SecurityConfiguration securityConfiguration() {
-		// copy the volatile into a non-volatile to prevent TOCTTOU race condition
-		SecurityConfiguration override = overrideConfig;
-		if ( override != null ) {
-			return override;
+    /**
+     * @return the current ESAPI SecurityConfiguration being used to manage the security configuration for
+     * ESAPI for this application.
+     */
+    public static SecurityConfiguration securityConfiguration() {
+        // copy the volatile into a non-volatile to prevent TOCTTOU race condition
+        SecurityConfiguration override = overrideConfig;
+        if ( override != null ) {
+            return override;
         }
 
         return ObjFactory.make( securityConfigurationImplName, "SecurityConfiguration" );
-	}
+    }
 
-	/**
-	 * @return the current ESAPI Validator being used to validate data in this application. 
-	 */
-	public static Validator validator() {
+    /**
+     * @return the current ESAPI Validator being used to validate data in this application.
+     */
+    public static Validator validator() {
         return ObjFactory.make( securityConfiguration().getValidationImplementation(), "Validator" );
-	}
+    }
 
     // TODO: This should probably use the SecurityManager or some value within the current
     // securityConfiguration to determine if this method is allowed to be called. This could
@@ -215,10 +221,79 @@ public static String initialize( String impl ) {
      * To clear an overridden Configuration, simple call this method with null for the config
      * parameter.
      *
-     * @param config
-     * @return
+     * @param config The new security configuration.
      */
     public static void override( SecurityConfiguration config ) {
         overrideConfig = config;
     }
+
+    // KWW - OPEN ISSUE: I don't like placing this here, but it's convenient and I
+    //       don't really know a better place for it and would rather not create
+    //       a whole new utility class just to use it.
+    /**
+     * Determine if a given fully qualified (ESAPI) method name has been explicitly
+     * enabled in the <b>ESAPI.properties</b>'s file via the property name
+     * <b>ESAPI.dangerouslyAllowUnsafeMethods.methodNames</b>. Note that there
+     * is no real reason for an ESAPI client to use this, It is intended for
+     * interal use,
+     * </p><p>
+     * The reason this method exists is because certain (other) ESAPI method names
+     * are considered "unsafe" and therefore should be used with extra caution.
+     * These "unsafe" methods may include methods that are:
+     * <ul>
+     * <li>Deprecated and thus no longer suggested for long term use.</li>
+     * <li>Methods where the programming contract is not in itself sufficient to ensure safety alone
+     * and developers are expected to take addional actions on their own to secure their application.</li>
+     * <li>Methods that are using some unpatched transitive dependency that we haven't firmly
+     * established grounds for it not being exploitable in the manner that ESAPI uses it.</li>
+     * <li>Methods whose reference implementations are not scalable to the enterprise level.</li>
+     * </ul>
+     * <i>Public</i> methods that are not in that list for the above ESAPI property
+     * are generally are considered enabled and okay to use unless their Javadoc
+     * indicates otherwise.
+     * </p><p>
+     * Note that this method is intended primarilly for internal ESAPI use and if we were
+     * using Java Modules (in JDK 9 and later), this method would not be exported.
+     * </p><p>
+     * For further details, please see the ESAPI GitHub wiki article,
+     * <a href="https://github.com/ESAPI/esapi-java-legacy/wiki/Reducing-the-ESAPI-Library's-Attack-Surface">"Reducing the ESAPI Library's Attack Surface"</a>.
+     * @param fullyQualifiedMethodName A fully qualified ESAPI class name (so, should start
+     *              "org.owasp.esapi.") followed by the method name (but without
+     *              parenthesis or any parameter signature information.
+     * @return {@code true} if the parameter {@code fullyQualifiedMethodName} is in the comma-separated
+     *         list of values in the ESAPI property <b>ESAPI.dangerouslyAllowUnsafeMethods.methodNames</b>,
+     *         otherwise {@code false} is returned.
+     */
+    public static boolean isMethodExplicityEnabled(String fullyQualifiedMethodName) {
+        if ( fullyQualifiedMethodName == null || fullyQualifiedMethodName.trim().isEmpty() ) {
+            throw new IllegalArgumentException("Program error: fullyQualifiedMethodName parameter cannot be null or empty");
+        }
+        String desiredMethodName = fullyQualifiedMethodName.trim();
+            // This regex is too liberal to be anything more than just a trivial
+            // sanity test to protect against typos.
+        if ( !desiredMethodName.matches("^org\\.owasp\\.esapi\\.(\\p{Alnum}|\\.)*$") ) {
+            throw new IllegalArgumentException("Program error: fullyQualifiedMethodName must start with " +
+                                               "'org.owasp.esapi.' and be a valid method name.");
+        }
+
+        String enabledMethods = null;
+        try {
+            // Need to do this w/in a try/catch because if the property is not
+            // found, getStringProp will throw a ConfigurationException rather
+            // than returning a null.
+            enabledMethods = securityConfiguration().getStringProp("ESAPI.dangerouslyAllowUnsafeMethods.methodNames");
+        } catch( ConfigurationException cex ) {
+            return false;   // Property not found at all.
+        }
+
+
+        // Split it up by ',' and then filter it by finding the first on that
+        // matches the desired method name passed in as the method parameter.
+        // If no matches, return the empty string.
+        String result = Arrays.stream( enabledMethods.trim().split(",") )
+                                  .filter(methodName -> methodName.trim().equals( desiredMethodName ) )
+                                  .findFirst()
+                                  .orElse("");
+        return !result.isEmpty();
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 3bce42fc4..409b27b24 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -1,516 +1,761 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.IOException;
-
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.errors.EncodingException;
-
-
-/**
- * The Encoder interface contains a number of methods for decoding input and encoding output
- * so that it will be safe for a variety of interpreters. To prevent
- * double-encoding, callers should make sure input does not already contain encoded characters
- * by calling canonicalize. Validator implementations should call canonicalize on user input
- * <b>before</b> validating to prevent encoded attacks.
- * <p>
- * All of the methods must use a "whitelist" or "positive" security model.
- * For the encoding methods, this means that all characters should be encoded, except for a specific list of
- * "immune" characters that are known to be safe.
- * <p>
- * The Encoder performs two key functions, encoding and decoding. These functions rely
- * on a set of codecs that can be found in the org.owasp.esapi.codecs package. These include:
- * <ul><li>CSS Escaping</li>
- * <li>HTMLEntity Encoding</li>
- * <li>JavaScript Escaping</li>
- * <li>MySQL Escaping</li>
- * <li>Oracle Escaping</li>
- * <li>Percent Encoding (aka URL Encoding)</li>
- * <li>Unix Escaping</li>
- * <li>VBScript Escaping</li>
- * <li>Windows Encoding</li></ul>
- * <p>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Encoder {
-	
-	/**
-	 * Standard character sets
-	 */
-
-	/**  
-	 * @deprecated Use {@link EncoderConstants#CHAR_LOWERS} instead
-	 */
-	@Deprecated
-	public final static char[] CHAR_LOWERS = EncoderConstants.CHAR_LOWERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_UPPERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_UPPERS = EncoderConstants.CHAR_UPPERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_DIGITS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_DIGITS = EncoderConstants.CHAR_DIGITS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_SPECIALS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_SPECIALS = EncoderConstants.CHAR_SPECIALS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_LETTERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_LETTERS = EncoderConstants.CHAR_LETTERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_ALPHANUMERICS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_ALPHANUMERICS = EncoderConstants.CHAR_ALPHANUMERICS;
-	
-	
-	/**
-	 * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
-	 * selected specials like + (bad for URL encoding, | is like i and 1,
-	 * etc...)
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LOWERS} instead
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_LOWERS = EncoderConstants.CHAR_PASSWORD_LOWERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_UPPERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_UPPERS = EncoderConstants.CHAR_PASSWORD_UPPERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_DIGITS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_DIGITS = EncoderConstants.CHAR_PASSWORD_DIGITS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_SPECIALS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_SPECIALS = EncoderConstants.CHAR_PASSWORD_SPECIALS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LETTERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_LETTERS = EncoderConstants.CHAR_PASSWORD_LETTERS;
-    
-
-
-	/**
-	 * This method is equivalent to calling <pre>Encoder.canonicalize(input, restrictMultiple, restrictMixed);</pre>
-	 *
-	 * The default values for restrictMultiple and restrictMixed come from ESAPI.properties
-	 * <pre>
-	 * Encoder.AllowMultipleEncoding=false
-	 * Encoder.AllowMixedEncoding=false
-	 * </pre>
-	 *
-	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 * 
-	 * @param input the text to canonicalize
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input);
-	
-	/**
-	 * This method is the equivalent to calling <pre>Encoder.canonicalize(input, strict, strict);</pre>
-	 *
-	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 *  
-	 * @param input 
-	 * 		the text to canonicalize
-	 * @param strict 
-	 * 		true if checking for multiple and mixed encoding is desired, false otherwise
-	 * 
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input, boolean strict);
-
-	/**
-	 * Canonicalization is simply the operation of reducing a possibly encoded
-	 * string down to its simplest form. This is important, because attackers
-	 * frequently use encoding to change their input in a way that will bypass
-	 * validation filters, but still be interpreted properly by the target of
-	 * the attack. Note that data encoded more than once is not something that a
-	 * normal user would generate and should be regarded as an attack.
-	 * <p>
-     * Everyone <a href="http://cwe.mitre.org/data/definitions/180.html">says</a> you shouldn't do validation
-     * without canonicalizing the data first. This is easier said than done. The canonicalize method can
-     * be used to simplify just about any input down to its most basic form. Note that canonicalize doesn't
-     * handle Unicode issues, it focuses on higher level encoding and escaping schemes. In addition to simple
-     * decoding, canonicalize also handles:
-     * <ul><li>Perverse but legal variants of escaping schemes</li>
-     * <li>Multiple escaping (%2526 or &#x26;lt;)</li>
-     * <li>Mixed escaping (%26lt;)</li>
-     * <li>Nested escaping (%%316 or &%6ct;)</li>
-     * <li>All combinations of multiple, mixed, and nested encoding/escaping (%2&#x35;3c or &#x2526gt;)</li></ul>
-     * <p>
-     * Using canonicalize is simple. The default is just...
-     * <pre>
-     *     String clean = ESAPI.encoder().canonicalize( request.getParameter("input"));
-     * </pre>
-     * You need to decode untrusted data so that it's safe for ANY downstream interpreter or decoder. For
-     * example, if your data goes into a Windows command shell, then into a database, and then to a browser,
-     * you're going to need to decode for all of those systems. You can build a custom encoder to canonicalize
-     * for your application like this...
-     * <pre>
-     *     ArrayList list = new ArrayList();
-     *     list.add( new WindowsCodec() );
-     *     list.add( new MySQLCodec() );
-     *     list.add( new PercentCodec() );
-     *     Encoder encoder = new DefaultEncoder( list );
-     *     String clean = encoder.canonicalize( request.getParameter( "input" ));
-     * </pre>
-     * In ESAPI, the Validator uses the canonicalize method before it does validation.  So all you need to
-     * do is to validate as normal and you'll be protected against a host of encoded attacks.
-     * <pre>
-     *     String input = request.getParameter( "name" );
-     *     String name = ESAPI.validator().isValidInput( "test", input, "FirstName", 20, false);
-     * </pre>
-     * However, the default canonicalize() method only decodes HTMLEntity, percent (URL) encoding, and JavaScript
-     * encoding. If you'd like to use a custom canonicalizer with your validator, that's pretty easy too.
-     * <pre>
-     *     ... setup custom encoder as above
-     *     Validator validator = new DefaultValidator( encoder );
-     *     String input = request.getParameter( "name" );
-     *     String name = validator.isValidInput( "test", input, "name", 20, false);
-     * </pre>
-     * Although ESAPI is able to canonicalize multiple, mixed, or nested encoding, it's safer to not accept
-     * this stuff in the first place. In ESAPI, the default is "strict" mode that throws an IntrusionException
-     * if it receives anything not single-encoded with a single scheme. This is configurable
-     * in ESAPI.properties using the properties:
-	 * <pre>
-	 * Encoder.AllowMultipleEncoding=false
-	 * Encoder.AllowMixedEncoding=false
-	 * </pre>
-	 * This method allows you to override the default behavior by directly specifying whether to restrict
-	 * multiple or mixed encoding. Even if you disable restrictions, you'll still get
-     * warning messages in the log about each multiple encoding and mixed encoding received.
-     * <pre>
-     *     // disabling strict mode to allow mixed encoding
-     *     String url = ESAPI.encoder().canonicalize( request.getParameter("url"), false, false);
-     * </pre>
-	 *
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 *
-	 * @param input
-	 * 		the text to canonicalize
-	 * @param restrictMultiple
-	 * 		true if checking for multiple encoding is desired, false otherwise
-	 * @param restrictMixed
-	 * 		true if checking for mixed encoding is desired, false otherwise
-	 *
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed);
-
-	/**
-	 * Encode data for use in Cascading Style Sheets (CSS) content.
-	 * 
-	 * @see <a href="http://www.w3.org/TR/CSS21/syndata.html#escaped-characters">CSS Syntax [w3.org]</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for CSS
-	 * 
-	 * @return input encoded for CSS
-	 */
-	String encodeForCSS(String input);
-
-	/**
-	 * Encode data for use in HTML using HTML entity encoding
-	 * <p> 
-	 * Note that the following characters:
-	 * 00-08, 0B-0C, 0E-1F, and 7F-9F
-	 * <p>cannot be used in HTML. 
-	 * 
-	 * @see <a href="http://en.wikipedia.org/wiki/Character_encodings_in_HTML">HTML Encodings [wikipedia.org]</a> 
-	 * @see <a href="http://www.w3.org/TR/html4/sgml/sgmldecl.html">SGML Specification [w3.org]</a>
-     * @see <a href="http://www.w3.org/TR/REC-xml/#charsets">XML Specification [w3.org]</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for HTML
-	 * 
-	 * @return input encoded for HTML
-	 */
-	String encodeForHTML(String input);
-
-	/**
-     * Decodes HTML entities.
-     * @param input the <code>String</code> to decode
-     * @return the newly decoded <code>String</code>
-     */
-	String decodeForHTML(String input);
-		
-	/**
-	 * Encode data for use in HTML attributes.
-	 * 
-	 * @param input 
-	 * 		the text to encode for an HTML attribute
-	 * 
-	 * @return input encoded for use as an HTML attribute
-	 */
-	String encodeForHTMLAttribute(String input);
-
-
-    /**
-     * Encode data for insertion inside a data value or function argument in JavaScript. Including user data 
-     * directly inside a script is quite dangerous. Great care must be taken to prevent including user data
-     * directly into script code itself, as no amount of encoding will prevent attacks there.
-     * 
-     * Please note there are some JavaScript functions that can never safely receive untrusted data 
-     * as input – even if the user input is encoded.
-     * 
-     * For example:
-     * <pre>
-     *  &lt;script&gt;
-     *    &nbsp;&nbsp;window.setInterval('&lt;%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %&gt;');
-     *  &lt;/script&gt;
-     * </pre>
-     * @param input 
-     *          the text to encode for JavaScript
-     * 
-     * @return input encoded for use in JavaScript
-     */
-	String encodeForJavaScript(String input);
-
-	/**
-	 * Encode data for insertion inside a data value in a Visual Basic script. Putting user data directly
-	 * inside a script is quite dangerous. Great care must be taken to prevent putting user data
-	 * directly into script code itself, as no amount of encoding will prevent attacks there.
-	 * 
-	 * This method is not recommended as VBScript is only supported by Internet Explorer
-	 * 
-	 * @param input 
-	 * 		the text to encode for VBScript
-	 * 
-	 * @return input encoded for use in VBScript
-	 */
-	String encodeForVBScript(String input);
-
-
-	/**
-	 * Encode input for use in a SQL query, according to the selected codec 
-	 * (appropriate codecs include the MySQLCodec and OracleCodec).
-	 * 
-	 * This method is not recommended. The use of the PreparedStatement 
-	 * interface is the preferred approach. However, if for some reason 
-	 * this is impossible, then this method is provided as a weaker 
-	 * alternative. 
-	 * 
-	 * The best approach is to make sure any single-quotes are double-quoted.
-	 * Another possible approach is to use the {escape} syntax described in the
-	 * JDBC specification in section 1.5.6.
-	 * 
-	 * However, this syntax does not work with all drivers, and requires
-	 * modification of all queries.
-	 * 
-	 * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
-	 *  
-	 * @param codec 
-	 * 		a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
-	 * @param input 
-	 * 		the text to encode for SQL
-	 * 
-	 * @return input encoded for use in SQL
-	 */
-	String encodeForSQL(Codec codec, String input);
-
-    /**
-     * Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec). 
-     *
-     * Please note the following recommendations before choosing to use this method: 
-     * 
-     * 1)      It is strongly recommended that applications avoid making direct OS system calls if possible as such calls are not portable, and they are potentially unsafe. Please use language provided features if at all possible, rather than native OS calls to implement the desired feature.
-     * 2)      If an OS call cannot be avoided, then it is recommended that the program to be invoked be invoked directly (e.g., System.exec("nameofcommand" + "parameterstocommand");) as this avoids the use of the command shell. The "parameterstocommand" should of course be validated before passing them to the OS command.
-     * 3)      If you must use this method, then we recommend validating all user supplied input passed to the command shell as well, in addition to using this method in order to make the command shell invocation safe.
-     *  
-     * An example use of this method would be: System.exec("dir " + ESAPI.encodeForOS(WindowsCodec, "parameter(s)tocommandwithuserinput");
-     * 
-     * @param codec 
-     *      a Codec that declares which operating system 'input' is being encoded for (ie. Windows, Unix, etc.)
-     * @param input 
-     *      the text to encode for the command shell
-     * 
-     * @return input encoded for use in command shell
-     */
-	String encodeForOS(Codec codec, String input);
-
-	/**
-	 * Encode data for use in LDAP queries.
-	 * 
-	 * @param input 
-	 * 		the text to encode for LDAP
-	 * 
-	 * @return input encoded for use in LDAP
-	 */
-	String encodeForLDAP(String input);
-
-	/**
-	 * Encode data for use in an LDAP distinguished name.
-	 * 
-	 *  @param input 
-	 *  		the text to encode for an LDAP distinguished name
-	 * 
-	 *  @return input encoded for use in an LDAP distinguished name
-	 */
-	String encodeForDN(String input);
-
-	/**
-	 * Encode data for use in an XPath query.
-	 * 
-	 * NB: The reference implementation encodes almost everything and may over-encode. 
-	 * 
-	 * The difficulty with XPath encoding is that XPath has no built in mechanism for escaping
-	 * characters. It is possible to use XQuery in a parameterized way to
-	 * prevent injection. 
-	 * 
-	 * For more information, refer to <a
-	 * href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
-	 * article</a> which specifies the following list of characters as the most
-	 * dangerous: ^&"*';<>(). <a
-	 * href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
-	 * paper</a> suggests disallowing ' and " in queries.
-	 * 
-	 * @see <a href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">XPath Injection [ibm.com]</a>
-	 * @see <a href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">Blind XPath Injection [packetstormsecurity.org]</a>
-	 *  
-	 * @param input
-	 *      the text to encode for XPath
-	 * @return 
-	 * 		input encoded for use in XPath
-	 */
-	String encodeForXPath(String input);
-
-	/**
-	 * Encode data for use in an XML element. The implementation should follow the <a
-	 * href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-	 * Standard</a> from the W3C.
-	 * <p>
-	 * The use of a real XML parser is strongly encouraged. However, in the
-	 * hopefully rare case that you need to make sure that data is safe for
-	 * inclusion in an XML document and cannot use a parse, this method provides
-	 * a safe mechanism to do so.
-	 * 
-	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
-	 * 
-	 * @param input
-	 * 			the text to encode for XML
-	 * 
-	 * @return
-	 *			input encoded for use in XML
-	 */
-	String encodeForXML(String input);
-
-	/**
-	 * Encode data for use in an XML attribute. The implementation should follow
-	 * the <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-	 * Standard</a> from the W3C.
-	 * <p>
-	 * The use of a real XML parser is highly encouraged. However, in the
-	 * hopefully rare case that you need to make sure that data is safe for
-	 * inclusion in an XML document and cannot use a parse, this method provides
-	 * a safe mechanism to do so.
-	 * 
-	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
-	 * 
-	 * @param input
-	 * 			the text to encode for use as an XML attribute
-	 * 
-	 * @return 
-	 * 			input encoded for use in an XML attribute
-	 */
-	String encodeForXMLAttribute(String input);
-
-	/**
-	 * Encode for use in a URL. This method performs <a
-	 * href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
-	 * on the entire string.
-	 * 
-	 * @see <a href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for use in a URL
-	 * 
-	 * @return input 
-	 * 		encoded for use in a URL
-	 * 
-	 * @throws EncodingException 
-	 * 		if encoding fails
-	 */
-	String encodeForURL(String input) throws EncodingException;
-
-	/**
-	 * Decode from URL. Implementations should first canonicalize and
-	 * detect any double-encoding. If this check passes, then the data is decoded using URL
-	 * decoding.
-	 * 
-	 * @param input 
-	 * 		the text to decode from an encoded URL
-	 * 
-	 * @return 
-	 * 		the decoded URL value
-	 * 
-	 * @throws EncodingException 
-	 * 		if decoding fails
-	 */
-	String decodeFromURL(String input) throws EncodingException;
-
-	/**
-	 * Encode for Base64.
-	 * 
-	 * @param input 
-	 * 		the text to encode for Base64
-	 * @param wrap
-	 * 		the encoder will wrap lines every 64 characters of output
-	 * 
-	 * @return input encoded for Base64
-	 */
-	String encodeForBase64(byte[] input, boolean wrap);
-
-	/**
-	 * Decode data encoded with BASE-64 encoding.
-	 * 
-	 * @param input 
-	 * 		the Base64 text to decode
-	 * 
-	 * @return input 
-	 * 		decoded from Base64
-	 * 
-	 * @throws IOException
-	 */
-	byte[] decodeFromBase64(String input) throws IOException;
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007-2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.IOException;
+import java.net.URI;
+
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.errors.EncodingException;
+
+
+/**
+ * The {@code Encoder} interface contains a number of methods for decoding input and encoding output
+ * so that it will be safe for a variety of interpreters. Its primary use is to
+ * provide <i>output</i> encoding to prevent XSS.
+ * <p>
+ * To prevent double-encoding, callers should make sure input does not already contain encoded characters
+ * by calling one of the {@code canonicalize()} methods. Validator implementations should call
+ * {@code canonicalize()} on user input <b>before</b> validating to prevent encoded attacks.
+ * </p><p>
+ * All of the methods <b>must</b> use an "allow list" or "positive" security model rather
+ * than a "deny list" or "negative" security model.  For the encoding methods, this means that
+ * all characters should be encoded, except for a specific list of "immune" characters that are
+ * known to be safe.
+ * </p><p>
+ * The {@code Encoder} performs two key functions, encoding (also referred to as "escaping" in this Javadoc)
+ * and decoding. These functions rely on a set of codecs that can be found in the
+ * {@code org.owasp.esapi.codecs} package. These include:
+ * <ul>
+ * <li>CSS Escaping</li>
+ * <li>HTMLEntity Encoding</li>
+ * <li>JavaScript Escaping</li>
+ * <li>MySQL Database Escaping</li>
+ * <li>Oracle Database Escaping</li>
+ * <li>JSON Escaping</li>
+ * <li>Percent Encoding (aka URL Encoding)</li>
+ * <li>Unix Shell Escaping</li>
+ * <li>VBScript Escaping</li>
+ * <li>Windows Cmd Escaping</li>
+ * <li>LDAP Escaping</li>
+ * <li>XML and XML Attribute Encoding</li>
+ * <li>XPath Escaping</li>
+ * <li>Base64 Encoding</li>
+ * </ul>
+ * </p><p>
+ * The primary use of ESAPI {@code Encoder} is to prevent XSS vulnerabilities by
+ * providing output encoding using the various "encodeFor<i>XYZ</i>()" methods,
+ * where <i>XYZ</i> is one of CSS, HTML, HTMLAttribute, JavaScript, or URL. When
+ * using the ESAPI output encoders, it is important that you use the one for the
+ * <b>appropriate context</b> where the output will be rendered. For example, it
+ * the output appears in an JavaScript context, you should use {@code encodeForJavaScript}
+ * (note this includes all of the DOM JavaScript event handler attributes such as
+ * 'onfocus', 'onclick', 'onload', etc.). If the output would be rendered in an HTML
+ * attribute context (with the exception of the aforementioned 'onevent' type event
+ * handler attributes), you would use {@code encodeForHTMLAttribute}. If you are
+ * encoding anywhere a URL is expected (e.g., a 'href' attribute for for &lt;a&gt; or
+ * a 'src' attribute on a &lt;img&gt; tag, etc.), then you should use use {@code encodeForURL}.
+ * If encoding CSS, then use {@code encodeForCSS}. Etc. This is because there are
+ * different escaping requirements for these different contexts. Developers who are
+ * new to ESAPI or to defending against XSS vulnerabilities are highly encouraged to
+ * <i>first</i> read the
+ * <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" target="_blank" rel="noopener noreferreer">
+ * OWASP Cross-Site Scripting Prevention Cheat Sheet</a>.
+ * </p><p>
+ * Note that in addition to these encoder methods, ESAPI also provides a JSP Tag
+ * Library ({@code META-INF/esapi.tld}) in the ESAPI jar. This allows one to use
+ * the more convenient JSP tags in JSPs. These JSP tags are simply wrappers for the
+ * various these "encodeForX<i>XYZ</i>()" method docmented in this {@code Encoder}
+ * interface.
+ * </p><p>
+ * <b>Some important final words:</b>
+ * <ul>
+ * <li><b>Where to output encode for HTML rendering:</b>
+ * Knowing <i>where</i> to place the output encoding in your code
+ * is just as important as knowing which context (HTML, HTML attribute, CSS,
+ * JavaScript, or URL) to use for the output encoding and surprisingly the two
+ * are often related. In general, output encoding should be done just prior to the
+ * output being rendered (that is, as close to the 'sink' as possible) because that
+ * is what determines what the appropriate context is for the output encoding.
+ * In fact, doing output encoding on untrusted data that is stored and to
+ * be used later--whether stored in an HTTP session or in a database--is almost
+ * always considered an anti-pattern. An example of this is one gathers and
+ * stores some untrusted data item such as an email address from a user. A
+ * developer thinks "let's output encode this and store the encoded data in
+ * the database, thus making the untrusted data safe to use all the time, thus
+ * saving all of us developers all the encoding troubles later on". On the surface,
+ * that sounds like a reasonable approach. The problem is how to know what
+ * output encoding to use, not only for now, but for all possible <i>future</i>
+ * uses? It might be that the current application code base is only using it in
+ * an HTML context that is displayed in an HTML report or shown in an HTML
+ * context in the user's profile. But what if it is later used in a {@code mailto:} URL?
+ * Then instead of HTML encoding, it would need to have URL encoding. Similarly,
+ * what if there is a later switch made to use AJAX and the untrusted email
+ * address gets used in a JavaScript context? The complication is that even if
+ * you know with certainty today all the ways that an untrusted data item is
+ * used in your application, it is generally impossible to predict all the
+ * contexts that it may be used in the future, not only in your application, but
+ * in other applications that could access that data in the database.
+ * </li>
+ * <li><b>Avoiding multiple <i>nested</i> contexts:</b>
+ * A really tricky situation to get correct is when there are multiple nested
+ * encoding contexts. But far, the most common place this seems to come up is
+ * untrusted URLs used in JavaScript. How should you handle that? Well,
+ * the best way is to rewrite your code to avoid it!  An example of
+ * this that is well worth reading may be found at
+ * <a href="https://lists.owasp.org/pipermail/esapi-dev/2012-March/002090"
+ * target="_blank" rel="noopener noreferrer">ESAPI-DEV mailing list archives:
+ * URL encoding within JavaScript</a>. Be sure to read the entire thread.
+ * The question itself is too nuanced to be answered in Javadoc, but now,
+ * hopefully you are at least aware of the potential pitfalls. There is little
+ * available research or examples on how to do output encoding when multiple
+ * mixed encodings are required, although one that you may find useful is
+ * <a href="https://arxiv.org/pdf/1804.01862.pdf" target="_blank"
+ * rel="noopener noreferrer">
+ * Automated Detecting and Repair of Cross-SiteScripting Vulnerabilities through Unit Testing</a>
+ * It at least discusses a few of the common errors involved in multiple mixed
+ * encoding contexts.
+ * </li><li><b>A word about unit testing:</b>
+ * Unit testing this is hard. You may be satisfied with stopped after you have
+ * tested against the ubiquitous XSS test case of
+ * <pre>
+ *      &lt;/script&gt;alert(1)&lt;/script&gt;
+ * </pre>
+ * or similar simplistic XSS attack payloads and if that is properly encoded
+ * (or, you don't see an alert box popped in your browser), you consider it
+ * "problem fixed", and consider the unit testing sufficient. Unfortunately, that
+ * minimalist testing may not always detect places where you used the wrong output
+ * encoder. You need to do better. Fortunately, the aforementioned link,
+ * <a href="https://arxiv.org/pdf/1804.01862.pdf" target="_blank"
+ * rel="noopener noreferrer">
+ * Automated Detecting and Repair of Cross-SiteScripting Vulnerabilities through Unit Testing</a>
+ * provides some insight on this. You may also wish to look at the
+ * <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/test/java/org/owasp/esapi/reference/EncoderTest.java"
+ * target="_blank" rel="noopener noreferrer">ESAPI Encoder JUnittest cases</a> for ideas.
+ * If you are really ambitious, an excellent resource for XSS attack patterns is
+ * <a href="https://beefproject.com/" target="_blank" rel="noopener noreferrer">BeEF - The Browser Exploitation Framework Project</a>.
+ * </li><li><b>A final note on {@code Encoder} implementation details:</b>
+ * Most of the {@code Encoder} methods make extensive use of ESAPI's {@link org.owasp.esapi.codecs.Codec}
+ * classes under-the-hood. These {@code Codec} classes are intended for use for encoding and decoding
+ * input based on some particular context or specification.  While the OWASP team
+ * over the years have made every effort to be cautious--often going to extremes
+ * to make "safe harbor" decisions on harmful inputs other similar encoders assume are already safe
+ * (we did this to in order to protect the client's users from buggy browsers that don't adhere
+ * to the W3C HTML specications)&em;the various {@code Codec} implemtations can offer
+ * NO GUARANTEE of safety of the content being encoded or decoded. Therefore,
+ * it is highly advised to practice a security-in-depth approach for everything you do.
+ * By following that advice, you will minimize the impact and/or likelihood of any
+ * vulnerabilities from bugs in the ESAPI code or accidental misuse of the ESAPI
+ * library on your part. In particular, whenever there are cases where cients use
+ * any of these {@link org.owasp.esapi.codecs.Codec} classes directly, it is highly
+ * recommended to perform canonicalization followed by strict input valiation both
+ * prior to encoding and after decoding to protect your application from input-based
+ * attacks.
+ * </li>
+ * </ul>
+ * </p>
+ * @see <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">OWASP Cross-Site Scripting Prevention Cheat Sheet</a>
+ * @see org.owasp.esapi.Validator
+ * @see <a href="https://owasp.org/www-project-proactive-controls/v3/en/c4-encode-escape-data">OWASP Proactive Controls: C4: Encode and Escape Data</a>
+ * @see <a href="https://www.onwebsecurity.com/security/properly-encoding-and-escaping-for-the-web.html" target="_blank" rel="noopener noreferrer">Properly encoding and escaping for the web</a>
+ * @author Jeff Williams (jeff.williams .at. owasp.org)
+ * @since June 1, 2007
+ */
+public interface Encoder {
+
+    /**
+     * This method is equivalent to calling {@code Encoder.canonicalize(input, restrictMultiple, restrictMixed);}.
+     *
+     * The <i>default</i> values for {@code restrictMultiple} and {@code restrictMixed} come from {@code ESAPI.properties}.
+     * <pre>
+     * Encoder.AllowMultipleEncoding=false
+     * Encoder.AllowMixedEncoding=false
+     * </pre>
+     * and the default codecs that are used for canonicalization are the list
+     * of codecs that comes from:
+     * <pre>
+     * Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+     * </pre>
+     * (If the {@code Encoder.DefaultCodecList} property is null or not set,
+     * these same codecs are listed in the same order. Note that you may supply
+     * your own codec by using a fully cqualified class name of a class that
+     * implements {@code org.owasp.esapi.codecs.Codec<T>}.
+     *
+     * @see #canonicalize(String, boolean, boolean)
+     * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+     *
+     * @param input the text to canonicalize
+     * @return a String containing the canonicalized text
+     */
+    String canonicalize(String input);
+
+    /**
+     * This method is the equivalent to calling {@code Encoder.canonicalize(input, strict, strict);}.
+     *
+     * @see #canonicalize(String, boolean, boolean)
+     * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+     *
+     * @param input
+     *      the text to canonicalize
+     * @param strict
+     *      true if checking for multiple and mixed encoding is desired, false otherwise
+     *
+     * @return a String containing the canonicalized text
+     */
+    String canonicalize(String input, boolean strict);
+
+    /**
+     * Canonicalization is simply the operation of reducing a possibly encoded
+     * string down to its simplest form. This is important, because attackers
+     * frequently use encoding to change their input in a way that will bypass
+     * validation filters, but still be interpreted properly by the target of
+     * the attack. Note that data encoded more than once is not something that a
+     * normal user would generate and should be regarded as an attack.
+     * <p>
+     * Everyone <a href="http://cwe.mitre.org/data/definitions/180.html">says</a> you shouldn't do validation
+     * without canonicalizing the data first. This is easier said than done. The canonicalize method can
+     * be used to simplify just about any input down to its most basic form. Note that canonicalize doesn't
+     * handle Unicode issues, it focuses on higher level encoding and escaping schemes. In addition to simple
+     * decoding, canonicalize also handles:
+     * <ul><li>Perverse but legal variants of escaping schemes</li>
+     * <li>Multiple escaping (%2526 or &#x26;lt;)</li>
+     * <li>Mixed escaping (%26lt;)</li>
+     * <li>Nested escaping (%%316 or &amp;%6ct;)</li>
+     * <li>All combinations of multiple, mixed, and nested encoding/escaping (%2&#x35;3c or &#x2526gt;)</li></ul>
+     * <p>
+     * Using canonicalize is simple. The default is just...
+     * <pre>
+     *     String clean = ESAPI.encoder().canonicalize( request.getParameter("input"));
+     * </pre>
+     * You need to decode untrusted data so that it's safe for ANY downstream interpreter or decoder. For
+     * example, if your data goes into a Windows command shell, then into a database, and then to a browser,
+     * you're going to need to decode for all of those systems. You can build a custom encoder to canonicalize
+     * for your application like this...
+     * <pre>
+     *     ArrayList list = new ArrayList();
+     *     list.add( new WindowsCodec() );
+     *     list.add( new MySQLCodec() );
+     *     list.add( new PercentCodec() );
+     *     Encoder encoder = new DefaultEncoder( list );
+     *     String clean = encoder.canonicalize( request.getParameter( "input" ));
+     * </pre>
+     * or alternately, you can just customize {@code Encoder.DefaultCodecList} property
+     * in the {@code ESAPI.properties} file with your preferred codecs; for
+     * example:
+     * <pre>
+     * Encoder.DefaultCodecList=WindowsCodec,MySQLCodec,PercentCodec
+     * </pre>
+     * and then use:
+     * <pre>
+     *     Encoder encoder = ESAPI.encoder();
+     *     String clean = encoder.canonicalize( request.getParameter( "input" ));
+     * </pre>
+     * as you normally would. However, the downside to using the
+     * {@code ESAPI.properties} file approach does not allow you to vary your
+     * list of codecs that are used each time. The downside to using the
+     * {@code DefaultEncoder} constructor is that your code is now timed to
+     * specific reference implementations rather than just interfaces and those
+     * reference implementations are what is most likely to change in ESAPI 3.x.
+     * </p><p>
+     * In ESAPI, the {@code Validator} uses the {@code canonicalize} method before it does validation.  So all you need to
+     * do is to validate as normal and you'll be protected against a host of encoded attacks.
+     * <pre>
+     *     String input = request.getParameter( "name" );
+     *     String name = ESAPI.validator().isValidInput( "test", input, "FirstName", 20, false);
+     * </pre>
+     * However, the default canonicalize() method only decodes HTMLEntity, percent (URL) encoding, and JavaScript
+     * encoding. If you'd like to use a custom canonicalizer with your validator, that's pretty easy too.
+     * <pre>
+     *     ... setup custom encoder as above
+     *     Validator validator = new DefaultValidator( encoder );
+     *     String input = request.getParameter( "name" );
+     *     String name = validator.isValidInput( "test", input, "name", 20, false);
+     * </pre>
+     * Although ESAPI is able to canonicalize multiple, mixed, or nested encoding, it's safer to not accept
+     * this stuff in the first place. In ESAPI, the default is "strict" mode that throws an IntrusionException
+     * if it receives anything not single-encoded with a single scheme. This is configurable
+     * in {@code ESAPI.properties} using the properties:
+     * <pre>
+     * Encoder.AllowMultipleEncoding=false
+     * Encoder.AllowMixedEncoding=false
+     * </pre>
+     * This method allows you to override the default behavior by directly specifying whether to restrict
+     * multiple or mixed encoding. Even if you disable restrictions, you'll still get
+     * warning messages in the log about each multiple encoding and mixed encoding received.
+     * <pre>
+     *     // disabling strict mode to allow mixed encoding
+     *     String url = ESAPI.encoder().canonicalize( request.getParameter("url"), false, false);
+     * </pre>
+     * <b>WARNING #1!!!</b> Please note that this method is incompatible with URLs and if there exist any HTML Entities
+     * that correspond with parameter values in a URL such as "&amp;para;" in a URL like
+     * "https://foo.com/?bar=foo&amp;parameter=wrong" you will get a mixed encoding validation exception.
+     * <p>
+     * If you wish to canonicalize a URL/URI use the method {@code Encoder.getCanonicalizedURI(URI dirtyUri);}
+     * </p><p>
+     * <b>WARNING #2!!!</b> Even if you use {@code WindowsCodec} or {@code UnixCodec}
+     * as appropriate, file path names in the {@code input} parameter will <b><i>NOT</i></b>
+     * be canonicalized. It the failure of such file path name canonicalization
+     * presents a potential security issue, consider using one of the
+     * {@code Validator.getValidDirectoryPath()} methods instead of or in addition to this method.
+     *
+     * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+     * @see #canonicalize(String)
+     * @see #getCanonicalizedURI(URI dirtyUri)
+     * @see org.owasp.esapi.Validator#getValidDirectoryPath(java.lang.String, java.lang.String, java.io.File, boolean)
+     *
+     * @param input
+     *      the text to canonicalize
+     * @param restrictMultiple
+     *      true if checking for multiple encoding is desired, false otherwise
+     * @param restrictMixed
+     *      true if checking for mixed encoding is desired, false otherwise
+     *
+     * @return a String containing the canonicalized text
+     */
+    String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed);
+
+    /**
+     * Encode data for use in Cascading Style Sheets (CSS) content.
+     *
+     * @see <a href="http://www.w3.org/TR/CSS21/syndata.html#escaped-characters">CSS Syntax [w3.org]</a>
+     *
+     * @param untrustedData
+     *      the untrusted data to output encode for CSS
+     *
+     * @return the untrusted data safely output encoded for use in a CSS
+     */
+    String encodeForCSS(String untrustedData);
+
+    /**
+     * Encode data for use in HTML using HTML entity encoding
+     * <p>
+     * Note that the following characters:
+     * 00-08, 0B-0C, 0E-1F, and 7F-9F
+     * <p>cannot be used in HTML.
+     *
+     * @see <a href="http://en.wikipedia.org/wiki/Character_encodings_in_HTML">HTML Encodings [wikipedia.org]</a>
+     * @see <a href="http://www.w3.org/TR/html4/sgml/sgmldecl.html">SGML Specification [w3.org]</a>
+     * @see <a href="http://www.w3.org/TR/REC-xml/#charsets">XML Specification [w3.org]</a>
+     *
+     * @param untrustedData
+     *      the untrusted data to output encode for HTML
+     *
+     * @return the untrusted data safely output encoded for use in a HTML
+     */
+    String encodeForHTML(String untrustedData);
+
+    /**
+     * Decodes HTML entities.
+     * @param input the <code>String</code> to decode
+     * @return the newly decoded <code>String</code>
+     */
+    String decodeForHTML(String input);
+
+    /**
+     * Encode data for use in HTML attributes.
+     *
+     * @param untrustedData
+     *      the untrusted data to output encode for an HTML attribute
+     *
+     * @return the untrusted data safely output encoded for use in a use as an HTML attribute
+     */
+    String encodeForHTMLAttribute(String untrustedData);
+
+
+    /**
+     * Encode data for insertion inside a data value or function argument in JavaScript. Including user data
+     * directly inside a script is quite dangerous. Great care must be taken to prevent including user data
+     * directly into script code itself, as no amount of encoding will prevent attacks there.
+     *
+     * Please note there are some JavaScript functions that can never safely receive untrusted data
+     * as input – even if the user input is encoded.
+     *
+     * For example:
+     * <pre>
+     *  &lt;script&gt;
+     *    &nbsp;&nbsp;window.setInterval('&lt;%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %&gt;');
+     *  &lt;/script&gt;
+     * </pre>
+     * @param untrustedData
+     *          the untrusted data to output encode for JavaScript
+     *
+     * @return the untrusted data safely output encoded for use in a use in JavaScript
+     */
+    String encodeForJavaScript(String untrustedData);
+
+    /**
+     * Encode data for insertion inside a data value in a Visual Basic script. Putting user data directly
+     * inside a script is quite dangerous. Great care must be taken to prevent putting user data
+     * directly into script code itself, as no amount of encoding will prevent attacks there.
+     *
+     * This method is not recommended as VBScript is only supported by Internet Explorer
+     *
+     * @param untrustedData
+     *      the untrusted data to output encode for VBScript
+     *
+     * @return the untrusted data safely output encoded for use in a use in VBScript
+     */
+    String encodeForVBScript(String untrustedData);
+
+
+    /**
+     * Encode input for use in a SQL query, according to the selected codec
+     * (appropriate codecs include the {@link org.owasp.esapi.codecs.MySQLCodec}
+     * and {@link org.owasp.esapi.codecs.OracleCodec}), but see
+     * "<b>SECURITY WARNING</b>" below before using.
+     * <p>
+     * The this method attempts to ensure make sure any single-quotes are double-quoted
+     * (i.e., as '', not double-quotes, as in &quot;). Another possible approach
+     * is to use the {escape} syntax described in the JDBC specification in section 1.5.6.
+     * However, this syntax does not work with all drivers, and requires
+     * modification of all queries.
+     * </p><p>
+     * <b>SECURITY WARNING:</b> This method is <u>NOT</u> recommended. The use of the {@code PreparedStatement}
+     * interface is the preferred approach. However, if for some reason
+     * this is impossible, then this method is provided as a significantly weaker
+     * alternative. In particular, it should be noted that if all you do to
+     * address potential SQL Injection attacks is to use this method to escape
+     * parameters, you <i>will</i> fail miserably. According to the
+     * <a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">
+     * OWASP SQL Injection Prevention Cheat Sheet</a>, these are the primary
+     * defenses against SQL Injection (as of June 2025):
+     * <ul>
+     * <li>Option 1: Use of Prepared Statements (with Parameterized Queries)</li>
+     * <li>Option 2: Use of Properly Constructed Stored Procedures</li>
+     * <li>Option 3: Allow-list Input Validation</li>
+     * <li>Option 4: STRONGLY DISCOURAGED: Escaping All User Supplied Input</li>
+     * </ul>
+     * </p><p>
+     * According to "Option 4" (which is what this method implements), that OWASP Cheat Sheet
+     * states:
+     * <blockquote
+     * cite="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html#defense-option-4-strongly-discouraged-escaping-all-user-supplied-input">
+     * In this approach, the developer will escape all user input
+     * before putting it in a query. It is very database specific
+     * in its implementation. This methodology is frail compared
+     * to other defenses, and <b>we <i>CANNOT</i> guarantee that this option
+     * will prevent all SQL injections in all situations.</b>
+     * </blockquote>
+     * (Emphasis ours.)
+     * </p><p>
+     * Note you could give yourself a slightly better chance at success if prior to
+     * escaping by this method, you first canonicalize the input and run it through
+     * some strong allow-list validation. We will not provide anymore details than
+     * that, lest we encourage its misuse; however, it should be noted that resorting
+     * to use this method--especially by itself--should rarely, if ever, used. It
+     * is intended as a last ditch, emergency, Hail Mary effort. (To be honest, you'd
+     * likely have more success setting up a WAF such as
+     * <a href="https://modsecurity.org/">OWASP ModSecurity</a> and
+     * <a href="https://owasp.org/www-project-modsecurity-core-rule-set/">OWASP CRS</a>
+     * if you need a temporary emergency SQLi defense shield, but using {@code PreparedStatement}
+     * is still your best option if you have the time and resources.
+     * </p><p>
+     * <b>Note to AppSec / Security Auditor teams:</b> If see this method being used in
+     * application code, the risk of an exploitable SQLi vulnerability is still high. We
+     * stress the importance of the first two Options discussed in the
+     * <a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">
+     * OWASP SQL Injection Prevention Cheat Sheet</a>. If you allow this, we recommend only
+     * doing so for a limited time duration and in the meantime creating some sort of security
+     * exception ticket to track it.
+     * </p><p>
+     * <b>IMPORTANT NOTE:</b> If you really do insist enabling leg cannon mode and use
+     * this method, then you <i>MUST</i> follow these instructions. Failure to do so will
+     * result in a {@link org.owasp.esapi.errors.NotConfiguredByDefaultException} being
+     * thrown when you try to call it. Thus to make it work, you need to add the implementation
+     * method corresponding to this interace (defined in the property "<b>ESAPI.Encoder</b>"
+     * (wihch defaults to "org.owasp.esapi.reference.DefaultEncoder") in your "<b>ESAPI.properties</b>" file,
+     * to the ESAPI property "<b>ESAPI.dangerouslyAllowUnsafeMethods.methodNames</b>". See
+     * the Security Bulletin #13 document referenced below for additional details.
+     * </p>
+     * @see <a href="https://download.oracle.com/otn-pub/jcp/jdbc-4_2-mrel2-spec/jdbc4.2-fr-spec.pdf">JDBC Specification</a>
+     * @see <a href="https://docs.oracle.com/javase/8/docs/api/java/sql/PreparedStatement.html">java.sql.PreparedStatement</a>
+     * @see <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf">ESAPI Security Bulletin #13</a>
+     *
+     * @param codec
+     *      a {@link org.owasp.esapi.codecs.Codec} that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
+     * @param input
+     *      the text to encode for SQL
+     *
+     * @return input encoded for use in SQL
+     * @see <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf">
+     *              ESAPI Security Bulletin #13</a>
+     * @deprecated  This method is considered dangerous and not easily made safe and thus under strong
+     *              consideration to be removed within 1 years time after the 2.7.0.0 release. Please
+     *              see the referenced ESAPI Security Bulletin #13 for further details.
+     */
+     @Deprecated
+     String encodeForSQL(Codec codec, String input);
+
+    /**
+     * Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec).
+     *
+     * Please note the following recommendations before choosing to use this method:
+     *
+     * 1)      It is strongly recommended that applications avoid making direct OS system calls if possible as such calls are not portable, and they are potentially unsafe. Please use language provided features if at all possible, rather than native OS calls to implement the desired feature.
+     * 2)      If an OS call cannot be avoided, then it is recommended that the program to be invoked be invoked directly (e.g., System.exec("nameofcommand" + "parameterstocommand");) as this avoids the use of the command shell. The "parameterstocommand" should of course be validated before passing them to the OS command.
+     * 3)      If you must use this method, then we recommend validating all user supplied input passed to the command shell as well, in addition to using this method in order to make the command shell invocation safe.
+     *
+     * An example use of this method would be: System.exec("dir " + ESAPI.encodeForOS(WindowsCodec, "parameter(s)tocommandwithuserinput");
+     *
+     * @param codec
+     *      a Codec that declares which operating system 'input' is being encoded for (ie. Windows, Unix, etc.)
+     * @param input
+     *      the text to encode for the command shell
+     *
+     * @return input encoded for use in command shell
+     */
+    String encodeForOS(Codec codec, String input);
+
+    /**
+     * Encode data for use in LDAP queries. Wildcard (*) characters will be encoded.
+     *
+     * This encoder operates according to RFC 4515, Section 3. RFC 4515 says the following character ranges
+     * are valid: 0x01-0x27, 0x2B-0x5B and 0x5D-0x7F. Characters outside the ranges are hex encoded, and they
+     * include 0x00 (NUL), 0x28 (LPAREN), 0x29 (RPAREN), 0x2A (ASTERISK), and 0x5C (ESC). The encoder will also
+     * encode 0x2F (FSLASH), which is required by Microsoft Active Directory.
+     *
+     * NB: At ESAPI 2.5.3, {@code encodeForLDAP} began strict conformance with RFC 4515. Characters above 0x7F
+     * are converted to UTF-8, and then the byte sequences are hex encoded according to the RFC.
+     *
+     * @param input
+     *      the text to encode for LDAP
+     *
+     * @return input encoded for use in LDAP
+     *
+     * @see <a href="https://www.ietf.org/rfc/rfc4515.txt">RFC 4515, Lightweight Directory Access Protocol
+     * (LDAP): String Representation of Search Filters</a>
+     *
+     * @since ESAPI 1.3
+     */
+    String encodeForLDAP(String input);
+
+    /**
+     * Encode data for use in LDAP queries. You have the option whether or not to encode wildcard (*) characters.
+     *
+     * This encoder operates according to RFC 4515, Section 3. RFC 4515 says the following character ranges
+     * are valid: 0x01-0x27, 0x2B-0x5B and 0x5D-0x7F. Characters outside the ranges are hex encoded, and they
+     * include 0x00 (NUL), 0x28 (LPAREN), 0x29 (RPAREN), 0x2A (ASTERISK), and 0x5C (ESC). The encoder will also
+     * encode 0x2F (FSLASH), which is required by Microsoft Active Directory.
+     *
+     * NB: At ESAPI 2.5.3, {@code encodeForLDAP} began strict conformance with RFC 4515. Characters above 0x7F
+     * are converted to UTF-8, and then the byte sequences are hex encoded according to the RFC.
+     *
+     * @param input
+     *      the text to encode for LDAP
+     * @param encodeWildcards
+     *      whether or not wildcard (*) characters will be encoded.
+     *
+     * @return input encoded for use in LDAP
+     *
+     * @see <a href="https://www.ietf.org/rfc/rfc4515.txt">RFC 4515, Lightweight Directory Access Protocol
+     * (LDAP): String Representation of Search Filters</a>
+     *
+     * @since ESAPI 1.3
+     */
+    String encodeForLDAP(String input, boolean encodeWildcards);
+
+    /**
+     * Encode data for use in an LDAP distinguished name.
+     *
+     * This encoder operates according to RFC 4514, Section 3. RFC 4514 says the following character ranges
+     * are valid: 0x01-0x21, 0x23-0x2A, 0x2D-0x3A, 0x3D, 0x3F-0x5B, 0x5D-0x7F. Characters outside the ranges
+     * are hex encoded, and they include 0x00 (NUL), 0x22 (DQUOTE), 0x2B (PLUS), 0x2C (COMMA),
+     * 0x3B (SEMI), 0x3C (LANGLE), 0x3E (RANGLE) and 0x5C (ESC). The encoder will also encode 0x2F (FSLASH),
+     * which is required by Microsoft Active Directory. The leading and trailing characters in a distinguished
+     * name string will also have 0x20 (SPACE) and 0x23 (SHARP) encoded.
+     *
+     * NB: At ESAPI 2.5.3, {@code encodeForDN} began strict conformance with RFC 4514. Characters above 0x7F
+     * are converted to UTF-8, and then the byte sequences are hex encoded according to the RFC.
+     *
+     *  @param input
+     *          the text to encode for an LDAP distinguished name
+     *
+     *  @return input encoded for use in an LDAP distinguished name
+     *
+     *  @see <a href="https://www.ietf.org/rfc/rfc4514.txt">RFC 4514, Lightweight Directory Access Protocol
+     *  (LDAP): String Representation of Distinguished Names</a>
+     *
+     *  @since ESAPI 1.3
+     */
+    String encodeForDN(String input);
+
+    /**
+     * Encode data for use in an XPath query.
+     *
+     * NB: The reference implementation encodes almost everything and may over-encode.
+     *
+     * The difficulty with XPath encoding is that XPath has no built-in mechanism for escaping
+     * characters. It is possible to use XQuery in a parameterized way to
+     * prevent injection.
+     *
+     * For more information, refer to <a
+     * href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
+     * article</a> which specifies the following list of characters as the most
+     * dangerous: ^ & " * ' ; < > ( ) . <a
+     * href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
+     * paper</a> suggests disallowing ' and " in queries.
+     *
+     * @see <a href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">XPath Injection [ibm.com]</a>
+     * @see <a href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">Blind XPath Injection [packetstormsecurity.org]</a>
+     *
+     * @param input
+     *      the text to encode for XPath
+     * @return
+     *      input encoded for use in XPath
+     */
+    String encodeForXPath(String input);
+
+    /**
+     * Encode data for use in an XML element. The implementation should follow the <a
+     * href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
+     * from W3C.
+     * <p>
+     * The use of a real XML parser is strongly encouraged. However, in the
+     * hopefully rare case that you need to make sure that data is safe for
+     * inclusion in an XML document and cannot use a parser, this method provides
+     * a safe mechanism to do so.
+     *
+     * @see <a href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
+     *
+     * @param input
+     *          the text to encode for XML
+     *
+     * @return
+     *          input encoded for use in XML
+     */
+    String encodeForXML(String input);
+
+    /**
+     * Encode data for use in an XML attribute. The implementation should follow the <a
+     * href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
+     * from W3C.
+     * <p>
+     * The use of a real XML parser is highly encouraged. However, in the
+     * hopefully rare case that you need to make sure that data is safe for
+     * inclusion in an XML document and cannot use a parse, this method provides
+     * a safe mechanism to do so.
+     *
+     * @see <a href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
+     *
+     * @param input
+     *          the text to encode for use as an XML attribute
+     *
+     * @return
+     *          input encoded for use in an XML attribute
+     */
+    String encodeForXMLAttribute(String input);
+
+    /**
+     * Encode for use in a URL. This method performs <a
+     * href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
+     * on the entire string.
+     *
+     * @see <a href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
+     *
+     * @param input
+     *      the text to encode for use in a URL
+     *
+     * @return input
+     *      encoded for use in a URL
+     *
+     * @throws EncodingException
+     *      if encoding fails
+     */
+    String encodeForURL(String input) throws EncodingException;
+
+    /**
+     * Encode data for use in JSON strings. This method performs <a
+     * href="https://datatracker.ietf.org/doc/html/rfc8259#section-7">String escaping</a>
+     * on the entire string according to RFC 8259, Section 7.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8259#section-7">RFC 8259,
+     * The JavaScript Object Notation (JSON) Data Interchange Format, Section 7</a>
+     *
+     * @param input
+     *      the text to escape for JSON string
+     *
+     * @return input
+     *      escaped for use in JSON string
+     */
+    String encodeForJSON(String input);
+
+    /**
+     * Decode from URL. Implementations should first canonicalize and
+     * detect any double-encoding. If this check passes, then the data is decoded using URL
+     * decoding.
+     *
+     * @param input
+     *      the text to decode from an encoded URL
+     *
+     * @return
+     *      the decoded URL value
+     *
+     * @throws EncodingException
+     *      if decoding fails
+     */
+    String decodeFromURL(String input) throws EncodingException;
+
+    /**
+     * Encode for Base64.
+     *
+     * @param input
+     *      the text to encode for Base64
+     * @param wrap
+     *      the encoder will wrap lines every 64 characters of output
+     *
+     * @return input encoded for Base64
+     */
+    String encodeForBase64(byte[] input, boolean wrap);
+
+    /**
+     * Decode data encoded with BASE-64 encoding.
+     *
+     * @param input
+     *      the Base64 text to decode
+     *
+     * @return input decoded from Base64
+     *
+     * @throws IOException
+     */
+    byte[] decodeFromBase64(String input) throws IOException;
+
+    /**
+     * Get a version of the input URI that will be safe to run regex and other validations against.
+     * It is not recommended to persist this value as it will transform user input.  This method
+     * will not test to see if the URI is RFC-3986 compliant.
+     *
+     * @param dirtyUri
+     *      the tainted URI
+     * @return The canonicalized URI
+     */
+    String getCanonicalizedURI(URI dirtyUri);
+
+    /**
+     * Decode data encoded for JSON strings. This method removes <a
+     * href="https://datatracker.ietf.org/doc/html/rfc8259#section-7">String escaping</a>
+     * on the entire string according to RFC 8259, Section 7.
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc8259#section-7">RFC 8259,
+     * The JavaScript Object Notation (JSON) Data Interchange Format, Section 7</a>
+     *
+     * @param input
+     *      the JSON string to decode
+     *
+     * @return input
+     *      decoded from JSON string
+     */
+    String decodeFromJSON(String input);
+}
diff --git a/src/main/java/org/owasp/esapi/EncoderConstants.java b/src/main/java/org/owasp/esapi/EncoderConstants.java
index d1480276d..ec2cbfac4 100644
--- a/src/main/java/org/owasp/esapi/EncoderConstants.java
+++ b/src/main/java/org/owasp/esapi/EncoderConstants.java
@@ -1,117 +1,117 @@
-package org.owasp.esapi;
-
-import java.util.Set;
-
-import org.owasp.esapi.util.CollectionsUtil;
-
-/**
- * Common character classes used for input validation, output encoding, verifying password strength
- * CSRF token generation, generating salts, etc
- * @author Neil Matatall (neil.matatall .at. gmail.com)
- * @see User
- */
-public class EncoderConstants {
-	/**
-	 * !$*-.=?@_
-	 */
-	public final static char[] CHAR_PASSWORD_SPECIALS = { '!', '$', '*', '-', '.', '=', '?', '@', '_' };
-	public final static Set<Character> PASSWORD_SPECIALS;
-	static {
-		PASSWORD_SPECIALS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
-	}
-	
-	/**
-	 * a-b
-	 */
-	public final static char[] CHAR_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
-	public final static Set<Character> LOWERS;
-	static {
-		LOWERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
-	}
-	
-	/**
-	 * A-Z
-	 */
-	public final static char[] CHAR_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
-	public final static Set<Character> UPPERS;
-	static {
-		UPPERS = CollectionsUtil.arrayToSet(CHAR_UPPERS);
-	}
-	/**
-	 * 0-9
-	 */
-	public final static char[] CHAR_DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' };
-	public final static Set<Character> DIGITS;
-	static {
-		DIGITS = CollectionsUtil.arrayToSet(CHAR_DIGITS);
-	}
-	
-	/**
-	 * !$*+-.=?@^_|~
-	 */
-	public final static char[] CHAR_SPECIALS = { '!', '$', '*', '+', '-', '.', '=', '?', '@', '^', '_', '|', '~' };
-	public final static Set<Character> SPECIALS;
-	static {
-		SPECIALS = CollectionsUtil.arrayToSet(CHAR_SPECIALS);
-	}
-	
-	/**
-	 * CHAR_LOWERS union CHAR_UPPERS
-	 */
-	public final static char[] CHAR_LETTERS = StringUtilities.union(CHAR_LOWERS, CHAR_UPPERS);
-	public final static Set<Character> LETTERS;
-	static {
-		LETTERS = CollectionsUtil.arrayToSet(CHAR_LETTERS);
-	}
-	
-	/**
-	 * CHAR_LETTERS union CHAR_DIGITS
-	 */
-	public final static char[] CHAR_ALPHANUMERICS = StringUtilities.union(CHAR_LETTERS, CHAR_DIGITS);
-	public final static Set<Character> ALPHANUMERICS;
-	static {
-		ALPHANUMERICS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
-	}
-	
-	/**
-	 * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
-	 * selected specials like + (bad for URL encoding, | is like i and 1,
-	 * etc...)
-	 */
-	public final static char[] CHAR_PASSWORD_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
-	public final static Set<Character> PASSWORD_LOWERS;
-	static {
-		PASSWORD_LOWERS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
-	}
-	
-	/**
-	 * 
-	 */
-	public final static char[] CHAR_PASSWORD_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
-	public final static Set<Character> PASSWORD_UPPERS;
-	static {
-		PASSWORD_UPPERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_UPPERS);
-	}
-	
-	/**
-	 * 2-9
-	 */
-	public final static char[] CHAR_PASSWORD_DIGITS = { '2', '3', '4', '5', '6', '7', '8', '9' };
-	public final static Set<Character> PASSWORD_DIGITS;
-	static {
-		PASSWORD_DIGITS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_DIGITS);
-	}
-	
-	/**
-	 * CHAR_PASSWORD_LOWERS union CHAR_PASSWORD_UPPERS
-	 */
-	public final static char[] CHAR_PASSWORD_LETTERS = StringUtilities.union( CHAR_PASSWORD_LOWERS, CHAR_PASSWORD_UPPERS );
-	public final static Set<Character> PASSWORD_LETTERS;
-	static {
-		PASSWORD_LETTERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_LETTERS);
-	}
-
-	private EncoderConstants() {
-		// prevent instantiation
-	}
-}
+package org.owasp.esapi;
+
+import java.util.Set;
+
+import org.owasp.esapi.util.CollectionsUtil;
+
+/**
+ * Common character classes used for input validation, output encoding, verifying password strength
+ * CSRF token generation, generating salts, etc
+ * @author Neil Matatall (neil.matatall .at. gmail.com)
+ * @see User
+ */
+public class EncoderConstants {
+    /**
+     * !$*-.=?@_
+     */
+    public final static char[] CHAR_PASSWORD_SPECIALS = { '!', '$', '*', '-', '.', '=', '?', '@', '_' };
+    public final static Set<Character> PASSWORD_SPECIALS;
+    static {
+        PASSWORD_SPECIALS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
+    }
+
+    /**
+     * a-b
+     */
+    public final static char[] CHAR_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
+    public final static Set<Character> LOWERS;
+    static {
+        LOWERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
+    }
+
+    /**
+     * A-Z
+     */
+    public final static char[] CHAR_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
+    public final static Set<Character> UPPERS;
+    static {
+        UPPERS = CollectionsUtil.arrayToSet(CHAR_UPPERS);
+    }
+    /**
+     * 0-9
+     */
+    public final static char[] CHAR_DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' };
+    public final static Set<Character> DIGITS;
+    static {
+        DIGITS = CollectionsUtil.arrayToSet(CHAR_DIGITS);
+    }
+
+    /**
+     * !$*+-.=?@^_|~
+     */
+    public final static char[] CHAR_SPECIALS = { '!', '$', '*', '+', '-', '.', '=', '?', '@', '^', '_', '|', '~' };
+    public final static Set<Character> SPECIALS;
+    static {
+        SPECIALS = CollectionsUtil.arrayToSet(CHAR_SPECIALS);
+    }
+
+    /**
+     * CHAR_LOWERS union CHAR_UPPERS
+     */
+    public final static char[] CHAR_LETTERS = StringUtilities.union(CHAR_LOWERS, CHAR_UPPERS);
+    public final static Set<Character> LETTERS;
+    static {
+        LETTERS = CollectionsUtil.arrayToSet(CHAR_LETTERS);
+    }
+
+    /**
+     * CHAR_LETTERS union CHAR_DIGITS
+     */
+    public final static char[] CHAR_ALPHANUMERICS = StringUtilities.union(CHAR_LETTERS, CHAR_DIGITS);
+    public final static Set<Character> ALPHANUMERICS;
+    static {
+        ALPHANUMERICS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
+    }
+
+    /**
+     * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
+     * selected specials like + (bad for URL encoding, | is like i and 1,
+     * etc...)
+     */
+    public final static char[] CHAR_PASSWORD_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
+    public final static Set<Character> PASSWORD_LOWERS;
+    static {
+        PASSWORD_LOWERS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
+    }
+
+    /**
+     *
+     */
+    public final static char[] CHAR_PASSWORD_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
+    public final static Set<Character> PASSWORD_UPPERS;
+    static {
+        PASSWORD_UPPERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_UPPERS);
+    }
+
+    /**
+     * 2-9
+     */
+    public final static char[] CHAR_PASSWORD_DIGITS = { '2', '3', '4', '5', '6', '7', '8', '9' };
+    public final static Set<Character> PASSWORD_DIGITS;
+    static {
+        PASSWORD_DIGITS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_DIGITS);
+    }
+
+    /**
+     * CHAR_PASSWORD_LOWERS union CHAR_PASSWORD_UPPERS
+     */
+    public final static char[] CHAR_PASSWORD_LETTERS = StringUtilities.union( CHAR_PASSWORD_LOWERS, CHAR_PASSWORD_UPPERS );
+    public final static Set<Character> PASSWORD_LETTERS;
+    static {
+        PASSWORD_LETTERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_LETTERS);
+    }
+
+    private EncoderConstants() {
+        // prevent instantiation
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/EncryptedProperties.java b/src/main/java/org/owasp/esapi/EncryptedProperties.java
index e95b1b858..b1db53112 100644
--- a/src/main/java/org/owasp/esapi/EncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/EncryptedProperties.java
@@ -1,112 +1,112 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Set;
-
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The {@code EncryptedProperties} interface represents a properties file
- * where all the data is encrypted before it is added, and decrypted when it
- * retrieved. This interface can be implemented in a number of ways, the
- * simplest being extending {@link java.util.Properties} and overloading
- * the {@code getProperty} and {@code setProperty} methods. In all cases,
- * the master encryption key, as given by the {@code Encryptor.MasterKey}
- * property in <b><code>ESAPI.properties</code></b> file.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface EncryptedProperties {
-
-	/**
-	 * Gets the property value from the encrypted store, decrypts it, and
-	 * returns the plaintext value to the caller.
-	 * 
-	 * @param key
-	 *      the name of the property to get 
-	 * 
-	 * @return 
-	 * 	The decrypted property value. null if the key is not set.
-	 * 
-	 * @throws EncryptionException
-	 *      if the property could not be decrypted
-	 */
-	String getProperty(String key) throws EncryptionException;
-
-	/**
-	 * Encrypts the plaintext property value and stores the ciphertext value
-	 * in the encrypted store.
-	 * 
-	 * @param key
-	 *      the name of the property to set
-	 * @param value
-	 * 		the value of the property to set
-	 * 
-	 * @return 
-	 * 		the previously encrypted property value for the specified key, or
-	 *      {@code null} if it did not have one.
-	 * 
-	 * @throws EncryptionException
-	 *      if the property could not be encrypted
-	 */
-	String setProperty(String key, String value) throws EncryptionException;
-	
-	/**
-	 * Returns a {@code Set} view of properties. The {@code Set} is backed by a
-	 * {@code java.util.Hashtable}, so changes to the {@code Hashtable} are
-	 * reflected in the {@code Set}, and vice-versa. The {@code Set} supports element 
-	 * removal (which removes the corresponding entry from the {@code Hashtable),
-	 * but not element addition.
-	 * 
-	 * @return 
-	 * 		a set view of the properties contained in this map.
-	 */
-	public Set<?> keySet();
-		
-	/**
-	 * Reads a property list (key and element pairs) from the input stream.
-	 * 
-	 * @param in
-	 * 		the input stream that contains the properties file
-	 * 
-	 * @throws IOException
-	 *      Signals that an I/O exception has occurred.
-	 */
-	public void load(InputStream in) throws IOException;
-	
-	/**
-	 * Writes this property list (key and element pairs) in this Properties table to 
-	 * the output stream in a format suitable for loading into a Properties table using the load method. 
-	 * 
-	 * @param out
-	 * 		the output stream that contains the properties file
-	 * @param comments
-	 *            a description of the property list (ex. "Encrypted Properties File").
-	 * 
-	 * @throws IOException
-	 *             Signals that an I/O exception has occurred.
-	 */
-	public void store(OutputStream out, String comments) throws IOException;	
-	
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007-2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.Set;
+
+import org.owasp.esapi.errors.EncryptionException;
+
+
+/**
+ * The {@code EncryptedProperties} interface represents a properties file
+ * where all the data is encrypted before it is added, and decrypted when it
+ * retrieved. This interface can be implemented in a number of ways, the
+ * simplest being extending {@link java.util.Properties} and overloading
+ * the {@code getProperty} and {@code setProperty} methods. In all cases,
+ * the master encryption key, as given by the {@code Encryptor.MasterKey}
+ * property in <b><code>ESAPI.properties</code></b> file.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface EncryptedProperties {
+
+    /**
+     * Gets the property value from the encrypted store, decrypts it, and
+     * returns the plaintext value to the caller.
+     *
+     * @param key
+     *      the name of the property to get
+     *
+     * @return
+     *     The decrypted property value. null if the key is not set.
+     *
+     * @throws EncryptionException
+     *      if the property could not be decrypted
+     */
+    String getProperty(String key) throws EncryptionException;
+
+    /**
+     * Encrypts the plaintext property value and stores the ciphertext value
+     * in the encrypted store.
+     *
+     * @param key
+     *      the name of the property to set
+     * @param value
+     *         the value of the property to set
+     *
+     * @return
+     *         the previously encrypted property value for the specified key, or
+     *      {@code null} if it did not have one.
+     *
+     * @throws EncryptionException
+     *      if the property could not be encrypted
+     */
+    String setProperty(String key, String value) throws EncryptionException;
+
+    /**
+     * Returns a {@code Set} view of properties. The {@code Set} is backed by a
+     * {@code java.util.Hashtable}, so changes to the {@code Hashtable} are
+     * reflected in the {@code Set}, and vice-versa. The {@code Set} supports element
+     * removal (which removes the corresponding entry from the {@code Hashtable},
+     * but not element addition.
+     *
+     * @return
+     *         a set view of the properties contained in this map.
+     */
+    Set<?> keySet();
+
+    /**
+     * Reads a property list (key and element pairs) from the input stream.
+     *
+     * @param in
+     *         the input stream that contains the properties file
+     *
+     * @throws IOException
+     *      Signals that an I/O exception has occurred.
+     */
+    void load(InputStream in) throws IOException;
+
+    /**
+     * Writes this property list (key and element pairs) in this Properties table to
+     * the output stream in a format suitable for loading into a Properties table using the load method.
+     *
+     * @param out
+     *         the output stream that contains the properties file
+     * @param comments
+     *            a description of the property list (ex. "Encrypted Properties File").
+     *
+     * @throws IOException
+     *             Signals that an I/O exception has occurred.
+     */
+    void store(OutputStream out, String comments) throws IOException;
+
+
+}
diff --git a/src/main/java/org/owasp/esapi/Encryptor.java b/src/main/java/org/owasp/esapi/Encryptor.java
index 35bf094dd..c1729a839 100644
--- a/src/main/java/org/owasp/esapi/Encryptor.java
+++ b/src/main/java/org/owasp/esapi/Encryptor.java
@@ -1,318 +1,316 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright &copy; 2007,2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @created 2007
- */
-package org.owasp.esapi;
-
-import javax.crypto.SecretKey;
-
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.IntegrityException;
-
-
-/**
- * The Encryptor interface provides a set of methods for performing common
- * encryption, random number, and hashing operations. Implementations should
- * rely on a strong cryptographic implementation, such as JCE or BouncyCastle.
- * Implementors should take care to ensure that they initialize their
- * implementation with a strong "master key", and that they protect this secret
- * as much as possible.
- * <P>
- * The main property controlling the selection of the implementation class is the
- * property {@code ESAPI.Encryptor} in {@code ESAPI.properties}. Most of the
- * the other encryption related properties have property names that start with
- * the string "Encryptor.". These properties all you to do things such as
- * select the encryption algorithms, the preferred JCE provider, etc.
- * </P><P>
- * In addition, there are two important properties (initially delivered as unset
- * from the ESAPI download) named {@code Encryptor.MasterKey} and
- * {@code Encryptor.MasterSalt} that must be set before using ESAPI encryption.
- * There is a <i>bash</i>(1) shell script provided with the standard ESAPI distribution
- * called 'setMasterKey.sh' that will assist you in setting these two properties. The
- * script is in 'src/examples/scripts/setMasterKey.sh'.
- * </P><P>
- * Possible future enhancements (depending on feedback) are discussed in
- * section 4 of
- * <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-crypto-design-goals.doc">
- * Design Goals in OWASP ESAPI Cryptography</a>.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html">User Guide for Symmetric Encryption in ESAPI 2.0</a>
- */
-public interface Encryptor {
-
-	/**
-	 * Returns a string representation of the hash of the provided plaintext and
-	 * salt. The salt helps to protect against a rainbow table attack by mixing
-	 * in some extra data with the plaintext. Some good choices for a salt might
-	 * be an account name or some other string that is known to the application
-	 * but not to an attacker.
-	 * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
-	 * this article</a> for more information about hashing as it pertains to password schemes.
-	 * 
-	 * @param plaintext
-	 * 		the plaintext String to encrypt
-	 * @param salt
-	 *      the salt to add to the plaintext String before hashing
-	 * 
-	 * @return 
-	 * 		the encrypted hash of 'plaintext' stored as a String
-	 * 
-	 * @throws EncryptionException
-	 *      if the specified hash algorithm could not be found or another problem exists with 
-	 *      the hashing of 'plaintext'
-	 */
-	String hash(String plaintext, String salt) throws EncryptionException;
-
-	/**
-	 * Returns a string representation of the hash of the provided plaintext and
-	 * salt. The salt helps to protect against a rainbow table attack by mixing
-	 * in some extra data with the plaintext. Some good choices for a salt might
-	 * be an account name or some other string that is known to the application
-	 * but not to an attacker. 
-	 * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
-	 * this article</a> for more information about hashing as it pertains to password schemes.
-	 * 
-	 * @param plaintext
-	 * 		the plaintext String to encrypt
-	 * @param salt
-	 *      the salt to add to the plaintext String before hashing
-	 * @param iterations
-	 *      the number of times to iterate the hash
-	 * 
-	 * @return 
-	 * 		the encrypted hash of 'plaintext' stored as a String
-	 * 
-	 * @throws EncryptionException
-	 *      if the specified hash algorithm could not be found or another problem exists with 
-	 *      the hashing of 'plaintext'
-	 */
-	String hash(String plaintext, String salt, int iterations) throws EncryptionException;
-	
-	/**
-	 * Encrypts the provided plaintext bytes using the cipher transformation
-	 * specified by the property <code>Encryptor.CipherTransformation</code>
-	 * and the <i>master encryption key</i> as specified by the property
-	 * {@code Encryptor.MasterKey} as defined in the <code>ESAPI.properties</code> file.
-	 * </p>
-	 * 
-	 * @param plaintext	The {@code PlainText} to be encrypted.
-	 * @return the {@code CipherText} object from which the raw ciphertext, the
-	 * 				IV, the cipher transformation, and many other aspects about
-	 * 				the encryption detail may be extracted.
-	 * @throws EncryptionException Thrown if something should go wrong such as
-	 * 				the JCE provider cannot be found, the cipher algorithm,
-	 * 				cipher mode, or padding scheme not being supported, specifying
-	 * 				an unsupported key size, specifying an IV of incorrect length,
-	 * 				etc.
-	 * @see #encrypt(SecretKey, PlainText)
-	 * @since 2.0
-	 */
-	 CipherText encrypt(PlainText plaintext) throws EncryptionException;
-
-
-	 /**
-	  * Encrypts the provided plaintext bytes using the cipher transformation
-	  * specified by the property <code>Encryptor.CipherTransformation</code>
-	  * as defined in the <code>ESAPI.properties</code> file and the
-	  * <i>specified secret key</i>.
-	  * </p><p>
-	  * This method is similar to {@link #encrypt(PlainText)} except that it
-	  * permits a specific {@code SecretKey} to be used for encryption.
-	  *
-	  * @param key		The {@code SecretKey} to use for encrypting the plaintext.
-	  * @param plaintext	The byte stream to be encrypted. Note if a Java
-	  * 				{@code String} is to be encrypted, it should be converted
-	  * 				using {@code "some string".getBytes("UTF-8")}.
-	  * @return the {@code CipherText} object from which the raw ciphertext, the
-	  * 				IV, the cipher transformation, and many other aspects about
-	  * 				the encryption detail may be extracted.
-	  * @throws EncryptionException Thrown if something should go wrong such as
-	  * 				the JCE provider cannot be found, the cipher algorithm,
-	  * 				cipher mode, or padding scheme not being supported, specifying
-	  * 				an unsupported key size, specifying an IV of incorrect length,
-	  * 				etc.
-	  * @see #encrypt(PlainText)
-	  * @since 2.0
-	  */
-	 CipherText encrypt(SecretKey key, PlainText plaintext)
-	 		throws EncryptionException;
-
-	/**
-	 * Decrypts the provided {@link CipherText} using the information from it
-	 * and the <i>master encryption key</i> as specified by the property
-	 * {@code Encryptor.MasterKey} as defined in the {@code ESAPI.properties}
-	 * file.
-	 * </p>
-	 * @param ciphertext The {@code CipherText} object to be decrypted.
-	 * @return The {@code PlainText} object resulting from decrypting the specified
-	 * 		   ciphertext. Note that it it is desired to convert the returned
-	 * 		   plaintext byte array to a Java String is should be done using
-	 * 		   {@code new String(byte[], "UTF-8");} rather than simply using
-	 * 		   {@code new String(byte[]);} which uses native encoding and may
-	 * 		   not be portable across hardware and/or OS platforms.
-	 * @throws EncryptionException  Thrown if something should go wrong such as
-	 * 				the JCE provider cannot be found, the cipher algorithm,
-	 * 				cipher mode, or padding scheme not being supported, specifying
-	 * 				an unsupported key size, or incorrect encryption key was
-	 * 				specified or a {@code PaddingException} occurs.
-	 * @see #decrypt(SecretKey, CipherText)
-	 */
-	PlainText decrypt(CipherText ciphertext) throws EncryptionException;
-	
-	/**
-	 * Decrypts the provided {@link CipherText} using the information from it
-	 * and the <i>specified secret key</i>.
-	 * </p><p>
-	 * This decrypt method is similar to {@link #decrypt(CipherText)} except that
-	 * it allows decrypting with a secret key other than the <i>master secret key</i>.
-	 * </p>
-	 * @param key		The {@code SecretKey} to use for encrypting the plaintext.
-	 * @param ciphertext The {@code CipherText} object to be decrypted.
-	 * @return The {@code PlainText} object resulting from decrypting the specified
-	 * 		   ciphertext. Note that it it is desired to convert the returned
-	 * 		   plaintext byte array to a Java String is should be done using
-	 * 		   {@code new String(byte[], "UTF-8");} rather than simply using
-	 * 		   {@code new String(byte[]);} which uses native encoding and may
-	 * 		   not be portable across hardware and/or OS platforms.
-	 * @throws EncryptionException  Thrown if something should go wrong such as
-	 * 				the JCE provider cannot be found, the cipher algorithm,
-	 * 				cipher mode, or padding scheme not being supported, specifying
-	 * 				an unsupported key size, or incorrect encryption key was
-	 * 				specified or a {@code PaddingException} occurs.
-	 * @see #decrypt(CipherText)
-	 */
-	PlainText decrypt(SecretKey key, CipherText ciphertext) throws EncryptionException;
-	
-	/**
-	 * Create a digital signature for the provided data and return it in a
-	 * string.
-	 * <p>
-	 * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
-	 * signatures with this method and {@link #verifySignature(String, String)}
-	 * are dynamically created when the default reference implementation class,
-	 * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
-	 * Because this key pair is not persisted nor is the public key shared,
-	 * this method and the corresponding {@link #verifySignature(String, String)}
-	 * can not be used with expected results across JVM instances. This limitation
-	 * will be addressed in ESAPI 2.1.
-	 * </p>
-	 * 
-	 * @param data
-	 *      the data to sign
-	 * 
-	 * @return 
-	 * 		the digital signature stored as a String
-	 * 
-	 * @throws EncryptionException
-	 * 		if the specified signature algorithm cannot be found
-	 */
-	String sign(String data) throws EncryptionException;
-
-	/**
-	 * Verifies a digital signature (created with the sign method) and returns
-	 * the boolean result.
-     * <p>
-     * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
-     * signatures with this method and {@link #sign(String)}
-     * are dynamically created when the default reference implementation class,
-     * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
-     * Because this key pair is not persisted nor is the public key shared,
-     * this method and the corresponding {@link #sign(String)}
-     * can not be used with expected results across JVM instances. This limitation
-     * will be addressed in ESAPI 2.1.
-     * </p>
-	 * @param signature
-	 *      the signature to verify against 'data'
-	 * @param data
-	 *      the data to verify against 'signature'
-	 * 
-	 * @return 
-	 * 		true, if the signature is verified, false otherwise
-	 * 
-	 */
-	boolean verifySignature(String signature, String data);
-
-	/**
-	 * Creates a seal that binds a set of data and includes an expiration timestamp.
-	 * 
-	 * @param data
-	 *      the data to seal
-	 * @param timestamp
-	 *      the absolute expiration date of the data, expressed as seconds since the epoch
-	 * 
-	 * @return 
-     * 		the seal
-     * @throws IntegrityException
-	 * 
-	 */
-	String seal(String data, long timestamp) throws IntegrityException;
-
-	/**
-	 * Unseals data (created with the seal method) and throws an exception
-	 * describing any of the various problems that could exist with a seal, such
-	 * as an invalid seal format, expired timestamp, or decryption error.
-	 * 
-	 * @param seal
-	 *      the sealed data
-	 * 
-	 * @return 
-	 * 		the original (unsealed) data
-	 * 
-	 * @throws EncryptionException 
-	 * 		if the unsealed data cannot be retrieved for any reason
-	 */
-	String unseal( String seal ) throws EncryptionException;
-	
-	/**
-	 * Verifies a seal (created with the seal method) and throws an exception
-	 * describing any of the various problems that could exist with a seal, such
-	 * as an invalid seal format, expired timestamp, or data mismatch.
-	 * 
-	 * @param seal
-	 *      the seal to verify
-	 * 
-	 * @return 
-	 * 		true, if the seal is valid.  False otherwise
-	 */
-	boolean verifySeal(String seal);
-	
-	/**
-	 * Gets an absolute timestamp representing an offset from the current time to be used by
-	 * other functions in the library.
-	 * 
-	 * @param offset 
-	 * 		the offset to add to the current time
-	 * 
-	 * @return 
-	 * 		the absolute timestamp
-	 */
-	public long getRelativeTimeStamp( long offset );
-	
-	
-	/**
-	 * Gets a timestamp representing the current date and time to be used by
-	 * other functions in the library.
-	 * 
-	 * @return 
-	 * 		a timestamp representing the current time
-	 */
-	long getTimeStamp();
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright &copy; 2007-2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import javax.crypto.SecretKey;
+
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.IntegrityException;
+
+
+/**
+ * The Encryptor interface provides a set of methods for performing common
+ * encryption, random number, and hashing operations. Implementations should
+ * rely on a strong cryptographic implementation, such as JCE or BouncyCastle.
+ * Implementors should take care to ensure that they initialize their
+ * implementation with a strong "master key", and that they protect this secret
+ * as much as possible.
+ * <P>
+ * The main property controlling the selection of the implementation class is the
+ * property {@code ESAPI.Encryptor} in {@code ESAPI.properties}. Most of the
+ * the other encryption related properties have property names that start with
+ * the string "Encryptor.". These properties all you to do things such as
+ * select the encryption algorithms, the preferred JCE provider, etc.
+ * </P><P>
+ * In addition, there are two important properties (initially delivered as unset
+ * from the ESAPI download) named {@code Encryptor.MasterKey} and
+ * {@code Encryptor.MasterSalt} that must be set before using ESAPI encryption.
+ * There is a <i>bash</i>(1) shell script provided with the standard ESAPI distribution
+ * called 'setMasterKey.sh' that will assist you in setting these two properties. The
+ * script is in 'src/examples/scripts/setMasterKey.sh'.
+ * </P><P>
+ * Possible future enhancements (depending on feedback) are discussed in
+ * section 4 of
+ * <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-crypto-design-goals.doc">
+ * Design Goals in OWASP ESAPI Cryptography</a>.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html">User Guide for Symmetric Encryption in ESAPI 2.0</a>
+ */
+public interface Encryptor {
+
+    /**
+     * Returns a string representation of the hash of the provided plaintext and
+     * salt. The salt helps to protect against a rainbow table attack by mixing
+     * in some extra data with the plaintext. Some good choices for a salt might
+     * be an account name or some other string that is known to the application
+     * but not to an attacker.
+     * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
+     * this article</a> for more information about hashing as it pertains to password schemes.
+     *
+     * @param plaintext
+     *         the plaintext String to encrypt
+     * @param salt
+     *      the salt to add to the plaintext String before hashing
+     *
+     * @return
+     *         the encrypted hash of 'plaintext' stored as a String
+     *
+     * @throws EncryptionException
+     *      if the specified hash algorithm could not be found or another problem exists with
+     *      the hashing of 'plaintext'
+     */
+    String hash(String plaintext, String salt) throws EncryptionException;
+
+    /**
+     * Returns a string representation of the hash of the provided plaintext and
+     * salt. The salt helps to protect against a rainbow table attack by mixing
+     * in some extra data with the plaintext. Some good choices for a salt might
+     * be an account name or some other string that is known to the application
+     * but not to an attacker.
+     * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
+     * this article</a> for more information about hashing as it pertains to password schemes.
+     *
+     * @param plaintext
+     *         the plaintext String to encrypt
+     * @param salt
+     *      the salt to add to the plaintext String before hashing
+     * @param iterations
+     *      the number of times to iterate the hash
+     *
+     * @return
+     *         the encrypted hash of 'plaintext' stored as a String
+     *
+     * @throws EncryptionException
+     *      if the specified hash algorithm could not be found or another problem exists with
+     *      the hashing of 'plaintext'
+     */
+    String hash(String plaintext, String salt, int iterations) throws EncryptionException;
+
+    /**
+     * Encrypts the provided plaintext bytes using the cipher transformation
+     * specified by the property <code>Encryptor.CipherTransformation</code>
+     * and the <i>master encryption key</i> as specified by the property
+     * {@code Encryptor.MasterKey} as defined in the <code>ESAPI.properties</code> file.
+     * </p>
+     *
+     * @param plaintext    The {@code PlainText} to be encrypted.
+     * @return the {@code CipherText} object from which the raw ciphertext, the
+     *                 IV, the cipher transformation, and many other aspects about
+     *                 the encryption detail may be extracted.
+     * @throws EncryptionException Thrown if something should go wrong such as
+     *                 the JCE provider cannot be found, the cipher algorithm,
+     *                 cipher mode, or padding scheme not being supported, specifying
+     *                 an unsupported key size, specifying an IV of incorrect length,
+     *                 etc.
+     * @see #encrypt(SecretKey, PlainText)
+     * @since 2.0
+     */
+     CipherText encrypt(PlainText plaintext) throws EncryptionException;
+
+
+     /**
+      * Encrypts the provided plaintext bytes using the cipher transformation
+      * specified by the property <code>Encryptor.CipherTransformation</code>
+      * as defined in the <code>ESAPI.properties</code> file and the
+      * <i>specified secret key</i>.
+      * </p><p>
+      * This method is similar to {@link #encrypt(PlainText)} except that it
+      * permits a specific {@code SecretKey} to be used for encryption.
+      *
+      * @param key        The {@code SecretKey} to use for encrypting the plaintext.
+      * @param plaintext    The byte stream to be encrypted. Note if a Java
+      *                 {@code String} is to be encrypted, it should be converted
+      *                 using {@code "some string".getBytes("UTF-8")}.
+      * @return the {@code CipherText} object from which the raw ciphertext, the
+      *                 IV, the cipher transformation, and many other aspects about
+      *                 the encryption detail may be extracted.
+      * @throws EncryptionException Thrown if something should go wrong such as
+      *                 the JCE provider cannot be found, the cipher algorithm,
+      *                 cipher mode, or padding scheme not being supported, specifying
+      *                 an unsupported key size, specifying an IV of incorrect length,
+      *                 etc.
+      * @see #encrypt(PlainText)
+      * @since 2.0
+      */
+     CipherText encrypt(SecretKey key, PlainText plaintext)
+             throws EncryptionException;
+
+    /**
+     * Decrypts the provided {@link CipherText} using the information from it
+     * and the <i>master encryption key</i> as specified by the property
+     * {@code Encryptor.MasterKey} as defined in the {@code ESAPI.properties}
+     * file.
+     * </p>
+     * @param ciphertext The {@code CipherText} object to be decrypted.
+     * @return The {@code PlainText} object resulting from decrypting the specified
+     *            ciphertext. Note that if it is desired to convert the returned
+     *            plaintext byte array to a Java String it should be done using
+     *            {@code new String(byte[], "UTF-8");} rather than simply using
+     *            {@code new String(byte[]);} which uses native encoding and may
+     *            not be portable across hardware and/or OS platforms.
+     * @throws EncryptionException  Thrown if something should go wrong such as
+     *                 the JCE provider cannot be found, the cipher algorithm,
+     *                 cipher mode, or padding scheme not being supported, specifying
+     *                 an unsupported key size, or incorrect encryption key was
+     *                 specified or a {@code PaddingException} occurs.
+     * @see #decrypt(SecretKey, CipherText)
+     */
+    PlainText decrypt(CipherText ciphertext) throws EncryptionException;
+
+    /**
+     * Decrypts the provided {@link CipherText} using the information from it
+     * and the <i>specified secret key</i>.
+     * </p><p>
+     * This decrypt method is similar to {@link #decrypt(CipherText)} except that
+     * it allows decrypting with a secret key other than the <i>master secret key</i>.
+     * </p>
+     * @param key        The {@code SecretKey} to use for encrypting the plaintext.
+     * @param ciphertext The {@code CipherText} object to be decrypted.
+     * @return The {@code PlainText} object resulting from decrypting the specified
+     *            ciphertext. Note that if it is desired to convert the returned
+     *            plaintext byte array to a Java String it should be done using
+     *            {@code new String(byte[], "UTF-8");} rather than simply using
+     *            {@code new String(byte[]);} which uses native encoding and may
+     *            not be portable across hardware and/or OS platforms.
+     * @throws EncryptionException  Thrown if something should go wrong such as
+     *                 the JCE provider cannot be found, the cipher algorithm,
+     *                 cipher mode, or padding scheme not being supported, specifying
+     *                 an unsupported key size, or incorrect encryption key was
+     *                 specified or a {@code PaddingException} occurs.
+     * @see #decrypt(CipherText)
+     */
+    PlainText decrypt(SecretKey key, CipherText ciphertext) throws EncryptionException;
+
+    /**
+     * Create a digital signature for the provided data and return it in a
+     * string.
+     * <p>
+     * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
+     * signatures with this method and {@link #verifySignature(String, String)}
+     * are dynamically created when the default reference implementation class,
+     * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
+     * Because this key pair is not persisted nor is the public key shared,
+     * this method and the corresponding {@link #verifySignature(String, String)}
+     * can not be used with expected results across JVM instances. This limitation
+     * will be addressed in ESAPI 2.1.
+     * </p>
+     *
+     * @param data
+     *      the data to sign
+     *
+     * @return
+     *         the digital signature stored as a String
+     *
+     * @throws EncryptionException
+     *         if the specified signature algorithm cannot be found
+     */
+    String sign(String data) throws EncryptionException;
+
+    /**
+     * Verifies a digital signature (created with the sign method) and returns
+     * the boolean result.
+     * <p>
+     * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
+     * signatures with this method and {@link #sign(String)}
+     * are dynamically created when the default reference implementation class,
+     * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
+     * Because this key pair is not persisted nor is the public key shared,
+     * this method and the corresponding {@link #sign(String)}
+     * can not be used with expected results across JVM instances. This limitation
+     * will be addressed in ESAPI 2.1.
+     * </p>
+     * @param signature
+     *      the signature to verify against 'data'
+     * @param data
+     *      the data to verify against 'signature'
+     *
+     * @return
+     *         true, if the signature is verified, false otherwise
+     */
+    boolean verifySignature(String signature, String data);
+
+    /**
+     * Creates a seal that binds a set of data and includes an expiration timestamp.
+     *
+     * @param data
+     *      the data to seal
+     * @param timestamp
+     *      the absolute expiration date of the data, expressed as seconds since the epoch
+     *
+     * @return
+     *         the seal
+     *
+     * @throws IntegrityException
+     */
+    String seal(String data, long timestamp) throws IntegrityException;
+
+    /**
+     * Unseals data (created with the seal method) and throws an exception
+     * describing any of the various problems that could exist with a seal, such
+     * as an invalid seal format, expired timestamp, or decryption error.
+     *
+     * @param seal
+     *      the sealed data
+     *
+     * @return
+     *         the original (unsealed) data
+     *
+     * @throws EncryptionException
+     *         if the unsealed data cannot be retrieved for any reason
+     */
+    String unseal( String seal ) throws EncryptionException;
+
+    /**
+     * Verifies a seal (created with the seal method) and throws an exception
+     * describing any of the various problems that could exist with a seal, such
+     * as an invalid seal format, expired timestamp, or data mismatch.
+     *
+     * @param seal
+     *      the seal to verify
+     *
+     * @return
+     *         true, if the seal is valid.  False otherwise
+     */
+    boolean verifySeal(String seal);
+
+    /**
+     * Gets an absolute timestamp representing an offset from the current time to be used by
+     * other functions in the library.
+     *
+     * @param offset
+     *         the offset to add to the current time
+     *
+     * @return
+     *         the absolute timestamp
+     */
+    long getRelativeTimeStamp( long offset );
+
+    /**
+     * Gets a timestamp representing the current date and time to be used by
+     * other functions in the library.
+     *
+     * @return
+     *         a timestamp representing the current time
+     */
+    long getTimeStamp();
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/ExecuteResult.java b/src/main/java/org/owasp/esapi/ExecuteResult.java
index e9835e300..6887b80c1 100644
--- a/src/main/java/org/owasp/esapi/ExecuteResult.java
+++ b/src/main/java/org/owasp/esapi/ExecuteResult.java
@@ -25,51 +25,51 @@
  * @since Aug 25, 2010
  */
 public class ExecuteResult {
-    
-	private final int exitValue;
-	private final String output;
-	private final String errors;
 
-	/**
-	 * Constructs an ExecuteResult from the given values.
-	 *
-	 * @param exitValue
-	 *            the code from java.lang.Process.exitValue()
-	 * @param output
-	 *            the contents read from java.lang.Process.getInputStream()
-	 * @param errors
-	 *            the contents read from java.lang.Process.getErrorStream()
-	 */
-	public ExecuteResult(int exitValue, String output, String errors) {
-		this.exitValue = exitValue;
-		this.output = output;
-		this.errors = errors;
-	}
+    private final int exitValue;
+    private final String output;
+    private final String errors;
 
-	/**
-	 * @return the code from java.lang.Process.exitValue()
-	 */
-	public int getExitValue() {
-		return exitValue;
-	}
+    /**
+     * Constructs an ExecuteResult from the given values.
+     *
+     * @param exitValue
+     *            the code from java.lang.Process.exitValue()
+     * @param output
+     *            the contents read from java.lang.Process.getInputStream()
+     * @param errors
+     *            the contents read from java.lang.Process.getErrorStream()
+     */
+    public ExecuteResult(int exitValue, String output, String errors) {
+        this.exitValue = exitValue;
+        this.output = output;
+        this.errors = errors;
+    }
 
-	/**
-	 * @return the contents read from java.lang.Process.getInputStream()
-	 */
-	public String getOutput() {
-		return output;
-	}
+    /**
+     * @return the code from java.lang.Process.exitValue()
+     */
+    public int getExitValue() {
+        return exitValue;
+    }
 
-	/**
-	 * @return the contents read from java.lang.Process.getErrorStream()
-	 */
-	public String getErrors() {
-		return errors;
-	}
-	
-	@Override
-	public String toString() {
-		return "ExecuteResult[exitValue="+exitValue+",output="+output+",errors="+errors+"]";
-	}
+    /**
+     * @return the contents read from java.lang.Process.getInputStream()
+     */
+    public String getOutput() {
+        return output;
+    }
+
+    /**
+     * @return the contents read from java.lang.Process.getErrorStream()
+     */
+    public String getErrors() {
+        return errors;
+    }
+
+    @Override
+    public String toString() {
+        return "ExecuteResult[exitValue="+exitValue+",output="+output+",errors="+errors+"]";
+    }
 
 }
diff --git a/src/main/java/org/owasp/esapi/Executor.java b/src/main/java/org/owasp/esapi/Executor.java
index 6286741ed..122dcdb94 100644
--- a/src/main/java/org/owasp/esapi/Executor.java
+++ b/src/main/java/org/owasp/esapi/Executor.java
@@ -1,78 +1,78 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.File;
-import java.util.List;
-
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.errors.ExecutorException;
-
-/**
- * The Executor interface is used to run an OS command with reduced security risk.
- * 
- * <p>Implementations should do as much as possible to minimize the risk of
- * injection into either the command or parameters. In addition, implementations
- * should timeout after a specified time period in order to help prevent denial
- * of service attacks.</p> 
- * 
- * <p>The class should perform logging and error handling as
- * well. Finally, implementation should handle errors and generate an
- * ExecutorException with all the necessary information.</p>
- *
- * <p>The reference implementation does all of the above.</p>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Executor {
-
-	/**
-	 * Invokes the specified executable with default workdir and codec and not logging parameters.
-	 * 
-	 * @param executable
-	 *            the command to execute
-	 * @param params
-	 *            the parameters of the command being executed
-	 */
-	ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException;
-
-	/**
-	 * Executes a system command after checking that the executable exists and
-	 * escaping all the parameters to ensure that injection is impossible.
-	 * Implementations must change to the specified working
-	 * directory before invoking the command.
-	 *
-	 * @param executable
-	 *            the command to execute
-	 * @param params
-	 *            the parameters of the command being executed
-	 * @param workdir
-	 *            the working directory
-	 * @param codec
-	 *            the codec to use to encode for the particular OS in use
-	 * @param logParams
-	 *            use false if any parameters contains sensitive or confidential information
-	 *
-	 * @return the output of the command being run
-	 *
-	 * @throws ExecutorException
-	 *             the service exception
-	 */
-	ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException;
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.File;
+import java.util.List;
+
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.errors.ExecutorException;
+
+/**
+ * The Executor interface is used to run an OS command with reduced security risk.
+ *
+ * <p>Implementations should do as much as possible to minimize the risk of
+ * injection into either the command or parameters. In addition, implementations
+ * should timeout after a specified time period in order to help prevent denial
+ * of service attacks.</p>
+ *
+ * <p>The class should perform logging and error handling as
+ * well. Finally, implementation should handle errors and generate an
+ * ExecutorException with all the necessary information.</p>
+ *
+ * <p>The reference implementation does all of the above.</p>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Executor {
+
+    /**
+     * Invokes the specified executable with default workdir and codec and not logging parameters.
+     *
+     * @param executable
+     *            the command to execute
+     * @param params
+     *            the parameters of the command being executed
+     */
+    ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException;
+
+    /**
+     * Executes a system command after checking that the executable exists and
+     * escaping all the parameters to ensure that injection is impossible.
+     * Implementations must change to the specified working
+     * directory before invoking the command.
+     *
+     * @param executable
+     *            the command to execute
+     * @param params
+     *            the parameters of the command being executed
+     * @param workdir
+     *            the working directory
+     * @param codec
+     *            the codec to use to encode for the particular OS in use
+     * @param logParams
+     *            use false if any parameters contains sensitive or confidential information
+     *
+     * @return the output of the command being run
+     *
+     * @throws ExecutorException
+     *             the service exception
+     */
+    ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException;
+
+}
diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
index 77fcd8284..582f1a1b7 100644
--- a/src/main/java/org/owasp/esapi/HTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -1,649 +1,750 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.*;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
-
-/**
- * The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
- * responses, sessions, cookies, headers, and logging.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface HTTPUtilities
-{
-
-    final static String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
-    final static int MAX_COOKIE_LEN = 4096;            // From RFC 2109
-	final static int MAX_COOKIE_PAIRS = 20;			// From RFC 2109
-	final static String CSRF_TOKEN_NAME = "ctoken";
-	final static String ESAPI_STATE = "estate";
-
-	final static int PARAMETER = 0;
-	final static int HEADER = 1;
-	final static int COOKIE = 2;
-
-
-	/**
-     * Calls addCookie with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-    void addCookie(Cookie cookie);
-
-	/**
-     * Add a cookie to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This method also sets
-     * the secure and HttpOnly flags on the cookie.
-     *
-     * @param cookie
-     */
-    void addCookie(HttpServletResponse response, Cookie cookie);
-
-	/**
-     * Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
-     * This method should be used on all URLs to be put into all links and forms the application generates.
-     *
-     * @param href the URL to which the CSRF token will be appended
-     * @return the updated URL with the CSRF token parameter added
-     */
-    String addCSRFToken(String href);
-
-    /**
-     * Calls addHeader with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-    void addHeader(String name, String value);
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This implementation
-     * follows the following recommendation: "A recipient MAY replace any linear
-     * white space with a single SP before interpreting the field value or
-     * forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     *
-     * @param name
-     * @param value
-     */
-    void addHeader(HttpServletResponse response, String name, String value);
-
-	/**
-     * Calls assertSecureRequest with the *current* request.
-	 * @see {@link HTTPUtilities#assertSecureRequest(HttpServletRequest)}
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void assertSecureRequest() throws AccessControlException;
-
-	/**
-     * Calls assertSecureChannel with the *current* request.
-	 * @see {@link HTTPUtilities#assertSecureChannel(HttpServletRequest)}
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void assertSecureChannel() throws AccessControlException;
-
-	/**
-	 * Ensures that the request uses both SSL and POST to protect any sensitive parameters
-	 * in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
-	 * This method should be called for any request that contains sensitive data from a web form.
-     *
-     * @param request
-     * @throws AccessControlException if security constraints are not met
-	 */
-    void assertSecureRequest(HttpServletRequest request) throws AccessControlException;
-
-	/**
-	 * Ensures the use of SSL to protect any sensitive parameters in the request and
-	 * any sensitive data in the response. This method should be called for any request
-	 * that contains sensitive data from a web form or will result in sensitive data in the
-	 * response page.
-     *
-     * @param request
-     * @throws AccessControlException if security constraints are not met
-	 */
-    void assertSecureChannel(HttpServletRequest request) throws AccessControlException;
-
-	/**
-     * Calls changeSessionIdentifier with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-	HttpSession changeSessionIdentifier() throws AuthenticationException;
-
-	/**
-     * Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
-     * Note that this is different from logging out and creating a new session identifier that does not contain the
-     * existing session contents. Care should be taken to use this only when the existing session does not contain
-     * hazardous contents.
-     *
-     * @param request
-     * @return the new HttpSession with a changed id
-     * @throws AuthenticationException the exception
-     */
-    HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException;
-
-    /**
-	 * Clears the current HttpRequest and HttpResponse associated with the current thread.
-     *
-	 * @see ESAPI#clearCurrent()
-	 */
-    void clearCurrent();
-
-    /**
-	 * Decrypts an encrypted hidden field value and returns the cleartext. If the field does not decrypt properly,
-	 * an IntrusionException is thrown to indicate tampering.
-     *
-	 * @param encrypted hidden field value to decrypt
-	 * @return decrypted hidden field value stored as a String
-	 */
-	String decryptHiddenField(String encrypted);
-
-    /**
-	 * Takes an encrypted querystring and returns a Map containing the original parameters.
-     *
-	 * @param encrypted the encrypted querystring to decrypt
-	 * @return a Map object containing the decrypted querystring
-	 * @throws EncryptionException
-	 */
-    Map<String, String> decryptQueryString(String encrypted) throws EncryptionException;
-
-    /**
-     * Calls decryptStateFromCookie with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-    Map<String, String> decryptStateFromCookie() throws EncryptionException;
-
-    /**
-     * Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
-     *
-     * @param request
-     * @return a map containing the decrypted cookie state value
-	 * @throws EncryptionException
-     */
-    Map<String, String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException;
-
-    /**
-     * Encrypts a hidden field value for use in HTML.
-     *
-     * @param value the cleartext value of the hidden field
-     * @return the encrypted value of the hidden field
-     * @throws EncryptionException
-     */
-	String encryptHiddenField(String value) throws EncryptionException;
-
-	/**
-	 * Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
-     *
-	 * @param query the querystring to encrypt
-	 * @return encrypted querystring stored as a String
-	 * @throws EncryptionException
-	 */
-	String encryptQueryString(String query) throws EncryptionException;
-
-	/**
-	 * Calls encryptStateInCookie with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void encryptStateInCookie(Map<String, String> cleartext) throws EncryptionException;
-
-    /**
-     * Stores a Map of data in an encrypted cookie. Generally the session is a better
-     * place to store state information, as it does not expose it to the user at all.
-     * If there is a requirement not to use sessions, or the data should be stored
-     * across sessions (for a long time), the use of encrypted cookies is an effective
-     * way to prevent the exposure.
-     *
-     * @param response
-     * @param cleartext
-     * @throws EncryptionException
-     */
-    void encryptStateInCookie(HttpServletResponse response, Map<String, String> cleartext) throws EncryptionException;
-
-    /**
-	 * Calls getCookie with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	String getCookie(String name) throws ValidationException;
-
-	/**
-     * A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
-     * value of the named cookie after "global" validation against the
-     * general type defined in ESAPI.properties. This should not be considered a replacement for
-     * more specific validation.
-     *
-     * @param request
-     * @param name
-     * @return the requested cookie value
-     */
-	String getCookie(HttpServletRequest request, String name) throws ValidationException;
-
-    /**
-     * Returns the current user's CSRF token. If there is no current user then return null.
-     *
-     * @return the current users CSRF token
-     */
-    String getCSRFToken();
-
-	/**
-     * Retrieves the current HttpServletRequest
-     *
-     * @return the current request
-     */
-    HttpServletRequest getCurrentRequest();
-
-	/**
-     * Retrieves the current HttpServletResponse
-     *
-     * @return the current response
-     */
-    HttpServletResponse getCurrentResponse();
-
-	/**
-	 * Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	List getFileUploads() throws ValidationException;
-
-    /**
-	 * Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
-	 */
-	List getFileUploads(HttpServletRequest request) throws ValidationException;
-
-    /**
-	 * Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
-	 */
-    List getFileUploads(HttpServletRequest request, File finalDir) throws ValidationException;
-
-
-    /**
-     * Extract uploaded files from a multipart HTTP requests. Implementations must check the content to ensure that it
-     * is safe before making a permanent copy on the local filesystem. Checks should include length and content checks,
-     * possibly virus checking, and path and name checks. Refer to the file checking methods in Validator for more
-     * information.
-     * <p/>
-	 * This method uses {@link HTTPUtilities#getCurrentRequest()} to obtain the {@link HttpServletRequest} object
-     *
-     * @param request
-     * @return List of new File objects from upload
-     * @throws ValidationException if the file fails validation
-     */
-    List getFileUploads(HttpServletRequest request, File destinationDir, List allowedExtensions) throws ValidationException;
-
-
-	/**
-	 * Calls getHeader with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	String getHeader(String name) throws ValidationException;
-
-    /**
-     * A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
-     * value of the named header after "global" validation against the
-     * general type defined in ESAPI.properties. This should not be considered a replacement for
-     * more specific validation.
-     *
-     * @param request
-     * @param name
-     * @return the requested header value
-     */
-	String getHeader(HttpServletRequest request, String name) throws ValidationException;
-
-	/**
-	 * Calls getParameter with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	String getParameter(String name) throws ValidationException;
-
-    /**
-     * A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
-     * value of the named parameter after "global" validation against the
-     * general type defined in ESAPI.properties. This should not be considered a replacement for
-     * more specific validation.
-     *
-     * @param request
-     * @param name
-     * @return the requested parameter value
-     */
-    String getParameter(HttpServletRequest request, String name) throws ValidationException;
-
-	/**
-	 * Calls killAllCookies with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void killAllCookies();
-
-    /**
-     * Kill all cookies received in the last request from the browser. Note that new cookies set by the application in
-     * this response may not be killed by this method.
-     *
-     * @param request
-     * @param response
-     */
-    void killAllCookies(HttpServletRequest request, HttpServletResponse response);
-
-	/**
-	 * Calls killCookie with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void killCookie(String name);
-
-    /**
-     * Kills the specified cookie by setting a new cookie that expires immediately. Note that this
-     * method does not delete new cookies that are being set by the application for this response.
-     *
-     * @param request
-     * @param name
-     * @param response
-     */
-    void killCookie(HttpServletRequest request, HttpServletResponse response, String name);
-
-	/**
-	 * Calls logHTTPRequest with the *current* request and logger.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void logHTTPRequest();
-
-    /**
-     * Format the Source IP address, URL, URL parameters, and all form
-     * parameters into a string suitable for the log file. Be careful not
-     * to log sensitive information, and consider masking with the
-     * logHTTPRequest( List parameterNamesToObfuscate ) method.
-     *
-     * @param request
-     * @param logger the logger to write the request to
-     */
-    void logHTTPRequest(HttpServletRequest request, Logger logger);
-
-    /**
-     * Format the Source IP address, URL, URL parameters, and all form
-     * parameters into a string suitable for the log file. The list of parameters to
-     * obfuscate should be specified in order to prevent sensitive information
-     * from being logged. If a null list is provided, then all parameters will
-     * be logged. If HTTP request logging is done in a central place, the
-     * parameterNamesToObfuscate could be made a configuration parameter. We
-     * include it here in case different parts of the application need to obfuscate
-     * different parameters.
-     *
-     * @param request
-     * @param logger the logger to write the request to
-     * @param parameterNamesToObfuscate the sensitive parameters
-     */
-    void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate);
-
-	/**
-	 * Calls sendForward with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void sendForward(String location) throws AccessControlException, ServletException, IOException;
-
-    /**
-     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
-     * publicly accessible resources can be dangerous, as the request will have already passed the URL
-     * based access control check. This method ensures that you can only forward to non-publicly
-     * accessible resources.
-     *
-     * @param request
-     * @param response
-     * @param location the URL to forward to, including parameters
-     * @throws AccessControlException
-     * @throws ServletException
-     * @throws IOException
-     */
-    void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException, ServletException, IOException;
-
-
-	/**
-	 * Calls sendRedirect with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void sendRedirect(String location) throws AccessControlException, IOException;
-
-
-    /**
-     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
-     * publicly accessible resources can be dangerous, as the request will have already passed the URL
-     * based access control check. This method ensures that you can only forward to non-publicly
-     * accessible resources.
-     *
-     * @param response
-     * @param location the URL to forward to, including parameters
-     * @throws AccessControlException
-     * @throws ServletException
-     * @throws IOException
-     */
-    void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException;
-
-	/**
-	 * Calls setContentType with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void setContentType();
-
-     /**
-	 * Set the content type character encoding header on every HttpServletResponse in order to limit
-	 * the ways in which the input data can be represented. This prevents
-	 * malicious users from using encoding and multi-byte escape sequences to
-	 * bypass input validation routines.
-     * <p/>
-	 * Implementations of this method should set the content type header to a safe value for your environment.
-     * The default is text/html; charset=UTF-8 character encoding, which is the default in early
-	 * versions of HTML and HTTP. See RFC 2047 (http://ds.internic.net/rfc/rfc2045.txt) for more
-	 * information about character encoding and MIME.
-     * <p/>
-	 * The DefaultHTTPUtilities reference implementation sets the content type as specified.
-     *
-     * @param response The servlet response to set the content type for.
-     */
-    void setContentType(HttpServletResponse response);
-
-    /**
-     * Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout
-     * ESAPI (and elsewhere)
-     *
-     * @param request  the current request
-     * @param response the current response
-     */
-    void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response);
-
-
-	/**
-	 * Calls setHeader with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void setHeader(String name, String value);
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and value. "A recipient MAY replace any
-     * linear white space with a single SP before interpreting the field value
-     * or forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     *
-     * @param name
-     * @param value
-     */
-    void setHeader(HttpServletResponse response, String name, String value);
-
-
-	/**
-	 * Calls setNoCacheHeaders with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void setNoCacheHeaders();
-
-
-    /**
-     * Set headers to protect sensitive information against being cached in the browser. Developers should make this
-     * call for any HTTP responses that contain any sensitive data that should not be cached within the browser or any
-     * intermediate proxies or caches. Implementations should set headers for the expected browsers. The safest approach
-     * is to set all relevant headers to their most restrictive setting. These include:
-     * <p/>
-     * <PRE>
-     * Cache-Control: no-store<BR>
-     * Cache-Control: no-cache<BR>
-     * Cache-Control: must-revalidate<BR>
-     * Expires: -1<BR>
-     * </PRE>
-     * <p/>
-     * Note that the header "pragma: no-cache" is intended only for use in HTTP requests, not HTTP responses. However, Microsoft has chosen to
-     * directly violate the standards, so we need to include that header here. For more information, please refer to the relevant standards:
-     * <UL>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1">HTTP/1.1 Cache-Control "no-cache"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2">HTTP/1.1 Cache-Control "no-store"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32">HTTP/1.0 Pragma "no-cache"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21">HTTP/1.0 Expires</a>
-     * <LI><a href="http://support.microsoft.com/kb/937479">IE6 Caching Issues</a>
-     * <LI><a href="http://support.microsoft.com/kb/234067">Microsoft directly violates specification for pragma: no-cache</a>
-     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences#Cache">Firefox browser.cache.disk_cache_ssl</a>
-     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences">Mozilla</a>
-     * </UL>
-     *
-     * @param response
-     */
-    void setNoCacheHeaders(HttpServletResponse response);
-
-	/**
-	 * Calls setNoCacheHeaders with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    String setRememberToken(String password, int maxAge, String domain, String path);
-
-
-    /**
-	 * Set a cookie containing the current User's remember me token for automatic authentication. The use of remember me tokens
-	 * is generally not recommended, but this method will help do it as safely as possible. The user interface should strongly warn
-     * the user that this should only be enabled on computers where no other users will have access.
-     * <p/>
-     * Implementations should save the user's remember me data in an encrypted cookie and send it to the user.
-     * Any old remember me cookie should be destroyed first. Setting this cookie should keep the user
-	 * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
-	 * If the cookie exists for the current user, it should automatically be used by ESAPI to
-     * log the user in, if the data is valid and not expired.
-     * <p/>
-	 * The ESAPI reference implementation, DefaultHTTPUtilities.setRememberToken() implements all these suggestions.
-     * <p/>
-     * The username can be retrieved with: User username = ESAPI.authenticator().getCurrentUser();
-     *
-     * @param request
-     * @param password the user's password
-     * @param response
-     * @param maxAge the length of time that the token should be valid for in relative seconds
-	 * @param domain the domain to restrict the token to or null
-	 * @param path the path to restrict the token to or null
-	 * @return encrypted "Remember Me" token stored as a String
-	 */
-    String setRememberToken(HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path);
-
-
-	/**
-	 * Calls verifyCSRFToken with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void verifyCSRFToken();
-
-    /**
-     * Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and
-	 * throws an IntrusionException if it is missing.
-     *
-     * @param request
-     * @throws IntrusionException if CSRF token is missing or incorrect
-	 */
-    void verifyCSRFToken(HttpServletRequest request) throws IntrusionException;
-
-   /**
-    * Gets a typed attribute from the session associated with the calling thread. If the
-    * object referenced by the passed in key is not of the implied type, a ClassCastException
-    * will be thrown to the calling code.
-    *
-    * @param    key
-    *           The key that references the session attribute
-    * @param    <T>
-    *           The implied type of object expected.
-    * @return
-    *           The requested object.
-    * @see      #getSessionAttribute(javax.servlet.http.HttpSession, String)
-    */
-    <T> T getSessionAttribute( String key );
-
-    /**
-     * Gets a typed attribute from the passed in session. This method has the same
-     * responsibility as {link #getSessionAttribute(String} however only it references
-     * the passed in session and thus performs slightly better since it does not need
-     * to return to the Thread to get the {@link HttpSession} associated with the current
-     * thread.
-     *
-     * @param session
-     *          The session to retrieve the attribute from
-     * @param key
-     *          The key that references the requested object
-     * @param <T>
-     *          The implied type of object expected
-     * @return  The requested object
-     */
-    <T> T getSessionAttribute( HttpSession session, String key );
-
-    /**
-     * Gets a typed attribute from the {@link HttpServletRequest} associated
-     * with the caller thread. If the attribute on the request is not of the implied
-     * type, a ClassCastException will be thrown back to the caller.
-     *
-     * @param key The key that references the request attribute.
-     * @param <T> The implied type of the object expected
-     * @return The requested object
-     */
-    <T> T getRequestAttribute( String key );
-
-    /**
-     * Gets a typed attribute from the {@link HttpServletRequest} associated
-     * with the passed in request. If the attribute on the request is not of the implied
-     * type, a ClassCastException will be thrown back to the caller.
-     *
-     * @param request The request to retrieve the attribute from
-     * @param key The key that references the request attribute.
-     * @param <T> The implied type of the object expected
-     * @return The requested object
-     */
-    <T> T getRequestAttribute( HttpServletRequest request, String key );
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007-2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.*;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
+ * responses, sessions, cookies, headers, and logging.
+ * </p><p>
+ * <b>Note:</b> This most of the methods in this interface NOT compatible with the Jakarta Servlet API Spec 5.0 or later, which
+ * uses the jakarta.servlet package namespace rather than the javax.servlet package namespace. For further details,
+ * please see the GitHub Discussion issue
+ * <a href="https://github.com/ESAPI/esapi-java-legacy/discussions/768">Add support for Jakarta Servlet API Specification #768</a>.
+ * </p>
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface HTTPUtilities
+{
+    // All implied static final as this is an interface
+    String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
+    int MAX_COOKIE_LEN = 4096;            // From RFC 2109
+    int MAX_COOKIE_PAIRS = 20;            // From RFC 2109
+    String CSRF_TOKEN_NAME = "ctoken";
+    String ESAPI_STATE = "estate";
+
+    int PARAMETER = 0;
+    int HEADER = 1;
+    int COOKIE = 2;
+
+    /**
+     * Calls addCookie with the *current* request.
+     *
+     * @param cookie The cookie to add
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void addCookie(Cookie cookie);
+
+    /**
+     * Add a cookie to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This method also sets
+     * the secure and HttpOnly flags on the cookie.
+     *
+     * @param response The HTTP response to add the cookie to
+     * @param cookie The cookie to add
+     */
+    void addCookie(HttpServletResponse response, Cookie cookie);
+
+    /**
+     * Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
+     * This method should be used on all URLs to be put into all links and forms the application generates.
+     *
+     * @param href the URL to which the CSRF token will be appended
+     * @return the updated URL with the CSRF token parameter added
+     */
+    String addCSRFToken(String href);
+
+    /**
+     * Calls addHeader with the *current* request.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void addHeader(String name, String value);
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This implementation
+     * follows the following recommendation: "A recipient MAY replace any linear
+     * white space with a single SP before interpreting the field value or
+     * forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     *
+     * @param name
+     * @param value
+     */
+    void addHeader(HttpServletResponse response, String name, String value);
+
+    /**
+     * Calls assertSecureRequest with the *current* request.
+     * @see HTTPUtilities#assertSecureRequest(HttpServletRequest)
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void assertSecureRequest() throws AccessControlException;
+
+    /**
+     * Calls assertSecureChannel with the *current* request.
+     * @see HTTPUtilities#assertSecureChannel(HttpServletRequest)
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void assertSecureChannel() throws AccessControlException;
+
+    /**
+     * Ensures that the request uses both SSL and POST to protect any sensitive parameters
+     * in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
+     * This method should be called for any request that contains sensitive data from a web form.
+     *
+     * @param request
+     * @throws AccessControlException if security constraints are not met
+     */
+    void assertSecureRequest(HttpServletRequest request) throws AccessControlException;
+
+    /**
+     * Ensures the use of SSL to protect any sensitive parameters in the request and
+     * any sensitive data in the response. This method should be called for any request
+     * that contains sensitive data from a web form or will result in sensitive data in the
+     * response page.
+     *
+     * @param request
+     * @throws AccessControlException if security constraints are not met
+     */
+    void assertSecureChannel(HttpServletRequest request) throws AccessControlException;
+
+    /**
+     * Calls changeSessionIdentifier with the *current* request.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    HttpSession changeSessionIdentifier() throws AuthenticationException;
+
+    /**
+     * Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
+     * Note that this is different from logging out and creating a new session identifier that does not contain the
+     * existing session contents. Care should be taken to use this only when the existing session does not contain
+     * hazardous contents.
+     *
+     * @param request
+     * @return the new HttpSession with a changed id
+     * @throws AuthenticationException the exception
+     */
+    HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException;
+
+    /**
+     * Clears the current HttpRequest and HttpResponse associated with the current thread.
+     *
+     * @see ESAPI#clearCurrent()
+     */
+    void clearCurrent();
+
+    /**
+     * Decrypts an encrypted hidden field value and returns the cleartext. If the field does not decrypt properly,
+     * an IntrusionException is thrown to indicate tampering.
+     *
+     * @param encrypted hidden field value to decrypt
+     * @return decrypted hidden field value stored as a String
+     */
+    String decryptHiddenField(String encrypted);
+
+    /**
+     * Takes an encrypted querystring and returns a Map containing the original parameters.
+     *
+     * @param encrypted the encrypted querystring to decrypt
+     * @return a Map object containing the decrypted querystring
+     * @throws EncryptionException
+     */
+    Map<String, String> decryptQueryString(String encrypted) throws EncryptionException;
+
+    /**
+     * Calls decryptStateFromCookie with the *current* request.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    Map<String, String> decryptStateFromCookie() throws EncryptionException;
+
+    /**
+     * Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
+     *
+     * @param request
+     * @return a map containing the decrypted cookie state value
+     * @throws EncryptionException
+     */
+    Map<String, String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException;
+
+    /**
+     * Encrypts a hidden field value for use in HTML.
+     *
+     * @param value the cleartext value of the hidden field
+     * @return the encrypted value of the hidden field
+     * @throws EncryptionException
+     */
+    String encryptHiddenField(String value) throws EncryptionException;
+
+    /**
+     * Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
+     *
+     * @param query the querystring to encrypt
+     * @return encrypted querystring stored as a String
+     * @throws EncryptionException
+     */
+    String encryptQueryString(String query) throws EncryptionException;
+
+    /**
+     * Calls encryptStateInCookie with the *current* response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void encryptStateInCookie(Map<String, String> cleartext) throws EncryptionException;
+
+    /**
+     * Stores a Map of data in an encrypted cookie. Generally the session is a better
+     * place to store state information, as it does not expose it to the user at all.
+     * If there is a requirement not to use sessions, or the data should be stored
+     * across sessions (for a long time), the use of encrypted cookies is an effective
+     * way to prevent the exposure.
+     *
+     * @param response
+     * @param cleartext
+     * @throws EncryptionException
+     */
+    void encryptStateInCookie(HttpServletResponse response, Map<String, String> cleartext) throws EncryptionException;
+
+    /**
+     * Calls getCookie with the *current* response.
+     *
+     * @param name The cookie to get
+     * @return the requested cookie value
+     * @throws ValidationException
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    String getCookie(String name) throws ValidationException;
+
+    /**
+     * A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
+     * value of the named cookie after "global" validation against the
+     * general type defined in ESAPI.properties. This should not be considered a replacement for
+     * more specific validation.
+     *
+     * @param request
+     * @param name The cookie to get
+     * @return the requested cookie value
+     * @throws ValidationException
+     */
+    String getCookie(HttpServletRequest request, String name) throws ValidationException;
+
+    /**
+     * Returns the current user's CSRF token. If there is no current user then return null.
+     *
+     * @return the current user's CSRF token
+     */
+    String getCSRFToken();
+
+    /**
+     * Retrieves the current HttpServletRequest
+     *
+     * @return the current request
+     */
+    HttpServletRequest getCurrentRequest();
+
+    /**
+     * Retrieves the current HttpServletResponse
+     *
+     * @return the current response
+     */
+    HttpServletResponse getCurrentResponse();
+
+    /**
+     * Calls {@code getFileUploads} with the <b>current</b> request, default upload directory, and default allowed file extensions
+     *
+     * @return List of new File objects from upload
+     * @throws ValidationException if the file fails validation
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    List getFileUploads() throws ValidationException;
+
+    /**
+     * Call {@code getFileUploads} with the specified request, default upload directory, and default allowed file extensions
+     *
+     * @param request The applicable HTTP request
+     *
+     * @return List of new File objects from upload
+     * @throws ValidationException if the file fails validation
+     */
+    List getFileUploads(HttpServletRequest request) throws ValidationException;
+
+    /**
+     * Call {@code getFileUploads} with the specified request, specified upload directory, and default allowed file extensions
+     *
+     * @param request The applicable HTTP request
+     * @param finalDir The destination directory to leave the uploaded file(s) in.
+     *
+     * @return List of new File objects from upload
+     * @throws ValidationException if the file fails validation
+     */
+    List getFileUploads(HttpServletRequest request, File finalDir) throws ValidationException;
+
+
+    /**
+     * Extract uploaded files from a multipart/form-data HTTP request. Implementations must check the content to ensure that it
+     * is safe before making a permanent copy on the local filesystem. Checks should include length and content checks,
+     * possibly virus checking, and path and name checks. Refer to the file checking methods in Validator for more
+     * information. <b>Important Note:</b> The ESAPI reference implementation (i.e.,
+     * {@code org.owasp.esapi.referenceDefaultHTTPUtilities} only does some of these things listed above and some of those
+     * are limited to which {@code getFileUploads} method is called and how you've set your relevant ESAPI properties
+     * in your <b>ESAPI.properties</b> file.
+     * <p/><p>
+     * This method uses {@link HTTPUtilities#getCurrentRequest()} to obtain the
+     * {@link javax.servlet.http.HttpServletRequest HttpServletRequest}
+     * object. If the ESAPI property <b>HttpUtilities.FileUploadAllowAnonymousUser</b> is set to {@code false} (the
+     * default is {@code true}), then {@code getFileUploads} will call {@code ESAPI.authenticator().getCurrentUser()}
+     * to check if the user is authenticated. If that property is set to {@code false} and a call to that function returns
+     * an anonymous (i.e., unauthenticated) user, then the file upload is blocked.
+     * <p/><p>
+     * ESAPI properties relevant to this and the other {@code getFileUploads} methods referenced in this table. The
+     * last 2 properties are new since release 2.5.2.0:
+     * <table border="1">
+     *   <tr>
+     *     <th>ESAPI Property Name</th>
+     *     <th>ESAPI.properties Default</th>
+     *     <th>Builtin Default</th>
+     *     <th>Meaning</th>
+     *   </tr>
+     *   <tr>
+     *     <td>HttpUtilities.UploadDir</td>
+     *     <td>C:\ESAPI\testUpload</td>
+     *     <td>UploadDir</td>
+     *     <td>Final destination directory for uploaded files.</td>
+     *   </tr>
+     *   <tr>
+     *     <td>HttpUtilities.UploadTempDir</td>
+     *     <td>C:\temp</td>
+     *     <td>Value of system property java.io.tmpdir</td>
+     *     <td>Temporary staging directory for uploaded files.</td>
+     *   </tr>
+     *   <tr>
+     *     <td>HttpUtilities.ApprovedUploadExtensions</td>
+     *     <td>.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.pn</td>
+     *     <td>.pdf,.txt,.jpg,.png</td>
+     *     <td>Comma separated allowed list of file suffixes that may be uploaded.</td>
+     *   </tr>
+     *   <tr>
+     *     <td>HttpUtilities.MaxUploadFileBytes</td>
+     *     <td>5000000</td>
+     *     <td>5000000</td>
+     *     <td>Total maximum upload file size for uploaded files per HTTP request.</td>
+     *   </tr>
+     *   <tr>
+     *     <td>HttpUtilities.MaxUploadFileCount</td>
+     *     <td>20</td>
+     *     <td>20</td>
+     *     <td>Maximum total number of uploaded files per HTTP request.</td>
+     *   </tr>
+     *   <tr>
+     *     <td>HttpUtilities.FileUploadAllowAnonymousUser</td>
+     *     <td>true</td>
+     *     <td>true</td>
+     *     <td>Controls whether anonymous (i.e., unauthenticated) users may upload files.</td>
+     *   </tr>
+     * </table>
+     * <p/><p>
+     * As alluded to above, it is important to note that these {@code getFileUploads} methods do not do
+     * everything to keey your application and environment secure. Some of the more obvious omissions are the
+     * absence of examining the actual file content to determine the actual file type or running some AV scan
+     * on the uploaded files. You have to add that functionality to you if you want or need that. Some
+     * resource that you may find useful are:
+     * <ul>
+     *   <li><a href="https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html">OWASP File Upload Cheat Sheet</a></li>
+     *   <li><a href="https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html">OWASP Denial of Service Cheat Sheet</a></li>
+     *   <li><a href="https://tika.apache.org/">Apache Tika - a content analysis toolkit</a></li>
+     * </ul>
+     *
+     * @param request The applicable HTTP request
+     * @param destinationDir The destination directory to leave the uploaded file in.
+     * @param allowedExtensions Permitted file suffixes. (Yes, this is a weak check. Use Apache Tika if you
+     *                          want something more.)
+     * @return List of new {@code File} objects from upload
+     * @throws ValidationException if the file fails validation
+     * @throws java.security.AccessControlException If anonymous users are not allowed and the user is
+     *                                      not authenticated as per the ESAPI {@code Authenticator}.
+     */
+    List getFileUploads(HttpServletRequest request, File destinationDir, List allowedExtensions) throws ValidationException;
+
+
+    /**
+     * Calls getHeader with the *current* request.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    String getHeader(String name) throws ValidationException;
+
+    /**
+     * A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
+     * value of the named header after "global" validation against the
+     * general type defined in ESAPI.properties. This should not be considered a replacement for
+     * more specific validation.
+     *
+     * @param request
+     * @param name
+     * @return the requested header value
+     */
+    String getHeader(HttpServletRequest request, String name) throws ValidationException;
+
+    /**
+     * Calls getParameter with the *current* request.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    String getParameter(String name) throws ValidationException;
+
+    /**
+     * A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
+     * value of the named parameter after "global" validation against the
+     * general type defined in ESAPI.properties. This should not be considered a replacement for
+     * more specific validation.
+     *
+     * @param request
+     * @param name
+     * @return the requested parameter value
+     */
+    String getParameter(HttpServletRequest request, String name) throws ValidationException;
+
+    /**
+     * Calls killAllCookies with the *current* request and response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void killAllCookies();
+
+    /**
+     * Kill all cookies received in the last request from the browser. Note that new cookies set by the application in
+     * this response may not be killed by this method.
+     *
+     * @param request
+     * @param response
+     */
+    void killAllCookies(HttpServletRequest request, HttpServletResponse response);
+
+    /**
+     * Calls killCookie with the *current* request and response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void killCookie(String name);
+
+    /**
+     * Kills the specified cookie by setting a new cookie that expires immediately. Note that this
+     * method does not delete new cookies that are being set by the application for this response.
+     *
+     * @param request
+     * @param name
+     * @param response
+     */
+    void killCookie(HttpServletRequest request, HttpServletResponse response, String name);
+
+    /**
+     * Calls logHTTPRequest with the *current* request and logger.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void logHTTPRequest();
+
+    /**
+     * Format the Source IP address, URL, URL parameters, and all form
+     * parameters into a string suitable for the log file. Be careful not
+     * to log sensitive information, and consider masking with the
+     * logHTTPRequest( List parameterNamesToObfuscate ) method.
+     *
+     * @param request
+     * @param logger the logger to write the request to
+     */
+    void logHTTPRequest(HttpServletRequest request, Logger logger);
+
+    /**
+     * Format the Source IP address, URL, URL parameters, and all form
+     * parameters into a string suitable for the log file. The list of parameters to
+     * obfuscate should be specified in order to prevent sensitive information
+     * from being logged. If a null list is provided, then all parameters will
+     * be logged. If HTTP request logging is done in a central place, the
+     * parameterNamesToObfuscate could be made a configuration parameter. We
+     * include it here in case different parts of the application need to obfuscate
+     * different parameters.
+     *
+     * @param request The HTTP request to log
+     * @param logger the logger to write the request to
+     * @param parameterNamesToObfuscate the sensitive parameters
+     */
+    void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate);
+
+    /**
+     * Calls sendForward with the *current* request and response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void sendForward(String location) throws AccessControlException, ServletException, IOException;
+
+    /**
+     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
+     * publicly accessible resources can be dangerous, as the request will have already passed the URL
+     * based access control check. This method ensures that you can only forward to non-publicly
+     * accessible resources.
+     *
+     * @param request
+     * @param response
+     * @param location the URL to forward to, including parameters
+     * @throws AccessControlException
+     * @throws ServletException
+     * @throws IOException
+     */
+    void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException, ServletException, IOException;
+
+
+    /**
+     * Calls sendRedirect with the *current* response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void sendRedirect(String location) throws AccessControlException, IOException;
+
+
+    /**
+     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
+     * publicly accessible resources can be dangerous, as the request will have already passed the URL
+     * based access control check. This method ensures that you can only forward to non-publicly
+     * accessible resources.
+     *
+     * @param response
+     * @param location the URL to forward to, including parameters
+     * @throws AccessControlException
+     * @throws IOException
+     */
+    void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException;
+
+    /**
+     * Calls setContentType with the *current* request and response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void setContentType();
+
+     /**
+     * Set the content type character encoding header on every HttpServletResponse in order to limit
+     * the ways in which the input data can be represented. This prevents
+     * malicious users from using encoding and multi-byte escape sequences to
+     * bypass input validation routines.
+     * <p/>
+     * Implementations of this method should set the content type header to a safe value for your environment.
+     * The default is text/html; charset=UTF-8 character encoding, which is the default in early
+     * versions of HTML and HTTP. See RFC 2047 (http://ds.internic.net/rfc/rfc2045.txt) for more
+     * information about character encoding and MIME.
+     * <p/>
+     * The DefaultHTTPUtilities reference implementation sets the content type as specified.
+     *
+     * @param response The servlet response to set the content type for.
+     */
+    void setContentType(HttpServletResponse response);
+
+    /**
+     * Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout
+     * ESAPI (and elsewhere)
+     *
+     * @param request  the current request
+     * @param response the current response
+     */
+    void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response);
+
+
+    /**
+     * Calls setHeader with the *current* response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void setHeader(String name, String value);
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and value. "A recipient MAY replace any
+     * linear white space with a single SP before interpreting the field value
+     * or forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     *
+     * @param name
+     * @param value
+     */
+    void setHeader(HttpServletResponse response, String name, String value);
+
+
+    /**
+     * Calls setNoCacheHeaders with the *current* response.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void setNoCacheHeaders();
+
+
+    /**
+     * Set headers to protect sensitive information against being cached in the browser. Developers should make this
+     * call for any HTTP responses that contain any sensitive data that should not be cached within the browser or any
+     * intermediate proxies or caches. Implementations should set headers for the expected browsers. The safest approach
+     * is to set all relevant headers to their most restrictive setting. These include:
+     * <p/>
+     * <PRE>
+     * Cache-Control: no-store<BR>
+     * Cache-Control: no-cache<BR>
+     * Cache-Control: must-revalidate<BR>
+     * Expires: -1<BR>
+     * </PRE>
+     * <p/>
+     * Note that the header "pragma: no-cache" is intended only for use in HTTP requests, not HTTP responses. However, Microsoft has chosen to
+     * directly violate the standards, so we need to include that header here. For more information, please refer to the relevant standards:
+     * <UL>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1">HTTP/1.1 Cache-Control "no-cache"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2">HTTP/1.1 Cache-Control "no-store"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32">HTTP/1.0 Pragma "no-cache"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21">HTTP/1.0 Expires</a>
+     * <LI><a href="http://support.microsoft.com/kb/937479">IE6 Caching Issues</a>
+     * <LI><a href="http://support.microsoft.com/kb/234067">Microsoft directly violates specification for pragma: no-cache</a>
+     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences#Cache">Firefox browser.cache.disk_cache_ssl</a>
+     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences">Mozilla</a>
+     * </UL>
+     *
+     * @param response
+     */
+    void setNoCacheHeaders(HttpServletResponse response);
+
+    /**
+     * Calls setNoCacheHeaders with the *current* response.
+     *
+     * ~DEPRECATED~  Per Kevin Wall, storing passwords with reversible encryption is contrary to *many*
+     * company's stated security policies.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    @Deprecated
+    String setRememberToken(String password, int maxAge, String domain, String path);
+
+    /**
+     *
+     */
+    String setRememberToken(HttpServletRequest request, HttpServletResponse response, int maxAge, String domain, String path);
+
+
+    /**
+     * Set a cookie containing the current User's remember me token for automatic authentication. The use of remember me tokens
+     * is generally not recommended, but this method will help do it as safely as possible. The user interface should strongly warn
+     * the user that this should only be enabled on computers where no other users will have access.
+     * <p/>
+     * Implementations should save the user's remember me data in an encrypted cookie and send it to the user.
+     * Any old remember me cookie should be destroyed first. Setting this cookie should keep the user
+     * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
+     * If the cookie exists for the current user, it should automatically be used by ESAPI to
+     * log the user in, if the data is valid and not expired.
+     * <p/>
+     * The ESAPI reference implementation, DefaultHTTPUtilities.setRememberToken() implements all these suggestions.
+     * <p/>
+     * The username can be retrieved with: User username = ESAPI.authenticator().getCurrentUser();
+     *
+     *~DEPRECATED~  Per Kevin Wall, storing passwords with reversible encryption is contrary to *many*
+     * company's stated security policies.
+     *
+     * @param request
+     * @param password the user's password
+     * @param response
+     * @param maxAge the length of time that the token should be valid for in relative seconds
+     * @param domain the domain to restrict the token to or null
+     * @param path the path to restrict the token to or null
+     * @return encrypted "Remember Me" token stored as a String
+     */
+    @Deprecated
+    String setRememberToken(HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path);
+
+
+    /**
+     * Calls verifyCSRFToken with the *current* request.
+     *
+     * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
+     */
+    void verifyCSRFToken();
+
+    /**
+     * Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and
+     * throws an IntrusionException if it is missing.
+     *
+     * @param request
+     * @throws IntrusionException if CSRF token is missing or incorrect
+     */
+    void verifyCSRFToken(HttpServletRequest request) throws IntrusionException;
+
+   /**
+    * Gets a typed attribute from the session associated with the calling thread. If the
+    * object referenced by the passed in key is not of the implied type, a ClassCastException
+    * will be thrown to the calling code.
+    *
+    * @param    key
+    *           The key that references the session attribute
+    * @return   The requested object.
+    * @see      HTTPUtilities#getSessionAttribute(javax.servlet.http.HttpSession, String)
+    */
+    <T> T getSessionAttribute( String key );
+
+    /**
+     * Gets a typed attribute from the passed in session. This method has the same
+     * responsibility as {link #getSessionAttribute(String} however it only references
+     * the passed in session and thus performs slightly better since it does not need
+     * to return to the Thread to get the {@link HttpSession} associated with the current
+     * thread.
+     *
+     * @param session
+     *          The session to retrieve the attribute from
+     * @param key
+     *          The key that references the requested object
+     * @return  The requested object
+     */
+    <T> T getSessionAttribute( HttpSession session, String key );
+
+    /**
+     * Gets a typed attribute from the {@link HttpServletRequest} associated
+     * with the caller thread. If the attribute on the request is not of the implied
+     * type, a ClassCastException will be thrown back to the caller.
+     *
+     * @param key The key that references the request attribute.
+     * @return The requested object
+     */
+    <T> T getRequestAttribute( String key );
+
+    /**
+     * Gets a typed attribute from the {@link HttpServletRequest} associated
+     * with the passed in request. If the attribute on the request is not of the implied
+     * type, a ClassCastException will be thrown back to the caller.
+     *
+     * @param request The request to retrieve the attribute from
+     * @param key The key that references the request attribute.
+     * @return The requested object
+     */
+    <T> T getRequestAttribute( HttpServletRequest request, String key );
+}
diff --git a/src/main/java/org/owasp/esapi/IntrusionDetector.java b/src/main/java/org/owasp/esapi/IntrusionDetector.java
index 57ea32b8e..ccb2bc984 100644
--- a/src/main/java/org/owasp/esapi/IntrusionDetector.java
+++ b/src/main/java/org/owasp/esapi/IntrusionDetector.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.IntrusionException;
-
-
-/**
- * The IntrusionDetector interface is intended to track security relevant events and identify attack behavior. The
- * implementation can use as much state as necessary to detect attacks, but note that storing too much state will burden
- * your system.
- * <P>
- * The interface is currently designed to accept exceptions as well as custom events. Implementations can use this
- * stream of information to detect both normal and abnormal behavior.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface IntrusionDetector {
-
-    /**
-     * Adds the exception to the IntrusionDetector.  This method should immediately log the exception so that developers throwing an 
-     * IntrusionException do not have to remember to log every error.  The implementation should store the exception somewhere for the current user
-     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
-     * the current user's security exceptions.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
-     * 
-     * @param exception 
-     * 		the exception thrown
-     * 
-     * @throws IntrusionException 
-     * 		the intrusion exception
-     */
-    void addException(Exception exception) throws IntrusionException;
-
-    /**
-     * Adds the event to the IntrusionDetector.  This method should immediately log the event.  The implementation should store the event somewhere for the current user
-     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
-     * the current user's security event.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
-     * 
-     * @param eventName 
-     * 		the event to add
-     * @param logMessage 
-     * 		the message to log with the event
-     * 
-     * @throws IntrusionException 
-     * 		the intrusion exception
-     */
-    void addEvent(String eventName, String logMessage) throws IntrusionException;
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.IntrusionException;
+
+
+/**
+ * The IntrusionDetector interface is intended to track security relevant events and identify attack behavior. The
+ * implementation can use as much state as necessary to detect attacks, but note that storing too much state will burden
+ * your system.
+ * <P>
+ * The interface is currently designed to accept exceptions as well as custom events. Implementations can use this
+ * stream of information to detect both normal and abnormal behavior.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface IntrusionDetector {
+
+    /**
+     * Adds the exception to the IntrusionDetector.  This method should immediately log the exception so that developers throwing an
+     * IntrusionException do not have to remember to log every error.  The implementation should store the exception somewhere for the current user
+     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
+     * the current user's security exceptions.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
+     *
+     * @param exception
+     *         the exception thrown
+     *
+     * @throws IntrusionException
+     *         the intrusion exception
+     */
+    void addException(Exception exception) throws IntrusionException;
+
+    /**
+     * Adds the event to the IntrusionDetector.  This method should immediately log the event.  The implementation should store the event somewhere for the current user
+     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
+     * the current user's security event.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
+     *
+     * @param eventName
+     *         the event to add
+     * @param logMessage
+     *         the message to log with the event
+     *
+     * @throws IntrusionException
+     *         the intrusion exception
+     */
+    void addEvent(String eventName, String logMessage) throws IntrusionException;
+
+}
diff --git a/src/main/java/org/owasp/esapi/LogFactory.java b/src/main/java/org/owasp/esapi/LogFactory.java
index e3736986d..7571ea460 100644
--- a/src/main/java/org/owasp/esapi/LogFactory.java
+++ b/src/main/java/org/owasp/esapi/LogFactory.java
@@ -1,15 +1,15 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Rogan Dawes<a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2008
  */
@@ -18,43 +18,43 @@
 /**
  * The LogFactory interface is intended to allow substitution of various logging packages, while providing
  * a common interface to access them.
- * 
- * In the reference implementation, JavaLogFactory.java implements this interface.  JavaLogFactory.java also contains an 
- * inner class called JavaLogger which implements Logger.java and uses the Java logging package to log events. 
- * 
+ *
+ * In the reference implementation, JavaLogFactory.java implements this interface.  JavaLogFactory.java also contains an
+ * inner class called JavaLogger which implements Logger.java and uses the Java logging package to log events.
+ *
  * @see org.owasp.esapi.ESAPI
- * 
+ *
  * @author rdawes
  *
  */
 public interface LogFactory {
-	
-	/**
-	 * Gets the logger associated with the specified module name. The module name is used by the logger to log which 
-	 * module is generating the log events. The implementation of this method should return any preexisting Logger 
-	 * associated with this module name, rather than creating a new Logger.
-	 * <br><br>
-	 * The JavaLogFactory reference implementation meets these requirements.
-	 * 
-	 * @param moduleName
-	 * 			The name of the module requesting the logger.
-	 * @return
-	 * 			The Logger associated with this module.
-	 */
-	Logger getLogger(String moduleName);
-	
-	/**
-	 * Gets the logger associated with the specified class. The class is used by the logger to log which 
-	 * class is generating the log events. The implementation of this method should return any preexisting Logger 
-	 * associated with this class name, rather than creating a new Logger.
-	 * <br><br>
-	 * The JavaLogFactory reference implementation meets these requirements.
-	 * 
-	 * @param clazz
-	 * 			The name of the class requesting the logger.
-	 * @return
-	 * 			The Logger associated with this class.
-	 */
-	Logger getLogger(Class clazz);
-	
+
+    /**
+     * Gets the logger associated with the specified module name. The module name is used by the logger to log which
+     * module is generating the log events. The implementation of this method should return any preexisting Logger
+     * associated with this module name, rather than creating a new Logger.
+     * <br><br>
+     * The JavaLogFactory reference implementation meets these requirements.
+     *
+     * @param moduleName
+     *             The name of the module requesting the logger.
+     * @return
+     *             The Logger associated with this module.
+     */
+    Logger getLogger(String moduleName);
+
+    /**
+     * Gets the logger associated with the specified class. The class is used by the logger to log which
+     * class is generating the log events. The implementation of this method should return any preexisting Logger
+     * associated with this class name, rather than creating a new Logger.
+     * <br><br>
+     * The JavaLogFactory reference implementation meets these requirements.
+     *
+     * @param clazz
+     *             The name of the class requesting the logger.
+     * @return
+     *             The Logger associated with this class.
+     */
+    Logger getLogger(Class clazz);
+
 }
diff --git a/src/main/java/org/owasp/esapi/Logger.java b/src/main/java/org/owasp/esapi/Logger.java
index 0bd951763..b0a5b7ccc 100644
--- a/src/main/java/org/owasp/esapi/Logger.java
+++ b/src/main/java/org/owasp/esapi/Logger.java
@@ -1,423 +1,433 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-
-/**
- * The Logger interface defines a set of methods that can be used to log
- * security events. It supports a hierarchy of logging levels which can be configured at runtime to determine
- * the severity of events that are logged, and those below the current threshold that are discarded.
- * Implementors should use a well established logging library
- * as it is quite difficult to create a high-performance logger.
- * <P>
- * The logging levels defined by this interface (in descending order) are:
- * <ul>
- * <li>fatal (highest value)</li>
- * <li>error</li>
- * <li>warning</li>
- * <li>info</li>
- * <li>debug</li>
- * <li>trace (lowest value)</li>
- * </ul>
- * There are also several variations of {@code always()} methods that will <i>always</i>
- * log a message regardless of the log level.
- * <p>
- * ESAPI also allows for the definition of the type of log event that is being generated.
- * The Logger interface predefines 6 types of Log events:
- * <ul>
- * <li>SECURITY_SUCCESS</li>
- * <li>SECURITY_FAILURE</li>
- * <li>SECURITY_AUDIT</li>
- * <li>EVENT_SUCCESS</li>
- * <li>EVENT_FAILURE</li>
- * <li>EVENT_UNSPECIFIED</li>
- * </ul>
- * <p>
- * Your implementation can extend or change this list if desired. 
- * <p>
- * This Logger allows callers to determine which logging levels are enabled, and to submit events 
- * at different severity levels.<br>
- * <br>Implementors of this interface should:
- * 
- * <ol>
- * <li>provide a mechanism for setting the logging level threshold that is currently enabled. This usually works by logging all 
- * events at and above that severity level, and discarding all events below that level.
- * This is usually done via configuration, but can also be made accessible programmatically.</li>
- * <li>ensure that dangerous HTML characters are encoded before they are logged to defend against malicious injection into logs 
- * that might be viewed in an HTML based log viewer.</li>
- * <li>encode any CRLF characters included in log data in order to prevent log injection attacks.</li>
- * <li>avoid logging the user's session ID. Rather, they should log something equivalent like a 
- * generated logging session ID, or a hashed value of the session ID so they can track session specific 
- * events without risking the exposure of a live session's ID.</li> 
- * <li>record the following information with each event:</li>
- *   <ol type="a">
- *   <li>identity of the user that caused the event,</li>
- *   <li>a description of the event (supplied by the caller),</li>
- *   <li>whether the event succeeded or failed (indicated by the caller),</li>
- *   <li>severity level of the event (indicated by the caller),</li>
- *   <li>that this is a security relevant event (indicated by the caller),</li>
- *   <li>hostname or IP where the event occurred (and ideally the user's source IP as well),</li>
- *   <li>a time stamp</li>
- *   </ol>
- * </ol>
- *  
- * Custom logger implementations might also:
- * <ol start="6">
- * <li>filter out any sensitive data specific to the current application or organization, such as credit cards, 
- * social security numbers, etc.</li>
- * </ol>
- * 
- * There are both Log4j and native Java Logging default implementations. JavaLogger uses the java.util.logging package as the basis for its logging 
- * implementation. Both default implementations implements requirements #1 thru #5 above.<br>
- * <br>
- * Customization: It is expected that most organizations will implement their own custom Logger class in 
- * order to integrate ESAPI logging with their logging infrastructure. The ESAPI Reference Implementation 
- * is intended to provide a simple functional example of an implementation.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- * href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Logger {
-
-	/**
-     * A security type of log event that has succeeded. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType SECURITY_SUCCESS = new EventType( "SECURITY SUCCESS", true);
-
-	/**
-     * A security type of log event that has failed. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType SECURITY_FAILURE = new EventType( "SECURITY FAILURE", false);
-
-	/**
-	 * A security type of log event that is associated with an audit trail of some type,
-	 * but the log event is not specifically something that has either succeeded or failed
-	 * or that is irrelevant in the case of this logged message.
-	 */
-	// CHECKME: Should the Boolean for this be 'null' or 'true'? See EVENT_UNSPECIFIED.
-	public static final EventType SECURITY_AUDIT = new EventType( "SECURITY AUDIT", null);
-
-	/**
-     * A non-security type of log event that has succeeded. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType EVENT_SUCCESS = new EventType( "EVENT SUCCESS", true);
-	
-	/**
-     * A non-security type of log event that has failed. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType EVENT_FAILURE = new EventType( "EVENT FAILURE", false);
-
-	/**
-     * A non-security type of log event that is unspecified. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType EVENT_UNSPECIFIED = new EventType( "EVENT UNSPECIFIED", null);
-
-	/**
-	 * Defines the type of log event that is being generated. The Logger interface defines 6 types of Log events:
-	 * SECURITY_SUCCESS, SECURITY_FAILURE, EVENT_SUCCESS, EVENT_FAILURE, EVENT_UNSPECIFIED.
-     * Your implementation can extend or change this list if desired. 
-	 */
-	public class EventType {
-		
-		private String type;
-		private Boolean success = null;
-		
-		public EventType (String name, Boolean newSuccess) {
-			this.type = name;
-			this.success = newSuccess;
-		}
-		
-		public Boolean isSuccess() {
-			return success;
-		}
-		
-        /**
-         * Convert the {@code EventType} to a string.
-         * @return The event type name.
-         */
-		@Override
-        public String toString() {
-			return this.type;
-		}
-	}
-	
-	/*
-     * The Logger interface defines 6 logging levels: FATAL, ERROR, WARNING, INFO, DEBUG, TRACE. It also 
-     * supports ALL, which logs all events, and OFF, which disables all logging.
-     * Your implementation can extend or change this list if desired. 
-     */
-	
-	/** OFF indicates that no messages should be logged. This level is initialized to Integer.MAX_VALUE. */
-	public static final int OFF = Integer.MAX_VALUE;
-
-	/** FATAL indicates that only FATAL messages should be logged. This level is initialized to 1000. */
-	public static final int FATAL = 1000;
-
-	/** ERROR indicates that ERROR messages and above should be logged. 
-	 * This level is initialized to 800. */
-    public static final int ERROR = 800;
-
-    /** WARNING indicates that WARNING messages and above should be logged. 
-     * This level is initialized to 600. */
-    public static final int WARNING = 600;
-
-    /** INFO indicates that INFO messages and above should be logged. 
-     * This level is initialized to 400. */
-    public static final int INFO = 400;
-
-    /** DEBUG indicates that DEBUG messages and above should be logged. 
-     * This level is initialized to 200. */
-    public static final int DEBUG = 200;
-
-    /** TRACE indicates that TRACE messages and above should be logged. 
-     * This level is initialized to 100. */
-    public static final int TRACE = 100;
-
-    /** ALL indicates that all messages should be logged. This level is initialized to Integer.MIN_VALUE. */
-    public static final int ALL = Integer.MIN_VALUE;
-    
-
-    /**
-     * Dynamically set the ESAPI logging severity level. All events of this level and higher will be logged from 
-     * this point forward for all logs. All events below this level will be discarded.
-     * 
-     * @param level The level to set the logging level to. 
-     */
-    void setLevel(int level);
-    
-    /** Retrieve the current ESAPI logging level for this logger. See
-     * {@link org.owasp.esapi.reference.Log4JLogger} for an explanation of
-     * why this method is not simply called {@code getLevel()}.
-     * 
-     * @return The current logging level.
-     */
-    int getESAPILevel();
-    
-	/**
-     * Log a fatal event if 'fatal' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void fatal(EventType type, String message);
-	
-	/**
-     * Log a fatal level security event if 'fatal' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void fatal(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if fatal level messages will be output to the log
-	 */
-	boolean isFatalEnabled();
-
-	/**
-     * Log an error level security event if 'error' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     */
-	void error(EventType type, String message);
-	
-	/**
-     * Log an error level security event if 'error' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void error(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if error level messages will be output to the log
-	 */
-	boolean isErrorEnabled();
-
-	/**
-     * Log a warning level security event if 'warning' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     */
-	void warning(EventType type, String message);
-	
-	/**
-     * Log a warning level security event if 'warning' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void warning(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if warning level messages will be output to the log
-	 */
-	boolean isWarningEnabled();
-
-	/**
-     * Log an info level security event if 'info' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     */
-	void info(EventType type, String message);
-	
-	/**
-     * Log an info level security event if 'info' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void info(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if info level messages will be output to the log
-	 */
-	boolean isInfoEnabled();
-
-	/**
-     * Log a debug level security event if 'debug' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void debug(EventType type, String message);
-	
-	/**
-     * Log a debug level security event if 'debug' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void debug(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if debug level messages will be output to the log
-	 */
-	boolean isDebugEnabled();
-
-	/**
-     * Log a trace level security event if 'trace' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void trace(EventType type, String message);
-	
-	/**
-     * Log a trace level security event if 'trace' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void trace(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if trace level messages will be output to the log
-	 */
-	boolean isTraceEnabled();
-
-	/**
-     * Log an event regardless of what logging level is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void always(EventType type, String message);
-	
-	/**
-     * Log an event regardless of what logging level is enabled
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void always(EventType type, String message, Throwable throwable);
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007-2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+/**
+ * The {@code Logger} interface defines a set of methods that can be used to log
+ * security events. It supports a hierarchy of logging levels which can be configured at runtime to determine
+ * the severity of events that are logged, and those below the current threshold that are discarded.
+ * Implementors should use a well established logging library
+ * as it is quite difficult to create a high-performance logger.
+ * <p>
+ * The logging levels defined by this interface (in descending order) are:
+ * <ul>
+ * <li>fatal (highest value)</li>
+ * <li>error</li>
+ * <li>warning</li>
+ * <li>info</li>
+ * <li>debug</li>
+ * <li>trace (lowest value)</li>
+ * </ul>
+ * There are also several variations of {@code always()} methods that will <i>always</i>
+ * log a message regardless of the log level.
+ * </p><p>
+ * ESAPI also allows for the definition of the type of log event that is being generated.
+ * The {@code Logger} interface predefines 6 types of Log events:
+ * <ul>
+ * <li>SECURITY_SUCCESS</li>
+ * <li>SECURITY_FAILURE</li>
+ * <li>SECURITY_AUDIT</li>
+ * <li>EVENT_SUCCESS</li>
+ * <li>EVENT_FAILURE</li>
+ * <li>EVENT_UNSPECIFIED</li>
+ * </ul>
+ * </p><p>
+ * Your custom implementation can extend or change this list if desired.
+ * </p><p>
+ * This {@code Logger} allows callers to determine which logging levels are enabled, and to submit events
+ * at different severity levels.<br>
+ * <br>Implementors of this interface should:
+ *
+ * <ol>
+ * <li>Provide a mechanism for setting the logging level threshold that is currently enabled. This usually works by logging all
+ * events at and above that severity level, and discarding all events below that level.
+ * This is usually done via configuration, but can also be made accessible programmatically.</li>
+ * <li>Ensure that dangerous HTML characters are encoded before they are logged to defend against malicious injection into logs
+ * that might be viewed in an HTML based log viewer.</li>
+ * <li>Encode any CRLF characters included in log data in order to prevent log injection attacks.</li>
+ * <li>Avoid logging the user's session ID. Rather, they should log something equivalent like a
+ * generated logging session ID, or a hashed value of the session ID so they can track session specific
+ * events without risking the exposure of a live session's ID.</li>
+ * <li>Record the following information with each event:</li>
+ *   <ol type="a">
+ *   <li>Identity of the user that caused the event.</li>
+ *   <li>A description of the event (supplied by the caller).</li>
+ *   <li>Whether the event succeeded or failed (indicated by the caller).</li>
+ *   <li>Severity level of the event (indicated by the caller).</li>
+ *   <li>That this is a security relevant event (indicated by the caller).</li>
+ *   <li>Hostname or IP where the event occurred (and ideally the user's source IP as well).</li>
+ *   <li>A date/time stamp.</li>
+ *   </ol>
+ * </ol>
+ *
+ * Custom logger implementations might also:
+ * <ol start="6">
+ * <li>Filter out any sensitive data specific to the current application or organization, such as credit cards,
+ * social security numbers, etc.</li>
+ * </ol>
+ *
+ * There are both SLF4J and native Java Logging (i.e., {@code java.util.logging}, aka JUL) implementations
+ * of the ESAPI logger with JUL being our default logger for our stock <b>ESAPI.properties</b> file that
+ * is delivered along with ESAPI releases in a separate <b>esapi-configuration</b> jar available from the
+ * releases mentioned on
+ * <a href="https://github.com/ESAPI/esapi-java-legacy/releases/">ESAPI's GitHub Releases page</a>.
+ * </p><p>
+ * The {@code org.owasp.esapi.logging.java.JavaLogger} class uses the {@code java.util.logging} package as
+ * the basis for its logging implementation. Both provided implementations implement requirements #1 through #5 above.
+ * </p><p>
+ * <i>Customization</i>: It is expected that most organizations may wish to implement their own custom {@code Logger} class in
+ * order to integrate ESAPI logging with their specific logging infrastructure. The ESAPI reference implementations
+ * can serve as a useful starting point to intended to provide a simple functional example of an implementation, but
+ * they are also largely usable out-of-the-box with some additional minimal log configuration.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ * href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Logger {
+
+    // All implied static final as this is an interface
+
+    /**
+     * A security type of log event that has succeeded. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+    EventType SECURITY_SUCCESS = new EventType( "SECURITY SUCCESS", true);
+
+    /**
+     * A security type of log event that has failed. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+    EventType SECURITY_FAILURE = new EventType( "SECURITY FAILURE", false);
+
+    /**
+     * A security type of log event that is associated with an audit trail of some type,
+     * but the log event is not specifically something that has either succeeded or failed
+     * or that is irrelevant in the case of this logged message.
+     */
+    // CHECKME: Should the Boolean for this be 'null' or 'true'? See EVENT_UNSPECIFIED.
+    EventType SECURITY_AUDIT = new EventType( "SECURITY AUDIT", null);
+
+    /**
+     * A non-security type of log event that has succeeded. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+    EventType EVENT_SUCCESS = new EventType( "EVENT SUCCESS", true);
+
+    /**
+     * A non-security type of log event that has failed. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+    EventType EVENT_FAILURE = new EventType( "EVENT FAILURE", false);
+
+    /**
+     * A non-security type of log event that is unspecified. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+    EventType EVENT_UNSPECIFIED = new EventType( "EVENT UNSPECIFIED", null);
+
+    /**
+     * Defines the type of log event that is being generated. The Logger interface defines 6 types of Log events:
+     * SECURITY_SUCCESS, SECURITY_FAILURE, EVENT_SUCCESS, EVENT_FAILURE, EVENT_UNSPECIFIED.
+     * Your implementation can extend or change this list if desired.
+     */
+    class EventType {
+
+        private String type;
+        private Boolean success = null;
+
+        public EventType (String name, Boolean newSuccess) {
+            this.type = name;
+            this.success = newSuccess;
+        }
+
+        public Boolean isSuccess() {
+            return success;
+        }
+
+        /**
+         * Convert the {@code EventType} to a string.
+         * @return The event type name.
+         */
+        @Override
+        public String toString() {
+            return this.type;
+        }
+    }
+
+    /*
+     * The Logger interface defines 6 logging levels: FATAL, ERROR, WARNING, INFO, DEBUG, TRACE. It also
+     * supports ALL, which logs all events, and OFF, which disables all logging.
+     * Your implementation can extend or change this list if desired.
+     */
+
+    /** OFF indicates that no messages should be logged. This level is initialized to Integer.MAX_VALUE. */
+    int OFF = Integer.MAX_VALUE;
+
+    /** FATAL indicates that only FATAL messages should be logged. This level is initialized to 1000. */
+    int FATAL = 1000;
+
+    /** ERROR indicates that ERROR messages and above should be logged.
+     * This level is initialized to 800. */
+    int ERROR = 800;
+
+    /** WARNING indicates that WARNING messages and above should be logged.
+     * This level is initialized to 600. */
+    int WARNING = 600;
+
+    /** INFO indicates that INFO messages and above should be logged.
+     * This level is initialized to 400. */
+    int INFO = 400;
+
+    /** DEBUG indicates that DEBUG messages and above should be logged.
+     * This level is initialized to 200. */
+    int DEBUG = 200;
+
+    /** TRACE indicates that TRACE messages and above should be logged.
+     * This level is initialized to 100. */
+    int TRACE = 100;
+
+    /** ALL indicates that all messages should be logged. This level is initialized to Integer.MIN_VALUE. */
+    int ALL = Integer.MIN_VALUE;
+
+
+    /**
+     * Dynamically set the ESAPI logging severity level. All events of this level and higher will be logged from
+     * this point forward for all logs. All events below this level will be discarded.
+     *
+     * @param level The level to set the logging level to.
+     */
+    void setLevel(int level);
+
+    /** Retrieve the current ESAPI logging level for this logger.
+     *
+     * @return The current logging level.
+     */
+    int getESAPILevel();
+
+    /**
+     * Log a fatal event if 'fatal' level logging is enabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     */
+    void fatal(EventType type, String message);
+
+    /**
+     * Log a fatal level security event if 'fatal' level logging is enabled
+     * and also record the stack trace associated with the event.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     * @param throwable
+     *         the exception to be logged
+     */
+    void fatal(EventType type, String message, Throwable throwable);
+
+    /**
+     * Allows the caller to determine if messages logged at this level
+     * will be discarded, to avoid performing expensive processing.
+     *
+     * @return true if fatal level messages will be output to the log
+     */
+    boolean isFatalEnabled();
+
+    /**
+     * Log an error level security event if 'error' level logging is enabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     */
+    void error(EventType type, String message);
+
+    /**
+     * Log an error level security event if 'error' level logging is enabled
+     * and also record the stack trace associated with the event.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     * @param throwable
+     *         the exception to be logged
+     */
+    void error(EventType type, String message, Throwable throwable);
+
+    /**
+     * Allows the caller to determine if messages logged at this level
+     * will be discarded, to avoid performing expensive processing.
+     *
+     * @return true if error level messages will be output to the log
+     */
+    boolean isErrorEnabled();
+
+    /**
+     * Log a warning level security event if 'warning' level logging is enabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     */
+    void warning(EventType type, String message);
+
+    /**
+     * Log a warning level security event if 'warning' level logging is enabled
+     * and also record the stack trace associated with the event.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     * @param throwable
+     *         the exception to be logged
+     */
+    void warning(EventType type, String message, Throwable throwable);
+
+    /**
+     * Allows the caller to determine if messages logged at this level
+     * will be discarded, to avoid performing expensive processing.
+     *
+     * @return true if warning level messages will be output to the log
+     */
+    boolean isWarningEnabled();
+
+    /**
+     * Log an info level security event if 'info' level logging is enabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     */
+    void info(EventType type, String message);
+
+    /**
+     * Log an info level security event if 'info' level logging is enabled
+     * and also record the stack trace associated with the event.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     * @param throwable
+     *         the exception to be logged
+     */
+    void info(EventType type, String message, Throwable throwable);
+
+    /**
+     * Allows the caller to determine if messages logged at this level
+     * will be discarded, to avoid performing expensive processing.
+     *
+     * @return true if info level messages will be output to the log
+     */
+    boolean isInfoEnabled();
+
+    /**
+     * Log a debug level security event if 'debug' level logging is enabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     */
+    void debug(EventType type, String message);
+
+    /**
+     * Log a debug level security event if 'debug' level logging is enabled
+     * and also record the stack trace associated with the event.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     * @param throwable
+     *         the exception to be logged
+     */
+    void debug(EventType type, String message, Throwable throwable);
+
+    /**
+     * Allows the caller to determine if messages logged at this level
+     * will be discarded, to avoid performing expensive processing.
+     *
+     * @return true if debug level messages will be output to the log
+     */
+    boolean isDebugEnabled();
+
+    /**
+     * Log a trace level security event if 'trace' level logging is enabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     */
+    void trace(EventType type, String message);
+
+    /**
+     * Log a trace level security event if 'trace' level logging is enabled
+     * and also record the stack trace associated with the event.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     * @param throwable
+     *         the exception to be logged
+     */
+    void trace(EventType type, String message, Throwable throwable);
+
+    /**
+     * Allows the caller to determine if messages logged at this level
+     * will be discarded, to avoid performing expensive processing.
+     *
+     * @return true if trace level messages will be output to the log
+     */
+    boolean isTraceEnabled();
+
+    /**
+     * Log an event regardless of what logging level is enabled.
+     * <br>
+     * Note that logging will not occur if the underlying logging implementation has logging disabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     */
+    void always(EventType type, String message);
+
+    /**
+     * Log an event regardless of what logging level is enabled
+     * and also record the stack trace associated with the event.
+     * <br>
+     * Note that logging will not occur if the underlying logging implementation has logging disabled.
+     *
+     * @param type
+     *         the type of event
+     * @param message
+     *         the message to log
+     * @param throwable
+     *         the exception to be logged
+     */
+    void always(EventType type, String message, Throwable throwable);
+}
diff --git a/src/main/java/org/owasp/esapi/PreparedString.java b/src/main/java/org/owasp/esapi/PreparedString.java
index 4e300be3c..5102a324c 100644
--- a/src/main/java/org/owasp/esapi/PreparedString.java
+++ b/src/main/java/org/owasp/esapi/PreparedString.java
@@ -1,139 +1,137 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi;
-
-import java.util.ArrayList;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.HTMLEntityCodec;
-
-
-/**
- * A parameterized string that uses escaping to make untrusted data safe before combining it with
- * a command or query intended for use in an interpreter.
- * <pre> 
- * PreparedString div = new PreparedString( "&lt;a href=\"http:\\\\example.com?id=?\" onmouseover=\"alert('?')\"&gt;test&lt;/a&gt;", new HTMLEntityCodec() );
- * div.setURL( 1, request.getParameter( "url" ), new PercentCodec() );
- * div.set( 2, request.getParameter( "message" ), new JavaScriptCodec() );
- * out.println( div.toString() );
- * 
- * // escaping for SQL
- * PreparedString query = new PreparedString( "SELECT * FROM users WHERE name='?' AND password='?'", new OracleCodec() );
- * query.set( 1, request.getParameter( "name" ) );
- * query.set( 2, request.getParameter( "pass" ) );
- * stmt.execute( query.toString() );
- * </pre>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public class PreparedString {
-	char parameterCharacter = '?';
-	Codec codec = null;
-	String[] parameters = null;
-	ArrayList parts = new ArrayList();
-	private final static char[] IMMUNE = {};
-
-	/**
-	 * Create a PreparedString with the supplied template and Codec. The template should use the 
-	 * default parameter placeholder character (?) in the place where actual parameters are to be inserted.
-	 * The supplied Codec will be used to escape characters in calls to set, unless a specific Codec is
-	 * provided to override it.
-	 * @param template
-	 * @param codec
-	 */
-	public PreparedString( String template, Codec codec ) {
-		this.codec = codec;
-		split( template, parameterCharacter );
-	}
-
-	/**
-	 * Create a PreparedString with the supplied template, parameter placeholder character, and Codec. The parameter character
-	 * can be any character, but should not be one that will be used in the template. The parameter character can safely
-	 * be used in a parameter passed into the set methods.
-	 * @param template
-	 * @param parameterCharacter
-	 * @param codec
-	 */
-	public PreparedString( String template, char parameterCharacter, Codec codec ) {
-		this.codec = codec;
-		this.parameterCharacter = parameterCharacter;
-		split( template, parameterCharacter );
-	}
-
-	/**
-	 * Split a string with a particular character.
-	 * @param str
-	 * @param c
-	 */
-	private void split( String str, char c ) {
-		int index = 0;
-		int pcount = 0;
-		for ( int i = 0; i < str.length(); i++ ) {
-			if ( str.charAt(i) == c ) {
-				pcount++;
-				parts.add( str.substring(index,i) );
-				index = i + 1;
-			}
-		}
-		parts.add( str.substring(index) );
-		parameters = new String[pcount];
-	}
-	
-	/**
-	 * Set the parameter at index with supplied value using the default Codec to escape. 
-	 * @param index
-	 * @param value
-	 */
-	public void set( int index, String value ) {
-		if ( index < 1 || index > parameters.length ) {
-			throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
-		}
-		String encoded = codec.encode( IMMUNE, value );
-		parameters[index-1] = encoded;
-	}
-	
-	/**
-	 * Set the parameter at index with supplied value using the supplied Codec to escape. 
-	 * @param index
-	 * @param value
-	 * @param codec
-	 */
-	public void set( int index, String value, Codec codec ) {
-		if ( index < 1 || index > parameters.length ) {
-			throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
-		}
-		String encoded = codec.encode( IMMUNE, value );
-		parameters[index-1] = encoded;
-	}
-	
-	/**
-	 * Render the PreparedString by combining the template with properly escaped parameters.
-	 */
-	public String toString() {
-		for ( int ix = 0; ix < parameters.length; ix++ ) {
-			if ( parameters[ix] == null ) {
-				throw new RuntimeException( "Attempt to render PreparedString without setting parameter " + ( ix + 1 ));
-			}
-		}
-		StringBuilder sb = new StringBuilder();
-		int i = 0;
-		for ( int p=0; p < parts.size(); p++ ) {
-			sb.append( parts.get( p ) );
-			if ( i < parameters.length ) sb.append( parameters[i++] );
-		}
-		return sb.toString();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007-2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi;
+
+import java.util.ArrayList;
+import org.owasp.esapi.codecs.Codec;
+
+/**
+ * A parameterized string that uses escaping to make untrusted data safe before combining it with
+ * a command or query intended for use in an interpreter.
+ * <pre>
+ * PreparedString div = new PreparedString( "&lt;a href=\"http:\\\\example.com?id=?\" onmouseover=\"alert('?')\"&gt;test&lt;/a&gt;", new HTMLEntityCodec() );
+ * div.setURL( 1, request.getParameter( "url" ), new PercentCodec() );
+ * div.set( 2, request.getParameter( "message" ), new JavaScriptCodec() );
+ * out.println( div.toString() );
+ *
+ * // escaping for SQL
+ * PreparedString query = new PreparedString( "SELECT * FROM users WHERE name='?' AND password='?'", new OracleCodec() );
+ * query.set( 1, request.getParameter( "name" ) );
+ * query.set( 2, request.getParameter( "pass" ) );
+ * stmt.execute( query.toString() );
+ * </pre>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public class PreparedString {
+    char parameterCharacter = '?';
+    Codec codec = null;
+    String[] parameters = null;
+    ArrayList parts = new ArrayList();
+    private final static char[] IMMUNE = {};
+
+    /**
+     * Create a PreparedString with the supplied template and Codec. The template should use the
+     * default parameter placeholder character (?) in the place where actual parameters are to be inserted.
+     * The supplied Codec will be used to escape characters in calls to set, unless a specific Codec is
+     * provided to override it.
+     * @param template
+     * @param codec
+     */
+    public PreparedString( String template, Codec codec ) {
+        this.codec = codec;
+        split( template, parameterCharacter );
+    }
+
+    /**
+     * Create a PreparedString with the supplied template, parameter placeholder character, and Codec. The parameter character
+     * can be any character, but should not be one that will be used in the template. The parameter character can safely
+     * be used in a parameter passed into the set methods.
+     * @param template
+     * @param parameterCharacter
+     * @param codec
+     */
+    public PreparedString( String template, char parameterCharacter, Codec codec ) {
+        this.codec = codec;
+        this.parameterCharacter = parameterCharacter;
+        split( template, parameterCharacter );
+    }
+
+    /**
+     * Split a string with a particular character.
+     * @param str
+     * @param c
+     */
+    private void split( String str, char c ) {
+        int index = 0;
+        int pcount = 0;
+        for ( int i = 0; i < str.length(); i++ ) {
+            if ( str.charAt(i) == c ) {
+                pcount++;
+                parts.add( str.substring(index,i) );
+                index = i + 1;
+            }
+        }
+        parts.add( str.substring(index) );
+        parameters = new String[pcount];
+    }
+
+    /**
+     * Set the parameter at index with supplied value using the default Codec to escape.
+     * @param index
+     * @param value
+     */
+    public void set( int index, String value ) {
+        if ( index < 1 || index > parameters.length ) {
+            throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
+        }
+        String encoded = codec.encode( IMMUNE, value );
+        parameters[index-1] = encoded;
+    }
+
+    /**
+     * Set the parameter at index with supplied value using the supplied Codec to escape.
+     * @param index
+     * @param value
+     * @param codec
+     */
+    public void set( int index, String value, Codec codec ) {
+        if ( index < 1 || index > parameters.length ) {
+            throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
+        }
+        String encoded = codec.encode( IMMUNE, value );
+        parameters[index-1] = encoded;
+    }
+
+    /**
+     * Render the PreparedString by combining the template with properly escaped parameters.
+     */
+    public String toString() {
+        for ( int ix = 0; ix < parameters.length; ix++ ) {
+            if ( parameters[ix] == null ) {
+                throw new RuntimeException( "Attempt to render PreparedString without setting parameter " + ( ix + 1 ));
+            }
+        }
+        StringBuilder sb = new StringBuilder();
+        int i = 0;
+        for ( int p=0; p < parts.size(); p++ ) {
+            sb.append( parts.get( p ) );
+            if ( i < parameters.length ) sb.append( parameters[i++] );
+        }
+        return sb.toString();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/PropNames.java b/src/main/java/org/owasp/esapi/PropNames.java
new file mode 100644
index 000000000..8aa4179a9
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/PropNames.java
@@ -0,0 +1,206 @@
+// TODO: Discuss: Should the name of this be PropConstants or PropertConstants
+//                since there are some property values included here? I don't
+//                really like that as much as PropNames, but I could live with
+//                it.
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * https://owasp.org/www-project-enterprise-security-api/.
+ *
+ * Copyright (c) 2022 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+package org.owasp.esapi;
+
+
+/**
+ * This non-constructable class of public constants defines all the property names used in {@code ESAPI.properties} as
+ * well as some of the default property values for some of those properties. This class is not intended
+ * to be extended or instantiated. Technically, an interface would have worked here, but we
+ * also wanted to be able to prevent 'implements PropNames', which really does not make much
+ * sense since no specific behavior is promised here. Another alternative would have
+ * been to place all of these in the {@code org.owasp.esapi.SecurityConfiguration} interface,
+ * but that interface is already overly bloated. Hence this was decided as a compromise.
+ * </p><p>
+ * Note that the constants herein were originally all defined within
+ * {@code org.owasp.esapi.reference.DefaultSecurityConfiguration}, but those
+ * values are now marked deprecated and they are candidates for removal 2 years
+ * from the date of this release.
+ * </p><p>
+ * Mostly this is intended to prevent having to hard-code property names all
+ * over the place in implementation-level classes (e.g.,
+ * {@code org.owasp.esapi.reference.DefaultSecurityConfiguration}).
+ * It is suggested that this file be used as a 'static import';
+ * e.g.,
+ * <pre>
+ *      import static org.owasp.esapi.PropNames.*;                      // Import all properties, en masse
+ * or
+ *      import static org.owasp.esapi.PropNames.SomeSpecificPropName;   // Import specific property name
+ * </pre>
+ * This can be extremely useful when used with methods such as
+ * {@code SecurityConfiguration.getIntProp(String propName)},
+ * {@code SecurityConfiguration.getBooleanProp(String propName)},
+ * {@code SecurityConfiguration.getStringProp(String propName)}, etc.
+ *
+ * @author Kevin W. Wall (kevin.w.wall .at. gmail.com)
+ * @since 2.4.1.0
+ * @see org.owasp.esapi.reference.DefaultSecurityConfiguration
+ */
+
+public final class PropNames {
+
+    public static final String REMEMBER_TOKEN_DURATION                                                          = "Authenticator.RememberTokenDuration";
+    public static final String IDLE_TIMEOUT_DURATION                                                            = "Authenticator.IdleTimeoutDuration";
+    public static final String ABSOLUTE_TIMEOUT_DURATION                                                        = "Authenticator.AbsoluteTimeoutDuration";
+    public static final String ALLOWED_LOGIN_ATTEMPTS                                                           = "Authenticator.AllowedLoginAttempts";
+    public static final String USERNAME_PARAMETER_NAME                                                          = "Authenticator.UsernameParameterName";
+    public static final String PASSWORD_PARAMETER_NAME                                                          = "Authenticator.PasswordParameterName";
+    public static final String MAX_OLD_PASSWORD_HASHES                                                          = "Authenticator.MaxOldPasswordHashes";
+
+    public static final String ALLOW_MULTIPLE_ENCODING                                                          = "Encoder.AllowMultipleEncoding";
+    public static final String ALLOW_MIXED_ENCODING                                                             = "Encoder.AllowMixedEncoding";
+    public static final String CANONICALIZATION_CODECS                                                          = "Encoder.DefaultCodecList";
+
+    public static final String DISABLE_INTRUSION_DETECTION                                                      = "IntrusionDetector.Disable";
+
+    public static final String MASTER_KEY                                                                       = "Encryptor.MasterKey";
+    public static final String MASTER_SALT                                                                      = "Encryptor.MasterSalt";
+    public static final String KEY_LENGTH                                                                       = "Encryptor.EncryptionKeyLength";
+    public static final String ENCRYPTION_ALGORITHM                                                             = "Encryptor.EncryptionAlgorithm";
+    public static final String HASH_ALGORITHM                                                                   = "Encryptor.HashAlgorithm";
+    public static final String HASH_ITERATIONS                                                                  = "Encryptor.HashIterations";
+    public static final String CHARACTER_ENCODING                                                               = "Encryptor.CharacterEncoding";
+    public static final String RANDOM_ALGORITHM                                                                 = "Encryptor.RandomAlgorithm";
+    public static final String DIGITAL_SIGNATURE_ALGORITHM                                                      = "Encryptor.DigitalSignatureAlgorithm";
+    public static final String DIGITAL_SIGNATURE_KEY_LENGTH                                                     = "Encryptor.DigitalSignatureKeyLength";
+    public static final String PREFERRED_JCE_PROVIDER                                                           = "Encryptor.PreferredJCEProvider";
+    public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION                                             = "Encryptor.CipherTransformation";
+    public static final String CIPHERTEXT_USE_MAC                                                               = "Encryptor.CipherText.useMAC";
+    public static final String PLAINTEXT_OVERWRITE                                                              = "Encryptor.PlainText.overwrite";
+    public static final String IV_TYPE                                                                          = "Encryptor.ChooseIVMethod";   // Will be removed in future release.
+    public static final String COMBINED_CIPHER_MODES                                                            = "Encryptor.cipher_modes.combined_modes";
+    public static final String ADDITIONAL_ALLOWED_CIPHER_MODES                                                  = "Encryptor.cipher_modes.additional_allowed";
+    public static final String KDF_PRF_ALG                                                                      = "Encryptor.KDF.PRF";
+    public static final String PRINT_PROPERTIES_WHEN_LOADED                                                     = "ESAPI.printProperties";
+    public static final String ACCEPTED_UNSAFE_METHOD_NAMES                                                     = "ESAPI.dangerouslyAllowUnsafeMethods.methodNames";
+    public static final String ACCEPTED_UNSAFE_METHODS_JUSTIFICATION                                            = "ESAPI.dangerouslyAllowUnsafeMethods.justification";
+
+    public static final String WORKING_DIRECTORY                                                                = "Executor.WorkingDirectory";
+    public static final String APPROVED_EXECUTABLES                                                             = "Executor.ApprovedExecutables";
+
+    public static final String FORCE_HTTPONLYSESSION                                                            = "HttpUtilities.ForceHttpOnlySession";
+    public static final String FORCE_SECURESESSION                                                              = "HttpUtilities.SecureSession";
+    public static final String FORCE_HTTPONLYCOOKIES                                                            = "HttpUtilities.ForceHttpOnlyCookies";
+    public static final String FORCE_SECURECOOKIES                                                              = "HttpUtilities.ForceSecureCookies";
+    public static final String MAX_HTTP_HEADER_SIZE                                                             = "HttpUtilities.MaxHeaderSize";
+    public static final String UPLOAD_DIRECTORY                                                                 = "HttpUtilities.UploadDir";
+    public static final String UPLOAD_TEMP_DIRECTORY                                                            = "HttpUtilities.UploadTempDir";
+    public static final String APPROVED_UPLOAD_EXTENSIONS                                                       = "HttpUtilities.ApprovedUploadExtensions";
+    public static final String MAX_UPLOAD_FILE_BYTES                                                            = "HttpUtilities.MaxUploadFileBytes";
+    public static final String MAX_UPLOAD_FILE_COUNT                                                            = "HttpUtilities.MaxUploadFileCount";
+    public static final String FILEUPLOAD_ALLOW_ANONYMOUS_USERS                                                 = "HttpUtilities.FileUploadAllowAnonymousUser";
+    public static final String RESPONSE_CONTENT_TYPE                                                            = "HttpUtilities.ResponseContentType";
+    public static final String HTTP_SESSION_ID_NAME                                                             = "HttpUtilities.HttpSessionIdName";
+
+    public static final String APPLICATION_NAME                                                                 = "Logger.ApplicationName";
+    public static final String LOG_USER_INFO                                                                    = "Logger.UserInfo";
+    public static final String LOG_CLIENT_INFO                                                                  = "Logger.ClientInfo";
+    public static final String LOG_ENCODING_REQUIRED                                                            = "Logger.LogEncodingRequired";
+    public static final String LOG_APPLICATION_NAME                                                             = "Logger.LogApplicationName";
+    public static final String LOG_SERVER_IP                                                                    = "Logger.LogServerIP";
+    public static final String LOG_PREFIX                                                                       = "Logger.LogPrefix";
+
+    public static final String VALIDATION_PROPERTIES                                                            = "Validator.ConfigurationFile";
+    public static final String VALIDATION_PROPERTIES_MULTIVALUED                                                = "Validator.ConfigurationFile.MultiValued";
+    public static final String ACCEPT_LENIENT_DATES                                                             = "Validator.AcceptLenientDates";
+    public static final String VALIDATOR_HTML_VALIDATION_ACTION                                                 = "Validator.HtmlValidationAction";
+    public static final String VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE                                     = "Validator.HtmlValidationConfigurationFile";
+
+    /**
+     * Special {@code java.lang.System} property that, if set to {@code true}, will
+     * disable logging from {@code DefaultSecurityConfiguration.logToStdout()}
+     * methods, which is called from various {@code logSpecial()} methods.
+     *
+     * @see org.owasp.esapi.reference.DefaultSecurityConfiguration#logToStdout(String msg, Throwable t)
+     */
+    public static final String DISCARD_LOGSPECIAL                                                               = "org.owasp.esapi.logSpecial.discard";
+
+    /*
+     * Implementation Keys for the various major ESAPI components.
+     */
+    public static final String LOG_IMPLEMENTATION                                                               = "ESAPI.Logger";
+    public static final String AUTHENTICATION_IMPLEMENTATION                                                    = "ESAPI.Authenticator";
+    public static final String ENCODER_IMPLEMENTATION                                                           = "ESAPI.Encoder";
+    public static final String ACCESS_CONTROL_IMPLEMENTATION                                                    = "ESAPI.AccessControl";
+    public static final String ENCRYPTION_IMPLEMENTATION                                                        = "ESAPI.Encryptor";
+    public static final String INTRUSION_DETECTION_IMPLEMENTATION                                               = "ESAPI.IntrusionDetector";
+    public static final String RANDOMIZER_IMPLEMENTATION                                                        = "ESAPI.Randomizer";
+    public static final String EXECUTOR_IMPLEMENTATION                                                          = "ESAPI.Executor";
+    public static final String VALIDATOR_IMPLEMENTATION                                                         = "ESAPI.Validator";
+    public static final String HTTP_UTILITIES_IMPLEMENTATION                                                    = "ESAPI.HTTPUtilities";
+
+
+    //////////////////////////////////////////////////////////////////////////////
+    //                                                                          //
+    // These are not really property names, but the shouldn't really be in an   //
+    // implementation class that we want to only deal with via the              //
+    // SecurityConfiguration interface.                                         //
+    //                                                                          //
+    //////////////////////////////////////////////////////////////////////////////
+
+
+    /*
+     * These are default implementation classes.
+     */
+    public static final String DEFAULT_LOG_IMPLEMENTATION                                                       = "org.owasp.esapi.logging.java.JavaLogFactory";
+    public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION                                            = "org.owasp.esapi.reference.FileBasedAuthenticator";
+    public static final String DEFAULT_ENCODER_IMPLEMENTATION                                                   = "org.owasp.esapi.reference.DefaultEncoder";
+    public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION                                            = "org.owasp.esapi.reference.DefaultAccessController";
+    public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION                                                = "org.owasp.esapi.reference.crypto.JavaEncryptor";
+    public static final String DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION                                       = "org.owasp.esapi.reference.DefaultIntrusionDetector";
+    public static final String DEFAULT_RANDOMIZER_IMPLEMENTATION                                                = "org.owasp.esapi.reference.DefaultRandomizer";
+    public static final String DEFAULT_EXECUTOR_IMPLEMENTATION                                                  = "org.owasp.esapi.reference.DefaultExecutor";
+    public static final String DEFAULT_HTTP_UTILITIES_IMPLEMENTATION                                            = "org.owasp.esapi.reference.DefaultHTTPUtilities";
+    public static final String DEFAULT_VALIDATOR_IMPLEMENTATION                                                 = "org.owasp.esapi.reference.DefaultValidator";
+
+    /** The name of the ESAPI property file */
+    public static final String DEFAULT_RESOURCE_FILE                                                            = "ESAPI.properties";
+
+    //
+    // Private CTOR to prevent creation of PropName objects. We wouldn't need
+    // this if this were an interface, nor would we need the explict 'public static final'.
+    //
+    private PropNames() {
+        throw new AssertionError("Thought you'd cheat using reflection or JNI, huh? :)");
+    }
+
+
+    /** Enum used with the search paths used to locate an
+     * {@code ESAPI.properties} and/or a {@code validation.properties}
+     * file.
+     */
+    public enum DefaultSearchPath {
+
+        RESOURCE_DIRECTORY("resourceDirectory/"),
+        SRC_MAIN_RESOURCES("src/main/resources/"),
+        ROOT(""),
+        DOT_ESAPI(".esapi/"),
+        ESAPI("esapi/"),
+        RESOURCES("resources/");
+
+        private final String path;
+
+        private DefaultSearchPath(String s){
+            this.path = s;
+        }
+
+        public String value(){
+            return path;
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/Randomizer.java b/src/main/java/org/owasp/esapi/Randomizer.java
index 17532c359..bef0c4a1b 100644
--- a/src/main/java/org/owasp/esapi/Randomizer.java
+++ b/src/main/java/org/owasp/esapi/Randomizer.java
@@ -1,148 +1,147 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The Randomizer interface defines a set of methods for creating
- * cryptographically random numbers and strings. Implementers should be sure to
- * use a strong cryptographic implementation, such as the JCE or BouncyCastle.
- * Weak sources of randomness can undermine a wide variety of security
- * mechanisms. The specific algorithm used is configurable in ESAPI.properties.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Randomizer {
-
-	/**
-	 * Gets a random string of a desired length and character set.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param length 
-	 * 		the length of the string
-	 * @param characterSet 
-	 * 		the set of characters to include in the created random string
-	 * 
-	 * @return 
-	 * 		the random string of the desired length and character set
-	 */
-	String getRandomString(int length, char[] characterSet);
-
-	/**
-	 * Returns a random boolean.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @return 
-	 * 		true or false, randomly
-	 */
-	boolean getRandomBoolean();
-	
-	/**
-	 * Gets the random integer. The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param min 
-	 * 		the minimum integer that will be returned
-	 * @param max 
-	 * 		the maximum integer that will be returned
-	 * 
-	 * @return 
-	 * 		the random integer
-	 */
-	int getRandomInteger(int min, int max);
-
-	
-	/**
-	 * Gets the random long. The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @return 
-	 * 		the random long
-	 */
-    public long getRandomLong();
-	
-	
-    /**
-     * Returns an unguessable random filename with the specified extension.  This method could call
-     * getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset 
-     * then merely append "." + extension.
-     * 
-     * @param extension 
-     * 		extension to add to the random filename
-     * 
-     * @return 
-     * 		a random unguessable filename ending with the specified extension
-     */
-    public String getRandomFilename( String extension );
-    
-    
-	/**
-	 * Gets the random real.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param min 
-	 * 		the minimum real number that will be returned
-	 * @param max 
-	 * 		the maximum real number that will be returned
-	 * 
-	 * @return 
-	 * 		the random real
-	 */
-	float getRandomReal(float min, float max);
-
-    /**
-     * Generates a random GUID.  This method could use a hash of random Strings, the current time,
-     * and any other random data available.  The format is a well-defined sequence of 32 hex digits 
-     * grouped into chunks of 8-4-4-4-12.
-     * <p>
-     * For more information including algorithms used to create <tt>UUID</tt>s,
-     * see the Internet-Draft <a href="http://www.ietf.org/internet-drafts/draft-mealling-uuid-urn-03.txt">UUIDs and GUIDs</a>
-     * or the standards body definition at <a href="http://www.iso.ch/cate/d2229.html">ISO/IEC 11578:1996</a>.
-     * @return 
-     * 		the GUID
-     * 
-     * @throws 
-     * 		EncryptionException if hashing or encryption fails 
-     */
-    String getRandomGUID() throws EncryptionException;
-           
-    /**
-     * Generates a specified number of random bytes.
-     * @param n	The requested number of random bytes.
-     * @return The {@code n} random bytes are returned.
-     */
-    public byte[] getRandomBytes(int n);
-           
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.EncryptionException;
+
+/**
+ * The Randomizer interface defines a set of methods for creating
+ * cryptographically random numbers and strings. Implementers should be sure to
+ * use a strong cryptographic implementation, such as the JCE or BouncyCastle.
+ * Weak sources of randomness can undermine a wide variety of security
+ * mechanisms. The specific algorithm used is configurable in ESAPI.properties.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Randomizer {
+
+    /**
+     * Gets a random string of a desired length and character set.  The use of java.security.SecureRandom
+     * is recommended because it provides a cryptographically strong pseudo-random number generator.
+     * If SecureRandom is not used, the pseudo-random number generator used should comply with the
+     * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+     * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+     *
+     * @param length
+     *         the length of the string
+     * @param characterSet
+     *         the set of characters to include in the created random string
+     *
+     * @return
+     *         the random string of the desired length and character set
+     */
+    String getRandomString(int length, char[] characterSet);
+
+    /**
+     * Returns a random boolean.  The use of java.security.SecureRandom
+     * is recommended because it provides a cryptographically strong pseudo-random number generator.
+     * If SecureRandom is not used, the pseudo-random number generator used should comply with the
+     * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+     * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+     *
+     * @return
+     *         true or false, randomly
+     */
+    boolean getRandomBoolean();
+
+    /**
+     * Gets the random integer in the range of [min, max). The use of java.security.SecureRandom
+     * is recommended because it provides a cryptographically strong pseudo-random number generator.
+     * If SecureRandom is not used, the pseudo-random number generator used should comply with the
+     * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+     * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+     *
+     * @param min
+     *         the minimum integer that will be returned, inclusive
+     * @param max
+     *         the maximum integer that will be returned, exclusive
+     *
+     * @return
+     *         the random integer
+     */
+    int getRandomInteger(int min, int max);
+
+
+    /**
+     * Gets the random long. The use of java.security.SecureRandom
+     * is recommended because it provides a cryptographically strong pseudo-random number generator.
+     * If SecureRandom is not used, the pseudo-random number generator used should comply with the
+     * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+     * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+     *
+     * @return
+     *         the random long
+     */
+    long getRandomLong();
+
+
+    /**
+     * Returns an unguessable random filename with the specified extension.  This method could call
+     * getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset
+     * then merely append "." + extension.
+     *
+     * @param extension
+     *         extension to add to the random filename
+     *
+     * @return
+     *         a random unguessable filename ending with the specified extension
+     */
+    String getRandomFilename( String extension );
+
+
+    /**
+     * Gets the random real in the range of [min, max].  The use of java.security.SecureRandom
+     * is recommended because it provides a cryptographically strong pseudo-random number generator.
+     * If SecureRandom is not used, the pseudo-random number generator used should comply with the
+     * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+     * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+     *
+     * @param min
+     *         the minimum real number that will be returned, inclusive
+     * @param max
+     *         the maximum real number that will be returned, inclusive
+     *
+     * @return
+     *         the random real
+     */
+    float getRandomReal(float min, float max);
+
+    /**
+     * Generates a random GUID.  This method could use a hash of random Strings, the current time,
+     * and any other random data available.  The format is a well-defined sequence of 32 hex digits
+     * grouped into chunks of 8-4-4-4-12.
+     * <p>
+     * For more information including algorithms used to create <tt>UUID</tt>s,
+     * see the Internet-Draft <a href="http://www.ietf.org/internet-drafts/draft-mealling-uuid-urn-03.txt">UUIDs and GUIDs</a>
+     * or the standards body definition at <a href="http://www.iso.ch/cate/d2229.html">ISO/IEC 11578:1996</a>.
+     * @return
+     *         the GUID
+     *
+     * @throws
+     *         EncryptionException if hashing or encryption fails
+     */
+    String getRandomGUID() throws EncryptionException;
+
+    /**
+     * Generates a specified number of random bytes.
+     * @param n    The requested number of random bytes.
+     * @return The {@code n} random bytes are returned.
+     */
+    byte[] getRandomBytes(int n);
+
+}
diff --git a/src/main/java/org/owasp/esapi/SafeFile.java b/src/main/java/org/owasp/esapi/SafeFile.java
index 73643c0b7..e048e9419 100644
--- a/src/main/java/org/owasp/esapi/SafeFile.java
+++ b/src/main/java/org/owasp/esapi/SafeFile.java
@@ -1,107 +1,107 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2008 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2008
- */
-package org.owasp.esapi;
-
-import java.io.File;
-import java.net.URI;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * Extension to java.io.File to prevent against null byte injections and
- * other unforeseen problems resulting from unprintable characters
- * causing problems in path lookups. This does _not_ prevent against
- * directory traversal attacks.
- */
-public class SafeFile extends File {
-
-	private static final long serialVersionUID = 1L;
-	private static final Pattern PERCENTS_PAT = Pattern.compile("(%)([0-9a-fA-F])([0-9a-fA-F])");	
-	private static final Pattern FILE_BLACKLIST_PAT = Pattern.compile("([\\\\/:*?<>|])");	
-	private static final Pattern DIR_BLACKLIST_PAT = Pattern.compile("([*?<>|])");
-
-	public SafeFile(String path) throws ValidationException {
-		super(path);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	public SafeFile(String parent, String child) throws ValidationException {
-		super(parent, child);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	public SafeFile(File parent, String child) throws ValidationException {
-		super(parent, child);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	public SafeFile(URI uri) throws ValidationException {
-		super(uri);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	
-	private void doDirCheck(String path) throws ValidationException {
-		Matcher m1 = DIR_BLACKLIST_PAT.matcher( path );
-		if ( m1.find() ) {
-			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
-		}
-
-		Matcher m2 = PERCENTS_PAT.matcher( path );
-		if ( m2.find() ) {
-			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains encoded characters: " + m2.group() );
-		}
-		
-		int ch = containsUnprintableCharacters(path);
-		if (ch != -1) {
-			throw new ValidationException("Invalid directory", "Directory path (" + path + ") contains unprintable character: " + ch);
-		}
-	}
-	
-	private void doFileCheck(String path) throws ValidationException {
-		Matcher m1 = FILE_BLACKLIST_PAT.matcher( path );
-		if ( m1.find() ) {
-			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
-		}
-
-		Matcher m2 = PERCENTS_PAT.matcher( path );
-		if ( m2.find() ) {
-			throw new ValidationException( "Invalid file", "File path (" + path + ") contains encoded characters: " + m2.group() );
-		}
-		
-		int ch = containsUnprintableCharacters(path);
-		if (ch != -1) {
-			throw new ValidationException("Invalid file", "File path (" + path + ") contains unprintable character: " + ch);
-		}
-	}
-
-	private int containsUnprintableCharacters(String s) {
-		for (int i = 0; i < s.length(); i++) {
-			char ch = s.charAt(i);
-			if (((int) ch) < 32 || ((int) ch) > 126) {
-				return (int) ch;
-			}
-		}
-		return -1;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2008
+ */
+package org.owasp.esapi;
+
+import java.io.File;
+import java.net.URI;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * Extension to java.io.File to prevent against null byte injections and
+ * other unforeseen problems resulting from unprintable characters
+ * causing problems in path lookups. This does _not_ prevent against
+ * directory traversal attacks.
+ */
+public class SafeFile extends File {
+
+    private static final long serialVersionUID = 1L;
+    private static final Pattern PERCENTS_PAT = Pattern.compile("(%)([0-9a-fA-F])([0-9a-fA-F])");
+    private static final Pattern FILE_BLACKLIST_PAT = Pattern.compile("([\\\\/:*?<>|^])");
+    private static final Pattern DIR_BLACKLIST_PAT = Pattern.compile("([*?<>|^])");
+
+    public SafeFile(String path) throws ValidationException {
+        super(path);
+        doDirCheck(this.getParent());
+        doFileCheck(this.getName());
+    }
+
+    public SafeFile(String parent, String child) throws ValidationException {
+        super(parent, child);
+        doDirCheck(this.getParent());
+        doFileCheck(this.getName());
+    }
+
+    public SafeFile(File parent, String child) throws ValidationException {
+        super(parent, child);
+        doDirCheck(this.getParent());
+        doFileCheck(this.getName());
+    }
+
+    public SafeFile(URI uri) throws ValidationException {
+        super(uri);
+        doDirCheck(this.getParent());
+        doFileCheck(this.getName());
+    }
+
+
+    private void doDirCheck(String path) throws ValidationException {
+        Matcher m1 = DIR_BLACKLIST_PAT.matcher( path );
+        if ( null != m1 && m1.find() ) {
+            throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
+        }
+
+        Matcher m2 = PERCENTS_PAT.matcher( path );
+        if (null != m2 &&  m2.find() ) {
+            throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains encoded characters: " + m2.group() );
+        }
+
+        int ch = containsUnprintableCharacters(path);
+        if (ch != -1) {
+            throw new ValidationException("Invalid directory", "Directory path (" + path + ") contains unprintable character: " + ch);
+        }
+    }
+
+    private void doFileCheck(String path) throws ValidationException {
+        Matcher m1 = FILE_BLACKLIST_PAT.matcher( path );
+        if ( m1.find() ) {
+            throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
+        }
+
+        Matcher m2 = PERCENTS_PAT.matcher( path );
+        if ( m2.find() ) {
+            throw new ValidationException( "Invalid file", "File path (" + path + ") contains encoded characters: " + m2.group() );
+        }
+
+        int ch = containsUnprintableCharacters(path);
+        if (ch != -1) {
+            throw new ValidationException("Invalid file", "File path (" + path + ") contains unprintable character: " + ch);
+        }
+    }
+
+    private int containsUnprintableCharacters(String s) {
+        for (int i = 0; i < s.length(); i++) {
+            char ch = s.charAt(i);
+            if (((int) ch) < 32 || ((int) ch) > 126) {
+                return (int) ch;
+            }
+        }
+        return -1;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 9c54acb9c..e0b529b49 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -1,682 +1,767 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-import java.util.regex.Pattern;
-
-/**
- * The {@code SecurityConfiguration} interface stores all configuration information
- * that directs the behavior of the ESAPI implementation.
- * <br><br>
- * Protection of this configuration information is critical to the secure
- * operation of the application using the ESAPI. You should use operating system
- * access controls to limit access to wherever the configuration information is
- * stored.
- * <br><br>
- * Please note that adding another layer of encryption does not make the
- * attackers job much more difficult. Somewhere there must be a master "secret"
- * that is stored unencrypted on the application platform (unless you are
- * willing to prompt for some passphrase when you application starts or insert
- * a USB thumb drive or an HSM card, etc., in which case this master "secret"
- * it would only be in memory). Creating another layer of indirection provides
- * additional obfuscation, but doesn't provide any real additional security.
- * It's up to the reference implementation to decide whether this file should
- * be encrypted or not.
- * <br><br>
- * The ESAPI reference implementation (DefaultSecurityConfiguration.java) does
- * <i>not</i> encrypt its properties file.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface SecurityConfiguration {
-
-	/**
-	 * Gets the application name, used for logging
-	 * 
-	 * @return the name of the current application
-	 */
-	public String getApplicationName();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Logging implementation.
-	 */
-	public String getLogImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Authentication implementation.
-	 */
-	public String getAuthenticationImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Encoder implementation.
-	 */
-	public String getEncoderImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Access Control implementation.
-	 */
-	public String getAccessControlImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
-	 */
-	public String getIntrusionDetectionImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Randomizer implementation.
-	 */
-	public String getRandomizerImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Encryption implementation.
-	 */
-	public String getEncryptionImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Validation implementation.
-	 */
-	public String getValidationImplementation();
-	
-	/**
-	 * Returns the validation pattern for a particular type
-	 * @param typeName
-	 * @return the validation pattern
-	 */
-    public Pattern getValidationPattern( String typeName );
-    
-    /**
-     * Determines whether ESAPI will accept "lenient" dates when attempt
-     * to parse dates. Controlled by ESAPI property
-     * {@code Validator.AcceptLenientDates}, which defaults to {@code false}
-     * if unset.
-     * 
-     * @return True if lenient dates are accepted; false otherwise.
-     * @see java.text.DateFormat#setLenient(boolean)
-     */
-    public boolean getLenientDatesAccepted();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI OS Execution implementation.
-	 */
-	public String getExecutorImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
-	 */
-	public String getHTTPUtilitiesImplementation();
-	
-	/**
-	 * Gets the master key. This password is used to encrypt/decrypt other files or types
-	 * of data that need to be protected by your application.
-	 * 
-	 * @return the current master key
-	 */
-	public byte[] getMasterKey();
-
-	/**
-     * Retrieves the upload directory as specified in the ESAPI.properties file.
-     * @return the upload directory
-     */
-    public File getUploadDirectory();
-	
-    /**
-     * Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
-     * @return the temp directory
-     */
-    public File getUploadTempDirectory();
-
-	/**
-	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
-	 * 
-	 * @return the key length.
-	 */
-    public int getEncryptionKeyLength();
-    
-	/**
-	 * Gets the master salt that is used to salt stored password hashes and any other location 
-	 * where a salt is needed.
-	 * 
-	 * @return the current master salt
-	 */
-	public byte[] getMasterSalt();
-
-	/**
-	 * Gets the allowed executables to run with the Executor.
-	 * 
-	 * @return a list of the current allowed file extensions
-	 */
-	public List<String> getAllowedExecutables();
-
-	/**
-	 * Gets the allowed file extensions for files that are uploaded to this application.
-	 * 
-	 * @return a list of the current allowed file extensions
-	 */
-	public List<String> getAllowedFileExtensions();
-
-	/**
-	 * Gets the maximum allowed file upload size.
-	 * 
-	 * @return the current allowed file upload size
-	 */
-	public int getAllowedFileUploadSize();
-
-	/**
-	 * Gets the name of the password parameter used during user authentication.
-	 * 
-	 * @return the name of the password parameter
-	 */
-	public String getPasswordParameterName();
-
-	/**
-	 * Gets the name of the username parameter used during user authentication.
-	 * 
-	 * @return the name of the username parameter
-	 */
-	public String getUsernameParameterName();
-
-	/**
-	 * Gets the encryption algorithm used by ESAPI to protect data. This is
-	 * mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to
-	 * use "cipher transformation" since it supports multiple cipher modes
-	 * and padding schemes.
-	 * 
-	 * @return the current encryption algorithm
-	 */
-	public String getEncryptionAlgorithm();
-
-	/**
-	 * Retrieve the <i>cipher transformation</i>. In general, the cipher transformation
-	 * is a specification of cipher algorithm, cipher mode, and padding scheme
-	 * and in general, is a {@code String} that takes the following form:
-	 * <pre>
-	 * 		<i>cipher_alg</i>/<i>cipher_mode[bits]</i>/<i>padding_scheme</i>
-	 * </pre>
-	 * where <i>cipher_alg</i> is the JCE cipher algorithm (e.g., "DESede"),
-	 * <i>cipher_mode</i> is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.),
-	 * and <i>padding_scheme</i> is the cipher padding scheme (e.g., "NONE" for
-	 * no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where
-	 * <i>[bits]</i> is an optional bit size that applies to certain cipher
-	 * modes such as {@code CFB} and {@code OFB}. Using modes such as CFB and
-	 * OFB, block ciphers can encrypt data in units smaller than the cipher's
-	 * actual block size. When requesting such a mode, you may optionally
-	 * specify the number of bits to be processed at a time. This generally must
-	 * be an integral multiple of 8-bits so that it can specify a whole number
-	 * of octets. 
-	 * </p><p>
-	 * Examples are:
-	 * <pre>
-	 * 		"AES/ECB/NoPadding"		// Default for ESAPI Java 1.4 (insecure)
-	 * 		"AES/CBC/PKCS5Padding"	// Default for ESAPI Java 2.0
-	 * 		"DESede/OFB32/PKCS5Padding"
-	 * </pre>
-	 * <b>NOTE:</b> Occasionally, in cryptographic literature, you may also
-	 * see the key size (in bits) specified after the cipher algorithm in the
-	 * cipher transformation. Generally, this is done to account for cipher
-	 * algorithms that have variable key sizes. The Blowfish cipher for example
-	 * supports key sizes from 32 to 448 bits. So for Blowfish, you might see
-	 * a cipher transformation something like this:
-	 * <pre>
-	 * 		"Blowfish-192/CFB8/PKCS5Padding"
-	 * </pre>
-	 * in the cryptographic literature. It should be noted that the Java
-	 * Cryptography Extensions (JCE) do not generally support this (at least
-	 * not the reference JCE implementation of "SunJCE"), and therefore it
-	 * should be avoided.
-	 * @return	The cipher transformation.
-	 */
-    public String getCipherTransformation();
-    
-    /**
-     * Set the cipher transformation. This allows a different cipher transformation
-     * to be used without changing the {@code ESAPI.properties} file. For instance
-     * you may normally want to use AES/CBC/PKCS5Padding, but have some legacy
-     * encryption where you have ciphertext that was encrypted using 3DES.
-     * 
-     * @param cipherXform	The new cipher transformation. See
-     * 						{@link #getCipherTransformation} for format. If
-     * 						{@code null} is passed as the parameter, the cipher
-     * 						transformation will be set to the the default taken
-     * 						from the property {@code Encryptor.CipherTransformation}
-     * 						in the {@code ESAPI.properties} file. <b>BEWARE:</b>
-     * 						there is <b>NO</b> sanity checking here (other than
-     * 						the empty string, and then, only if Java assertions are
-     * 						enabled), so if you set this wrong, you will not get
-     * 						any errors until you later try to use it to encrypt
-     * 						or decrypt data.
-     * @return	The previous cipher transformation is returned for convenience,
-     * 			with the assumption that you may wish to restore it once you have
-     * 			completed the encryption / decryption with the new cipher
-     * 			transformation.
-     * @deprecated To be replaced by new class in ESAPI 2.1, but here if you need it
-     *          until then. Details of replacement forthcoming to ESAPI-Dev list.
-     */
-    @Deprecated
-    public String setCipherTransformation(String cipherXform);
-
-    /**
-     * Retrieve the <i>preferred</i> JCE provider for ESAPI and your application.
-     * ESAPI 2.0 now allows setting the property
-     * {@code Encryptor.PreferredJCEProvider} in the
-     * {@code ESAPI.properties} file, which will cause the specified JCE
-     * provider to be automatically and dynamically loaded (assuming that
-     * {@code SecurityManager} permissions allow) as the Ii>preferred</i>
-     * JCE provider. (Note this only happens if the JCE provider is not already
-     * loaded.) This method returns the property {@code Encryptor.PreferredJCEProvider}.
-     * </p<p>
-     * By default, this {@code Encryptor.PreferredJCEProvider} property is set
-     * to an empty string, which means that the preferred JCE provider is not
-     * changed.
-     * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
-     * @see org.owasp.esapi.crypto.SecurityProviderLoader
-     */
-    public String getPreferredJCEProvider();
-    
-// TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
-//				   Think it makes more sense as part of the release notes, but OTOH, I
-//				   really don't want to rewrite this as a Wiki page either.
-    /**
-     * Determines whether the {@code CipherText} should be used with a Message
-     * Authentication Code (MAC). Generally this makes for a more robust cryptographic
-     * scheme, but there are some minor performance implications. Controlled by
-     * the ESAPI property <i>Encryptor.CipherText.useMAC</i>.
-     * </p><p>
-     * For further details, see the "Advanced Usage" section of
-     * <a href="http://www.owasp.org/ESAPI_2.0_ReleaseNotes_CryptoChanges.html">
-     * "Why Is OWASP Changing ESAPI Encryption?"</a>.
-     * </p>
-     * @return	{@code true} if a you want a MAC to be used, otherwise {@code false}.
-     */
-    public boolean useMACforCipherText();
-
-    /**
-     * Indicates whether the {@code PlainText} objects may be overwritten after
-     * they have been encrypted. Generally this is a good idea, especially if
-     * your VM is shared by multiple applications (e.g., multiple applications
-     * running in the same J2EE container) or if there is a possibility that
-     * your VM may leave a core dump (say because it is running non-native
-     * Java code.
-     * <p>
-     * Controlled by the property {@code Encryptor.PlainText.overwrite} in
-     * the {@code ESAPI.properties} file.
-     * </p>
-     * @return	True if it is OK to overwrite the {@code PlainText} objects
-     *			after encrypting, false otherwise.
-     */
-    public boolean overwritePlainText();
-    
-    /**
-     * Get a string indicating how to compute an Initialization Vector (IV).
-     * Currently supported modes are "random" to generate a random IV or
-     * "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the
-     * the value of this fixed IV must be specified as the property
-     * {@code Encryptor.fixedIV} and be of the appropriate length.
-     * 
-     * @return A string specifying the IV type. Should be "random" or "fixed".
-     * 
-     * @see #getFixedIV()
-     */
-    public String getIVType();
-    
-    /**
-     * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
-     * this will return the IV value as a hex-encoded string.
-     * @return The fixed IV as a hex-encoded string.
-     */
-    public String getFixedIV();
-    
-    /**
-     * Return a {@code List} of strings of combined cipher modes that support
-     * <b>both</b> confidentiality and authenticity. These would be preferred
-     * cipher modes to use if your JCE provider supports them. If such a
-     * cipher mode is used, no explicit <i>separate</i> MAC is calculated as part of
-     * the {@code CipherText} object upon encryption nor is any attempt made
-     * to verify the same on decryption.
-     * </p><p>
-     * The list is taken from the comma-separated list of cipher modes specified
-     * by the ESAPI property
-     * {@code Encryptor.cipher_modes.combined_modes}.
-     * 
-     * @return The parsed list of comma-separated cipher modes if the property
-     * was specified in {@code ESAPI.properties}; otherwise the empty list is
-     * returned.
-     */
-    public List<String> getCombinedCipherModes();
-
-    /**
-     * Return {@code List} of strings of additional cipher modes that are
-     * permitted (i.e., in <i>addition<i> to those returned by
-     * {@link #getPreferredCipherModes()}) to be used for encryption and
-     * decryption operations.
-     * </p><p>
-     * The list is taken from the comma-separated list of cipher modes specified
-     * by the ESAPI property
-     * {@code Encryptor.cipher_modes.additional_allowed}.
-     * 
-     * @return The parsed list of comma-separated cipher modes if the property
-     * was specified in {@code ESAPI.properties}; otherwise the empty list is
-     * returned.
-     *
-     * @see #getPreferredCipherModes() 
-     */
-    public List<String> getAdditionalAllowedCipherModes();
-
-	/**
-	 * Gets the hashing algorithm used by ESAPI to hash data.
-	 * 
-	 * @return the current hashing algorithm
-	 */
-	public String getHashAlgorithm();
-
-	/**
-	 * Gets the hash iterations used by ESAPI to hash data.
-	 * 
-	 * @return the current hashing algorithm
-	 */
-	public int getHashIterations();
-
-	/**
-	 * Retrieve the Pseudo Random Function (PRF) used by the ESAPI
-	 * Key Derivation Function (KDF).
-	 * 
-	 * @return	The KDF PRF algorithm name.
-	 */
-	public String getKDFPseudoRandomFunction();
-	
-	/**
-	 * Gets the character encoding scheme supported by this application. This is used to set the
-	 * character encoding scheme on requests and responses when setCharacterEncoding() is called
-	 * on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs 
-	 * and any other place where the current encoding scheme needs to be known.
-	 * <br><br>
-	 * Note: This does not get the configured response content type. That is accessed by calling 
-	 * getResponseContentType().
-	 * 
-	 * @return the current character encoding scheme
-	 */
-	public String getCharacterEncoding();
-
-	/**
-	 * Return true if multiple encoding is allowed
-	 *
-	 * @return whether multiple encoding is allowed when canonicalizing data
-	 */
-	public boolean getAllowMultipleEncoding();
-
-	/**
-	 * Return true if mixed encoding is allowed
-	 *
-	 * @return whether mixed encoding is allowed when canonicalizing data
-	 */
-	public boolean getAllowMixedEncoding();
-
-	/**
-	 * Returns the List of Codecs to use when canonicalizing data
-	 * 
-	 * @return the codec list
-	 */
-	public List<String> getDefaultCanonicalizationCodecs();
-
-	/**
-	 * Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
-	 * 
-	 * @return the current digital signature algorithm
-	 */
-	public String getDigitalSignatureAlgorithm();
-
-	/**
-	 * Gets the digital signature key length used by ESAPI to generate and verify signatures.
-	 * 
-	 * @return the current digital signature key length
-	 */
-	public int getDigitalSignatureKeyLength();
-		   
-	/**
-	 * Gets the random number generation algorithm used to generate random numbers where needed.
-	 * 
-	 * @return the current random number generation algorithm
-	 */
-	public String getRandomAlgorithm();
-
-	/**
-	 * Gets the number of login attempts allowed before the user's account is locked. If this 
-	 * many failures are detected within the alloted time period, the user's account will be locked.
-	 * 
-	 * @return the number of failed login attempts that cause an account to be locked
-	 */
-	public int getAllowedLoginAttempts();
-
-	/**
-	 * Gets the maximum number of old password hashes that should be retained. These hashes can 
-	 * be used to ensure that the user doesn't reuse the specified number of previous passwords
-	 * when they change their password.
-	 * 
-	 * @return the number of old hashed passwords to retain
-	 */
-	public int getMaxOldPasswordHashes();
-
-	/**
-	 * Allows for complete disabling of all intrusion detection mechanisms
-	 * 
-	 * @return true if intrusion detection should be disabled
-	 */
-	public boolean getDisableIntrusionDetection();
-	
-	/**
-	 * Gets the intrusion detection quota for the specified event.
-	 * 
-	 * @param eventName the name of the event whose quota is desired
-	 * 
-	 * @return the Quota that has been configured for the specified type of event
-	 */
-	public Threshold getQuota(String eventName);
-
-	/**
-	 * Gets a file from the resource directory
-     *
-     * @param filename The file name resource.
-     * @return A {@code File} object representing the specified file name or null if not found.
-     */
-    public File getResourceFile( String filename );
-    
-	/**
-	 * Forces new cookies to have HttpOnly flag set.
-     */
-    public boolean getForceHttpOnlySession() ;
-
-	/**
-	 * Forces session cookies to have Secure flag set.
-     */
-    public boolean getForceSecureSession() ;
-
-	/**
-	 * Forces new cookies to have HttpOnly flag set.
-     */
-    public boolean getForceHttpOnlyCookies() ;
-
-	/**
-	 * Forces new cookies to have Secure flag set.
-     */
-    public boolean getForceSecureCookies() ;
-
-	/**
-	 * Returns the maximum allowable HTTP header size.
-	 */
-	public int getMaxHttpHeaderSize() ;
-
-	/**
-	 * Gets an InputStream to a file in the resource directory
-     *
-     * @param filename A file name in the resource directory.
-     * @return An {@code InputStream} to the specified file name in the resource directory.
-     * @throws IOException If the specified file name cannot be found or opened for reading.
-     */
-    public InputStream getResourceStream( String filename ) throws IOException;
-
-    	
-	/**
-	 * Sets the ESAPI resource directory.
-	 * 
-	 * @param dir The location of the resource directory.
-	 */
-	public void setResourceDirectory(String dir);
-	
-	/**
-	 * Gets the content type for responses used when setSafeContentType() is called.
-	 * <br><br>
-	 * Note: This does not get the configured character encoding scheme. That is accessed by calling 
-	 * getCharacterEncoding().
-	 * 
-	 * @return The current content-type set for responses.
-	 */
-	public String getResponseContentType();
-
-	/**
-	 * This method returns the configured name of the session identifier, 
-	 * likely "JSESSIONID" though this can be overridden.
-	 * 
-	 * @return The name of the session identifier, like "JSESSIONID"
-	 */
-	public String getHttpSessionIdName();
-	
-	/**
-	 * Gets the length of the time to live window for remember me tokens (in milliseconds).
-	 * 
-	 * @return The time to live length for generated remember me tokens.
-	 */
-	public long getRememberTokenDuration();
-
-	
-	/**
-	 * Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session
-	 * can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate
-	 * function that enables a session to continue after reauthentication.
-	 * 
-	 * @return The session idle timeout length.
-	 */
-	public int getSessionIdleTimeoutLength();
-	
-	/**
-	 * Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session
-	 * can live before it expires regardless of the amount of user activity. Applications or frameworks could 
-	 * provide a reauthenticate function that enables a session to continue after reauthentication.
-	 * 
-	 * @return The session absolute timeout length.
-	 */
-	public int getSessionAbsoluteTimeoutLength();
-	
-	
-	/**
-	 * Returns whether HTML entity encoding should be applied to log entries.
-	 * 
-	 * @return True if log entries are to be HTML Entity encoded. False otherwise.
-	 */
-	public boolean getLogEncodingRequired();
-	
-	/**
-	 * Returns whether ESAPI should log the application name. This might be clutter in some
-	 * single-server/single-app environments.
-	 * 
-	 * @return True if ESAPI should log the application name, False otherwise
-	 */
-	public boolean getLogApplicationName();
-
-	/**
-	 * Returns whether ESAPI should log the server IP. This might be clutter in some
-	 * single-server environments.
-	 * 
-	 * @return True if ESAPI should log the server IP and port, False otherwise
-	 */
-	public boolean getLogServerIP();
-
-	/**
-	 * Returns the current log level.
-	 * @return	An integer representing the current log level.
-	 */
-    public int getLogLevel();
-	
-    /**
-     * Get the name of the log file specified in the ESAPI configuration properties file. Return a default value 
-     * if it is not specified.
-     * 
-     * @return the log file name defined in the properties file.
-     */
-    public String getLogFileName();
-
-    /**
-     * Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value 
-     * if it is not specified. Once the log hits this file size, it will roll over into a new log.
-     * 
-     * @return the maximum size of a single log file (in bytes).
-     */
-    public int getMaxLogFileSize();
-
-	/**
-	 * Models a simple threshold as a count and an interval, along with a set of actions to take if 
-	 * the threshold is exceeded. These thresholds are used to define when the accumulation of a particular event
-	 * has met a set number within the specified time period. Once a threshold value has been met, various
-	 * actions can be taken at that point.
-	 */
-	public static class Threshold {
-		
-		/** The name of this threshold. */
-		public String name = null;
-		
-		/** The count at which this threshold is triggered. */
-		public int count = 0;
-		
-		/** 
-		 * The time frame within which 'count' number of actions has to be detected in order to
-		 * trigger this threshold.
-		 */
-		public long interval = 0;
-		
-		/**
-		 * The list of actions to take if the threshold is met. It is expected that this is a list of Strings, but 
-		 * your implementation could have this be a list of any type of 'actions' you wish to define. 
-		 */
-		public List<String> actions = null;
-
-		/**
-		 * Constructs a threshold that is composed of its name, its threshold count, the time window for
-		 * the threshold, and the actions to take if the threshold is triggered.
-		 * 
-		 * @param name The name of this threshold.
-		 * @param count The count at which this threshold is triggered.
-		 * @param interval The time frame within which 'count' number of actions has to be detected in order to
-		 * trigger this threshold.
-		 * @param actions The list of actions to take if the threshold is met.
-		 */
-		public Threshold(String name, int count, long interval, List<String> actions) {
-			this.name = name;
-			this.count = count;
-			this.interval = interval;
-			this.actions = actions;
-		}
-	}
-
-	/**
-	 * Returns the default working directory for executing native processes with Runtime.exec().
-	 */
-	public File getWorkingDirectory();
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.configuration.EsapiPropertyLoader;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.regex.Pattern;
+
+/**
+ * The {@code SecurityConfiguration} interface stores all configuration information
+ * that directs the behavior of the ESAPI implementation.
+ * <br><br>
+ * Protection of this configuration information is critical to the secure
+ * operation of the application using the ESAPI. You should use operating system
+ * access controls to limit access to wherever the configuration information is
+ * stored.
+ * <br><br>
+ * Please note that adding another layer of encryption does not make the
+ * attackers job much more difficult. Somewhere there must be a master "secret"
+ * that is stored unencrypted on the application platform (unless you are
+ * willing to prompt for some passphrase when you application starts or insert
+ * a USB thumb drive or an HSM card, etc., in which case this master "secret"
+ * it would only be in memory). Creating another layer of indirection provides
+ * additional obfuscation, but doesn't provide any real additional security.
+ * It's up to the reference implementation to decide whether this file should
+ * be encrypted or not.
+ * <br><br>
+ * The ESAPI reference implementation (DefaultSecurityConfiguration.java) does
+ * <i>not</i> encrypt its properties file.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface SecurityConfiguration extends EsapiPropertyLoader {
+
+    /**
+     * Gets the application name, used for logging
+     *
+     * @return the name of the current application
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getApplicationName();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Logging implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getLogImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Authentication implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getAuthenticationImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Encoder implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getEncoderImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Access Control implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getAccessControlImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getIntrusionDetectionImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Randomizer implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getRandomizerImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Encryption implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getEncryptionImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI Validation implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getValidationImplementation();
+
+    /**
+     * Returns the validation pattern for a particular type
+     * @param typeName
+     * @return the validation pattern
+     */
+    Pattern getValidationPattern( String typeName );
+
+    /**
+     * Determines whether ESAPI will accept "lenient" dates when attempt
+     * to parse dates. Controlled by ESAPI property
+     * {@code Validator.AcceptLenientDates}, which defaults to {@code false}
+     * if unset.
+     *
+     * @return True if lenient dates are accepted; false otherwise.
+     * @see java.text.DateFormat#setLenient(boolean)
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getLenientDatesAccepted();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI OS Execution implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getExecutorImplementation();
+
+    /**
+     * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getHTTPUtilitiesImplementation();
+
+    /**
+     * Gets the master key. This password is used to encrypt/decrypt other files or types
+     * of data that need to be protected by your application.
+     *
+     * @return the current master key
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    byte[] getMasterKey();
+
+    /**
+     * Retrieves the upload directory as specified in the ESAPI.properties file.
+     * @return the upload directory
+     */
+    File getUploadDirectory();
+
+    /**
+     * Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
+     * @return the temp directory
+     */
+    File getUploadTempDirectory();
+
+    /**
+     * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
+     * Note that this corresponds to the ESAPI property <b>Encryptor.EncryptionKeyLength</b> which is
+     * considered the <i>default</i> key size that ESAPI will use for symmetric
+     * ciphers supporting multiple key sizes. (Note that there is also an <b>Encryptor.MinEncryptionKeyLength</b>,
+     * which is the <i>minimum</i> key size (in bits) that ESAPI will support
+     * for encryption. (There is no minimum for decryption.)
+     *
+     * @return the key length (in bits)
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getEncryptionKeyLength();
+
+    /**
+     * Gets the master salt that is used to salt stored password hashes and any other location
+     * where a salt is needed.
+     *
+     * @return the current master salt
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    byte[] getMasterSalt();
+
+    /**
+     * Gets the allowed executables to run with the Executor.
+     *
+     * @return a list of the current allowed file extensions
+     */
+    List<String> getAllowedExecutables();
+
+    /**
+     * Gets the allowed file extensions for files that are uploaded to this application.
+     *
+     * @return a list of the current allowed file extensions
+     */
+    List<String> getAllowedFileExtensions();
+
+    /**
+     * Gets the maximum allowed file upload size.
+     *
+     * @return the current allowed file upload size
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getAllowedFileUploadSize();
+
+    /**
+     * Gets the name of the password parameter used during user authentication.
+     *
+     * @return the name of the password parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getPasswordParameterName();
+
+    /**
+     * Gets the name of the username parameter used during user authentication.
+     *
+     * @return the name of the username parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getUsernameParameterName();
+
+    /**
+     * Gets the encryption algorithm used by ESAPI to protect data. This is
+     * mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to
+     * use "cipher transformation" since it supports multiple cipher modes
+     * and padding schemes.
+     *
+     * @return the current encryption algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getEncryptionAlgorithm();
+
+    /**
+     * Retrieve the <i>cipher transformation</i>. In general, the cipher transformation
+     * is a specification of cipher algorithm, cipher mode, and padding scheme
+     * and in general, is a {@code String} that takes the following form:
+     * <pre>
+     *         <i>cipher_alg</i>/<i>cipher_mode[bits]</i>/<i>padding_scheme</i>
+     * </pre>
+     * where <i>cipher_alg</i> is the JCE cipher algorithm (e.g., "DESede"),
+     * <i>cipher_mode</i> is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.),
+     * and <i>padding_scheme</i> is the cipher padding scheme (e.g., "NONE" for
+     * no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where
+     * <i>[bits]</i> is an optional bit size that applies to certain cipher
+     * modes such as {@code CFB} and {@code OFB}. Using modes such as CFB and
+     * OFB, block ciphers can encrypt data in units smaller than the cipher's
+     * actual block size. When requesting such a mode, you may optionally
+     * specify the number of bits to be processed at a time. This generally must
+     * be an integral multiple of 8-bits so that it can specify a whole number
+     * of octets.
+     * </p><p>
+     * Examples are:
+     * <pre>
+     *         "AES/ECB/NoPadding"        // Default for ESAPI Java 1.4 (insecure)
+     *         "AES/CBC/PKCS5Padding"    // Default for ESAPI Java 2.0
+     *         "DESede/OFB32/PKCS5Padding"
+     * </pre>
+     * <b>NOTE:</b> Occasionally, in cryptographic literature, you may also
+     * see the key size (in bits) specified after the cipher algorithm in the
+     * cipher transformation. Generally, this is done to account for cipher
+     * algorithms that have variable key sizes. The Blowfish cipher for example
+     * supports key sizes from 32 to 448 bits. So for Blowfish, you might see
+     * a cipher transformation something like this:
+     * <pre>
+     *         "Blowfish-192/CFB8/PKCS5Padding"
+     * </pre>
+     * in the cryptographic literature. It should be noted that the Java
+     * Cryptography Extensions (JCE) do not generally support this (at least
+     * not the reference JCE implementation of "SunJCE"), and therefore it
+     * should be avoided.
+     * @return    The cipher transformation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getCipherTransformation();
+
+    /**
+     * Set the cipher transformation. This allows a different cipher transformation
+     * to be used without changing the {@code ESAPI.properties} file. For instance
+     * you may normally want to use AES/CBC/PKCS5Padding, but have some legacy
+     * encryption where you have ciphertext that was encrypted using 3DES.
+     *
+     * @param cipherXform    The new cipher transformation. See
+     *                         {@link #getCipherTransformation} for format. If
+     *                         {@code null} is passed as the parameter, the cipher
+     *                         transformation will be set to the the default taken
+     *                         from the property {@code Encryptor.CipherTransformation}
+     *                         in the {@code ESAPI.properties} file. <b>BEWARE:</b>
+     *                         there is <b>NO</b> sanity checking here (other than
+     *                         the empty string, and then, only if Java assertions are
+     *                         enabled), so if you set this wrong, you will not get
+     *                         any errors until you later try to use it to encrypt
+     *                         or decrypt data.
+     * @return    The previous cipher transformation is returned for convenience,
+     *             with the assumption that you may wish to restore it once you have
+     *             completed the encryption / decryption with the new cipher
+     *             transformation.
+     * @deprecated To be replaced by new class in ESAPI 2.1, but here if you need it
+     *          until then. Details of replacement forthcoming to ESAPI-Dev
+     *          list. Most likely to be replaced by a new CTOR for
+     *          JavaEncryptor that takes a list of properties to override.
+     */
+    @Deprecated
+    String setCipherTransformation(String cipherXform);
+
+    /**
+     * Retrieve the <i>preferred</i> JCE provider for ESAPI and your application.
+     * ESAPI 2.0 now allows setting the property
+     * {@code Encryptor.PreferredJCEProvider} in the
+     * {@code ESAPI.properties} file, which will cause the specified JCE
+     * provider to be automatically and dynamically loaded (assuming that
+     * {@code SecurityManager} permissions allow) as the Ii>preferred</i>
+     * JCE provider. (Note this only happens if the JCE provider is not already
+     * loaded.) This method returns the property {@code Encryptor.PreferredJCEProvider}.
+     * </p<p>
+     * By default, this {@code Encryptor.PreferredJCEProvider} property is set
+     * to an empty string, which means that the preferred JCE provider is not
+     * changed.
+     * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
+     * @see org.owasp.esapi.crypto.SecurityProviderLoader
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getPreferredJCEProvider();
+
+// TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
+//                   Think it makes more sense as part of the release notes, but OTOH, I
+//                   really don't want to rewrite this as a Wiki page either.
+    /**
+     * Determines whether the {@code CipherText} should be used with a Message
+     * Authentication Code (MAC). Generally this makes for a more robust cryptographic
+     * scheme, but there are some minor performance implications. Controlled by
+     * the ESAPI property <i>Encryptor.CipherText.useMAC</i>.
+     * </p><p>
+     * For further details, see the "Advanced Usage" section of
+     * <a href="http://www.owasp.org/ESAPI_2.0_ReleaseNotes_CryptoChanges.html">
+     * "Why Is OWASP Changing ESAPI Encryption?"</a>.
+     * </p>
+     * @return    {@code true} if a you want a MAC to be used, otherwise {@code false}.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean useMACforCipherText();
+
+    /**
+     * Indicates whether the {@code PlainText} objects may be overwritten after
+     * they have been encrypted. Generally this is a good idea, especially if
+     * your VM is shared by multiple applications (e.g., multiple applications
+     * running in the same J2EE container) or if there is a possibility that
+     * your VM may leave a core dump (say because it is running non-native
+     * Java code.
+     * <p>
+     * Controlled by the property {@code Encryptor.PlainText.overwrite} in
+     * the {@code ESAPI.properties} file.
+     * </p>
+     * @return    True if it is OK to overwrite the {@code PlainText} objects
+     *            after encrypting, false otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean overwritePlainText();
+
+    /**
+     * Get a string indicating how to compute an Initialization Vector (IV).
+     * Currently supported modes are "random" to generate a random IV or
+     * "fixed" to use a fixed (static) IV.
+     *
+     * <b>WARNING:</b> 'fixed' was only intended to support legacy applications with
+     * fixed IVs, but the use of non-random IVs is inherently insecure,
+     * especially for any supported cipher mode that is considered a streaming mode
+     * (which is basically anything except CBC for modes that support require an IV).
+     * For this reason, 'fixed' has now been removed (it was considered <b>deprecated</b>
+     * since release 2.2.0.0). An <b>ESAPI.properties</b> value of {@code fixed} for the property
+     * {@code Encryptor.ChooseIVMethod} will now result in a {@code ConfigurationException}
+     * being thrown.
+     *
+     * @return A string specifying the IV type. Should be "random". Anything
+     * else should fail with a {@code ConfigurationException} being thrown.
+     *
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     *             This method will be removed in a future release as it is now moot since
+     *             it can <i>only</i> legitimately have the single value of "random".
+     */
+    @Deprecated
+    String getIVType();
+
+    /**
+     * Return a {@code List} of strings of combined cipher modes that support
+     * <b>both</b> confidentiality and authenticity. These would be preferred
+     * cipher modes to use if your JCE provider supports them. If such a
+     * cipher mode is used, no explicit <i>separate</i> MAC is calculated as part of
+     * the {@code CipherText} object upon encryption nor is any attempt made
+     * to verify the same on decryption.
+     * </p><p>
+     * The list is taken from the comma-separated list of cipher modes specified
+     * by the ESAPI property
+     * {@code Encryptor.cipher_modes.combined_modes}.
+     *
+     * @return The parsed list of comma-separated cipher modes if the property
+     * was specified in {@code ESAPI.properties}; otherwise the empty list is
+     * returned.
+     */
+    List<String> getCombinedCipherModes();
+
+    /**
+     * Return {@code List} of strings of additional cipher modes that are
+     * permitted (i.e., in <i>addition<i> to those returned by
+     * {@link #getCombinedCipherModes()}) to be used for encryption and
+     * decryption operations.
+     * </p><p>
+     * The list is taken from the comma-separated list of cipher modes specified
+     * by the ESAPI property
+     * {@code Encryptor.cipher_modes.additional_allowed}.
+     *
+     * @return The parsed list of comma-separated cipher modes if the property
+     * was specified in {@code ESAPI.properties}; otherwise the empty list is
+     * returned.
+     *
+     * @see #getCombinedCipherModes()
+     */
+    List<String> getAdditionalAllowedCipherModes();
+
+    /**
+     * Gets the hashing algorithm used by ESAPI to hash data.
+     *
+     * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getHashAlgorithm();
+
+    /**
+     * Gets the hash iterations used by ESAPI to hash data.
+     *
+     * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getHashIterations();
+
+    /**
+     * Retrieve the Pseudo Random Function (PRF) used by the ESAPI
+     * Key Derivation Function (KDF).
+     *
+     * @return    The KDF PRF algorithm name.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getKDFPseudoRandomFunction();
+
+    /**
+     * Gets the character encoding scheme supported by this application. This is used to set the
+     * character encoding scheme on requests and responses when setCharacterEncoding() is called
+     * on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs
+     * and any other place where the current encoding scheme needs to be known.
+     * <br><br>
+     * Note: This does not get the configured response content type. That is accessed by calling
+     * getResponseContentType().
+     *
+     * @return the current character encoding scheme
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getCharacterEncoding();
+
+    /**
+     * Return true if multiple encoding is allowed
+     *
+     * @return whether multiple encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getAllowMultipleEncoding();
+
+    /**
+     * Return true if mixed encoding is allowed
+     *
+     * @return whether mixed encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getAllowMixedEncoding();
+
+    /**
+     * Returns the List of Codecs to use when canonicalizing data
+     *
+     * @return the codec list
+     */
+    List<String> getDefaultCanonicalizationCodecs();
+
+    /**
+     * Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
+     *
+     * @return the current digital signature algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getDigitalSignatureAlgorithm();
+
+    /**
+     * Gets the digital signature key length used by ESAPI to generate and verify signatures.
+     *
+     * @return the current digital signature key length
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getDigitalSignatureKeyLength();
+
+    /**
+     * Gets the random number generation algorithm used to generate random numbers where needed.
+     *
+     * @return the current random number generation algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getRandomAlgorithm();
+
+    /**
+     * Gets the number of login attempts allowed before the user's account is locked. If this
+     * many failures are detected within the alloted time period, the user's account will be locked.
+     *
+     * @return the number of failed login attempts that cause an account to be locked
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getAllowedLoginAttempts();
+
+    /**
+     * Gets the maximum number of old password hashes that should be retained. These hashes can
+     * be used to ensure that the user doesn't reuse the specified number of previous passwords
+     * when they change their password.
+     *
+     * @return the number of old hashed passwords to retain
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getMaxOldPasswordHashes();
+
+    /**
+     * Allows for complete disabling of all intrusion detection mechanisms
+     *
+     * @return true if intrusion detection should be disabled
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getDisableIntrusionDetection();
+
+    /**
+     * Gets the intrusion detection quota for the specified event.
+     *
+     * @param eventName the name of the event whose quota is desired
+     *
+     * @return the Quota that has been configured for the specified type of event
+     */
+    Threshold getQuota(String eventName);
+
+    /**
+     * Gets a file from the resource directory
+     *
+     * @param filename The file name resource.
+     * @return A {@code File} object representing the specified file name or null if not found.
+     */
+    File getResourceFile( String filename );
+
+    /**
+     * Returns true if session cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getForceHttpOnlySession() ;
+
+    /**
+     * Returns true if session cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getForceSecureSession() ;
+
+    /**
+     * Returns true if new cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getForceHttpOnlyCookies() ;
+
+    /**
+     * Returns true if new cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getForceSecureCookies() ;
+
+    /**
+     * Returns the maximum allowable HTTP header size.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getMaxHttpHeaderSize() ;
+
+    /**
+     * Gets an InputStream to a file in the resource directory
+     *
+     * @param filename A file name in the resource directory.
+     * @return An {@code InputStream} to the specified file name in the resource directory.
+     * @throws IOException If the specified file name cannot be found or opened for reading.
+     */
+    InputStream getResourceStream( String filename ) throws IOException;
+
+    /**
+     * Sets the ESAPI resource directory.
+     *
+     * @param dir The location of the resource directory.
+     */
+    void setResourceDirectory(String dir);
+
+    /**
+     * Gets the content type for responses used when setSafeContentType() is called.
+     * <br><br>
+     * Note: This does not get the configured character encoding scheme. That is accessed by calling
+     * getCharacterEncoding().
+     *
+     * @return The current content-type set for responses.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getResponseContentType();
+
+    /**
+     * This method returns the configured name of the session identifier,
+     * likely "JSESSIONID" though this can be overridden.
+     *
+     * @return The name of the session identifier, like "JSESSIONID"
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    String getHttpSessionIdName();
+
+    /**
+     * Gets the length of the time to live window for remember me tokens (in milliseconds).
+     *
+     * @return The time to live length for generated "remember me" tokens.
+     */
+    // OPEN ISSUE: Can we replace w/ SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead?
+    long getRememberTokenDuration();
+
+
+    /**
+     * Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session
+     * can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate
+     * function that enables a session to continue after reauthentication.
+     *
+     * @return The session idle timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getSessionIdleTimeoutLength();
+
+    /**
+     * Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session
+     * can live before it expires regardless of the amount of user activity. Applications or frameworks could
+     * provide a reauthenticate function that enables a session to continue after reauthentication.
+     *
+     * @return The session absolute timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    int getSessionAbsoluteTimeoutLength();
+
+
+    /**
+     * Returns whether HTML entity encoding should be applied to log entries.
+     *
+     * @return True if log entries are to be HTML Entity encoded. False otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getLogEncodingRequired();
+
+    /**
+     * Returns whether ESAPI should log the application name. This might be clutter in some
+     * single-server/single-app environments.
+     *
+     * @return True if ESAPI should log the application name, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getLogApplicationName();
+
+    /**
+     * Returns whether ESAPI should log the server IP. This might be clutter in some
+     * single-server environments.
+     *
+     * @return True if ESAPI should log the server IP and port, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+    @Deprecated
+    boolean getLogServerIP();
+
+    /**
+     * Models a simple threshold as a count and an interval, along with a set of actions to take if
+     * the threshold is exceeded. These thresholds are used to define when the accumulation of a particular event
+     * has met a set number within the specified time period. Once a threshold value has been met, various
+     * actions can be taken at that point.
+     */
+    class Threshold {
+
+        /** The name of this threshold. */
+        public String name = null;
+
+        /** The count at which this threshold is triggered. */
+        public int count = 0;
+
+        /**
+         * The time frame within which 'count' number of actions has to be detected in order to
+         * trigger this threshold.
+         */
+        public long interval = 0;
+
+        /**
+         * The list of actions to take if the threshold is met. It is expected that this is a list of Strings, but
+         * your implementation could have this be a list of any type of 'actions' you wish to define.
+         */
+        public List<String> actions = null;
+
+        /**
+         * Constructs a threshold that is composed of its name, its threshold count, the time window for
+         * the threshold, and the actions to take if the threshold is triggered.
+         *
+         * @param name The name of this threshold.
+         * @param count The count at which this threshold is triggered.
+         * @param interval The time frame within which 'count' number of actions has to be detected in order to
+         * trigger this threshold.
+         * @param actions The list of actions to take if the threshold is met.
+         */
+        public Threshold(String name, int count, long interval, List<String> actions) {
+            this.name = name;
+            this.count = count;
+            this.interval = interval;
+            this.actions = actions;
+        }
+    }
+
+    /**
+     * Returns the default working directory for executing native processes with Runtime.exec().
+     */
+    File getWorkingDirectory();
+}
diff --git a/src/main/java/org/owasp/esapi/StringUtilities.java b/src/main/java/org/owasp/esapi/StringUtilities.java
index 9d79a3ec4..ef95a91ce 100644
--- a/src/main/java/org/owasp/esapi/StringUtilities.java
+++ b/src/main/java/org/owasp/esapi/StringUtilities.java
@@ -1,199 +1,200 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.util.Arrays;
-import java.util.regex.Pattern;
-
-/**
- * String utilities used in various filters.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- * href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public class StringUtilities {
-
-	private static final Pattern p = Pattern.compile( "\\s");
-	public static String replaceLinearWhiteSpace( String input ) {
-		return p.matcher(input).replaceAll( " " );
-	}
-	
-	/**
-	 * Removes all unprintable characters from a string 
-	 * and replaces with a space.
-	 * @param input
-	 * @return the stripped value
-	 */
-	public static String stripControls( String input ) {
-		StringBuilder sb = new StringBuilder();
-		for ( int i=0; i<input.length(); i++ ) {
-			char c = input.charAt( i );
-			if ( c > 0x20 && c < 0x7f ) {
-				sb.append( c );
-			} else {
-				sb.append( ' ' );
-			}
-		}
-		return sb.toString();
-	}
-
-	
-    /**
-     * Union multiple character arrays.
-     * 
-     * @param list the char[]s to union
-     * @return the union of the char[]s
-     */
-    public static char[] union(char[]... list) {
-    	StringBuilder sb = new StringBuilder();
-    	
-		for (char[] characters : list) {
-			for ( char c : characters ) {
-				if ( !contains( sb, c ) )
-					sb.append( c );
-			}
-		}
-
-        char[] toReturn = new char[sb.length()];
-        sb.getChars(0, sb.length(), toReturn, 0);
-        Arrays.sort(toReturn);
-        return toReturn;
-    }
-
-
-	/**
-     * Returns true if the character is contained in the provided StringBuilder.
-     * @param input 	The input
-     * @param c 		The character to check for to see if {@code input} contains.
-     * @return			True if the specified character is contained; false otherwise.
-     */
-    public static boolean contains(StringBuilder input, char c) {
-        for (int i = 0; i < input.length(); i++) {
-            if (input.charAt(i) == c)
-                return true;
-        }
-        return false;
-    }
-
-    /**
-     * Returns the replace value if the value of test is null, "null", or ""
-     *
-     * @param test The value to test
-     * @param replace The replacement value
-     * @return The correct value
-     */
-    public static String replaceNull( String test, String replace ) {
-        return ( test == null || "null".equalsIgnoreCase( test.trim() ) || "".equals( test.trim() ) ) ? replace : test;
-    }
-
-    /**
-     * Calculate the Edit Distance between 2 Strings as a measure of similarity.
-     *
-     * For example, if the strings GUMBO and GAMBOL are passed in, the edit distance
-     * is 2, since GUMBO transforms into GAMBOL by replacing the 'U' with an 'A' and
-     * adding an 'L'.
-     *
-     * Original Implementation of this algorithm by Michael Gilleland, adapted by
-     * Chas Emerick for the Apache-Commons project
-     * http://www.merriampark.com/ldjava.htm
-     *
-     * @param s The source string
-     * @param t The target String
-     * @return The edit distance between the 2 strings
-     */
-    public static int getLevenshteinDistance (String s, String t) {
-      if (s == null || t == null) {
-        throw new IllegalArgumentException("Strings must not be null");
-      }
-
-      int n = s.length(); // length of s
-      int m = t.length(); // length of t
-
-      if (n == 0) {
-        return m;
-      } else if (m == 0) {
-        return n;
-      }
-
-      int p[] = new int[n+1]; //'previous' cost array, horizontally
-      int d[] = new int[n+1]; // cost array, horizontally
-      int _d[]; //placeholder to assist in swapping p and d
-
-      // indexes into strings s and t
-      int i; // iterates through s
-      int j; // iterates through t
-
-      char t_j; // jth character of t
-
-      int cost; // cost
-
-      for (i = 0; i<=n; i++) {
-         p[i] = i;
-      }
-
-      for (j = 1; j<=m; j++) {
-         t_j = t.charAt(j-1);
-         d[0] = j;
-
-         for (i=1; i<=n; i++) {
-            cost = s.charAt(i-1)==t_j ? 0 : 1;
-            // minimum of cell to the left+1, to the top+1, diagonally left and up +cost
-            d[i] = Math.min(Math.min(d[i-1]+1, p[i]+1),  p[i-1]+cost);
-         }
-
-         // copy current distance counts to 'previous row' distance counts
-         _d = p;
-         p = d;
-         d = _d;
-      }
-
-      // our last action in the above loop was to switch d and p, so p now
-      // actually has the most recent cost counts
-      return p[n];
-    }
-
-    /**
-     * Check to ensure that a {@code String} is not null or empty (after optional
-     * trimming of leading and trailing whitespace). Usually used with
-     * assertions, as in
-     * <pre>
-     * 		assert StringUtils.notNullOrEmpty(cipherXform, true) :
-     * 								"Cipher transformation may not be null or empty!";
-     * </pre>
-     *
-     * @param str	The {@code String} to be checked.
-     * @param trim	If {@code true}, the string is first trimmed before checking
-     * 				to see if it is empty, otherwise it is not.
-     * @return		True if the string is null or empty (after possible
-     * 				trimming); otherwise false.
-     * @since 2.0
-     */
-    public static boolean notNullOrEmpty(String str, boolean trim) {
-    	if ( trim ) {
-    		return !( str == null || str.trim().equals("") );
-    	} else {
-    		return !( str == null || str.equals("") );
-    	}
-    }
-
-    /**
-     * Returns true if String is empty ("") or null.
-     */
-    public static boolean isEmpty(String str) {
-        return str == null || str.length() == 0;
-    }
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.util.Arrays;
+import java.util.regex.Pattern;
+
+/**
+ * String utilities used in various filters.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ * href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public class StringUtilities {
+
+    private static final Pattern p = Pattern.compile( "\\s");
+    public static String replaceLinearWhiteSpace( String input ) {
+        return p.matcher(input).replaceAll( " " );
+    }
+
+    /**
+     * Removes all unprintable characters from a string
+     * and replaces with a space.
+     * @param input
+     * @return the stripped value
+     */
+    public static String stripControls( String input ) {
+        StringBuilder sb = new StringBuilder();
+        for ( int i=0; i<input.length(); i++ ) {
+            char c = input.charAt( i );
+            if ( c > 0x20 && c < 0x7f ) {
+                sb.append( c );
+            } else {
+                sb.append( ' ' );
+            }
+        }
+        return sb.toString();
+    }
+
+
+    /**
+     * Union multiple character arrays.
+     *
+     * @param list the char[]s to union
+     * @return the union of the char[]s
+     */
+    public static char[] union(char[]... list) {
+        StringBuilder sb = new StringBuilder();
+
+        for (char[] characters : list) {
+            for ( char c : characters ) {
+                if ( !contains( sb, c ) )
+                    sb.append( c );
+            }
+        }
+
+        char[] toReturn = new char[sb.length()];
+        sb.getChars(0, sb.length(), toReturn, 0);
+        Arrays.sort(toReturn);
+        return toReturn;
+    }
+
+
+    /**
+     * Returns true if the character is contained in the provided StringBuilder.
+     * @param input     The input
+     * @param c         The character to check for to see if {@code input} contains.
+     * @return            True if the specified character is contained; false otherwise.
+     */
+    public static boolean contains(StringBuilder input, char c) {
+        for (int i = 0; i < input.length(); i++) {
+            if (input.charAt(i) == c)
+                return true;
+        }
+        return false;
+    }
+
+    /**
+     * Returns {@code replace} if {@code test} is null, "null" (case-insensitive), or blank, otherwise {@code test}
+     *
+     * @param test The value to test
+     * @param replace The replacement value
+     * @return The correct value
+     */
+    public static String replaceNull( String test, String replace ) {
+        return test == null || "null".equalsIgnoreCase( test.trim() ) || "".equals( test.trim() ) ? replace : test;
+    }
+
+    /**
+     * Calculate the Edit Distance between 2 Strings as a measure of similarity.
+     *
+     * For example, if the strings GUMBO and GAMBOL are passed in, the edit distance
+     * is 2, since GUMBO transforms into GAMBOL by replacing the 'U' with an 'A' and
+     * adding an 'L'.
+     *
+     * Original Implementation of this algorithm by Michael Gilleland, adapted by
+     * Chas Emerick for the Apache-Commons project
+     * http://www.merriampark.com/ldjava.htm
+     *
+     * @param s The source string
+     * @param t The target String
+     * @return The edit distance between the 2 strings
+     */
+    public static int getLevenshteinDistance (String s, String t) {
+      if (s == null || t == null) {
+        throw new IllegalArgumentException("Strings must not be null");
+      }
+
+      int n = s.length(); // length of s
+      int m = t.length(); // length of t
+
+      if (n == 0) {
+        return m;
+      } else if (m == 0) {
+        return n;
+      }
+
+      int p[] = new int[n+1]; //'previous' cost array, horizontally
+      int d[] = new int[n+1]; // cost array, horizontally
+      int _d[]; //placeholder to assist in swapping p and d
+
+      // indexes into strings s and t
+      int i; // iterates through s
+      int j; // iterates through t
+
+      char t_j; // jth character of t
+
+      int cost; // cost
+
+      for (i = 0; i<=n; i++) {
+         p[i] = i;
+      }
+
+      for (j = 1; j<=m; j++) {
+         t_j = t.charAt(j-1);
+         d[0] = j;
+
+         for (i=1; i<=n; i++) {
+            cost = s.charAt(i-1)==t_j ? 0 : 1;
+            // minimum of cell to the left+1, to the top+1, diagonally left and up +cost
+            d[i] = Math.min(Math.min(d[i-1]+1, p[i]+1),  p[i-1]+cost);
+         }
+
+         // copy current distance counts to 'previous row' distance counts
+         _d = p;
+         p = d;
+         d = _d;
+      }
+
+      // our last action in the above loop was to switch d and p, so p now
+      // actually has the most recent cost counts
+      return p[n];
+    }
+
+    /**
+     * Check to ensure that a {@code String} is not null or empty (after optional
+     * trimming of leading and trailing whitespace). Usually used with
+     * assertions, as in
+     * <pre>
+     *         assert StringUtils.notNullOrEmpty(cipherXform, true) :
+     *                                 "Cipher transformation may not be null or empty!";
+     * </pre>
+     * or an equivalent runtime check that throws an {@code IllegalArgumentException}.
+     *
+     * @param str    The {@code String} to be checked.
+     * @param trim    If {@code true}, the string is first trimmed before checking
+     *                 to see if it is empty, otherwise it is not.
+     * @return        True if the string is null or empty (after possible
+     *                 trimming); otherwise false.
+     * @since 2.0
+     */
+    public static boolean notNullOrEmpty(String str, boolean trim) {
+        if ( trim ) {
+            return !( str == null || str.trim().equals("") );
+        } else {
+            return !( str == null || str.equals("") );
+        }
+    }
+
+    /**
+     * Returns true if String is empty ("") or null.
+     */
+    public static boolean isEmpty(String str) {
+        return str == null || str.length() == 0;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/User.java b/src/main/java/org/owasp/esapi/User.java
index f6b9fa2d4..fc5ca980c 100644
--- a/src/main/java/org/owasp/esapi/User.java
+++ b/src/main/java/org/owasp/esapi/User.java
@@ -1,760 +1,760 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.AuthenticationHostException;
-import org.owasp.esapi.errors.EncryptionException;
-
-import javax.servlet.http.HttpSession;
-import java.io.Serializable;
-import java.security.Principal;
-import java.util.*;
-
-/**
- * The User interface represents an application user or user account. There is quite a lot of information that an
- * application must store for each user in order to enforce security properly. There are also many rules that govern
- * authentication and identity management.
- * <P>
- * A user account can be in one of several states. When first created, a User should be disabled, not expired, and
- * unlocked. To start using the account, an administrator should enable the account. The account can be locked for a
- * number of reasons, most commonly because they have failed login for too many times. Finally, the account can expire
- * after the expiration date has been reached. The User must be enabled, not expired, and unlocked in order to pass
- * authentication.
- * 
- * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
- * @since June 1, 2007
- */
-
-public interface User extends Principal, Serializable {
-	/**
-	 * @return the locale
-	 */
-	public Locale getLocale();
-
-	/**
-	 * @param locale the locale to set
-	 */
-	public void setLocale(Locale locale);
-
-    /**
-     * Adds a role to this user's account.
-     * 
-     * @param role 
-     * 		the role to add
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void addRole(String role) throws AuthenticationException;
-
-    /**
-     * Adds a set of roles to this user's account.
-     * 
-     * @param newRoles 
-     * 		the new roles to add
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void addRoles(Set<String> newRoles) throws AuthenticationException;
-
-    /**
-     * Sets the user's password, performing a verification of the user's old password, the equality of the two new
-     * passwords, and the strength of the new password.
-     * 
-     * @param oldPassword 
-     * 		the old password
-     * @param newPassword1 
-     * 		the new password
-     * @param newPassword2 
-     * 		the new password - used to verify that the new password was typed correctly
-     * 
-     * @throws AuthenticationException 
-     * 		if newPassword1 does not match newPassword2, if oldPassword does not match the stored old password, or if the new password does not meet complexity requirements 
-     * @throws EncryptionException 
-     */
-    void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException;
-
-    /**
-     * Disable this user's account.
-     */
-    void disable();
-
-    /**
-     * Enable this user's account.
-     */
-    void enable();
-
-    /**
-     * Gets this user's account id number.
-     * 
-     * @return the account id
-     */
-    long getAccountId();
-    
-    /**
-     * Gets this user's account name.
-     * 
-     * @return the account name
-     */
-    String getAccountName();
-
-    /**
-     * Gets the CSRF token for this user's current sessions.
-     * 
-     * @return the CSRF token
-     */
-    String getCSRFToken();
-
-    /**
-     * Returns the date that this user's account will expire.
-     *
-     * @return Date representing the account expiration time.
-     */
-    Date getExpirationTime();
-
-    /**
-     * Returns the number of failed login attempts since the last successful login for an account. This method is
-     * intended to be used as a part of the account lockout feature, to help protect against brute force attacks.
-     * However, the implementor should be aware that lockouts can be used to prevent access to an application by a
-     * legitimate user, and should consider the risk of denial of service.
-     * 
-     * @return the number of failed login attempts since the last successful login
-     */
-    int getFailedLoginCount();
-
-    /**
-     * Returns the last host address used by the user. This will be used in any log messages generated by the processing
-     * of this request.
-     * 
-     * @return the last host address used by the user
-     */
-    String getLastHostAddress();
-
-	/**
-     * Returns the date of the last failed login time for a user. This date should be used in a message to users after a
-     * successful login, to notify them of potential attack activity on their account.
-     * 
-     * @return date of the last failed login
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    Date getLastFailedLoginTime() throws AuthenticationException;
-
-    /**
-     * Returns the date of the last successful login time for a user. This date should be used in a message to users
-     * after a successful login, to notify them of potential attack activity on their account.
-     * 
-     * @return date of the last successful login
-     */
-    Date getLastLoginTime();
-
-    /**
-     * Gets the date of user's last password change.
-     * 
-     * @return the date of last password change
-     */
-    Date getLastPasswordChangeTime();
-
-    /**
-     * Gets the roles assigned to a particular account.
-     * 
-     * @return an immutable set of roles
-     */
-    Set<String> getRoles();
-
-    /**
-     * Gets the screen name (alias) for the current user.
-     * 
-     * @return the screen name
-     */
-    String getScreenName();
-
-    /**
-     * Adds a session for this User.
-     * 
-     * @param s
-     * 			The session to associate with this user.
-     */
-    void addSession( HttpSession s );
-    
-    /**
-     * Removes a session for this User.
-     * 
-     * @param s
-     * 			The session to remove from being associated with this user.
-     */
-    void removeSession( HttpSession s );
-    
-    /**
-     * Returns the list of sessions associated with this User.
-     * @return
-     */
-    Set getSessions();
-    
-    /**
-     * Increment failed login count.
-     */
-    void incrementFailedLoginCount();
-
-    /**
-     * Checks if user is anonymous.
-     * 
-     * @return true, if user is anonymous
-     */
-    boolean isAnonymous();
-
-    /**
-     * Checks if this user's account is currently enabled.
-     * 
-     * @return true, if account is enabled 
-     */
-    boolean isEnabled();
-
-    /**
-     * Checks if this user's account is expired.
-     * 
-     * @return true, if account is expired
-     */
-    boolean isExpired();
-
-    /**
-     * Checks if this user's account is assigned a particular role.
-     * 
-     * @param role 
-     * 		the role for which to check
-     * 
-     * @return true, if role has been assigned to user
-     */
-    boolean isInRole(String role);
-
-    /**
-     * Checks if this user's account is locked.
-     * 
-     * @return true, if account is locked
-     */
-    boolean isLocked();
-
-    /**
-     * Tests to see if the user is currently logged in.
-     * 
-     * @return true, if the user is logged in
-     */
-    boolean isLoggedIn();
-
-    /**
-     * Tests to see if this user's session has exceeded the absolute time out based 
-      * on ESAPI's configuration settings.
-     * 
-     * @return true, if user's session has exceeded the absolute time out
-     */
-    boolean isSessionAbsoluteTimeout();
-
-    /**
-      * Tests to see if the user's session has timed out from inactivity based 
-      * on ESAPI's configuration settings.
-      * 
-      * A session may timeout prior to ESAPI's configuration setting due to 
-      * the servlet container setting for session-timeout in web.xml. The 
-      * following is an example of a web.xml session-timeout set for one hour. 	
-      *
-      * <session-config>
-      *   <session-timeout>60</session-timeout> 
-      * </session-config>
-      * 
-      * @return true, if user's session has timed out from inactivity based 
-      *               on ESAPI configuration
-      */
-     boolean isSessionTimeout();
-
-    /**
-     * Lock this user's account.
-     */
-    void lock();
-
-    /**
-     * Login with password.
-     * 
-     * @param password 
-     * 		the password
-     * @throws AuthenticationException 
-     * 		if login fails
-     */
-    void loginWithPassword(String password) throws AuthenticationException;
-
-    /**
-     * Logout this user.
-     */
-    void logout();
-
-    /**
-     * Removes a role from this user's account.
-     * 
-     * @param role 
-     * 		the role to remove
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void removeRole(String role) throws AuthenticationException;
-
-    /**
-     * Returns a token to be used as a prevention against CSRF attacks. This token should be added to all links and
-     * forms. The application should verify that all requests contain the token, or they may have been generated by a
-     * CSRF attack. It is generally best to perform the check in a centralized location, either a filter or controller.
-     * See the verifyCSRFToken method.
-     * 
-     * @return the new CSRF token
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    String resetCSRFToken() throws AuthenticationException;
-
-    /**
-     * Sets this user's account name.
-     * 
-     * @param accountName the new account name
-     */
-    void setAccountName(String accountName);
-
-    /**
-     * Sets the date and time when this user's account will expire.
-     * 
-     * @param expirationTime the new expiration time
-     */
-	void setExpirationTime(Date expirationTime);
-
-	/**
-     * Sets the roles for this account.
-     * 
-     * @param roles 
-     * 		the new roles
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void setRoles(Set<String> roles) throws AuthenticationException;
-
-    /**
-     * Sets the screen name (username alias) for this user.
-     * 
-     * @param screenName the new screen name
-     */
-    void setScreenName(String screenName);
-
-    /**
-     * Unlock this user's account.
-     */
-    void unlock();
-
-	/**
-	 * Verify that the supplied password matches the password for this user. This method
-	 * is typically used for "reauthentication" for the most sensitive functions, such
-	 * as transactions, changing email address, and changing other account information.
-	 * 
-	 * @param password 
-	 * 		the password that the user entered
-	 * 
-	 * @return true, if the password passed in matches the account's password
-	 * 
-	 * @throws EncryptionException 
-	 */
-	public boolean verifyPassword(String password) throws EncryptionException;
-
-	/**
-	 * Set the time of the last failed login for this user.
-	 * 
-	 * @param lastFailedLoginTime the date and time when the user just failed to login correctly.
-	 */
-	void setLastFailedLoginTime(Date lastFailedLoginTime);
-	
-	/**
-	 * Set the last remote host address used by this user.
-	 * 
-	 * @param remoteHost The address of the user's current source host.
-	 */
-	void setLastHostAddress(String remoteHost) throws AuthenticationHostException;
-	
-	/**
-	 * Set the time of the last successful login for this user.
-	 * 
-	 * @param lastLoginTime the date and time when the user just successfully logged in.
-	 */
-	void setLastLoginTime(Date lastLoginTime);
-	
-	/**
-	 * Set the time of the last password change for this user.
-	 * 
-	 * @param lastPasswordChangeTime the date and time when the user just successfully changed his/her password.
-	 */
-	void setLastPasswordChangeTime(Date lastPasswordChangeTime);
-
-	/**
-	 * Returns the hashmap used to store security events for this user. Used by the
-	 * IntrusionDetector.
-	 */
-	HashMap getEventMap();
-	
-
-	/**
-	 * The ANONYMOUS user is used to represent an unidentified user. Since there is
-	 * always a real user, the ANONYMOUS user is better than using null to represent
-	 * this.
-	 */
-    public final User ANONYMOUS = new User() {
-
-		private static final long serialVersionUID = -1850916950784965502L;
-
-		private String csrfToken = "";
-    	private Set sessions = new HashSet();
-		private Locale locale = null;
-    	
-    	/**
-         * {@inheritDoc}
-         */
-        public void addRole(String role) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void addRoles(Set newRoles) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void changePassword(String oldPassword, String newPassword1,
-                String newPassword2) throws AuthenticationException,
-                EncryptionException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void disable() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void enable() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public long getAccountId() {
-	        return 0;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String getAccountName() {
-	        return "Anonymous";
-        }
-
-		/**
-		 * Alias method that is equivalent to getAccountName()
-		 * 
-		 * @return the name of the current user's account
-         */
-        public String getName() {
-        	return getAccountName();
-        }
-        
-        /**
-         * {@inheritDoc}
-         */
-        public String getCSRFToken() {
-	        return csrfToken;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getExpirationTime() {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public int getFailedLoginCount() {
-	        return 0;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getLastFailedLoginTime() throws AuthenticationException {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String getLastHostAddress() {
-	        return "unknown";
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getLastLoginTime() {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getLastPasswordChangeTime() {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Set<String> getRoles() {
-	        return new HashSet<String>();
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String getScreenName() {
-	        return "Anonymous";
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void addSession(HttpSession s)  {
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void removeSession(HttpSession s)  {
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Set getSessions()  {
-            return sessions;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void incrementFailedLoginCount() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isAnonymous() {
-	        return true;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isEnabled() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isExpired() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isInRole(String role) {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isLocked() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isLoggedIn() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isSessionAbsoluteTimeout() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isSessionTimeout() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void lock() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void loginWithPassword(String password)
-                throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void logout() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void removeRole(String role) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String resetCSRFToken() throws AuthenticationException {
-    		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-    		return csrfToken;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void setAccountName(String accountName) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-    	public void setExpirationTime(Date expirationTime) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-        
-    	/**
-         * {@inheritDoc}
-         */
-        public void setRoles(Set roles) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void setScreenName(String screenName) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void unlock() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean verifyPassword(String password) throws EncryptionException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void setLastFailedLoginTime(Date lastFailedLoginTime) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-        
-        /**
-         * {@inheritDoc}
-         */
-    	public void setLastLoginTime(Date lastLoginTime) {
-    		throw new RuntimeException("Invalid operation for the anonymous user");
-    	}
-
-    	/**
-         * {@inheritDoc}
-         */
-     	public void setLastHostAddress(String remoteHost) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-                
-     	/**
-         * {@inheritDoc}
-         */
-        public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-        
-        /**
-         *  {@inheritDoc}
-         */
-        public HashMap getEventMap() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-         /**
-    	 * @return the locale
-    	 */
-    	public Locale getLocale() {
-    		return locale;
-    	}
-
-    	/**
-    	 * @param locale the locale to set
-    	 */
-    	public void setLocale(Locale locale) {
-    		this.locale = locale;
-    	}
-    };
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.AuthenticationHostException;
+import org.owasp.esapi.errors.EncryptionException;
+
+import javax.servlet.http.HttpSession;
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.*;
+
+/**
+ * The User interface represents an application user or user account. There is quite a lot of information that an
+ * application must store for each user in order to enforce security properly. There are also many rules that govern
+ * authentication and identity management.
+ * <P>
+ * A user account can be in one of several states. When first created, a User should be disabled, not expired, and
+ * unlocked. To start using the account, an administrator should enable the account. The account can be locked for a
+ * number of reasons, most commonly because they have failed login for too many times. Finally, the account can expire
+ * after the expiration date has been reached. The User must be enabled, not expired, and unlocked in order to pass
+ * authentication.
+ *
+ * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
+ * @since June 1, 2007
+ */
+
+public interface User extends Principal, Serializable {
+    /**
+     * @return the locale
+     */
+    Locale getLocale();
+
+    /**
+     * @param locale the locale to set
+     */
+    void setLocale(Locale locale);
+
+    /**
+     * Adds a role to this user's account.
+     *
+     * @param role
+     *         the role to add
+     *
+     * @throws AuthenticationException
+     *         the authentication exception
+     */
+    void addRole(String role) throws AuthenticationException;
+
+    /**
+     * Adds a set of roles to this user's account.
+     *
+     * @param newRoles
+     *         the new roles to add
+     *
+     * @throws AuthenticationException
+     *         the authentication exception
+     */
+    void addRoles(Set<String> newRoles) throws AuthenticationException;
+
+    /**
+     * Sets the user's password, performing a verification of the user's old password, the equality of the two new
+     * passwords, and the strength of the new password.
+     *
+     * @param oldPassword
+     *         the old password
+     * @param newPassword1
+     *         the new password
+     * @param newPassword2
+     *         the new password - used to verify that the new password was typed correctly
+     *
+     * @throws AuthenticationException
+     *         if newPassword1 does not match newPassword2, if oldPassword does not match the stored old password, or if the new password does not meet complexity requirements
+     * @throws EncryptionException
+     */
+    void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException;
+
+    /**
+     * Disable this user's account.
+     */
+    void disable();
+
+    /**
+     * Enable this user's account.
+     */
+    void enable();
+
+    /**
+     * Gets this user's account id number.
+     *
+     * @return the account id
+     */
+    long getAccountId();
+
+    /**
+     * Gets this user's account name.
+     *
+     * @return the account name
+     */
+    String getAccountName();
+
+    /**
+     * Gets the CSRF token for this user's current sessions.
+     *
+     * @return the CSRF token
+     */
+    String getCSRFToken();
+
+    /**
+     * Returns the date that this user's account will expire.
+     *
+     * @return Date representing the account expiration time.
+     */
+    Date getExpirationTime();
+
+    /**
+     * Returns the number of failed login attempts since the last successful login for an account. This method is
+     * intended to be used as a part of the account lockout feature, to help protect against brute force attacks.
+     * However, the implementor should be aware that lockouts can be used to prevent access to an application by a
+     * legitimate user, and should consider the risk of denial of service.
+     *
+     * @return the number of failed login attempts since the last successful login
+     */
+    int getFailedLoginCount();
+
+    /**
+     * Returns the last host address used by the user. This will be used in any log messages generated by the processing
+     * of this request.
+     *
+     * @return the last host address used by the user
+     */
+    String getLastHostAddress();
+
+    /**
+     * Returns the date of the last failed login time for a user. This date should be used in a message to users after a
+     * successful login, to notify them of potential attack activity on their account.
+     *
+     * @return date of the last failed login
+     *
+     * @throws AuthenticationException
+     *         the authentication exception
+     */
+    Date getLastFailedLoginTime() throws AuthenticationException;
+
+    /**
+     * Returns the date of the last successful login time for a user. This date should be used in a message to users
+     * after a successful login, to notify them of potential attack activity on their account.
+     *
+     * @return date of the last successful login
+     */
+    Date getLastLoginTime();
+
+    /**
+     * Gets the date of user's last password change.
+     *
+     * @return the date of last password change
+     */
+    Date getLastPasswordChangeTime();
+
+    /**
+     * Gets the roles assigned to a particular account.
+     *
+     * @return an immutable set of roles
+     */
+    Set<String> getRoles();
+
+    /**
+     * Gets the screen name (alias) for the current user.
+     *
+     * @return the screen name
+     */
+    String getScreenName();
+
+    /**
+     * Adds a session for this User.
+     *
+     * @param s
+     *             The session to associate with this user.
+     */
+    void addSession( HttpSession s );
+
+    /**
+     * Removes a session for this User.
+     *
+     * @param s
+     *             The session to remove from being associated with this user.
+     */
+    void removeSession( HttpSession s );
+
+    /**
+     * Returns a Set containing the sessions associated with this User.
+     * @return The Set of sessions for this User.
+     */
+    Set getSessions();
+
+    /**
+     * Increment failed login count.
+     */
+    void incrementFailedLoginCount();
+
+    /**
+     * Checks if user is anonymous.
+     *
+     * @return true, if user is anonymous
+     */
+    boolean isAnonymous();
+
+    /**
+     * Checks if this user's account is currently enabled.
+     *
+     * @return true, if account is enabled
+     */
+    boolean isEnabled();
+
+    /**
+     * Checks if this user's account is expired.
+     *
+     * @return true, if account is expired
+     */
+    boolean isExpired();
+
+    /**
+     * Checks if this user's account is assigned a particular role.
+     *
+     * @param role
+     *         the role for which to check
+     *
+     * @return true, if role has been assigned to user
+     */
+    boolean isInRole(String role);
+
+    /**
+     * Checks if this user's account is locked.
+     *
+     * @return true, if account is locked
+     */
+    boolean isLocked();
+
+    /**
+     * Tests to see if the user is currently logged in.
+     *
+     * @return true, if the user is logged in
+     */
+    boolean isLoggedIn();
+
+    /**
+     * Tests to see if this user's session has exceeded the absolute time out based
+      * on ESAPI's configuration settings.
+     *
+     * @return true, if user's session has exceeded the absolute time out
+     */
+    boolean isSessionAbsoluteTimeout();
+
+    /**
+      * Tests to see if the user's session has timed out from inactivity based
+      * on ESAPI's configuration settings.
+      *
+      * A session may timeout prior to ESAPI's configuration setting due to
+      * the servlet container setting for session-timeout in web.xml. The
+      * following is an example of a web.xml session-timeout set for one hour.
+      *
+      * <session-config>
+      *   <session-timeout>60</session-timeout>
+      * </session-config>
+      *
+      * @return true, if user's session has timed out from inactivity based
+      *               on ESAPI configuration
+      */
+     boolean isSessionTimeout();
+
+    /**
+     * Lock this user's account.
+     */
+    void lock();
+
+    /**
+     * Login with password.
+     *
+     * @param password
+     *         the password
+     * @throws AuthenticationException
+     *         if login fails
+     */
+    void loginWithPassword(String password) throws AuthenticationException;
+
+    /**
+     * Logout this user.
+     */
+    void logout();
+
+    /**
+     * Removes a role from this user's account.
+     *
+     * @param role
+     *         the role to remove
+     * @throws AuthenticationException
+     *         the authentication exception
+     */
+    void removeRole(String role) throws AuthenticationException;
+
+    /**
+     * Returns a token to be used as a prevention against CSRF attacks. This token should be added to all links and
+     * forms. The application should verify that all requests contain the token, or they may have been generated by a
+     * CSRF attack. It is generally best to perform the check in a centralized location, either a filter or controller.
+     * See the verifyCSRFToken method.
+     *
+     * @return the new CSRF token
+     *
+     * @throws AuthenticationException
+     *         the authentication exception
+     */
+    String resetCSRFToken() throws AuthenticationException;
+
+    /**
+     * Sets this user's account name.
+     *
+     * @param accountName the new account name
+     */
+    void setAccountName(String accountName);
+
+    /**
+     * Sets the date and time when this user's account will expire.
+     *
+     * @param expirationTime the new expiration time
+     */
+    void setExpirationTime(Date expirationTime);
+
+    /**
+     * Sets the roles for this account.
+     *
+     * @param roles
+     *         the new roles
+     *
+     * @throws AuthenticationException
+     *         the authentication exception
+     */
+    void setRoles(Set<String> roles) throws AuthenticationException;
+
+    /**
+     * Sets the screen name (username alias) for this user.
+     *
+     * @param screenName the new screen name
+     */
+    void setScreenName(String screenName);
+
+    /**
+     * Unlock this user's account.
+     */
+    void unlock();
+
+    /**
+     * Verify that the supplied password matches the password for this user. This method
+     * is typically used for "reauthentication" for the most sensitive functions, such
+     * as transactions, changing email address, and changing other account information.
+     *
+     * @param password
+     *         the password that the user entered
+     *
+     * @return true, if the password passed in matches the account's password
+     *
+     * @throws EncryptionException
+     */
+    boolean verifyPassword(String password) throws EncryptionException;
+
+    /**
+     * Set the time of the last failed login for this user.
+     *
+     * @param lastFailedLoginTime the date and time when the user just failed to authenticate correctly.
+     */
+    void setLastFailedLoginTime(Date lastFailedLoginTime);
+
+    /**
+     * Set the last remote host address used by this user.
+     *
+     * @param remoteHost The address of the user's current source host.
+     */
+    void setLastHostAddress(String remoteHost) throws AuthenticationHostException;
+
+    /**
+     * Set the time of the last successful login for this user.
+     *
+     * @param lastLoginTime the date and time when the user just successfully logged in.
+     */
+    void setLastLoginTime(Date lastLoginTime);
+
+    /**
+     * Set the time of the last password change for this user.
+     *
+     * @param lastPasswordChangeTime the date and time when the user just successfully changed his/her password.
+     */
+    void setLastPasswordChangeTime(Date lastPasswordChangeTime);
+
+    /**
+     * Returns the hashmap used to store security events for this user. Used by the
+     * IntrusionDetector.
+     */
+    HashMap getEventMap();
+
+
+    /**
+     * The ANONYMOUS user is used to represent an unidentified user. Since there is
+     * always a real user, the ANONYMOUS user is better than using null to represent
+     * this.
+     */
+    final User ANONYMOUS = new User() {
+
+        private static final long serialVersionUID = -1850916950784965502L;
+
+        private String csrfToken = "";
+        private Set<Object> sessions = new HashSet<Object>();
+        private Locale locale = null;
+
+        /**
+         * {@inheritDoc}
+         */
+        public void addRole(String role) throws AuthenticationException {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void addRoles(Set newRoles) throws AuthenticationException {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void changePassword(String oldPassword, String newPassword1,
+                String newPassword2) throws AuthenticationException,
+                EncryptionException {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void disable() {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void enable() {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public long getAccountId() {
+            return 0;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getAccountName() {
+            return "Anonymous";
+        }
+
+        /**
+         * Alias method that is equivalent to getAccountName()
+         *
+         * @return the name of the current user's account
+         */
+        public String getName() {
+            return getAccountName();
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getCSRFToken() {
+            return csrfToken;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getExpirationTime() {
+            return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public int getFailedLoginCount() {
+            return 0;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getLastFailedLoginTime() throws AuthenticationException {
+            return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getLastHostAddress() {
+            return "unknown";
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getLastLoginTime() {
+            return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getLastPasswordChangeTime() {
+            return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Set<String> getRoles() {
+            return new HashSet<String>();
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getScreenName() {
+            return "Anonymous";
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void addSession(HttpSession s)  {
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void removeSession(HttpSession s)  {
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Set getSessions()  {
+            return sessions;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void incrementFailedLoginCount() {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isAnonymous() {
+            return true;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isEnabled() {
+            return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isExpired() {
+            return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isInRole(String role) {
+            return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isLocked() {
+            return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isLoggedIn() {
+            return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isSessionAbsoluteTimeout() {
+            return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isSessionTimeout() {
+            return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void lock() {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void loginWithPassword(String password)
+                throws AuthenticationException {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void logout() {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void removeRole(String role) throws AuthenticationException {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String resetCSRFToken() throws AuthenticationException {
+            csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+            return csrfToken;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setAccountName(String accountName) {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setExpirationTime(Date expirationTime) {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setRoles(Set roles) throws AuthenticationException {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setScreenName(String screenName) {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void unlock() {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean verifyPassword(String password) throws EncryptionException {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setLastFailedLoginTime(Date lastFailedLoginTime) {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setLastLoginTime(Date lastLoginTime) {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+         public void setLastHostAddress(String remoteHost) {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+         /**
+         * {@inheritDoc}
+         */
+        public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         *  {@inheritDoc}
+         */
+        public HashMap getEventMap() {
+            throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+         /**
+         * @return the locale
+         */
+        public Locale getLocale() {
+            return locale;
+        }
+
+        /**
+         * @param locale the locale to set
+         */
+        public void setLocale(Locale locale) {
+            this.locale = locale;
+        }
+    };
+}
diff --git a/src/main/java/org/owasp/esapi/ValidationErrorList.java b/src/main/java/org/owasp/esapi/ValidationErrorList.java
index df194449a..d671f9479 100644
--- a/src/main/java/org/owasp/esapi/ValidationErrorList.java
+++ b/src/main/java/org/owasp/esapi/ValidationErrorList.java
@@ -1,137 +1,137 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * 
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * The ValidationErrorList class defines a well-formed collection of 
- * ValidationExceptions so that groups of validation functions can be 
- * called in a non-blocking fashion.
- * <P>
- * To use the ValidationErrorList to execute groups of validation 
- * attempts, your controller code would look something like:
- * 
- * <PRE>
- * ValidationErrorList() errorList = new ValidationErrorList();.
- * String name  = getValidInput("Name", form.getName(), "SomeESAPIRegExName1", 255, false, errorList);
- * String address = getValidInput("Address", form.getAddress(), "SomeESAPIRegExName2", 255, false, errorList);
- * Integer weight = getValidInteger("Weight", form.getWeight(), 1, 1000000000, false, errorList);
- * Integer sortOrder = getValidInteger("Sort Order", form.getSortOrder(), -100000, +100000, false, errorList);
- * request.setAttribute( "ERROR_LIST", errorList );
- * </PRE>
- * 
- * The at your view layer you would be able to retrieve all
- * of your error messages via a helper function like:
- * 
- * <PRE>
- * public static ValidationErrorList getErrors() {          
- *     HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
- *     ValidationErrorList errors = new ValidationErrorList();
- *     if (request.getAttribute(Constants.ERROR_LIST) != null) {
- *        errors = (ValidationErrorList)request.getAttribute("ERROR_LIST");
- *     }
- * 	   return errors;
- * }
- * </PRE>
- * 
- * You can list all errors like:
- * 
- * <PRE>
- * <%
- *      for (Object vo : errorList.errors()) {
- *         ValidationException ve = (ValidationException)vo;
- * %>
- * <%= ESAPI.encoder().encodeForHTML(ve.getMessage()) %><br/>
- * <%
- *     }
- * %>
- * </PRE>
- * 
- * And even check if a specific UI component is in error via calls like:
- * 
- * <PRE>
- * ValidationException e = errorList.getError("Name");
- * </PRE>
- * 
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @since August 15, 2008
- */
-public class ValidationErrorList {
-
-	/**
-	 * Error list of ValidationException's
-	 */
-	private HashMap<String, ValidationException> errorList = new HashMap<String, ValidationException>();
-
-	/**
-	 * Adds a new error to list with a unique named context.
-	 * No action taken if either element is null. 
-	 * Existing contexts will be overwritten.
-	 * 
-	 * @param context Unique named context for this {@code ValidationErrorList}.
-	 * @param vex	A {@code ValidationException}.
-	 */
-	public void addError(String context, ValidationException vex) {
-		if ( context == null ) throw new RuntimeException( "Context for cannot be null: " + vex.getLogMessage(), vex );
-		if ( vex == null ) throw new RuntimeException( "Context (" + context + ") cannot be null" );
-		if (getError(context) != null) throw new RuntimeException("Context (" + context + ") already exists, must be unique");
-		errorList.put(context, vex);
-	}
-
-	/**
-	 * Returns list of ValidationException, or empty list of no errors exist.
-	 * 
-	 * @return List
-	 */
-	public List<ValidationException> errors() {
-		return new ArrayList<ValidationException>( errorList.values() );
-	}
-
-	/**
-	 * Retrieves ValidationException for given context if one exists.
-	 * 
-	 * @param context unique name for each error
-	 * @return ValidationException or null for given context
-	 */
-	public ValidationException getError(String context) {
-		if (context == null) return null;		
-		return errorList.get(context);
-	}
-
-	/**
-	 * Returns true if no error are present.
-	 * 
-	 * @return boolean
-	 */
-	public boolean isEmpty() {
-		return errorList.isEmpty();
-	}
-	
-	/**
-	 * Returns the numbers of errors present.
-	 * 
-	 * @return boolean
-	 */
-	public int size() {
-		return errorList.size();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ *
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * The ValidationErrorList class defines a well-formed collection of
+ * ValidationExceptions so that groups of validation functions can be
+ * called in a non-blocking fashion.
+ * <P>
+ * To use the ValidationErrorList to execute groups of validation
+ * attempts, your controller code would look something like:
+ *
+ * <PRE>
+ * ValidationErrorList() errorList = new ValidationErrorList();
+ * String name  = ESAPI.validator().getValidInput("Name", form.getName(), "SomeESAPIRegExName1", 255, false, errorList);
+ * String address = ESAPI.validator().getValidInput("Address", form.getAddress(), "SomeESAPIRegExName2", 255, false, errorList);
+ * Integer weight = getValidInteger("Weight", form.getWeight(), 1, 1000000000, false, errorList);
+ * Integer sortOrder = getValidInteger("Sort Order", form.getSortOrder(), -100000, +100000, false, errorList);
+ * request.setAttribute( "ERROR_LIST", errorList );
+ * </PRE>
+ *
+ * The at your view layer you would be able to retrieve all
+ * of your error messages via a helper function like:
+ *
+ * <PRE>
+ * public static ValidationErrorList getErrors() {
+ *     HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+ *     ValidationErrorList errors = new ValidationErrorList();
+ *     if (request.getAttribute(Constants.ERROR_LIST) != null) {
+ *        errors = (ValidationErrorList)request.getAttribute("ERROR_LIST");
+ *     }
+ *        return errors;
+ * }
+ * </PRE>
+ *
+ * You can list all errors like:
+ *
+ * <PRE>
+ * <%
+ *      for (Object vo : errorList.errors()) {
+ *         ValidationException ve = (ValidationException)vo;
+ * %>
+ * <%= ESAPI.encoder().encodeForHTML(ve.getMessage()) %><br/>
+ * <%
+ *     }
+ * %>
+ * </PRE>
+ *
+ * And even check if a specific UI component is in error via calls like:
+ *
+ * <PRE>
+ * ValidationException e = errorList.getError("Name");
+ * </PRE>
+ *
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @since August 15, 2008
+ */
+public class ValidationErrorList {
+
+    /**
+     * Error list of ValidationException's
+     */
+    private HashMap<String, ValidationException> errorList = new HashMap<String, ValidationException>();
+
+    /**
+     * Adds a new error to list with a unique named context.
+     * No action taken if either element is null.
+     * Existing contexts will be overwritten.
+     *
+     * @param context Unique named context for this {@code ValidationErrorList}.
+     * @param vex    A {@code ValidationException}.
+     */
+    public void addError(String context, ValidationException vex) {
+        if ( context == null ) throw new RuntimeException( "Context cannot be null: " + vex.getLogMessage(), vex );
+        if ( vex == null ) throw new RuntimeException( "ValidationException cannot be null for context  (" + context + ")" );
+        if (getError(context) != null) throw new RuntimeException("Context (" + context + ") already exists, must be unique");
+        errorList.put(context, vex);
+    }
+
+    /**
+     * Returns list of ValidationException, or empty list of no errors exist.
+     *
+     * @return List
+     */
+    public List<ValidationException> errors() {
+        return new ArrayList<ValidationException>( errorList.values() );
+    }
+
+    /**
+     * Retrieves ValidationException for given context if one exists.
+     *
+     * @param context unique name for each error
+     * @return ValidationException or null for given context
+     */
+    public ValidationException getError(String context) {
+        if (context == null) return null;
+        return errorList.get(context);
+    }
+
+    /**
+     * Returns true if no error are present.
+     *
+     * @return boolean
+     */
+    public boolean isEmpty() {
+        return errorList.isEmpty();
+    }
+
+    /**
+     * Returns the numbers of errors present.
+     *
+     * @return boolean
+     */
+    public int size() {
+        return errorList.size();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/ValidationRule.java b/src/main/java/org/owasp/esapi/ValidationRule.java
index b9b683527..2d93c3dbe 100644
--- a/src/main/java/org/owasp/esapi/ValidationRule.java
+++ b/src/main/java/org/owasp/esapi/ValidationRule.java
@@ -1,81 +1,100 @@
-package org.owasp.esapi;
-
-import java.util.Set;
-
-import org.owasp.esapi.errors.ValidationException;
-
-public interface ValidationRule {
-
-	/**
-	 * Parse the input, throw exceptions if validation fails
-	 * 
-	 * @param context
-	 *            for logging
-	 * @param input
-	 *            the value to be parsed
-	 * @return a validated value
-	 * @throws ValidationException
-	 *             if any validation rules fail
-	 */
-	Object getValid(String context, String input)
-			throws ValidationException;
-
-	/**
-	 * Whether or not a valid valid can be null. getValid will throw an
-	 * Exception and getSafe will return the default value if flag is set to
-	 * true
-	 * 
-	 * @param flag
-	 *            whether or not null values are valid/safe
-	 */
-	void setAllowNull(boolean flag);
-
-	/**
-	 * Programmatically supplied name for the validator
-	 * @return a name, describing the validator
-	 */
-	String getTypeName();
-
-	/**
-	 * @param typeName a name, describing the validator
-	 */
-	void setTypeName(String typeName);
-
-	/**
-	 * @param encoder the encoder to use
-	 */
-	void setEncoder(Encoder encoder);
-
-	/**
-	 * Check if the input is valid, throw an Exception otherwise 
-	 */
-	void assertValid(String context, String input)
-			throws ValidationException;
-
-	/**
-	 * Get a validated value, add the errors to an existing error list
-	 */
-	Object getValid(String context, String input,
-			ValidationErrorList errorList) throws ValidationException;
-
-	/**
-	 * Try to call get valid, then call sanitize, finally return a default value
-	 */
-	Object getSafe(String context, String input);
-	
-	/**
-	 * @return true if the input passes validation
-	 */
-	boolean isValid(String context, String input);
-
-	/**
-	 * String the input of all chars contained in the list
-	 */
-	String whitelist(String input, char[] list);
-	
-	/**
-	 * String the input of all chars contained in the list
-	 */
-	String whitelist(String input, Set<Character> list);
-
-}
\ No newline at end of file
+package org.owasp.esapi;
+
+import java.util.Set;
+
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * A ValidationRule performs syntax and possibly semantic validation of a single piece of data from an untrusted source.
+ *
+ * @since ESAPI 2.0GA
+ */
+public interface ValidationRule {
+
+    /**
+     * Parse the input, throw exceptions if validation fails
+     *
+     * @param context
+     *            for logging
+     * @param input
+     *            the value to be parsed
+     * @return a validated value
+     * @throws ValidationException
+     *             Thrown if any validation rules fail, <i>except</i> when the
+     *             <b>{@code ESAPI.properties}></b> property
+     *             "Validator.HtmlValidationAction" is set to
+     *             {@code clean}. The default <b>{@code ESAPI.properties}></b> property file
+     *             has "Validator.HtmlValidationAction" is set to {@code throw}, which results
+     *             in a {@code ValidationException} being thrown if any of the validation rules
+     *             fail.
+     *             
+     *             releases. See ESAPI GitHub Issues
+     *             <a href="https://github.com/ESAPI/esapi-java-legacy/issues/509}>509</a>
+     *             and <a href="https://github.com/ESAPI/esapi-java-legacy/issues/521">521</a>
+     *             for futher details.
+     *
+     * @see #getValid(String context, String input, ValidationErrorList errorList)
+     */
+    Object getValid(String context, String input)
+            throws ValidationException;
+
+    /**
+     * Whether or not a valid valid can be null. {@code getValid} will throw an
+     * Exception and {#code getSafe} will return the default value if flag is set to
+     * true
+     *
+     * @param flag
+     *            whether or not null values are valid/safe
+     */
+    void setAllowNull(boolean flag);
+
+    /**
+     * Programmatically supplied name for the validator
+     * @return a name, describing the validator
+     */
+    String getTypeName();
+
+    /**
+     * @param typeName a name, describing the validator
+     */
+    void setTypeName(String typeName);
+
+    /**
+     * @param encoder the encoder to use
+     */
+    void setEncoder(Encoder encoder);
+
+    /**
+     * Check if the input is valid, throw an Exception otherwise
+     */
+    void assertValid(String context, String input)
+            throws ValidationException;
+
+    /**
+     * Get a validated value, add the errors to an existing error list
+     */
+    Object getValid(String context, String input,
+            ValidationErrorList errorList) throws ValidationException;
+
+    /**
+     * Try to call {@code getvalid}, then call a 'sanitize' method for sanitization (if one exists),
+     * finally return a default value.
+     */
+    Object getSafe(String context, String input);
+
+    /**
+     * @return true if the input passes validation
+     */
+    boolean isValid(String context, String input);
+
+    /**
+     * String the input of all chars contained in the list
+     */
+    String whitelist(String input, char[] list);
+
+    /**
+     * String the input of all chars contained in the list
+     */
+    String whitelist(String input, Set<Character> list);
+
+}
diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 951d8c481..90eaa35ae 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -1,691 +1,1194 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.File;
-import java.io.InputStream;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * The Validator interface defines a set of methods for canonicalizing and
- * validating untrusted input. Implementors should feel free to extend this
- * interface to accommodate their own data formats. Rather than throw exceptions,
- * this interface returns boolean results because not all validation problems
- * are security issues. Boolean returns allow developers to handle both valid
- * and invalid results more cleanly than exceptions.
- * <P>
- * Implementations must adopt a "whitelist" approach to validation where a
- * specific pattern or character set is matched. "Blacklist" approaches that
- * attempt to identify the invalid or disallowed characters are much more likely
- * to allow a bypass with encoding or other tricks.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Validator {
-
-	void addRule( ValidationRule rule );
-
-	ValidationRule getRule( String name );
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException;
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
-	 * and input that is clearly an attack will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param type
-	 * 		The regular expression name that maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength
-	 * 		The maximum post-canonicalized String length allowed.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return The canonicalized user input.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Returns validated input as a String with optional canonicalization. Invalid input will generate a descriptive ValidationException,
-	 * and input that is clearly an attack will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param type
-	 * 		The regular expression name that maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength
-	 * 		The maximum post-canonicalized String length allowed.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param canonicalize
-	 *      If canonicalize is true then input will be canonicalized before validation
-	 *
-	 * @return The canonicalized user input.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidInput with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidInput with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls isValidDate and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls isValidDate and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a valid date as a Date. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param format
-	 * 		Required formatting of date inputted.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A valid date as a Date
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidDate with the supplied errorList to capture ValidationExceptions
-	 */
-	Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML and returns true if no exceptions are thrown.
-	 */
-	boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML and returns true if no exceptions are thrown.
-	 */
-	boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
-	 * Implementors should reference the OWASP AntiSamy project for ideas
-	 * on how to do HTML validation in a whitelist way, as this is an extremely difficult problem.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param maxLength
-	 * 		The maximum String length allowed.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return Valid safe HTML
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidCreditCard and returns true if no exceptions are thrown.
-	 */
-	boolean isValidCreditCard(String context, String input, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidCreditCard and returns true if no exceptions are thrown.
-	 */
-	boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a canonicalized and validated credit card number as a String. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A valid credit card number
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidDirectoryPath and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidDirectoryPath and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a canonicalized and validated directory path as a String, provided that the input
-	 * maps to an existing directory that is an existing subdirectory (at any level) of the specified parent. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException. Instead of throwing a ValidationException
-	 * on error, this variant will store the exception inside of the ValidationErrorList.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual input data to validate.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A valid directory path
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName with the default list of allowedExtensions
-	 */
-	boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName with the default list of allowedExtensions
-	 */
-	boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a canonicalized and validated file name as a String. Implementors should check for allowed file extensions here, as well as allowed file name characters, as declared in "ESAPI.properties". Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     *
-     * @return A valid file name
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidFileName with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidNumber and returns true if no exceptions are thrown.
-	 */
-	boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidNumber and returns true if no exceptions are thrown.
-	 */
-	boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a validated number as a double within the range of minValue to maxValue. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     * @param minValue
-     * 		Lowest legal value for input.
-     * @param maxValue
-     * 		Highest legal value for input.
-     *
-     * @return A validated number as a double.
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
-	 */
-	Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidInteger and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidInteger and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a validated integer. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     * @param minValue
-     * 		Lowest legal value for input.
-     * @param maxValue
-     * 		Highest legal value for input.
-     *
-     * @return A validated number as an integer.
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidInteger with the supplied errorList to capture ValidationExceptions
-	 */
-	Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidDouble and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidDouble and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a validated real number as a double. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     * @param minValue
-     * 		Lowest legal value for input.
-     * @param maxValue
-     * 		Highest legal value for input.
-     *
-     * @return A validated real number as a double.
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidDouble with the supplied errorList to capture ValidationExceptions
-	 */
-	Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileContent and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileContent and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns validated file content as a byte array. This is a good place to check for max file size, allowed character sets, and do virus scans.  Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual input data to validate.
-	 * @param maxBytes
-	 * 		The maximum number of bytes allowed in a legal file.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A byte array containing valid file content.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidFileContent with the supplied errorList to capture ValidationExceptions
-	 */
-	byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileUpload and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileUpload and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Validates the filepath, filename, and content of a file. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param filepath
-	 * 		The file path of the uploaded file.
-	 * @param filename
-	 * 		The filename of the uploaded file
-	 * @param content
-	 * 		A byte array containing the content of the uploaded file.
-	 * @param maxBytes
-	 * 		The max number of bytes allowed for a legal file upload.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions
-	 */
-	void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidListItem and returns true if no exceptions are thrown.
-	 */
-	boolean isValidListItem(String context, String input, List<String> list) throws IntrusionException;
-
-	/**
-	 * Calls getValidListItem and returns true if no exceptions are thrown.
-	 */
-	boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns the list item that exactly matches the canonicalized input. Invalid or non-matching input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The value to search 'list' for.
-	 * @param list
-	 * 		The list to search for 'input'.
-	 *
-	 * @return The list item that exactly matches the canonicalized input.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidListItem with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
-	 */
-	boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws IntrusionException;
-
-	/**
-	 * Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
-	 */
-	boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Validates that the parameters in the current request contain all required parameters and only optional ones in
-	 * addition. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param required
-	 * 		parameters that are required to be in HTTP request
-	 * @param optional
-	 * 		additional parameters that may be in HTTP request
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidHTTPRequestParameterSet with the supplied errorList to capture ValidationExceptions
-	 */
-	void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException;
-
-        /**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated printable characters as a byte array. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 *  @param context
-	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 *  @param input
-	 *  		data to be returned as valid and printable
-	 *  @param maxLength
-	 *  		Maximum number of bytes stored in 'input'
-	 *  @param allowNull
-	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 *  @return a byte array containing only printable characters, made up of data from 'input'
-	 *
-	 *  @throws ValidationException
-	 */
-	char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException;
-
-	/**
-	 * Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
-	 */
-	char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-
-	/**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) throws IntrusionException;
-
-        /**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated printable characters as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 *  @param context
-	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 *  @param input
-	 *  		data to be returned as valid and printable
-	 *  @param maxLength
-	 *  		Maximum number of bytes stored in 'input' after canonicalization
-	 *  @param allowNull
-	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 *  @return a String containing only printable characters, made up of data from 'input'
-	 *
-	 *  @throws ValidationException
-	 */
-	String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException;
-
-	/**
-	 * Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidRedirectLocation and returns true if no exceptions are thrown.
-	 */
-	boolean isValidRedirectLocation(String context, String input, boolean allowNull);
-
-        /**
-	 * Calls getValidRedirectLocation and returns true if no exceptions are thrown.
-	 */
-	boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList);
-
-	/**
-	 * Returns a canonicalized and validated redirect location as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 *  @param context
-	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 *  @param input
-	 *  		redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"
-	 *  @param allowNull
-	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 *  @return A canonicalized and validated redirect location, as defined in "ESAPI.properties"
-	 *
-	 *  @throws ValidationException
-	 *  @throws IntrusionException
-	 */
-	String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidRedirectLocation with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Reads from an input stream until end-of-line or a maximum number of
-	 * characters. This method protects against the inherent denial of service
-	 * attack in reading until the end of a line. If an attacker doesn't ever
-	 * send a newline character, then a normal input stream reader will read
-	 * until all memory is exhausted and the platform throws an OutOfMemoryError
-	 * and probably terminates.
-	 *
-	 * @param inputStream
-	 * 		The InputStream from which to read data
-	 * @param maxLength
-	 * 		Maximum characters allowed to be read in per line
-	 *
-	 * @return a String containing the current line of inputStream
-	 *
-	 * @throws ValidationException
-	 */
-	String safeReadLine(InputStream inputStream, int maxLength) throws ValidationException;
-
-}
-
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Worldwide Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.File;
+import java.io.InputStream;
+import java.net.URI;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * The Validator interface defines a set of methods for canonicalizing and
+ * validating untrusted input. Implementors should feel free to extend this
+ * interface to accommodate their own data formats. Rather than throw exceptions,
+ * this interface returns boolean results because not all validation problems
+ * are security issues. Boolean returns allow developers to handle both valid
+ * and invalid results more cleanly than exceptions.
+ * <p>
+ * Implementations must adopt a "allow-list" approach to validation where a
+ * specific pattern or character set is matched. "Blacklist" approaches that
+ * attempt to identify the invalid or disallowed characters are much more likely
+ * to allow a bypass with encoding or other tricks.
+ * </p><p>
+ * <b>CAUTION:</b> There are many methods that take multiple (or only!) {@code String}
+ * arguments. Be careful that you do not mix up the order of these, because for
+ * several methods that have {@code context} and {@code input} arguments, mixing up
+ * the order of those likely will result in serious security consequences.
+ * . When there are 2 these {@code String} parameters&mdash;{@code context} and
+ * {@code input} arguments&mdash;the {@code context} argument is <i>always</i> first.
+ * See the individual method documentation for additional details.
+ * </p>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Validator {
+
+    /**
+     * Add a validation rule to the registry using the "type name" of the rule as the key.
+     * @param rule The {@link ValidationRule} to add.
+     */
+    void addRule( ValidationRule rule );
+
+    /**
+     * Get a validation rule from the registry with the "type name" of the rule as the key.
+     * @param name The "type" name of a {@link ValidationRule} to retrieve.
+     */
+    ValidationRule getRule( String name );
+
+    /**
+     * Returns true if canonicalized input is valid.
+     * <p>
+     * Calls {@link #getValidInput(String, String, String, int, boolean, boolean)} with {@code canonicalize=true}
+     * and returns true if no exceptions are thrown.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "LoginPage_UsernameField").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param type
+     *        The regular expression name which maps to the actual regular expression from "ESAPI.properties".
+     * @param maxLength
+     *         The maximum {@code String} length allowed for {@code input}.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if canonicalized input is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidInput(String, String, String, int, boolean, boolean)} with {@code canonicalize=true}
+     * and returns true if no exceptions are thrown.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "LoginPage_UsernameField").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param type
+     *        The regular expression name which maps to the actual regular expression from "ESAPI.properties".
+     * @param maxLength
+     *         The maximum {@code String} length allowed for {@code input}.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param errorList The error list to which any {@code ValidationException} messages are added.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidInput(String, String, String, int, boolean, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "LoginPage_UsernameField").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param type
+     *        The regular expression name which maps to the actual regular expression from "ESAPI.properties".
+     * @param maxLength
+     *         The maximum {@code String} length allowed for {@code input}.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param canonicalize
+     *         If true, the {@code input} if first canonicalized before being validated.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid;
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidInput(String, String, String, int, boolean, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "LoginPage_UsernameField").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param type
+     *        The regular expression name which maps to the actual regular expression from "ESAPI.properties".
+     * @param maxLength
+     *         The maximum {@code String} length allowed for {@code input}.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param canonicalize
+     *         If true, the {@code input} if first canonicalized before being validated.
+     * @param errorList The error list to which any {@code ValidationException} messages are added.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns the validated, canonicalized {@code input} as a String.
+     * <p>
+     * Calls {@link #getValidInput(String, String, String, int, boolean, boolean)}
+     * with {@code canonicalize=true}.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "LoginPage_UsernameField").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param type
+     *        The regular expression name which maps to the actual regular expression from "ESAPI.properties".
+     * @param maxLength
+     *         The maximum {@code String} length allowed for {@code input}.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @throws ValidationException Input is invalid, based on the regex associated with {@code type}.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns validated {@code input} as a String with optional canonicalization.
+     * <p>
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *        A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *        This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *        The actual user input data to validate.
+     * @param type
+     *        The regular expression name which maps to the actual regular expression from "ESAPI.properties".
+     * @param maxLength
+     *        The maximum post-canonicalized String length allowed.
+     * @param allowNull
+     *        If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *        If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param canonicalize
+     *        If canonicalize is true then input will be canonicalized before validation.
+     *
+     * @return The canonicalized user input.
+     *
+     * @throws ValidationException Input is invalid, based on the regex associated with {@code type}.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns canonicalized validated {@code input} as a String,
+     * and adds validation exceptions to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidInput(String, String, String, int, boolean, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns validated {@code input} as a String with optional canonicalization,
+     * and adds validation exceptions to the supplied {@code errorList}.
+     * <p>
+     * Returns the result of calling {@link #getValidInput(String, String, String, int, boolean, boolean)}
+     * with {@code canonicalize=true}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidDate(String, String, DateFormat, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidDate(String, String, DateFormat, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns a valid date as a {@link java.util.Date}.
+     * <p>
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param format
+     *         Required formatting of date inputted.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A valid date as a {@link java.util.Date}
+     *
+     * @throws ValidationException Input is invalid, based on the regex associated with {@code type}.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a valid date as a {@link java.util.Date},
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidDate(String, String, DateFormat, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Canonicalize and then sanitize the input so that it is "safe" for rendering in an HTML context (i.e., that
+     * it does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else). Note that the resulting
+     * returned value may omit input that is considered dangerous and cannot be safely sanitized and other input
+     * that gets HTML encoded (e.g., a single quote (') might get changed to "&quot;").
+     * <p>
+     * The default behavior of this check depends on the {@code antisamy-esapi.xml} AntiSamy policy configuration file
+     * (or an alternate filename, specified via the "Validator.HtmlValidationConfigurationFile" property in your
+     * {@code ESAPI.properties} file. Implementors wishing to alter the AntiSamy policy configuration file should
+     * reference the <a href="https://owasp.org/www-project-antisamy/">OWASP AntiSamy project</a> for ideas
+     * on how to do HTML validation in a allow-list way, as this is an extremely difficult problem.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "LoginPage_UsernameField").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param maxLength
+     *         The maximum {@code String} length allowed for {@code input}.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A string representing the canonicalized and sanitized input that is safe for rendering in an HTML context.
+     *
+     * @throws ValidationException Input is invalid, based on the regex associated with {@code type}.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Canonicalize and then sanitize the input so that it is "safe" for rendering in an HTML context (i.e., that
+     * it does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else). Note that the resulting
+     * returned value may omit input that is considered dangerous and cannot be safely sanitized and other input
+     * that gets HTML encoded (e.g., a single quote (') might get changed to "&quot;").
+     * <p>
+     * The default behavior of this check depends on the {@code antisamy-esapi.xml} AntiSamy policy configuration file
+     * (or an alternate filename, specified via the "Validator.HtmlValidationConfigurationFile" property in your
+     * {@code ESAPI.properties} file. Implementors wishing to alter the AntiSamy policy configuration file should
+     * reference the <a href="https://owasp.org/www-project-antisamy/">OWASP AntiSamy project</a> for ideas
+     * on how to do HTML validation in a allow-list way, as this is an extremely difficult problem.
+     * <p>
+     * Calls {@link #getValidSafeHTML(String, String, int, boolean)}.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "LoginPage_UsernameField").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param maxLength
+     *         The maximum {@code String} length allowed for {@code input}.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param errorList The error list to which any {@code ValidationException} messages are added.
+     *
+     * @return A string representing the canonicalized and sanitized input that is safe for rendering in an HTML context.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} matches the pattern for a valid credit card number.
+     * <p>
+     * Calls {@link #getValidCreditCard(String, String, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidCreditCard(String context, String input, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} matches the pattern for a valid credit card number,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidCreditCard(String, String, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns a canonicalized and validated credit card number as a String.
+     * <p>
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., PaymentPage_CreditCard).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A valid credit card number
+     *
+     * @throws ValidationException Input is invalid because it doesn't appear to be a valid credit card account number.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a canonicalized and validated credit card number as a String,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidCreditCard(String, String, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidDirectoryPath(String, String, File, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidDirectoryPath(String, String, File, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns a canonicalized and validated directory path as a String, provided that the input
+     * maps to an existing directory that is an existing subdirectory (at any level) of the specified parent.
+     * <p>
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual input data to validate.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A valid directory path
+     *
+     * @throws ValidationException Input is invalid (e.g., the provided input is not a directory).
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a canonicalized and validated directory path as a String, provided that the input
+     * maps to an existing directory that is an existing subdirectory (at any level) of the specified parent;
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidDirectoryPath(String, String, File, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidFileName(String, String, List, boolean)}
+     * with allowedExtensions set to the configured {@code ESAPI.securityConfiguration().getAllowedFileExtensions()}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     *
+     * @see ESAPI#securityConfiguration()
+     * @see SecurityConfiguration#getAllowedFileExtensions()
+     */
+    boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidFileName(String, String, List, boolean)}
+     * with allowedExtensions set to the configured {@code ESAPI.securityConfiguration().getAllowedFileExtensions()}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     *
+     * @see ESAPI#securityConfiguration()
+     * @see SecurityConfiguration#getAllowedFileExtensions()
+     */
+    boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidFileName(String, String, List, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     *
+     * @see ESAPI#securityConfiguration()
+     * @see SecurityConfiguration#getAllowedFileExtensions()
+     */
+    boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidFileName(String, String, List, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     *
+     * @see ESAPI#securityConfiguration()
+     * @see SecurityConfiguration#getAllowedFileExtensions()
+     */
+    boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns a canonicalized and validated file name as a String.
+     * Implementors should check for allowed file extensions here,
+     * as well as allowed file name characters, as declared in "ESAPI.properties".
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual input data to validate.
+     * @param allowedExtensions
+     *         List of file extensions which will be accepted.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A valid file name
+     *
+     * @throws ValidationException Input is invalid (e.g., {@code input} refers to a non-existant file, does not have a
+     *         valid file extension as per {@code allowedExtensions}, does not match the canonicalized path,
+     *         exceeds a maximum length of 255 characters, etc.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a canonicalized and validated file name as a String,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidFileName(String, String, List, boolean)},
+     * the supplied {@code errorList} is used to capture ValidationExceptions.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidNumber(String, String, long, long, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidNumber(String, String, long, long, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns a validated number as a double within the range of minValue to maxValue.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual input data to validate.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param minValue
+     *         Lowest legal value for input.
+     * @param maxValue
+     *         Highest legal value for input.
+     *
+     * @return A validated number as a double.
+     *
+     * @throws ValidationException Input is invalid; that is, not a number in the range
+     *         of [{@code minValue}, {@code maxValue}].
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a validated number as a double within the range of
+     * [{@code minValue}, {@code maxValue}]; any validation
+     * exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidNumber(String, String, long, long, boolean)}.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "OrderPage_Quantity").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param minValue
+     *         Lowest legal value for input.
+     * @param maxValue
+     *         Highest legal value for input.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param errorList The error list to which any {@code ValidationException} messages are added.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is a valid integer between {@code minValue} and {@code maxValue} inclusive.
+     * <p>
+     * Calls {@link #getValidInteger(String, String, int, int, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "OrderPage_Quantity").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param minValue
+     *         Lowest legal value for input.
+     * @param maxValue
+     *         Highest legal value for input.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is a valid integer between {@code minValue} and {@code maxValue} inclusive,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidInteger(String, String, int, int, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., "OrderPage_Quantity").
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual user input data to validate.
+     * @param minValue
+     *         Lowest legal value for input.
+     * @param maxValue
+     *         Highest legal value for input.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param errorList The error list to which any {@code ValidationException} messages are added.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns a validated integer,
+     * {@code input} is a valid integer if it is between {@code minValue} and {@code maxValue} inclusive.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., OrderPage_Quantity).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual input data to validate.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param minValue
+     *         Lowest legal value for input.
+     * @param maxValue
+     *         Highest legal value for input.
+     *
+     * @return A validated number as an integer.
+     *
+     * @throws ValidationException Input is not a valid integer in the range of [{@code minValue}, {@code maxValue}].
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a validated integer,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidInteger(String, String, int, int, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidDouble(String, String, double, double, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidDouble(String, String, double, double, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns a validated real number as a double.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual input data to validate.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     * @param minValue
+     *         Lowest legal value for input.
+     * @param maxValue
+     *         Highest legal value for input.
+     *
+     * @return A validated real number as a double.
+     *
+     * @throws ValidationException Input is invalid.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a validated real number as a double,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidDouble(String, String, double, double, boolean)},
+     * the supplied {@code errorList} is used to capture ValidationExceptions.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidFileContent(String, byte[], int, boolean)},
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidFileContent(String, byte[], int, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns validated file content as a byte array.
+     * This is a good place to check for max file size, allowed character sets, and do virus scans.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The actual input data to validate.
+     * @param maxBytes
+     *         The maximum number of bytes allowed in a legal file.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A byte array containing valid file content.
+     *
+     * @throws ValidationException Input is invalid.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns validated file content as a byte array,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidFileContent(String, byte[], int, boolean)},
+     * the supplied {@code errorList} is used to capture ValidationExceptions.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code filepath}, {@code filename}, and {@code content} of a file are valid.
+     * <p>
+     * Calls {@link #isValidFileName(String, String, boolean)},
+     * {@link #isValidDirectoryPath(String, String, File, boolean)},
+     * and {@link #isValidFileContent(String, byte[], int, boolean)},
+     * and returns true if all three checks pass.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code filepath}, {@code filename}, and {@code content} of a file are valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #isValidFileName(String, String, boolean, ValidationErrorList)}
+     * {@link #isValidDirectoryPath(String, String, File, boolean, ValidationErrorList)}
+     * and {@link #isValidFileContent(String, byte[], int, boolean, ValidationErrorList)},
+     * and returns true if all three checks pass.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Validates the {@code filepath}, {@code filename}, and {@code content} of a file.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param filepath
+     *         The file path of the uploaded file.
+     * @param filename
+     *         The filename of the uploaded file
+     * @param content
+     *         A byte array containing the content of the uploaded file.
+     * @param maxBytes
+     *         The max number of bytes allowed for a legal file upload.
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @throws ValidationException Input is invalid.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Validates the {@code filepath}, {@code filename}, and {@code content} of a file,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #assertValidFileUpload(String, String, String, File, byte[], int, List, boolean)},
+     * the supplied {@code errorList} is used to capture ValidationExceptions.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidListItem(String, String, List)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidListItem(String context, String input, List<String> list) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidListItem(String, String, List)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns the list item that exactly matches the canonicalized input.
+     * Invalid or non-matching input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         The value to search 'list' for.
+     * @param list
+     *         The list to search for 'input'.
+     *
+     * @return The list item that exactly matches the canonicalized input.
+     *
+     * @throws ValidationException Input is invalid.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns the list item that exactly matches the canonicalized input,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidListItem(String, String, List)}
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if only required and optional parameters are in the request.
+     * <p>
+     * Calls {@link #assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set, Set)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws IntrusionException;
+
+    /**
+     * Returns true if only required and optional parameters are in the request,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set, Set)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Validates that the parameters in the current request contain all required parameters
+     * and only optional ones in addition.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param required
+     *         parameters that are required to be in HTTP request
+     * @param optional
+     *         additional parameters that may be in HTTP request
+     *
+     * @throws ValidationException Input is invalid.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException;
+
+    /**
+     * Validates that the parameters in the current request contain all required parameters
+     * and only optional ones in addition,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #assertValidHTTPRequestParameterSet(String, HttpServletRequest, Set, Set)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidPrintable(String, char[], int, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidPrintable(String, char[], int, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns canonicalized and validated printable characters as a byte array.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         data to be returned as valid and printable
+     * @param maxLength
+     *         Maximum number of bytes stored in 'input'
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return a byte array containing only printable characters, made up of data from 'input'
+     *
+     * @throws ValidationException Input is invalid.
+     */
+    char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException;
+
+    /**
+     * Returns canonicalized and validated printable characters as a byte array,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidPrintable(String, char[], int, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidPrintable(String, String, int, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidPrintable(String, String, int, boolean)}
+     * and returns true if no exceptions are thrown.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns canonicalized and validated printable characters as a String.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         data to be returned as valid and printable
+     * @param maxLength
+     *         Maximum number of bytes stored in 'input' after canonicalization
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return a String containing only printable characters, made up of data from 'input'
+     *
+     * @throws ValidationException Input is invalid.
+     */
+    String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException;
+
+    /**
+     * Returns canonicalized and validated printable characters as a String,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidPrintable(String, String, int, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Returns true if {@code input} is valid.
+     * <p>
+     * Calls {@link #getValidRedirectLocation(String, String, boolean)}
+     * and returns true if no exceptions are thrown.
+     */
+    boolean isValidRedirectLocation(String context, String input, boolean allowNull);
+
+    /**
+     * Returns true if {@code input} is valid,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidRedirectLocation(String, String, boolean)}
+     * and returns true if no exceptions are thrown.
+     */
+    boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList);
+
+    /**
+     * Returns a canonicalized and validated redirect location as a String.
+     * Invalid input will generate a descriptive ValidationException,
+     * and input that is clearly an attack will generate a descriptive IntrusionException.
+     *
+     * @param context
+     *         A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *         This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *         redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"
+     * @param allowNull
+     *         If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *         If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A canonicalized and validated redirect location, as defined in "ESAPI.properties"
+     *
+     * @throws ValidationException Input is invalid.
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
+
+    /**
+     * Returns a canonicalized and validated redirect location as a String,
+     * any validation exceptions are added to the supplied {@code errorList}.
+     * <p>
+     * Calls {@link #getValidRedirectLocation(String, String, boolean)}.
+     *
+     * @throws IntrusionException Input likely indicates an attack.
+     */
+    String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+    /**
+     * Reads from an input stream until end-of-line or a maximum number of
+     * characters. This method protects against the inherent denial of service
+     * attack in reading until the end of a line. If an attacker doesn't ever
+     * send a newline character, then a normal input stream reader will read
+     * until all memory is exhausted and the platform throws an OutOfMemoryError
+     * and probably terminates.
+     *
+     * @param inputStream
+     *         The InputStream from which to read data
+     * @param maxLength
+     *         Maximum characters allowed to be read in per line
+     *
+     * @return a String containing the current line of inputStream
+     *
+     * @throws ValidationException Input is invalid.
+     */
+    String safeReadLine(InputStream inputStream, int maxLength) throws ValidationException;
+
+    /**
+     * Parses and ensures that the URI in question is a valid RFC-3986 URI.  This simplifies
+     * the kind of regex required for subsequent validation to mitigate regex-based DoS attacks.
+     *
+     * @see <a href="https://www.ietf.org/rfc/rfc3986.txt">RFC-3986.</a>
+     *
+     * @param context
+     *          A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField).
+     *          This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     *          redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"
+     * @param allowNull
+     *          If {@code allowNull} is true then an input that is NULL or an empty string will be legal.
+     *          If {@code allowNull} is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return True if the URI is valid
+     */
+    boolean isValidURI(String context, String input, boolean allowNull);
+
+    /**
+     * Will return a {@code URI} object that will represent a fully parsed and legal URI
+     * as specified in RFC-3986.
+     *
+     * @param input String
+     * @return URI object representing a parsed URI, or {@code null} if the URI was non-compliant in some way.
+     */
+    URI getRfcCompliantURI(String input);
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
new file mode 100644
index 000000000..8595cb6e1
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
@@ -0,0 +1,47 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
+package org.owasp.esapi.codecs;
+
+/**
+ *
+ * This abstract Impl is broken off from the original {@code Codec} class and
+ * provides the {@code Character} parsing logic that has been with ESAPI from the beginning.
+ *
+ */
+public abstract class AbstractCharacterCodec extends AbstractCodec<Character> {
+    /* (non-Javadoc)
+     * @see org.owasp.esapi.codecs.Codec#decode(java.lang.String)
+     */
+    @Override
+    public String decode(String input) {
+        StringBuilder sb = new StringBuilder();
+        PushbackSequence<Character> pbs = new PushbackString(input);
+        while (pbs.hasNext()) {
+            Character c = decodeCharacter(pbs);
+            if (c != null) {
+                sb.append(c);
+            } else {
+                sb.append(pbs.next());
+            }
+        }
+        return sb.toString();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
new file mode 100644
index 000000000..5149b5d0a
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -0,0 +1,175 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * The {@code Coded} interface defines a set of methods for encoding and decoding application level encoding schemes,
+ * such as HTML entity encoding and percent encoding (aka URL encoding). {@code Coded}s are used in output encoding
+ * and canonicalization.  The design of these codecs allows for character-by-character decoding, which is
+ * necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques
+ * used by attackers to bypass validation and bury encoded attacks in data.
+ * <p>
+ * Be sure to see the several <b>WARNING</b>s associated with the detailed
+ * method descriptions. You will not find that in the "Method Summary" section
+ * of the javadoc because that only shows the initial sentence.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @param <T>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public abstract class AbstractCodec<T> implements Codec<T> {
+
+    /**
+     * Initialize an array to mark which characters are to be encoded. Store the hex
+     * string for that character to save time later. If the character shouldn't be
+     * encoded, then store null.
+     */
+    private final String[] hex = new String[256];
+
+    /**
+     * Default constructor
+     */
+    public AbstractCodec() {
+        for ( char c = 0; c < 0xFF; c++ ) {
+            if ( c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) {
+                hex[c] = null;
+            } else {
+                hex[c] = toHex(c).intern();
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * </p><p>
+     * <b>WARNING!!</b>  {@code Character} based {@code Codec}s will only handle the byte range of
+     * 0-65535 (0x0-0xffff).  Passing any data represented by a higher numerical value will result in
+     * a downcast thus destroying the original data with undefined results.
+     * <p>
+     * Also, if you are implementing an {@code Integer} based codec, these will be silently discarded
+     * based on the return from {@code Character.isValidCodePoint( int )}.  This is the preferred
+     * behavior moving forward.
+     */
+    @Override
+    public String encode(char[] immune, String input) {
+        StringBuilder sb = new StringBuilder();
+        for(int offset  = 0; offset < input.length(); ) {
+            final int point = input.codePointAt(offset);
+            if (Character.isBmpCodePoint(point)) {
+                //We can then safely cast this to char and maintain legacy behavior.
+                sb.append(encodeCharacter(immune, new Character((char) point)));
+            } else {
+                sb.append(encodeCharacter(immune, point));
+            }
+            offset += Character.charCount(point);
+        }
+        return sb.toString();
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * <b>WARNING!!!!</b>  Passing a standard {@code char} rather than {@code Character} to this method will resolve to the
+     * {@link #encodeCharacter( char[], char )} method, which will throw an {@code IllegalArgumentException} instead.
+     * YOU HAVE BEEN WARNED!!!!
+     */
+    @Override
+    public String encodeCharacter( char[] immune, Character c ) {
+        return ""+c;
+    }
+
+
+    /**
+     * To prevent accidental usage and calling
+     * {@link #encodeCharacter( char[], int)} when called with {@code char} and
+     * {@code char} is first silently converted to {@code int} and then the
+     * unexpected method is called.
+     *
+     * @throws IllegalArgumentException to indicate that you called the incorrect method.
+     */
+    public String encodeCharacter(char[] immune, char c) {
+        throw new IllegalArgumentException("You tried to call encodeCharacter() with a char.  Nope.  " +
+                                           "Use 'encodeCharacter( char[] immune, Character c)' instead!");
+    }
+
+    /* (non-Javadoc)
+     * @see org.owasp.esapi.codecs.Codec#encodeCharacter(char[], int)
+     */
+    @Override
+    public String encodeCharacter( char[] immune, int codePoint ) {
+        String rval = "";
+        if(Character.isValidCodePoint(codePoint)){
+            rval = new StringBuilder().appendCodePoint(codePoint).toString();
+        }
+        return rval;
+    }
+
+
+
+    /* (non-Javadoc)
+     * @see org.owasp.esapi.codecs.Codec#decodeCharacter(org.owasp.esapi.codecs.PushbackString)
+     */
+    @Override
+    public T decodeCharacter( PushbackSequence<T> input ) {
+        return input.next();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHexForNonAlphanumeric(char c) {
+        if(c<0xFF)
+            return hex[c];
+        return toHex(c);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHexForNonAlphanumeric(int c) {
+        if (c<0xFF) {
+            return hex[c];
+        } else {
+            return toHex(c);
+        }
+    }
+
+    public String toOctal(char c) {
+        return Integer.toOctalString(c);
+    }
+
+    public String toHex(char c) {
+        return Integer.toHexString(c);
+    }
+
+    public String toHex(int c) {
+        return Integer.toHexString(c);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean containsCharacter( char c, char[] array ) {
+        for (char ch : array) {
+            if (c == ch) return true;
+        }
+        return false;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
new file mode 100644
index 000000000..5bf9038dd
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
@@ -0,0 +1,53 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+/**
+ * This class is intended to be an alternative Abstract Implementation for parsing encoding
+ * data by focusing on {@code int} as opposed to {@code Character}.  Because non-BMP code
+ * points cannot be represented by a {@code char}, this class remedies that by parsing string
+ * data as codePoints as opposed to a stream of {@code char}s.
+ *
+ * WARNING:  This class will silently discard an invalid code point according to
+ * the result of {@code Character.isValidCodePoint( int )} method.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @since 2017 -- Adapted from Jeff Williams' original {@code Codec} class.
+ */
+public class AbstractIntegerCodec extends AbstractCodec<Integer> {
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String decode(String input) {
+        StringBuilder sb = new StringBuilder();
+        PushbackSequence<Integer> pbs = new PushBackSequenceImpl(input);
+        while (pbs.hasNext()) {
+            Integer c = decodeCharacter(pbs);
+            if (c != null && Character.isValidCodePoint(c)) {
+                sb.appendCodePoint(c);
+            } else {
+                sb.appendCodePoint(pbs.next());
+            }
+        }
+        return sb.toString();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
new file mode 100644
index 000000000..31b338d90
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
@@ -0,0 +1,70 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ *
+ */
+
+package org.owasp.esapi.codecs;
+
+/**
+ * This Abstract class provides the generic logic for using a {@link PushbackSequence}
+ * in regard to iterating strings.  The final Impl is intended for the user to supply
+ * a type T such that the pushback interface can be utilized for sequences
+ * of type T.  Presently this generic class is limited by the fact that
+ * input is a String.
+ *
+ * @author Matt Seil
+ *
+ * @param <T>
+ */
+public abstract class AbstractPushbackSequence<T> implements PushbackSequence<T> {
+    protected String input;
+    protected T pushback;
+    protected T temp;
+    protected int index = 0;
+    protected int mark = 0;
+
+    public AbstractPushbackSequence(String input) {
+        this.input = input;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void pushback(T c) {
+        pushback = c;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int index() {
+        return index;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean hasNext() {
+        if (pushback != null)
+            return true;
+        if (input == null)
+            return false;
+        if (input.length() == 0)
+            return false;
+        if (index >= input.length())
+            return false;
+        return true;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/Base64.java b/src/main/java/org/owasp/esapi/codecs/Base64.java
index 3f2d384da..0d7097afd 100644
--- a/src/main/java/org/owasp/esapi/codecs/Base64.java
+++ b/src/main/java/org/owasp/esapi/codecs/Base64.java
@@ -1,1855 +1,1646 @@
-package org.owasp.esapi.codecs;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-// CHECKME: Version at http://iharder.net/base64 is up to v2.3.3. Some semantic changes
-// starting with v2.3. Should we upgrade and then add ESAPI logging or stay at 2.2.2 base?
-// I think that really depends on how much OWASP ESAPI plans on tracking changes to this
-// version vs. if the plan was just to fork from it and maintain OWASP's own version.
-// At this point, I think I prefer split from tracking Harder's original, but I'm easily
-// persuaded otherwise. - Kevin Wall
-
-/**
- * <p>Encodes and decodes to and from Base64 notation.</p>
- * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>.</p>
- *
- * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass 
- * several pieces of information to the encoder. In the "higher level" methods such as 
- * encodeBytes( bytes, options ) the options parameter can be used to indicate such 
- * things as first gzipping the bytes before encoding them, not inserting linefeeds 
- * (though that breaks strict Base64 compatibility), and encoding using the URL-safe 
- * and Ordered dialects.</p>
- *
- * <p>The constants defined in Base64 can be OR-ed together to combine options, so you 
- * might make a call like this:</p>
- *
- * <code>String encoded = Base64.encodeBytes( mybytes, Base64.GZIP | Base64.DONT_BREAK_LINES );</code>
- *
- * <p>to compress the data before encoding it and then making the output have no newline characters.</p>
- *
- *
- * <p>
- * Change Log:
- * </p>
- * <ul>
- *  <li>v2.2.2 - Fixed encodeFileToFile and decodeFileToFile to use the
- *   Base64.InputStream class to encode and decode on the fly which uses
- *   less memory than encoding/decoding an entire file into memory before writing.</li>
- *  <li>v2.2.1 - Fixed bug using URL_SAFE and ORDERED encodings. Fixed bug
- *   when using very small files (~< 40 bytes).</li>
- *  <li>v2.2 - Added some helper methods for encoding/decoding directly from
- *   one file to the next. Also added a main() method to support command line
- *   encoding/decoding from one file to the next. Also added these Base64 dialects:
- *   <ol>
- *   <li>The default is RFC3548 format.</li>
- *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.URLSAFE_FORMAT) generates
- *   URL and file name friendly format as described in Section 4 of RFC3548.
- *   http://www.faqs.org/rfcs/rfc3548.html</li>
- *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.ORDERED_FORMAT) generates
- *   URL and file name friendly format that preserves lexical ordering as described
- *   in http://www.faqs.org/qa/rfcc-1940.html</li>
- *   </ol>
- *   Special thanks to Jim Kellerman at <a href="http://www.powerset.com/">http://www.powerset.com/</a>
- *   for contributing the new Base64 dialects.
- *  </li>
- * 
- *  <li>v2.1 - Cleaned up javadoc comments and unused variables and methods. Added
- *   some convenience methods for reading and writing to and from files.</li>
- *  <li>v2.0.2 - Now specifies UTF-8 encoding in places where the code fails on systems
- *   with other encodings (like EBCDIC).</li>
- *  <li>v2.0.1 - Fixed an error when decoding a single byte, that is, when the
- *   encoded data was a single byte.</li>
- *  <li>v2.0 - I got rid of methods that used booleans to set options. 
- *   Now everything is more consolidated and cleaner. The code now detects
- *   when data that's being decoded is gzip-compressed and will decompress it
- *   automatically. Generally things are cleaner. You'll probably have to
- *   change some method calls that you were making to support the new
- *   options format (<tt>int</tt>s that you "OR" together).</li>
- *  <li>v1.5.1 - Fixed bug when decompressing and decoding to a             
- *   byte[] using <tt>decode( String s, boolean gzipCompressed )</tt>.      
- *   Added the ability to "suspend" encoding in the Output Stream so        
- *   you can turn on and off the encoding if you need to embed base64       
- *   data in an otherwise "normal" stream (like an XML file).</li>  
- *  <li>v1.5 - Output stream pases on flush() command but doesn't do anything itself.
- *      This helps when using GZIP streams.
- *      Added the ability to GZip-compress objects before encoding them.</li>
- *  <li>v1.4 - Added helper methods to read/write files.</li>
- *  <li>v1.3.6 - Fixed OutputStream.flush() so that 'position' is reset.</li>
- *  <li>v1.3.5 - Added flag to turn on and off line breaks. Fixed bug in input stream
- *      where last buffer being read, if not completely full, was not returned.</li>
- *  <li>v1.3.4 - Fixed when "improperly padded stream" error was thrown at the wrong time.</li>
- *  <li>v1.3.3 - Fixed I/O streams which were totally messed up.</li>
- * </ul>
- *
- * <p>
- * I am placing this code in the Public Domain. Do with it as you will.
- * This software comes with no guarantees or warranties but with
- * plenty of well-wishing instead!
- * Please visit <a href="http://iharder.net/base64">http://iharder.net/base64</a>
- * periodically to check for updates or to contribute improvements.
- * </p>
- *
- * @author Robert Harder
- * @author rob@iharder.net
- * @version 2.2.2
- */
-public class Base64
-{
-    
-/* ********  P U B L I C   F I E L D S  ******** */   
-    
-    
-    /** No options specified. Value is zero. */
-    public final static int NO_OPTIONS = 0;
-    
-    /** Specify encoding. */
-    public final static int ENCODE = 1;
-    
-    
-    /** Specify decoding. */
-    public final static int DECODE = 0;
-    
-    
-    /** Specify that data should be gzip-compressed. */
-    public final static int GZIP = 2;
-    
-    
-    /** Don't break lines when encoding (violates strict Base64 specification) */
-    public final static int DONT_BREAK_LINES = 8;
-	
-	/** 
-	 * Encode using Base64-like encoding that is URL- and Filename-safe as described
-	 * in Section 4 of RFC3548: 
-	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
-	 * It is important to note that data encoded this way is <em>not</em> officially valid Base64, 
-	 * or at the very least should not be called Base64 without also specifying that is
-	 * was encoded using the URL- and Filename-safe dialect.
-	 */
-	 public final static int URL_SAFE = 16;
-	 
-	 
-	 /**
-	  * Encode using the special "ordered" dialect of Base64 described here:
-	  * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
-	  */
-	 public final static int ORDERED = 32;
-    
-    
-/* ********  P R I V A T E   F I E L D S  ******** */  
-    
-    
-    /** Maximum line length (76) of Base64 output. */
-    private final static int MAX_LINE_LENGTH = 76;
-    
-    
-    /** The equals sign (=) as a byte. */
-    private final static byte EQUALS_SIGN = (byte)'=';
-    
-    
-    /** The new line character (\n) as a byte. */
-    private final static byte NEW_LINE = (byte)'\n';
-    
-    
-    /** Preferred encoding. */
-    private final static String PREFERRED_ENCODING = "UTF-8";
-    
-    /** End of line character. */
-    private final static String EOL = System.getProperty("line.separator", "\n");
-	
-	
-    // I think I end up not using the BAD_ENCODING indicator.
-    //private final static byte BAD_ENCODING    = -9; // Indicates error in encoding
-    private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
-    private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
-	
-    private static final Logger logger = ESAPI.getLogger("Base64");
-    
-	
-/* ********  S T A N D A R D   B A S E 6 4   A L P H A B E T  ******** */	
-    
-    /** The 64 valid Base64 values. */
-    //private final static byte[] ALPHABET;
-	/* Host platform me be something funny like EBCDIC, so we hard code these values. */
-	private final static byte[] _STANDARD_ALPHABET =
-    {
-        (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-        (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-        (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
-        (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-        (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-        (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-        (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
-        (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
-        (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'+', (byte)'/'
-    };
-	
-    
-    /** 
-     * Translates a Base64 value to either its 6-bit reconstruction value
-     * or a negative number indicating some other meaning.
-     **/
-    private final static byte[] _STANDARD_DECODABET =
-    {   
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
-        -5,-5,                                      // Whitespace: Tab and Linefeed
-        -9,-9,                                      // Decimal 11 - 12
-        -5,                                         // Whitespace: Carriage Return
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
-        -9,-9,-9,-9,-9,                             // Decimal 27 - 31
-        -5,                                         // Whitespace: Space
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
-        62,                                         // Plus sign at decimal 43
-        -9,-9,-9,                                   // Decimal 44 - 46
-        63,                                         // Slash at decimal 47
-        52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
-        -9,-9,-9,                                   // Decimal 58 - 60
-        -1,                                         // Equals sign at decimal 61
-        -9,-9,-9,                                      // Decimal 62 - 64
-        0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
-        14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
-        -9,-9,-9,-9,-9,-9,                          // Decimal 91 - 96
-        26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
-        39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
-        -9,-9,-9,-9                                 // Decimal 123 - 126
-        /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
-    };
-	
-	
-/* ********  U R L   S A F E   B A S E 6 4   A L P H A B E T  ******** */
-	
-	/**
-	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: 
-	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
-	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" and "slash."
-	 */
-    private final static byte[] _URL_SAFE_ALPHABET =
-    {
-      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
-      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
-      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
-      (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'-', (byte)'_'
-    };
-	
-	/**
-	 * Used in decoding URL- and Filename-safe dialects of Base64.
-	 */
-    private final static byte[] _URL_SAFE_DECODABET =
-    {   
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
-      -5,-5,                                      // Whitespace: Tab and Linefeed
-      -9,-9,                                      // Decimal 11 - 12
-      -5,                                         // Whitespace: Carriage Return
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
-      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
-      -5,                                         // Whitespace: Space
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
-      -9,                                         // Plus sign at decimal 43
-      -9,                                         // Decimal 44
-      62,                                         // Minus sign at decimal 45
-      -9,                                         // Decimal 46
-      -9,                                         // Slash at decimal 47
-      52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
-      -9,-9,-9,                                   // Decimal 58 - 60
-      -1,                                         // Equals sign at decimal 61
-      -9,-9,-9,                                   // Decimal 62 - 64
-      0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
-      14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
-      -9,-9,-9,-9,                                // Decimal 91 - 94
-      63,                                         // Underscore at decimal 95
-      -9,                                         // Decimal 96
-      26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
-      39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
-      -9,-9,-9,-9                                 // Decimal 123 - 126
-      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
-    };
-
-
-
-/* ********  O R D E R E D   B A S E 6 4   A L P H A B E T  ******** */
-
-	/**
-	 * I don't get the point of this technique, but it is described here:
-	 * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
-	 */
-    private final static byte[] _ORDERED_ALPHABET =
-    {
-      (byte)'-',
-      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4',
-      (byte)'5', (byte)'6', (byte)'7', (byte)'8', (byte)'9',
-      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
-      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-      (byte)'_',
-      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
-      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z'
-    };
-	
-	/**
-	 * Used in decoding the "ordered" dialect of Base64.
-	 */
-    private final static byte[] _ORDERED_DECODABET =
-    {   
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
-      -5,-5,                                      // Whitespace: Tab and Linefeed
-      -9,-9,                                      // Decimal 11 - 12
-      -5,                                         // Whitespace: Carriage Return
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
-      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
-      -5,                                         // Whitespace: Space
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
-      -9,                                         // Plus sign at decimal 43
-      -9,                                         // Decimal 44
-      0,                                          // Minus sign at decimal 45
-      -9,                                         // Decimal 46
-      -9,                                         // Slash at decimal 47
-      1,2,3,4,5,6,7,8,9,10,                       // Numbers zero through nine
-      -9,-9,-9,                                   // Decimal 58 - 60
-      -1,                                         // Equals sign at decimal 61
-      -9,-9,-9,                                   // Decimal 62 - 64
-      11,12,13,14,15,16,17,18,19,20,21,22,23,     // Letters 'A' through 'M'
-      24,25,26,27,28,29,30,31,32,33,34,35,36,     // Letters 'N' through 'Z'
-      -9,-9,-9,-9,                                // Decimal 91 - 94
-      37,                                         // Underscore at decimal 95
-      -9,                                         // Decimal 96
-      38,39,40,41,42,43,44,45,46,47,48,49,50,     // Letters 'a' through 'm'
-      51,52,53,54,55,56,57,58,59,60,61,62,63,     // Letters 'n' through 'z'
-      -9,-9,-9,-9                                 // Decimal 123 - 126
-      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
-    };
-
-	
-/* ********  D E T E R M I N E   W H I C H   A L H A B E T  ******** */
-
-
-	/**
-	 * Returns one of the _SOMETHING_ALPHABET byte arrays depending on
-	 * the options specified.
-	 * It's possible, though silly, to specify ORDERED and URLSAFE
-	 * in which case one of them will be picked, though there is
-	 * no guarantee as to which one will be picked.
-	 */
-	private final static byte[] getAlphabet( int options )
-	{
-		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_ALPHABET;
-		else if( (options & ORDERED) == ORDERED ) return _ORDERED_ALPHABET;
-		else return _STANDARD_ALPHABET;
-		
-	}	// end getAlphabet
-	
-	
-	/**
-	 * Returns one of the _SOMETHING_DECODABET byte arrays depending on
-	 * the options specified.
-	 * It's possible, though silly, to specify ORDERED and URL_SAFE
-	 * in which case one of them will be picked, though there is
-	 * no guarantee as to which one will be picked.
-	 */
-	private final static byte[] getDecodabet( int options )
-	{
-		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_DECODABET;
-		else if( (options & ORDERED) == ORDERED ) return _ORDERED_DECODABET;
-		else return _STANDARD_DECODABET;
-		
-	}	// end getAlphabet
-        
-
-    
-    /** Defeats instantiation. */
-    private Base64(){}
-    
-
-    /**
-     * Encodes or decodes two files from the command line;
-     * <strong>feel free to delete this method (in fact you probably should)
-     * if you're embedding this code into a larger program</strong>.
-     * @param args
-     */
-    public final static void main( String[] args )
-    {
-        if( args.length < 3 ){
-            usage("Not enough arguments.");
-        }   // end if: args.length < 3
-        else {
-            String flag = args[0];
-            String infile = args[1];
-            String outfile = args[2];
-            if( flag.equals( "-e" ) ){
-                Base64.encodeFileToFile( infile, outfile );
-            }   // end if: encode
-            else if( flag.equals( "-d" ) ) {
-                Base64.decodeFileToFile( infile, outfile );
-            }   // end else if: decode    
-            else {
-                usage( "Unknown flag: " + flag );
-            }   // end else    
-        }   // end else
-    }   // end main
-
-    /**
-     * Prints command line usage.
-     *
-     * @param msg A message to include with usage info.
-     */
-    private final static void usage( String msg )
-    {
-        System.err.println( msg );
-        System.err.println( "Usage: java Base64 -e|-d inputfile outputfile" );
-    }   // end usage
-    
-    
-/* ********  E N C O D I N G   M E T H O D S  ******** */    
-    
-    
-    /**
-     * Encodes up to the first three bytes of array <var>threeBytes</var>
-     * and returns a four-byte array in Base64 notation.
-     * The actual number of significant bytes in your array is
-     * given by <var>numSigBytes</var>.
-     * The array <var>threeBytes</var> needs only be as big as
-     * <var>numSigBytes</var>.
-     * Code can reuse a byte array by passing a four-byte array as <var>b4</var>.
-     *
-     * @param b4 A reusable byte array to reduce array instantiation
-     * @param threeBytes the array to convert
-     * @param numSigBytes the number of significant bytes in your array
-     * @return four byte array in Base64 notation.
-     * @since 1.5.1
-     */
-    private static byte[] encode3to4( byte[] b4, byte[] threeBytes, int numSigBytes, int options )
-    {
-        encode3to4( threeBytes, 0, numSigBytes, b4, 0, options );
-        return b4;
-    }   // end encode3to4
-
-    
-    /**
-     * <p>Encodes up to three bytes of the array <var>source</var>
-     * and writes the resulting four Base64 bytes to <var>destination</var>.
-     * The source and destination arrays can be manipulated
-     * anywhere along their length by specifying 
-     * <var>srcOffset</var> and <var>destOffset</var>.
-     * This method does not check to make sure your arrays
-     * are large enough to accomodate <var>srcOffset</var> + 3 for
-     * the <var>source</var> array or <var>destOffset</var> + 4 for
-     * the <var>destination</var> array.
-     * The actual number of significant bytes in your array is
-     * given by <var>numSigBytes</var>.</p>
-	 * <p>This is the lowest level of the encoding methods with
-	 * all possible parameters.</p>
-     *
-     * @param source the array to convert
-     * @param srcOffset the index where conversion begins
-     * @param numSigBytes the number of significant bytes in your array
-     * @param destination the array to hold the conversion
-     * @param destOffset the index where output will be put
-     * @return the <var>destination</var> array
-     * @since 1.3
-     */
-    private static byte[] encode3to4( 
-     byte[] source, int srcOffset, int numSigBytes,
-     byte[] destination, int destOffset, int options )
-    {
-		byte[] ALPHABET = getAlphabet( options ); 
-	
-        //           1         2         3  
-        // 01234567890123456789012345678901 Bit position
-        // --------000000001111111122222222 Array position from threeBytes
-        // --------|    ||    ||    ||    | Six bit groups to index ALPHABET
-        //          >>18  >>12  >> 6  >> 0  Right shift necessary
-        //                0x3f  0x3f  0x3f  Additional AND
-        
-        // Create buffer with zero-padding if there are only one or two
-        // significant bytes passed in the array.
-        // We have to shift left 24 in order to flush out the 1's that appear
-        // when Java treats a value as negative that is cast from a byte to an int.
-        int inBuff =   ( numSigBytes > 0 ? ((source[ srcOffset     ] << 24) >>>  8) : 0 )
-                     | ( numSigBytes > 1 ? ((source[ srcOffset + 1 ] << 24) >>> 16) : 0 )
-                     | ( numSigBytes > 2 ? ((source[ srcOffset + 2 ] << 24) >>> 24) : 0 );
-
-        switch( numSigBytes )
-        {
-            case 3:
-                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
-                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
-                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
-                destination[ destOffset + 3 ] = ALPHABET[ (inBuff       ) & 0x3f ];
-                return destination;
-                
-            case 2:
-                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
-                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
-                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
-                destination[ destOffset + 3 ] = EQUALS_SIGN;
-                return destination;
-                
-            case 1:
-                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
-                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
-                destination[ destOffset + 2 ] = EQUALS_SIGN;
-                destination[ destOffset + 3 ] = EQUALS_SIGN;
-                return destination;
-                
-            default:
-                return destination;
-        }   // end switch
-    }   // end encode3to4
-    
-    
-    
-    /**
-     * Serializes an object and returns the Base64-encoded
-     * version of that serialized object. If the object
-     * cannot be serialized or there is another error,
-     * the method will return <tt>null</tt>.
-     * The object is not GZip-compressed before being encoded.
-     *
-     * @param serializableObject The object to encode
-     * @return The Base64-encoded object
-     * @since 1.4
-     */
-    public static String encodeObject( java.io.Serializable serializableObject )
-    {
-        return encodeObject( serializableObject, NO_OPTIONS );
-    }   // end encodeObject
-    
-
-
-    /**
-     * Serializes an object and returns the Base64-encoded
-     * version of that serialized object. If the object
-     * cannot be serialized or there is another error,
-     * the method will return <tt>null</tt>.
-     * <p>
-     * Valid options:<pre>
-     *   GZIP: gzip-compresses object before encoding it.
-     *   DONT_BREAK_LINES: don't break lines at 76 characters
-     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-     * </pre>
-     * <p>
-     * Example: <code>encodeObject( myObj, Base64.GZIP )</code> or
-     * <p>
-     * Example: <code>encodeObject( myObj, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
-     *
-     * @param serializableObject The object to encode
-     * @param options Specified options
-     * @return The Base64-encoded object
-     * @see Base64#GZIP
-     * @see Base64#DONT_BREAK_LINES
-     * @since 2.0
-     */
-    public static String encodeObject( java.io.Serializable serializableObject, int options )
-    {
-        // Streams
-        java.io.ByteArrayOutputStream  baos  = null; 
-        java.io.OutputStream           b64os = null; 
-        java.io.ObjectOutputStream     oos   = null; 
-        java.util.zip.GZIPOutputStream gzos  = null;
-        
-        // Isolate options
-        int gzip           = (options & GZIP);
-        //int dontBreakLines = (options & DONT_BREAK_LINES);
-        
-        try
-        {
-            // ObjectOutputStream -> (GZIP) -> Base64 -> ByteArrayOutputStream
-            baos  = new java.io.ByteArrayOutputStream();
-            b64os = new Base64.OutputStream( baos, ENCODE | options );
-    
-            // GZip?
-            if( gzip == GZIP )
-            {
-                gzos = new java.util.zip.GZIPOutputStream( b64os );
-                oos  = new java.io.ObjectOutputStream( gzos );
-            }   // end if: gzip
-            else
-                oos   = new java.io.ObjectOutputStream( b64os );
-            
-            oos.writeObject( serializableObject );
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
-            return null;
-        }   // end catch
-        finally
-        {
-            try{ oos.close();   } catch( Exception e ){}
-            try{ gzos.close();  } catch( Exception e ){}
-            try{ b64os.close(); } catch( Exception e ){}
-            try{ baos.close();  } catch( Exception e ){}
-        }   // end finally
-        
-        // Return value according to relevant encoding.
-        try 
-        {
-            return new String( baos.toByteArray(), PREFERRED_ENCODING );
-        }   // end try
-        catch (java.io.UnsupportedEncodingException uue)
-        {
-            return new String( baos.toByteArray() );
-        }   // end catch
-        
-    }   // end encode
-    
-    
-
-    /**
-     * Encodes a byte array into Base64 notation.
-     * Does not GZip-compress data.
-     *
-     * @param source The data to convert
-     * @return The Base64-encoded resulting string
-     * @since 1.4
-     */
-    public static String encodeBytes( byte[] source )
-    {
-        return encodeBytes( source, 0, source.length, NO_OPTIONS );
-    }   // end encodeBytes
-    
-
-
-    /**
-     * Encodes a byte array into Base64 notation.
-     * <p>
-     * Valid options:<pre>
-     *   GZIP: gzip-compresses object before encoding it.
-     *   DONT_BREAK_LINES: don't break lines at 76 characters
-     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-     * </pre>
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
-     *
-     *
-     * @param source The data to convert
-     * @param options Specified options
-     * @return The Base64-encoded resulting string
-     * @see Base64#GZIP
-     * @see Base64#DONT_BREAK_LINES
-     * @since 2.0
-     */
-    public static String encodeBytes( byte[] source, int options )
-    {   
-        return encodeBytes( source, 0, source.length, options );
-    }   // end encodeBytes
-    
-    
-    /**
-     * Encodes a byte array into Base64 notation.
-     * Does not GZip-compress data.
-     *
-     * @param source The data to convert
-     * @param off Offset in array where conversion should begin
-     * @param len Length of data to convert
-     * @return The Base64-encoded resulting string
-     * @since 1.4
-     */
-    public static String encodeBytes( byte[] source, int off, int len )
-    {
-        return encodeBytes( source, off, len, NO_OPTIONS );
-    }   // end encodeBytes
-    
-    
-
-    /**
-     * Encodes a byte array into Base64 notation.
-     * <p>
-     * Valid options:<pre>
-     *   GZIP: gzip-compresses object before encoding it.
-     *   DONT_BREAK_LINES: don't break lines at 76 characters
-     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-     * </pre>
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
-     *
-     *
-     * @param source The data to convert
-     * @param off Offset in array where conversion should begin
-     * @param len Length of data to convert
-     * @param options alphabet type is pulled from this (standard, url-safe, ordered)
-     * @return The Base64-encoded resulting string
-     * @see Base64#GZIP
-     * @see Base64#DONT_BREAK_LINES
-     * @since 2.0
-     */
-    public static String encodeBytes( byte[] source, int off, int len, int options )
-    {
-        // Isolate options
-        int dontBreakLines = ( options & DONT_BREAK_LINES );
-        int gzip           = ( options & GZIP   );
-        
-        // Compress?
-        if( gzip == GZIP )
-        {
-            java.io.ByteArrayOutputStream  baos  = null;
-            java.util.zip.GZIPOutputStream gzos  = null;
-            Base64.OutputStream            b64os = null;
-            
-    
-            try
-            {
-                // GZip -> Base64 -> ByteArray
-                baos = new java.io.ByteArrayOutputStream();
-                b64os = new Base64.OutputStream( baos, ENCODE | options );
-                gzos  = new java.util.zip.GZIPOutputStream( b64os ); 
-            
-                gzos.write( source, off, len );
-                gzos.close();
-            }   // end try
-            catch( java.io.IOException e )
-            {
-                logger.error( Logger.SECURITY_FAILURE, "Problem writing gzip stream", e );
-                return null;
-            }   // end catch
-            finally
-            {
-                try{ gzos.close();  } catch( Exception e ){}
-                try{ b64os.close(); } catch( Exception e ){}
-                try{ baos.close();  } catch( Exception e ){}
-            }   // end finally
-
-            // Return value according to relevant encoding.
-            try
-            {
-                return new String( baos.toByteArray(), PREFERRED_ENCODING );
-            }   // end try
-            catch (java.io.UnsupportedEncodingException uue)
-            {
-                return new String( baos.toByteArray() );
-            }   // end catch
-        }   // end if: compress
-        
-        // Else, don't compress. Better not to use streams at all then.
-        else
-        {
-            // Convert option to boolean in way that code likes it.
-            boolean breakLines = dontBreakLines == 0;
-            
-            int    len43   = len * 4 / 3;
-            byte[] outBuff = new byte[   ( len43 )                      // Main 4:3
-                                       + ( (len % 3) > 0 ? 4 : 0 )      // Account for padding
-                                       + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines      
-            int d = 0;
-            int e = 0;
-            int len2 = len - 2;
-            int lineLength = 0;
-            for( ; d < len2; d+=3, e+=4 )
-            {
-                encode3to4( source, d+off, 3, outBuff, e, options );
-
-                lineLength += 4;
-                if( breakLines && lineLength == MAX_LINE_LENGTH )
-                {   
-                    outBuff[e+4] = NEW_LINE;
-                    e++;
-                    lineLength = 0;
-                }   // end if: end of line
-            }   // en dfor: each piece of array
-
-            if( d < len )
-            {
-                encode3to4( source, d+off, len - d, outBuff, e, options );
-                e += 4;
-            }   // end if: some padding needed
-
-            
-            // Return value according to relevant encoding.
-            try
-            {
-                return new String( outBuff, 0, e, PREFERRED_ENCODING );
-            }   // end try
-            catch (java.io.UnsupportedEncodingException uue)
-            {
-                return new String( outBuff, 0, e );
-            }   // end catch
-            
-        }   // end else: don't compress
-        
-    }   // end encodeBytes
-    
-
-    
-    
-    
-/* ********  D E C O D I N G   M E T H O D S  ******** */
-    
-    
-    /**
-     * Decodes four bytes from array <var>source</var>
-     * and writes the resulting bytes (up to three of them)
-     * to <var>destination</var>.
-     * The source and destination arrays can be manipulated
-     * anywhere along their length by specifying 
-     * <var>srcOffset</var> and <var>destOffset</var>.
-     * This method does not check to make sure your arrays
-     * are large enough to accomodate <var>srcOffset</var> + 4 for
-     * the <var>source</var> array or <var>destOffset</var> + 3 for
-     * the <var>destination</var> array.
-     * This method returns the actual number of bytes that 
-     * were converted from the Base64 encoding.
-	 * <p>This is the lowest level of the decoding methods with
-	 * all possible parameters.</p>
-     * 
-     *
-     * @param source the array to convert
-     * @param srcOffset the index where conversion begins
-     * @param destination the array to hold the conversion
-     * @param destOffset the index where output will be put
-	 * @param options alphabet type is pulled from this (standard, url-safe, ordered)
-     * @return the number of decoded bytes converted
-     * @since 1.3
-     */
-    private static int decode4to3( byte[] source, int srcOffset, byte[] destination, int destOffset, int options )
-    {
-		byte[] DECODABET = getDecodabet( options ); 
-	
-        // Example: Dk==
-        if( source[ srcOffset + 2] == EQUALS_SIGN )
-        {
-            // Two ways to do the same thing. Don't know which way I like best.
-            //int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] << 24 ) >>>  6 )
-            //              | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
-            int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] & 0xFF ) << 18 )
-                          | ( ( DECODABET[ source[ srcOffset + 1] ] & 0xFF ) << 12 );
-            
-            destination[ destOffset ] = (byte)( outBuff >>> 16 );
-            return 1;
-        }
-        
-        // Example: DkL=
-        else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
-        {
-            // Two ways to do the same thing. Don't know which way I like best.
-            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
-            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
-            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 );
-            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
-                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
-                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6 );
-            
-            destination[ destOffset     ] = (byte)( outBuff >>> 16 );
-            destination[ destOffset + 1 ] = (byte)( outBuff >>>  8 );
-            return 2;
-        }
-        
-        // Example: DkLE
-        else
-        {
-            try{
-            // Two ways to do the same thing. Don't know which way I like best.
-            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
-            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
-            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 )
-            //              | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
-            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
-                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
-                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6)
-                          | ( ( DECODABET[ source[ srcOffset + 3 ] ] & 0xFF )      );
-
-            
-            destination[ destOffset     ] = (byte)( outBuff >> 16 );
-            destination[ destOffset + 1 ] = (byte)( outBuff >>  8 );
-            destination[ destOffset + 2 ] = (byte)( outBuff       );
-
-            return 3;
-            }catch( Exception e){
-            	
-        // Remove these after checking -- for context only.
-                // logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset]+ ": " + ( DECODABET[ source[ srcOffset     ] ]  ) );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+1]+  ": " + ( DECODABET[ source[ srcOffset + 1 ] ]  ) );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+2]+  ": " + ( DECODABET[ source[ srcOffset + 2 ] ]  ) );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+3]+  ": " + ( DECODABET[ source[ srcOffset + 3 ] ]  ) );
-            	
-            	// CHECKME: I replaced the 5 separate logger.error() calls above with a single logger.error() call so they can't
-            	// become interleaved with other log entries from other threads. Normally this would have placed log entries
-            	// on separate lines, so I also added line terminators here as well. (Probably don't want it all on one single
-            	// really long log entry, do we?) Anyhow, somebody should check the formatting to ensure that it's
-            	// esthetically pleasing, etc. But this works for me. I'm also OK if you want to remove all the line terminators
-            	// in which case the declaration for EOL should be removed as well.		- Kevin Wall
-                
-                StringBuilder sb = new StringBuilder("Problem writing object:");
-                sb.append(EOL);
-                sb.append( source[srcOffset]   ).append(": ").append( ( DECODABET[ source[ srcOffset     ] ]  ) ).append(EOL);
-                sb.append( source[srcOffset+1] ).append(": ").append( ( DECODABET[ source[ srcOffset + 1 ] ]  ) ).append(EOL);
-                sb.append( source[srcOffset+2] ).append(": ").append( ( DECODABET[ source[ srcOffset + 2 ] ]  ) ).append(EOL);
-                sb.append( source[srcOffset+3] ).append(": ").append( ( DECODABET[ source[ srcOffset + 3 ] ]  ) ).append(EOL);
-                
-                logger.error( Logger.SECURITY_FAILURE, sb.toString(), e );
-                return -1;
-            }   // end catch
-        }
-    }   // end decodeToBytes
-    
-    
-    
-    
-    /**
-     * Very low-level access to decoding ASCII characters in
-     * the form of a byte array. Does not support automatically
-     * gunzipping or any other "fancy" features.
-     *
-     * @param source The Base64 encoded data
-     * @param off    The offset of where to begin decoding
-     * @param len    The length of characters to decode
-     * @param options
-     * @return decoded data
-     * @since 1.3
-     */
-    public static byte[] decode( byte[] source, int off, int len, int options )
-    {
-		byte[] DECODABET = getDecodabet( options );
-	
-        int    len34   = len * 3 / 4;
-        byte[] outBuff = new byte[ len34 ]; // Upper limit on size of output
-        int    outBuffPosn = 0;
-        
-        byte[] b4        = new byte[4];
-        int    b4Posn    = 0;
-        int    i         = 0;
-        byte   sbiCrop   = 0;
-        byte   sbiDecode = 0;
-        for( i = off; i < off+len; i++ )
-        {
-            sbiCrop = (byte)(source[i] & 0x7f); // Only the low seven bits
-            sbiDecode = DECODABET[ sbiCrop ];
-            
-            if( sbiDecode >= WHITE_SPACE_ENC ) // White space, Equals sign or better
-            {
-                if( sbiDecode >= EQUALS_SIGN_ENC )
-                {
-                    b4[ b4Posn++ ] = sbiCrop;
-                    if( b4Posn > 3 )
-                    {
-                        outBuffPosn += decode4to3( b4, 0, outBuff, outBuffPosn, options );
-                        b4Posn = 0;
-                        
-                        // If that was the equals sign, break out of 'for' loop
-                        if( sbiCrop == EQUALS_SIGN )
-                            break;
-                    }   // end if: quartet built
-                    
-                }   // end if: equals sign or better
-                
-            }   // end if: white space, equals sign or better
-            else
-            {
-            	logger.error( Logger.SECURITY_FAILURE, "Bad Base64 input character at " + i + ": " + source[i] + "(decimal)" );
-                return null;
-            }   // end else: 
-        }   // each input character
-                                   
-        byte[] out = new byte[ outBuffPosn ];
-        System.arraycopy( outBuff, 0, out, 0, outBuffPosn ); 
-        return out;
-    }   // end decode
-    
-    
-	
-	
-    /**
-     * Decodes data from Base64 notation, automatically
-     * detecting gzip-compressed data and decompressing it.
-     *
-     * @param s the string to decode
-     * @return the decoded data
-     * @since 1.4
-     */
-    public static byte[] decode( String s )
-	{
-		return decode( s, NO_OPTIONS );
-	}
-    
-    
-    /**
-     * Decodes data from Base64 notation, automatically
-     * detecting gzip-compressed data and decompressing it.
-     *
-     * @param s the string to decode
-	 * @param options encode options such as URL_SAFE
-     * @return the decoded data
-     * @since 1.4
-     */
-    public static byte[] decode( String s, int options )
-    {   
-        byte[] bytes;
-        try
-        {
-            bytes = s.getBytes( PREFERRED_ENCODING );
-        }
-        catch( java.io.UnsupportedEncodingException uee )
-        {
-            bytes = s.getBytes();	// Uses native encoding
-            // CHECKME: Is this correct? I think it should be a warning instead of an error since nothing
-            // is re-thrown. I do think that *some* sort of logging is in order here  especially since UTF-8 should
-            // always be available on all platforms. If it's not, then all bets are off on your runtime env. - Kevin Wall
-            logger.warning( Logger.SECURITY_FAILURE, "Problem decoding string using " +
-            			  PREFERRED_ENCODING + "; substituting native platform encoding instead", uee );
-        }
-        
-        // Decode
-        bytes = decode( bytes, 0, bytes.length, options );
-        
-        
-        // Check to see if it's gzip-compressed
-        // GZIP Magic Two-Byte Number: 0x8b1f (35615)
-        if( bytes != null && bytes.length >= 4 )
-        {
-            
-            int head = ((int)bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);       
-            if( java.util.zip.GZIPInputStream.GZIP_MAGIC == head ) 
-            {
-                java.io.ByteArrayInputStream  bais = null;
-                java.util.zip.GZIPInputStream gzis = null;
-                java.io.ByteArrayOutputStream baos = null;
-                byte[] buffer = new byte[2048];
-                int    length = 0;
-
-                try
-                {
-                    baos = new java.io.ByteArrayOutputStream();
-                    bais = new java.io.ByteArrayInputStream( bytes );
-                    gzis = new java.util.zip.GZIPInputStream( bais );
-
-                    while( ( length = gzis.read( buffer ) ) >= 0 )
-                    {
-                        baos.write(buffer,0,length);
-                    }   // end while: reading input
-
-                    // No error? Get new bytes.
-                    bytes = baos.toByteArray();
-
-                }   // end try
-                catch( java.io.IOException e )
-                {
-                    // Just return originally-decoded bytes
-                }   // end catch
-                finally
-                {
-                    try{ baos.close(); } catch( Exception e ){}
-                    try{ gzis.close(); } catch( Exception e ){}
-                    try{ bais.close(); } catch( Exception e ){}
-                }   // end finally
-
-            }   // end if: gzipped
-        }   // end if: bytes.length >= 2
-        
-        return bytes;
-    }   // end decode
-
-
-    
-
-    /**
-     * Attempts to decode Base64 data and deserialize a Java
-     * Object within. Returns <tt>null</tt> if there was an error.
-     *
-     * @param encodedObject The Base64 data to decode
-     * @return The decoded and deserialized object
-     * @since 1.5
-     */
-    public static Object decodeToObject( String encodedObject )
-    {
-        // Decode and gunzip if necessary
-        byte[] objBytes = decode( encodedObject );
-        
-        java.io.ByteArrayInputStream  bais = null;
-        java.io.ObjectInputStream     ois  = null;
-        Object obj = null;
-        
-        try
-        {
-            bais = new java.io.ByteArrayInputStream( objBytes );
-            ois  = new java.io.ObjectInputStream( bais );
-        
-            obj = ois.readObject();
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
-            obj = null;
-        }   // end catch
-        catch( java.lang.ClassNotFoundException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
-            obj = null;
-        }   // end catch
-        finally
-        {
-            try{ bais.close(); } catch( Exception e ){}
-            try{ ois.close();  } catch( Exception e ){}
-        }   // end finally
-        
-        return obj;
-    }   // end decodeObject
-    
-    
-    
-    /**
-     * Convenience method for encoding data to a file.
-     *
-     * @param dataToEncode byte array of data to encode in base64 form
-     * @param filename Filename for saving encoded data
-     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
-     *
-     * @since 2.1
-     */
-    public static boolean encodeToFile( byte[] dataToEncode, String filename )
-    {
-        boolean success = false;
-        Base64.OutputStream bos = null;
-        try
-        {
-            bos = new Base64.OutputStream( 
-                      new java.io.FileOutputStream( filename ), Base64.ENCODE );
-            bos.write( dataToEncode );
-            success = true;
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            
-            success = false;
-        }   // end catch: IOException
-        finally
-        {
-            try{ bos.close(); } catch( Exception e ){}
-        }   // end finally
-        
-        return success;
-    }   // end encodeToFile
-    
-    
-    /**
-     * Convenience method for decoding data to a file.
-     *
-     * @param dataToDecode Base64-encoded data as a string
-     * @param filename Filename for saving decoded data
-     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
-     *
-     * @since 2.1
-     */
-    public static boolean decodeToFile( String dataToDecode, String filename )
-    {
-        boolean success = false;
-        Base64.OutputStream bos = null;
-        try
-        {
-                bos = new Base64.OutputStream( 
-                          new java.io.FileOutputStream( filename ), Base64.DECODE );
-                bos.write( dataToDecode.getBytes( PREFERRED_ENCODING ) );
-                success = true;
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            success = false;
-        }   // end catch: IOException
-        finally
-        {
-                try{ bos.close(); } catch( Exception e ){}
-        }   // end finally
-        
-        return success;
-    }   // end decodeToFile
-    
-    
-    
-    
-    /**
-     * Convenience method for reading a base64-encoded
-     * file and decoding it.
-     *
-     * @param filename Filename for reading encoded data
-     * @return decoded byte array or null if unsuccessful
-     *
-     * @since 2.1
-     */
-    public static byte[] decodeFromFile( String filename )
-    {
-        byte[] decodedData = null;
-        Base64.InputStream bis = null;
-        try
-        {
-            // Set up some useful variables
-            java.io.File file = new java.io.File( filename );
-            byte[] buffer = null;
-            int length   = 0;
-            int numBytes = 0;
-            
-            // Check for size of file
-            if( file.length() > Integer.MAX_VALUE )
-            {
-                logger.error( Logger.SECURITY_FAILURE, "File is too big for this convenience method (" + file.length() + " bytes)." );
-                return null;
-            }   // end if: file too big for int index
-            buffer = new byte[ (int)file.length() ];
-            
-            // Open a stream
-            bis = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( file ) ), Base64.DECODE );
-            
-            // Read until done
-            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
-                length += numBytes;
-            
-            // Save in a variable to return
-            decodedData = new byte[ length ];
-            System.arraycopy( buffer, 0, decodedData, 0, length );
-            
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Error decoding from file " + filename, e );
-        }   // end catch: IOException
-        finally
-        {
-            try{ if (bis != null ) bis.close(); } catch( Exception e) {}
-        }   // end finally
-        
-        return decodedData;
-    }   // end decodeFromFile
-    
-    
-    
-    /**
-     * Convenience method for reading a binary file
-     * and base64-encoding it.
-     *
-     * @param filename Filename for reading binary data
-     * @return base64-encoded string or null if unsuccessful
-     *
-     * @since 2.1
-     */
-    public static String encodeFromFile( String filename )
-    {
-        String encodedData = null;
-        Base64.InputStream bis = null;
-        try
-        {
-            // Set up some useful variables
-            java.io.File file = new java.io.File( filename );
-            byte[] buffer = new byte[ Math.max((int)(file.length() * 1.4),40) ]; // Need max() for math on small files (v2.2.1)
-            int length   = 0;
-            int numBytes = 0;
-            
-            // Open a stream
-            bis = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( file ) ), Base64.ENCODE );
-            
-            // Read until done
-            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
-                length += numBytes;
-            
-            // Save in a variable to return
-            encodedData = new String( buffer, 0, length, Base64.PREFERRED_ENCODING );
-                
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Error encoding from file " + filename, e );
-        }   // end catch: IOException
-        finally
-        {
-            try{ bis.close(); } catch( Exception e) {}
-        }   // end finally
-        
-        return encodedData;
-        }   // end encodeFromFile
-    
-    
-    
-    
-    /**
-     * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
-     *
-     * @param infile Input file
-     * @param outfile Output file
-     * @return true if the operation is successful
-     * @since 2.2
-     */
-    public static boolean encodeFileToFile( String infile, String outfile )
-    {
-        boolean success = false;
-        java.io.InputStream in = null;
-        java.io.OutputStream out = null;
-        try{
-            in  = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( infile ) ), 
-                      Base64.ENCODE );
-            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
-            byte[] buffer = new byte[65536]; // 64K
-            int read = -1;
-            while( ( read = in.read(buffer) ) >= 0 ){
-                out.write( buffer,0,read );
-            }   // end while: through file
-            success = true;
-        } catch( java.io.IOException exc ){
-            logger.error( Logger.SECURITY_FAILURE, "Problem encoding file to file", exc );
-        } finally{
-            try{ in.close();  } catch( Exception exc ){}
-            try{ out.close(); } catch( Exception exc ){}
-        }   // end finally
-        
-        return success;
-    }   // end encodeFileToFile
-    
-    
-    
-    /**
-     * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
-     *
-     * @param infile Input file
-     * @param outfile Output file
-     * @return true if the operation is successful
-     * @since 2.2
-     */
-    public static boolean decodeFileToFile( String infile, String outfile )
-    {
-        boolean success = false;
-        java.io.InputStream in = null;
-        java.io.OutputStream out = null;
-        try{
-            in  = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( infile ) ), 
-                      Base64.DECODE );
-            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
-            byte[] buffer = new byte[65536]; // 64K
-            int read = -1;
-            while( ( read = in.read(buffer) ) >= 0 ){
-                out.write( buffer,0,read );
-            }   // end while: through file
-            success = true;
-        } catch( java.io.IOException exc ){
-            logger.error( Logger.SECURITY_FAILURE, "Problem decoding file to file", exc );
-        } finally{
-            try{ in.close();  } catch( Exception exc ){}
-            try{ out.close(); } catch( Exception exc ){}
-        }   // end finally
-        
-        return success;
-    }   // end decodeFileToFile
-    
-    
-    /* ********  I N N E R   C L A S S   I N P U T S T R E A M  ******** */
-    
-    
-    
-    /**
-     * A {@link Base64.InputStream} will read data from another
-     * <tt>java.io.InputStream</tt>, given in the constructor,
-     * and encode/decode to/from Base64 notation on the fly.
-     *
-     * @see Base64
-     * @since 1.3
-     */
-    public static class InputStream extends java.io.FilterInputStream
-    {
-        private boolean encode;         // Encoding or decoding
-        private int     position;       // Current position in the buffer
-        private byte[]  buffer;         // Small buffer holding converted data
-        private int     bufferLength;   // Length of buffer (3 or 4)
-        private int     numSigBytes;    // Number of meaningful bytes in the buffer
-        private int     lineLength;
-        private boolean breakLines;     // Break lines at less than 80 characters
-		private int     options;        // Record options used to create the stream.
-		private byte[]  decodabet;		// Local copies to avoid extra method calls
-        
-        
-        /**
-         * Constructs a {@link Base64.InputStream} in DECODE mode.
-         *
-         * @param in the <tt>java.io.InputStream</tt> from which to read data.
-         * @since 1.3
-         */
-        public InputStream( java.io.InputStream in )
-        {   
-            this( in, DECODE );
-        }   // end constructor
-        
-        
-        /**
-         * Constructs a {@link Base64.InputStream} in
-         * either ENCODE or DECODE mode.
-         * <p>
-         * Valid options:<pre>
-         *   ENCODE or DECODE: Encode or Decode as data is read.
-         *   DONT_BREAK_LINES: don't break lines at 76 characters
-         *     (only meaningful when encoding)
-         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-         * </pre>
-         * <p>
-         * Example: <code>new Base64.InputStream( in, Base64.DECODE )</code>
-         *
-         *
-         * @param in the <tt>java.io.InputStream</tt> from which to read data.
-         * @param options Specified options
-         * @see Base64#ENCODE
-         * @see Base64#DECODE
-         * @see Base64#DONT_BREAK_LINES
-         * @since 2.0
-         */
-        public InputStream( java.io.InputStream in, int options )
-        {   
-            super( in );
-            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
-            this.encode       = (options & ENCODE) == ENCODE;
-            this.bufferLength = encode ? 4 : 3;
-            this.buffer       = new byte[ bufferLength ];
-            this.position     = -1;
-            this.lineLength   = 0;
-			this.options      = options; // Record for later, mostly to determine which alphabet to use
-			this.decodabet    = getDecodabet(options);
-        }   // end constructor
-        
-        /**
-         * Reads enough of the input stream to convert
-         * to/from Base64 and returns the next byte.
-         *
-         * @return next byte
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public int read() throws java.io.IOException 
-        { 
-            // Do we need to get data?
-            if( position < 0 )
-            {
-                if( encode )
-                {
-                    byte[] b3 = new byte[3];
-                    int numBinaryBytes = 0;
-                    for( int i = 0; i < 3; i++ )
-                    {
-                        try
-                        { 
-                            int b = in.read();
-                            
-                            // If end of stream, b is -1.
-                            if( b >= 0 )
-                            {
-                                b3[i] = (byte)b;
-                                numBinaryBytes++;
-                            }   // end if: not end of stream
-                            
-                        }   // end try: read
-                        catch( java.io.IOException e )
-                        {   
-                            // Only a problem if we got no data at all.
-                            if( i == 0 )
-                                throw e;
-                            
-                        }   // end catch
-                    }   // end for: each needed input byte
-                    
-                    if( numBinaryBytes > 0 )
-                    {
-                        encode3to4( b3, 0, numBinaryBytes, buffer, 0, options );
-                        position = 0;
-                        numSigBytes = 4;
-                    }   // end if: got data
-                    else
-                    {
-                        return -1;
-                    }   // end else
-                }   // end if: encoding
-                
-                // Else decoding
-                else
-                {
-                    byte[] b4 = new byte[4];
-                    int i = 0;
-                    for( i = 0; i < 4; i++ )
-                    {
-                        // Read four "meaningful" bytes:
-                        int b = 0;
-                        do{ b = in.read(); }
-                        while( b >= 0 && decodabet[ b & 0x7f ] <= WHITE_SPACE_ENC );
-                        
-                        if( b < 0 )
-                            break; // Reads a -1 if end of stream
-                        
-                        b4[i] = (byte)b;
-                    }   // end for: each needed input byte
-                    
-                    if( i == 4 )
-                    {
-                        numSigBytes = decode4to3( b4, 0, buffer, 0, options );
-                        position = 0;
-                    }   // end if: got four characters
-                    else if( i == 0 ){
-                        return -1;
-                    }   // end else if: also padded correctly
-                    else
-                    {
-                        // Must have broken out from above.
-                        throw new java.io.IOException( "Improperly padded Base64 input." );
-                    }   // end 
-                    
-                }   // end else: decode
-            }   // end else: get data
-            
-            // Got data?
-            if( position >= 0 )
-            {
-                // End of relevant data?
-                if( /*!encode &&*/ position >= numSigBytes )
-                    return -1;
-                
-                if( encode && breakLines && lineLength >= MAX_LINE_LENGTH )
-                {
-                    lineLength = 0;
-                    return '\n';
-                }   // end if
-                else
-                {
-                    lineLength++;   // This isn't important when decoding
-                                    // but throwing an extra "if" seems
-                                    // just as wasteful.
-                    
-                    int b = buffer[ position++ ];
-
-                    if( position >= bufferLength )
-                        position = -1;
-
-                    return b & 0xFF; // This is how you "cast" a byte that's
-                                     // intended to be unsigned.
-                }   // end else
-            }   // end if: position >= 0
-            
-            // Else error
-            else
-            {   
-                // When JDK1.4 is more accepted, use an assertion here.
-                throw new java.io.IOException( "Error in Base64 code reading stream." );
-            }   // end else
-        }   // end read
-        
-        
-        /**
-         * Calls {@link #read()} repeatedly until the end of stream
-         * is reached or <var>len</var> bytes are read.
-         * Returns number of bytes read into array or -1 if
-         * end of stream is encountered.
-         *
-         * @param dest array to hold values
-         * @param off offset for array
-         * @param len max number of bytes to read into array
-         * @return bytes read into array or -1 if end of stream is encountered.
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public int read( byte[] dest, int off, int len ) throws java.io.IOException
-        {
-            int i;
-            int b;
-            for( i = 0; i < len; i++ )
-            {
-                b = read();
-                
-                //if( b < 0 && i == 0 )
-                //    return -1;
-                
-                if( b >= 0 )
-                    dest[off + i] = (byte)b;
-                else if( i == 0 )
-                    return -1;
-                else
-                    break; // Out of 'for' loop
-            }   // end for: each byte read
-            return i;
-        }   // end read
-        
-    }   // end inner class InputStream
-    
-    
-    
-    
-    
-    
-    /* ********  I N N E R   C L A S S   O U T P U T S T R E A M  ******** */
-    
-    
-    
-    /**
-     * A {@link Base64.OutputStream} will write data to another
-     * <tt>java.io.OutputStream</tt>, given in the constructor,
-     * and encode/decode to/from Base64 notation on the fly.
-     *
-     * @see Base64
-     * @since 1.3
-     */
-    public static class OutputStream extends java.io.FilterOutputStream
-    {
-        private boolean encode;
-        private int     position;
-        private byte[]  buffer;
-        private int     bufferLength;
-        private int     lineLength;
-        private boolean breakLines;
-        private byte[]  b4; // Scratch used in a few places
-        private boolean suspendEncoding;
-		private int options; // Record for later
-		private byte[]  decodabet;		// Local copies to avoid extra method calls
-        
-        /**
-         * Constructs a {@link Base64.OutputStream} in ENCODE mode.
-         *
-         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
-         * @since 1.3
-         */
-        public OutputStream( java.io.OutputStream out )
-        {   
-            this( out, ENCODE );
-        }   // end constructor
-        
-        
-        /**
-         * Constructs a {@link Base64.OutputStream} in
-         * either ENCODE or DECODE mode.
-         * <p>
-         * Valid options:<pre>
-         *   ENCODE or DECODE: Encode or Decode as data is read.
-         *   DONT_BREAK_LINES: don't break lines at 76 characters
-         *     (only meaningful when encoding)
-         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-         * </pre>
-         * <p>
-         * Example: <code>new Base64.OutputStream( out, Base64.ENCODE )</code>
-         *
-         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
-         * @param options Specified options.
-         * @see Base64#ENCODE
-         * @see Base64#DECODE
-         * @see Base64#DONT_BREAK_LINES
-         * @since 1.3
-         */
-        public OutputStream( java.io.OutputStream out, int options )
-        {   
-            super( out );
-            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
-            this.encode       = (options & ENCODE) == ENCODE;
-            this.bufferLength = encode ? 3 : 4;
-            this.buffer       = new byte[ bufferLength ];
-            this.position     = 0;
-            this.lineLength   = 0;
-            this.suspendEncoding = false;
-            this.b4           = new byte[4];
-			this.options      = options;
-			this.decodabet    = getDecodabet(options);
-        }   // end constructor
-        
-        
-        /**
-         * Writes the byte to the output stream after
-         * converting to/from Base64 notation.
-         * When encoding, bytes are buffered three
-         * at a time before the output stream actually
-         * gets a write() call.
-         * When decoding, bytes are buffered four
-         * at a time.
-         *
-         * @param theByte the byte to write
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public void write(int theByte) throws java.io.IOException
-        {
-            // Encoding suspended?
-            if( suspendEncoding )
-            {
-                super.out.write( theByte );
-                return;
-            }   // end if: supsended
-            
-            // Encode?
-            if( encode )
-            {
-                buffer[ position++ ] = (byte)theByte;
-                if( position >= bufferLength )  // Enough to encode.
-                {
-                    out.write( encode3to4( b4, buffer, bufferLength, options ) );
-
-                    lineLength += 4;
-                    if( breakLines && lineLength >= MAX_LINE_LENGTH )
-                    {
-                        out.write( NEW_LINE );
-                        lineLength = 0;
-                    }   // end if: end of line
-
-                    position = 0;
-                }   // end if: enough to output
-            }   // end if: encoding
-
-            // Else, Decoding
-            else
-            {
-                // Meaningful Base64 character?
-                if( decodabet[ theByte & 0x7f ] > WHITE_SPACE_ENC )
-                {
-                    buffer[ position++ ] = (byte)theByte;
-                    if( position >= bufferLength )  // Enough to output.
-                    {
-                        int len = Base64.decode4to3( buffer, 0, b4, 0, options );
-                        out.write( b4, 0, len );
-                        //out.write( Base64.decode4to3( buffer ) );
-                        position = 0;
-                    }   // end if: enough to output
-                }   // end if: meaningful base64 character
-                else if( decodabet[ theByte & 0x7f ] != WHITE_SPACE_ENC )
-                {
-                    throw new java.io.IOException( "Invalid character in Base64 data." );
-                }   // end else: not white space either
-            }   // end else: decoding
-        }   // end write
-        
-        
-        
-        /**
-         * Calls {@link #write(int)} repeatedly until <var>len</var> 
-         * bytes are written.
-         *
-         * @param theBytes array from which to read bytes
-         * @param off offset for array
-         * @param len max number of bytes to read into array
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public void write( byte[] theBytes, int off, int len ) throws java.io.IOException
-        {
-            // Encoding suspended?
-            if( suspendEncoding )
-            {
-                super.out.write( theBytes, off, len );
-                return;
-            }   // end if: supsended
-            
-            for( int i = 0; i < len; i++ )
-            {
-                write( theBytes[ off + i ] );
-            }   // end for: each byte written
-            
-        }   // end write
-        
-        
-        
-        /**
-         * Method added by PHIL. [Thanks, PHIL. -Rob]
-         * This pads the buffer without closing the stream.
-         * @throws java.io.IOException
-         */
-        public void flushBase64() throws java.io.IOException 
-        {
-            if( position > 0 )
-            {
-                if( encode )
-                {
-                    out.write( encode3to4( b4, buffer, position, options ) );
-                    position = 0;
-                }   // end if: encoding
-                else
-                {
-                    throw new java.io.IOException( "Base64 input not properly padded." );
-                }   // end else: decoding
-            }   // end if: buffer partially full
-
-        }   // end flush
-
-        
-        /** 
-         * Flushes and closes (I think, in the superclass) the stream. 
-         *
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public void close() throws java.io.IOException
-        {
-            // 1. Ensure that pending characters are written
-            flushBase64();
-
-            // 2. Actually close the stream
-            // Base class both flushes and closes.
-            super.close();
-            
-            buffer = null;
-            out    = null;
-        }   // end close
-        
-        
-        
-        /**
-         * Suspends encoding of the stream.
-         * May be helpful if you need to embed a piece of
-         * base640-encoded data in a stream.
-         *
-         * @throws java.io.IOException
-         * @since 1.5.1
-         */
-        public void suspendEncoding() throws java.io.IOException 
-        {
-            flushBase64();
-            this.suspendEncoding = true;
-        }   // end suspendEncoding
-        
-        
-        /**
-         * Resumes encoding of the stream.
-         * May be helpful if you need to embed a piece of
-         * base640-encoded data in a stream.
-         *
-         * @since 1.5.1
-         */
-        public void resumeEncoding()
-        {
-            this.suspendEncoding = false;
-        }   // end resumeEncoding
-        
-        
-        
-    }   // end inner class OutputStream
-    
-    
-}   // end class Base64
+package org.owasp.esapi.codecs;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+// CHECKME: Version at http://iharder.net/base64 is up to v2.3.3. Some semantic changes
+// starting with v2.3. Should we upgrade and then add ESAPI logging or stay at 2.2.2 base?
+// I think that really depends on how much OWASP ESAPI plans on tracking changes to this
+// version vs. if the plan was just to fork from it and maintain OWASP's own version.
+// At this point, I think I prefer split from tracking Harder's original, but I'm easily
+// persuaded otherwise. (In fact, we have already done so w/ decodeToObject().) - Kevin Wall
+
+/**
+ * <p>Encodes and decodes to and from Base64 notation.</p>
+ * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>
+ * (based on version 2.2.2).</p>
+ *
+ * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass
+ * several pieces of information to the encoder. In the "higher level" methods such as
+ * encodeBytes( bytes, options ) the options parameter can be used to indicate such
+ * things as first gzipping the bytes before encoding them, not inserting linefeeds
+ * (though that breaks strict Base64 compatibility), and encoding using the URL-safe
+ * and Ordered dialects.</p>
+ *
+ * <p>The constants defined in Base64 can be OR-ed together to combine options, so you
+ * might make a call like this:</p>
+ *
+ * <code>String encoded = Base64.encodeBytes( mybytes, Base64.GZIP | Base64.DONT_BREAK_LINES );</code>
+ *
+ * <p>to compress the data before encoding it and then making the output have no newline characters.</p>
+ *
+ *
+ * <p>
+ * Original change Log:
+ * </p>
+ * <ul>
+ *  <li>v2.2.2 - Fixed encodeFileToFile and decodeFileToFile to use the
+ *   Base64.InputStream class to encode and decode on the fly which uses
+ *   less memory than encoding/decoding an entire file into memory before writing.</li>
+ *  <li>v2.2.1 - Fixed bug using URL_SAFE and ORDERED encodings. Fixed bug
+ *   when using very small files (~< 40 bytes).</li>
+ *  <li>v2.2 - Added some helper methods for encoding/decoding directly from
+ *   one file to the next. Also added a main() method to support command line
+ *   encoding/decoding from one file to the next. Also added these Base64 dialects:
+ *   <ol>
+ *   <li>The default is RFC3548 format.</li>
+ *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.URLSAFE_FORMAT) generates
+ *   URL and file name friendly format as described in Section 4 of RFC3548.
+ *   http://www.faqs.org/rfcs/rfc3548.html</li>
+ *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.ORDERED_FORMAT) generates
+ *   URL and file name friendly format that preserves lexical ordering as described
+ *   in http://www.faqs.org/qa/rfcc-1940.html</li>
+ *   </ol>
+ *   Special thanks to Jim Kellerman at <a href="http://www.powerset.com/">http://www.powerset.com/</a>
+ *   for contributing the new Base64 dialects.
+ *  </li>
+ *
+ *  <li>v2.1 - Cleaned up javadoc comments and unused variables and methods. Added
+ *   some convenience methods for reading and writing to and from files.</li>
+ *  <li>v2.0.2 - Now specifies UTF-8 encoding in places where the code fails on systems
+ *   with other encodings (like EBCDIC).</li>
+ *  <li>v2.0.1 - Fixed an error when decoding a single byte, that is, when the
+ *   encoded data was a single byte.</li>
+ *  <li>v2.0 - I got rid of methods that used booleans to set options.
+ *   Now everything is more consolidated and cleaner. The code now detects
+ *   when data that's being decoded is gzip-compressed and will decompress it
+ *   automatically. Generally things are cleaner. You'll probably have to
+ *   change some method calls that you were making to support the new
+ *   options format (<tt>int</tt>s that you "OR" together).</li>
+ *  <li>v1.5.1 - Fixed bug when decompressing and decoding to a
+ *   byte[] using <tt>decode( String s, boolean gzipCompressed )</tt>.
+ *   Added the ability to "suspend" encoding in the Output Stream so
+ *   you can turn on and off the encoding if you need to embed base64
+ *   data in an otherwise "normal" stream (like an XML file).</li>
+ *  <li>v1.5 - Output stream passes on flush() command but doesn't do anything itself.
+ *      This helps when using GZIP streams.
+ *      Added the ability to GZip-compress objects before encoding them.</li>
+ *  <li>v1.4 - Added helper methods to read/write files.</li>
+ *  <li>v1.3.6 - Fixed OutputStream.flush() so that 'position' is reset.</li>
+ *  <li>v1.3.5 - Added flag to turn on and off line breaks. Fixed bug in input stream
+ *      where last buffer being read, if not completely full, was not returned.</li>
+ *  <li>v1.3.4 - Fixed when "improperly padded stream" error was thrown at the wrong time.</li>
+ *  <li>v1.3.3 - Fixed I/O streams which were totally messed up.</li>
+ * </ul>
+ *
+ * <p>
+ * I am placing this code in the Public Domain. Do with it as you will.
+ * This software comes with no guarantees or warranties but with
+ * plenty of well-wishing instead!
+ * Please visit <a href="http://iharder.net/base64">http://iharder.net/base64</a>
+ * periodically to check for updates or to contribute improvements.
+ * </p>
+ *
+ * @author Robert Harder
+ * @author rob@iharder.net
+ * @version 2.2.2
+ */
+public class Base64
+{
+
+/* ********  P U B L I C   F I E L D S  ******** */
+
+
+    /** No options specified. Value is zero. */
+    public final static int NO_OPTIONS = 0;
+
+    /** Specify encoding. */
+    public final static int ENCODE = 1;
+
+    /** Specify decoding. */
+    public final static int DECODE = 0;
+
+    /** Specify that data should be gzip-compressed. */
+    public final static int GZIP = 2;
+
+    /** Don't break lines when encoding (violates strict Base64 specification) */
+    public final static int DONT_BREAK_LINES = 8;
+
+    /**
+     * Encode using Base64-like encoding that is URL- and Filename-safe as described
+     * in Section 4 of RFC3548:
+     * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+     * It is important to note that data encoded this way is <em>not</em> officially valid Base64,
+     * or at the very least should not be called Base64 without also specifying that is
+     * was encoded using the URL- and Filename-safe dialect.
+     */
+     public final static int URL_SAFE = 16;
+
+     /**
+      * Encode using the special "ordered" dialect of Base64 described here:
+      * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+      */
+     public final static int ORDERED = 32;
+
+     /**
+      * System property name that must be set to true in order to invoke {@code Base64.decodeToObject()}.
+      * @link https://github.com/ESAPI/esapi-java-legacy/issues/354
+      * @link http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
+      */
+     public final static String ENABLE_UNSAFE_SERIALIZATION = "org.owasp.esapi.enableUnsafeSerialization"; // Do NOT change!
+
+/* ********  P R I V A T E   F I E L D S  ******** */
+
+    /** Maximum line length (76) of Base64 output. */
+    private final static int MAX_LINE_LENGTH = 76;
+
+    /** The equals sign (=) as a byte. */
+    private final static byte EQUALS_SIGN = (byte)'=';
+
+    /** The new line character (\n) as a byte. */
+    private final static byte NEW_LINE = (byte)'\n';
+
+    /** Preferred encoding. */
+    private final static String PREFERRED_ENCODING = "UTF-8";
+
+    /** End of line character. */
+    private final static String EOL = System.getProperty("line.separator", "\n");
+
+
+    // I think I end up not using the BAD_ENCODING indicator.
+    //private final static byte BAD_ENCODING    = -9; // Indicates error in encoding
+    private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
+    private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
+
+    private static final Logger logger = ESAPI.getLogger("Base64");
+
+/* ********  S T A N D A R D   B A S E 6 4   A L P H A B E T  ******** */
+
+    /** The 64 valid Base64 values. */
+    //private final static byte[] ALPHABET;
+    /* Host platform me be something funny like EBCDIC, so we hard code these values. */
+    private final static byte[] _STANDARD_ALPHABET =
+    {
+        (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+        (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+        (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
+        (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+        (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+        (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+        (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
+        (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
+        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5',
+        (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'+', (byte)'/'
+    };
+
+    /**
+     * Translates a Base64 value to either its 6-bit reconstruction value
+     * or a negative number indicating some other meaning.
+     **/
+    private final static byte[] _STANDARD_DECODABET =
+    {
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
+        -5,-5,                                      // Whitespace: Tab and Linefeed
+        -9,-9,                                      // Decimal 11 - 12
+        -5,                                         // Whitespace: Carriage Return
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
+        -9,-9,-9,-9,-9,                             // Decimal 27 - 31
+        -5,                                         // Whitespace: Space
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
+        62,                                         // Plus sign at decimal 43
+        -9,-9,-9,                                   // Decimal 44 - 46
+        63,                                         // Slash at decimal 47
+        52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
+        -9,-9,-9,                                   // Decimal 58 - 60
+        -1,                                         // Equals sign at decimal 61
+        -9,-9,-9,                                      // Decimal 62 - 64
+        0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
+        14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
+        -9,-9,-9,-9,-9,-9,                          // Decimal 91 - 96
+        26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
+        39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
+        -9,-9,-9,-9                                 // Decimal 123 - 126
+        /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
+    };
+
+
+/* ********  U R L   S A F E   B A S E 6 4   A L P H A B E T  ******** */
+
+    /**
+     * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548:
+     * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+     * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" and "slash."
+     */
+    private final static byte[] _URL_SAFE_ALPHABET =
+    {
+      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
+      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
+      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
+      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5',
+      (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'-', (byte)'_'
+    };
+
+    /**
+     * Used in decoding URL- and Filename-safe dialects of Base64.
+     */
+    private final static byte[] _URL_SAFE_DECODABET =
+    {
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
+      -5,-5,                                      // Whitespace: Tab and Linefeed
+      -9,-9,                                      // Decimal 11 - 12
+      -5,                                         // Whitespace: Carriage Return
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
+      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
+      -5,                                         // Whitespace: Space
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
+      -9,                                         // Plus sign at decimal 43
+      -9,                                         // Decimal 44
+      62,                                         // Minus sign at decimal 45
+      -9,                                         // Decimal 46
+      -9,                                         // Slash at decimal 47
+      52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
+      -9,-9,-9,                                   // Decimal 58 - 60
+      -1,                                         // Equals sign at decimal 61
+      -9,-9,-9,                                   // Decimal 62 - 64
+      0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
+      14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
+      -9,-9,-9,-9,                                // Decimal 91 - 94
+      63,                                         // Underscore at decimal 95
+      -9,                                         // Decimal 96
+      26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
+      39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
+      -9,-9,-9,-9                                 // Decimal 123 - 126
+      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
+    };
+
+
+
+/* ********  O R D E R E D   B A S E 6 4   A L P H A B E T  ******** */
+
+    /**
+     * I don't get the point of this technique, but it is described here:
+     * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+     */
+    private final static byte[] _ORDERED_ALPHABET =
+    {
+      (byte)'-',
+      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4',
+      (byte)'5', (byte)'6', (byte)'7', (byte)'8', (byte)'9',
+      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
+      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+      (byte)'_',
+      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
+      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z'
+    };
+
+    /**
+     * Used in decoding the "ordered" dialect of Base64.
+     */
+    private final static byte[] _ORDERED_DECODABET =
+    {
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
+      -5,-5,                                      // Whitespace: Tab and Linefeed
+      -9,-9,                                      // Decimal 11 - 12
+      -5,                                         // Whitespace: Carriage Return
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
+      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
+      -5,                                         // Whitespace: Space
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
+      -9,                                         // Plus sign at decimal 43
+      -9,                                         // Decimal 44
+      0,                                          // Minus sign at decimal 45
+      -9,                                         // Decimal 46
+      -9,                                         // Slash at decimal 47
+      1,2,3,4,5,6,7,8,9,10,                       // Numbers zero through nine
+      -9,-9,-9,                                   // Decimal 58 - 60
+      -1,                                         // Equals sign at decimal 61
+      -9,-9,-9,                                   // Decimal 62 - 64
+      11,12,13,14,15,16,17,18,19,20,21,22,23,     // Letters 'A' through 'M'
+      24,25,26,27,28,29,30,31,32,33,34,35,36,     // Letters 'N' through 'Z'
+      -9,-9,-9,-9,                                // Decimal 91 - 94
+      37,                                         // Underscore at decimal 95
+      -9,                                         // Decimal 96
+      38,39,40,41,42,43,44,45,46,47,48,49,50,     // Letters 'a' through 'm'
+      51,52,53,54,55,56,57,58,59,60,61,62,63,     // Letters 'n' through 'z'
+      -9,-9,-9,-9                                 // Decimal 123 - 126
+      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
+    };
+
+
+/* ********  D E T E R M I N E   W H I C H   A L H A B E T  ******** */
+
+
+    /**
+     * Returns one of the _SOMETHING_ALPHABET byte arrays depending on
+     * the options specified.
+     * It's possible, though silly, to specify ORDERED and URLSAFE
+     * in which case one of them will be picked, though there is
+     * no guarantee as to which one will be picked.
+     */
+    private final static byte[] getAlphabet( int options )
+    {
+        if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_ALPHABET;
+        else if( (options & ORDERED) == ORDERED ) return _ORDERED_ALPHABET;
+        else return _STANDARD_ALPHABET;
+
+    }   // end getAlphabet
+
+
+    /**
+     * Returns one of the _SOMETHING_DECODABET byte arrays depending on
+     * the options specified.
+     * It's possible, though silly, to specify ORDERED and URL_SAFE
+     * in which case one of them will be picked, though there is
+     * no guarantee as to which one will be picked.
+     */
+    private final static byte[] getDecodabet( int options )
+    {
+        if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_DECODABET;
+        else if( (options & ORDERED) == ORDERED ) return _ORDERED_DECODABET;
+        else return _STANDARD_DECODABET;
+
+    }   // end getDecodaabet
+
+    /** Defeats instantiation. */
+    private Base64(){}
+
+    /**
+     * Encodes or decodes two files from the command line;
+     * <strong>feel free to delete this method (in fact you probably should)
+     * if you're embedding this code into a larger program</strong>.
+     * @param args
+     */
+    public final static void main( String[] args )
+    {
+        if( args.length < 3 ){
+            usage("Not enough arguments.");
+        }   // end if: args.length < 3
+        else {
+            String flag = args[0];
+            String infile = args[1];
+            String outfile = args[2];
+            if( flag.equals( "-e" ) ){
+                Base64.encodeFileToFile( infile, outfile );
+            }   // end if: encode
+            else if( flag.equals( "-d" ) ) {
+                Base64.decodeFileToFile( infile, outfile );
+            }   // end else if: decode
+            else {
+                usage( "Unknown flag: " + flag );
+            }   // end else
+        }   // end else
+    }   // end main
+
+    /**
+     * Prints command line usage.
+     *
+     * @param msg A message to include with usage info.
+     */
+    private final static void usage( String msg )
+    {
+        System.err.println( msg );
+        System.err.println( "Usage: java Base64 -e|-d inputfile outputfile" );
+    }   // end usage
+
+/* ********  E N C O D I N G   M E T H O D S  ******** */
+
+    /**
+     * Encodes up to the first three bytes of array <var>threeBytes</var>
+     * and returns a four-byte array in Base64 notation.
+     * The actual number of significant bytes in your array is
+     * given by <var>numSigBytes</var>.
+     * The array <var>threeBytes</var> needs only be as big as
+     * <var>numSigBytes</var>.
+     * Code can reuse a byte array by passing a four-byte array as <var>b4</var>.
+     *
+     * @param b4 A reusable byte array to reduce array instantiation
+     * @param threeBytes the array to convert
+     * @param numSigBytes the number of significant bytes in your array
+     * @return four byte array in Base64 notation.
+     * @since 1.5.1
+     */
+    private static byte[] encode3to4( byte[] b4, byte[] threeBytes, int numSigBytes, int options )
+    {
+        encode3to4( threeBytes, 0, numSigBytes, b4, 0, options );
+        return b4;
+    }   // end encode3to4
+
+    /**
+     * <p>Encodes up to three bytes of the array <var>source</var>
+     * and writes the resulting four Base64 bytes to <var>destination</var>.
+     * The source and destination arrays can be manipulated
+     * anywhere along their length by specifying
+     * <var>srcOffset</var> and <var>destOffset</var>.
+     * This method does not check to make sure your arrays
+     * are large enough to accomodate <var>srcOffset</var> + 3 for
+     * the <var>source</var> array or <var>destOffset</var> + 4 for
+     * the <var>destination</var> array.
+     * The actual number of significant bytes in your array is
+     * given by <var>numSigBytes</var>.</p>
+     * <p>This is the lowest level of the encoding methods with
+     * all possible parameters.</p>
+     *
+     * @param source the array to convert
+     * @param srcOffset the index where conversion begins
+     * @param numSigBytes the number of significant bytes in your array
+     * @param destination the array to hold the conversion
+     * @param destOffset the index where output will be put
+     * @return the <var>destination</var> array
+     * @since 1.3
+     */
+    private static byte[] encode3to4(
+        byte[] source, int srcOffset, int numSigBytes,
+        byte[] destination, int destOffset, int options )
+    {
+        byte[] ALPHABET = getAlphabet( options );
+
+        //           1         2         3
+        // 01234567890123456789012345678901 Bit position
+        // --------000000001111111122222222 Array position from threeBytes
+        // --------|    ||    ||    ||    | Six bit groups to index ALPHABET
+        //          >>18  >>12  >> 6  >> 0  Right shift necessary
+        //                0x3f  0x3f  0x3f  Additional AND
+
+        // Create buffer with zero-padding if there are only one or two
+        // significant bytes passed in the array.
+        // We have to shift left 24 in order to flush out the 1's that appear
+        // when Java treats a value as negative that is cast from a byte to an int.
+        int inBuff =   ( numSigBytes > 0 ? ((source[ srcOffset     ] << 24) >>>  8) : 0 )
+                     | ( numSigBytes > 1 ? ((source[ srcOffset + 1 ] << 24) >>> 16) : 0 )
+                     | ( numSigBytes > 2 ? ((source[ srcOffset + 2 ] << 24) >>> 24) : 0 );
+
+        switch( numSigBytes )
+        {
+            case 3:
+                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
+                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
+                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
+                destination[ destOffset + 3 ] = ALPHABET[ (inBuff       ) & 0x3f ];
+                return destination;
+
+            case 2:
+                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
+                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
+                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
+                destination[ destOffset + 3 ] = EQUALS_SIGN;
+                return destination;
+
+            case 1:
+                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
+                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
+                destination[ destOffset + 2 ] = EQUALS_SIGN;
+                destination[ destOffset + 3 ] = EQUALS_SIGN;
+                return destination;
+
+            default:
+                return destination;
+        }   // end switch
+    }   // end encode3to4
+
+    /**
+     * Encodes a byte array into Base64 notation.
+     * Does not GZip-compress data.
+     *
+     * @param source The data to convert
+     * @return The Base64-encoded resulting string
+     * @since 1.4
+     */
+    public static String encodeBytes( byte[] source )
+    {
+        return encodeBytes( source, 0, source.length, NO_OPTIONS );
+    }   // end encodeBytes
+
+
+
+    /**
+     * Encodes a byte array into Base64 notation.
+     * <p>
+     * Valid options:<pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DONT_BREAK_LINES: don't break lines at 76 characters
+     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+     * </pre>
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+     *
+     *
+     * @param source The data to convert
+     * @param options Specified options
+     * @return The Base64-encoded resulting string
+     * @see Base64#GZIP
+     * @see Base64#DONT_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeBytes( byte[] source, int options )
+    {
+        return encodeBytes( source, 0, source.length, options );
+    }   // end encodeBytes
+
+    /**
+     * Encodes a byte array into Base64 notation.
+     * Does not GZip-compress data.
+     *
+     * @param source The data to convert
+     * @param off Offset in array where conversion should begin
+     * @param len Length of data to convert
+     * @return The Base64-encoded resulting string
+     * @since 1.4
+     */
+    public static String encodeBytes( byte[] source, int off, int len )
+    {
+        return encodeBytes( source, off, len, NO_OPTIONS );
+    }   // end encodeBytes
+
+    /**
+     * Encodes a byte array into Base64 notation.
+     * <p>
+     * Valid options:<pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DONT_BREAK_LINES: don't break lines at 76 characters
+     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+     * </pre>
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+     *
+     *
+     * @param source The data to convert
+     * @param off Offset in array where conversion should begin
+     * @param len Length of data to convert
+     * @param options alphabet type is pulled from this (standard, url-safe, ordered)
+     * @return The Base64-encoded resulting string
+     * @see Base64#GZIP
+     * @see Base64#DONT_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeBytes( byte[] source, int off, int len, int options )
+    {
+        // Isolate options
+        int dontBreakLines = ( options & DONT_BREAK_LINES );
+        int gzip           = ( options & GZIP   );
+
+        // Compress?
+        if( gzip == GZIP )
+        {
+            java.io.ByteArrayOutputStream  baos  = null;
+            java.util.zip.GZIPOutputStream gzos  = null;
+            Base64.OutputStream            b64os = null;
+
+            try
+            {
+                // GZip -> Base64 -> ByteArray
+                baos = new java.io.ByteArrayOutputStream();
+                b64os = new Base64.OutputStream( baos, ENCODE | options );
+                gzos  = new java.util.zip.GZIPOutputStream( b64os );
+
+                gzos.write( source, off, len );
+                gzos.close();
+            }   // end try
+            catch( java.io.IOException e )
+            {
+                logger.error( Logger.SECURITY_FAILURE, "Problem writing gzip stream", e );
+                return null;
+            }   // end catch
+            finally
+            {
+                try{ gzos.close();  } catch( Exception e ){}
+                try{ b64os.close(); } catch( Exception e ){}
+                try{ baos.close();  } catch( Exception e ){}
+            }   // end finally
+
+            // Return value according to relevant encoding.
+            try
+            {
+                return new String( baos.toByteArray(), PREFERRED_ENCODING );
+            }   // end try
+            catch (java.io.UnsupportedEncodingException uue)
+            {
+                return new String( baos.toByteArray() );
+            }   // end catch
+        }   // end if: compress
+
+        // Else, don't compress. Better not to use streams at all then.
+        else
+        {
+            // Convert option to boolean in way that code likes it.
+            boolean breakLines = dontBreakLines == 0;
+
+            int    len43   = len * 4 / 3;
+            byte[] outBuff = new byte[   ( len43 )                      // Main 4:3
+                                       + ( (len % 3) > 0 ? 4 : 0 )      // Account for padding
+                                       + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines
+            int d = 0;
+            int e = 0;
+            int len2 = len - 2;
+            int lineLength = 0;
+            for( ; d < len2; d+=3, e+=4 )
+            {
+                encode3to4( source, d+off, 3, outBuff, e, options );
+
+                lineLength += 4;
+                if( breakLines && lineLength == MAX_LINE_LENGTH )
+                {
+                    outBuff[e+4] = NEW_LINE;
+                    e++;
+                    lineLength = 0;
+                }   // end if: end of line
+            }   // en dfor: each piece of array
+
+            if( d < len )
+            {
+                encode3to4( source, d+off, len - d, outBuff, e, options );
+                e += 4;
+            }   // end if: some padding needed
+
+
+            // Return value according to relevant encoding.
+            try
+            {
+                return new String( outBuff, 0, e, PREFERRED_ENCODING );
+            }   // end try
+            catch (java.io.UnsupportedEncodingException uue)
+            {
+                return new String( outBuff, 0, e );
+            }   // end catch
+
+        }   // end else: don't compress
+
+    }   // end encodeBytes
+
+/* ********  D E C O D I N G   M E T H O D S  ******** */
+
+    /**
+     * Decodes four bytes from array <var>source</var>
+     * and writes the resulting bytes (up to three of them)
+     * to <var>destination</var>.
+     * The source and destination arrays can be manipulated
+     * anywhere along their length by specifying
+     * <var>srcOffset</var> and <var>destOffset</var>.
+     * This method does not check to make sure your arrays
+     * are large enough to accomodate <var>srcOffset</var> + 4 for
+     * the <var>source</var> array or <var>destOffset</var> + 3 for
+     * the <var>destination</var> array.
+     * This method returns the actual number of bytes that
+     * were converted from the Base64 encoding.
+     * <p>This is the lowest level of the decoding methods with
+     * all possible parameters.</p>
+     *
+     *
+     * @param source the array to convert
+     * @param srcOffset the index where conversion begins
+     * @param destination the array to hold the conversion
+     * @param destOffset the index where output will be put
+     * @param options alphabet type is pulled from this (standard, url-safe, ordered)
+     * @return the number of decoded bytes converted
+     * @since 1.3
+     */
+    private static int decode4to3( byte[] source, int srcOffset, byte[] destination, int destOffset, int options )
+    {
+        byte[] DECODABET = getDecodabet( options );
+
+        // Example: Dk==
+        if( source[ srcOffset + 2] == EQUALS_SIGN )
+        {
+            // Two ways to do the same thing. Don't know which way I like best.
+            //int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] << 24 ) >>>  6 )
+            //              | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
+            int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] & 0xFF ) << 18 )
+                          | ( ( DECODABET[ source[ srcOffset + 1] ] & 0xFF ) << 12 );
+
+            destination[ destOffset ] = (byte)( outBuff >>> 16 );
+            return 1;
+        }
+
+        // Example: DkL=
+        else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
+        {
+            // Two ways to do the same thing. Don't know which way I like best.
+            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
+            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 );
+            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
+                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
+                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6 );
+
+            destination[ destOffset     ] = (byte)( outBuff >>> 16 );
+            destination[ destOffset + 1 ] = (byte)( outBuff >>>  8 );
+            return 2;
+        }
+
+        // Example: DkLE
+        else
+        {
+            try{
+            // Two ways to do the same thing. Don't know which way I like best.
+            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
+            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 )
+            //              | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
+            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
+                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
+                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6)
+                          | ( ( DECODABET[ source[ srcOffset + 3 ] ] & 0xFF )      );
+
+
+            destination[ destOffset     ] = (byte)( outBuff >> 16 );
+            destination[ destOffset + 1 ] = (byte)( outBuff >>  8 );
+            destination[ destOffset + 2 ] = (byte)( outBuff       );
+
+            return 3;
+            }catch( Exception e){
+
+        // Remove these after checking -- for context only.
+                // logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset]+ ": " + ( DECODABET[ source[ srcOffset     ] ]  ) );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+1]+  ": " + ( DECODABET[ source[ srcOffset + 1 ] ]  ) );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+2]+  ": " + ( DECODABET[ source[ srcOffset + 2 ] ]  ) );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+3]+  ": " + ( DECODABET[ source[ srcOffset + 3 ] ]  ) );
+
+            // CHECKME: I replaced the 5 separate logger.error() calls above with a single logger.error() call so they can't
+            // become interleaved with other log entries from other threads. Normally this would have placed log entries
+            // on separate lines, so I also added line terminators here as well. (Probably don't want it all on one single
+            // really long log entry, do we?) Anyhow, somebody should check the formatting to ensure that it's
+            // esthetically pleasing, etc. But this works for me. I'm also OK if you want to remove all the line terminators
+            // in which case the declaration for EOL should be removed as well.     - Kevin Wall
+
+                StringBuilder sb = new StringBuilder("Problem writing object:");
+                sb.append(EOL);
+                sb.append( source[srcOffset]   ).append(": ").append( ( DECODABET[ source[ srcOffset     ] ]  ) ).append(EOL);
+                sb.append( source[srcOffset+1] ).append(": ").append( ( DECODABET[ source[ srcOffset + 1 ] ]  ) ).append(EOL);
+                sb.append( source[srcOffset+2] ).append(": ").append( ( DECODABET[ source[ srcOffset + 2 ] ]  ) ).append(EOL);
+                sb.append( source[srcOffset+3] ).append(": ").append( ( DECODABET[ source[ srcOffset + 3 ] ]  ) ).append(EOL);
+
+                logger.error( Logger.SECURITY_FAILURE, sb.toString(), e );
+                return -1;
+            }   // end catch
+        }
+    }   // end decodeToBytes
+
+    /**
+     * Very low-level access to decoding ASCII characters in
+     * the form of a byte array. Does not support automatically
+     * gunzipping or any other "fancy" features.
+     *
+     * @param source The Base64 encoded data
+     * @param off    The offset of where to begin decoding
+     * @param len    The length of characters to decode
+     * @param options
+     * @return decoded data
+     * @since 1.3
+     */
+    public static byte[] decode( byte[] source, int off, int len, int options )
+    {
+        byte[] DECODABET = getDecodabet( options );
+
+        int    len34   = len * 3 / 4;
+        byte[] outBuff = new byte[ len34 ]; // Upper limit on size of output
+        int    outBuffPosn = 0;
+
+        byte[] b4        = new byte[4];
+        int    b4Posn    = 0;
+        int    i         = 0;
+        byte   sbiCrop   = 0;
+        byte   sbiDecode = 0;
+        for( i = off; i < off+len; i++ )
+        {
+            sbiCrop = (byte)(source[i] & 0x7f); // Only the low seven bits
+            sbiDecode = DECODABET[ sbiCrop ];
+
+            if( sbiDecode >= WHITE_SPACE_ENC ) // White space, Equals sign or better
+            {
+                if( sbiDecode >= EQUALS_SIGN_ENC )
+                {
+                    b4[ b4Posn++ ] = sbiCrop;
+                    if( b4Posn > 3 )
+                    {
+                        outBuffPosn += decode4to3( b4, 0, outBuff, outBuffPosn, options );
+                        b4Posn = 0;
+
+                        // If that was the equals sign, break out of 'for' loop
+                        if( sbiCrop == EQUALS_SIGN )
+                            break;
+                    }   // end if: quartet built
+
+                }   // end if: equals sign or better
+
+            }   // end if: white space, equals sign or better
+            else
+            {
+                logger.error( Logger.SECURITY_FAILURE, "Bad Base64 input character at " + i + ": " + source[i] + "(decimal)" );
+                return null;
+            }   // end else:
+        }   // each input character
+
+        byte[] out = new byte[ outBuffPosn ];
+        System.arraycopy( outBuff, 0, out, 0, outBuffPosn );
+        return out;
+    }   // end decode
+
+    /**
+     * Decodes data from Base64 notation, automatically
+     * detecting gzip-compressed data and decompressing it.
+     *
+     * @param s the string to decode
+     * @return the decoded data
+     * @since 1.4
+     */
+    public static byte[] decode( String s )
+    {
+        return decode( s, NO_OPTIONS );
+    }
+
+    /**
+     * Decodes data from Base64 notation, automatically
+     * detecting gzip-compressed data and decompressing it.
+     *
+     * @param s the string to decode
+     * @param options encode options such as URL_SAFE
+     * @return the decoded data
+     * @since 1.4
+     */
+    public static byte[] decode( String s, int options )
+    {
+        byte[] bytes;
+        try
+        {
+            bytes = s.getBytes( PREFERRED_ENCODING );
+        }
+        catch( java.io.UnsupportedEncodingException uee )
+        {
+            bytes = s.getBytes();   // Uses native encoding
+            // CHECKME: Is this correct? I think it should be a warning instead of an error since nothing
+            // is re-thrown. I do think that *some* sort of logging is in order here  especially since UTF-8 should
+            // always be available on all platforms. If it's not, then all bets are off on your runtime env. - Kevin Wall
+            logger.warning( Logger.SECURITY_FAILURE, "Problem decoding string using " +
+                            PREFERRED_ENCODING + "; substituting native platform encoding instead", uee );
+        }
+
+        // Decode
+        bytes = decode( bytes, 0, bytes.length, options );
+
+        // Check to see if it's gzip-compressed
+        // GZIP Magic Two-Byte Number: 0x8b1f (35615)
+        if( bytes != null && bytes.length >= 4 )
+        {
+
+            int head = ((int)bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);
+            if ( java.util.zip.GZIPInputStream.GZIP_MAGIC == head )
+            {
+                java.io.ByteArrayInputStream  bais = null;
+                java.util.zip.GZIPInputStream gzis = null;
+                java.io.ByteArrayOutputStream baos = null;
+                byte[] buffer = new byte[2048];
+                int    length = 0;
+
+                try
+                {
+                    baos = new java.io.ByteArrayOutputStream();
+                    bais = new java.io.ByteArrayInputStream( bytes );
+                    gzis = new java.util.zip.GZIPInputStream( bais );
+
+                    while( ( length = gzis.read( buffer ) ) >= 0 )
+                    {
+                        baos.write(buffer,0,length);
+                    }   // end while: reading input
+
+                    // No error? Get new bytes.
+                    bytes = baos.toByteArray();
+
+                }   // end try
+                catch( java.io.IOException e )
+                {
+                    // Just return originally-decoded bytes
+                }   // end catch
+                finally
+                {
+                    try{ baos.close(); } catch( Exception e ){}
+                    try{ gzis.close(); } catch( Exception e ){}
+                    try{ bais.close(); } catch( Exception e ){}
+                }   // end finally
+
+            }   // end if: gzipped
+        }   // end if: bytes.length >= 2
+
+        return bytes;
+    }   // end decode
+
+    /**
+     * Convenience method for encoding data to a file.
+     *
+     * @param dataToEncode byte array of data to encode in base64 form
+     * @param filename Filename for saving encoded data
+     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
+     *
+     * @since 2.1
+     */
+    public static boolean encodeToFile( byte[] dataToEncode, String filename )
+    {
+        boolean success = false;
+        Base64.OutputStream bos = null;
+        try
+        {
+            bos = new Base64.OutputStream(
+                      new java.io.FileOutputStream( filename ), Base64.ENCODE );
+            bos.write( dataToEncode );
+            success = true;
+        }   // end try
+        catch( java.io.IOException e )
+        {
+
+            success = false;
+        }   // end catch: IOException
+        finally
+        {
+            try{ bos.close(); } catch( Exception e ){}
+        }   // end finally
+
+        return success;
+    }   // end encodeToFile
+
+    /**
+     * Convenience method for decoding data to a file.
+     *
+     * @param dataToDecode Base64-encoded data as a string
+     * @param filename Filename for saving decoded data
+     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
+     *
+     * @since 2.1
+     */
+    public static boolean decodeToFile( String dataToDecode, String filename )
+    {
+        boolean success = false;
+        Base64.OutputStream bos = null;
+        try
+        {
+                bos = new Base64.OutputStream(
+                          new java.io.FileOutputStream( filename ), Base64.DECODE );
+                bos.write( dataToDecode.getBytes( PREFERRED_ENCODING ) );
+                success = true;
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            success = false;
+        }   // end catch: IOException
+        finally
+        {
+                try{ bos.close(); } catch( Exception e ){}
+        }   // end finally
+
+        return success;
+    }   // end decodeToFile
+
+    /**
+     * Convenience method for reading a base64-encoded
+     * file and decoding it.
+     *
+     * @param filename Filename for reading encoded data
+     * @return decoded byte array or null if unsuccessful
+     *
+     * @since 2.1
+     */
+    public static byte[] decodeFromFile( String filename )
+    {
+        byte[] decodedData = null;
+        Base64.InputStream bis = null;
+        try
+        {
+            // Set up some useful variables
+            java.io.File file = new java.io.File( filename );
+            byte[] buffer = null;
+            int length   = 0;
+            int numBytes = 0;
+
+            // Check for size of file
+            if( file.length() > Integer.MAX_VALUE )
+            {
+                logger.error( Logger.SECURITY_FAILURE, "File is too big for this convenience method (" + file.length() + " bytes)." );
+                return null;
+            }   // end if: file too big for int index
+            buffer = new byte[ (int)file.length() ];
+
+            // Open a stream
+            bis = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
+                      new java.io.FileInputStream( file ) ), Base64.DECODE );
+
+            // Read until done
+            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
+                length += numBytes;
+
+            // Save in a variable to return
+            decodedData = new byte[ length ];
+            System.arraycopy( buffer, 0, decodedData, 0, length );
+
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            logger.error( Logger.SECURITY_FAILURE, "Error decoding from file " + filename, e );
+        }   // end catch: IOException
+        finally
+        {
+            try{ if (bis != null ) bis.close(); } catch( Exception e) {}
+        }   // end finally
+
+        return decodedData;
+    }   // end decodeFromFile
+
+    /**
+     * Convenience method for reading a binary file
+     * and base64-encoding it.
+     *
+     * @param filename Filename for reading binary data
+     * @return base64-encoded string or null if unsuccessful
+     *
+     * @since 2.1
+     */
+    public static String encodeFromFile( String filename )
+    {
+        String encodedData = null;
+        Base64.InputStream bis = null;
+        try
+        {
+            // Set up some useful variables
+            java.io.File file = new java.io.File( filename );
+            byte[] buffer = new byte[ Math.max((int)(file.length() * 1.4),40) ]; // Need max() for math on small files (v2.2.1)
+            int length   = 0;
+            int numBytes = 0;
+
+            // Open a stream
+            bis = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
+                      new java.io.FileInputStream( file ) ), Base64.ENCODE );
+
+            // Read until done
+            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
+                length += numBytes;
+
+            // Save in a variable to return
+            encodedData = new String( buffer, 0, length, Base64.PREFERRED_ENCODING );
+
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            logger.error( Logger.SECURITY_FAILURE, "Error encoding from file " + filename, e );
+        }   // end catch: IOException
+        finally
+        {
+            try{ bis.close(); } catch( Exception e) {}
+        }   // end finally
+
+        return encodedData;
+        }   // end encodeFromFile
+
+    /**
+     * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
+     *
+     * @param infile Input file
+     * @param outfile Output file
+     * @return true if the operation is successful
+     * @since 2.2
+     */
+    public static boolean encodeFileToFile( String infile, String outfile )
+    {
+        boolean success = false;
+        java.io.InputStream in = null;
+        java.io.OutputStream out = null;
+        try{
+            in  = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
+                        new java.io.FileInputStream( infile ) ),
+                      Base64.ENCODE );
+            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
+            byte[] buffer = new byte[65536]; // 64K
+            int read = -1;
+            while( ( read = in.read(buffer) ) >= 0 ){
+                out.write( buffer,0,read );
+            }   // end while: through file
+            success = true;
+        } catch( java.io.IOException exc ){
+            logger.error( Logger.SECURITY_FAILURE, "Problem encoding file to file", exc );
+        } finally{
+            try{ in.close();  } catch( Exception exc ){}
+            try{ out.close(); } catch( Exception exc ){}
+        }   // end finally
+
+        return success;
+    }   // end encodeFileToFile
+
+    /**
+     * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
+     *
+     * @param infile Input file
+     * @param outfile Output file
+     * @return true if the operation is successful
+     * @since 2.2
+     */
+    public static boolean decodeFileToFile( String infile, String outfile )
+    {
+        boolean success = false;
+        java.io.InputStream in = null;
+        java.io.OutputStream out = null;
+        try{
+            in  = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
+                      new java.io.FileInputStream( infile ) ),
+                      Base64.DECODE );
+            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
+            byte[] buffer = new byte[65536]; // 64K
+            int read = -1;
+            while( ( read = in.read(buffer) ) >= 0 ){
+                out.write( buffer,0,read );
+            }   // end while: through file
+            success = true;
+        } catch( java.io.IOException exc ){
+            logger.error( Logger.SECURITY_FAILURE, "Problem decoding file to file", exc );
+        } finally{
+            try{ in.close();  } catch( Exception exc ){}
+            try{ out.close(); } catch( Exception exc ){}
+        }   // end finally
+
+        return success;
+    }   // end decodeFileToFile
+
+    /* ********  I N N E R   C L A S S   I N P U T S T R E A M  ******** */
+
+    /**
+     * A {@link Base64.InputStream} will read data from another
+     * <tt>java.io.InputStream</tt>, given in the constructor,
+     * and encode/decode to/from Base64 notation on the fly.
+     *
+     * @see Base64
+     * @since 1.3
+     */
+    public static class InputStream extends java.io.FilterInputStream
+    {
+        private boolean encode;         // Encoding or decoding
+        private int     position;       // Current position in the buffer
+        private byte[]  buffer;         // Small buffer holding converted data
+        private int     bufferLength;   // Length of buffer (3 or 4)
+        private int     numSigBytes;    // Number of meaningful bytes in the buffer
+        private int     lineLength;
+        private boolean breakLines;     // Break lines at less than 80 characters
+        private int     options;        // Record options used to create the stream.
+        private byte[]  decodabet;      // Local copies to avoid extra method calls
+
+        /**
+         * Constructs a {@link Base64.InputStream} in DECODE mode.
+         *
+         * @param in the <tt>java.io.InputStream</tt> from which to read data.
+         * @since 1.3
+         */
+        public InputStream( java.io.InputStream in )
+        {
+            this( in, DECODE );
+        }   // end constructor
+
+        /**
+         * Constructs a {@link Base64.InputStream} in
+         * either ENCODE or DECODE mode.
+         * <p>
+         * Valid options:<pre>
+         *   ENCODE or DECODE: Encode or Decode as data is read.
+         *   DONT_BREAK_LINES: don't break lines at 76 characters
+         *     (only meaningful when encoding)
+         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+         * </pre>
+         * <p>
+         * Example: <code>new Base64.InputStream( in, Base64.DECODE )</code>
+         *
+         *
+         * @param in the <tt>java.io.InputStream</tt> from which to read data.
+         * @param options Specified options
+         * @see Base64#ENCODE
+         * @see Base64#DECODE
+         * @see Base64#DONT_BREAK_LINES
+         * @since 2.0
+         */
+        public InputStream( java.io.InputStream in, int options )
+        {
+            super( in );
+            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
+            this.encode       = (options & ENCODE) == ENCODE;
+            this.bufferLength = encode ? 4 : 3;
+            this.buffer       = new byte[ bufferLength ];
+            this.position     = -1;
+            this.lineLength   = 0;
+            this.options      = options; // Record for later, mostly to determine which alphabet to use
+            this.decodabet    = getDecodabet(options);
+        }   // end constructor
+
+        /**
+         * Reads enough of the input stream to convert
+         * to/from Base64 and returns the next byte.
+         *
+         * @return next byte
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public int read() throws java.io.IOException
+        {
+            // Do we need to get data?
+            if( position < 0 )
+            {
+                if( encode )
+                {
+                    byte[] b3 = new byte[3];
+                    int numBinaryBytes = 0;
+                    for( int i = 0; i < 3; i++ )
+                    {
+                        try
+                        {
+                            int b = in.read();
+
+                            // If end of stream, b is -1.
+                            if( b >= 0 )
+                            {
+                                b3[i] = (byte)b;
+                                numBinaryBytes++;
+                            }   // end if: not end of stream
+
+                        }   // end try: read
+                        catch( java.io.IOException e )
+                        {
+                            // Only a problem if we got no data at all.
+                            if( i == 0 )
+                                throw e;
+
+                        }   // end catch
+                    }   // end for: each needed input byte
+
+                    if( numBinaryBytes > 0 )
+                    {
+                        encode3to4( b3, 0, numBinaryBytes, buffer, 0, options );
+                        position = 0;
+                        numSigBytes = 4;
+                    }   // end if: got data
+                    else
+                    {
+                        return -1;
+                    }   // end else
+                }   // end if: encoding
+
+                // Else decoding
+                else
+                {
+                    byte[] b4 = new byte[4];
+                    int i = 0;
+                    for( i = 0; i < 4; i++ )
+                    {
+                        // Read four "meaningful" bytes:
+                        int b = 0;
+                        do{ b = in.read(); }
+                        while( b >= 0 && decodabet[ b & 0x7f ] <= WHITE_SPACE_ENC );
+
+                        if( b < 0 )
+                            break; // Reads a -1 if end of stream
+
+                        b4[i] = (byte)b;
+                    }   // end for: each needed input byte
+
+                    if( i == 4 )
+                    {
+                        numSigBytes = decode4to3( b4, 0, buffer, 0, options );
+                        position = 0;
+                    }   // end if: got four characters
+                    else if( i == 0 ){
+                        return -1;
+                    }   // end else if: also padded correctly
+                    else
+                    {
+                        // Must have broken out from above.
+                        throw new java.io.IOException( "Improperly padded Base64 input." );
+                    }   // end
+
+                }   // end else: decode
+            }   // end else: get data
+
+            // Got data?
+            if( position >= 0 )
+            {
+                // End of relevant data?
+                if( /*!encode &&*/ position >= numSigBytes )
+                    return -1;
+
+                if( encode && breakLines && lineLength >= MAX_LINE_LENGTH )
+                {
+                    lineLength = 0;
+                    return '\n';
+                }   // end if
+                else
+                {
+                    lineLength++;   // This isn't important when decoding
+                                    // but throwing an extra "if" seems
+                                    // just as wasteful.
+
+                    int b = buffer[ position++ ];
+
+                    if( position >= bufferLength )
+                        position = -1;
+
+                    return b & 0xFF; // This is how you "cast" a byte that's
+                                     // intended to be unsigned.
+                }   // end else
+            }   // end if: position >= 0
+
+            // Else error
+            else
+            {
+                // When JDK1.4 is more accepted, use an assertion here.
+                throw new java.io.IOException( "Error in Base64 code reading stream." );
+            }   // end else
+        }   // end read
+
+        /**
+         * Calls {@link #read()} repeatedly until the end of stream
+         * is reached or <var>len</var> bytes are read.
+         * Returns number of bytes read into array or -1 if
+         * end of stream is encountered.
+         *
+         * @param dest array to hold values
+         * @param off offset for array
+         * @param len max number of bytes to read into array
+         * @return bytes read into array or -1 if end of stream is encountered.
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public int read( byte[] dest, int off, int len ) throws java.io.IOException
+        {
+            int i;
+            int b;
+            for( i = 0; i < len; i++ )
+            {
+                b = read();
+
+                //if( b < 0 && i == 0 )
+                //    return -1;
+
+                if( b >= 0 )
+                    dest[off + i] = (byte)b;
+                else if( i == 0 )
+                    return -1;
+                else
+                    break; // Out of 'for' loop
+            }   // end for: each byte read
+            return i;
+        }   // end read
+
+    }   // end inner class InputStream
+
+
+    /* ********  I N N E R   C L A S S   O U T P U T S T R E A M  ******** */
+
+    /**
+     * A {@link Base64.OutputStream} will write data to another
+     * <tt>java.io.OutputStream</tt>, given in the constructor,
+     * and encode/decode to/from Base64 notation on the fly.
+     *
+     * @see Base64
+     * @since 1.3
+     */
+    public static class OutputStream extends java.io.FilterOutputStream
+    {
+        private boolean encode;
+        private int     position;
+        private byte[]  buffer;
+        private int     bufferLength;
+        private int     lineLength;
+        private boolean breakLines;
+        private byte[]  b4; // Scratch used in a few places
+        private boolean suspendEncoding;
+        private int options; // Record for later
+        private byte[]  decodabet;      // Local copies to avoid extra method calls
+
+        /**
+         * Constructs a {@link Base64.OutputStream} in ENCODE mode.
+         *
+         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
+         * @since 1.3
+         */
+        public OutputStream( java.io.OutputStream out )
+        {
+            this( out, ENCODE );
+        }   // end constructor
+
+        /**
+         * Constructs a {@link Base64.OutputStream} in
+         * either ENCODE or DECODE mode.
+         * <p>
+         * Valid options:<pre>
+         *   ENCODE or DECODE: Encode or Decode as data is read.
+         *   DONT_BREAK_LINES: don't break lines at 76 characters
+         *     (only meaningful when encoding)
+         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+         * </pre>
+         * <p>
+         * Example: <code>new Base64.OutputStream( out, Base64.ENCODE )</code>
+         *
+         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
+         * @param options Specified options.
+         * @see Base64#ENCODE
+         * @see Base64#DECODE
+         * @see Base64#DONT_BREAK_LINES
+         * @since 1.3
+         */
+        public OutputStream( java.io.OutputStream out, int options )
+        {
+            super( out );
+            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
+            this.encode       = (options & ENCODE) == ENCODE;
+            this.bufferLength = encode ? 3 : 4;
+            this.buffer       = new byte[ bufferLength ];
+            this.position     = 0;
+            this.lineLength   = 0;
+            this.suspendEncoding = false;
+            this.b4           = new byte[4];
+            this.options      = options;
+            this.decodabet    = getDecodabet(options);
+        }   // end constructor
+
+        /**
+         * Writes the byte to the output stream after
+         * converting to/from Base64 notation.
+         * When encoding, bytes are buffered three
+         * at a time before the output stream actually
+         * gets a write() call.
+         * When decoding, bytes are buffered four
+         * at a time.
+         *
+         * @param theByte the byte to write
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public void write(int theByte) throws java.io.IOException
+        {
+            // Encoding suspended?
+            if( suspendEncoding )
+            {
+                super.out.write( theByte );
+                return;
+            }   // end if: supsended
+
+            // Encode?
+            if( encode )
+            {
+                buffer[ position++ ] = (byte)theByte;
+                if( position >= bufferLength )  // Enough to encode.
+                {
+                    out.write( encode3to4( b4, buffer, bufferLength, options ) );
+
+                    lineLength += 4;
+                    if( breakLines && lineLength >= MAX_LINE_LENGTH )
+                    {
+                        out.write( NEW_LINE );
+                        lineLength = 0;
+                    }   // end if: end of line
+
+                    position = 0;
+                }   // end if: enough to output
+            }   // end if: encoding
+
+            // Else, Decoding
+            else
+            {
+                // Meaningful Base64 character?
+                if( decodabet[ theByte & 0x7f ] > WHITE_SPACE_ENC )
+                {
+                    buffer[ position++ ] = (byte)theByte;
+                    if( position >= bufferLength )  // Enough to output.
+                    {
+                        int len = Base64.decode4to3( buffer, 0, b4, 0, options );
+                        out.write( b4, 0, len );
+                        //out.write( Base64.decode4to3( buffer ) );
+                        position = 0;
+                    }   // end if: enough to output
+                }   // end if: meaningful base64 character
+                else if( decodabet[ theByte & 0x7f ] != WHITE_SPACE_ENC )
+                {
+                    throw new java.io.IOException( "Invalid character in Base64 data." );
+                }   // end else: not white space either
+            }   // end else: decoding
+        }   // end write
+
+        /**
+         * Calls {@link #write(int)} repeatedly until <var>len</var>
+         * bytes are written.
+         *
+         * @param theBytes array from which to read bytes
+         * @param off offset for array
+         * @param len max number of bytes to read into array
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public void write( byte[] theBytes, int off, int len ) throws java.io.IOException
+        {
+            // Encoding suspended?
+            if( suspendEncoding )
+            {
+                super.out.write( theBytes, off, len );
+                return;
+            }   // end if: supsended
+
+            for( int i = 0; i < len; i++ )
+            {
+                write( theBytes[ off + i ] );
+            }   // end for: each byte written
+
+        }   // end write
+
+        /**
+         * Method added by PHIL. [Thanks, PHIL. -Rob]
+         * This pads the buffer without closing the stream.
+         * @throws java.io.IOException
+         */
+        public void flushBase64() throws java.io.IOException
+        {
+            if( position > 0 )
+            {
+                if( encode )
+                {
+                    out.write( encode3to4( b4, buffer, position, options ) );
+                    position = 0;
+                }   // end if: encoding
+                else
+                {
+                    throw new java.io.IOException( "Base64 input not properly padded." );
+                }   // end else: decoding
+            }   // end if: buffer partially full
+
+        }   // end flush
+
+        /**
+         * Flushes and closes (I think, in the superclass) the stream.
+         *
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public void close() throws java.io.IOException
+        {
+            // 1. Ensure that pending characters are written
+            flushBase64();
+
+            // 2. Actually close the stream
+            // Base class both flushes and closes.
+            super.close();
+
+            buffer = null;
+            out    = null;
+        }   // end close
+
+        /**
+         * Suspends encoding of the stream.
+         * May be helpful if you need to embed a piece of
+         * base640-encoded data in a stream.
+         *
+         * @throws java.io.IOException
+         * @since 1.5.1
+         */
+        public void suspendEncoding() throws java.io.IOException
+        {
+            flushBase64();
+            this.suspendEncoding = true;
+        }   // end suspendEncoding
+
+        /**
+         * Resumes encoding of the stream.
+         * May be helpful if you need to embed a piece of
+         * base640-encoded data in a stream.
+         *
+         * @since 1.5.1
+         */
+        public void resumeEncoding()
+        {
+            this.suspendEncoding = false;
+        }   // end resumeEncoding
+
+    }   // end inner class OutputStream
+
+}   // end class Base64
diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index 9e5d0af19..9ffb60f32 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -1,181 +1,199 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP) Enterprise Security API
- * (ESAPI) project. For details, please see <a
- * href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- * 
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the LICENSE
- * before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-/**
- * Implementation of the Codec interface for backslash encoding used in CSS.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class CSSCodec extends Codec
-{
-	private static final Character REPLACEMENT = '\ufffd';
-
-
-    /**
-	 * {@inheritDoc}
-	 *
-     * Returns backslash encoded character.
-     *
-     * @param immune
-     */
-    public String encodeCharacter(char[] immune, Character c) {
-		// check for immune characters
-		if ( containsCharacter(c, immune ) ) {
-			return ""+c;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
-		if ( hex == null ) {
-			return ""+c;
-		}
-		
-		// return the hex and end in whitespace to terminate
-        return "\\" + hex + " ";
-    }
-
-    
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index,
-	 * or null if no decoding is possible.
-	 */
-	public Character decodeCharacter(PushbackString input)
-	{
-		input.mark();
-		Character first = input.next();
-		if (first == null || first != '\\')
-		{
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if (second == null) {
-			input.reset();
-			return null;
-		}
-
-		/* From css 2.1 spec:
-		 * http://www.w3.org/TR/CSS21/syndata.html#characters
-		 *
-		 * First, inside a string, a backslash followed by a
-		 * newline is ignored (i.e., the string is deemed not
-		 * to contain either the backslash or the newline).
-		 *
-		 * Second, it cancels the meaning of special CSS
-		 * characters. Except within CSS comments, any character
-		 * (except a hexadecimal digit, linefeed, carriage return,
-		 * or form feed) can be escaped with a backslash to
-		 * remove its special meaning. For example, "\"" is a string
-		 * consisting of one double quote. Style sheet
-		 * preprocessors must not remove these backslashes
-		 * from a style sheet since that would change the style
-		 * sheet's meaning.
-		 *
-		 * Third, backslash escapes allow authors to refer to
-		 * characters they cannot easily put in a document. In
-		 * this case, the backslash is followed by at most six
-		 * hexadecimal digits (0..9A..F), which stand for the ISO
-		 * 10646 ([ISO10646]) character with that number, which
-		 * must not be zero. (It is undefined in CSS 2.1 what
-		 * happens if a style sheet does contain a character with
-		 * Unicode codepoint zero.) If a character in the range
-		 * [0-9a-fA-F] follows the hexadecimal number, the end
-		 * of the number needs to be made clear. There are two
-		 * ways to do that:
-		 *
-		 *	1. with a space (or other white space character):
-		 *	"\26 B" ("&B"). In this case, user agents should
-		 *	treat a "CR/LF" pair (U+000D/U+000A) as a single
-		 *	white space character.
-		 *
-		 *	2. by providing exactly 6 hexadecimal digits:
-		 *	"\000026B" ("&B")
-		 *
-		 * In fact, these two methods may be combined. Only one
-		 * white space character is ignored after a hexadecimal
-		 * escape. Note that this means that a "real" space
-		 * after the escape sequence must itself either be
-		 * escaped or doubled.
-		 *
-		 * If the number is outside the range allowed by Unicode
-		 * (e.g., "\110000" is above the maximum 10FFFF allowed in
-		 * current Unicode), the UA may replace the escape with
-		 * the "replacement character" (U+FFFD). If the character
-		 * is to be displayed, the UA should show a visible
-		 * symbol, such as a "missing character" glyph (cf. 15.2,
-		 * point 5).
-		 */
-
-		switch(second)
-		{	// special whitespace cases. I assume they mean
-			// for all of these to qualify as a "new
-			// line." Otherwise there is no specification
-			// of what to do for \f
-			case '\r':
-				if(input.peek('\n'))
-					input.next();
-				// fall through
-			case '\n':
-			case '\f':
-				// bs follwed by new line replaced by nothing
-			case '\u0000':	// skip NUL for now too
-				return decodeCharacter(input);
-		}
-
-		if (!PushbackString.isHexDigit(second))
-		{	// non hex digit
-			return second;
-		}
-
-		// Search for up to 6 hex digits following until a space
-		StringBuilder sb = new StringBuilder();
-		sb.append(second);
-		for (int i = 0; i < 5; i++)
-		{
-			Character c = input.next();
-			if(c == null || Character.isWhitespace(c))
-				break;
-			if(PushbackString.isHexDigit(c))
-				sb.append(c);
-			else
-			{
-				input.pushback(c);
-				break;
-			}
-		}
-		try
-		{
-			// parse the hex digit and create a character
-			int i = Integer.parseInt(sb.toString(), 16);
-	
-			if (Character.isValidCodePoint(i))
-				return (char)i;
-			return REPLACEMENT;
-		}
-		catch (NumberFormatException e)
-		{
-			throw new IllegalStateException("Received a NumberFormateException parsing a string verified to be hex", e);
-        	}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP) Enterprise Security API
+ * (ESAPI) project. For details, please see <a
+ * href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the LICENSE
+ * before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import java.util.regex.Pattern;
+
+import org.owasp.esapi.codecs.ref.EncodingPatternPreservation;
+
+/**
+ * Implementation of the Codec interface for backslash encoding used in CSS.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class CSSCodec extends AbstractCharacterCodec
+{
+    private static final Character REPLACEMENT = '\ufffd';
+    //rgb (###,###,###) OR rgb(###%,###%,###%)
+    //([rR][gG][bB])\s*\(\s*\d{1,3}\s*(\%)?\s*,\s*\d{1,3}\s*(\%)?\s*,\s*\d{1,3}\s*(\%)?\s*\)
+    private static final String RGB_TRPLT = "([rR][gG][bB])\\s*\\(\\s*\\d{1,3}\\s*(\\%)?\\s*,\\s*\\d{1,3}\\s*(\\%)?\\s*,\\s*\\d{1,3}\\s*(\\%)?\\s*\\)";
+    private static final Pattern RGB_TRPLT_PATTERN = Pattern.compile(RGB_TRPLT);
+
+    @Override
+    public String encode(char[] immune, String input) {
+         EncodingPatternPreservation tripletCheck = new EncodingPatternPreservation(RGB_TRPLT_PATTERN);
+
+         String inputChk = tripletCheck.captureAndReplaceMatches(input);
+
+         String result = super.encode(immune, inputChk);
+
+         return tripletCheck.restoreOriginalContent(result);
+    }
+    /**
+     * {@inheritDoc}
+     *
+     * Returns backslash encoded character.
+     *
+     * @param immune
+     */
+    public String encodeCharacter(char[] immune, Character c) {
+        // check for immune characters
+        if ( containsCharacter(c, immune ) ) {
+            return ""+c;
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric(c);
+        if ( hex == null ) {
+            return ""+c;
+        }
+
+        // return the hex and end in whitespace to terminate
+        return "\\" + hex + " ";
+    }
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns the decoded version of the character starting at index,
+     * or null if no decoding is possible.
+     */
+    @SuppressWarnings("fallthrough")
+    public Character decodeCharacter(PushbackSequence<Character> input)
+    {
+        input.mark();
+        Character first = input.next();
+        if (first == null || first != '\\')
+        {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        if (second == null) {
+            input.reset();
+            return null;
+        }
+
+        /* From css 2.1 spec:
+         * http://www.w3.org/TR/CSS21/syndata.html#characters
+         *
+         * First, inside a string, a backslash followed by a
+         * newline is ignored (i.e., the string is deemed not
+         * to contain either the backslash or the newline).
+         *
+         * Second, it cancels the meaning of special CSS
+         * characters. Except within CSS comments, any character
+         * (except a hexadecimal digit, linefeed, carriage return,
+         * or form feed) can be escaped with a backslash to
+         * remove its special meaning. For example, "\"" is a string
+         * consisting of one double quote. Style sheet
+         * preprocessors must not remove these backslashes
+         * from a style sheet since that would change the style
+         * sheet's meaning.
+         *
+         * Third, backslash escapes allow authors to refer to
+         * characters they cannot easily put in a document. In
+         * this case, the backslash is followed by at most six
+         * hexadecimal digits (0..9A..F), which stand for the ISO
+         * 10646 ([ISO10646]) character with that number, which
+         * must not be zero. (It is undefined in CSS 2.1 what
+         * happens if a style sheet does contain a character with
+         * Unicode codepoint zero.) If a character in the range
+         * [0-9a-fA-F] follows the hexadecimal number, the end
+         * of the number needs to be made clear. There are two
+         * ways to do that:
+         *
+         *    1. with a space (or other white space character):
+         *    "\26 B" ("&B"). In this case, user agents should
+         *    treat a "CR/LF" pair (U+000D/U+000A) as a single
+         *    white space character.
+         *
+         *    2. by providing exactly 6 hexadecimal digits:
+         *    "\000026B" ("&B")
+         *
+         * In fact, these two methods may be combined. Only one
+         * white space character is ignored after a hexadecimal
+         * escape. Note that this means that a "real" space
+         * after the escape sequence must itself either be
+         * escaped or doubled.
+         *
+         * If the number is outside the range allowed by Unicode
+         * (e.g., "\110000" is above the maximum 10FFFF allowed in
+         * current Unicode), the UA may replace the escape with
+         * the "replacement character" (U+FFFD). If the character
+         * is to be displayed, the UA should show a visible
+         * symbol, such as a "missing character" glyph (cf. 15.2,
+         * point 5).
+         */
+
+        switch(second)
+        {    // special whitespace cases. I assume they mean
+            // for all of these to qualify as a "new
+            // line." Otherwise there is no specification
+            // of what to do for \f
+            case '\r':
+                if(input.peek('\n'))
+                    input.next();
+                // fall through
+            case '\n':  // Intentional fall through
+            case '\f':  // Intentional fall through
+                // bs followed by new line replaced by nothing
+            case '\u0000':    // skip NUL for now too
+                return decodeCharacter(input);
+        }
+
+        if (!PushbackString.isHexDigit(second))
+        {    // non hex digit
+            return second;
+        }
+
+        // Search for up to 6 hex digits following until a space
+        StringBuilder sb = new StringBuilder();
+        sb.append(second);
+        for (int i = 0; i < 5; i++)
+        {
+            Character c = input.next();
+            if(c == null || Character.isWhitespace(c))
+                break;
+            if(PushbackString.isHexDigit(c))
+                sb.append(c);
+            else
+            {
+                input.pushback(c);
+                break;
+            }
+        }
+        try
+        {
+            // parse the hex digit and create a character
+            int i = Integer.parseInt(sb.toString(), 16);
+
+            if (Character.isValidCodePoint(i))
+                return (char)i;
+            return REPLACEMENT;
+        }
+        catch (NumberFormatException e)
+        {
+            throw new IllegalStateException("Received a NumberFormateException parsing a string verified to be hex", e);
+            }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index 8e5fac8a3..b46de6d5d 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -1,159 +1,145 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
- * such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding
- * and canonicalization.  The design of these codecs allows for character-by-character decoding, which is
- * necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques
- * used by attackers to bypass validation and bury encoded attacks in data.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public abstract class Codec {
-
-	/**
-	 * Initialize an array to mark which characters are to be encoded. Store the hex
-	 * string for that character to save time later. If the character shouldn't be
-	 * encoded, then store null.
-	 */
-	private static final String[] hex = new String[256];
-
-	static {
-		for ( char c = 0; c < 0xFF; c++ ) {
-			if ( c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) {
-				hex[c] = null;
-			} else {
-				hex[c] = toHex(c).intern();
-			}
-		}
-	}
-
-
-	/**
-	 * Default constructor
-	 */
-	public Codec() {
-	}
-
-	/**
-	 * Encode a String so that it can be safely used in a specific context.
-	 * 
-	 * @param immune
-	 * @param input
-	 * 		the String to encode
-	 * @return the encoded String
-	 */
-	public String encode(char[] immune, String input) {
-		StringBuilder sb = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			sb.append(encodeCharacter(immune, c));
-		}
-		return sb.toString();
-	}
-
-	/**
-	 * Default implementation that should be overridden in specific codecs.
-	 * 
-	 * @param immune
-	 * @param c
-	 * 		the Character to encode
-	 * @return
-	 * 		the encoded Character
-	 */
-	public String encodeCharacter( char[] immune, Character c ) {
-		return ""+c;
-	}
-
-	/**
-	 * Decode a String that was encoded using the encode method in this Class
-	 * 
-	 * @param input
-	 * 		the String to decode
-	 * @return
-	 *		the decoded String
-	 */
-	public String decode(String input) {
-		StringBuilder sb = new StringBuilder();
-		PushbackString pbs = new PushbackString(input);
-		while (pbs.hasNext()) {
-			Character c = decodeCharacter(pbs);
-			if (c != null) {
-				sb.append(c);
-			} else {
-				sb.append(pbs.next());
-			}
-		}
-		return sb.toString();
-	}
-
-	/**
-	 * Returns the decoded version of the next character from the input string and advances the
-	 * current character in the PushbackString.  If the current character is not encoded, this 
-	 * method MUST reset the PushbackString.
-	 * 
-	 * @param input	the Character to decode
-	 * 
-	 * @return the decoded Character
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		return input.next();
-	}
-
-	/**
-	 * Lookup the hex value of any character that is not alphanumeric.
-	 * @param c The character to lookup.
-	 * @return, return null if alphanumeric or the character code
-	 * 	in hex.
-	 */
-	public static String getHexForNonAlphanumeric(char c)
-	{
-		if(c<0xFF)
-			return hex[c];
-		return toHex(c);
-	}
-
-	public static String toOctal(char c)
-	{
-		return Integer.toOctalString(c);
-	}
-
-	public static String toHex(char c)
-	{
-		return Integer.toHexString(c);
-	}
-
-	/**
-	 * Utility to search a char[] for a specific char.
-	 * 
-	 * @param c
-	 * @param array
-	 * @return
-	 */
-	public static boolean containsCharacter( char c, char[] array ) {
-		for (char ch : array) {
-			if (c == ch) return true;
-		}
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
+ * such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding
+ * and canonicalization.  The design of these codecs allows for character-by-character decoding, which is
+ * necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques
+ * used by attackers to bypass validation and bury encoded attacks in data.
+ * </p><p>
+ * Other than the interfaces, very few of these concrete classes are intended to be used directly.
+ * Rather, most of them are used through implementations of the {@link org.owasp.esapi.Encoder}
+ * interface. While the OWASP team over the years have made every effort to be extra cautious, the
+ * various {@code Codec} implementations can offer NO GUARANTEE of safety if the client is
+ * using these {@code Codec} classes <i>directly</i>. Therefore, if the client is using
+ * these classes directly, it is highly advised to practice security-in-depth
+ * and also perform canonicalization, followed by strict input validation, both
+ * prior to encoding and after decoding, to protect your application from input-based
+ * attacks.
+ * </p>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @since June 1, 2017
+ * @see org.owasp.esapi.Encoder
+ * @see org.owasp.esapi.Validator
+ */
+public interface Codec<T> {
+    /**
+     * Encode a String so that it can be safely used in a specific context.
+     *
+     * @param immune
+     * @param input
+     *         the String to encode
+     * @return the encoded String
+     */
+    public String encode(char[] immune, String input);
+
+    /**
+     * Default implementation that should be overridden in specific codecs.
+     *
+     * @param immune
+     *         array of chars to NOT encode.  Use with caution.
+     * @param c
+     *         the Character to encode
+     * @return
+     *         the encoded Character
+     */
+    public String encodeCharacter( char[] immune, Character c );
+
+    /**
+     * Default codepoint implementation that should be overridden in specific codecs.
+     *
+     * @param immune
+     * @param codePoint
+     *         the integer to encode
+     * @return
+     *         the encoded Character
+     */
+    public String encodeCharacter( char[] immune, int codePoint );
+
+    /**
+     * Decode a String that was encoded using the encode method in this Class
+     *
+     * @param input
+     *         the String to decode
+     * @return
+     *        the decoded String
+     */
+    public String decode(String input);
+
+    /**
+     * Returns the decoded version of the next character from the input string and advances the
+     * current character in the {@code PushbackSequence}.  If the current character is not encoded, this
+     * method <i>MUST</i> reset the {@code PushbackString}.
+     *
+     * @param input    the Character to decode
+     *
+     * @return the decoded Character
+     */
+    public T decodeCharacter( PushbackSequence<T> input );
+
+    /**
+     * Lookup the hex value of any character that is not alphanumeric.
+     * @param c The character to lookup.
+     * @return return null if alphanumeric or the character code in hex.
+     */
+    public String getHexForNonAlphanumeric(char c);
+
+    /**
+     * Lookup the hex value of any character that is not alphanumeric.
+     * @param c The character to lookup.
+     * @return return null if alphanumeric or the character code in hex.
+     */
+    public String getHexForNonAlphanumeric(int c);
+
+    /**
+     * Convert the {@code char} parameter to its octal representation.
+     * @param c the character for which to return the new representation.
+     * @return the octal representation.
+     */
+    public String toOctal(char c);
+
+    /**
+     * Convert the {@code char} parameter to its hexadecimal representation.
+     * @param c the character for which to return the new representation.
+     * @return the hexadecimal representation.
+     */
+    public String toHex(char c);
+
+    /**
+     * Convert the {@code int} parameter to its hexadecimal representation.
+     * @param c the character for which to return the new representation.
+     * @return the hexadecimal representation.
+     */
+    public String toHex(int c);
+
+    /**
+     * Utility to search a char[] for a specific char.
+     *
+     * @param c
+     * @param array
+     * @return True if the supplied array contains the specified character. False otherwise.
+     */
+    public boolean containsCharacter( char c, char[] array );
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
index a99818c27..61d1f70cd 100644
--- a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
@@ -1,68 +1,81 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for DB2 strings. This function will only protect you from SQLi in limited situations.
- * 
- * @author Sivasankar Tanakala (stanakal@TRS.NYC.NY.US)
- * @since October 26, 2010
- * @see org.owasp.esapi.Encoder
- */
-public class DB2Codec extends Codec {
-
-	public String encodeCharacter(char[] immune, Character c) {
-
-		if (c.charValue() == '\'')
-			return "\'\'";
-
-		if (c.charValue() == ';')
-			return ".";
-
-		return "" + c;
-	}
-
-	public Character decodeCharacter(PushbackString input) {
-
-		input.mark();
-		Character first = input.next();
-
-		if (first == null) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-
-		if (first.charValue() != '\'') {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-
-		if (second == null) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-		if (second.charValue() != '\'') {
-			input.reset();
-			return null;
-		}
-
-		return (Character.valueOf('\''));
-	}
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the Codec interface for IBM Db2 strings.
+ * This function will only protect you from SQLi in limited situations.
+ * To improve your chances of success, you made also need to do some
+ * additional canonicalization and input validation first. Before using this class,
+ * please be sure to read the "SECURITY WARNING" in
+ * {@link org.owasp.esapi.Encoder#encodeForSQL}
+ * before using this particular {@link org.owasp.esapi.codecs.Codec} and raising your hope of finding
+ * a silver bullet to kill all the SQLi werewolves.
+ *
+ * @author Sivasankar Tanakala (stanakal@TRS.NYC.NY.US)
+ * @since October 26, 2010
+ * @see org.owasp.esapi.Encoder
+ * @see <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf">
+ *              ESAPI Security Bulletin #13</a>
+ * @deprecated  This class is considered dangerous and not easily made safe and thus under strong
+ *              consideration to be removed within 1 years time after the 2.7.0.0 release. Please
+ *              see the referenced ESAPI Security Bulletin #13 for further details.
+ */
+@Deprecated
+public class DB2Codec extends AbstractCharacterCodec {
+
+    public String encodeCharacter(char[] immune, Character c) {
+
+        if (c.charValue() == '\'')
+            return "\'\'";
+
+        if (c.charValue() == ';')
+            return ".";
+
+        return "" + c;
+    }
+
+    public Character decodeCharacter(PushbackString input) {
+
+        input.mark();
+        Character first = input.next();
+
+        if (first == null) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+
+        if (first.charValue() != '\'') {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+
+        if (second == null) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if (second.charValue() != '\'') {
+            input.reset();
+            return null;
+        }
+
+        return (Character.valueOf('\''));
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index 36d5876a9..d71b6e536 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -1,550 +1,598 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import java.util.HashMap;
-import java.util.Collections;
-import java.util.Map;
-
-/**
- * Implementation of the Codec interface for HTML entity encoding.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class HTMLEntityCodec extends Codec
-{
-	private static final char REPLACEMENT_CHAR = '\ufffd';
-	private static final String REPLACEMENT_HEX = "fffd";
-	private static final String REPLACEMENT_STR = "" + REPLACEMENT_CHAR;
-	private static final Map<Character,String> characterToEntityMap = mkCharacterToEntityMap();
-
-	private static final Trie<Character> entityToCharacterTrie = mkEntityToCharacterTrie();
-
-    /**
-     *
-     */
-    public HTMLEntityCodec() {
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-     * Encodes a Character for safe use in an HTML entity field.
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-
-		// check for immune characters
-		if ( containsCharacter(c, immune ) ) {
-			return ""+c;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
-		if ( hex == null ) {
-			return ""+c;
-		}
-		
-		// check for illegal characters
-		if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
-		{
-			hex = REPLACEMENT_HEX;	// Let's entity encode this instead of returning it
-			c = REPLACEMENT_CHAR;
-		}
-		
-		// check if there's a defined entity
-		String entityName = (String) characterToEntityMap.get(c);
-		if (entityName != null) {
-			return "&" + entityName + ";";
-		}
-		
-		// return the hex entity as suggested in the spec
-		return "&#x" + hex + ";";
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal both with and without semi-colon, upper/lower case:
-	 *   &#dddd;
-	 *   &#xhhhh;
-	 *   &name;
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if (first != '&' ) {
-			input.reset();
-			return null;
-		}
-		
-		// test for numeric encodings
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		if (second == '#' ) {
-			// handle numbers
-			Character c = getNumericEntity( input );
-			if ( c != null ) return c;
-		} else if ( Character.isLetter( second.charValue() ) ) {
-			// handle entities
-			input.pushback( second );
-			Character c = getNamedEntity( input );
-			if ( c != null ) return c;
-		}
-		input.reset();
-		return null;
-	}
-	
-	/**
-	 * getNumericEntry checks input to see if it is a numeric entity
-	 * 
-	 * @param input
-	 * 			The input to test for being a numeric entity
-	 *  
-	 * @return
-	 * 			null if input is null, the character of input after decoding
-	 */
-	private Character getNumericEntity( PushbackString input ) {
-		Character first = input.peek();
-		if ( first == null ) return null;
-
-		if (first == 'x' || first == 'X' ) {
-			input.next();
-			return parseHex( input );
-		}
-		return parseNumber( input );
-	}
-
-	/**
-	 * Parse a decimal number, such as those from JavaScript's String.fromCharCode(value)
-	 * 
-	 * @param input
-	 * 			decimal encoded string, such as 65
-	 * @return
-	 * 			character representation of this decimal value, e.g. A 
-	 * @throws NumberFormatException
-	 */
-	private Character parseNumber( PushbackString input ) {
-		StringBuilder sb = new StringBuilder();
-		while( input.hasNext() ) {
-			Character c = input.peek();
-			
-			// if character is a digit then add it on and keep going
-			if ( Character.isDigit( c.charValue() ) ) {
-				sb.append( c );
-				input.next();
-				
-			// if character is a semi-colon, eat it and quit
-			} else if (c == ';' ) {
-				input.next();
-				break;
-				
-			// otherwise just quit
-			} else {
-				break;
-			}
-		}
-		try {
-			int i = Integer.parseInt(sb.toString());
-            if (Character.isValidCodePoint(i)) {
-                return (char) i;
-            }
-		} catch( NumberFormatException e ) {
-			// throw an exception for malformed entity?
-		}
-			return null;
-		}
-	
-	/**
-	 * Parse a hex encoded entity
-	 * 
-	 * @param input
-	 * 			Hex encoded input (such as 437ae;)
-	 * @return
-	 * 			A single character from the string
-	 * @throws NumberFormatException
-	 */
-	private Character parseHex( PushbackString input ) {
-		StringBuilder sb = new StringBuilder();
-		while( input.hasNext() ) {
-			Character c = input.peek();
-			
-			// if character is a hex digit then add it on and keep going
-			if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
-				sb.append( c );
-				input.next();
-				
-			// if character is a semi-colon, eat it and quit
-			} else if (c == ';' ) {
-				input.next();
-				break;
-				
-			// otherwise just quit
-			} else {
-				break;
-			}
-		}
-		try {
-			int i = Integer.parseInt(sb.toString(), 16);
-            if (Character.isValidCodePoint(i)) {
-                return (char) i;
-            }
-		} catch( NumberFormatException e ) {
-			// throw an exception for malformed entity?
-		}
-			return null;
-		}
-	
-	/**
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal both with and without semi-colon, upper/lower case:
-	 *   &aa;
-	 *   &aaa;
-	 *   &aaaa;
-	 *   &aaaaa;
-	 *   &aaaaaa;
-	 *   &aaaaaaa;
-	 *
-	 * @param input
-	 * 		A string containing a named entity like &quot;
-	 * @return
-	 * 		Returns the decoded version of the character starting at index, or null if no decoding is possible.
-	 */
-	private Character getNamedEntity( PushbackString input ) {
-		StringBuilder possible = new StringBuilder();
-		Map.Entry<CharSequence,Character> entry;
-		int len;
-		
-		// kludge around PushbackString....
-		len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
-		for(int i=0;i<len;i++)
-			possible.append(Character.toLowerCase(input.next()));
-
-		// look up the longest match
-		entry = entityToCharacterTrie.getLongestMatch(possible);
-		if(entry == null)
-			return null;	// no match, caller will reset input
-
-		// fixup input
-		input.reset();
-		input.next();	// read &
-		len = entry.getKey().length();	// what matched's length
-		for(int i=0;i<len;i++)
-			input.next();
-
-		// check for a trailing semicolen
-		if(input.peek(';'))
-			input.next();
-
-		return entry.getValue();
-	}
-
-	/**
-	 * Build a unmodifiable Map from entity Character to Name.
-	 * @return Unmodifiable map.
-	 */
-	private static synchronized Map<Character,String> mkCharacterToEntityMap()
-	{
-		Map<Character, String> map = new HashMap<Character,String>(252);
-
-		map.put((char)34,	"quot");	/* quotation mark */
-		map.put((char)38,	"amp");		/* ampersand */
-		map.put((char)60,	"lt");		/* less-than sign */
-		map.put((char)62,	"gt");		/* greater-than sign */
-		map.put((char)160,	"nbsp");	/* no-break space */
-		map.put((char)161,	"iexcl");	/* inverted exclamation mark */
-		map.put((char)162,	"cent");	/* cent sign */
-		map.put((char)163,	"pound");	/* pound sign */
-		map.put((char)164,	"curren");	/* currency sign */
-		map.put((char)165,	"yen");		/* yen sign */
-		map.put((char)166,	"brvbar");	/* broken bar */
-		map.put((char)167,	"sect");	/* section sign */
-		map.put((char)168,	"uml");		/* diaeresis */
-		map.put((char)169,	"copy");	/* copyright sign */
-		map.put((char)170,	"ordf");	/* feminine ordinal indicator */
-		map.put((char)171,	"laquo");	/* left-pointing double angle quotation mark */
-		map.put((char)172,	"not");		/* not sign */
-		map.put((char)173,	"shy");		/* soft hyphen */
-		map.put((char)174,	"reg");		/* registered sign */
-		map.put((char)175,	"macr");	/* macron */
-		map.put((char)176,	"deg");		/* degree sign */
-		map.put((char)177,	"plusmn");	/* plus-minus sign */
-		map.put((char)178,	"sup2");	/* superscript two */
-		map.put((char)179,	"sup3");	/* superscript three */
-		map.put((char)180,	"acute");	/* acute accent */
-		map.put((char)181,	"micro");	/* micro sign */
-		map.put((char)182,	"para");	/* pilcrow sign */
-		map.put((char)183,	"middot");	/* middle dot */
-		map.put((char)184,	"cedil");	/* cedilla */
-		map.put((char)185,	"sup1");	/* superscript one */
-		map.put((char)186,	"ordm");	/* masculine ordinal indicator */
-		map.put((char)187,	"raquo");	/* right-pointing double angle quotation mark */
-		map.put((char)188,	"frac14");	/* vulgar fraction one quarter */
-		map.put((char)189,	"frac12");	/* vulgar fraction one half */
-		map.put((char)190,	"frac34");	/* vulgar fraction three quarters */
-		map.put((char)191,	"iquest");	/* inverted question mark */
-		map.put((char)192,	"Agrave");	/* Latin capital letter a with grave */
-		map.put((char)193,	"Aacute");	/* Latin capital letter a with acute */
-		map.put((char)194,	"Acirc");	/* Latin capital letter a with circumflex */
-		map.put((char)195,	"Atilde");	/* Latin capital letter a with tilde */
-		map.put((char)196,	"Auml");	/* Latin capital letter a with diaeresis */
-		map.put((char)197,	"Aring");	/* Latin capital letter a with ring above */
-		map.put((char)198,	"AElig");	/* Latin capital letter ae */
-		map.put((char)199,	"Ccedil");	/* Latin capital letter c with cedilla */
-		map.put((char)200,	"Egrave");	/* Latin capital letter e with grave */
-		map.put((char)201,	"Eacute");	/* Latin capital letter e with acute */
-		map.put((char)202,	"Ecirc");	/* Latin capital letter e with circumflex */
-		map.put((char)203,	"Euml");	/* Latin capital letter e with diaeresis */
-		map.put((char)204,	"Igrave");	/* Latin capital letter i with grave */
-		map.put((char)205,	"Iacute");	/* Latin capital letter i with acute */
-		map.put((char)206,	"Icirc");	/* Latin capital letter i with circumflex */
-		map.put((char)207,	"Iuml");	/* Latin capital letter i with diaeresis */
-		map.put((char)208,	"ETH");		/* Latin capital letter eth */
-		map.put((char)209,	"Ntilde");	/* Latin capital letter n with tilde */
-		map.put((char)210,	"Ograve");	/* Latin capital letter o with grave */
-		map.put((char)211,	"Oacute");	/* Latin capital letter o with acute */
-		map.put((char)212,	"Ocirc");	/* Latin capital letter o with circumflex */
-		map.put((char)213,	"Otilde");	/* Latin capital letter o with tilde */
-		map.put((char)214,	"Ouml");	/* Latin capital letter o with diaeresis */
-		map.put((char)215,	"times");	/* multiplication sign */
-		map.put((char)216,	"Oslash");	/* Latin capital letter o with stroke */
-		map.put((char)217,	"Ugrave");	/* Latin capital letter u with grave */
-		map.put((char)218,	"Uacute");	/* Latin capital letter u with acute */
-		map.put((char)219,	"Ucirc");	/* Latin capital letter u with circumflex */
-		map.put((char)220,	"Uuml");	/* Latin capital letter u with diaeresis */
-		map.put((char)221,	"Yacute");	/* Latin capital letter y with acute */
-		map.put((char)222,	"THORN");	/* Latin capital letter thorn */
-		map.put((char)223,	"szlig");	/* Latin small letter sharp sXCOMMAX German Eszett */
-		map.put((char)224,	"agrave");	/* Latin small letter a with grave */
-		map.put((char)225,	"aacute");	/* Latin small letter a with acute */
-		map.put((char)226,	"acirc");	/* Latin small letter a with circumflex */
-		map.put((char)227,	"atilde");	/* Latin small letter a with tilde */
-		map.put((char)228,	"auml");	/* Latin small letter a with diaeresis */
-		map.put((char)229,	"aring");	/* Latin small letter a with ring above */
-		map.put((char)230,	"aelig");	/* Latin lowercase ligature ae */
-		map.put((char)231,	"ccedil");	/* Latin small letter c with cedilla */
-		map.put((char)232,	"egrave");	/* Latin small letter e with grave */
-		map.put((char)233,	"eacute");	/* Latin small letter e with acute */
-		map.put((char)234,	"ecirc");	/* Latin small letter e with circumflex */
-		map.put((char)235,	"euml");	/* Latin small letter e with diaeresis */
-		map.put((char)236,	"igrave");	/* Latin small letter i with grave */
-		map.put((char)237,	"iacute");	/* Latin small letter i with acute */
-		map.put((char)238,	"icirc");	/* Latin small letter i with circumflex */
-		map.put((char)239,	"iuml");	/* Latin small letter i with diaeresis */
-		map.put((char)240,	"eth");		/* Latin small letter eth */
-		map.put((char)241,	"ntilde");	/* Latin small letter n with tilde */
-		map.put((char)242,	"ograve");	/* Latin small letter o with grave */
-		map.put((char)243,	"oacute");	/* Latin small letter o with acute */
-		map.put((char)244,	"ocirc");	/* Latin small letter o with circumflex */
-		map.put((char)245,	"otilde");	/* Latin small letter o with tilde */
-		map.put((char)246,	"ouml");	/* Latin small letter o with diaeresis */
-		map.put((char)247,	"divide");	/* division sign */
-		map.put((char)248,	"oslash");	/* Latin small letter o with stroke */
-		map.put((char)249,	"ugrave");	/* Latin small letter u with grave */
-		map.put((char)250,	"uacute");	/* Latin small letter u with acute */
-		map.put((char)251,	"ucirc");	/* Latin small letter u with circumflex */
-		map.put((char)252,	"uuml");	/* Latin small letter u with diaeresis */
-		map.put((char)253,	"yacute");	/* Latin small letter y with acute */
-		map.put((char)254,	"thorn");	/* Latin small letter thorn */
-		map.put((char)255,	"yuml");	/* Latin small letter y with diaeresis */
-		map.put((char)338,	"OElig");	/* Latin capital ligature oe */
-		map.put((char)339,	"oelig");	/* Latin small ligature oe */
-		map.put((char)352,	"Scaron");	/* Latin capital letter s with caron */
-		map.put((char)353,	"scaron");	/* Latin small letter s with caron */
-		map.put((char)376,	"Yuml");	/* Latin capital letter y with diaeresis */
-		map.put((char)402,	"fnof");	/* Latin small letter f with hook */
-		map.put((char)710,	"circ");	/* modifier letter circumflex accent */
-		map.put((char)732,	"tilde");	/* small tilde */
-		map.put((char)913,	"Alpha");	/* Greek capital letter alpha */
-		map.put((char)914,	"Beta");	/* Greek capital letter beta */
-		map.put((char)915,	"Gamma");	/* Greek capital letter gamma */
-		map.put((char)916,	"Delta");	/* Greek capital letter delta */
-		map.put((char)917,	"Epsilon");	/* Greek capital letter epsilon */
-		map.put((char)918,	"Zeta");	/* Greek capital letter zeta */
-		map.put((char)919,	"Eta");		/* Greek capital letter eta */
-		map.put((char)920,	"Theta");	/* Greek capital letter theta */
-		map.put((char)921,	"Iota");	/* Greek capital letter iota */
-		map.put((char)922,	"Kappa");	/* Greek capital letter kappa */
-		map.put((char)923,	"Lambda");	/* Greek capital letter lambda */
-		map.put((char)924,	"Mu");		/* Greek capital letter mu */
-		map.put((char)925,	"Nu");		/* Greek capital letter nu */
-		map.put((char)926,	"Xi");		/* Greek capital letter xi */
-		map.put((char)927,	"Omicron");	/* Greek capital letter omicron */
-		map.put((char)928,	"Pi");		/* Greek capital letter pi */
-		map.put((char)929,	"Rho");		/* Greek capital letter rho */
-		map.put((char)931,	"Sigma");	/* Greek capital letter sigma */
-		map.put((char)932,	"Tau");		/* Greek capital letter tau */
-		map.put((char)933,	"Upsilon");	/* Greek capital letter upsilon */
-		map.put((char)934,	"Phi");		/* Greek capital letter phi */
-		map.put((char)935,	"Chi");		/* Greek capital letter chi */
-		map.put((char)936,	"Psi");		/* Greek capital letter psi */
-		map.put((char)937,	"Omega");	/* Greek capital letter omega */
-		map.put((char)945,	"alpha");	/* Greek small letter alpha */
-		map.put((char)946,	"beta");	/* Greek small letter beta */
-		map.put((char)947,	"gamma");	/* Greek small letter gamma */
-		map.put((char)948,	"delta");	/* Greek small letter delta */
-		map.put((char)949,	"epsilon");	/* Greek small letter epsilon */
-		map.put((char)950,	"zeta");	/* Greek small letter zeta */
-		map.put((char)951,	"eta");		/* Greek small letter eta */
-		map.put((char)952,	"theta");	/* Greek small letter theta */
-		map.put((char)953,	"iota");	/* Greek small letter iota */
-		map.put((char)954,	"kappa");	/* Greek small letter kappa */
-		map.put((char)955,	"lambda");	/* Greek small letter lambda */
-		map.put((char)956,	"mu");		/* Greek small letter mu */
-		map.put((char)957,	"nu");		/* Greek small letter nu */
-		map.put((char)958,	"xi");		/* Greek small letter xi */
-		map.put((char)959,	"omicron");	/* Greek small letter omicron */
-		map.put((char)960,	"pi");		/* Greek small letter pi */
-		map.put((char)961,	"rho");		/* Greek small letter rho */
-		map.put((char)962,	"sigmaf");	/* Greek small letter final sigma */
-		map.put((char)963,	"sigma");	/* Greek small letter sigma */
-		map.put((char)964,	"tau");		/* Greek small letter tau */
-		map.put((char)965,	"upsilon");	/* Greek small letter upsilon */
-		map.put((char)966,	"phi");		/* Greek small letter phi */
-		map.put((char)967,	"chi");		/* Greek small letter chi */
-		map.put((char)968,	"psi");		/* Greek small letter psi */
-		map.put((char)969,	"omega");	/* Greek small letter omega */
-		map.put((char)977,	"thetasym");	/* Greek theta symbol */
-		map.put((char)978,	"upsih");	/* Greek upsilon with hook symbol */
-		map.put((char)982,	"piv");		/* Greek pi symbol */
-		map.put((char)8194,	"ensp");	/* en space */
-		map.put((char)8195,	"emsp");	/* em space */
-		map.put((char)8201,	"thinsp");	/* thin space */
-		map.put((char)8204,	"zwnj");	/* zero width non-joiner */
-		map.put((char)8205,	"zwj");		/* zero width joiner */
-		map.put((char)8206,	"lrm");		/* left-to-right mark */
-		map.put((char)8207,	"rlm");		/* right-to-left mark */
-		map.put((char)8211,	"ndash");	/* en dash */
-		map.put((char)8212,	"mdash");	/* em dash */
-		map.put((char)8216,	"lsquo");	/* left single quotation mark */
-		map.put((char)8217,	"rsquo");	/* right single quotation mark */
-		map.put((char)8218,	"sbquo");	/* single low-9 quotation mark */
-		map.put((char)8220,	"ldquo");	/* left double quotation mark */
-		map.put((char)8221,	"rdquo");	/* right double quotation mark */
-		map.put((char)8222,	"bdquo");	/* double low-9 quotation mark */
-		map.put((char)8224,	"dagger");	/* dagger */
-		map.put((char)8225,	"Dagger");	/* double dagger */
-		map.put((char)8226,	"bull");	/* bullet */
-		map.put((char)8230,	"hellip");	/* horizontal ellipsis */
-		map.put((char)8240,	"permil");	/* per mille sign */
-		map.put((char)8242,	"prime");	/* prime */
-		map.put((char)8243,	"Prime");	/* double prime */
-		map.put((char)8249,	"lsaquo");	/* single left-pointing angle quotation mark */
-		map.put((char)8250,	"rsaquo");	/* single right-pointing angle quotation mark */
-		map.put((char)8254,	"oline");	/* overline */
-		map.put((char)8260,	"frasl");	/* fraction slash */
-		map.put((char)8364,	"euro");	/* euro sign */
-		map.put((char)8465,	"image");	/* black-letter capital i */
-		map.put((char)8472,	"weierp");	/* script capital pXCOMMAX Weierstrass p */
-		map.put((char)8476,	"real");	/* black-letter capital r */
-		map.put((char)8482,	"trade");	/* trademark sign */
-		map.put((char)8501,	"alefsym");	/* alef symbol */
-		map.put((char)8592,	"larr");	/* leftwards arrow */
-		map.put((char)8593,	"uarr");	/* upwards arrow */
-		map.put((char)8594,	"rarr");	/* rightwards arrow */
-		map.put((char)8595,	"darr");	/* downwards arrow */
-		map.put((char)8596,	"harr");	/* left right arrow */
-		map.put((char)8629,	"crarr");	/* downwards arrow with corner leftwards */
-		map.put((char)8656,	"lArr");	/* leftwards double arrow */
-		map.put((char)8657,	"uArr");	/* upwards double arrow */
-		map.put((char)8658,	"rArr");	/* rightwards double arrow */
-		map.put((char)8659,	"dArr");	/* downwards double arrow */
-		map.put((char)8660,	"hArr");	/* left right double arrow */
-		map.put((char)8704,	"forall");	/* for all */
-		map.put((char)8706,	"part");	/* partial differential */
-		map.put((char)8707,	"exist");	/* there exists */
-		map.put((char)8709,	"empty");	/* empty set */
-		map.put((char)8711,	"nabla");	/* nabla */
-		map.put((char)8712,	"isin");	/* element of */
-		map.put((char)8713,	"notin");	/* not an element of */
-		map.put((char)8715,	"ni");		/* contains as member */
-		map.put((char)8719,	"prod");	/* n-ary product */
-		map.put((char)8721,	"sum");		/* n-ary summation */
-		map.put((char)8722,	"minus");	/* minus sign */
-		map.put((char)8727,	"lowast");	/* asterisk operator */
-		map.put((char)8730,	"radic");	/* square root */
-		map.put((char)8733,	"prop");	/* proportional to */
-		map.put((char)8734,	"infin");	/* infinity */
-		map.put((char)8736,	"ang");		/* angle */
-		map.put((char)8743,	"and");		/* logical and */
-		map.put((char)8744,	"or");		/* logical or */
-		map.put((char)8745,	"cap");		/* intersection */
-		map.put((char)8746,	"cup");		/* union */
-		map.put((char)8747,	"int");		/* integral */
-		map.put((char)8756,	"there4");	/* therefore */
-		map.put((char)8764,	"sim");		/* tilde operator */
-		map.put((char)8773,	"cong");	/* congruent to */
-		map.put((char)8776,	"asymp");	/* almost equal to */
-		map.put((char)8800,	"ne");		/* not equal to */
-		map.put((char)8801,	"equiv");	/* identical toXCOMMAX equivalent to */
-		map.put((char)8804,	"le");		/* less-than or equal to */
-		map.put((char)8805,	"ge");		/* greater-than or equal to */
-		map.put((char)8834,	"sub");		/* subset of */
-		map.put((char)8835,	"sup");		/* superset of */
-		map.put((char)8836,	"nsub");	/* not a subset of */
-		map.put((char)8838,	"sube");	/* subset of or equal to */
-		map.put((char)8839,	"supe");	/* superset of or equal to */
-		map.put((char)8853,	"oplus");	/* circled plus */
-		map.put((char)8855,	"otimes");	/* circled times */
-		map.put((char)8869,	"perp");	/* up tack */
-		map.put((char)8901,	"sdot");	/* dot operator */
-		map.put((char)8968,	"lceil");	/* left ceiling */
-		map.put((char)8969,	"rceil");	/* right ceiling */
-		map.put((char)8970,	"lfloor");	/* left floor */
-		map.put((char)8971,	"rfloor");	/* right floor */
-		map.put((char)9001,	"lang");	/* left-pointing angle bracket */
-		map.put((char)9002,	"rang");	/* right-pointing angle bracket */
-		map.put((char)9674,	"loz");		/* lozenge */
-		map.put((char)9824,	"spades");	/* black spade suit */
-		map.put((char)9827,	"clubs");	/* black club suit */
-		map.put((char)9829,	"hearts");	/* black heart suit */
-		map.put((char)9830,	"diams");	/* black diamond suit */
-
-		return Collections.unmodifiableMap(map);
-	}
-
-	/**
-	 * Build a unmodifiable Trie from entitiy Name to Character
-	 * @return Unmodifiable trie.
-	 */
-	private static synchronized Trie<Character> mkEntityToCharacterTrie()
-	{
-		Trie<Character> trie = new HashTrie<Character>();
-
-		for(Map.Entry<Character,String> entry : characterToEntityMap.entrySet())
-			trie.put(entry.getValue(),entry.getKey());
-		return Trie.Util.unmodifiable(trie);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import java.util.HashMap;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Map.Entry;
+
+/**
+ * Implementation of the Codec interface for HTML entity encoding.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ *
+ * @author Matt Seil (mseil .at. owasp.org) (mseil .at. owasp.org)
+ *
+ * @see org.owasp.esapi.Encoder
+ */
+public class HTMLEntityCodec extends AbstractIntegerCodec
+{
+    private static final char REPLACEMENT_CHAR = '\ufffd';
+    private static final String REPLACEMENT_HEX = "fffd";
+    private static final String REPLACEMENT_STR = "" + REPLACEMENT_CHAR;
+    private static final Map<Integer,String> characterToEntityMap = mkCharacterToEntityMap();
+
+    private static final Trie<Integer> entityToCharacterTrie = mkEntityToCharacterTrie();
+
+    /**
+     *
+     */
+    public HTMLEntityCodec() {
+    }
+
+    /**
+     * Given an array of {@code char}, scan the input {@code String} and encode unsafe
+     * codePoints, except for codePoints passed into the {@code char} array.
+     * <br/><br/>
+     * WARNING: This method will silently discard an invalid code point according to
+     * the result of {@code Character.isValidCodePoint( int )} method.
+     *
+     * {@inheritDoc}
+     */
+    @Override
+    public String encode(char[] immune, String input) {
+        StringBuilder sb = new StringBuilder();
+        for(int offset  = 0; offset < input.length(); ){
+            final int point = input.codePointAt(offset);
+            if(Character.isValidCodePoint(point)){
+                sb.append(encodeCharacter(immune, point));
+            }
+            offset += Character.charCount(point);
+        }
+        return sb.toString();
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Encodes a codePoint for safe use in an HTML entity field.
+     * @param immune
+     */
+    @Override
+    public String encodeCharacter( char[] immune, int codePoint ) {
+
+        // check for immune characters
+        // Cast the codePoint to a char because we want to limit immunity to the BMP field only.
+        if ( containsCharacter( (char) codePoint, immune ) && Character.isValidCodePoint(codePoint)) {
+            return new StringBuilder().appendCodePoint(codePoint).toString();
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric(codePoint);
+        if ( hex == null && Character.isValidCodePoint(codePoint)) {
+            return new StringBuilder().appendCodePoint(codePoint).toString();
+        }
+        // check for illegal characters
+        if ( ( codePoint <= 0x1f
+                && codePoint != '\t'
+                && codePoint != '\n'
+                && codePoint != '\r' )
+                || ( codePoint >= 0x7f && codePoint <= 0x9f ) )
+        {
+            hex = REPLACEMENT_HEX;    // Let's entity encode this instead of returning it
+            codePoint = REPLACEMENT_CHAR;
+        }
+
+        // check if there's a defined entity
+        String entityName = characterToEntityMap.get(codePoint);
+        if (entityName != null) {
+            return "&" + entityName + ";";
+        }
+
+        // return the hex entity as suggested in the spec
+        return "&#x" + hex + ";";
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Formats all are legal both with and without semicolon, upper/lower case:
+     *   &#dddd;
+     *   &#xhhhh;
+     *   &name;
+     */
+    public Integer decodeCharacter( PushbackSequence<Integer> input ) {
+        input.mark();
+        Integer first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if (first != '&' ) {
+            input.reset();
+            return null;
+        }
+
+        // test for numeric encodings
+        Integer second = input.next();
+        if ( second == null ) {
+            input.reset();
+            return null;
+        }
+
+        if (second == '#' ) {
+            // handle numbers
+            Integer c = getNumericEntity( input );
+            if ( c != null ) return c;
+        } else if ( Character.isLetter( second ) ) {
+            // handle entities
+            input.pushback( second );
+            Integer c = getNamedEntity( input );
+            if ( c != null ) return c;
+        }
+        input.reset();
+        return null;
+    }
+
+    /**
+     * getNumericEntry checks input to see if it is a numeric entity
+     *
+     * @param input
+     *             The input to test for being a numeric entity
+     *
+     * @return
+     *             null if input is null, the character of input after decoding
+     */
+    private Integer getNumericEntity( PushbackSequence<Integer> input ) {
+        Integer first = input.peek();
+        if ( first == null ) return null;
+
+        if (first == 'x' || first == 'X' ) {
+            input.next();
+            return parseHex( input );
+        }
+        return parseNumber( input );
+    }
+
+    /**
+     * Parse a decimal number, such as those from JavaScript's String.fromCharCode(value)
+     *
+     * @param input
+     *             decimal encoded string, such as 65
+     * @return
+     *             character representation of this decimal value, e.g. A
+     * @throws NumberFormatException
+     */
+    private Integer parseNumber( PushbackSequence<Integer> input ) {
+        StringBuilder sb = new StringBuilder();
+        while( input.hasNext() ) {
+            Integer c = input.peek();
+
+            // if character is a digit then add it on and keep going
+            if ( Character.isDigit( c ) && Character.isValidCodePoint(c) ) {
+                sb.appendCodePoint( c );
+                input.next();
+
+            // if character is a semicolon, eat it and quit
+            } else if (c == ';' ) {
+                input.next();
+                break;
+
+            // otherwise just quit
+            } else {
+                break;
+            }
+        }
+        try {
+            int i = Integer.parseInt(sb.toString());
+            if (Character.isValidCodePoint(i)) {
+                return i;
+            }
+        } catch( NumberFormatException e ) {
+            // throw an exception for malformed entity?
+        }
+            return null;
+        }
+
+    /**
+     * Parse a hex encoded entity
+     *
+     * @param input
+     *             Hex encoded input (such as 437ae;)
+     * @return
+     *             A single character from the string
+     * @throws NumberFormatException
+     */
+    private Integer parseHex( PushbackSequence<Integer> input ) {
+        StringBuilder sb = new StringBuilder();
+        while( input.hasNext() ) {
+            Integer c = input.peek();
+
+            // if character is a hex digit then add it on and keep going
+            //This statement implicitly tests for Character.isValidCodePoint(int)
+            if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
+                sb.appendCodePoint( c );
+                input.next();
+
+            // if character is a semicolon, eat it and quit
+            } else if (c == ';' ) {
+                input.next();
+                break;
+
+            // otherwise just quit
+            } else {
+                break;
+            }
+        }
+        try {
+            int i = Integer.parseInt(sb.toString(), 16);
+            if (Character.isValidCodePoint(i)) {
+                return i;
+            }
+        } catch( NumberFormatException e ) {
+            // throw an exception for malformed entity?
+        }
+            return null;
+        }
+
+    /**
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Formats all are legal both with and without semi-colon, upper/lower case:
+     *   &aa;
+     *   &aaa;
+     *   &aaaa;
+     *   &aaaaa;
+     *   &aaaaaa;
+     *   &aaaaaaa;
+     *
+     * @param input
+     *         A string containing a named entity like &quot;
+     * @return
+     *         Returns the decoded version of the character starting at index, or null if no decoding is possible.
+     */
+    private Integer getNamedEntity( PushbackSequence<Integer> input ) {
+        StringBuilder possible = new StringBuilder();
+        Entry<CharSequence, Integer> entry;
+        int len;
+
+        // kludge around PushbackString....
+        len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
+        for(int i=0;i<len;i++){
+            Integer next = input.next();
+            if(null != next && Character.isValidCodePoint(next)){
+                possible.appendCodePoint(next);
+            }
+        }
+        // look up the longest match
+        entry = entityToCharacterTrie.getLongestMatch(possible);
+        if(entry == null) {
+            // We are lowercasing & comparing the result because of this all the upper case named entities are getting converted lowercase named entities.
+            // check is there any exact match https://github.com/ESAPI/esapi-java-legacy/issues/302
+            String possibleString = possible.toString();
+            String possibleStringLowerCase = possibleString.toLowerCase();
+                if(!possibleString.equals(possibleStringLowerCase)) {
+                   Map.Entry<CharSequence,Integer> exactEntry = entityToCharacterTrie.getLongestMatch(possibleStringLowerCase);
+                   if(exactEntry != null) entry = exactEntry;
+                }
+                if(entry == null) return null; // no match, caller will reset input
+        }
+
+        // fixup input
+        input.reset();
+        input.next();    // read &
+        len = entry.getKey().length();    // what matched's length
+        for(int i=0;i<len;i++)
+            input.next();
+
+        // check for a trailing semicolon
+        if(input.peek(Integer.valueOf(';')))
+            input.next();
+
+        return entry.getValue();
+    }
+
+    /**
+     * Build a unmodifiable Map from entity Character to Name.
+     * @return Unmodifiable map.
+     */
+    private static synchronized Map<Integer,String> mkCharacterToEntityMap()
+    {
+        Map<Integer, String> map = new HashMap<Integer,String>(252);
+
+        map.put(34,    "quot");    /* quotation mark */
+        map.put(38,    "amp");        /* ampersand */
+        map.put(60,    "lt");        /* less-than sign */
+        map.put(62,    "gt");        /* greater-than sign */
+        map.put(160,    "nbsp");    /* no-break space */
+        map.put(161,    "iexcl");    /* inverted exclamation mark */
+        map.put(162,    "cent");    /* cent sign */
+        map.put(163,    "pound");    /* pound sign */
+        map.put(164,    "curren");    /* currency sign */
+        map.put(165,    "yen");        /* yen sign */
+        map.put(166,    "brvbar");    /* broken bar */
+        map.put(167,    "sect");    /* section sign */
+        map.put(168,    "uml");        /* diaeresis */
+        map.put(169,    "copy");    /* copyright sign */
+        map.put(170,    "ordf");    /* feminine ordinal indicator */
+        map.put(171,    "laquo");    /* left-pointing double angle quotation mark */
+        map.put(172,    "not");        /* not sign */
+        map.put(173,    "shy");        /* soft hyphen */
+        map.put(174,    "reg");        /* registered sign */
+        map.put(175,    "macr");    /* macron */
+        map.put(176,    "deg");        /* degree sign */
+        map.put(177,    "plusmn");    /* plus-minus sign */
+        map.put(178,    "sup2");    /* superscript two */
+        map.put(179,    "sup3");    /* superscript three */
+        map.put(180,    "acute");    /* acute accent */
+        map.put(181,    "micro");    /* micro sign */
+        map.put(182,    "para");    /* pilcrow sign */
+        map.put(183,    "middot");    /* middle dot */
+        map.put(184,    "cedil");    /* cedilla */
+        map.put(185,    "sup1");    /* superscript one */
+        map.put(186,    "ordm");    /* masculine ordinal indicator */
+        map.put(187,    "raquo");    /* right-pointing double angle quotation mark */
+        map.put(188,    "frac14");    /* vulgar fraction one quarter */
+        map.put(189,    "frac12");    /* vulgar fraction one half */
+        map.put(190,    "frac34");    /* vulgar fraction three quarters */
+        map.put(191,    "iquest");    /* inverted question mark */
+        map.put(192,    "Agrave");    /* Latin capital letter a with grave */
+        map.put(193,    "Aacute");    /* Latin capital letter a with acute */
+        map.put(194,    "Acirc");    /* Latin capital letter a with circumflex */
+        map.put(195,    "Atilde");    /* Latin capital letter a with tilde */
+        map.put(196,    "Auml");    /* Latin capital letter a with diaeresis */
+        map.put(197,    "Aring");    /* Latin capital letter a with ring above */
+        map.put(198,    "AElig");    /* Latin capital letter ae */
+        map.put(199,    "Ccedil");    /* Latin capital letter c with cedilla */
+        map.put(200,    "Egrave");    /* Latin capital letter e with grave */
+        map.put(201,    "Eacute");    /* Latin capital letter e with acute */
+        map.put(202,    "Ecirc");    /* Latin capital letter e with circumflex */
+        map.put(203,    "Euml");    /* Latin capital letter e with diaeresis */
+        map.put(204,    "Igrave");    /* Latin capital letter i with grave */
+        map.put(205,    "Iacute");    /* Latin capital letter i with acute */
+        map.put(206,    "Icirc");    /* Latin capital letter i with circumflex */
+        map.put(207,    "Iuml");    /* Latin capital letter i with diaeresis */
+        map.put(208,    "ETH");        /* Latin capital letter eth */
+        map.put(209,    "Ntilde");    /* Latin capital letter n with tilde */
+        map.put(210,    "Ograve");    /* Latin capital letter o with grave */
+        map.put(211,    "Oacute");    /* Latin capital letter o with acute */
+        map.put(212,    "Ocirc");    /* Latin capital letter o with circumflex */
+        map.put(213,    "Otilde");    /* Latin capital letter o with tilde */
+        map.put(214,    "Ouml");    /* Latin capital letter o with diaeresis */
+        map.put(215,    "times");    /* multiplication sign */
+        map.put(216,    "Oslash");    /* Latin capital letter o with stroke */
+        map.put(217,    "Ugrave");    /* Latin capital letter u with grave */
+        map.put(218,    "Uacute");    /* Latin capital letter u with acute */
+        map.put(219,    "Ucirc");    /* Latin capital letter u with circumflex */
+        map.put(220,    "Uuml");    /* Latin capital letter u with diaeresis */
+        map.put(221,    "Yacute");    /* Latin capital letter y with acute */
+        map.put(222,    "THORN");    /* Latin capital letter thorn */
+        map.put(223,    "szlig");    /* Latin small letter sharp sXCOMMAX German Eszett */
+        map.put(224,    "agrave");    /* Latin small letter a with grave */
+        map.put(225,    "aacute");    /* Latin small letter a with acute */
+        map.put(226,    "acirc");    /* Latin small letter a with circumflex */
+        map.put(227,    "atilde");    /* Latin small letter a with tilde */
+        map.put(228,    "auml");    /* Latin small letter a with diaeresis */
+        map.put(229,    "aring");    /* Latin small letter a with ring above */
+        map.put(230,    "aelig");    /* Latin lowercase ligature ae */
+        map.put(231,    "ccedil");    /* Latin small letter c with cedilla */
+        map.put(232,    "egrave");    /* Latin small letter e with grave */
+        map.put(233,    "eacute");    /* Latin small letter e with acute */
+        map.put(234,    "ecirc");    /* Latin small letter e with circumflex */
+        map.put(235,    "euml");    /* Latin small letter e with diaeresis */
+        map.put(236,    "igrave");    /* Latin small letter i with grave */
+        map.put(237,    "iacute");    /* Latin small letter i with acute */
+        map.put(238,    "icirc");    /* Latin small letter i with circumflex */
+        map.put(239,    "iuml");    /* Latin small letter i with diaeresis */
+        map.put(240,    "eth");        /* Latin small letter eth */
+        map.put(241,    "ntilde");    /* Latin small letter n with tilde */
+        map.put(242,    "ograve");    /* Latin small letter o with grave */
+        map.put(243,    "oacute");    /* Latin small letter o with acute */
+        map.put(244,    "ocirc");    /* Latin small letter o with circumflex */
+        map.put(245,    "otilde");    /* Latin small letter o with tilde */
+        map.put(246,    "ouml");    /* Latin small letter o with diaeresis */
+        map.put(247,    "divide");    /* division sign */
+        map.put(248,    "oslash");    /* Latin small letter o with stroke */
+        map.put(249,    "ugrave");    /* Latin small letter u with grave */
+        map.put(250,    "uacute");    /* Latin small letter u with acute */
+        map.put(251,    "ucirc");    /* Latin small letter u with circumflex */
+        map.put(252,    "uuml");    /* Latin small letter u with diaeresis */
+        map.put(253,    "yacute");    /* Latin small letter y with acute */
+        map.put(254,    "thorn");    /* Latin small letter thorn */
+        map.put(255,    "yuml");    /* Latin small letter y with diaeresis */
+        map.put(338,    "OElig");    /* Latin capital ligature oe */
+        map.put(339,    "oelig");    /* Latin small ligature oe */
+        map.put(352,    "Scaron");    /* Latin capital letter s with caron */
+        map.put(353,    "scaron");    /* Latin small letter s with caron */
+        map.put(376,    "Yuml");    /* Latin capital letter y with diaeresis */
+        map.put(402,    "fnof");    /* Latin small letter f with hook */
+        map.put(710,    "circ");    /* modifier letter circumflex accent */
+        map.put(732,    "tilde");    /* small tilde */
+        map.put(913,    "Alpha");    /* Greek capital letter alpha */
+        map.put(914,    "Beta");    /* Greek capital letter beta */
+        map.put(915,    "Gamma");    /* Greek capital letter gamma */
+        map.put(916,    "Delta");    /* Greek capital letter delta */
+        map.put(917,    "Epsilon");    /* Greek capital letter epsilon */
+        map.put(918,    "Zeta");    /* Greek capital letter zeta */
+        map.put(919,    "Eta");        /* Greek capital letter eta */
+        map.put(920,    "Theta");    /* Greek capital letter theta */
+        map.put(921,    "Iota");    /* Greek capital letter iota */
+        map.put(922,    "Kappa");    /* Greek capital letter kappa */
+        map.put(923,    "Lambda");    /* Greek capital letter lambda */
+        map.put(924,    "Mu");        /* Greek capital letter mu */
+        map.put(925,    "Nu");        /* Greek capital letter nu */
+        map.put(926,    "Xi");        /* Greek capital letter xi */
+        map.put(927,    "Omicron");    /* Greek capital letter omicron */
+        map.put(928,    "Pi");        /* Greek capital letter pi */
+        map.put(929,    "Rho");        /* Greek capital letter rho */
+        map.put(931,    "Sigma");    /* Greek capital letter sigma */
+        map.put(932,    "Tau");        /* Greek capital letter tau */
+        map.put(933,    "Upsilon");    /* Greek capital letter upsilon */
+        map.put(934,    "Phi");        /* Greek capital letter phi */
+        map.put(935,    "Chi");        /* Greek capital letter chi */
+        map.put(936,    "Psi");        /* Greek capital letter psi */
+        map.put(937,    "Omega");    /* Greek capital letter omega */
+        map.put(945,    "alpha");    /* Greek small letter alpha */
+        map.put(946,    "beta");    /* Greek small letter beta */
+        map.put(947,    "gamma");    /* Greek small letter gamma */
+        map.put(948,    "delta");    /* Greek small letter delta */
+        map.put(949,    "epsilon");    /* Greek small letter epsilon */
+        map.put(950,    "zeta");    /* Greek small letter zeta */
+        map.put(951,    "eta");        /* Greek small letter eta */
+        map.put(952,    "theta");    /* Greek small letter theta */
+        map.put(953,    "iota");    /* Greek small letter iota */
+        map.put(954,    "kappa");    /* Greek small letter kappa */
+        map.put(955,    "lambda");    /* Greek small letter lambda */
+        map.put(956,    "mu");        /* Greek small letter mu */
+        map.put(957,    "nu");        /* Greek small letter nu */
+        map.put(958,    "xi");        /* Greek small letter xi */
+        map.put(959,    "omicron");    /* Greek small letter omicron */
+        map.put(960,    "pi");        /* Greek small letter pi */
+        map.put(961,    "rho");        /* Greek small letter rho */
+        map.put(962,    "sigmaf");    /* Greek small letter final sigma */
+        map.put(963,    "sigma");    /* Greek small letter sigma */
+        map.put(964,    "tau");        /* Greek small letter tau */
+        map.put(965,    "upsilon");    /* Greek small letter upsilon */
+        map.put(966,    "phi");        /* Greek small letter phi */
+        map.put(967,    "chi");        /* Greek small letter chi */
+        map.put(968,    "psi");        /* Greek small letter psi */
+        map.put(969,    "omega");    /* Greek small letter omega */
+        map.put(977,    "thetasym");    /* Greek theta symbol */
+        map.put(978,    "upsih");    /* Greek upsilon with hook symbol */
+        map.put(982,    "piv");        /* Greek pi symbol */
+        map.put(8194,    "ensp");    /* en space */
+        map.put(8195,    "emsp");    /* em space */
+        map.put(8201,    "thinsp");    /* thin space */
+        map.put(8204,    "zwnj");    /* zero width non-joiner */
+        map.put(8205,    "zwj");        /* zero width joiner */
+        map.put(8206,    "lrm");        /* left-to-right mark */
+        map.put(8207,    "rlm");        /* right-to-left mark */
+        map.put(8211,    "ndash");    /* en dash */
+        map.put(8212,    "mdash");    /* em dash */
+        map.put(8216,    "lsquo");    /* left single quotation mark */
+        map.put(8217,    "rsquo");    /* right single quotation mark */
+        map.put(8218,    "sbquo");    /* single low-9 quotation mark */
+        map.put(8220,    "ldquo");    /* left double quotation mark */
+        map.put(8221,    "rdquo");    /* right double quotation mark */
+        map.put(8222,    "bdquo");    /* double low-9 quotation mark */
+        map.put(8224,    "dagger");    /* dagger */
+        map.put(8225,    "Dagger");    /* double dagger */
+        map.put(8226,    "bull");    /* bullet */
+        map.put(8230,    "hellip");    /* horizontal ellipsis */
+        map.put(8240,    "permil");    /* per mille sign */
+        map.put(8242,    "prime");    /* prime */
+        map.put(8243,    "Prime");    /* double prime */
+        map.put(8249,    "lsaquo");    /* single left-pointing angle quotation mark */
+        map.put(8250,    "rsaquo");    /* single right-pointing angle quotation mark */
+        map.put(8254,    "oline");    /* overline */
+        map.put(8260,    "frasl");    /* fraction slash */
+        map.put(8364,    "euro");    /* euro sign */
+        map.put(8465,    "image");    /* black-letter capital i */
+        map.put(8472,    "weierp");    /* script capital pXCOMMAX Weierstrass p */
+        map.put(8476,    "real");    /* black-letter capital r */
+        map.put(8482,    "trade");    /* trademark sign */
+        map.put(8501,    "alefsym");    /* alef symbol */
+        map.put(8592,    "larr");    /* leftwards arrow */
+        map.put(8593,    "uarr");    /* upwards arrow */
+        map.put(8594,    "rarr");    /* rightwards arrow */
+        map.put(8595,    "darr");    /* downwards arrow */
+        map.put(8596,    "harr");    /* left right arrow */
+        map.put(8629,    "crarr");    /* downwards arrow with corner leftwards */
+        map.put(8656,    "lArr");    /* leftwards double arrow */
+        map.put(8657,    "uArr");    /* upwards double arrow */
+        map.put(8658,    "rArr");    /* rightwards double arrow */
+        map.put(8659,    "dArr");    /* downwards double arrow */
+        map.put(8660,    "hArr");    /* left right double arrow */
+        map.put(8704,    "forall");    /* for all */
+        map.put(8706,    "part");    /* partial differential */
+        map.put(8707,    "exist");    /* there exists */
+        map.put(8709,    "empty");    /* empty set */
+        map.put(8711,    "nabla");    /* nabla */
+        map.put(8712,    "isin");    /* element of */
+        map.put(8713,    "notin");    /* not an element of */
+        map.put(8715,    "ni");        /* contains as member */
+        map.put(8719,    "prod");    /* n-ary product */
+        map.put(8721,    "sum");        /* n-ary summation */
+        map.put(8722,    "minus");    /* minus sign */
+        map.put(8727,    "lowast");    /* asterisk operator */
+        map.put(8730,    "radic");    /* square root */
+        map.put(8733,    "prop");    /* proportional to */
+        map.put(8734,    "infin");    /* infinity */
+        map.put(8736,    "ang");        /* angle */
+        map.put(8743,    "and");        /* logical and */
+        map.put(8744,    "or");        /* logical or */
+        map.put(8745,    "cap");        /* intersection */
+        map.put(8746,    "cup");        /* union */
+        map.put(8747,    "int");        /* integral */
+        map.put(8756,    "there4");    /* therefore */
+        map.put(8764,    "sim");        /* tilde operator */
+        map.put(8773,    "cong");    /* congruent to */
+        map.put(8776,    "asymp");    /* almost equal to */
+        map.put(8800,    "ne");        /* not equal to */
+        map.put(8801,    "equiv");    /* identical toXCOMMAX equivalent to */
+        map.put(8804,    "le");        /* less-than or equal to */
+        map.put(8805,    "ge");        /* greater-than or equal to */
+        map.put(8834,    "sub");        /* subset of */
+        map.put(8835,    "sup");        /* superset of */
+        map.put(8836,    "nsub");    /* not a subset of */
+        map.put(8838,    "sube");    /* subset of or equal to */
+        map.put(8839,    "supe");    /* superset of or equal to */
+        map.put(8853,    "oplus");    /* circled plus */
+        map.put(8855,    "otimes");    /* circled times */
+        map.put(8869,    "perp");    /* up tack */
+        map.put(8901,    "sdot");    /* dot operator */
+        map.put(8968,    "lceil");    /* left ceiling */
+        map.put(8969,    "rceil");    /* right ceiling */
+        map.put(8970,    "lfloor");    /* left floor */
+        map.put(8971,    "rfloor");    /* right floor */
+        map.put(9001,    "lang");    /* left-pointing angle bracket */
+        map.put(9002,    "rang");    /* right-pointing angle bracket */
+        map.put(9674,    "loz");        /* lozenge */
+        map.put(9824,    "spades");    /* black spade suit */
+        map.put(9827,    "clubs");    /* black club suit */
+        map.put(9829,    "hearts");    /* black heart suit */
+        map.put(9830,    "diams");    /* black diamond suit */
+
+        return Collections.unmodifiableMap(map);
+    }
+
+    /**
+     * Build a unmodifiable Trie from entitiy Name to Character
+     * @return Unmodifiable trie.
+     */
+    private static synchronized Trie<Integer> mkEntityToCharacterTrie()
+    {
+        Trie<Integer> trie = new HashTrie<Integer>();
+
+        for(Map.Entry<Integer,String> entry : characterToEntityMap.entrySet())
+            trie.put(entry.getValue(),entry.getKey());
+        return Trie.Util.unmodifiable(trie);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/HashTrie.java b/src/main/java/org/owasp/esapi/codecs/HashTrie.java
index ba515d347..cdc9932aa 100644
--- a/src/main/java/org/owasp/esapi/codecs/HashTrie.java
+++ b/src/main/java/org/owasp/esapi/codecs/HashTrie.java
@@ -18,595 +18,591 @@
  *
  * <b>NOTE:</b><br>
  * <ul>
- *	<li>{@link Map.remove(Object)} is not supported.</li>
- *	<li>
- *		If deletion support is added the max key length will
- *		need work or removal.
- *	</li>
- *	<li>Null values are not supported.</li>
+ *    <li>@see java.util.Map.remove(Object) is not supported.</li>
+ *    <li>
+ *        If deletion support is added, the max key length will need work or removal.
+ *    </li>
+ *    <li>Null values are not supported.</li>
  * </ul>
  *
  * @author Ed Schaller
  */
 public class HashTrie<T> implements Trie<T>
 {
-	private static class Entry<T> implements Map.Entry<CharSequence,T>
-	{
-		private CharSequence key;
-		private T value;
-
-		Entry(CharSequence key, T value)
-		{
-			this.key = key;
-			this.value = value;
-		}
-
-		/**
-		 * Convinence instantiator.
-		 * @param key The key for the new instance
-		 * @param keyLength The length of the key to use
-		 * @param value The value for the new instance
-		 * @return null if key or value is null
-		 *	new Entry(key,value) if {@link CharSequence#length()} == keyLength
-		 *	new Entry(key.subSequence(0,keyLength),value) otherwise
-		 */
-		static <T> Entry<T> newInstanceIfNeeded(CharSequence key, int keyLength, T value)
-		{
-			if(value == null || key == null)
-				return null;
-			if(key.length() > keyLength)
-				key = key.subSequence(0,keyLength);
-			return new Entry<T>(key,value);
-		}
-
-		/**
-		 * Convinence instantiator.
-		 * @param key The key for the new instance
-		 * @param value The value for the new instance
-		 * @return null if key or value is null
-		 *	new Entry(key,value) otherwise
-		 */
-		static <T> Entry<T> newInstanceIfNeeded(CharSequence key, T value)
-		{
-			if(value == null || key == null)
-				return null;
-			return new Entry<T>(key,value);
-		}
+    private static class Entry<T> implements Map.Entry<CharSequence,T>
+    {
+        private CharSequence key;
+        private T value;
+
+        Entry(CharSequence key, T value)
+        {
+            this.key = key;
+            this.value = value;
+        }
+
+        /**
+         * Convenience instantiator.
+         * @param key The key for the new instance
+         * @param keyLength The length of the key to use
+         * @param value The value for the new instance
+         * @return null if key or value is null
+         *    new Entry(key,value) if {@link CharSequence#length()} == keyLength
+         *    new Entry(key.subSequence(0,keyLength),value) otherwise
+         */
+        static <T> Entry<T> newInstanceIfNeeded(CharSequence key, int keyLength, T value)
+        {
+            if(value == null || key == null)
+                return null;
+            if(key.length() > keyLength)
+                key = key.subSequence(0,keyLength);
+            return new Entry<T>(key,value);
+        }
+
+        /**
+         * Convenience instantiator.
+         * @param key The key for the new instance
+         * @param value The value for the new instance
+         * @return null if key or value is null
+         *    new Entry(key,value) otherwise
+         */
+        static <T> Entry<T> newInstanceIfNeeded(CharSequence key, T value)
+        {
+            if(value == null || key == null)
+                return null;
+            return new Entry<T>(key,value);
+        }
 
                 /*************/
                 /* Map.Entry */
                 /*************/
 
-		public CharSequence getKey()
-		{
-			return key;
-		}
+        public CharSequence getKey()
+        {
+            return key;
+        }
 
-		public T getValue()
-		{
-			return value;
-		}
+        public T getValue()
+        {
+            return value;
+        }
 
-		public T setValue(T value)
-		{
-			throw new UnsupportedOperationException();
-		}
+        public T setValue(T value)
+        {
+            throw new UnsupportedOperationException();
+        }
 
                 /********************/
                 /* java.lang.Object */
                 /********************/
 
-		public boolean equals(Map.Entry other)
-		{
-			return (NullSafe.equals(key, other.getKey()) && NullSafe.equals(value, other.getValue()));
-		}
-
-		@Override
-		public boolean equals(Object o)
-		{
-			if(o instanceof Map.Entry)
-				return equals((Map.Entry)o);
-			return false;
-		}
-
-		@Override
-		public int hashCode()
-		{
-			return NullSafe.hashCode(key) ^ NullSafe.hashCode(value);
-		}
-
-		@Override
-		public String toString()
-		{
-			return NullSafe.toString(key) + " => " + NullSafe.toString(value);
-		}
-	}
-
-	/**
-	 * Node inside the trie.
-	 */
-	private static class Node<T>
-	{
-		private T value = null;
-		private Map<Character,Node<T>> nextMap;
-
-		/**
-		 * Create a new Map for a node level. This is here so
-		 * that if the underlying * Map implmentation needs to
-		 * be switched it is easily done.
-		 * @return A new Map for use.
-		 */
-		private static <T> Map<Character,Node<T>> newNodeMap()
-		{
-			return new HashMap<Character,Node<T>>();
-		}
-
-		/**
-		 * Create a new Map for a node level. This is here so
-		 * that if the underlying * Map implmentation needs to
-		 * be switched it is easily done.
-		 * @param prev Pervious map to use to populate the
-		 * new map.
-		 * @return A new Map for use.
-		 */
-		private static <T> Map<Character,Node<T>> newNodeMap(Map<Character,Node<T>> prev)
-		{
-			return new HashMap<Character,Node<T>>(prev);
-		}
-
-		/** 
-		 * Set the value for the key terminated at this node.
-		 * @param value The value for this key.
-		 */
-		void setValue(T value)
-		{
-			this.value = value;
-		}
-
-		/**
-		 * Get the node for the specified character.
-		 * @param ch The next character to look for.
-		 * @return The node requested or null if it is not
-		 *	present.
-		 */
-		Node<T> getNextNode(Character ch)
-		{
-			if(nextMap == null)
-				return null;
-			return nextMap.get(ch);
-		}
-
-		/**
-		 * Recursively add a key.
-		 * @param key The key being added.
-		 * @param pos The position in key that is being handled
-		 *	at this level.
-		 */
-		T put(CharSequence key, int pos, T addValue)
-		{
-			Node<T> nextNode;
-			Character ch;
-			T old;
-
-			if(key.length() == pos)
-			{	// at terminating node
-				old = value;
-				setValue(addValue);
-				return old;
-			}
-			ch = key.charAt(pos);
-			if(nextMap == null)
-			{
-				nextMap = newNodeMap();
-				nextNode = new Node();
-				nextMap.put(ch, nextNode);
-			}
-			else if((nextNode = nextMap.get(ch))==null)
-			{
-				nextNode = new Node();
-				nextMap.put(ch,nextNode);
-			}
-			return nextNode.put(key,pos+1,addValue);
-		}
-
-		/**
-		 * Recursively lookup a key's value.
-		 * @param key The key being looked up.
-		 * @param pos The position in the key that is being
-		 *	looked up at this level.
-		 * @return The value assocatied with the key or null if
-		 *	none exists.
-		 */
-		T get(CharSequence key, int pos)
-		{
-			Node<T> nextNode;
-
-			if(key.length() <= pos)	// <= instead of == just in case
-				return value;	// no value is null which is also not found
-			if((nextNode = getNextNode(key.charAt(pos)))==null)
-				return null;
-			return nextNode.get(key,pos+1);
-		}
-			
-		/**
-		 * Recursively lookup the longest key match.
-		 * @param key The key being looked up.
-		 * @param pos The position in the key that is being
-		 *	looked up at this level.
-		 * @return The Entry assocatied with the longest key
-		 *	match or null if none exists.
-		 */
-		Entry<T> getLongestMatch(CharSequence key, int pos)
-		{
-			Node<T> nextNode;
-			Entry<T> ret;
-
-			if(key.length() <= pos)	// <= instead of == just in case
-				return Entry.newInstanceIfNeeded(key,value);
-			if((nextNode = getNextNode(key.charAt(pos)))==null)
-			{	// last in trie... return ourselves
-				return Entry.newInstanceIfNeeded(key,pos,value);
-			}
-			if((ret = nextNode.getLongestMatch(key, pos+1))!=null)
-				return ret;
-			return Entry.newInstanceIfNeeded(key,pos,value);
-		}
-
-		/**
-		 * Recursively lookup the longest key match.
-		 * @param keyIn Where to read the key from
-		 * @param pos The position in the key that is being
-		 *	looked up at this level.
-		 * @return The Entry assocatied with the longest key
-		 *	match or null if none exists.
-		 */
-		Entry<T> getLongestMatch(PushbackReader keyIn, StringBuilder key) throws IOException
-		{
-			Node<T> nextNode;
-			Entry<T> ret;
-			int c;
-			char ch;
-			int prevLen;
-
-			// read next key char and append to key...
-			if((c = keyIn.read())<0)
-				// end of input, return what we have currently
-				return Entry.newInstanceIfNeeded(key,value);
-			ch = (char)c;
-			prevLen = key.length();
-			key.append(ch);
-
-			if((nextNode = getNextNode(ch))==null)
-			{	// last in trie... return ourselves
-				return Entry.newInstanceIfNeeded(key,value);
-			}
-			if((ret = nextNode.getLongestMatch(keyIn, key))!=null)
-				return ret;
-
-			// undo reading of key char and appending to key...
-			key.setLength(prevLen);
-			keyIn.unread(c);
-
-			return Entry.newInstanceIfNeeded(key,value);
-		}
-
-		/**
-		 * Recursively rebuild the internal maps.
-		 */
-		void remap()
-		{
-			if(nextMap == null)
-				return;
-			nextMap = newNodeMap(nextMap);
-			for(Node<T> node : nextMap.values())
-				node.remap();
-		}
-
-		/**
-		 * Recursively search for a value.
-		 * @param toFind The value to search for
-		 * @return true if the value was found
-		 *	false otherwise
-		 */
-		boolean containsValue(Object toFind)
-		{
-			if(value != null && toFind.equals(value))
-				return true;
-			if(nextMap == null)
-				return false;
-			for(Node<T> node : nextMap.values())
-				if(node.containsValue(toFind))
-					return true;
-			return false;
-		}
-
-		/**
-		 * Recursively build values.
-		 * @param values List being built.
-		 * @return true if the value was found
-		 *	false otherwise
-		 */
-		Collection<T> values(Collection<T> values)
-		{
-			if(value != null)
-				values.add(value);
-			if(nextMap == null)
-				return values;
-			for(Node<T> node : nextMap.values())
-				node.values(values);
-			return values;
-		}
-
-		/**
-		 * Recursively build a key set.
-		 * @param key StringBuilder with our key.
-		 * @param keys Set to add to
-		 * @return keys with additions
-		 */
-		Set<CharSequence> keySet(StringBuilder key, Set<CharSequence> keys)
-		{
-			int len = key.length();
-
-			if(value != null)
-				// MUST toString here
-				keys.add(key.toString());
-			if(nextMap != null && nextMap.size() > 0)
-			{
-				key.append('X');
-				for(Map.Entry<Character,Node<T>> entry : nextMap.entrySet())
-				{
-					key.setCharAt(len,entry.getKey());
-					entry.getValue().keySet(key,keys);
-				}
-				key.setLength(len);
-			}
-			return keys;
-		}
-
-		/**
-		 * Recursively build a entry set.
-		 * @param key StringBuilder with our key.
-		 * @param entries Set to add to
-		 * @return entries with additions
-		 */
-		Set<Map.Entry<CharSequence,T>> entrySet(StringBuilder key, Set<Map.Entry<CharSequence,T>> entries)
-		{
-			int len = key.length();
-
-			if(value != null)
-				// MUST toString here
-				entries.add(new Entry(key.toString(),value));
-			if(nextMap != null && nextMap.size() > 0)
-			{
-				key.append('X');
-				for(Map.Entry<Character,Node<T>> entry : nextMap.entrySet())
-				{
-					key.setCharAt(len,entry.getKey());
-					entry.getValue().entrySet(key,entries);
-				}
-				key.setLength(len);
-			}
-			return entries;
-		}
-	}
-
-	private Node<T> root;
-	private int maxKeyLen;
-	private int size;
-
-	public HashTrie()
-	{
-		clear();
-	}
-
-	/**
-	 * Get the key value entry who's key is the longest prefix match.
-	 * @param key The key to lookup
-	 * @return Entry with the longest matching key.
-	 */
-	public Map.Entry<CharSequence,T> getLongestMatch(CharSequence key)
-	{
-		if(root == null || key == null)
-			return null;
-		return root.getLongestMatch(key, 0);
-	}
-
-	/**
-	 * Get the key value entry who's key is the longest prefix match.
-	 * @param keyIn Pushback reader to read the key from. This should
-	 * have a buffer at least as large as {@link #getMaxKeyLength()}
-	 * or an IOException may be thrown backing up.
-	 * @return Entry with the longest matching key.
-	 * @throws IOException if keyIn.read() or keyIn.unread() does.
-	 */
-	public Map.Entry<CharSequence,T> getLongestMatch(PushbackReader keyIn) throws IOException
-	{
-		if(root == null || keyIn == null)
-			return null;
-		return root.getLongestMatch(keyIn, new StringBuilder());
-	}
-
-	/**
-	 * Get the maximum key length.
-	 * @return max key length.
-	 */
-	public int getMaxKeyLength()
-	{
-		return maxKeyLen;
-	}
+        public boolean equals(Map.Entry other)
+        {
+            return (NullSafe.equals(key, other.getKey()) && NullSafe.equals(value, other.getValue()));
+        }
+
+        @Override
+        public boolean equals(Object o)
+        {
+            if(o instanceof Map.Entry)
+                return equals((Map.Entry)o);
+            return false;
+        }
+
+        @Override
+        public int hashCode()
+        {
+            return NullSafe.hashCode(key) ^ NullSafe.hashCode(value);
+        }
+
+        @Override
+        public String toString()
+        {
+            return NullSafe.toString(key) + " => " + NullSafe.toString(value);
+        }
+    }
+
+    /**
+     * Node inside the trie.
+     */
+    private static class Node<T>
+    {
+        private T value = null;
+        private Map<Character,Node<T>> nextMap;
+
+        /**
+         * Create a new Map for a node level. This is here so
+         * that if the underlying * Map implementation needs to
+         * be switched it is easily done.
+         * @return A new Map for use.
+         */
+        private static <T> Map<Character,Node<T>> newNodeMap()
+        {
+            return new HashMap<Character,Node<T>>();
+        }
+
+        /**
+         * Create a new Map for a node level. This is here so
+         * that if the underlying * Map implementation needs to
+         * be switched it is easily done.
+         * @param prev Previous map to use to populate the
+         * new map.
+         * @return A new Map for use.
+         */
+        private static <T> Map<Character,Node<T>> newNodeMap(Map<Character,Node<T>> prev)
+        {
+            return new HashMap<Character,Node<T>>(prev);
+        }
+
+        /**
+         * Set the value for the key terminated at this node.
+         * @param value The value for this key.
+         */
+        void setValue(T value)
+        {
+            this.value = value;
+        }
+
+        /**
+         * Get the node for the specified character.
+         * @param ch The next character to look for.
+         * @return The node requested or null if it is not
+         *    present.
+         */
+        Node<T> getNextNode(Character ch)
+        {
+            if(nextMap == null)
+                return null;
+            return nextMap.get(ch);
+        }
+
+        /**
+         * Recursively add a key.
+         * @param key The key being added.
+         * @param pos The position in key that is being handled
+         *    at this level.
+         */
+        T put(CharSequence key, int pos, T addValue)
+        {
+            Node<T> nextNode;
+            Character ch;
+            T old;
+
+            if(key.length() == pos)
+            {    // at terminating node
+                old = value;
+                setValue(addValue);
+                return old;
+            }
+            ch = key.charAt(pos);
+            if(nextMap == null)
+            {
+                nextMap = newNodeMap();
+                nextNode = new Node();
+                nextMap.put(ch, nextNode);
+            }
+            else if((nextNode = nextMap.get(ch))==null)
+            {
+                nextNode = new Node();
+                nextMap.put(ch,nextNode);
+            }
+            return nextNode.put(key,pos+1,addValue);
+        }
+
+        /**
+         * Recursively lookup a key's value.
+         * @param key The key being looked up.
+         * @param pos The position in the key that is being
+         *    looked up at this level.
+         * @return The value associated with the key or null if none exists.
+         */
+        T get(CharSequence key, int pos)
+        {
+            Node<T> nextNode;
+
+            if(key.length() <= pos)    // <= instead of == just in case
+                return value;    // no value is null which is also not found
+            if((nextNode = getNextNode(key.charAt(pos)))==null)
+                return null;
+            return nextNode.get(key,pos+1);
+        }
+
+        /**
+         * Recursively lookup the longest key match.
+         * @param key The key being looked up.
+         * @param pos The position in the key that is being
+         *    looked up at this level.
+         * @return The Entry associated with the longest key match or null if none exists.
+         */
+        Entry<T> getLongestMatch(CharSequence key, int pos)
+        {
+            Node<T> nextNode;
+            Entry<T> ret;
+
+            if(key.length() <= pos)    // <= instead of == just in case
+                return Entry.newInstanceIfNeeded(key,value);
+            if((nextNode = getNextNode(key.charAt(pos)))==null)
+            {    // last in trie... return ourselves
+                return Entry.newInstanceIfNeeded(key,pos,value);
+            }
+            if((ret = nextNode.getLongestMatch(key, pos+1))!=null)
+                return ret;
+            return Entry.newInstanceIfNeeded(key,pos,value);
+        }
+
+        /**
+         * Recursively lookup the longest key match.
+         * @param keyIn Where to read the key from
+         * @param key The key that is being looked up at this level.
+         * @return The Entry associated with the longest key
+         *    match or null if none exists.
+         */
+        Entry<T> getLongestMatch(PushbackReader keyIn, StringBuilder key) throws IOException
+        {
+            Node<T> nextNode;
+            Entry<T> ret;
+            int c;
+            char ch;
+            int prevLen;
+
+            // read next key char and append to key...
+            if((c = keyIn.read())<0)
+                // end of input, return what we have currently
+                return Entry.newInstanceIfNeeded(key,value);
+            ch = (char)c;
+            prevLen = key.length();
+            key.append(ch);
+
+            if((nextNode = getNextNode(ch))==null)
+            {    // last in trie... return ourselves
+                return Entry.newInstanceIfNeeded(key,value);
+            }
+            if((ret = nextNode.getLongestMatch(keyIn, key))!=null)
+                return ret;
+
+            // undo reading of key char and appending to key...
+            key.setLength(prevLen);
+            keyIn.unread(c);
+
+            return Entry.newInstanceIfNeeded(key,value);
+        }
+
+        /**
+         * Recursively rebuild the internal maps.
+         */
+        void remap()
+        {
+            if(nextMap == null)
+                return;
+            nextMap = newNodeMap(nextMap);
+            for(Node<T> node : nextMap.values())
+                node.remap();
+        }
+
+        /**
+         * Recursively search for a value.
+         * @param toFind The value to search for
+         * @return true if the value was found
+         *    false otherwise
+         */
+        boolean containsValue(Object toFind)
+        {
+            if(value != null && toFind.equals(value))
+                return true;
+            if(nextMap == null)
+                return false;
+            for(Node<T> node : nextMap.values())
+                if(node.containsValue(toFind))
+                    return true;
+            return false;
+        }
+
+        /**
+         * Recursively build values.
+         * @param values List being built.
+         * @return true if the value was found
+         *    false otherwise
+         */
+        Collection<T> values(Collection<T> values)
+        {
+            if(value != null)
+                values.add(value);
+            if(nextMap == null)
+                return values;
+            for(Node<T> node : nextMap.values())
+                node.values(values);
+            return values;
+        }
+
+        /**
+         * Recursively build a key set.
+         * @param key StringBuilder with our key.
+         * @param keys Set to add to
+         * @return keys with additions
+         */
+        Set<CharSequence> keySet(StringBuilder key, Set<CharSequence> keys)
+        {
+            int len = key.length();
+
+            if(value != null)
+                // MUST toString here
+                keys.add(key.toString());
+            if(nextMap != null && nextMap.size() > 0)
+            {
+                key.append('X');
+                for(Map.Entry<Character,Node<T>> entry : nextMap.entrySet())
+                {
+                    key.setCharAt(len,entry.getKey());
+                    entry.getValue().keySet(key,keys);
+                }
+                key.setLength(len);
+            }
+            return keys;
+        }
+
+        /**
+         * Recursively build a entry set.
+         * @param key StringBuilder with our key.
+         * @param entries Set to add to
+         * @return entries with additions
+         */
+        Set<Map.Entry<CharSequence,T>> entrySet(StringBuilder key, Set<Map.Entry<CharSequence,T>> entries)
+        {
+            int len = key.length();
+
+            if(value != null)
+                // MUST toString here
+                entries.add(new Entry(key.toString(),value));
+            if(nextMap != null && nextMap.size() > 0)
+            {
+                key.append('X');
+                for(Map.Entry<Character,Node<T>> entry : nextMap.entrySet())
+                {
+                    key.setCharAt(len,entry.getKey());
+                    entry.getValue().entrySet(key,entries);
+                }
+                key.setLength(len);
+            }
+            return entries;
+        }
+    }
+
+    private Node<T> root;
+    private int maxKeyLen;
+    private int size;
+
+    public HashTrie()
+    {
+        clear();
+    }
+
+    /**
+     * Get the key value entry whose key is the longest prefix match.
+     * @param key The key to lookup
+     * @return Entry with the longest matching key.
+     */
+    public Map.Entry<CharSequence,T> getLongestMatch(CharSequence key)
+    {
+        if(root == null || key == null)
+            return null;
+        return root.getLongestMatch(key, 0);
+    }
+
+    /**
+     * Get the key value entry whose key is the longest prefix match.
+     * @param keyIn Pushback reader to read the key from. This should
+     * have a buffer at least as large as {@link #getMaxKeyLength()}
+     * or an IOException may be thrown backing up.
+     * @return Entry with the longest matching key.
+     * @throws IOException if keyIn.read() or keyIn.unread() does.
+     */
+    public Map.Entry<CharSequence,T> getLongestMatch(PushbackReader keyIn) throws IOException
+    {
+        if(root == null || keyIn == null)
+            return null;
+        return root.getLongestMatch(keyIn, new StringBuilder());
+    }
+
+    /**
+     * Get the maximum key length.
+     * @return max key length.
+     */
+    public int getMaxKeyLength()
+    {
+        return maxKeyLen;
+    }
 
         /*****************/
         /* java.util.Map */
         /*****************/
 
-	/**
-	 * Clear all entries.
-	 */
-	public void clear()
-	{
-		root = null;
-		maxKeyLen = -1;
-		size = 0;
-	}
-
-	/** {@inheritDoc} */
-	public boolean containsKey(Object key)
-	{
-		return (get(key) != null);
-	}
-
-	/** {@inheritDoc} */
-	public boolean containsValue(Object value)
-	{
-		if(root == null)
-			return false;
-		return root.containsValue(value);
-	}
-
-	/**
-	 * Add mapping.
-	 * @param key The mapping's key.
-	 * @value value The mapping's value
-	 * @throws NullPointerException if key or value is null.
-	 */
-	public T put(CharSequence key, T value) throws NullPointerException
-	{
-		int len;
-		T old;
-
-		if(key == null)
-			throw new NullPointerException("Null keys are not handled");
-		if(value == null)
-			throw new NullPointerException("Null values are not handled");
-		if(root == null)
-			root = new Node<T>();
-		if((old = root.put(key,0,value))!=null)
-			return old;
-
-		// after in case of replacement
-		if((len = key.length()) > maxKeyLen)
-			maxKeyLen = len;
-		size++;
-		return null;
-	}
-
-	/**
-	 * Remove a entry.
-	 * @return previous value
-	 * @throws UnsupportedOperationException always.
-	 */
-	public T remove(Object key) throws UnsupportedOperationException
-	{
-		throw new UnsupportedOperationException();
-	}
-
-	/** {@inheritDoc} */
-	public void putAll(Map<? extends CharSequence, ? extends T> map)
-	{
-		for(Map.Entry<? extends CharSequence, ? extends T> entry : map.entrySet())
-			put(entry.getKey(),entry.getValue());
-	}
-
-	/** {@inheritDoc} */
-	public Set<CharSequence> keySet()
-	{
-		Set<CharSequence> keys = new HashSet<CharSequence>(size);
-		
-		if(root == null)
-			return keys;
-		return root.keySet(new StringBuilder(), keys);
-	}
-
-	/** {@inheritDoc} */
-	public Collection<T> values()
-	{
-		ArrayList<T> values = new ArrayList<T>(size());
-
-		if(root == null)
-			return values;
-		return root.values(values);
-	}
-
-	/** {@inheritDoc} */
-	public Set<Map.Entry<CharSequence,T>> entrySet()
-	{
-		Set<Map.Entry<CharSequence,T>> entries = new HashSet<Map.Entry<CharSequence,T>>(size());
-
-		if(root == null)
-			return entries;
-		return root.entrySet(new StringBuilder(), entries);
-	}
-
-	/**
-	 * Get the value for a key.
-	 * @param key The key to look up.
-	 * @return The value for key or null if the key is not found.
-	 */
-	public T get(Object key)
-	{
-		if(root == null || key == null)
-			return null;
-		if(!(key instanceof CharSequence))
-			return null;
-		return root.get((CharSequence)key,0);
-	}
-
-	/**
-	 * Get the number of entries.
-	 * @return the number or entries.
-	 */
-	public int size()
-	{
-		return size;
-	}
-
-	/** {@inheritDoc} */
-	@Override
-	public boolean equals(Object other)
-	{
-		if(other == null)
-			return false;
-		if(!(other instanceof Map))
-			return false;
-		// per spec
-		return entrySet().equals(((Map)other).entrySet());
-	}
-
-	/** {@inheritDoc} */
-	@Override
-	public int hashCode()
-	{
-		// per spec
-		return entrySet().hashCode();
-	}
-
-	/** {@inheritDoc} */
-	@Override
-	public String toString()
-	{
-		StringBuilder sb;
-		boolean first;
-
-		if(isEmpty())
-			return "{}";
-		sb = new StringBuilder();
-		first = true;
-		sb.append("{ ");
-		for(Map.Entry<CharSequence,T> entry : entrySet())
-		{
-			if(first)
-				first = false;
-			else
-				sb.append(", ");
-			sb.append(entry.toString());
-		}
-		sb.append(" }");
-		return sb.toString();
-	}
-
-	/** {@inheritDoc} */
-	public boolean isEmpty()
-	{
-		return(size() == 0);
-	}
+    /**
+     * Clear all entries.
+     */
+    public void clear()
+    {
+        root = null;
+        maxKeyLen = -1;
+        size = 0;
+    }
+
+    /** {@inheritDoc} */
+    public boolean containsKey(Object key)
+    {
+        return (get(key) != null);
+    }
+
+    /** {@inheritDoc} */
+    public boolean containsValue(Object value)
+    {
+        if(root == null)
+            return false;
+        return root.containsValue(value);
+    }
+
+    /**
+     * Add mapping.
+     * @param key The mapping's key.
+     * @value value The mapping's value
+     * @throws NullPointerException if key or value is null.
+     */
+    public T put(CharSequence key, T value) throws NullPointerException
+    {
+        int len;
+        T old;
+
+        if(key == null)
+            throw new NullPointerException("Null keys are not handled");
+        if(value == null)
+            throw new NullPointerException("Null values are not handled");
+        if(root == null)
+            root = new Node<T>();
+        if((old = root.put(key,0,value))!=null)
+            return old;
+
+        // after in case of replacement
+        if((len = key.length()) > maxKeyLen)
+            maxKeyLen = len;
+        size++;
+        return null;
+    }
+
+    /**
+     * Remove a entry.
+     * @return previous value
+     * @throws UnsupportedOperationException always.
+     */
+    public T remove(Object key) throws UnsupportedOperationException
+    {
+        throw new UnsupportedOperationException();
+    }
+
+    /** {@inheritDoc} */
+    public void putAll(Map<? extends CharSequence, ? extends T> map)
+    {
+        for(Map.Entry<? extends CharSequence, ? extends T> entry : map.entrySet())
+            put(entry.getKey(),entry.getValue());
+    }
+
+    /** {@inheritDoc} */
+    public Set<CharSequence> keySet()
+    {
+        Set<CharSequence> keys = new HashSet<CharSequence>(size);
+
+        if(root == null)
+            return keys;
+        return root.keySet(new StringBuilder(), keys);
+    }
+
+    /** {@inheritDoc} */
+    public Collection<T> values()
+    {
+        ArrayList<T> values = new ArrayList<T>(size());
+
+        if(root == null)
+            return values;
+        return root.values(values);
+    }
+
+    /** {@inheritDoc} */
+    public Set<Map.Entry<CharSequence,T>> entrySet()
+    {
+        Set<Map.Entry<CharSequence,T>> entries = new HashSet<Map.Entry<CharSequence,T>>(size());
+
+        if(root == null)
+            return entries;
+        return root.entrySet(new StringBuilder(), entries);
+    }
+
+    /**
+     * Get the value for a key.
+     * @param key The key to look up.
+     * @return The value for key or null if the key is not found.
+     */
+    public T get(Object key)
+    {
+        if(root == null || key == null)
+            return null;
+        if(!(key instanceof CharSequence))
+            return null;
+        return root.get((CharSequence)key,0);
+    }
+
+    /**
+     * Get the number of entries.
+     * @return the number of entries.
+     */
+    public int size()
+    {
+        return size;
+    }
+
+    /** {@inheritDoc} */
+    @Override
+    public boolean equals(Object other)
+    {
+        if(other == null)
+            return false;
+        if(!(other instanceof Map))
+            return false;
+        // per spec
+        return entrySet().equals(((Map)other).entrySet());
+    }
+
+    /** {@inheritDoc} */
+    @Override
+    public int hashCode()
+    {
+        // per spec
+        return entrySet().hashCode();
+    }
+
+    /** {@inheritDoc} */
+    @Override
+    public String toString()
+    {
+        StringBuilder sb;
+        boolean first;
+
+        if(isEmpty())
+            return "{}";
+        sb = new StringBuilder();
+        first = true;
+        sb.append("{ ");
+        for(Map.Entry<CharSequence,T> entry : entrySet())
+        {
+            if(first)
+                first = false;
+            else
+                sb.append(", ");
+            sb.append(entry.toString());
+        }
+        sb.append(" }");
+        return sb.toString();
+    }
+
+    /** {@inheritDoc} */
+    public boolean isEmpty()
+    {
+        return(size() == 0);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/codecs/Hex.java b/src/main/java/org/owasp/esapi/codecs/Hex.java
index 17ab4bf52..5ca0b6890 100644
--- a/src/main/java/org/owasp/esapi/codecs/Hex.java
+++ b/src/main/java/org/owasp/esapi/codecs/Hex.java
@@ -1,6 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
@@ -13,10 +13,10 @@
 public class Hex {
 
     /** Output byte representation as hexadecimal representation.
-     * 
-     * @param b				Bytes to encode to hexadecimal representation.
-     * @param leading0x		If true, return with leading "0x".
-     * @return				Hexadecimal representation of specified bytes.
+     *
+     * @param b                Bytes to encode to hexadecimal representation.
+     * @param leading0x        If true, return with leading "0x".
+     * @return                Hexadecimal representation of specified bytes.
      */
     public static String toHex(byte[] b, boolean leading0x) {
         StringBuffer hexString = new StringBuffer();
@@ -37,10 +37,10 @@ public static String toHex(byte[] b, boolean leading0x) {
     /**
      * Output byte representation as hexadecimal representation.
      * Alias for <code>toHex()</code> method.
-     * 
-     * @param b				Bytes to encode to hexadecimal representation.
-     * @param leading0x		If true, return with leading "0x".
-     * @return				Hexadecimal representation of specified bytes.
+     *
+     * @param b                Bytes to encode to hexadecimal representation.
+     * @param leading0x        If true, return with leading "0x".
+     * @return                Hexadecimal representation of specified bytes.
      */
     public static String encode(byte[] b, boolean leading0x) {
         return toHex(b, leading0x);
@@ -53,9 +53,9 @@ public static String encode(byte[] b, boolean leading0x) {
      * in dealing with things like keys, initialization vectors, etc. For
      * example, the string "0x0000face" is going to return a byte array
      * whose length is 4, not 2.
-     * 
-     * @param hexStr	Hexadecimal-encoded string, with or without leading "0x".
-     * @return			The equivalent byte array.
+     *
+     * @param hexStr    Hexadecimal-encoded string, with or without leading "0x".
+     * @return            The equivalent byte array.
      */
     public static byte[] fromHex(String hexStr) {
         String hexRep = hexStr;
@@ -74,9 +74,9 @@ public static byte[] fromHex(String hexStr) {
 
     /** Decode hexadecimal-encoded string and return raw byte array.
      * Alias for <code>fromHex()</code> method.
-     * 
-     * @param hexStr	Hexadecimal-encoded string, with or without leading "0x".
-     * @return			The equivalent byte array. 
+     *
+     * @param hexStr    Hexadecimal-encoded string, with or without leading "0x".
+     * @return            The equivalent byte array.
      */
     public static byte[] decode(String hexStr) {
         return fromHex(hexStr);
diff --git a/src/main/java/org/owasp/esapi/codecs/JSONCodec.java b/src/main/java/org/owasp/esapi/codecs/JSONCodec.java
new file mode 100644
index 000000000..524b2faac
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/JSONCodec.java
@@ -0,0 +1,245 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2022 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeffrey Walton (noloader .at. gmail.com)
+ * @author Kevin Wall (kevin.w.wall .at. gmail.com)
+ * @author Matt Seil (matt.seil .at. owasp.org)
+ * @created 2022
+ */
+package org.owasp.esapi.codecs;
+
+/**
+ * Implementation of the Codec interface for JSON strings.
+ * This class performs <a
+ * href="https://datatracker.ietf.org/doc/html/rfc8259#section-7">String escaping</a>
+ * on the entire string according to RFC 8259, Section 7.
+ *
+ * RFC 8259 requires conforming implementations use UTF-8. However, the ESAPI interfaces
+ * utilize Java strings, which are UTF-16. This may cause problems during encoding and
+ * decoding operations. To avoid some of the problems, convert the string to UTF-8 before
+ * encoding and from UTF-8 after decoding. Ultimately the ESAPI encoder interfaces will
+ * need modification to provide byte array arguments and return values.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc8259#section-7">RFC 8259,
+ * The JavaScript Object Notation (JSON) Data Interchange Format, Section 7</a>
+ *
+ * @author Jeffrey Walton (noloader .at. gmail.com)
+ * @author Kevin Wall (kevin.w.wall .at. gmail.com)
+ * @author Matt Seil (matt.seil .at. owasp.org)
+ * @since July 31, 2022
+ * @see org.owasp.esapi.Encoder
+ */
+public class JSONCodec extends AbstractIntegerCodec {
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Escape special characters in JSON strings.
+     *
+     * encodeCharacter will escape the characters Backspace (\b), Form Feed (\f),
+     * Carriage Return (\r), Line Feed (\n), Tab (\t), Double Quote (") and Backslash (\).
+     * If the character is a control character (U+0000 through U+001f), then it will be
+     * Unicode encoded (\u0000 through \u001f). If the character is not special or in the
+     * user supplied immune list, then the character is returned unescaped. If the
+     * character is null then an empty string is returned.
+     *
+     * WARNING: This method will silently discard an invalid code point according to
+     * the result of {@code Character.isValidCodePoint( int )} method.
+     *
+     * @param immune character array of whitelist characters which should not be encoded
+     * @param c the character to encode if not in the immune list
+     * @return encoded character if the character is special, and the character otherwise.
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+        if ( c == null ) {
+            return "";
+        }
+
+        return encodeCharacter(immune, charToCodepoint( c ));
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Escape special characters in JSON strings.
+     *
+     * encodeCharacter will escape the characters Backspace (\b), Form Feed (\f),
+     * Carriage Return (\r), Line Feed (\n), Tab (\t), Double Quote (") and Backslash (\).
+     * If the character is a control character (U+0000 through U+001f), then it will be
+     * Unicode encoded (\u0000 through \u001f). If the character is not special or in the
+     * user supplied immune list, then the character is returned unescaped. If the
+     * character is null then an empty string is returned.
+     *
+     * WARNING: This method will silently discard an invalid code point according to
+     * the result of {@code Character.isValidCodePoint( int )} method.
+     *
+     * @param immune character array of whitelist characters which should not be encoded
+     * @param codePoint the character codepoint to encode if not in the immune list
+     * @return encoded character if the character is special, and the character otherwise.
+     */
+    public String encodeCharacter( char[] immune, int codePoint )
+        throws IllegalArgumentException {
+
+        // Per the docs for HTMLEntityCodec: "WARNING: This method will silently discard
+        // invalid code points per the call to Character.isValidCodePoint( int ) method.
+
+        // WARNING!! Character based Codecs will only handle the byte range of 0-65535 (0x0-0xffff).
+        // Passing any data represented by a higher numerical value will result in a downcast thus
+        // destroying the original data with undefined results.
+        if ( Character.isValidCodePoint( codePoint ) == false ) {
+            // throw new IllegalArgumentException( "Invalid codepoint '" + String.format("0x%04X", codePoint) + "'." );
+            return "";
+        }
+
+        if ( immune != null ) {
+            // More efficient than sort and binary search. If the immune array
+            // was presorted, then this could be O(log n). But we can't add the
+            // precondition now. It is too late in the game.
+            for ( Character ch : immune ) {
+                if ( charToCodepoint( ch ) == codePoint ) {
+                    return new String(Character.toChars(codePoint));
+                }
+            }
+        }
+
+        // Per the RFC... Two-character sequence escape representations of some
+        // popular characters
+        switch ( codePoint ) {
+            case '\b': return "\\b";
+            case '\f': return "\\f";
+            case '\r': return "\\r";
+            case '\n': return "\\n";
+            case '\t': return "\\t";
+            case '"':  return "\\\"";
+            case '/':  return  "\\/";
+            case '\\': return "\\\\";
+        }
+
+        // Per the RFC... All Unicode characters may be placed within the
+        // quotation marks, except for the characters that MUST be escaped:
+        // quotation mark, reverse solidus, and the control characters
+        // (U+0000 through U+001F).
+        if ( codePoint <=  0x1f ) {
+
+            return String.format("\\u%04x", codePoint);
+        }
+
+        return new String(Character.toChars(codePoint));
+    }
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Decodes special characters in encoded JSON strings.
+     *
+     * decodeCharacter will decode the encoded character sequences for popular characters
+     * Backspace (\b), Form Feed (\f), Carriage Return (\r), Line Feed (\n), Tab (\t),
+     * Double Quote ("), Forward slash (/) and Backslash (\). The function will also decode
+     * six-character sequences of \u0000 - \uffff. If the character is not encoded then a
+     * null character is returned.
+     *
+     * @param input a character sequence to decode
+     * @return the decoded version of the encoded character starting at index,
+     *     or null otherwise
+     *
+     * @throws IllegalArgumentException
+     *     if an invalid character sequence is encountered
+     */
+    public Integer decodeCharacter( PushbackSequence<Integer> input )
+            throws IllegalArgumentException {
+
+        input.mark();
+
+        Integer first = input.next(), second = null;
+
+        //Ensure both first and second characters are not null before attempting to decode.
+        if ( first == null || first.intValue() != '\\' ) {
+            input.reset();
+            return null;
+        }
+        if ( (second = input.next()) == null ) {
+            throw new IllegalArgumentException( "Invalid JSON escape representation");
+        }
+
+        Integer decodedRef = null;
+
+        // Per the RFC... Two-character sequence escape representations of some popular characters
+        switch ( second.intValue() ) {
+        case 'b':
+            decodedRef = (int)'\b';
+            break;
+        case 'f':
+            decodedRef = (int)'\f';
+            break;
+        case 'r':
+            decodedRef = (int)'\r';
+            break;
+        case 'n':
+            decodedRef = (int)'\n';
+            break;
+        case 't':
+            decodedRef = (int)'\t';
+            break;
+        case '"':
+            decodedRef = (int)'\"';
+            break;
+        case '/':
+            decodedRef =  (int)'/';
+            break;
+        case '\\':
+            decodedRef = (int)'\\';
+            break;
+        case 'u':
+            // Per the RFC... All characters may be escaped as a six-character sequence: a reverse solidus,
+            // followed by the lowercase letter u, followed by four hexadecimal digits that encode the
+            // character's code point. The hexadecimal letters A through F can be uppercase or lowercase.
+            // So, for example, a string containing only a single reverse solidus character may be represented
+            // as "\u005C".
+            decodedRef = (convertToInt( input.next() ) << 12) +
+                (convertToInt( input.next() ) <<  8) +
+                (convertToInt( input.next() ) <<  4) +
+                (convertToInt( input.next() ) <<  0);
+            break;
+        default:
+            input.reset();
+            throw new IllegalArgumentException( "Invalid JSON two-character escape representation: " + String.format("'%c%c'", (char) first.intValue(), (char) second.intValue()) );
+        }
+
+        return decodedRef;
+    }
+
+    protected int charToCodepoint( Character ch ) {
+
+        final String s = Character.toString(ch);
+        assert (s.length() == 1) : "Ooops";
+
+        return s.codePointAt(0);
+    }
+
+    protected int convertToInt( Integer hexDigit ) {
+
+        if ( hexDigit == null ) {
+            throw new IllegalArgumentException( "Cannot convert from '<null>' to int." );
+        }
+
+        final int value = Character.digit( hexDigit.intValue(), 16 );
+
+        if ( value < 0 || value >= 16 ) {
+            throw new IllegalArgumentException( "Cannot convert from hexadecimal '" + hexDigit.toString() + "' to int." );
+        }
+
+        return value;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
index 6d128e462..39f2d6406 100644
--- a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
@@ -1,217 +1,220 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for backslash encoding in JavaScript.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class JavaScriptCodec extends Codec {
-
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns backslash encoded numeric format. Does not use backslash character escapes
-	 * such as, \" or \' as these may cause parsing problems. For example, if a javascript
-	 * attribute, such as onmouseover, contains a \" that will close the entire attribute and
-	 * allow an attacker to inject another script attribute.
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-
-		// check for immune characters
-		if ( containsCharacter(c, immune ) ) {
-			return ""+c;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
-		if ( hex == null ) {
-			return ""+c;
-		}
-				
-		// Do not use these shortcuts as they can be used to break out of a context
-		// if ( ch == 0x00 ) return "\\0";
-		// if ( ch == 0x08 ) return "\\b";
-		// if ( ch == 0x09 ) return "\\t";
-		// if ( ch == 0x0a ) return "\\n";
-		// if ( ch == 0x0b ) return "\\v";
-		// if ( ch == 0x0c ) return "\\f";
-		// if ( ch == 0x0d ) return "\\r";
-		// if ( ch == 0x22 ) return "\\\"";
-		// if ( ch == 0x27 ) return "\\'";
-		// if ( ch == 0x5c ) return "\\\\";
-
-		// encode up to 256 with \\xHH
-        String temp = Integer.toHexString(c);
-		if ( c < 256 ) {
-	        String pad = "00".substring(temp.length() );
-	        return "\\x" + pad + temp.toUpperCase();
-		}
-
-		// otherwise encode with \\uHHHH
-        String pad = "0000".substring(temp.length() );
-        return "\\u" + pad + temp.toUpperCase();
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * See http://www.planetpdf.com/codecuts/pdfs/tutorial/jsspec.pdf 
-	 * Formats all are legal both upper/lower case:
-	 *   \\a - special characters
-	 *   \\xHH
-	 *   \\uHHHH
-	 *   \\OOO (1, 2, or 3 digits)
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if (first != '\\' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// \0 collides with the octal decoder and is non-standard
-		// if ( second.charValue() == '0' ) {
-		//	return Character.valueOf( (char)0x00 );
-		if (second == 'b' ) {
-			return 0x08;
-		} else if (second == 't' ) {
-			return 0x09;
-		} else if (second == 'n' ) {
-			return 0x0a;
-		} else if (second == 'v' ) {
-			return 0x0b;
-		} else if (second == 'f' ) {
-			return 0x0c;
-		} else if (second == 'r' ) {
-			return 0x0d;
-		} else if (second == '\"' ) {
-			return 0x22;
-		} else if (second == '\'' ) {
-			return 0x27;
-		} else if (second == '\\' ) {
-			return 0x5c;
-			
-		// look for \\xXX format
-		} else if ( Character.toLowerCase( second.charValue() ) == 'x' ) {
-			// Search for exactly 2 hex digits following
-			StringBuilder sb = new StringBuilder();
-			for ( int i=0; i<2; i++ ) {
-				Character c = input.nextHex();
-				if ( c != null ) sb.append( c );
-				else {
-					input.reset();
-					return null;
-				}
-			}
-			try {
-				// parse the hex digit and create a character
-				int i = Integer.parseInt(sb.toString(), 16);
-                if (Character.isValidCodePoint(i)) {
-                    return (char) i;
-                }
-			} catch( NumberFormatException e ) {
-				// throw an exception for malformed entity?
-				input.reset();
-				return null;
-			}
-			
-		// look for \\uXXXX format
-		} else if ( Character.toLowerCase( second.charValue() ) == 'u') {
-			// Search for exactly 4 hex digits following
-			StringBuilder sb = new StringBuilder();
-			for ( int i=0; i<4; i++ ) {
-				Character c = input.nextHex();
-				if ( c != null ) sb.append( c );
-				else {
-					input.reset();
-					return null;
-				}
-			}
-			try {
-				// parse the hex string and create a character
-				int i = Integer.parseInt(sb.toString(), 16);
-                if (Character.isValidCodePoint(i)) {
-                    return (char) i;
-                }
-			} catch( NumberFormatException e ) {
-				// throw an exception for malformed entity?
-				input.reset();
-				return null;
-			}
-			
-		// look for one, two, or three octal digits
-		} else if ( PushbackString.isOctalDigit(second) ) {
-			StringBuilder sb = new StringBuilder();
-            // get digit 1
-            sb.append(second);
-            
-            // get digit 2 if present
-            Character c2 = input.next();
-            if ( !PushbackString.isOctalDigit(c2) ) {
-            	input.pushback( c2 );
-            } else {
-            	sb.append( c2 );
-	            // get digit 3 if present
-	            Character c3 = input.next();
-	            if ( !PushbackString.isOctalDigit(c3) ) {
-	            	input.pushback( c3 );
-	            } else {
-	            	sb.append( c3 );
-	            }
-            }
-			try {
-				// parse the octal string and create a character
-				int i = Integer.parseInt(sb.toString(), 8);
-                if (Character.isValidCodePoint(i)) {
-                    return (char) i;
-                }
-			} catch( NumberFormatException e ) {
-				// throw an exception for malformed entity?
-				input.reset();
-				return null;
-			}
-		}
-		
-		// ignore the backslash and return the character
-		return second;
-	}
-
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the Codec interface for backslash encoding in JavaScript.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class JavaScriptCodec extends AbstractCharacterCodec {
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns backslash encoded numeric format. Does not use backslash character escapes
+     * such as, \" or \' as these may cause parsing problems. For example, if a javascript
+     * attribute, such as onmouseover, contains a \" that will close the entire attribute and
+     * allow an attacker to inject another script attribute.
+     *
+     * @param immune
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+
+        // check for immune characters
+        if ( containsCharacter(c, immune ) ) {
+            return ""+c;
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric(c);
+        if ( hex == null ) {
+            return ""+c;
+        }
+
+        // Do not use these shortcuts as they can be used to break out of a context
+        // if ( ch == 0x00 ) return "\\0";
+        // if ( ch == 0x08 ) return "\\b";
+        // if ( ch == 0x09 ) return "\\t";
+        // if ( ch == 0x0a ) return "\\n";
+        // if ( ch == 0x0b ) return "\\v";
+        // if ( ch == 0x0c ) return "\\f";
+        // if ( ch == 0x0d ) return "\\r";
+        // if ( ch == 0x22 ) return "\\\"";
+        // if ( ch == 0x27 ) return "\\'";
+        // if ( ch == 0x5c ) return "\\\\";
+
+        // encode up to 256 with \\xHH
+        String temp = Integer.toHexString(c);
+        if ( c < 256 ) {
+            String pad = "00".substring(temp.length() );
+            return "\\x" + pad + temp.toUpperCase();
+        }
+
+        // otherwise encode with \\uHHHH
+        String pad = "0000".substring(temp.length() );
+        return "\\u" + pad + temp.toUpperCase();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     * </p><p>
+     * Formats all are legal both upper/lower case:
+     * <pre>
+     *   \\a - special characters
+     *   \\xHH
+     *   \\uHHHH
+     *   \\OOO (1, 2, or 3 digits)
+     * </pre>
+     */
+    public Character decodeCharacter( PushbackSequence<Character> input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if (first != '\\' ) {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        if ( second == null ) {
+            input.reset();
+            return null;
+        }
+
+        // \0 collides with the octal decoder and is non-standard
+        // if ( second.charValue() == '0' ) {
+        //    return Character.valueOf( (char)0x00 );
+        if (second == 'b' ) {
+            return 0x08;
+        } else if (second == 't' ) {
+            return 0x09;
+        } else if (second == 'n' ) {
+            return 0x0a;
+        } else if (second == 'v' ) {
+            return 0x0b;
+        } else if (second == 'f' ) {
+            return 0x0c;
+        } else if (second == 'r' ) {
+            return 0x0d;
+        } else if (second == '\"' ) {
+            return 0x22;
+        } else if (second == '\'' ) {
+            return 0x27;
+        } else if (second == '\\' ) {
+            return 0x5c;
+
+        // look for \\xXX format
+        } else if ( Character.toLowerCase( second.charValue() ) == 'x' ) {
+            // Search for exactly 2 hex digits following
+            StringBuilder sb = new StringBuilder();
+            for ( int i=0; i<2; i++ ) {
+                Character c = input.nextHex();
+                if ( c != null ) sb.append( c );
+                else {
+                    input.reset();
+                    return null;
+                }
+            }
+            try {
+                // parse the hex digit and create a character
+                int i = Integer.parseInt(sb.toString(), 16);
+                if (Character.isValidCodePoint(i)) {
+                    return (char) i;
+                }
+            } catch( NumberFormatException e ) {
+                // throw an exception for malformed entity?
+                input.reset();
+                return null;
+            }
+
+        // look for \\uXXXX format
+        } else if ( Character.toLowerCase( second.charValue() ) == 'u') {
+            // Search for exactly 4 hex digits following
+            StringBuilder sb = new StringBuilder();
+            for ( int i=0; i<4; i++ ) {
+                Character c = input.nextHex();
+                if ( c != null ) sb.append( c );
+                else {
+                    input.reset();
+                    return null;
+                }
+            }
+            try {
+                // parse the hex string and create a character
+                int i = Integer.parseInt(sb.toString(), 16);
+                if (Character.isValidCodePoint(i)) {
+                    return (char) i;
+                }
+            } catch( NumberFormatException e ) {
+                // throw an exception for malformed entity?
+                input.reset();
+                return null;
+            }
+
+        // look for one, two, or three octal digits
+        } else if ( PushbackString.isOctalDigit(second) ) {
+            StringBuilder sb = new StringBuilder();
+            // get digit 1
+            sb.append(second);
+
+            // get digit 2 if present
+            Character c2 = input.next();
+            if ( !PushbackString.isOctalDigit(c2) ) {
+                input.pushback( c2 );
+            } else {
+                sb.append( c2 );
+                // get digit 3 if present
+                Character c3 = input.next();
+                if ( !PushbackString.isOctalDigit(c3) ) {
+                    input.pushback( c3 );
+                } else {
+                    sb.append( c3 );
+                }
+            }
+            try {
+                // parse the octal string and create a character
+                int i = Integer.parseInt(sb.toString(), 8);
+                if (Character.isValidCodePoint(i)) {
+                    return (char) i;
+                }
+            } catch( NumberFormatException e ) {
+                // throw an exception for malformed entity?
+                input.reset();
+                return null;
+            }
+        }
+
+        // ignore the backslash and return the character
+        input.reset();
+        return null;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
new file mode 100644
index 000000000..240cc2ca7
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
@@ -0,0 +1,557 @@
+/**
+  * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import java.util.HashMap;
+import java.util.Collections;
+import java.util.Map;
+
+/**
+ *
+ * This class is DEPRECATED.  It did not correctly handle encoding of non-BMP
+ * unicode code points.  This class is provided solely for any fatal bugs
+ * not accounted for in the new version and will be removed entirely in
+ * a future release.
+ *
+ * Implementation of the Codec interface for HTML entity encoding.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+@Deprecated
+public class LegacyHTMLEntityCodec extends AbstractCharacterCodec {
+
+    private static final char REPLACEMENT_CHAR = '\ufffd';
+    private static final String REPLACEMENT_HEX = "fffd";
+    private static final String REPLACEMENT_STR = "" + REPLACEMENT_CHAR;
+    private static final Map<Character,String> characterToEntityMap = mkCharacterToEntityMap();
+    private static final Trie<Character> entityToCharacterTrie = mkEntityToCharacterTrie();
+
+    /**
+     * {@inheritDoc}
+     *
+     * Encodes a Character for safe use in an HTML entity field.
+     * @param immune
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+
+        // check for immune characters
+        if ( containsCharacter(c, immune ) ) {
+            return ""+c;
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric(c);
+        if ( hex == null ) {
+            return ""+c;
+        }
+
+        // check for illegal characters
+        if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
+        {
+            hex = REPLACEMENT_HEX;    // Let's entity encode this instead of returning it
+            c = REPLACEMENT_CHAR;
+        }
+
+        // check if there's a defined entity
+        String entityName = characterToEntityMap.get(c);
+        if (entityName != null) {
+            return "&" + entityName + ";";
+        }
+
+        // return the hex entity as suggested in the spec
+        return "&#x" + hex + ";";
+    }
+
+    /**
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Formats all are legal both with and without semi-colon, upper/lower case:
+     *   &#dddd;
+     *   &#xhhhh;
+     *   &name;
+     */
+    public Character decodeCharacter( PushbackString input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if (first != '&' ) {
+            input.reset();
+            return null;
+        }
+
+        // test for numeric encodings
+        Character second = input.next();
+        if ( second == null ) {
+            input.reset();
+            return null;
+        }
+
+        if (second == '#' ) {
+            // handle numbers
+            Character c = getNumericEntity( input );
+            if ( c != null ) return c;
+        } else if ( Character.isLetter( second.charValue() ) ) {
+            // handle entities
+            input.pushback( second );
+            Character c = getNamedEntity( input );
+            if ( c != null ) return c;
+        }
+        input.reset();
+        return null;
+    }
+
+    /**
+     * getNumericEntry checks input to see if it is a numeric entity
+     *
+     * @param input
+     *             The input to test for being a numeric entity
+     *
+     * @return
+     *             null if input is null, the character of input after decoding
+     */
+    private Character getNumericEntity( PushbackString input ) {
+        Character first = input.peek();
+        if ( first == null ) return null;
+
+        if (first == 'x' || first == 'X' ) {
+            input.next();
+            return parseHex( input );
+        }
+        return parseNumber( input );
+    }
+
+    /**
+     * Parse a decimal number, such as those from JavaScript's String.fromCharCode(value)
+     *
+     * @param input
+     *             decimal encoded string, such as 65
+     * @return
+     *             character representation of this decimal value, e.g. A
+     * @throws NumberFormatException
+     */
+    private Character parseNumber( PushbackString input ) {
+        StringBuilder sb = new StringBuilder();
+        while( input.hasNext() ) {
+            Character c = input.peek();
+
+            // if character is a digit then add it on and keep going
+            if ( Character.isDigit( c.charValue() ) ) {
+                sb.append( c );
+                input.next();
+
+            // if character is a semi-colon, eat it and quit
+            } else if (c == ';' ) {
+                input.next();
+                break;
+
+            // otherwise just quit
+            } else {
+                break;
+            }
+        }
+        try {
+            int i = Integer.parseInt(sb.toString());
+            if (Character.isValidCodePoint(i)) {
+                return (char) i;
+            }
+        } catch( NumberFormatException e ) {
+            // throw an exception for malformed entity?
+        }
+            return null;
+        }
+
+    /**
+     * Parse a hex encoded entity
+     *
+     * @param input
+     *             Hex encoded input (such as 437ae;)
+     * @return
+     *             A single character from the string
+     * @throws NumberFormatException
+     */
+    private Character parseHex( PushbackString input ) {
+        StringBuilder sb = new StringBuilder();
+        while( input.hasNext() ) {
+            Character c = input.peek();
+
+            // if character is a hex digit then add it on and keep going
+            if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
+                sb.append( c );
+                input.next();
+
+            // if character is a semi-colon, eat it and quit
+            } else if (c == ';' ) {
+                input.next();
+                break;
+
+            // otherwise just quit
+            } else {
+                break;
+            }
+        }
+        try {
+            int i = Integer.parseInt(sb.toString(), 16);
+            if (Character.isValidCodePoint(i)) {
+                return (char) i;
+            }
+        } catch( NumberFormatException e ) {
+            // throw an exception for malformed entity?
+        }
+            return null;
+        }
+
+    /**
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Formats all are legal both with and without semi-colon, upper/lower case:
+     *   &aa;
+     *   &aaa;
+     *   &aaaa;
+     *   &aaaaa;
+     *   &aaaaaa;
+     *   &aaaaaaa;
+     *
+     * @param input
+     *         A string containing a named entity like &quot;
+     * @return
+     *         Returns the decoded version of the character starting at index, or null if no decoding is possible.
+     */
+    private Character getNamedEntity( PushbackString input ) {
+        StringBuilder possible = new StringBuilder();
+        Map.Entry<CharSequence,Character> entry;
+        int len;
+
+        // kludge around PushbackString....
+        len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
+        for(int i=0;i<len;i++)
+            possible.append(input.next());
+
+        // look up the longest match
+        entry = entityToCharacterTrie.getLongestMatch(possible);
+        if(entry == null) {
+            // We are lowercasing & comparing the result because of this all the upper case named entities are getting converted lowercase named entities.
+            // check is there any exact match https://github.com/ESAPI/esapi-java-legacy/issues/302
+            String possibleString = possible.toString();
+            String possibleStringLowerCase = possibleString.toLowerCase();
+                if(!possibleString.equals(possibleStringLowerCase)) {
+                   Map.Entry<CharSequence,Character> exactEntry = entityToCharacterTrie.getLongestMatch(possibleStringLowerCase);
+                   if(exactEntry != null) entry = exactEntry;
+                }
+                if(entry == null) return null; // no match, caller will reset input
+        }
+
+        // fixup input
+        input.reset();
+        input.next();    // read &
+        len = entry.getKey().length();    // what matched's length
+        for(int i=0;i<len;i++)
+            input.next();
+
+        // check for a trailing semicolen
+        if(input.peek(';'))
+            input.next();
+
+        return entry.getValue();
+    }
+
+    /**
+     * Build a unmodifiable Map from entity Character to Name.
+     * @return Unmodifiable map.
+     */
+    private static synchronized Map<Character,String> mkCharacterToEntityMap()
+    {
+        Map<Character, String> map = new HashMap<Character,String>(252);
+
+        map.put((char)34,    "quot");    /* quotation mark */
+        map.put((char)38,    "amp");        /* ampersand */
+        map.put((char)60,    "lt");        /* less-than sign */
+        map.put((char)62,    "gt");        /* greater-than sign */
+        map.put((char)160,    "nbsp");    /* no-break space */
+        map.put((char)161,    "iexcl");    /* inverted exclamation mark */
+        map.put((char)162,    "cent");    /* cent sign */
+        map.put((char)163,    "pound");    /* pound sign */
+        map.put((char)164,    "curren");    /* currency sign */
+        map.put((char)165,    "yen");        /* yen sign */
+        map.put((char)166,    "brvbar");    /* broken bar */
+        map.put((char)167,    "sect");    /* section sign */
+        map.put((char)168,    "uml");        /* diaeresis */
+        map.put((char)169,    "copy");    /* copyright sign */
+        map.put((char)170,    "ordf");    /* feminine ordinal indicator */
+        map.put((char)171,    "laquo");    /* left-pointing double angle quotation mark */
+        map.put((char)172,    "not");        /* not sign */
+        map.put((char)173,    "shy");        /* soft hyphen */
+        map.put((char)174,    "reg");        /* registered sign */
+        map.put((char)175,    "macr");    /* macron */
+        map.put((char)176,    "deg");        /* degree sign */
+        map.put((char)177,    "plusmn");    /* plus-minus sign */
+        map.put((char)178,    "sup2");    /* superscript two */
+        map.put((char)179,    "sup3");    /* superscript three */
+        map.put((char)180,    "acute");    /* acute accent */
+        map.put((char)181,    "micro");    /* micro sign */
+        map.put((char)182,    "para");    /* pilcrow sign */
+        map.put((char)183,    "middot");    /* middle dot */
+        map.put((char)184,    "cedil");    /* cedilla */
+        map.put((char)185,    "sup1");    /* superscript one */
+        map.put((char)186,    "ordm");    /* masculine ordinal indicator */
+        map.put((char)187,    "raquo");    /* right-pointing double angle quotation mark */
+        map.put((char)188,    "frac14");    /* vulgar fraction one quarter */
+        map.put((char)189,    "frac12");    /* vulgar fraction one half */
+        map.put((char)190,    "frac34");    /* vulgar fraction three quarters */
+        map.put((char)191,    "iquest");    /* inverted question mark */
+        map.put((char)192,    "Agrave");    /* Latin capital letter a with grave */
+        map.put((char)193,    "Aacute");    /* Latin capital letter a with acute */
+        map.put((char)194,    "Acirc");    /* Latin capital letter a with circumflex */
+        map.put((char)195,    "Atilde");    /* Latin capital letter a with tilde */
+        map.put((char)196,    "Auml");    /* Latin capital letter a with diaeresis */
+        map.put((char)197,    "Aring");    /* Latin capital letter a with ring above */
+        map.put((char)198,    "AElig");    /* Latin capital letter ae */
+        map.put((char)199,    "Ccedil");    /* Latin capital letter c with cedilla */
+        map.put((char)200,    "Egrave");    /* Latin capital letter e with grave */
+        map.put((char)201,    "Eacute");    /* Latin capital letter e with acute */
+        map.put((char)202,    "Ecirc");    /* Latin capital letter e with circumflex */
+        map.put((char)203,    "Euml");    /* Latin capital letter e with diaeresis */
+        map.put((char)204,    "Igrave");    /* Latin capital letter i with grave */
+        map.put((char)205,    "Iacute");    /* Latin capital letter i with acute */
+        map.put((char)206,    "Icirc");    /* Latin capital letter i with circumflex */
+        map.put((char)207,    "Iuml");    /* Latin capital letter i with diaeresis */
+        map.put((char)208,    "ETH");        /* Latin capital letter eth */
+        map.put((char)209,    "Ntilde");    /* Latin capital letter n with tilde */
+        map.put((char)210,    "Ograve");    /* Latin capital letter o with grave */
+        map.put((char)211,    "Oacute");    /* Latin capital letter o with acute */
+        map.put((char)212,    "Ocirc");    /* Latin capital letter o with circumflex */
+        map.put((char)213,    "Otilde");    /* Latin capital letter o with tilde */
+        map.put((char)214,    "Ouml");    /* Latin capital letter o with diaeresis */
+        map.put((char)215,    "times");    /* multiplication sign */
+        map.put((char)216,    "Oslash");    /* Latin capital letter o with stroke */
+        map.put((char)217,    "Ugrave");    /* Latin capital letter u with grave */
+        map.put((char)218,    "Uacute");    /* Latin capital letter u with acute */
+        map.put((char)219,    "Ucirc");    /* Latin capital letter u with circumflex */
+        map.put((char)220,    "Uuml");    /* Latin capital letter u with diaeresis */
+        map.put((char)221,    "Yacute");    /* Latin capital letter y with acute */
+        map.put((char)222,    "THORN");    /* Latin capital letter thorn */
+        map.put((char)223,    "szlig");    /* Latin small letter sharp sXCOMMAX German Eszett */
+        map.put((char)224,    "agrave");    /* Latin small letter a with grave */
+        map.put((char)225,    "aacute");    /* Latin small letter a with acute */
+        map.put((char)226,    "acirc");    /* Latin small letter a with circumflex */
+        map.put((char)227,    "atilde");    /* Latin small letter a with tilde */
+        map.put((char)228,    "auml");    /* Latin small letter a with diaeresis */
+        map.put((char)229,    "aring");    /* Latin small letter a with ring above */
+        map.put((char)230,    "aelig");    /* Latin lowercase ligature ae */
+        map.put((char)231,    "ccedil");    /* Latin small letter c with cedilla */
+        map.put((char)232,    "egrave");    /* Latin small letter e with grave */
+        map.put((char)233,    "eacute");    /* Latin small letter e with acute */
+        map.put((char)234,    "ecirc");    /* Latin small letter e with circumflex */
+        map.put((char)235,    "euml");    /* Latin small letter e with diaeresis */
+        map.put((char)236,    "igrave");    /* Latin small letter i with grave */
+        map.put((char)237,    "iacute");    /* Latin small letter i with acute */
+        map.put((char)238,    "icirc");    /* Latin small letter i with circumflex */
+        map.put((char)239,    "iuml");    /* Latin small letter i with diaeresis */
+        map.put((char)240,    "eth");        /* Latin small letter eth */
+        map.put((char)241,    "ntilde");    /* Latin small letter n with tilde */
+        map.put((char)242,    "ograve");    /* Latin small letter o with grave */
+        map.put((char)243,    "oacute");    /* Latin small letter o with acute */
+        map.put((char)244,    "ocirc");    /* Latin small letter o with circumflex */
+        map.put((char)245,    "otilde");    /* Latin small letter o with tilde */
+        map.put((char)246,    "ouml");    /* Latin small letter o with diaeresis */
+        map.put((char)247,    "divide");    /* division sign */
+        map.put((char)248,    "oslash");    /* Latin small letter o with stroke */
+        map.put((char)249,    "ugrave");    /* Latin small letter u with grave */
+        map.put((char)250,    "uacute");    /* Latin small letter u with acute */
+        map.put((char)251,    "ucirc");    /* Latin small letter u with circumflex */
+        map.put((char)252,    "uuml");    /* Latin small letter u with diaeresis */
+        map.put((char)253,    "yacute");    /* Latin small letter y with acute */
+        map.put((char)254,    "thorn");    /* Latin small letter thorn */
+        map.put((char)255,    "yuml");    /* Latin small letter y with diaeresis */
+        map.put((char)338,    "OElig");    /* Latin capital ligature oe */
+        map.put((char)339,    "oelig");    /* Latin small ligature oe */
+        map.put((char)352,    "Scaron");    /* Latin capital letter s with caron */
+        map.put((char)353,    "scaron");    /* Latin small letter s with caron */
+        map.put((char)376,    "Yuml");    /* Latin capital letter y with diaeresis */
+        map.put((char)402,    "fnof");    /* Latin small letter f with hook */
+        map.put((char)710,    "circ");    /* modifier letter circumflex accent */
+        map.put((char)732,    "tilde");    /* small tilde */
+        map.put((char)913,    "Alpha");    /* Greek capital letter alpha */
+        map.put((char)914,    "Beta");    /* Greek capital letter beta */
+        map.put((char)915,    "Gamma");    /* Greek capital letter gamma */
+        map.put((char)916,    "Delta");    /* Greek capital letter delta */
+        map.put((char)917,    "Epsilon");    /* Greek capital letter epsilon */
+        map.put((char)918,    "Zeta");    /* Greek capital letter zeta */
+        map.put((char)919,    "Eta");        /* Greek capital letter eta */
+        map.put((char)920,    "Theta");    /* Greek capital letter theta */
+        map.put((char)921,    "Iota");    /* Greek capital letter iota */
+        map.put((char)922,    "Kappa");    /* Greek capital letter kappa */
+        map.put((char)923,    "Lambda");    /* Greek capital letter lambda */
+        map.put((char)924,    "Mu");        /* Greek capital letter mu */
+        map.put((char)925,    "Nu");        /* Greek capital letter nu */
+        map.put((char)926,    "Xi");        /* Greek capital letter xi */
+        map.put((char)927,    "Omicron");    /* Greek capital letter omicron */
+        map.put((char)928,    "Pi");        /* Greek capital letter pi */
+        map.put((char)929,    "Rho");        /* Greek capital letter rho */
+        map.put((char)931,    "Sigma");    /* Greek capital letter sigma */
+        map.put((char)932,    "Tau");        /* Greek capital letter tau */
+        map.put((char)933,    "Upsilon");    /* Greek capital letter upsilon */
+        map.put((char)934,    "Phi");        /* Greek capital letter phi */
+        map.put((char)935,    "Chi");        /* Greek capital letter chi */
+        map.put((char)936,    "Psi");        /* Greek capital letter psi */
+        map.put((char)937,    "Omega");    /* Greek capital letter omega */
+        map.put((char)945,    "alpha");    /* Greek small letter alpha */
+        map.put((char)946,    "beta");    /* Greek small letter beta */
+        map.put((char)947,    "gamma");    /* Greek small letter gamma */
+        map.put((char)948,    "delta");    /* Greek small letter delta */
+        map.put((char)949,    "epsilon");    /* Greek small letter epsilon */
+        map.put((char)950,    "zeta");    /* Greek small letter zeta */
+        map.put((char)951,    "eta");        /* Greek small letter eta */
+        map.put((char)952,    "theta");    /* Greek small letter theta */
+        map.put((char)953,    "iota");    /* Greek small letter iota */
+        map.put((char)954,    "kappa");    /* Greek small letter kappa */
+        map.put((char)955,    "lambda");    /* Greek small letter lambda */
+        map.put((char)956,    "mu");        /* Greek small letter mu */
+        map.put((char)957,    "nu");        /* Greek small letter nu */
+        map.put((char)958,    "xi");        /* Greek small letter xi */
+        map.put((char)959,    "omicron");    /* Greek small letter omicron */
+        map.put((char)960,    "pi");        /* Greek small letter pi */
+        map.put((char)961,    "rho");        /* Greek small letter rho */
+        map.put((char)962,    "sigmaf");    /* Greek small letter final sigma */
+        map.put((char)963,    "sigma");    /* Greek small letter sigma */
+        map.put((char)964,    "tau");        /* Greek small letter tau */
+        map.put((char)965,    "upsilon");    /* Greek small letter upsilon */
+        map.put((char)966,    "phi");        /* Greek small letter phi */
+        map.put((char)967,    "chi");        /* Greek small letter chi */
+        map.put((char)968,    "psi");        /* Greek small letter psi */
+        map.put((char)969,    "omega");    /* Greek small letter omega */
+        map.put((char)977,    "thetasym");    /* Greek theta symbol */
+        map.put((char)978,    "upsih");    /* Greek upsilon with hook symbol */
+        map.put((char)982,    "piv");        /* Greek pi symbol */
+        map.put((char)8194,    "ensp");    /* en space */
+        map.put((char)8195,    "emsp");    /* em space */
+        map.put((char)8201,    "thinsp");    /* thin space */
+        map.put((char)8204,    "zwnj");    /* zero width non-joiner */
+        map.put((char)8205,    "zwj");        /* zero width joiner */
+        map.put((char)8206,    "lrm");        /* left-to-right mark */
+        map.put((char)8207,    "rlm");        /* right-to-left mark */
+        map.put((char)8211,    "ndash");    /* en dash */
+        map.put((char)8212,    "mdash");    /* em dash */
+        map.put((char)8216,    "lsquo");    /* left single quotation mark */
+        map.put((char)8217,    "rsquo");    /* right single quotation mark */
+        map.put((char)8218,    "sbquo");    /* single low-9 quotation mark */
+        map.put((char)8220,    "ldquo");    /* left double quotation mark */
+        map.put((char)8221,    "rdquo");    /* right double quotation mark */
+        map.put((char)8222,    "bdquo");    /* double low-9 quotation mark */
+        map.put((char)8224,    "dagger");    /* dagger */
+        map.put((char)8225,    "Dagger");    /* double dagger */
+        map.put((char)8226,    "bull");    /* bullet */
+        map.put((char)8230,    "hellip");    /* horizontal ellipsis */
+        map.put((char)8240,    "permil");    /* per mille sign */
+        map.put((char)8242,    "prime");    /* prime */
+        map.put((char)8243,    "Prime");    /* double prime */
+        map.put((char)8249,    "lsaquo");    /* single left-pointing angle quotation mark */
+        map.put((char)8250,    "rsaquo");    /* single right-pointing angle quotation mark */
+        map.put((char)8254,    "oline");    /* overline */
+        map.put((char)8260,    "frasl");    /* fraction slash */
+        map.put((char)8364,    "euro");    /* euro sign */
+        map.put((char)8465,    "image");    /* black-letter capital i */
+        map.put((char)8472,    "weierp");    /* script capital pXCOMMAX Weierstrass p */
+        map.put((char)8476,    "real");    /* black-letter capital r */
+        map.put((char)8482,    "trade");    /* trademark sign */
+        map.put((char)8501,    "alefsym");    /* alef symbol */
+        map.put((char)8592,    "larr");    /* leftwards arrow */
+        map.put((char)8593,    "uarr");    /* upwards arrow */
+        map.put((char)8594,    "rarr");    /* rightwards arrow */
+        map.put((char)8595,    "darr");    /* downwards arrow */
+        map.put((char)8596,    "harr");    /* left right arrow */
+        map.put((char)8629,    "crarr");    /* downwards arrow with corner leftwards */
+        map.put((char)8656,    "lArr");    /* leftwards double arrow */
+        map.put((char)8657,    "uArr");    /* upwards double arrow */
+        map.put((char)8658,    "rArr");    /* rightwards double arrow */
+        map.put((char)8659,    "dArr");    /* downwards double arrow */
+        map.put((char)8660,    "hArr");    /* left right double arrow */
+        map.put((char)8704,    "forall");    /* for all */
+        map.put((char)8706,    "part");    /* partial differential */
+        map.put((char)8707,    "exist");    /* there exists */
+        map.put((char)8709,    "empty");    /* empty set */
+        map.put((char)8711,    "nabla");    /* nabla */
+        map.put((char)8712,    "isin");    /* element of */
+        map.put((char)8713,    "notin");    /* not an element of */
+        map.put((char)8715,    "ni");        /* contains as member */
+        map.put((char)8719,    "prod");    /* n-ary product */
+        map.put((char)8721,    "sum");        /* n-ary summation */
+        map.put((char)8722,    "minus");    /* minus sign */
+        map.put((char)8727,    "lowast");    /* asterisk operator */
+        map.put((char)8730,    "radic");    /* square root */
+        map.put((char)8733,    "prop");    /* proportional to */
+        map.put((char)8734,    "infin");    /* infinity */
+        map.put((char)8736,    "ang");        /* angle */
+        map.put((char)8743,    "and");        /* logical and */
+        map.put((char)8744,    "or");        /* logical or */
+        map.put((char)8745,    "cap");        /* intersection */
+        map.put((char)8746,    "cup");        /* union */
+        map.put((char)8747,    "int");        /* integral */
+        map.put((char)8756,    "there4");    /* therefore */
+        map.put((char)8764,    "sim");        /* tilde operator */
+        map.put((char)8773,    "cong");    /* congruent to */
+        map.put((char)8776,    "asymp");    /* almost equal to */
+        map.put((char)8800,    "ne");        /* not equal to */
+        map.put((char)8801,    "equiv");    /* identical toXCOMMAX equivalent to */
+        map.put((char)8804,    "le");        /* less-than or equal to */
+        map.put((char)8805,    "ge");        /* greater-than or equal to */
+        map.put((char)8834,    "sub");        /* subset of */
+        map.put((char)8835,    "sup");        /* superset of */
+        map.put((char)8836,    "nsub");    /* not a subset of */
+        map.put((char)8838,    "sube");    /* subset of or equal to */
+        map.put((char)8839,    "supe");    /* superset of or equal to */
+        map.put((char)8853,    "oplus");    /* circled plus */
+        map.put((char)8855,    "otimes");    /* circled times */
+        map.put((char)8869,    "perp");    /* up tack */
+        map.put((char)8901,    "sdot");    /* dot operator */
+        map.put((char)8968,    "lceil");    /* left ceiling */
+        map.put((char)8969,    "rceil");    /* right ceiling */
+        map.put((char)8970,    "lfloor");    /* left floor */
+        map.put((char)8971,    "rfloor");    /* right floor */
+        map.put((char)9001,    "lang");    /* left-pointing angle bracket */
+        map.put((char)9002,    "rang");    /* right-pointing angle bracket */
+        map.put((char)9674,    "loz");        /* lozenge */
+        map.put((char)9824,    "spades");    /* black spade suit */
+        map.put((char)9827,    "clubs");    /* black club suit */
+        map.put((char)9829,    "hearts");    /* black heart suit */
+        map.put((char)9830,    "diams");    /* black diamond suit */
+
+        return Collections.unmodifiableMap(map);
+    }
+
+    /**
+     * Build a unmodifiable Trie from entitiy Name to Character
+     * @return Unmodifiable trie.
+     */
+    private static synchronized Trie<Character> mkEntityToCharacterTrie()
+    {
+        Trie<Character> trie = new HashTrie<Character>();
+
+        for(Map.Entry<Character,String> entry : characterToEntityMap.entrySet())
+            trie.put(entry.getValue(),entry.getKey());
+        return Trie.Util.unmodifiable(trie);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 01db4faf5..bd2829521 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -1,264 +1,314 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-
-/**
- * Implementation of the Codec interface for MySQL strings. See http://mirror.yandex.ru/mirrors/ftp.mysql.com/doc/refman/5.0/en/string-syntax.html
- * for more information.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class MySQLCodec extends Codec {
-    /**
-     * Specifies the SQL Mode the target MySQL Server is running with. For details about MySQL Server Modes
-     * please see the Manual at {@link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi}
-     *
-     * Currently the only supported modes are:
-     * ANSI
-     * STANDARD
-     */
-    public static enum Mode {
-        ANSI(1),STANDARD(0);
-
-        private int key;
-        private Mode(int key) { this.key = key; }
-
-        static Mode findByKey(int key) {
-            for ( Mode m : values() ) {
-                if ( m.key == key )
-                    return m;
-            }
-            return null;
-        }
-    }
-
-    /** Target MySQL Server is running in Standard MySQL (Default) mode. */
-    public static final int MYSQL_MODE = 0;
-    /** Target MySQL Server is running in {@link "http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html"} ANSI Mode */
-    public static final int ANSI_MODE = 1;
-	
-	//private int mode = 0;
-    private Mode mode;
-	
-	/**
-	 * Instantiate the MySQL codec
-	 * 
-	 * @param mode
-	 * 			Mode has to be one of {MYSQL_MODE|ANSI_MODE} to allow correct encoding
-     * @deprecated
-     * @see #MySQLCodec(org.owasp.esapi.codecs.MySQLCodec.Mode)
-	 */
-	public MySQLCodec( int mode ) {
-		this.mode = Mode.findByKey(mode);
-	}
-
-    /**
-     * Instantiate the MySQL Codec with the given SQL {@link Mode}.
-     * @param mode The mode the target server is running in
-     */
-    public MySQLCodec( Mode mode ) {
-        this.mode = mode;
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns quote-encoded character
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-		switch( mode ) {
-			case ANSI: return encodeCharacterANSI( c );
-			case STANDARD: return encodeCharacterMySQL( c );
-		}
-		return null;
-	}
-	
-	/**
-	 * encodeCharacterANSI encodes for ANSI SQL. 
-	 * 
-	 * Apostrophe is encoded
-     *
-     * Bug ###: In ANSI Mode Strings can also be passed in using the quotation. In ANSI_QUOTES mode a quotation
-     * is considered to be an identifier, thus cannot be used at all in a value and will be dropped completely.
-	 * 
-	 * @param c 
-	 * 			character to encode
-	 * @return
-	 * 			String encoded to standards of MySQL running in ANSI mode
-	 */
-	private String encodeCharacterANSI( Character c ) {
-		if ( c == '\'' )
-        	return "\'\'";
-        if ( c == '\"' )
-            return "";
-        return ""+c;
-	}
-
-	/**
-	 * Encode a character suitable for MySQL
-	 * 
-	 * @param c
-	 * 			Character to encode
-	 * @return
-	 * 			Encoded Character
-	 */
-	private String encodeCharacterMySQL( Character c ) {
-		char ch = c.charValue();
-		if ( ch == 0x00 ) return "\\0";
-		if ( ch == 0x08 ) return "\\b";
-		if ( ch == 0x09 ) return "\\t";
-		if ( ch == 0x0a ) return "\\n";
-		if ( ch == 0x0d ) return "\\r";
-		if ( ch == 0x1a ) return "\\Z";
-		if ( ch == 0x22 ) return "\\\"";
-		if ( ch == 0x25 ) return "\\%";
-		if ( ch == 0x27 ) return "\\'";
-		if ( ch == 0x5c ) return "\\\\";
-		if ( ch == 0x5f ) return "\\_";
-	    return "\\" + c;
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal (case sensitive)
-	 *   In ANSI_MODE '' decodes to '
-	 *   In MYSQL_MODE \x decodes to x (or a small list of specials)
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		switch( mode ) {
-			case ANSI: return decodeCharacterANSI( input );
-			case STANDARD: return decodeCharacterMySQL( input );
-		}
-		return null;
-	}
-
-	/**
-	 * decodeCharacterANSI decodes the next character from ANSI SQL escaping
-	 *  
-	 * @param input
-	 * 			A PushBackString containing characters you'd like decoded
-	 * @return
-	 * 			A single character, decoded
-	 */
-	private Character decodeCharacterANSI( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( second.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-		return( Character.valueOf( '\'' ) );
-	}
-
-	/**
-	 * decodeCharacterMySQL decodes all the potential escaped characters that MySQL is prepared to escape
-	 * 
-	 * @param input
-	 * 			A string you'd like to be decoded
-	 * @return
-	 * 			A single character from that string, decoded.
-	 */
-	private Character decodeCharacterMySQL( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\\' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		if ( second.charValue() == '0' ) {
-			return Character.valueOf( (char)0x00 );
-		} else if ( second.charValue() == 'b' ) {
-			return Character.valueOf( (char)0x08 );
-		} else if ( second.charValue() == 't' ) {
-			return Character.valueOf( (char)0x09 );
-		} else if ( second.charValue() == 'n' ) {
-			return Character.valueOf( (char)0x0a );
-		} else if ( second.charValue() == 'r' ) {
-			return Character.valueOf( (char)0x0d );
-		} else if ( second.charValue() == 'z' ) {
-			return Character.valueOf( (char)0x1a );
-		} else if ( second.charValue() == '\"' ) {
-			return Character.valueOf( (char)0x22 );
-		} else if ( second.charValue() == '%' ) {
-			return Character.valueOf( (char)0x25 );
-		} else if ( second.charValue() == '\'' ) {
-			return Character.valueOf( (char)0x27 );
-		} else if ( second.charValue() == '\\' ) {
-			return Character.valueOf( (char)0x5c );
-		} else if ( second.charValue() == '_' ) {
-			return Character.valueOf( (char)0x5f );
-		} else {
-			return second;
-		}
-	}
-
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+
+/**
+ * Codec implementation which can be used to escape string literals in MySQL.
+ * This function will only protect you from SQLi in limited situations.
+ * To improve your chances of success, you made also need to do some
+ * additional canonicalization and input validation first. Before using this class,
+ * please be sure to read the "SECURITY WARNING" in
+ * {@link org.owasp.esapi.Encoder#encodeForSQL}
+ * before using this particular {@link org.owasp.esapi.codecs.Codec} and raising your hope of finding
+ * a silver bullet to kill all the SQLi werewolves.
+ * </p><p>
+ * This implementation accepts 2 {@code org.owasp.esapi.codes.MySQLCodec.Mode}s as identified
+ * by the OWASP recommended escaping strategies:
+ * <ul>
+ * <li><b>ANSI</b> <br>
+ * Simply encode all ' (single tick) characters with '' (two single ticks)</li>
+ * <br>
+ * <li><b>Standard</b>
+ *
+ * <pre>
+ *   NUL (0x00) --&gt; \0  [This is a zero, not the letter O]
+ *   BS  (0x08) --&gt; \b
+ *   TAB (0x09) --&gt; \t
+ *   LF  (0x0a) --&gt; \n
+ *   CR  (0x0d) --&gt; \r
+ *   SUB (0x1a) --&gt; \Z
+ *   "   (0x22) --&gt; \"
+ *   %   (0x25) --&gt; \%
+ *   '   (0x27) --&gt; \'
+ *   \   (0x5c) --&gt; \\
+ *   _   (0x5f) --&gt; \_
+ *   <br>
+ *   all other non-alphanumeric characters with ASCII values less than 256 --&gt; \c
+ *   where 'c' is the original non-alphanumeric character.
+ * </pre>
+ *
+ * </li>
+ *
+ * </ul>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com)
+ *         <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ *
+ * <a href= "https://dev.mysql.com/doc/refman/8.0/en/string-literals.html">MySQL 8.0 String Literals</a>
+ * <a href= "https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping">OWASP
+ *      SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping</a>
+ * @see <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf">
+ *              ESAPI Security Bulletin #13</a>
+ * @deprecated  This class is considered dangerous and not easily made safe and thus under strong
+ *              consideration to be removed within 1 years time after the 2.7.0.0 release. Please
+ *              see the referenced ESAPI Security Bulletin #13 for further details.
+ */
+@Deprecated
+public class MySQLCodec extends AbstractCharacterCodec {
+    /**
+     * Specifies the SQL Mode the target MySQL Server is running with. For details about MySQL Server Modes
+     * please see the Manual at
+     * @link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi
+     *
+     * Currently, the only supported modes are:
+     * ANSI
+     * STANDARD
+     */
+    public static enum Mode {
+        ANSI(1),STANDARD(0);
+
+        private int key;
+        private Mode(int key) { this.key = key; }
+
+        static Mode findByKey(int key) {
+            for ( Mode m : values() ) {
+                if ( m.key == key )
+                    return m;
+            }
+            String message = String.format("No Mode for %s. Valid references are MySQLStandard: %s or ANSI: %s", key, MYSQL_MODE, ANSI_MODE);
+            throw new IllegalArgumentException(message);
+        }
+    }
+
+    /** Target MySQL Server is running in Standard MySQL (Default) mode. */
+    public static final int MYSQL_MODE = 0;
+
+    /**
+     * Target MySQL Server is running in ANSI_QUOTES Mode
+     *
+     * @see <a href=
+     *      "https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sqlmode_ansi_quotes">
+     *      https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sqlmode_ansi_quotes</a>
+     */
+    public static final int ANSI_MODE = 1;
+
+    //private int mode = 0;
+    private Mode mode;
+
+    /**
+     * Instantiate the MySQL codec
+     *
+     * @param mode
+     *             Mode has to be one of {MYSQL_MODE|ANSI_MODE} to allow correct encoding
+     * @deprecated
+     * @see #MySQLCodec(org.owasp.esapi.codecs.MySQLCodec.Mode)
+     */
+    @Deprecated
+    public MySQLCodec( int mode ) {
+        this.mode = Mode.findByKey(mode);
+    }
+
+    /**
+     * Instantiate the MySQL Codec with the given SQL {@link Mode}.
+     * @param mode The mode the target server is running in
+     */
+    public MySQLCodec( Mode mode ) {
+        this.mode = mode;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+        char ch = c.charValue();
+
+        // check for immune characters
+        if ( containsCharacter( ch, immune ) ) {
+            return ""+ch;
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric( ch );
+        if ( hex == null ) {
+            return ""+ch;
+        }
+
+
+        switch( mode ) {
+            case ANSI: return encodeCharacterANSI( c );
+            case STANDARD: return encodeCharacterMySQL( c );
+            default: return null;
+        }
+    }
+
+    /**
+     * encodeCharacterANSI encodes for ANSI SQL.
+     *
+     * Apostrophe is encoded
+     *
+     * Bug ###: In ANSI Mode Strings can also be passed in using the quotation. In ANSI_QUOTES mode a quotation
+     * is considered to be an identifier, thus cannot be used at all in a value and will be dropped completely.
+     *
+     * @param c
+     *             character to encode
+     * @return
+     *             String encoded to standards of MySQL running in ANSI mode
+     */
+    private String encodeCharacterANSI( Character c ) {
+        if ( c == '\'' )
+            return "\'\'";
+
+        return ""+c;
+    }
+
+    /**
+     * Encode a character suitable for MySQL
+     *
+     * @param c
+     *             Character to encode
+     * @return
+     *             Encoded Character
+     */
+    private String encodeCharacterMySQL( Character c ) {
+        char ch = c.charValue();
+        if ( ch == 0x00 ) return "\\0";
+        if ( ch == 0x08 ) return "\\b";
+        if ( ch == 0x09 ) return "\\t";
+        if ( ch == 0x0a ) return "\\n";
+        if ( ch == 0x0d ) return "\\r";
+        if ( ch == 0x1a ) return "\\Z";
+        if ( ch == 0x22 ) return "\\\"";
+        if ( ch == 0x25 ) return "\\%";
+        if ( ch == 0x27 ) return "\\'";
+        if ( ch == 0x5c ) return "\\\\";
+        if ( ch == 0x5f ) return "\\_";
+        return "\\" + c;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Formats all are legal (case-sensitive)
+     *   In ANSI_MODE '' decodes to '
+     *   In MYSQL_MODE \x decodes to x (or a small list of specials)
+     */
+    public Character decodeCharacter( PushbackSequence<Character> input ) {
+        switch( mode ) {
+            case ANSI: return decodeCharacterANSI( input );
+            case STANDARD: return decodeCharacterMySQL( input );
+            default: return null;
+        }
+    }
+
+    /**
+     * decodeCharacterANSI decodes the next character from ANSI SQL escaping
+     *
+     * @param input
+     *             A PushBackString containing characters you'd like decoded
+     * @return
+     *             A single character, decoded
+     */
+    private Character decodeCharacterANSI( PushbackSequence<Character>  input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( first.charValue() != '\'' ) {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        if ( second == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( second.charValue() != '\'' ) {
+            input.reset();
+            return null;
+        }
+        return( Character.valueOf( '\'' ) );
+    }
+
+    /**
+     * decodeCharacterMySQL decodes all the potential escaped characters that MySQL is prepared to escape
+     *
+     * @param input
+     *             A string you'd like to be decoded
+     * @return
+     *             A single character from that string, decoded.
+     */
+    private Character decodeCharacterMySQL( PushbackSequence<Character> input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( first.charValue() != '\\' ) {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        if ( second == null ) {
+            input.reset();
+            return null;
+        }
+
+        if ( second.charValue() == '0' ) {
+            return Character.valueOf( (char)0x00 );
+        } else if ( second.charValue() == 'b' ) {
+            return Character.valueOf( (char)0x08 );
+        } else if ( second.charValue() == 't' ) {
+            return Character.valueOf( (char)0x09 );
+        } else if ( second.charValue() == 'n' ) {
+            return Character.valueOf( (char)0x0a );
+        } else if ( second.charValue() == 'r' ) {
+            return Character.valueOf( (char)0x0d );
+        } else if ( second.charValue() == 'Z' ) {
+            return Character.valueOf( (char)0x1a );
+        } else if ( second.charValue() == '\"' ) {
+            return Character.valueOf( (char)0x22 );
+        } else if ( second.charValue() == '%' ) {
+            return Character.valueOf( (char)0x25 );
+        } else if ( second.charValue() == '\'' ) {
+            return Character.valueOf( (char)0x27 );
+        } else if ( second.charValue() == '\\' ) {
+            return Character.valueOf( (char)0x5c );
+        } else if ( second.charValue() == '_' ) {
+            return Character.valueOf( (char)0x5f );
+        } else {
+            return second;
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
index 953fece04..2746f9137 100644
--- a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
@@ -1,90 +1,118 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-
-/**
- * Implementation of the Codec interface for Oracle strings. This function will only protect you from SQLi in the case of user data
- * bring placed within an Oracle quoted string such as:
- * 
- * select * from table where user_name='  USERDATA    ';
- * 
- * @see <a href="http://oraqa.com/2006/03/20/how-to-escape-single-quotes-in-strings/">how-to-escape-single-quotes-in-strings</a>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class OracleCodec extends Codec {
-
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Encodes ' to ''
-     *
-	 * Encodes ' to ''
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		if ( c.charValue() == '\'' )
-        	return "\'\'";
-        return ""+c;
-	}
-	
-
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 *
-	 * Formats all are legal
-	 *   '' decodes to '
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( second.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-		return( Character.valueOf( '\'' ) );
-	}
-
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+
+/**
+ * Implementation of the {@link org.owasp.esapi.codecs.Codec} interface for Oracle DB strings. 
+ * This function will only protect you from SQLi in limited situations.
+ * To improve your chances of success, you may also need to do some
+ * additional canonicalization and input validation first. Before using this class,
+ * please be sure to read the "<b>SECURITY WARNING</b>" in
+ * {@link org.owasp.esapi.Encoder#encodeForSQL}
+ * before using this particular {@link org.owasp.esapi.codecs.Codec} and raising your hope of finding
+ * a silver bullet to kill all the SQLi werewolves.
+ * </p><p>
+ * <b>CAUTION:</b> This class has some known issues. During the investigation of
+ * CVE-2025-5878, it was discovered that since this class' inception in
+ * 2007, that Oracle databases also use \ (backslash) as a default escape char.
+ * That was fundamental in the vulnerability, since the escape character itself
+ * was not being escaped. We had originally planned to address this, but while
+ * researching the issue, we discovered that not only was there a new default
+ * escape character for Oracle SQL*Plus, but that developers could actually
+ * override the default to a character of their choosing. (For details see
+ * <a href="https://www.oreilly.com/library/view/oracle-sqlplus-the/0596007469/re62.html">SET ESCAPE</a>
+ * and <a href="https://techjourney.net/how-to-escape-characters-in-oracle-plsql-queries/">
+ * How to Escape Characters in Oracle PL/SQL Queries</a>.) The second instance is
+ * especially scary, since it illustrates how a developer can potentially can
+ * the default escape character as part of an ordinary SQL statement. We
+ * realized that there is no way we can defend against this, so it seemed
+ * pointless to even bother to try to quote default escape character passed in
+ * as input when {@code OracleCodec} is used with the {@code Encoder.encodeForSQL}
+ * interface. Therefore, you really should not use this, but if dead set in
+ * still using this leg canon, it;s on you. You have been warned.
+ * </p>
+ * @see org.owasp.esapi.Encoder
+ * @see <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin13.pdf">
+ *              ESAPI Security Bulletin #13</a>
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @since June 1, 2007
+ * @see <a href="http://oraqa.com/2006/03/20/how-to-escape-single-quotes-in-strings/">how-to-escape-single-quotes-in-strings</a>
+ * @deprecated  This class is considered dangerous and not easily made safe and thus under strong
+ *              consideration to be removed within 1 years time after the 2.7.0.0 release. Please
+ *              see the referenced ESAPI Security Bulletin #13 for further details.
+ */
+@Deprecated
+public class OracleCodec extends AbstractCharacterCodec {
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Encodes ' to ''
+     *
+     * Encodes ' to ''
+     *
+     * @param immune
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+        if ( c.charValue() == '\'' )
+            return "\'\'";
+        return ""+c;
+    }
+
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Formats all are legal
+     *   '' decodes to '
+     */
+    public Character decodeCharacter( PushbackSequence<Character> input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( first.charValue() != '\'' ) {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        if ( second == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( second.charValue() != '\'' ) {
+            input.reset();
+            return null;
+        }
+        return( Character.valueOf( '\'' ) );
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
index 307da471a..5775055bb 100644
--- a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -1,154 +1,164 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Set;
-
-import org.owasp.esapi.util.CollectionsUtil;
-
-/**
- * Implementation of the Codec interface for percent encoding (aka URL encoding).
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class PercentCodec extends Codec
-{
-	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-	@SuppressWarnings("unused")
-	private static final String RFC3986_RESERVED_STR = ":/?#[]@!$&'()*+,;=";
-	private static final String RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR = "-._~";
-		// rfc3986 2.3: For consistency, percent-encoded octets
-		// in the ranges of ALPHA (%41-%5A and %61-%7A), DIGIT
-		// (%30-%39), hyphen (%2D), period (%2E), underscore
-		// (%5F), or tilde (%7E) should not be created by URI
-		// producers
-	private static final boolean ENCODED_NON_ALPHA_NUMERIC_UNRESERVED = true;
-	private static final String UNENCODED_STR = ALPHA_NUMERIC_STR +
-		(ENCODED_NON_ALPHA_NUMERIC_UNRESERVED ? "" : RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR);
-	private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
-
-	/**
-	 * Convinence method to encode a string into UTF-8. This
-	 * wraps the {@link UnsupportedEncodingException} that
-	 * {@link String#getBytes(String)} throws in a
-	 * {@link IllegalStateException} as UTF-8 support is required
-	 * by the Java spec and should never throw this exception.
-	 * @param str the string to encode
-	 * @return str encoded in UTF-8 as bytes.
-	 * @throws IllegalStateException wrapped {@link
-	 *	UnsupportedEncodingException} if
-	 *	{@link String.getBytes(String)} throws it.
-	 */
-	private static byte[] toUtf8Bytes(String str)
-	{
-		try
-		{
-			return str.getBytes("UTF-8");
-		}
-		catch(UnsupportedEncodingException e)
-		{
-			throw new IllegalStateException("The Java spec requires UTF-8 support.", e);
-		}
-	}
-
-	/**
-	 * Append the two upper case hex characters for a byte.
-	 * @param sb The string buffer to append to.
-	 * @param b The byte to hexify
-	 * @return sb with the hex characters appended.
-	 */
-	// rfc3986 2.1: For consistency, URI producers 
-	// should use uppercase hexadecimal digits for all percent-
-	// encodings.
-	private static StringBuilder appendTwoUpperHex(StringBuilder sb, int b)
-	{
-		if(b < Byte.MIN_VALUE || b > Byte.MAX_VALUE)
-			throw new IllegalArgumentException("b is not a byte (was " + b + ')');
-		b &= 0xFF;
-		if(b<0x10)
-			sb.append('0');
-		return sb.append(Integer.toHexString(b).toUpperCase());
-	}
-
-	/**
-	 * Encode a character for URLs
-	 * @param immune characters not to encode
-	 * @param c character to encode
-	 * @return the encoded string representing c
-	 */
-	public String encodeCharacter( char[] immune, Character c )
-	{
-		String cStr = String.valueOf(c.charValue());
-		byte[] bytes;
-		StringBuilder sb;
-
-		if(UNENCODED_SET.contains(c))
-			return cStr;
-
-		bytes = toUtf8Bytes(cStr);
-		sb = new StringBuilder(bytes.length * 3);
-		for(byte b : bytes)
-			appendTwoUpperHex(sb.append('%'), b);
-		return sb.toString();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Formats all are legal both upper/lower case:
-	 *   %hh;
-	 *   
-	 * @param input
-	 * 			encoded character using percent characters (such as URL encoding)
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-		if (first != '%' ) {
-			input.reset();
-			return null;
-		}
-
-		// Search for exactly 2 hex digits following
-		StringBuilder sb = new StringBuilder();
-		for ( int i=0; i<2; i++ ) {
-			Character c = input.nextHex();
-			if ( c != null ) sb.append( c );
-		}
-		if ( sb.length() == 2 ) {
-			try {
-				// parse the hex digit and create a character
-				int i = Integer.parseInt(sb.toString(), 16);
-				if (Character.isValidCodePoint(i)) {
-					return (char) i;
-				}
-			} catch( NumberFormatException ignored ) { }
-		}
-		input.reset();
-		return null;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Set;
+
+import org.owasp.esapi.util.CollectionsUtil;
+
+/**
+ * Implementation of the Codec interface for percent encoding (aka URL encoding).
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class PercentCodec extends AbstractCharacterCodec
+{
+    private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+    @SuppressWarnings("unused")
+    private static final String RFC3986_RESERVED_STR = ":/?#[]@!$&'()*+,;=";
+    private static final String RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR = "-._~";
+        // rfc3986 2.3: For consistency, percent-encoded octets
+        // in the ranges of ALPHA (%41-%5A and %61-%7A), DIGIT
+        // (%30-%39), hyphen (%2D), period (%2E), underscore
+        // (%5F), or tilde (%7E) should not be created by URI
+        // producers
+    private static final boolean ENCODED_NON_ALPHA_NUMERIC_UNRESERVED = true;
+    private static final String UNENCODED_STR = ALPHA_NUMERIC_STR +
+        (ENCODED_NON_ALPHA_NUMERIC_UNRESERVED ? "" : RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR);
+    private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
+
+    /**
+     * Convinence method to encode a string into UTF-8. This
+     * wraps the {@link UnsupportedEncodingException} that
+     * {@link String#getBytes(String)} throws in a
+     * {@link IllegalStateException} as UTF-8 support is required
+     * by the Java spec and should never throw this exception.
+     * @param str the string to encode
+     * @return str encoded in UTF-8 as bytes.
+     * @throws IllegalStateException wrapped {@link
+     *    UnsupportedEncodingException} if
+     *    {@link String.getBytes(String)} throws it.
+     */
+    private static byte[] toUtf8Bytes(String str)
+    {
+        try
+        {
+            return str.getBytes("UTF-8");
+        }
+        catch(UnsupportedEncodingException e)
+        {
+            throw new IllegalStateException("The Java spec requires UTF-8 support.", e);
+        }
+    }
+
+    /**
+     * Append the two upper case hex characters for a byte.
+     * @param sb The string buffer to append to.
+     * @param b The byte to hexify
+     * @return sb with the hex characters appended.
+     */
+    // rfc3986 2.1: For consistency, URI producers
+    // should use uppercase hexadecimal digits for all percent-
+    // encodings.
+    private static StringBuilder appendTwoUpperHex(StringBuilder sb, int b)
+    {
+        if(b < Byte.MIN_VALUE || b > Byte.MAX_VALUE)
+            throw new IllegalArgumentException("b is not a byte (was " + b + ')');
+        b &= 0xFF;
+        if(b<0x10)
+            sb.append('0');
+        return sb.append(Integer.toHexString(b).toUpperCase());
+    }
+
+    /**
+     * Encode a character for URLs
+     * @param immune Additional characters not to encode. Note this could
+     *               break URL encoding as referenced in RFC 3986. You should
+     *               especially be wary of including '%' in this list of immune
+     *               characters since it is used as the "escape" character for
+     *               the hex encoding and including it may result in subsequent
+     *               and/or dangerous results when decoding.
+     * @param c character to encode
+     * @return the encoded string representing c
+     */
+    public String encodeCharacter( char[] immune, Character c )
+    {
+        String cStr = String.valueOf(c.charValue());
+        byte[] bytes;
+        StringBuilder sb;
+
+        // check for user specified immune characters
+        if ( immune != null && containsCharacter( c.charValue(), immune ) )
+            return cStr;
+
+        // check for standard characters (e.g., alphanumeric, etc.)
+        if(UNENCODED_SET.contains(c))
+            return cStr;
+
+        bytes = toUtf8Bytes(cStr);
+        sb = new StringBuilder(bytes.length * 3);
+        for(byte b : bytes)
+            appendTwoUpperHex(sb.append('%'), b);
+        return sb.toString();
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Formats all are legal both upper/lower case:
+     *   %hh;
+     *
+     * @param input
+     *             encoded character using percent characters (such as URL encoding)
+     */
+    public Character decodeCharacter( PushbackSequence<Character> input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if (first != '%' ) {
+            input.reset();
+            return null;
+        }
+
+        // Search for exactly 2 hex digits following
+        StringBuilder sb = new StringBuilder();
+        for ( int i=0; i<2; i++ ) {
+            Character c = input.nextHex();
+            if ( c != null ) sb.append( c );
+        }
+        if ( sb.length() == 2 ) {
+            try {
+                // parse the hex digit and create a character
+                int i = Integer.parseInt(sb.toString(), 16);
+                if (Character.isValidCodePoint(i)) {
+                    return (char) i;
+                }
+            } catch( NumberFormatException ignored ) { }
+        }
+        input.reset();
+        return null;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
new file mode 100644
index 000000000..4f0847f1e
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
@@ -0,0 +1,136 @@
+package org.owasp.esapi.codecs;
+
+
+/**
+ * The pushback string is used by Codecs to allow them to push decoded characters back onto a string
+ * for further decoding. This is necessary to detect double-encoding.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class PushBackSequenceImpl extends AbstractPushbackSequence<Integer>{
+    /**
+     *
+     * @param input
+     */
+    public PushBackSequenceImpl( String input ) {
+        super(input);
+    }
+
+    /**
+     *
+     * @return The next value in this Sequence, as an Integer.
+     */
+    public Integer next() {
+        if ( pushback != null ) {
+            Integer save = pushback;
+            pushback = null;
+            return save;
+        }
+        if ( input == null ) return null;
+        if ( input.length() == 0 ) return null;
+        if ( index >= input.length() ) return null;
+        final Integer point = input.codePointAt(index);
+        index += Character.charCount(point);
+        return point;
+    }
+
+    /**
+    *
+    * @return The next value in this Sequence, as an Integer if it is a hex digit. Null otherwise.
+    */
+   public Integer nextHex() {
+        Integer c = next();
+        if ( c == null ) return null;
+        if ( isHexDigit( c ) ) return c;
+        return null;
+    }
+
+   /**
+   *
+   * @return The next value in this Sequence, as an Integer if it is an octal digit. Null otherwise.
+   */
+  public Integer nextOctal() {
+        Integer c = next();
+        if ( c == null ) return null;
+        if ( isOctalDigit( c ) ) return c;
+        return null;
+    }
+
+      /**
+      * Returns true if the parameter character is a hexadecimal digit 0 through 9, a through f, or A through F.
+      * @param c
+      * @return true if it is a hexadecimal digit, false otherwise.
+      */
+     public static boolean isHexDigit( Integer c ) {
+        if ( c == null ) return false;
+        Integer ch = Integer.valueOf(c);
+        return (ch >= '0' && ch <= '9' ) || (ch >= 'a' && ch <= 'f' ) || (ch >= 'A' && ch <= 'F' );
+    }
+
+     /**
+     * Returns true if the parameter character is an octal digit 0 through 7.
+     * @param c
+     * @return true if it is an octal digit, false otherwise.
+     */
+    public static boolean isOctalDigit( Integer c ) {
+        if ( c == null ) return false;
+        Integer ch = Integer.valueOf(c);
+        return ch >= '0' && ch <= '7';
+    }
+
+    /**
+     * Return the next codePoint without affecting the current index.
+     * @return the next codePoint
+     */
+    public Integer peek() {
+        if ( pushback != null ) return pushback;
+        if ( input == null ) return null;
+        if ( input.length() == 0 ) return null;
+        if ( index >= input.length() ) return null;
+        return input.codePointAt(index);
+    }
+
+    /**
+     * Test to see if the next codePoint is a particular value without affecting the current index.
+     * @param c
+     * @return if the next value is equal to the supplied value.
+     */
+    public boolean peek( Integer c ) {
+        if ( pushback != null && pushback.intValue() == c ) return true;
+        if ( input == null ) return false;
+        if ( input.length() == 0 ) return false;
+        if ( index >= input.length() ) return false;
+        return input.codePointAt(index) == c;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void mark() {
+        temp = pushback;
+        mark = index;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void reset() {
+        pushback = temp;
+        index = mark;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String remainder() {
+        String output = input.substring( index );
+        if ( pushback != null ) {
+            output = pushback + output;
+        }
+        return output;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
new file mode 100644
index 000000000..d2edcb652
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
@@ -0,0 +1,89 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ *
+ */
+package org.owasp.esapi.codecs;
+
+public interface PushbackSequence<T> {
+
+    /**
+     *
+     * @param c
+     */
+    void pushback(T c);
+
+    /**
+     * Get the current index of the PushbackString. Typically used in error messages.
+     * @return The current index of the PushbackSequence.
+     */
+    int index();
+
+    /**
+     * Determine if this sequence has another element.
+     *
+     * @return True if there is another element in this sequence. False otherwise.
+     */
+    boolean hasNext();
+
+    /**
+     * Return the next element in the Sequence and increment the current index.
+     * @return The next element in the Sequence.
+     */
+    T next();
+
+    /**
+     * Return the next element in the Sequence in Hex format and increment the current index.
+     * @return The next element in the Sequence in Hex format (if that makes sense for this Sequence's type).
+     */
+    T nextHex();
+
+    /**
+     * Return the next element in the Sequence in Octal format and increment the current index.
+     * @return The next element in the Sequence in Octal format (if that makes sense for this Sequence's type).
+     */
+    T nextOctal();
+
+    /**
+     * Return the next element in the Sequence without affecting the current index.
+     * @return the next element in the Sequence.
+     */
+    T peek();
+
+    /**
+     * Test to see if the next element in the Sequence matches the supplied value without affecting the current index.
+     * @param c The value to match against.
+     * @return True if the next element matches the supplied value. False otherwise.
+     */
+    boolean peek(T c);
+
+    /**
+     * Mark the location of the current index.
+     */
+    void mark();
+
+    /**
+     * Set the index back to the last marked location.
+     */
+    void reset();
+
+    /**
+     * Not at all sure what this method is intended to do.  There
+     * is a line in HTMLEntityCodec that said calling this method
+     * is a "kludge around PushbackString..."
+     * @return Return the remaining portion of the sequence, with any pushback appended to the front (if any).
+     */
+    String remainder();
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackString.java b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
index d218eb932..377ed829e 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackString.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
@@ -1,185 +1,223 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * The pushback string is used by Codecs to allow them to push decoded characters back onto a string
- * for further decoding. This is necessary to detect double-encoding.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class PushbackString {
-
-	private String input;
-	private Character pushback;
-	private Character temp;
-	private int index = 0;
-	private int mark = 0;
-	
-    /**
-     *
-     * @param input
-     */
-    public PushbackString( String input ) {
-		this.input = input;
-	}
-
-    /**
-     *
-     * @param c
-     */
-    public void pushback( Character c ) {
-		pushback = c;
-	}
-	
-
-    /**
-     * Get the current index of the PushbackString. Typically used in error messages.
-     * @return The current index of the PushbackString.
-     */
-    public int index() {
-		return index;
-	}
-	
-    /**
-     *
-     * @return
-     */
-    public boolean hasNext() {
-		if ( pushback != null ) return true;
-		if ( input == null ) return false;
-		if ( input.length() == 0 ) return false;
-		if ( index >= input.length() ) return false;
-		return true;		
-	}
-	
-    /**
-     *
-     * @return
-     */
-    public Character next() {
-		if ( pushback != null ) {
-			Character save = pushback;
-			pushback = null;
-			return save;
-		}
-		if ( input == null ) return null;
-		if ( input.length() == 0 ) return null;
-		if ( index >= input.length() ) return null;		
-		return Character.valueOf( input.charAt(index++) );
-	}
-	
-    /**
-    *
-    * @return
-    */
-   public Character nextHex() {
-		Character c = next();
-		if ( c == null ) return null;
-		if ( isHexDigit( c ) ) return c;
-		return null;
-	}
-
-   /**
-   *
-   * @return
-   */
-  public Character nextOctal() {
-		Character c = next();
-		if ( c == null ) return null;
-		if ( isOctalDigit( c ) ) return c;
-		return null;
-	}
-
-  /**
- * Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
-  * @param c
-  * @return
-  */
- public static boolean isHexDigit( Character c ) {
-		if ( c == null ) return false;
-		char ch = c.charValue();
-		return (ch >= '0' && ch <= '9' ) || (ch >= 'a' && ch <= 'f' ) || (ch >= 'A' && ch <= 'F' );
-	}
-
- /**
- * Returns true if the parameter character is an octal digit 0 through 7.
- * @param c
- * @return
- */
-public static boolean isOctalDigit( Character c ) {
-	if ( c == null ) return false;
-	char ch = c.charValue();
-	return ch >= '0' && ch <= '7';
-}
-
-    /**
-     * Return the next character without affecting the current index.
-     * @return
-     */
-    public Character peek() {
-		if ( pushback != null ) return pushback;
-		if ( input == null ) return null;
-		if ( input.length() == 0 ) return null;
-		if ( index >= input.length() ) return null;		
-		return Character.valueOf( input.charAt(index) );
-	}
-	
-    /**
-     * Test to see if the next character is a particular value without affecting the current index.
-     * @param c
-     * @return
-     */
-    public boolean peek( char c ) {
-		if ( pushback != null && pushback.charValue() == c ) return true;
-		if ( input == null ) return false;
-		if ( input.length() == 0 ) return false;
-		if ( index >= input.length() ) return false;		
-		return input.charAt(index) == c;
-	}	
-	
-    /**
-     *
-     */
-    public void mark() {
-		temp = pushback;
-		mark = index;
-	}
-
-    /**
-     *
-     */
-    public void reset() {
-		pushback = temp;
-		index = mark;
-	}
-	
-    /**
-     *
-     * @return
-     */
-    protected String remainder() {
-		String output = input.substring( index );
-		if ( pushback != null ) {
-			output = pushback + output;
-		}
-		return output;
-	}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @updated 2017
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+/**
+ * The pushback string is used by Codecs to allow them to push decoded
+ * characters back onto a string for further decoding. This is necessary to
+ * detect double-encoding.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com)
+ *         <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class PushbackString extends AbstractPushbackSequence<Character> {
+
+    /**
+     * @param input Construct a PushbackString with the specified String.
+     */
+    public PushbackString(String input) {
+        super(input);
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.owasp.esapi.codecs.PushbackSequence#index()
+     */
+    public int index() {
+        return index;
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.owasp.esapi.codecs.PushbackSequence#hasNext()
+     */
+    public boolean hasNext() {
+        if (pushback != null){
+            return true;
+        }
+        if (input == null){
+            return false;
+        }
+        if (input.length() == 0){
+            return false;
+        }
+        if (index >= input.length()){
+            return false;
+        }
+        return true;
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.owasp.esapi.codecs.PushbackSequence#next()
+     */
+    public Character next() {
+        if (pushback != null) {
+            Character save = pushback;
+            pushback = null;
+            return save;
+        }
+        if (input == null){
+            return null;
+        }
+        if (input.length() == 0){
+            return null;
+        }
+        if (index >= input.length()){
+            return null;
+        }
+        return Character.valueOf(input.charAt(index++));
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.owasp.esapi.codecs.PushbackSequence#nextHex()
+     */
+    public Character nextHex() {
+        Character c = next();
+        if (c == null){
+            return null;
+        }
+        if (isHexDigit(c)){
+            return c;
+        }
+        return null;
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.owasp.esapi.codecs.PushbackSequence#nextOctal()
+     */
+    public Character nextOctal() {
+        Character c = next();
+        if (c == null){
+            return null;
+        }
+        if (isOctalDigit(c)){
+            return c;
+        }
+        return null;
+    }
+
+    /**
+     * Returns true if the parameter character is a hexadecimal digit 0 through
+     * 9, a through f, or A through F.
+     *
+     * @param c
+      * @return true if it is a hexadecimal digit, false otherwise.
+     */
+    public static boolean isHexDigit(Character c) {
+        if (c == null){
+            return false;
+        }
+        char ch = c.charValue();
+        return (ch >= '0' && ch <= '9') || (ch >= 'a' && ch <= 'f') || (ch >= 'A' && ch <= 'F');
+    }
+
+    /**
+     * Returns true if the parameter character is an octal digit 0 through 7.
+     *
+     * @param c
+      * @return true if it is an octal digit, false otherwise.
+     */
+    public static boolean isOctalDigit(Character c) {
+        if (c == null){
+            return false;
+        }
+        char ch = c.charValue();
+        return ch >= '0' && ch <= '7';
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.owasp.esapi.codecs.PushbackSequence#peek()
+     */
+    public Character peek() {
+        if (pushback != null){
+            return pushback;
+        }
+        if (input == null){
+            return null;
+        }
+        if (input.length() == 0){
+            return null;
+        }
+        if (index >= input.length()){
+            return null;
+        }
+        return Character.valueOf(input.charAt(index));
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.owasp.esapi.codecs.PushbackSequence#peek(char)
+     */
+    public boolean peek(Character c) {
+        if (pushback != null && pushback.charValue() == c){
+            return true;
+        }
+        if (input == null){
+            return false;
+        }
+        if (input.length() == 0){
+            return false;
+        }
+        if (index >= input.length()){
+            return false;
+        }
+        return input.charAt(index) == c;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void mark() {
+        temp = pushback;
+        mark = index;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void reset() {
+        pushback = temp;
+        index = mark;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String remainder() {
+        String output = input.substring(index);
+        if (pushback != null) {
+            output = pushback + output;
+        }
+        return output;
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/codecs/Trie.java b/src/main/java/org/owasp/esapi/codecs/Trie.java
index da11268d3..fbb8c99ec 100644
--- a/src/main/java/org/owasp/esapi/codecs/Trie.java
+++ b/src/main/java/org/owasp/esapi/codecs/Trie.java
@@ -9,164 +9,164 @@
 
 public interface Trie<T> extends Map<CharSequence,T>
 {
-	public Map.Entry<CharSequence,T> getLongestMatch(CharSequence key);
-	public Map.Entry<CharSequence,T> getLongestMatch(PushbackReader keyIn) throws IOException;
-	public int getMaxKeyLength();
-
-	static class TrieProxy<T> implements Trie<T>
-	{
-		private Trie<T> wrapped;
-
-		TrieProxy(Trie<T> toWrap)
-		{
-			wrapped = toWrap;
-		}
-
-		protected Trie<T> getWrapped()
-		{
-			return wrapped;
-		}
-
-		public Map.Entry<CharSequence,T> getLongestMatch(CharSequence key)
-		{
-			return wrapped.getLongestMatch(key);
-		}
-
-		public Map.Entry<CharSequence,T> getLongestMatch(PushbackReader keyIn) throws IOException
-		{
-			return wrapped.getLongestMatch(keyIn);
-		}
-
-		public int getMaxKeyLength()
-		{
-			return wrapped.getMaxKeyLength();
-		}
-
-		/* java.util.Map: */
-
-    		public int size()
-		{
-			return wrapped.size();
-		}
-
-    		public boolean isEmpty()
-		{
-			return wrapped.isEmpty();
-		}
-
-    		public boolean containsKey(Object key)
-		{
-			return wrapped.containsKey(key);
-		}
-
-    		public boolean containsValue(Object val)
-		{
-			return wrapped.containsValue(val);
-		}
-
-    		public T get(Object key)
-		{
-			return wrapped.get(key);
-		}
-
-    		public T put(CharSequence key, T value)
-		{
-			return wrapped.put(key, value);
-		}
-
-    		public T remove(Object key)
-		{
-			return wrapped.remove(key);
-		}
-
-    		public void putAll(Map<? extends CharSequence,? extends T> t)
-		{
-			wrapped.putAll(t);
-		}
-
-    		public void clear()
-		{
-			wrapped.clear();
-		}
-
-    		public Set<CharSequence> keySet()
-		{
-			return wrapped.keySet();
-		}
-
-    		public Collection<T> values()
-		{
-			return wrapped.values();
-		}
-
-    		public Set<Map.Entry<CharSequence,T>> entrySet()
-		{
-			return wrapped.entrySet();
-		}
-
-    		public boolean equals(Object other)
-		{
-			return wrapped.equals(other);
-		}
-
-    		public int hashCode()
-		{
-			return wrapped.hashCode();
-		}
-	}
-
-	static class Unmodifiable<T> extends TrieProxy<T>
-	{
-		Unmodifiable(Trie<T> toWrap)
-		{
-			super(toWrap);
-		}
-
-    		public T put(CharSequence key, T value)
-		{
-			throw new UnsupportedOperationException("Unmodifiable Trie");
-		}
-
-    		public T remove(CharSequence key)
-		{
-			throw new UnsupportedOperationException("Unmodifiable Trie");
-		}
-
-    		public void putAll(Map<? extends CharSequence,? extends T> t)
-		{
-			throw new UnsupportedOperationException("Unmodifiable Trie");
-		}
-
-    		public void clear()
-		{
-			throw new UnsupportedOperationException("Unmodifiable Trie");
-		}
-
-    		public Set<CharSequence> keySet()
-		{
-			return Collections.unmodifiableSet(super.keySet());
-		}
-
-    		public Collection<T> values()
-		{
-			return Collections.unmodifiableCollection(super.values());
-		}
-
-    		public Set<Map.Entry<CharSequence,T>> entrySet()
-		{
-			return Collections.unmodifiableSet(super.entrySet());
-		}
-	}
-
-	public static class Util
-	{
-		private Util()
-		{
-		}
-
-		static <T> Trie<T> unmodifiable(Trie<T> toWrap)
-		{
-			return new Unmodifiable<T>(toWrap);
-		}
-	}
+    public Map.Entry<CharSequence,T> getLongestMatch(CharSequence key);
+    public Map.Entry<CharSequence,T> getLongestMatch(PushbackReader keyIn) throws IOException;
+    public int getMaxKeyLength();
+
+    static class TrieProxy<T> implements Trie<T>
+    {
+        private Trie<T> wrapped;
+
+        TrieProxy(Trie<T> toWrap)
+        {
+            wrapped = toWrap;
+        }
+
+        protected Trie<T> getWrapped()
+        {
+            return wrapped;
+        }
+
+        public Map.Entry<CharSequence,T> getLongestMatch(CharSequence key)
+        {
+            return wrapped.getLongestMatch(key);
+        }
+
+        public Map.Entry<CharSequence,T> getLongestMatch(PushbackReader keyIn) throws IOException
+        {
+            return wrapped.getLongestMatch(keyIn);
+        }
+
+        public int getMaxKeyLength()
+        {
+            return wrapped.getMaxKeyLength();
+        }
+
+        /* java.util.Map: */
+
+            public int size()
+        {
+            return wrapped.size();
+        }
+
+            public boolean isEmpty()
+        {
+            return wrapped.isEmpty();
+        }
+
+            public boolean containsKey(Object key)
+        {
+            return wrapped.containsKey(key);
+        }
+
+            public boolean containsValue(Object val)
+        {
+            return wrapped.containsValue(val);
+        }
+
+            public T get(Object key)
+        {
+            return wrapped.get(key);
+        }
+
+            public T put(CharSequence key, T value)
+        {
+            return wrapped.put(key, value);
+        }
+
+            public T remove(Object key)
+        {
+            return wrapped.remove(key);
+        }
+
+            public void putAll(Map<? extends CharSequence,? extends T> t)
+        {
+            wrapped.putAll(t);
+        }
+
+            public void clear()
+        {
+            wrapped.clear();
+        }
+
+            public Set<CharSequence> keySet()
+        {
+            return wrapped.keySet();
+        }
+
+            public Collection<T> values()
+        {
+            return wrapped.values();
+        }
+
+            public Set<Map.Entry<CharSequence,T>> entrySet()
+        {
+            return wrapped.entrySet();
+        }
+
+            public boolean equals(Object other)
+        {
+            return wrapped.equals(other);
+        }
+
+            public int hashCode()
+        {
+            return wrapped.hashCode();
+        }
+    }
+
+    static class Unmodifiable<T> extends TrieProxy<T>
+    {
+        Unmodifiable(Trie<T> toWrap)
+        {
+            super(toWrap);
+        }
+
+            public T put(CharSequence key, T value)
+        {
+            throw new UnsupportedOperationException("Unmodifiable Trie");
+        }
+
+            public T remove(CharSequence key)
+        {
+            throw new UnsupportedOperationException("Unmodifiable Trie");
+        }
+
+            public void putAll(Map<? extends CharSequence,? extends T> t)
+        {
+            throw new UnsupportedOperationException("Unmodifiable Trie");
+        }
+
+            public void clear()
+        {
+            throw new UnsupportedOperationException("Unmodifiable Trie");
+        }
+
+            public Set<CharSequence> keySet()
+        {
+            return Collections.unmodifiableSet(super.keySet());
+        }
+
+            public Collection<T> values()
+        {
+            return Collections.unmodifiableCollection(super.values());
+        }
+
+            public Set<Map.Entry<CharSequence,T>> entrySet()
+        {
+            return Collections.unmodifiableSet(super.entrySet());
+        }
+    }
+
+    public static class Util
+    {
+        private Util()
+        {
+        }
+
+        static <T> Trie<T> unmodifiable(Trie<T> toWrap)
+        {
+            return new Unmodifiable<T>(toWrap);
+        }
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
index 19ecc80ca..aa513b94e 100644
--- a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
@@ -1,82 +1,86 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for '\' encoding from Unix command shell.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class UnixCodec extends Codec {
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns backslash-encoded character
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-        return "\\" + c;
-	}
-	
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * <p>
-	 * Formats all are legal both upper/lower case:
-	 *   \x - all special characters
-	 *   
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\\' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		return second;
-	}
-
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the {@code Codec} interface for '\' encoding from Unix command shell (bash lineage, not csh lineage).
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class UnixCodec extends AbstractCharacterCodec {
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return the backslash-encoded character
+     *
+     * @param immune Array of characters that should not be encoded. Use with caution! All
+     *               alphanumeric characters are "immune" by default so you needn't
+     *               include them.
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+        char ch = c.charValue();
+
+        // check for immune characters
+        if ( containsCharacter( ch, immune ) ) {
+            return ""+ch;
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric( ch );
+        if ( hex == null ) {
+            return ""+ch;
+        }
+
+        return "\\" + c;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>
+     * Formats all are legal both upper/lower case:
+     * <pre>
+     *   \x - all special characters
+     * </pre>
+     *
+     * @return the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     */
+    public Character decodeCharacter( PushbackSequence<Character> input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( first.charValue() != '\\' ) {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        return second;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
index 2dccbbd81..5f768ec4f 100644
--- a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
@@ -1,117 +1,117 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import org.owasp.esapi.EncoderConstants;
-
-
-/**
- * Implementation of the Codec interface for 'quote' encoding from VBScript.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class VBScriptCodec extends Codec {
-
-	/**
-	 * Encode a String so that it can be safely used in a specific context.
-	 * 
-     * @param immune
-     * @param input
-	 * 		the String to encode
-	 * @return the encoded String
-	 */
-    public String encode(char[] immune, String input) {
-    	StringBuilder sb = new StringBuilder();
-		boolean encoding = false;
-		boolean inquotes = false;
-		for ( int i=0; i<input.length(); i++ ) {
-			char c = input.charAt(i);
-			
-			// handle normal characters and surround them with quotes
-			if (containsCharacter(c, EncoderConstants.CHAR_ALPHANUMERICS) || containsCharacter(c, immune)) {
-				if ( encoding && i > 0 ) sb.append( "&" );
-				if ( !inquotes && i > 0 ) sb.append( "\"" );
-				sb.append( c );
-				inquotes = true;
-				encoding = false;
-				
-			// handle characters that need encoding
-			} else {
-				if ( inquotes && i < input.length() ) sb.append( "\"" );
-				if ( i > 0 ) sb.append( "&" );
-				sb.append( encodeCharacter( immune, Character.valueOf( c ) ) );
-				inquotes = false;
-				encoding = true;
-			}
-		}
-		return sb.toString();
-    }
-
-
-	/**
-	 * Returns quote-encoded character
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-        return "chrw(" + (int)c.charValue() + ")";
-	}
-	
-	
-	
-	/**
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal both upper/lower case:
-	 *   "x - all special characters
-	 *   " + chr(x) + "  - not supported yet
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\"' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		return second;
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import org.owasp.esapi.EncoderConstants;
+
+
+/**
+ * Implementation of the Codec interface for 'quote' encoding from VBScript.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class VBScriptCodec extends AbstractCharacterCodec {
+
+    /**
+     * Encode a String so that it can be safely used in a specific context.
+     *
+     * @param immune
+     * @param input
+     *         the String to encode
+     * @return the encoded String
+     */
+    public String encode(char[] immune, String input) {
+        StringBuilder sb = new StringBuilder();
+        boolean encoding = false;
+        boolean inquotes = false;
+        for ( int i=0; i<input.length(); i++ ) {
+            char c = input.charAt(i);
+
+            // handle normal characters and surround them with quotes
+            if (containsCharacter(c, EncoderConstants.CHAR_ALPHANUMERICS) || containsCharacter(c, immune)) {
+                if ( encoding && i > 0 ) sb.append( "&" );
+                if ( !inquotes && i > 0 ) sb.append( "\"" );
+                sb.append( c );
+                inquotes = true;
+                encoding = false;
+
+            // handle characters that need encoding
+            } else {
+                if ( inquotes && i < input.length() ) sb.append( "\"" );
+                if ( i > 0 ) sb.append( "&" );
+                sb.append( encodeCharacter( immune, Character.valueOf( c ) ) );
+                inquotes = false;
+                encoding = true;
+            }
+        }
+        return sb.toString();
+    }
+
+
+    /**
+     * Returns quote-encoded character
+     *
+     * @param immune
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+        char ch = c.charValue();
+
+        // check for immune characters
+        if ( containsCharacter( ch, immune ) ) {
+            return ""+ch;
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric( ch );
+        if ( hex == null ) {
+            return ""+ch;
+        }
+
+        return "chrw(" + (int)c.charValue() + ")";
+    }
+
+
+
+    /**
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Formats all are legal both upper/lower case:
+     *   "x - all special characters
+     *   " + chr(x) + "  - not supported yet
+     */
+    public Character decodeCharacter( PushbackSequence<Character> input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( first.charValue() != '\"' ) {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        return second;
+    }
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
index 719f00907..d3338b1be 100644
--- a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
@@ -1,82 +1,82 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for '^' encoding from Windows command shell.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class WindowsCodec extends Codec {
-
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns Windows shell encoded character (which is ^)
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-        return "^" + c;
-	}
-	
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * <p>
-	 * Formats all are legal both upper/lower case:
-	 *   ^x - all special characters
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '^' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		return second;
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the Codec interface for '^' encoding from Windows command shell.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class WindowsCodec extends AbstractCharacterCodec {
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns Windows shell encoded character (which is ^)
+     *
+     * @param immune
+     */
+    public String encodeCharacter( char[] immune, Character c ) {
+        char ch = c.charValue();
+
+        // check for immune characters
+        if ( containsCharacter( ch, immune ) ) {
+            return ""+ch;
+        }
+
+        // check for alphanumeric characters
+        String hex = super.getHexForNonAlphanumeric( ch );
+        if ( hex == null ) {
+            return ""+ch;
+        }
+
+        return "^" + c;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     * <p>
+     * Formats all are legal both upper/lower case:
+     *   ^x - all special characters
+     */
+    public Character decodeCharacter( PushbackSequence<Character> input ) {
+        input.mark();
+        Character first = input.next();
+        if ( first == null ) {
+            input.reset();
+            return null;
+        }
+
+        // if this is not an encoded character, return null
+        if ( first.charValue() != '^' ) {
+            input.reset();
+            return null;
+        }
+
+        Character second = input.next();
+        return second;
+    }
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
index e248392ac..c28734387 100644
--- a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
@@ -1,15 +1,15 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2009 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  */
 package org.owasp.esapi.codecs;
 
@@ -23,11 +23,11 @@
  * This differes from HTML entity encoding in that only the following
  * named entities are predefined:
  * <ul>
- * 	<li>lt</li>
- * 	<li>gt</li>
- * 	<li>amp</li>
- * 	<li>apos</li>
- * 	<li>quot</li>
+ *     <li>lt</li>
+ *     <li>gt</li>
+ *     <li>amp</li>
+ *     <li>apos</li>
+ *     <li>quot</li>
  * </ul>
  * However, the XML Specification 1.0 states in section 4.6 "Predefined
  * Entities" that these should still be declared for interoperability
@@ -41,258 +41,258 @@
  * of knowing about. Decoding is included for completeness but it's use
  * is not recommended. Use a XML parser instead!
  */
-public class XMLEntityCodec extends Codec
+public class XMLEntityCodec extends AbstractCharacterCodec
 {
-	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-	private static final String UNENCODED_STR = ALPHA_NUMERIC_STR + " \t";
-	private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
-	private static final HashTrie<Character> entityToCharacterMap;
+    private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+    private static final String UNENCODED_STR = ALPHA_NUMERIC_STR + " \t";
+    private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
+    private static final HashTrie<Character> entityToCharacterMap;
 
-	static
-	{	// populate entitites
-		entityToCharacterMap = new HashTrie<Character>();
-		entityToCharacterMap.put("lt", '<');
-		entityToCharacterMap.put("gt", '>');
-		entityToCharacterMap.put("amp", '&');
-		entityToCharacterMap.put("apos", '\'');
-		entityToCharacterMap.put("quot", '"');
-	}
+    static
+    {    // populate entitites
+        entityToCharacterMap = new HashTrie<Character>();
+        entityToCharacterMap.put("lt", '<');
+        entityToCharacterMap.put("gt", '>');
+        entityToCharacterMap.put("amp", '&');
+        entityToCharacterMap.put("apos", '\'');
+        entityToCharacterMap.put("quot", '"');
+    }
 
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Encodes a Character using XML entities as necessary.
-	 *
-	 * @param immune characters that should not be encoded as entities
-	 */
-	public String encodeCharacter(char[] immune, Character c)
-	{
-		// check for immune characters
-		if(containsCharacter(c, immune))
-			return c.toString();
+    /**
+     * {@inheritDoc}
+     *
+     * Encodes a Character using XML entities as necessary.
+     *
+     * @param immune characters that should not be encoded as entities
+     */
+    public String encodeCharacter(char[] immune, Character c)
+    {
+        // check for immune characters
+        if(containsCharacter(c, immune))
+            return c.toString();
 
-		// check for unencoded characters
-		if(UNENCODED_SET.contains(c))
-			return c.toString();
+        // check for unencoded characters
+        if(UNENCODED_SET.contains(c))
+            return c.toString();
 
-		return "&#x" + Integer.toHexString(c.charValue()) + ";";
-	}
+        return "&#x" + Integer.toHexString(c.charValue()) + ";";
+    }
 
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Legal formats:
-	 * <ul>
-	 * 	<li>&amp;#dddd;</li>
-	 * 	<li>&amp;#xhhhh;</li>
-	 * 	<li>&amp;name;</li>
-	 * </ul>
-	 */
-	public Character decodeCharacter(PushbackString input)
-	{
-		Character ret = null;
-		Character first;
-		Character second;
+    /**
+     * {@inheritDoc}
+     *
+     * Returns the decoded version of the character starting at index, or
+     * null if no decoding is possible.
+     *
+     * Legal formats:
+     * <ul>
+     *     <li>&amp;#dddd;</li>
+     *     <li>&amp;#xhhhh;</li>
+     *     <li>&amp;name;</li>
+     * </ul>
+     */
+    public Character decodeCharacter(PushbackSequence<Character> input)
+    {
+        Character ret = null;
+        Character first;
+        Character second;
 
-		input.mark();
-		try
-		{
-			first = input.next();
-			if(first == null)
-				return null;
+        input.mark();
+        try
+        {
+            first = input.next();
+            if(first == null)
+                return null;
 
-			// if this is not an encoded character, return null
-			if(first != '&')
-				return null;
+            // if this is not an encoded character, return null
+            if(first != '&')
+                return null;
 
-			// test for numeric encodings
-			second = input.next();
-			if(second==null)
-				return null;
+            // test for numeric encodings
+            second = input.next();
+            if(second==null)
+                return null;
 
-			if(second=='#')
-			{	// handle numbers
-				ret = getNumericEntity(input);
-			}
-			else if(Character.isLetter(second.charValue()))
-			{	// handle entities
-				input.pushback(second);
-				ret = getNamedEntity(input);
-			}
-		}
-		finally
-		{
-			if(ret == null)
-				input.reset();
-		}
-		return ret;
-	}
+            if(second=='#')
+            {    // handle numbers
+                ret = getNumericEntity(input);
+            }
+            else if(Character.isLetter(second.charValue()))
+            {    // handle entities
+                input.pushback(second);
+                ret = getNamedEntity(input);
+            }
+        }
+        finally
+        {
+            if(ret == null)
+                input.reset();
+        }
+        return ret;
+    }
 
-	/**
-	 * Converts the rest of a numeric entity to a character.
-	 * @param input The input to read from. It is assumed that input
-	 * 	is positioned at the character after the &amp;#
-	 * @return The character decoded or null on failure.
-	 */
-	private static Character getNumericEntity(PushbackString input)
-	{
-		Character first = input.peek();
+    /**
+     * Converts the rest of a numeric entity to a character.
+     * @param input The input to read from. It is assumed that input
+     *     is positioned at the character after the &amp;#
+     * @return The character decoded or null on failure.
+     */
+    private static Character getNumericEntity(PushbackSequence<Character> input)
+    {
+        Character first = input.peek();
 
-		if(first == null)
-			return null;
+        if(first == null)
+            return null;
 
-		if(first=='x'||first=='X')
-		{
-			input.next();	// nuke X
-			return parseHex(input);
-		}
-		return parseNumber(input);
-	}
+        if(first=='x'||first=='X')
+        {
+            input.next();    // nuke X
+            return parseHex(input);
+        }
+        return parseNumber(input);
+    }
 
-	/**
-	 * Convert a integer code point to a Character.
-	 * @param i the integer
-	 * @return i as a Character or null if i is a invalid code point
-	 * 	or outside of the Java char range.
-	 */
-	private static Character int2char(int i)
-	{
-		if(!Character.isValidCodePoint(i))
-			return null;
-		if(!(Character.MIN_VALUE <= i && i <= Character.MAX_VALUE))
-			return null;	// we can't 0x010000-0x100000 currently
-		return (char)i;
-	}
+    /**
+     * Convert a integer code point to a Character.
+     * @param i the integer
+     * @return i as a Character or null if i is a invalid code point
+     *     or outside of the Java char range.
+     */
+    private static Character int2char(int i)
+    {
+        if(!Character.isValidCodePoint(i))
+            return null;
+        if(!(Character.MIN_VALUE <= i && i <= Character.MAX_VALUE))
+            return null;    // we can't 0x010000-0x100000 currently
+        return (char)i;
+    }
 
-	/**
-	 * Converts the rest of a decimal numeric entity to a character.
-	 * @param input The input to read from. It is assumed that input
-	 * 	is positioned at the character after the &amp;# and that
-	 *	the next char is not a 'x' or 'X'.
-	 * @return The character decoded or null on failutre.
-	 */
-	private static Character parseNumber(PushbackString input)
-	{
-		StringBuilder sb = new StringBuilder();
-		Character c;
-		while((c=input.next())!=null)
-		{
-			// end of entity?
-			if(c==';')
-				break;
+    /**
+     * Converts the rest of a decimal numeric entity to a character.
+     * @param input The input to read from. It is assumed that input
+     *     is positioned at the character after the &amp;# and that
+     *    the next char is not a 'x' or 'X'.
+     * @return The character decoded or null on failutre.
+     */
+    private static Character parseNumber(PushbackSequence<Character> input)
+    {
+        StringBuilder sb = new StringBuilder();
+        Character c;
+        while((c=input.next())!=null)
+        {
+            // end of entity?
+            if(c==';')
+                break;
 
-			// check for digit
-			if(!Character.isDigit(c.charValue()))
-				return null;
-			sb.append(c);
-		}
-		if(c==null)
-			return null;	// not ';' termintated
-		if(sb.length()<=0)	// no digits
-			return null;
-		try
-		{
-			return int2char(Integer.parseInt(sb.toString()));
-		}
-		catch(NumberFormatException e)
-		{
-			return null;
-		}
-	}
+            // check for digit
+            if(!Character.isDigit(c.charValue()))
+                return null;
+            sb.append(c);
+        }
+        if(c==null)
+            return null;    // not ';' termintated
+        if(sb.length()<=0)    // no digits
+            return null;
+        try
+        {
+            return int2char(Integer.parseInt(sb.toString()));
+        }
+        catch(NumberFormatException e)
+        {
+            return null;
+        }
+    }
 
-	/**
-	 * Converts the rest of a hexidecimal numeric entity to a character.
-	 * @param input The input to read from. It is assumed that input
-	 * 	is positioned at the character after the &amp;#[xX]
-	 * @return The character decoded or null on failutre.
-	 */
-	private static Character parseHex(PushbackString input)
-	{
-		Character c;
-		StringBuilder sb = new StringBuilder();
-		input_loop: while((c=input.next())!=null)
-		{
-			switch(c.charValue())
-			{
-				case 'a':
-				case 'b':
-				case 'c':
-				case 'd':
-				case 'e':
-				case 'f':
-				case 'A':
-				case 'B':
-				case 'C':
-				case 'D':
-				case 'E':
-				case '0':
-				case '1':
-				case '2':
-				case '3':
-				case '4':
-				case '5':
-				case '6':
-				case '7':
-				case '8':
-				case '9':
-					sb.append(c);
-					break;
-				case ';':
-					break input_loop;
-				default:
-					return null;
-			}
-		}
-		if(c==null)
-			return null;	// not ';' termintated
-		if(sb.length()<=0)	// no digits
-			return null;
-		try
-		{
-			return int2char(Integer.parseInt(sb.toString(),16));
-		}
-		catch(NumberFormatException e)
-		{
-			return null;
-		}
-	}
+    /**
+     * Converts the rest of a hexidecimal numeric entity to a character.
+     * @param input The input to read from. It is assumed that input
+     *     is positioned at the character after the &amp;#[xX]
+     * @return The character decoded or null on failutre.
+     */
+    private static Character parseHex(PushbackSequence<Character> input)
+    {
+        Character c;
+        StringBuilder sb = new StringBuilder();
+        input_loop: while((c=input.next())!=null)
+        {
+            switch(c.charValue())
+            {
+                case 'a':
+                case 'b':
+                case 'c':
+                case 'd':
+                case 'e':
+                case 'f':
+                case 'A':
+                case 'B':
+                case 'C':
+                case 'D':
+                case 'E':
+                case '0':
+                case '1':
+                case '2':
+                case '3':
+                case '4':
+                case '5':
+                case '6':
+                case '7':
+                case '8':
+                case '9':
+                    sb.append(c);
+                    break;
+                case ';':
+                    break input_loop;
+                default:
+                    return null;
+            }
+        }
+        if(c==null)
+            return null;    // not ';' termintated
+        if(sb.length()<=0)    // no digits
+            return null;
+        try
+        {
+            return int2char(Integer.parseInt(sb.toString(),16));
+        }
+        catch(NumberFormatException e)
+        {
+            return null;
+        }
+    }
 
-	/**
-	 * 
-	 * Converts the rest of a named entity to a character.
-	 * null if no decoding is possible.
-	 * @param input The input to read from. It is assumed that input
-	 * 	is positioned at the character after the &amp;.
-	 * @return The character decoded or null on failutre.
-	 */
-	private Character getNamedEntity(PushbackString input)
-	{
-		StringBuilder possible = new StringBuilder();
-		Map.Entry<CharSequence,Character> entry;
-		int len;
+    /**
+     *
+     * Converts the rest of a named entity to a character.
+     * null if no decoding is possible.
+     * @param input The input to read from. It is assumed that input
+     *     is positioned at the character after the &amp;.
+     * @return The character decoded or null on failutre.
+     */
+    private Character getNamedEntity(PushbackSequence<Character> input)
+    {
+        StringBuilder possible = new StringBuilder();
+        Map.Entry<CharSequence,Character> entry;
+        int len;
 
-		// kludge around PushbackString....
-		len = Math.min(input.remainder().length(), entityToCharacterMap.getMaxKeyLength()+1);
-		for(int i=0;i<len;i++)
-			possible.append(Character.toLowerCase(input.next()));
+        // kludge around PushbackString....
+        len = Math.min(input.remainder().length(), entityToCharacterMap.getMaxKeyLength()+1);
+        for(int i=0;i<len;i++)
+            possible.append(Character.toLowerCase(input.next()));
 
-		// look up the longest match
-		entry = entityToCharacterMap.getLongestMatch(possible);
-		if(entry == null)
-			return null;	// no match, caller will reset input
-		len = entry.getKey().length();	// what matched's length
-		if(possible.length() <= len || possible.charAt(len)!=';')
-			return null;	// not semicolon
+        // look up the longest match
+        entry = entityToCharacterMap.getLongestMatch(possible);
+        if(entry == null)
+            return null;    // no match, caller will reset input
+        len = entry.getKey().length();    // what matched's length
+        if(possible.length() <= len || possible.charAt(len)!=';')
+            return null;    // not semicolon
 
-		// fixup input
-		input.reset();
-		input.next();	// read &
-		for(int i=0;i<len;i++)
-			input.next();
-		input.next();	// read semicolen
-		return entry.getValue();
-	}
+        // fixup input
+        input.reset();
+        input.next();    // read &
+        for(int i=0;i<len;i++)
+            input.next();
+        input.next();    // read semicolen
+        return entry.getValue();
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/codecs/package.html b/src/main/java/org/owasp/esapi/codecs/package.html
index 0951a73f2..0726d78ef 100644
--- a/src/main/java/org/owasp/esapi/codecs/package.html
+++ b/src/main/java/org/owasp/esapi/codecs/package.html
@@ -10,7 +10,7 @@
 before validation, many attacks can be detected and handled.  By using the codecs to encode
 untrusted data before sending it to an interpreter, a wide variety of 'injection' attacks can
 be stopped. However,
-this package does not currently address issues related to converting between byte-streams and 
+this package does not currently address issues related to converting between byte-streams and
 internal character representations, such as overlong UTF-8 issues. Those are left to the platform.
 The codecs cover protocol encodings such as HTML entity encoding and percent encoding, but also
 common product escaping schemes, such as Unix, Windows, MySQL, and Oracle.
diff --git a/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java b/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
new file mode 100644
index 000000000..9ca5c51a8
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
@@ -0,0 +1,111 @@
+package org.owasp.esapi.codecs.ref;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * String mutation utility which can be used to replace all occurrences of a
+ * defined regular expression with a marker string, and also restore the
+ * original string content.
+ *
+ */
+public class EncodingPatternPreservation {
+    /** Default replacement marker. */
+    private static final String REPLACEMENT_MARKER = EncodingPatternPreservation.class.getSimpleName();
+    /** Pattern that is used to identify which content should be replaced. */
+    private final Pattern noEncodeContent;
+    /** The Marker used to replace found Pattern references. */
+    private String replacementMarker = REPLACEMENT_MARKER;
+
+    /**
+     * The ordered-list of elements that were replaced in the last call to
+     * {@link #captureAndReplaceMatches(String)}, and that will be used to replace
+     * the {@link #replacementMarker} on the next call to
+     * {@link #restoreOriginalContent(String)}
+     */
+    private final List<String> replacedContentList = new ArrayList<>();
+
+    /**
+     * Constructor.
+     *
+     * @param pattern Pattern identifying content being replaced.
+     */
+    public EncodingPatternPreservation(Pattern pattern) {
+        noEncodeContent = pattern;
+    }
+
+    /**
+     * Replaces each matching instance of this instance's Pattern with an
+     * identifiable replacement marker. <br>
+     *
+     * <br>
+     * After the encoding process is complete, use
+     * {@link #restoreOriginalContent(String)} to re-insert the original data.
+     *
+     * @param input String to adjust
+     * @return The adjusted String
+     */
+    public String captureAndReplaceMatches(String input) {
+        if (!replacedContentList.isEmpty()) {
+            // This may seem odd, but this will prevent programmer error that would result
+            // in being unable to restore a previously tokenized String.
+            String message = "Previously captured state is still present in instance. Call PatternContentPreservation.reset() to clear out preserved state and to reuse the reference.";
+            throw new IllegalStateException(message);
+        }
+        String inputCpy = input;
+        Matcher matcher = noEncodeContent.matcher(input);
+
+        while (matcher.find()) {
+            String replaceContent = matcher.group(0);
+            if (replaceContent != null) {
+                replacedContentList.add(replaceContent);
+                inputCpy = inputCpy.replaceFirst(noEncodeContent.pattern(), replacementMarker);
+            }
+        }
+
+        return inputCpy;
+    }
+
+    /**
+     * Replaces each instance of the {@link #replacementMarker} with the original
+     * content, as captured by {@link #captureAndReplaceMatches(String)}
+     *
+     * @param input String to restore.
+     * @return String reference with all values replaced.
+     */
+    public String restoreOriginalContent(String input) {
+        String result = input;
+        while (replacedContentList.size() > 0) {
+            String origValue = replacedContentList.remove(0);
+            result = result.replaceFirst(replacementMarker, origValue);
+        }
+
+        return result;
+
+    }
+
+    /**
+     * Allows the marker used as a replacement to be altered.
+     *
+     * @param marker String replacement to use for regex matches.
+     */
+    public void setReplacementMarker(String marker) {
+        if (!replacedContentList.isEmpty()) {
+            // This may seem odd, but this will prevent programmer error that would result
+            // in being unable to restore a previously tokenized String.
+            String message = "Previously captured state is still present in instance. Call PatternContentPreservation.reset() to clear out preserved state and to alter the marker.";
+            throw new IllegalStateException(message);
+        }
+        this.replacementMarker = marker;
+    }
+
+    /**
+     * Clears any stored replacement values out of the instance.
+     */
+    public void reset() {
+        replacedContentList.clear();
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
new file mode 100644
index 000000000..2ca897707
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
@@ -0,0 +1,117 @@
+package org.owasp.esapi.configuration;
+
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.Properties;
+
+/**
+ * Abstract class that supports two "levels" of priorities for ESAPI properties.
+ * The higher level is the property file supported by an "operations" team and
+ * the lower level is the property file intended to be supported by the
+ * "development" team. ESAPI properties defined in the lower level properties
+ * file cannot supersede properties defined in the higher level properties file.
+ *
+ * The intent os to place ESAPI properties related to enterprise-wide security
+ * policy (e.g., the minimum sized encryption key,
+ * <b>Encryptor.MinEncryptionKeyLength</b> in the higher level so the
+ * development team cannot dumb down the policy, either accidentally or
+ * intentionally. (This of course requires that the developers don't provide the
+ * operations team the properties file for them to use. :) This is also good for
+ * allowing the productions operations team to select property values for
+ * properties such as <b>Encryptor.MasterKey</b> and <b>Encryptor.MasterSalt</b>
+ * so that they are only on a "need-to-know" basis and don't accidentally get
+ * committed to the development team's SCM repository.
+ *
+ * @since 2.2
+ */
+public abstract class AbstractPrioritizedPropertyLoader implements EsapiPropertyLoader,
+        Comparable<AbstractPrioritizedPropertyLoader> {
+
+    protected final String filename;
+    protected Properties properties;
+
+    private final int priority;
+
+    public AbstractPrioritizedPropertyLoader(String filename, int priority) throws IOException {
+        this.priority = priority;
+        this.filename = filename;
+        initProperties();
+    }
+
+    /**
+     * Get priority of this property loader. If two and more loaders can return value for the same property key,
+     * the one with the highest priority will be chosen.
+     * @return priority of this property loader
+     */
+    public int priority() {
+        return priority;
+    }
+
+    @Override
+    public int compareTo(AbstractPrioritizedPropertyLoader compared) {
+        if (this.priority > compared.priority()) {
+            return 1;
+        } else if (this.priority < compared.priority()) {
+            return -1;
+        }
+        return 0;
+    }
+
+    public String name() {
+        return filename;
+    }
+
+    /**
+     * Initializes properties object and fills it with data from configuration file.
+     */
+    private void initProperties() throws IOException {
+        properties = new Properties();
+        File file = new File(filename);
+        if (file.exists() && file.isFile()) {
+            if ( file.canRead() ) {
+                loadPropertiesFromFile(file);
+            } else {
+                throw new IOException("Can't read specificied configuration file: " + filename);
+            }
+        } else {
+            throw new FileNotFoundException("Specified configuration file " + filename + " does not exist or not regular file");
+        }
+    }
+
+    /**
+     * Method that loads the data from configuration file to properties object.
+     * @param file
+     */
+    protected abstract void loadPropertiesFromFile(File file);
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
+     *
+     * @param msg The message to log to the console.
+     * @param t   Associated exception that was caught.
+     */
+    protected final void logSpecial(String msg, Throwable t) {
+        // Note: It is really distasteful to tie this class to DefaultSecurityConfiguration
+        //       like this, but the alternative is to move the logSpecial() and
+        //       logToStdout() some utilities class and that is even more
+        //       distasteful because it may encourage people to use these. -kwwall
+        org.owasp.esapi.reference.DefaultSecurityConfiguration.logToStdout(msg, t);
+    }
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
+     *
+     * @param msg The message to log to the console.
+     */
+    protected final void logSpecial(String msg) {
+        logSpecial(msg, null);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
new file mode 100644
index 000000000..7709483bf
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
@@ -0,0 +1,45 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.errors.ConfigurationException;
+
+/**
+ * Generic interface for loading security configuration properties.
+ *
+ * @since 2.2
+ */
+public interface EsapiPropertyLoader {
+
+    /**
+     * Get any int type property from security configuration.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration or has incorrect type.
+     */
+    public int getIntProp(String propertyName) throws ConfigurationException;
+
+    /**
+     * Get any byte array type property from security configuration.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration or has incorrect type.
+     */
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException;
+
+    /**
+     * Get any Boolean type property from security configuration.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration or has incorrect type.
+     */
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException;
+
+    /**
+     * Get any property from security configuration. As every property can be returned as string, this method
+     * throws exception only when property does not exist.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration.
+     */
+    public String getStringProp(String propertyName) throws ConfigurationException;
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
new file mode 100644
index 000000000..d6a1dffcd
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
@@ -0,0 +1,59 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.IOException;
+
+import static org.owasp.esapi.configuration.consts.EsapiConfigurationType.PROPERTIES;
+import static org.owasp.esapi.configuration.consts.EsapiConfigurationType.XML;
+
+/**
+ * Factory class that takes care of initialization of proper instance of EsapiPropertyLoader
+ * based on EsapiPropertiesStore
+ *
+ * @since 2.2
+ */
+public class EsapiPropertyLoaderFactory {
+
+    public static AbstractPrioritizedPropertyLoader createPropertyLoader(EsapiConfiguration cfg)
+            throws ConfigurationException, IOException {
+        String cfgPath = System.getProperty(cfg.getConfigName());
+        if ( cfgPath == null || cfgPath.equals("") ) {
+            // TODO / FIXME:
+            // This case was previously a warning, but it should NOT have been
+            // since these system properties are optional. Most people just use
+            // the traditional ESAPI.properties file and not these prioritized ones.
+            // A warning gets logged in EsapiPropertyManager if logSpecial output
+            // has not been discarded.
+            //
+            // Note also there were a LOT of cases in our JUnit tests where the
+            // file extension was empty, causing the ConfigurationException to
+            // be thrown with the error message:
+            //      "Configuration storage type [] is not supported"
+            // I don't think that was intentional, but because prior to the
+            // changes for this commit, these were all ConfigurationExceptions
+            // and they all were just being caught and not re-thrown by
+            // DefaultSecurityConfigurator. I think that is an error, probably
+            // in the tests, but I don't have timed to chase it down right now
+            // because of the pending 2.2.0.0 release.
+            //
+            // Also, I made several fixes in DefaultSecurityConfiguration
+            // related to this clean-up where IOExceptions were being silently
+            // caught when they should not have been.  -kwwall
+            return null;
+        }
+        String fileExtension = cfgPath.substring(cfgPath.lastIndexOf('.') + 1);
+
+        if (XML.getTypeName().equalsIgnoreCase(fileExtension)) {
+            return new XmlEsapiPropertyLoader(cfgPath, cfg.getPriority());
+        }
+        if (PROPERTIES.getTypeName().equalsIgnoreCase(fileExtension)) {
+            return new StandardEsapiPropertyLoader(cfgPath, cfg.getPriority());
+        } else {
+            throw new ConfigurationException("The extension of given configuration path [ " + cfgPath + " ] is not supported." +
+                    "Only .xml or .properties file extensions are supported.");
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
new file mode 100644
index 000000000..94b5e4d5a
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
@@ -0,0 +1,121 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.util.TreeSet;
+import java.io.IOException;
+
+import static org.owasp.esapi.configuration.EsapiPropertyLoaderFactory.createPropertyLoader;
+
+// Have dependency like this on a reference implmentation is majorly ugly, I know, but I
+// don't want to refactor code and delay the 2.2.0.0 release further and this class
+// is WAY too noisy. - kwwall
+import static org.owasp.esapi.reference.DefaultSecurityConfiguration.logToStdout;
+
+/**
+ * Manager used for loading security configuration properties. Does all the logic to obtain the correct property from
+ * correct source. Uses following system properties to find configuration files:
+ * <pre>
+ * - org.owasp.esapi.devteam - lower priority dev file path
+ * - org.owasp.esapi.opsteam - higher priority ops file path
+ * </pre>
+ *
+ * @since 2.2
+ */
+public class EsapiPropertyManager implements EsapiPropertyLoader {
+
+    protected TreeSet<AbstractPrioritizedPropertyLoader> loaders;
+
+    public EsapiPropertyManager() throws IOException {
+        initLoaders();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getIntProp(propertyName);
+            } catch (ConfigurationException e) {
+                logToStdout("Integer property '" + propertyName + "' not found in " + loader.name(), e);
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getByteArrayProp(propertyName);
+            } catch (ConfigurationException e) {
+                logToStdout("Byte array property '" + propertyName + "' not found in " + loader.name(), e);
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getBooleanProp(propertyName);
+            } catch (ConfigurationException e) {
+                logToStdout("Boolean property '" + propertyName + "' not found in " + loader.name(), e);
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getStringProp(propertyName);
+            } catch (ConfigurationException e) {
+                logToStdout("Property '" + propertyName + "' not found in " + loader.name(), e);
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    private void initLoaders() throws IOException {
+        loaders = new TreeSet<AbstractPrioritizedPropertyLoader>();
+        try {
+            AbstractPrioritizedPropertyLoader appl = createPropertyLoader(EsapiConfiguration.OPSTEAM_ESAPI_CFG);
+            if ( appl == null ) {
+                String msg = "WARNING: System property [" + EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName() + "] is not set";
+                logToStdout(msg, null);
+            } else {
+                loaders.add( appl );
+            }
+        } catch (IOException e) {
+            logToStdout("WARNING: Exception encountered while setting up ESAPI configuration manager for OPS team", e);
+            throw e;
+        }
+        try {
+            AbstractPrioritizedPropertyLoader appl = createPropertyLoader(EsapiConfiguration.DEVTEAM_ESAPI_CFG);
+            if ( appl == null ) {
+                String msg = "WARNING: System property [" + EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName() + "] is not set";
+                logToStdout(msg, null);
+            } else {
+                loaders.add( appl );
+            }
+        } catch (IOException e) {
+            logToStdout("WARNING: Exception encountered while setting up ESAPI configuration manager for DEV team", e);
+            throw e;
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
new file mode 100644
index 000000000..fe50e02d7
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
@@ -0,0 +1,107 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.*;
+
+/**
+ * Loader capable of loading single security configuration property from standard java properties configuration file.
+ *
+ * @since 2.2
+ */
+public class StandardEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
+
+    public StandardEsapiPropertyLoader(String filename, int priority) throws IOException {
+        super(filename, priority);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in configuration");
+        }
+        try {
+            return Integer.parseInt(property);
+        } catch (NumberFormatException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to integer", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in default configuration");
+        }
+        try {
+            return ESAPI.encoder().decodeFromBase64(property);
+        } catch (IOException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to byte array", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in default configuration");
+        }
+        if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) {
+            return true;
+        }
+        if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) {
+            return false;
+        } else {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to boolean");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in default configuration");
+        }
+        return property;
+    }
+
+    /**
+     * Methods loads configuration from .properties file.
+     * @param file
+     */
+    protected void loadPropertiesFromFile(File file) {
+        InputStream input = null;
+        try {
+            input = new FileInputStream(file);
+            properties.load(input);
+        } catch (IOException ex) {
+            logSpecial("Loading " + file.getName() + " via file I/O failed.", ex);
+        } finally {
+            if (input != null) {
+                try {
+                    input.close();
+                } catch (IOException e) {
+                    logSpecial("Could not close stream");
+                }
+            }
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
new file mode 100644
index 000000000..3b3dc8ebc
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
@@ -0,0 +1,142 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import javax.xml.validation.Validator;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Loader capable of loading single security configuration property from xml configuration file.
+ *
+ * @since 2.2
+ */
+public class XmlEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
+
+    public XmlEsapiPropertyLoader(String filename, int priority) throws IOException {
+        super(filename, priority);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        try {
+            return Integer.parseInt(property);
+        } catch (NumberFormatException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to integer", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        try {
+            return ESAPI.encoder().decodeFromBase64(property);
+        } catch (IOException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to byte array", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) {
+            return true;
+        }
+        if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) {
+            return false;
+        } else {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to boolean; legal values are: true, false, yes, no");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        return property;
+    }
+
+    /**
+     * Methods loads configuration from .xml file.
+     * @param file
+     * @throws ConfigurationException if there is a problem loading the specified configuration file.
+     */
+    protected void loadPropertiesFromFile(File file) throws ConfigurationException {
+        try ( InputStream configFile = new FileInputStream(file); ) {
+            validateAgainstXSD(configFile);
+
+            DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance("org.apache.xerces.jaxp.DocumentBuilderFactoryImpl", null);
+            dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
+            Document doc = dBuilder.parse(file);
+            doc.getDocumentElement().normalize();
+
+            NodeList nodeList = doc.getElementsByTagName("property");
+            for (int i = 0; i < nodeList.getLength(); i++) {
+                Node node = nodeList.item(i);
+                if (node.getNodeType() == Node.ELEMENT_NODE) {
+                    Element element = (Element) node;
+                    String propertyKey = element.getAttribute("name");
+                    String propertyValue = element.getTextContent();
+                    properties.put(propertyKey, propertyValue);
+                }
+            }
+        } catch (IOException | SAXException | ParserConfigurationException e) {
+            logSpecial("XML config file " + filename + " doesn't exist or has invalid schema", e);
+            throw new ConfigurationException("Configuration file : " + filename + " has invalid schema."
+                  + e.getMessage(), e);
+        }
+    }
+
+    private void validateAgainstXSD(InputStream xml) throws IOException, SAXException {
+        try ( InputStream xsd = getClass().getResourceAsStream("/ESAPI-properties.xsd"); ) {
+            SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+            Schema schema = factory.newSchema(new StreamSource(xsd));
+            Validator validator = schema.newValidator();
+            validator.validate(new StreamSource(xml));
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
new file mode 100644
index 000000000..43df2fa1c
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
@@ -0,0 +1,35 @@
+package org.owasp.esapi.configuration.consts;
+
+/**
+ * Enum used for initialization of esapi configuration files.
+ *
+ * @since 2.2
+ */
+public enum EsapiConfiguration {
+
+    OPSTEAM_ESAPI_CFG("org.owasp.esapi.opsteam", 1),
+    DEVTEAM_ESAPI_CFG("org.owasp.esapi.devteam", 2);
+
+    /**
+     * Key of system property pointing to path esapi to configuration file.
+     */
+    String configName;
+
+    /**
+     * Priority of configuration (higher number - higher priority).
+     */
+    int priority;
+
+    EsapiConfiguration(String configName, int priority) {
+        this.configName = configName;
+        this.priority = priority;
+    }
+
+    public String getConfigName() {
+        return configName;
+    }
+
+    public int getPriority() {
+        return priority;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
new file mode 100644
index 000000000..b0112e1cf
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
@@ -0,0 +1,21 @@
+package org.owasp.esapi.configuration.consts;
+
+
+/**
+ * Supported esapi configuration file types.
+ *
+ * @since 2.2
+ */
+public enum EsapiConfigurationType {
+    PROPERTIES("properties"), XML("xml");
+
+    String typeName;
+
+    EsapiConfigurationType(String typeName) {
+        this.typeName = typeName;
+    }
+
+    public String getTypeName() {
+        return typeName;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
index 556ef8edb..10b89b4d2 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
@@ -1,6 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
@@ -33,285 +33,312 @@
  * by application developers, but rather only by those either extending ESAPI
  * or in the ESAPI reference implementation. Use <i>directly</i> by application
  * code is not recommended or supported.
- * 
+ *
  * @author kevin.w.wall@gmail.com
  * @since 2.0
  */
 public final class CipherSpec implements Serializable {
 
-	private static final long serialVersionUID = 20090822;	// version, in YYYYMMDD format
-	
-	private String  cipher_xform_   = ESAPI.securityConfiguration().getCipherTransformation();
-	private int     keySize_        = ESAPI.securityConfiguration().getEncryptionKeyLength(); // In bits
-	private int     blockSize_      = 16;   // In bytes! I.e., 128 bits!!!
-	private byte[]  iv_             = null;
-	
-	// Cipher transformation component. Format is ALG/MODE/PADDING
+    private static final long serialVersionUID = 20090822;    // version, in YYYYMMDD format
+
+    private String  cipher_xform_   = ESAPI.securityConfiguration().getCipherTransformation();
+    private int     keySize_        = ESAPI.securityConfiguration().getEncryptionKeyLength(); // In bits
+    private int     blockSize_      = 16;   // In bytes! I.e., 128 bits!!!
+    private byte[]  iv_             = null;
+
+    private boolean blockSizeExplicitlySet = false;    // Used for check in setIV().
+
+    // Cipher transformation component. Format is ALG/MODE/PADDING
     private enum CipherTransformationComponent { ALG, MODE, PADDING }
 
-	/**
-	 * CTOR that explicitly sets everything.
-	 * @param cipherXform	The cipher transformation
-	 * @param keySize		The key size (in bits).
-	 * @param blockSize		The block size (in bytes).
-	 * @param iv			The initialization vector. Null if not applicable.
-	 */
-	public CipherSpec(String cipherXform, int keySize, int blockSize, final byte[] iv) {
-		setCipherTransformation(cipherXform);
-		setKeySize(keySize);
-		setBlockSize(blockSize);
-		setIV(iv);
-	}
-	
-	/**
-	 * CTOR that sets everything but IV.
-	 * @param cipherXform	The cipher transformation
-	 * @param keySize		The key size (in bits).
-	 * @param blockSize		The block size (in bytes).
-	 */
-	public CipherSpec(String cipherXform, int keySize, int blockSize) {
-		// Note: Do NOT use
-		//			this(cipherXform, keySize, blockSize, null);
-		// because of assertion in setIV().
-		//
-		setCipherTransformation(cipherXform);
-		setKeySize(keySize);
-		setBlockSize(blockSize);
-	}
-	
-	/** CTOR that sets everything but block size and IV. */
-	public CipherSpec(String cipherXform, int keySize) {
-		setCipherTransformation(cipherXform);
-		setKeySize(keySize);
-	}
-	
-	/** CTOR that sets everything except block size. */
-	public CipherSpec(String cipherXform, int keySize, final byte[] iv) {
-		setCipherTransformation(cipherXform);
-		setKeySize(keySize);
-		setIV(iv);
-	}
-
-	/** CTOR that sets everything except for the cipher key size and possibly
-	 *  the IV. (IV may not be applicable--e.g., with ECB--or may not have
-	 *  been specified yet.
-	 */
-	public CipherSpec(final Cipher cipher) {
-		setCipherTransformation(cipher.getAlgorithm(), true);
-		setBlockSize(cipher.getBlockSize());
-		if ( cipher.getIV() != null ) {
-			setIV(cipher.getIV());
-		}
-	}
-	
-	/** CTOR that sets everything. */
-	public CipherSpec(final Cipher cipher, int keySize) {
-		this(cipher);
-		setKeySize(keySize);
-	}
-	
-	/* CTOR that sets only the IV and uses defaults for everything else. */
-	public CipherSpec(final byte[] iv) {
-		setIV(iv);
-	}
-	
-	/**
-	 * Default CTOR. Creates a cipher specification for 128-bit cipher
-	 * transformation of "AES/CBC/PKCS5Padding" and a {@code null} IV.
-	 */
-	public CipherSpec() {
-		// All defaults
-	}
-
-	/**
-	 * Set the cipher transformation for this {@code CipherSpec}.
-	 * @param cipherXform	The cipher transformation string; e.g., "DESede/CBC/PKCS5Padding".
-	 * @return	This current {@code CipherSpec} object.
-	 */
-	public CipherSpec setCipherTransformation(String cipherXform) {
-		setCipherTransformation(cipherXform, false);
-		return this;
-	}
-
-	/**
-	 * Set the cipher transformation for this {@code CipherSpec}. This is only
-	 * used by the CTOR {@code CipherSpec(Cipher)} and {@code CipherSpec(Cipher, int)}.
-	 * @param cipherXform	The cipher transformation string; e.g.,
-	 * 						"DESede/CBC/PKCS5Padding". May not be null or empty.
-	 * @param fromCipher If true, the cipher transformation was set via
-	 * 					 {@code Cipher.getAlgorithm()} which may only return the
-	 * 					 actual algorithm. In that case we check and if all 3 parts
-	 * 					 were not specified, then we specify the parts that were
-	 * 					 based on "ECB" as the default cipher mode and "NoPadding"
-	 * 					 as the default padding scheme.
-	 * @return	This current {@code CipherSpec} object.
-	 */
-	private CipherSpec setCipherTransformation(String cipherXform, boolean fromCipher) {
-		if ( ! StringUtilities.notNullOrEmpty(cipherXform, true) ) {	// Yes, really want '!' here.
-			throw new IllegalArgumentException("Cipher transformation may not be null or empty string (after trimming whitespace).");
-		}
-		int parts = cipherXform.split("/").length;
-		assert ( !fromCipher ? (parts == 3) : true ) :
-			"Malformed cipherXform (" + cipherXform + "); must have form: \"alg/mode/paddingscheme\"";
-		if ( fromCipher && (parts != 3)  ) {
-				// Indicates cipherXform was set based on Cipher.getAlgorithm()
-				// and thus may not be a *complete* cipher transformation.
-			if ( parts == 1 ) {
-				// Only algorithm was given.
-				cipherXform += "/ECB/NoPadding";
-			} else if ( parts == 2 ) {
-				// Only algorithm and mode was given.
-				cipherXform += "/NoPadding";
-			} else if ( parts == 3 ) {
-				// All three parts provided. Do nothing. Could happen if not compiled with
-				// assertions enabled.
-				;	// Do nothing - shown only for completeness.
-			} else {
-				// Should never happen unless Cipher implementation is totally screwed up.
-				throw new IllegalArgumentException("Cipher transformation '" +
-								cipherXform + "' must have form \"alg/mode/paddingscheme\"");
-			}
-		} else if ( !fromCipher && parts != 3 ) {
-			throw new IllegalArgumentException("Malformed cipherXform (" + cipherXform +
-											   "); must have form: \"alg/mode/paddingscheme\"");
-		}
-		assert cipherXform.split("/").length == 3 : "Implementation error setCipherTransformation()";
-		this.cipher_xform_ = cipherXform;
-		return this;
-	}
-	
-	/**
-	 * Get the cipher transformation.
-	 * @return	The cipher transformation {@code String}.
-	 */
-	public String getCipherTransformation() {
-		return cipher_xform_;
-	}
-
-	/**
-	 * Set the key size for this {@code CipherSpec}.
-	 * @param keySize	The key size, in bits. Must be positive integer.
-	 * @return	This current {@code CipherSpec} object.
-	 */
-	public CipherSpec setKeySize(int keySize) {
-		assert keySize > 0 : "keySize must be > 0; keySize=" + keySize;
-		this.keySize_ = keySize;
-		return this;
-	}
-
-	/**
-	 * Retrieve the key size, in bits.
-	 * @return	The key size, in bits, is returned.
-	 */
-	public int getKeySize() {
-		return keySize_;
-	}
-
-	/**
-	 * Set the block size for this {@code CipherSpec}.
-	 * @param blockSize	The block size, in bytes. Must be positive integer.
-	 * @return	This current {@code CipherSpec} object.
-	 */
-	public CipherSpec setBlockSize(int blockSize) {
-		assert blockSize > 0 : "blockSize must be > 0; blockSize=" + blockSize;
-		this.blockSize_ = blockSize;
-		return this;
-	}
-
-	/**
-	 * Retrieve the block size, in bytes.
-	 * @return	The block size, in bytes, is returned.
-	 */
-	public int getBlockSize() {
-		return blockSize_;
-	}
-
-	/**
-	 * Retrieve the cipher algorithm.
-	 * @return	The cipher algorithm.
-	 */
-	public String getCipherAlgorithm() {
-		return getFromCipherXform(CipherTransformationComponent.ALG);
-	}
-	
-	/**
-	 * Retrieve the cipher mode.
-	 * @return	The cipher mode.
-	 */
-	public String getCipherMode() {
-		return getFromCipherXform(CipherTransformationComponent.MODE);
-	}
-	
-	/**
-	 * Retrieve the cipher padding scheme.
-	 * @return	The padding scheme is returned.
-	 */
-	public String getPaddingScheme() {
-		return getFromCipherXform(CipherTransformationComponent.PADDING);
-	}
-	
-	/**
-	 * Retrieve the initialization vector (IV).
-	 * @return	The IV as a byte array.
-	 */
-	public byte[] getIV() {
-		return iv_;
-	}
-	
-	/**
-	 * Set the initialization vector (IV).
-	 * @param iv	The byte array to set as the IV. A copy of the IV is saved.
-	 * 				This parameter is ignored if the cipher mode does not
-	 * 				require an IV.
-	 * @return		This current {@code CipherSpec} object.
-	 */
-	public CipherSpec setIV(final byte[] iv) {
-		assert requiresIV() && (iv != null && iv.length != 0) : "Required IV cannot be null or 0 length";
-		// Don't store a reference, but make a copy!
-		if ( iv != null ) {	// Allow null IV for ECB mode.
-			iv_ = new byte[ iv.length ];
-			CryptoHelper.copyByteArray(iv, iv_);
-		}
-		return this;
-	}
-
-	/**
-	 * Return true if the cipher mode requires an IV.
-	 * @return True if the cipher mode requires an IV, otherwise false.
-	 * */
-	public boolean requiresIV() {
-		
-		String cm = getCipherMode();
-		
-		// Add any other cipher modes supported by JCE but not requiring IV.
-		// ECB is the only one I'm aware of that doesn't. Mode is not case
-		// sensitive.
-		if ( "ECB".equalsIgnoreCase(cm) ) {
-			return false;
-		}
-		return true;
-	}
-	
-	/**
-	 * Override {@code Object.toString()} to provide something more useful.
-	 * @return A meaningful string describing this object.
-	 */
-	@Override
-	public String toString() {
-		StringBuilder sb = new StringBuilder("CipherSpec: ");
-		sb.append( getCipherTransformation() ).append("; keysize= ").append( getKeySize() );
-		sb.append(" bits; blocksize= ").append( getBlockSize() ).append(" bytes");
-		byte[] iv = getIV();
-		String ivLen = null;
-		if ( iv != null ) {
-			ivLen = "" + iv.length;	// Convert length to a string
-		} else {
-			ivLen = "[No IV present (not set or not required)]";
-		}
-		sb.append("; IV length = ").append( ivLen ).append(" bytes.");
-		return sb.toString();
-	}
-	
+    /**
+     * CTOR that explicitly sets everything.
+     * @param cipherXform    The cipher transformation
+     * @param keySize        The key size (in bits).
+     * @param blockSize        The block size (in bytes).
+     * @param iv            The initialization vector. Null if not applicable.
+     */
+    public CipherSpec(String cipherXform, int keySize, int blockSize, final byte[] iv) {
+        setCipherTransformation(cipherXform);
+        setKeySize(keySize);
+        setBlockSize(blockSize);
+        setIV(iv);
+    }
+
+    /**
+     * CTOR that sets everything but IV.
+     * @param cipherXform    The cipher transformation
+     * @param keySize        The key size (in bits).
+     * @param blockSize        The block size (in bytes).
+     */
+    public CipherSpec(String cipherXform, int keySize, int blockSize) {
+        // Note: Do NOT use
+        //            this(cipherXform, keySize, blockSize, null);
+        // because of checks in setIV().
+        //
+        setCipherTransformation(cipherXform);
+        setKeySize(keySize);
+        setBlockSize(blockSize);
+    }
+
+    /** CTOR that sets everything but block size and IV. */
+    public CipherSpec(String cipherXform, int keySize) {
+        setCipherTransformation(cipherXform);
+        setKeySize(keySize);
+    }
+
+    /** CTOR that sets everything except block size. */
+    public CipherSpec(String cipherXform, int keySize, final byte[] iv) {
+        setCipherTransformation(cipherXform);
+        setKeySize(keySize);
+        setIV(iv);
+    }
+
+    /** CTOR that sets everything except for the cipher key size and possibly
+     *  the IV. (IV may not be applicable--e.g., with ECB--or may not have
+     *  been specified yet.
+     */
+    public CipherSpec(final Cipher cipher) {
+        setCipherTransformation(cipher.getAlgorithm(), true);
+        setBlockSize(cipher.getBlockSize());
+        if ( cipher.getIV() != null ) {
+            setIV(cipher.getIV());
+        }
+    }
+
+    /** CTOR that sets everything. */
+    public CipherSpec(final Cipher cipher, int keySize) {
+        this(cipher);
+        setKeySize(keySize);
+    }
+
+    /* CTOR that sets only the IV and uses defaults for everything else. */
+    public CipherSpec(final byte[] iv) {
+        setIV(iv);
+    }
+
+    /**
+     * Default CTOR. Creates a cipher specification for 128-bit cipher
+     * transformation of "AES/CBC/PKCS5Padding" and a {@code null} IV.
+     */
+    public CipherSpec() {
+        // All defaults
+    }
+
+    /**
+     * Set the cipher transformation for this {@code CipherSpec}.
+     * @param cipherXform    The cipher transformation string; e.g., "DESede/CBC/PKCS5Padding".
+     * @return    This current {@code CipherSpec} object.
+     */
+    public CipherSpec setCipherTransformation(String cipherXform) {
+        setCipherTransformation(cipherXform, false);
+        return this;
+    }
+
+    /**
+     * Set the cipher transformation for this {@code CipherSpec}. This is only
+     * used by the CTOR {@code CipherSpec(Cipher)} and {@code CipherSpec(Cipher, int)}.
+     * @param cipherXform    The cipher transformation string; e.g.,
+     *                         "DESede/CBC/PKCS5Padding". May not be null or empty.
+     * @param fromCipher If true, the cipher transformation was set via
+     *                      {@code Cipher.getAlgorithm()} which may only return the
+     *                      actual algorithm. In that case we check and if all 3 parts
+     *                      were not specified, then we specify the parts that were
+     *                      based on "ECB" as the default cipher mode and "NoPadding"
+     *                      as the default padding scheme.
+     * @return    This current {@code CipherSpec} object.
+     */
+    private CipherSpec setCipherTransformation(String cipherXform, boolean fromCipher) {
+        if ( ! StringUtilities.notNullOrEmpty(cipherXform, true) ) {    // Yes, really want '!' here.
+            throw new IllegalArgumentException("Cipher transformation may not be null or empty string (after trimming whitespace).");
+        }
+        int parts = cipherXform.split("/").length;
+
+            // Assertion should be okay here as these conditions are checked
+            // elsewhere and this method is private.
+        assert ( !fromCipher ? (parts == 3) : true ) :
+            "Malformed cipherXform (" + cipherXform + "); must have form: \"alg/mode/paddingscheme\"";
+        if ( fromCipher && (parts != 3)  ) {
+                // Indicates cipherXform was set based on Cipher.getAlgorithm()
+                // and thus may not be a *complete* cipher transformation.
+            if ( parts == 1 ) {
+                // Only algorithm was given.
+                cipherXform += "/ECB/NoPadding";
+            } else if ( parts == 2 ) {
+                // Only algorithm and mode was given.
+                cipherXform += "/NoPadding";
+            } else if ( parts == 3 ) {
+                        // All three parts provided. Do nothing. Could happen if not compiled with
+                        // assertions enabled, but there are explicit checks elsewhere.
+                ;    // Do nothing - shown only for completeness.
+            } else {
+                // Should never happen unless Cipher implementation is totally screwed up.
+                throw new IllegalArgumentException("Cipher transformation '" +
+                                cipherXform + "' must have form \"alg/mode/paddingscheme\"");
+            }
+        } else if ( !fromCipher && parts != 3 ) {
+            throw new IllegalArgumentException("Malformed cipherXform (" + cipherXform +
+                                               "); must have form: \"alg/mode/paddingscheme\"");
+        }
+            // Assertion should also be okay here as these conditions are checked
+            // elsewhere and this method is private.
+        assert cipherXform.split("/").length == 3 : "Implementation error setCipherTransformation()";
+        this.cipher_xform_ = cipherXform;
+        return this;
+    }
+
+    /**
+     * Get the cipher transformation.
+     * @return    The cipher transformation {@code String}.
+     */
+    public String getCipherTransformation() {
+        return cipher_xform_;
+    }
+
+    /**
+     * Set the key size for this {@code CipherSpec}.
+     * @param keySize    The key size, in bits. Must be positive integer.
+     * @return    This current {@code CipherSpec} object.
+     */
+    public CipherSpec setKeySize(int keySize) {
+        if ( keySize <= 0 ) {
+            throw new IllegalArgumentException("keySize must be > 0; keySize=" + keySize);
+        }
+        this.keySize_ = keySize;
+        return this;
+    }
+
+    /**
+     * Retrieve the key size, in bits.
+     * @return    The key size, in bits, is returned.
+     */
+    public int getKeySize() {
+        return keySize_;
+    }
+
+    /**
+     * Set the block size for this {@code CipherSpec}.
+     * @param blockSize    The block size, in bytes. Must be positive integer appropriate
+     *                     for the specified cipher algorithm.
+     * @return    This current {@code CipherSpec} object.
+     */
+    public CipherSpec setBlockSize(int blockSize) {
+        if ( blockSize <= 0 ) {
+            throw new IllegalArgumentException("blockSize must be > 0; blockSize=" + blockSize);
+        }
+        this.blockSize_ = blockSize;
+        blockSizeExplicitlySet = true;
+        return this;
+    }
+
+    /**
+     * Retrieve the block size, in bytes.
+     * @return    The block size, in bytes, is returned.
+     */
+    public int getBlockSize() {
+        return blockSize_;
+    }
+
+    /**
+     * Retrieve the cipher algorithm.
+     * @return    The cipher algorithm.
+     */
+    public String getCipherAlgorithm() {
+        return getFromCipherXform(CipherTransformationComponent.ALG);
+    }
+
+    /**
+     * Retrieve the cipher mode.
+     * @return    The cipher mode.
+     */
+    public String getCipherMode() {
+        return getFromCipherXform(CipherTransformationComponent.MODE);
+    }
+
+    /**
+     * Retrieve the cipher padding scheme.
+     * @return    The padding scheme is returned.
+     */
+    public String getPaddingScheme() {
+        return getFromCipherXform(CipherTransformationComponent.PADDING);
+    }
+
+    /**
+     * Retrieve the initialization vector (IV).
+     * @return    The IV as a byte array.
+     */
+    public byte[] getIV() {
+        return iv_;
+    }
+
+    /**
+     * Set the initialization vector (IV).
+     * @param iv    The byte array to set as the IV. A copy of the IV is saved.
+     *                 This parameter is ignored if the cipher mode does not
+     *                 require an IV.
+     * @return        This current {@code CipherSpec} object.
+     */
+    public CipherSpec setIV(final byte[] iv) {
+        if ( ! ( requiresIV() && (iv != null && iv.length != 0) ) ) {
+            throw new IllegalArgumentException("Required IV cannot be null or 0 length.");
+        }
+
+        // Don't store a reference, but make a copy! When an IV is provided, it generally should
+        // be the same length as the block size of the cipher.
+        if ( iv != null ) {    // Allow null IV for ECB mode.
+              // TODO: FIXME: As per email from Jeff Walton to Kevin Wall dated 12/03/2013,
+              //              this is not always true. E.g., for CCM, the IV length is supposed
+              //              to be 7, 8, 9, 10, 11, 12, or 13 octets because of
+              //              it's formatting function.
+/***
+            if ( iv.length != this.getBlockSize() && blockSizeExplicitlySet ) {
+                throw new IllegalArgumentException("IV must be same length as cipher block size (" +
+                                                    this.getBlockSize() + " bytes)");
+            }
+***/
+            iv_ = new byte[ iv.length ];
+            CryptoHelper.copyByteArray(iv, iv_);
+        }
+        return this;
+    }
+
+    /**
+     * Return true if the cipher mode requires an IV.
+     * @return True if the cipher mode requires an IV, otherwise false.
+     * */
+    public boolean requiresIV() {
+
+        String cm = getCipherMode();
+
+        // Add any other cipher modes supported by JCE but not requiring IV.
+        // ECB is the only one I'm aware of that doesn't. Mode is not case
+        // sensitive.
+        if ( "ECB".equalsIgnoreCase(cm) ) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Override {@code Object.toString()} to provide something more useful.
+     * @return A meaningful string describing this object.
+     */
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder("CipherSpec: ");
+        sb.append( getCipherTransformation() ).append("; keysize= ").append( getKeySize() );
+        sb.append(" bits; blocksize= ").append( getBlockSize() ).append(" bytes");
+        byte[] iv = getIV();
+        String ivLen = null;
+        if ( iv != null ) {
+            ivLen = "" + iv.length;    // Convert length to a string
+        } else {
+            ivLen = "[No IV present (not set or not required)]";
+        }
+        sb.append("; IV length = ").append( ivLen ).append(" bytes.");
+        return sb.toString();
+    }
+
     /**
      * {@inheritDoc}
      */
@@ -328,8 +355,8 @@ public boolean equals(Object other) {
                       NullSafe.equals(this.cipher_xform_, that.cipher_xform_) &&
                       this.keySize_ == that.keySize_ &&
                       this.blockSize_ == that.blockSize_ &&
-                        // Comparison safe from timing attacks.
-                      CryptoHelper.arrayCompare(this.iv_, that.iv_) );
+                        // In all versions of JDK 7 and later, comparison safe from timing attacks.
+                      java.security.MessageDigest.isEqual(this.iv_, that.iv_) );
         }
         return result;
     }
@@ -372,17 +399,19 @@ public int hashCode() {
      */
     protected boolean canEqual(Object other) {
         return (other instanceof CipherSpec);
-    }	
-	
-	/**
-	 * Split the current cipher transformation and return the requested part. 
-	 * @param component The component of the cipher transformation to return.
-	 * @return The cipher algorithm, cipher mode, or padding, as requested.
-	 */
-	private String getFromCipherXform(CipherTransformationComponent component) {
+    }
+
+    /**
+     * Split the current cipher transformation and return the requested part.
+     * @param component The component of the cipher transformation to return.
+     * @return The cipher algorithm, cipher mode, or padding, as requested.
+     */
+    private String getFromCipherXform(CipherTransformationComponent component) {
         int part = component.ordinal();
-		String[] parts = getCipherTransformation().split("/");
-		assert parts.length == 3 : "Invalid cipher transformation: " + getCipherTransformation();	
-		return parts[part];
-	}
+        String[] parts = getCipherTransformation().split("/");
+            // Assertion should also be okay here as these conditions are checked
+            // elsewhere and this method is private.
+        assert parts.length == 3 : "Invalid cipher transformation: " + getCipherTransformation();
+        return parts[part];
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 47e6fc78f..185ac5e14 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -1,6 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
@@ -26,6 +26,7 @@
 import org.owasp.esapi.Encryptor;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityRuntimeException;
 
 // CHECKME: Some of these assertions probably should be actual runtime checks
 //          with suitable exceptions to account for cases where programmers
@@ -54,31 +55,31 @@
  * @see org.owasp.esapi.Encryptor
  * @since 2.0
  */
-public final class CipherText implements Serializable {	
+public final class CipherText implements Serializable {
     // NOTE: Do NOT change this in future versions, unless you are knowingly
     //       making changes to the class that will render this class incompatible
     //       with previously serialized objects from older versions of this class.
-	//		 If this is done, that you must provide for supporting earlier ESAPI versions.
+    //       If this is done, that you must provide for supporting earlier ESAPI versions.
     //       Be wary making incompatible changes as discussed at:
     //          http://java.sun.com/javase/6/docs/platform/serialization/spec/version.html#6678
     //       Any incompatible change in the serialization of CipherText *must* be
     //       reflected in the class CipherTextSerializer.
     // This should be *same* version as in CipherTextSerializer and KeyDerivationFunction.
-	// If one changes, the other should as well to accommodate any differences.
-	//		Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
-	//						    20130830 - Fix to issue #306 (release 2.1.0)
-	public  static final int cipherTextVersion = 20130830; // Format: YYYYMMDD, max is 99991231.
-		// Required by Serializable classes.
-	private static final long serialVersionUID = cipherTextVersion; // Format: YYYYMMDD
-	
-	private static final Logger logger = ESAPI.getLogger("CipherText");
-    
+    // If one changes, the other should as well to accommodate any differences.
+    //      Previous versions:  20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+    //                          20130830 - Fix to issue #306 (release 2.1.0)
+    public  static final int cipherTextVersion = 20130830; // Format: YYYYMMDD, max is 99991231.
+        // Required by Serializable classes.
+    private static final long serialVersionUID = cipherTextVersion; // Format: YYYYMMDD
+
+    private static final Logger logger = ESAPI.getLogger("CipherText");
+
     private CipherSpec cipherSpec_           = null;
     private byte[]     raw_ciphertext_       = null;
     private byte[]     separate_mac_         = null;
     private long       encryption_timestamp_ = 0;
-    private int		   kdfVersion_           = KeyDerivationFunction.kdfVersion;
-    private int		   kdfPrfSelection_      = KeyDerivationFunction.getDefaultPRFSelection();
+    private int        kdfVersion_           = KeyDerivationFunction.kdfVersion;
+    private int        kdfPrfSelection_      = KeyDerivationFunction.getDefaultPRFSelection();
 
     // All the various pieces that can be set, either directly or indirectly
     // via CipherSpec.
@@ -93,7 +94,7 @@ private enum CipherTextFlags {
                    CipherTextFlags.PADDING,    CipherTextFlags.KEYSIZE,
                    CipherTextFlags.BLOCKSIZE,  CipherTextFlags.CIPHERTEXT,
                    CipherTextFlags.INITVECTOR);
-    
+
     // These are all the pieces we collect when passed a CipherSpec object.
     private final EnumSet<CipherTextFlags> fromCipherSpec =
         EnumSet.of(CipherTextFlags.ALGNAME,    CipherTextFlags.CIPHERMODE,
@@ -102,20 +103,22 @@ private enum CipherTextFlags {
 
     // How much we've collected so far. We start out with having collected nothing.
     private EnumSet<CipherTextFlags> progress = EnumSet.noneOf(CipherTextFlags.class);
-    
+
     // Check if versions of KeyDerivationFunction, CipherText, and
     // CipherTextSerializer are all the same.
     {
-    	// Ignore error about comparing identical versions and dead code.
-    	// We expect them to be, but the point is to catch us if they aren't.
-    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Versions of CipherTextSerializer and CipherText are not compatible.";
-    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
-    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+        // Ignore error about comparing identical versions and dead code.
+        // We expect them to be, but the point is to catch us if they aren't.
+        if ( CipherTextSerializer.cipherTextSerializerVersion != CipherText.cipherTextVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and CipherText are not compatible.");
+        }
+        if ( CipherTextSerializer.cipherTextSerializerVersion != KeyDerivationFunction.kdfVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.");
+        }
     }
 
     ///////////////////////////  C O N S T R U C T O R S  /////////////////////////
-    
+
     /**
      * Default CTOR. Takes all the defaults from the ESAPI.properties, or
      * default values from initial values from this class (when appropriate)
@@ -125,12 +128,12 @@ public CipherText() {
         cipherSpec_ = new CipherSpec(); // Uses default for everything but IV.
         received(fromCipherSpec);
     }
-    
+
     /**
      * Construct from a {@code CipherSpec} object. Still needs to have
      * {@link #setCiphertext(byte[])} or {@link #setIVandCiphertext(byte[], byte[])}
      * called to be usable.
-     * 
+     *
      * @param cipherSpec The cipher specification to use.
      */
     public CipherText(final CipherSpec cipherSpec) {
@@ -140,10 +143,10 @@ public CipherText(final CipherSpec cipherSpec) {
             received(CipherTextFlags.INITVECTOR);
         }
     }
-    
+
     /**
      * Construct from a {@code CipherSpec} object and the raw ciphertext.
-     * 
+     *
      * @param cipherSpec The cipher specification to use.
      * @param cipherText The raw ciphertext bytes to use.
      * @throws EncryptionException  Thrown if {@code cipherText} is null or
@@ -159,7 +162,7 @@ public CipherText(final CipherSpec cipherSpec, byte[] cipherText)
             received(CipherTextFlags.INITVECTOR);
         }
     }
-    
+
     /** Create a {@code CipherText} object from what is supposed to be a
      *  portable serialized byte array, given in network byte order, that
      *  represents a valid, previously serialized {@code CipherText} object
@@ -179,89 +182,89 @@ public static CipherText fromPortableSerializedBytes(byte[] bytes)
 
     /////////////////////////  P U B L I C   M E T H O D S  ////////////////////
 
-	/**
-	 * Obtain the String representing the cipher transformation used to encrypt
-	 * the plaintext. The cipher transformation represents the cipher algorithm,
-	 * the cipher mode, and the padding scheme used to do the encryption. An
-	 * example would be "AES/CBC/PKCS5Padding". See Appendix A in the
-	 * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA">
-	 * Java Cryptography Architecture Reference Guide</a>
-	 * for information about standard supported cipher transformation names.
-	 * <p>
-	 * The cipher transformation name is usually sufficient to be passed to
-	 * {@link javax.crypto.Cipher#getInstance(String)} to create a
-	 * <code>Cipher</code> object to decrypt the ciphertext.
-	 * 
-	 * @return The cipher transformation name used to encrypt the plaintext
-	 * 		   resulting in this ciphertext.
-	 */
+    /**
+     * Obtain the String representing the cipher transformation used to encrypt
+     * the plaintext. The cipher transformation represents the cipher algorithm,
+     * the cipher mode, and the padding scheme used to do the encryption. An
+     * example would be "AES/CBC/PKCS5Padding". See Appendix A in the
+     * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA">
+     * Java Cryptography Architecture Reference Guide</a>
+     * for information about standard supported cipher transformation names.
+     * <p>
+     * The cipher transformation name is usually sufficient to be passed to
+     * {@link javax.crypto.Cipher#getInstance(String)} to create a
+     * <code>Cipher</code> object to decrypt the ciphertext.
+     *
+     * @return The cipher transformation name used to encrypt the plaintext
+     *         resulting in this ciphertext.
+     */
     public String getCipherTransformation() {
         return cipherSpec_.getCipherTransformation();
     }
-	
-	/**
-	 * Obtain the name of the cipher algorithm used for encrypting the
-	 * plaintext.
-	 * 
-	 * @return The name as the cryptographic algorithm used to perform the
-	 * 		   encryption resulting in this ciphertext.
-	 */
+
+    /**
+     * Obtain the name of the cipher algorithm used for encrypting the
+     * plaintext.
+     *
+     * @return The name as the cryptographic algorithm used to perform the
+     *         encryption resulting in this ciphertext.
+     */
     public String getCipherAlgorithm() {
         return cipherSpec_.getCipherAlgorithm();
     }
-	
-	/**
-	 * Retrieve the key size used with the cipher algorithm that was used to
-	 * encrypt data to produce this ciphertext.
-	 * 
-	 * @return The key size in bits. We work in bits because that's the crypto way!
-	 */
+
+    /**
+     * Retrieve the key size used with the cipher algorithm that was used to
+     * encrypt data to produce this ciphertext.
+     *
+     * @return The key size in bits. We work in bits because that's the crypto way!
+     */
     public int getKeySize() {
         return cipherSpec_.getKeySize();
     }
-	
-	/**
-	 * Retrieve the block size (in bytes!) of the cipher used for encryption.
-	 * (Note: If an IV is used, this will also be the IV length.)
-	 * 
-	 * @return The block size in bytes. (Bits, bytes! It's confusing I know. Blame
-	 * 									the cryptographers; we've just following
-	 * 									convention.)
-	 */
+
+    /**
+     * Retrieve the block size (in bytes!) of the cipher used for encryption.
+     * (Note: If an IV is used, this will also be the IV length.)
+     *
+     * @return The block size in bytes. (Bits, bytes! It's confusing I know. Blame
+     *                                  the cryptographers; we've just following
+     *                                  convention.)
+     */
     public int getBlockSize() {
         return cipherSpec_.getBlockSize();
     }
-	
-	/**
-	 * Get the name of the cipher mode used to encrypt some plaintext.
-	 * 
-	 * @return The name of the cipher mode used to encrypt the plaintext
-	 *         resulting in this ciphertext. E.g., "CBC" for "cipher block
-	 *         chaining", "ECB" for "electronic code book", etc.
-	 */
+
+    /**
+     * Get the name of the cipher mode used to encrypt some plaintext.
+     *
+     * @return The name of the cipher mode used to encrypt the plaintext
+     *         resulting in this ciphertext. E.g., "CBC" for "cipher block
+     *         chaining", "ECB" for "electronic code book", etc.
+     */
     public String getCipherMode() {
         return cipherSpec_.getCipherMode();
     }
-	
-	/**
-	 * Get the name of the padding scheme used to encrypt some plaintext.
-	 * 
-	 * @return The name of the padding scheme used to encrypt the plaintext
-	 * 		   resulting in this ciphertext. Example: "PKCS5Padding". If no
-	 * 		   padding was used "None" is returned.
-	 */
+
+    /**
+     * Get the name of the padding scheme used to encrypt some plaintext.
+     *
+     * @return The name of the padding scheme used to encrypt the plaintext
+     *         resulting in this ciphertext. Example: "PKCS5Padding". If no
+     *         padding was used "None" is returned.
+     */
     public String getPaddingScheme() {
         return cipherSpec_.getPaddingScheme();
     }
-	
-	/**
-	 * Return the initialization vector (IV) used to encrypt the plaintext
-	 * if applicable.
-	 *  
-	 * @return	The IV is returned if the cipher mode used to encrypt the
-	 * 			plaintext was not "ECB". ECB mode does not use an IV so in
-	 * 			that case, <code>null</code> is returned.
-	 */
+
+    /**
+     * Return the initialization vector (IV) used to encrypt the plaintext
+     * if applicable.
+     *
+     * @return  The IV is returned if the cipher mode used to encrypt the
+     *          plaintext was not "ECB". ECB mode does not use an IV so in
+     *          that case, <code>null</code> is returned.
+     */
     public byte[] getIV() {
         if ( isCollected(CipherTextFlags.INITVECTOR) ) {
             return cipherSpec_.getIV();
@@ -270,242 +273,260 @@ public byte[] getIV() {
             return null;
         }
     }
-	
-	/** 
-	 * Return true if the cipher mode used requires an IV. Usually this will
-	 * be true unless ECB mode (which should be avoided whenever possible) is
-	 * used.
-	 */
+
+    /**
+     * Return true if the cipher mode used requires an IV. Usually this will
+     * be true unless ECB mode (which should be avoided whenever possible) is
+     * used.
+     */
     public boolean requiresIV() {
         return cipherSpec_.requiresIV();
     }
-	
-	/**
-	 * Get the raw ciphertext byte array resulting from encrypting some
-	 * plaintext.
-	 * 
-	 * @return A copy of the raw ciphertext as a byte array.
-	 */
-	public byte[] getRawCipherText() {
-	    if ( isCollected(CipherTextFlags.CIPHERTEXT) ) {
-	        byte[] copy = new byte[ raw_ciphertext_.length ];
-	        System.arraycopy(raw_ciphertext_, 0, copy, 0, raw_ciphertext_.length);
-	        return copy;
-	    } else {
-	        logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext not set yet; unable to retrieve; returning null");
-	        return null;
-	    }
-	}
-	
-	/**
-	 * Get number of bytes in raw ciphertext. Zero is returned if ciphertext has not
-	 * yet been stored.
-	 * 
-	 * @return The number of bytes of raw ciphertext; 0 if no raw ciphertext has been stored.
-	 */
-	public int getRawCipherTextByteLength() {
-	    if ( raw_ciphertext_ != null ) {
-	        return raw_ciphertext_.length;
-	    } else {
-	        return 0;
-	    }
-	}
-
-	/**
-	 * Return a base64-encoded representation of the raw ciphertext alone. Even
-	 * in the case where an IV is used, the IV is not prepended before the
-	 * base64-encoding is performed.
-	 * <p>
-	 * If there is a need to store an encrypted value, say in a database, this
-	 * is <i>not</i> the method you should use unless you are using a <i>fixed</i>
-	 * IV or are planning on retrieving the IV and storing it somewhere separately
-	 * (e.g., a different database column). If you are <i>not</i> using a fixed IV
-	 * (which is <strong>highly</strong> discouraged), you should normally use
-	 * {@link #getEncodedIVCipherText()} instead.
-	 * </p>
-	 * @see #getEncodedIVCipherText()
-	 */
-	public String getBase64EncodedRawCipherText() {
-	    return ESAPI.encoder().encodeForBase64(getRawCipherText(),false);
-	}
-	
-	/**
-	 * Return the ciphertext as a base64-encoded <code>String</code>. If an
-	 * IV was used, the IV if first prepended to the raw ciphertext before
-	 * base64-encoding. If an IV is not used, then this method returns the same
-	 * value as {@link #getBase64EncodedRawCipherText()}.
-	 * <p>
-	 * Generally, this is the method that you should use unless you only
-	 * are using a fixed IV and a storing that IV separately, in which case
-	 * using {@link #getBase64EncodedRawCipherText()} can reduce the storage
-	 * overhead.
-	 * </p>
-	 * @return The base64-encoded ciphertext or base64-encoded IV + ciphertext.
-	 * @see #getBase64EncodedRawCipherText()
-	 */
-	public String getEncodedIVCipherText() {
-	    if ( isCollected(CipherTextFlags.INITVECTOR) && isCollected(CipherTextFlags.CIPHERTEXT) ) {
-	        // First concatenate IV + raw ciphertext
-	        byte[] iv = getIV();
-	        byte[] raw = getRawCipherText();
-	        byte[] ivPlusCipherText = new byte[ iv.length + raw.length ];
-	        System.arraycopy(iv, 0, ivPlusCipherText, 0, iv.length);
-	        System.arraycopy(raw, 0, ivPlusCipherText, iv.length, raw.length);
-	        // Then return the base64 encoded result
-	        return ESAPI.encoder().encodeForBase64(ivPlusCipherText, false);
-	    } else {
-	        logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext and/or IV not set yet; unable to retrieve; returning null");
-	        return null;
-	    }
-	}
-
-	/**
-	 * Compute and store the Message Authentication Code (MAC) if the ESAPI property
-	 * {@code Encryptor.CipherText.useMAC} is set to {@code true}. If it
-	 * is, the MAC is conceptually calculated as:
-	 * <pre>
-	 * 		authKey = DerivedKey(secret_key, "authenticate")
-	 * 		HMAC-SHA1(authKey, IV + secret_key)
-	 * </pre>
-	 * where derived key is an HMacSHA1, possibly repeated multiple times.
-	 * (See {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
-	 * for details.)
-	 * </p><p>
-	 * <b>Perceived Benefits</b>: There are certain cases where if an attacker
-	 * is able to change the IV. When one uses a authenticity key that is
-	 * derived from the "master" key, it also makes it possible to know when
-	 * the incorrect key was attempted to be used to decrypt the ciphertext.
-	 * </p><p>
-	 * <b>NOTE:</b> The purpose of this MAC (which is always computed by the
-	 * ESAPI reference model implementing {@code Encryptor}) is to ensure the
-	 * authenticity of the IV and ciphertext. Among other things, this prevents
-	 * an adversary from substituting the IV with one of their own choosing.
-	 * Because we don't know whether or not the recipient of this {@code CipherText}
-	 * object will want to validate the authenticity or not, the reference
-	 * implementation of {@code Encryptor} always computes it and includes it.
-	 * The recipient of the ciphertext can then choose whether or not to validate
-	 * it.
-	 * 
-	 * @param authKey The secret key that is used for proving authenticity of
-	 * 				the IV and ciphertext. This key should be derived from
-	 * 				the {@code SecretKey} passed to the
-	 * 				{@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
-	 *				and
-	 *				{@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
-	 *				methods or the "master" key when those corresponding
-	 *				encrypt / decrypt methods are used. This authenticity key
-	 *				should be the same length and for the same cipher algorithm
-	 *				as this {@code SecretKey}. The method
-	 *				{@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
-	 *				is a secure way to produce this derived key.
-	 */		// DISCUSS - Cryptographers David Wagner, Ian Grigg, and others suggest
-			// computing authenticity using derived key and HmacSHA1 of IV + ciphertext.
-			// However they also argue that what should be returned and treated as
-			// (i.e., stored as) ciphertext would be something like this:
-			//		len_of_raw_ciphertext + IV + raw_ciphertext + MAC
-			// TODO: Need to do something like this for custom serialization and then
-	        // document order / format so it can be used by other ESAPI implementations.
-	public void computeAndStoreMAC(SecretKey authKey) {
-	    assert !macComputed() : "Programming error: Can't store message integrity code " +
-	                            "while encrypting; computeAndStoreMAC() called multiple times.";
-	    assert collectedAll() : "Have not collected all required information to compute and store MAC.";
-	    byte[] result = computeMAC(authKey);
-	    if ( result != null ) {
-	        storeSeparateMAC(result);
-	    }
-	    // If 'result' is null, we already logged this in computeMAC().
-	}
-	
-	/**
-	 * Same as {@link #computeAndStoreMAC(SecretKey)} but this is only used by
-	 * {@code CipherTextSerializeer}. (Has package level access.)
-	 */ // CHECKME: For this to be "safe", it requires ESAPI jar to be sealed.
-	void storeSeparateMAC(byte[] macValue) {
-	    if ( !macComputed() ) {
-	        separate_mac_ = new byte[ macValue.length ];
-	        CryptoHelper.copyByteArray(macValue, separate_mac_);
-	        assert macComputed();
-	    }
-	}
-	
-	/**
-	 * Validate the message authentication code (MAC) associated with the ciphertext.
-	 * This is mostly meant to ensure that an attacker has not replaced the IV
-	 * or raw ciphertext with something arbitrary. Note however that it will
-	 * <i>not</i> detect the case where an attacker simply substitutes one
-	 * valid ciphertext with another ciphertext.
-	 * 
-	 * @param authKey The secret key that is used for proving authenticity of
-	 * 				the IV and ciphertext. This key should be derived from
-	 * 				the {@code SecretKey} passed to the
-	 * 				{@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
-	 *				and
-	 *				{@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
-	 *				methods or the "master" key when those corresponding
-	 *				encrypt / decrypt methods are used. This authenticity key
-	 *				should be the same length and for the same cipher algorithm
-	 *				as this {@code SecretKey}. The method
-	 *				{@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
-	 *				is a secure way to produce this derived key.
-	 * @return True if the ciphertext has not be tampered with, and false otherwise.
-	 */
-	public boolean validateMAC(SecretKey authKey) {
-	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
-
-	    if (  requiresMAC && macComputed() ) {  // Uses MAC and it was computed
-	        // Calculate MAC from HMAC-SHA1(nonce, IV + plaintext) and
-	        // compare to stored value (separate_mac_). If same, then return true,
-	        // else return false.
-	        byte[] mac = computeMAC(authKey);
-	        assert mac.length == separate_mac_.length : "MACs are of differnt lengths. Should both be the same.";
-	        return CryptoHelper.arrayCompare(mac, separate_mac_); // Safe compare!!!
-	    } else if ( ! requiresMAC ) {           // Doesn't require a MAC
-	        return true;
-	    } else {
-	    		// This *used* to be the case (for versions 2.0 and 2.0.1) where we tried to
-	    		// accomodate the deprecated decrypt() method from ESAPI 1.4. Unfortunately,
-	    		// that was an EPIC FAIL. (See Google Issue # 306 for details.)
-	        logger.warning(Logger.SECURITY_FAILURE, "MAC may have been tampered with (e.g., length set to 0).");
-	        return false;    // Deprecated decrypt() method removed, so now return false.
-	    }
-	}
-	
-	/**
-	 * Return this {@code CipherText} object as a portable (i.e., network byte
-	 * ordered) serialized byte array. Note this is <b>not</b> the same as
-	 * returning a serialized object using Java serialization. Instead this
-	 * is a representation that all ESAPI implementations will use to pass
-	 * ciphertext between different programming language implementations.
-	 * 
-	 * @return A network byte-ordered serialized representation of this object.
-	 * @throws EncryptionException
-	 */    // DISCUSS: This method name sucks too. Suggestions???
-	public byte[] asPortableSerializedByteArray() throws EncryptionException {
+
+    /**
+     * Get the raw ciphertext byte array resulting from encrypting some
+     * plaintext.
+     *
+     * @return A copy of the raw ciphertext as a byte array.
+     */
+    public byte[] getRawCipherText() {
+        if ( isCollected(CipherTextFlags.CIPHERTEXT) ) {
+            byte[] copy = new byte[ raw_ciphertext_.length ];
+            System.arraycopy(raw_ciphertext_, 0, copy, 0, raw_ciphertext_.length);
+            return copy;
+        } else {
+            logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext not set yet; unable to retrieve; returning null");
+            return null;
+        }
+    }
+
+    /**
+     * Get number of bytes in raw ciphertext. Zero is returned if ciphertext has not
+     * yet been stored.
+     *
+     * @return The number of bytes of raw ciphertext; 0 if no raw ciphertext has been stored.
+     */
+    public int getRawCipherTextByteLength() {
+        if ( raw_ciphertext_ != null ) {
+            return raw_ciphertext_.length;
+        } else {
+            return 0;
+        }
+    }
+
+    /**
+     * Return a base64-encoded representation of the raw ciphertext alone. Even
+     * in the case where an IV is used, the IV is not prepended before the
+     * base64-encoding is performed.
+     * <p>
+     * If there is a need to store an encrypted value, say in a database, this
+     * is <i>not</i> the method you should use unless you are using are storing the
+     * IV separately (i.e., in a separate DB column), which doesn't make a lot of sense.
+     * Normally, you should prefer the method {@link #getEncodedIVCipherText()} instead as
+     * it will return the IV prepended to the ciphertext.
+     * </p>
+     * @see #getEncodedIVCipherText()
+     */
+    public String getBase64EncodedRawCipherText() {
+        return ESAPI.encoder().encodeForBase64(getRawCipherText(),false);
+    }
+
+    /**
+     * Return the ciphertext as a base64-encoded <code>String</code>. If an
+     * IV was used, the IV if first prepended to the raw ciphertext before
+     * base64-encoding. If an IV is not used, then this method returns the same
+     * value as {@link #getBase64EncodedRawCipherText()}.
+     * <p>
+     * @return The base64-encoded ciphertext or base64-encoded IV + ciphertext.
+     * @see #getBase64EncodedRawCipherText()
+     */
+    public String getEncodedIVCipherText() {
+        if ( isCollected(CipherTextFlags.INITVECTOR) && isCollected(CipherTextFlags.CIPHERTEXT) ) {
+            // First concatenate IV + raw ciphertext
+            byte[] iv = getIV();
+            byte[] raw = getRawCipherText();
+            byte[] ivPlusCipherText = new byte[ iv.length + raw.length ];
+            System.arraycopy(iv, 0, ivPlusCipherText, 0, iv.length);
+            System.arraycopy(raw, 0, ivPlusCipherText, iv.length, raw.length);
+            // Then return the base64 encoded result
+            return ESAPI.encoder().encodeForBase64(ivPlusCipherText, false);
+        } else {
+            logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext and/or IV not set yet; unable to retrieve; returning null");
+            return null;
+        }
+    }
+
+    /**
+     * Compute and store the Message Authentication Code (MAC) if the ESAPI property
+     * {@code Encryptor.CipherText.useMAC} is set to {@code true}. If it
+     * is, the MAC is conceptually calculated as:
+     * <pre>
+     *      authKey = DerivedKey(secret_key, "authenticate")
+     *      HMAC-SHA1(authKey, IV + secret_key)
+     * </pre>
+     * where derived key is an HMacSHA1, possibly repeated multiple times.
+     * (See {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
+     * for details.)
+     * </p><p>
+     * <b>Perceived Benefits</b>: There are certain cases where if an attacker
+     * is able to change the IV. When one uses a authenticity key that is
+     * derived from the "master" key, it also makes it possible to know when
+     * the incorrect key was attempted to be used to decrypt the ciphertext.
+     * </p><p>
+     * <b>NOTE:</b> The purpose of this MAC (which is always computed by the
+     * ESAPI reference model implementing {@code Encryptor}) is to ensure the
+     * authenticity of the IV and ciphertext. Among other things, this prevents
+     * an adversary from substituting the IV with one of their own choosing.
+     * Because we don't know whether or not the recipient of this {@code CipherText}
+     * object will want to validate the authenticity or not, the reference
+     * implementation of {@code Encryptor} always computes it and includes it.
+     * The recipient of the ciphertext can then choose whether or not to validate
+     * it.
+     *
+     * @param authKey The secret key that is used for proving authenticity of
+     *              the IV and ciphertext. This key should be derived from
+     *              the {@code SecretKey} passed to the
+     *              {@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
+     *              and
+     *              {@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
+     *              methods or the "master" key when those corresponding
+     *              encrypt / decrypt methods are used. This authenticity key
+     *              should be the same length and for the same cipher algorithm
+     *              as this {@code SecretKey}. The method
+     *              {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
+     *              is a secure way to produce this derived key.
+     */     // DISCUSS - Cryptographers David Wagner, Ian Grigg, and others suggest
+            // computing authenticity using derived key and HmacSHA1 of IV + ciphertext.
+            // However they also argue that what should be returned and treated as
+            // (i.e., stored as) ciphertext would be something like this:
+            //      len_of_raw_ciphertext + IV + raw_ciphertext + MAC
+            // However, Schneier's & Ferguson's Horton Principle would argue
+            // that whatever data that one sends needs to be authenticated, so
+            // that would minimally mean that len_of_raw_ciphertext would need
+            // to be included in the MAC calculation. Failure to heed the Horton
+            // Principle has already resulted in CVE-2013-5960.
+            //
+            // TODO: Need to do something like this for custom serialization and then
+            // document order / format so it can be used by other ESAPI implementations.
+    public void computeAndStoreMAC(SecretKey authKey) {
+        if ( macComputed() ) {
+            String exm = "Programming error: Can't store message authentication code " +
+                         "while encrypting; computeAndStoreMAC() called multiple times.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+        if ( ! collectedAll() ) {
+            String exm = "Have not collected all required information to compute and store MAC.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+        byte[] result = computeMAC(authKey);
+        if ( result != null ) {
+            storeSeparateMAC(result);
+        }
+        // If 'result' is null, we already logged this in computeMAC().
+    }
+
+    /**
+     * Same as {@link #computeAndStoreMAC(SecretKey)} but this is only used by
+     * {@code CipherTextSerializeer}. (Has package level access.)
+     */ // CHECKME: For this to be "safe", it requires ESAPI jar to be sealed.
+    void storeSeparateMAC(byte[] macValue) {
+        if ( !macComputed() ) {
+            separate_mac_ = new byte[ macValue.length ];
+            CryptoHelper.copyByteArray(macValue, separate_mac_);
+            // This assertion should be okay as it's just a sanity check.
+            assert macComputed() : "MAC failed to compute correctly!";
+        }
+    }
+
+    /**
+     * Validate the message authentication code (MAC) associated with the ciphertext.
+     * This is mostly meant to ensure that an attacker has not replaced the IV
+     * or raw ciphertext with something arbitrary. Note however that it will
+     * <i>not</i> detect the case where an attacker simply substitutes one
+     * valid ciphertext with another ciphertext.
+     *
+     * @param authKey The secret key that is used for proving authenticity of
+     *              the IV and ciphertext. This key should be derived from
+     *              the {@code SecretKey} passed to the
+     *              {@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
+     *              and
+     *              {@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
+     *              methods or the "master" key when those corresponding
+     *              encrypt / decrypt methods are used. This authenticity key
+     *              should be the same length and for the same cipher algorithm
+     *              as this {@code SecretKey}. The method
+     *              {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
+     *              is a secure way to produce this derived key.
+     * @return True if the ciphertext has not be tampered with, and false otherwise.
+     */
+    public boolean validateMAC(SecretKey authKey) {
+        boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
+
+        if (  requiresMAC && macComputed() ) {  // Uses MAC and it was computed
+            // Calculate MAC from HMAC-SHA1(nonce, IV + plaintext) and
+            // compare to stored value (separate_mac_). If same, then return true,
+            // else return false.
+            byte[] mac = computeMAC(authKey);
+            if ( mac.length != separate_mac_.length ) {
+                    // Note: We want some type of unchecked exception
+                    //       here so this will not require code changes.
+                    //       Unfortunately, EncryptionException, which might
+                    //       make more sense here, is not a RuntimeException.
+                    String exm = "MACs are of different lengths. " +
+                                 "Should both be the same length";
+                    throw new EnterpriseSecurityRuntimeException(exm,
+                                "Possible tampering of MAC? " + exm +
+                                "computed MAC len: " + mac.length +
+                                ", received MAC len: " + separate_mac_.length);
+            }
+            return java.security.MessageDigest.isEqual(mac, separate_mac_); // Safe compare in JDK 7 and later
+        } else if ( ! requiresMAC ) {           // Doesn't require a MAC
+            return true;
+        } else {
+                // This *used* to be the case (for versions 2.0 and 2.0.1) where we tried to
+                // accomodate the deprecated decrypt() method from ESAPI 1.4. Unfortunately,
+                // that was an EPIC FAIL. (See Google Issue # 306 for details.)
+            logger.warning(Logger.SECURITY_FAILURE, "MAC may have been tampered with (e.g., length set to 0).");
+            return false;    // Deprecated decrypt() method removed, so now return false.
+        }
+    }
+
+    /**
+     * Return this {@code CipherText} object as a portable (i.e., network byte
+     * ordered) serialized byte array. Note this is <b>not</b> the same as
+     * returning a serialized object using Java serialization. Instead, this
+     * is a representation that all ESAPI implementations will use to pass
+     * ciphertext between different programming language implementations.
+     *
+     * @return A network byte-ordered serialized representation of this object.
+     * @throws EncryptionException
+     */    // DISCUSS: This method name sucks too. Suggestions???
+    public byte[] asPortableSerializedByteArray() throws EncryptionException {
         // Check if this CipherText object is "complete", i.e., all
         // mandatory has been collected.
-	    if ( ! collectedAll() ) {
-	        String msg = "Can't serialize this CipherText object yet as not " +
-	                     "all mandatory information has been collected";
-	        throw new EncryptionException("Can't serialize incomplete ciphertext info", msg);
-	    }
-	    
-	    // If we are supposed to be using a (separate) MAC, also make sure
-	    // that it has been computed/stored.
-	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
-	    if (  requiresMAC && ! macComputed() ) {
-	        String msg = "Programming error: MAC is required for this cipher mode (" +
-	                     getCipherMode() + "), but MAC has not yet been " +
-	                     "computed and stored. Call the method " +
-	                     "computeAndStoreMAC(SecretKey) first before " +
-	                     "attempting serialization.";
-	        throw new EncryptionException("Can't serialize ciphertext info: Data integrity issue.",
-	                                      msg);
-	    }
-	    
-	    // OK, everything ready, so give it a shot.
-	    return new CipherTextSerializer(this).asSerializedByteArray();
-	}
-	
+        if ( ! collectedAll() ) {
+            String msg = "Can't serialize this CipherText object yet as not " +
+                         "all mandatory information has been collected";
+            throw new EncryptionException("Can't serialize incomplete ciphertext info", msg);
+        }
+
+        // If we are supposed to be using a (separate) MAC, also make sure
+        // that it has been computed/stored.
+        boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
+        if (  requiresMAC && ! macComputed() ) {
+            String msg = "Programming error: MAC is required for this cipher mode (" +
+                         getCipherMode() + "), but MAC has not yet been " +
+                         "computed and stored. Call the method " +
+                         "computeAndStoreMAC(SecretKey) first before " +
+                         "attempting serialization.";
+            throw new EncryptionException("Can't serialize ciphertext info: Data integrity issue.",
+                                          msg);
+        }
+
+        // OK, everything ready, so give it a shot.
+        return new CipherTextSerializer(this).asSerializedByteArray();
+    }
+
     ///// Setters /////
     /**
      * Set the raw ciphertext.
@@ -534,7 +555,7 @@ public void setCiphertext(byte[] ciphertext)
             throw new EncryptionException("MAC already set; cannot store new raw ciphertext", logMsg);
         }
     }
-    
+
     /**
      * Set the IV and raw ciphertext.
      * @param iv            The initialization vector.
@@ -561,6 +582,11 @@ public void setIVandCiphertext(byte[] iv, byte[] ciphertext)
                                                   "Cipher mode " + getCipherMode() + " has null or empty IV");
                 }
             } else if ( iv.length != getBlockSize() ) {
+// TODO: FIXME: As per email from Jeff Walton to Kevin Wall dated 12/03/2013,
+//            this is not always true. E.g., for CCM, the IV length is supposed
+//            to be 7, 8,  7, 8, 9, 10, 11, 12, or 13 octets because of
+//            it's formatting function, the rest of the octets are used by the
+//            nonce/counter. E.g., see RFCs 4309, 8750, and related RFCs.
                     throw new EncryptionException("Encryption failed -- bad parameters passed to encrypt",  // DISCUSS - also log? See below.
                                                   "IV length does not match cipher block size of " + getBlockSize());
             }
@@ -573,34 +599,36 @@ public void setIVandCiphertext(byte[] iv, byte[] ciphertext)
             throw new EncryptionException("Validation of decryption failed.", logMsg);
         }
     }
-    
+
     public int getKDFVersion() {
-    	return kdfVersion_;
+        return kdfVersion_;
     }
 
     public void setKDFVersion(int vers) {
-    	CryptoHelper.isValidKDFVersion(vers, false, true);
-    	kdfVersion_ = vers;
+        CryptoHelper.isValidKDFVersion(vers, false, true);
+        kdfVersion_ = vers;
     }
-    
+
     public KeyDerivationFunction.PRF_ALGORITHMS getKDF_PRF() {
-    	return KeyDerivationFunction.convertIntToPRF(kdfPrfSelection_);
+        return KeyDerivationFunction.convertIntToPRF(kdfPrfSelection_);
     }
 
     int kdfPRFAsInt() {
-    	return kdfPrfSelection_;
+        return kdfPrfSelection_;
     }
-    
+
     public void setKDF_PRF(int prfSelection) {
-        assert prfSelection >= 0 && prfSelection <= 15 : "kdfPrf == " + prfSelection + " must be between 0 and 15.";
-    	kdfPrfSelection_ = prfSelection;
+        if ( prfSelection < 0 || prfSelection > 15 ) {
+            throw new IllegalArgumentException("kdfPrf == " + prfSelection + " must be between 0 and 15, inclusive.");
+        }
+        kdfPrfSelection_ = prfSelection;
     }
-    
+
     /** Get stored time stamp representing when data was encrypted. */
     public long getEncryptionTimestamp() {
         return encryption_timestamp_;
     }
-    
+
     /**
      * Set the encryption timestamp to the current system time as determined by
      * {@code System.currentTimeMillis()}, but only if it has not been previously
@@ -619,32 +647,26 @@ private void setEncryptionTimestamp() {
         }
         encryption_timestamp_ = System.currentTimeMillis();
     }
- 
+
     /**
      * Set the encryption timestamp to the time stamp specified by the parameter.
      * </p><p>
      * This method is intended for use only by {@code CipherTextSerializer}.
-     * 
+     *
      * @param timestamp The time in milliseconds since epoch time (midnight,
      *                  January 1, 1970 GMT).
      */ // Package level access. ESAPI jar should be sealed and signed.
     void setEncryptionTimestamp(long timestamp) {
-        assert timestamp > 0 : "Timestamp must be greater than zero.";
+        if ( timestamp <= 0 ) {
+            throw new IllegalArgumentException("Timestamp must be greater than zero.");
+        }
         if ( encryption_timestamp_ == 0 ) {     // Only set it if it's not yet been set.
             logger.warning(Logger.EVENT_FAILURE, "Attempt to reset non-zero " +
                            "CipherText encryption timestamp to " + new Date(timestamp) + "!");
         }
         encryption_timestamp_ = timestamp;
     }
-    
-    /** Used in supporting {@code CipherText} serialization.
-     * @deprecated	Use {@code CipherText.cipherTextVersion} instead. Will
-     * 				disappear as of ESAPI 2.1.
-     */
-    public static long getSerialVersionUID() {
-        return CipherText.serialVersionUID;
-    }
-    
+
     /** Return the separately calculated Message Authentication Code (MAC) that
      * is computed via the {@code computeAndStoreMAC(SecretKey authKey)} method.
      * @return The copy of the computed MAC, or {@code null} if one is not used.
@@ -655,9 +677,9 @@ public byte[] getSeparateMAC() {
         }
         byte[] copy = new byte[ separate_mac_.length ];
         System.arraycopy(separate_mac_, 0, copy, 0, separate_mac_.length);
-        return copy;   
+        return copy;
     }
-    
+
     /**
      * More useful {@code toString()} method.
      */
@@ -669,9 +691,12 @@ public String toString() {
         int n = getRawCipherTextByteLength();
         String rawCipherText = (( n > 0 ) ? "present (" + n + " bytes)" : "absent");
         String mac = (( separate_mac_ != null ) ? "present" : "absent");
-        sb.append("Creation time: ").append(creationTime);
-        sb.append(", raw ciphertext is ").append(rawCipherText);
-        sb.append(", MAC is ").append(mac).append("; ");
+
+        sb.append("KDF Version: ").append( kdfVersion_ );
+        sb.append(", KDF PRF: ").append( kdfPRFAsInt() );
+        sb.append("; Creation time: ").append(creationTime);
+        sb.append("; raw ciphertext is ").append(rawCipherText);
+        sb.append("; MAC is ").append(mac).append("; ");
         sb.append( cipherSpec_.toString() );
         return sb.toString();
     }
@@ -691,8 +716,8 @@ public String toString() {
                 result = (that.canEqual(this) &&
                           this.cipherSpec_.equals(that.cipherSpec_) &&
                             // Safe comparison, resistant to timing attacks
-                          CryptoHelper.arrayCompare(this.raw_ciphertext_, that.raw_ciphertext_) &&
-                          CryptoHelper.arrayCompare(this.separate_mac_, that.separate_mac_) &&
+                          java.security.MessageDigest.isEqual(this.raw_ciphertext_, that.raw_ciphertext_) &&
+                          java.security.MessageDigest.isEqual(this.separate_mac_, that.separate_mac_) &&
                           this.encryption_timestamp_ == that.encryption_timestamp_ );
             } else {
                 logger.warning(Logger.EVENT_FAILURE, "CipherText.equals(): Cannot compare two " +
@@ -747,7 +772,8 @@ public String toString() {
      * though; this will just allow it to work in the future should we
      * decide to allow * sub-classing of this class.)
      * </p><p>
-     * See {@link http://www.artima.com/lejava/articles/equality.html}
+     * See
+     * @link http://www.artima.com/lejava/articles/equality.html
      * for full explanation.
      * </p>
      */
@@ -756,27 +782,48 @@ protected boolean canEqual(Object other) {
     }
 
     ////////////////////////////////////  P R I V A T E  /////////////////////////////////////////
-    
+
     /**
      * Compute a MAC, but do not store it. May set the nonce value as a
      * side-effect.  The MAC is calculated as:
      * <pre>
      *      HMAC-SHA1(nonce, IV + plaintext)
      * </pre>
-     * @param ciphertext    The ciphertext value for which the MAC is computed.
+     * Note that <i>only</i> HMAC-SHA1 is used for the MAC calcuation. Unlike
+     * the PRF used for derived key generation in the {@code KeyDerivationFunction}
+     * class, the user cannot change the algorithm used to compute the MAC itself.
+     * One reason for that is that we don't want the MAC value to be excessively
+     * long; 128 bits is already quite long when only encrypting short strings.
+     * Also while the NSA reviewed this and were okay with it, Bellare, Canetti & Krawczyk
+     * proved in 1996 [see http://pssic.free.fr/Extra%20Reading/SEC+/SEC+/hmac-cb.pdf] that
+     * HMAC security doesn’t require that the underlying hash function be collision resistant,
+     * but only that it acts as a pseudo-random function, which SHA1 satisfies.
+     * @param authKey    The {@code SecretKey} used with the computed HMAC-SHA1
+     * to ensure authenticity.
      * @return The value for the MAC.
-     */ 
+     */
     private byte[] computeMAC(SecretKey authKey) {
-        assert raw_ciphertext_ != null && raw_ciphertext_.length != 0 : "Raw ciphertext may not be null or empty.";
-        assert authKey != null && authKey.getEncoded().length != 0 : "Authenticity secret key may not be null or zero length.";
+        // These assertions are okay and leaving them as assertions rather than
+        // changing the to conditional statements that throw should be all right
+        // because this is private method and presumably we should have already
+        // checked things in the public or protected methods where appropriate.
+        if ( raw_ciphertext_ == null || raw_ciphertext_.length == 0 ) {
+            String exm = "Raw ciphertext may not be null or empty.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+        if ( authKey == null || authKey.getEncoded().length == 0 ) {
+            String exm = "Authenticity secret key may not be null or zero length.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+
         try {
-        	// IMPORTANT NOTE: The NSA review was (apparently) OK with using HmacSHA1
-        	// to calculate the MAC that ensures authenticity of the IV+ciphertext.
-        	// (Not true of calculation of the use HmacSHA1 for the KDF though.) Therefore,
-        	// we did not make this configurable. Note also that choosing an improved
-        	// MAC algorithm here would cause the overall length of the serialized ciphertext
-        	// to be just that much longer, which is probably unacceptable when encrypting
-        	// short strings.
+            // IMPORTANT NOTE: The NSA review was (apparently) OK with using HmacSHA1
+            // to calculate the MAC that ensures authenticity of the IV+ciphertext.
+            // (Not true of calculation of the use HmacSHA1 for the KDF though.) Therefore,
+            // we did not make this configurable. Note also that choosing an improved
+            // MAC algorithm here would cause the overall length of the serialized ciphertext
+            // to be just that much longer, which is probably unacceptable when encrypting
+            // short strings.
             SecretKey sk = new SecretKeySpec(authKey.getEncoded(), "HmacSHA1");
             Mac mac = Mac.getInstance("HmacSHA1");
             mac.init(sk);
@@ -793,7 +840,7 @@ private byte[] computeMAC(SecretKey authKey) {
             return null;
         }
     }
-    
+
     /**
      * Return true if the MAC has already been computed (i.e., not null).
      */
@@ -812,7 +859,7 @@ private boolean collectedAll() {
             EnumSet<CipherTextFlags> initVector = EnumSet.of(CipherTextFlags.INITVECTOR);
             ctFlags = EnumSet.complementOf(initVector);
         }
-        boolean result = progress.containsAll(ctFlags);  
+        boolean result = progress.containsAll(ctFlags);
         return result;
     }
 
@@ -831,7 +878,7 @@ private boolean isCollected(CipherTextFlags flag) {
     private void received(CipherTextFlags flag) {
         progress.add(flag);
     }
-    
+
     /**
      * Add all the flags from the specified set to that we've collected so far.
      * @param ctSet A {@code EnumSet<CipherTextFlags>} containing all the flags
@@ -847,27 +894,35 @@ private void received(EnumSet<CipherTextFlags> ctSet) {
     /**
      * Based on the KDF version and the selected MAC algorithm for the KDF PRF,
      * calculate the 32-bit quantity representing these.
-     * @return	A 4-byte (octet) quantity representing the KDF version and the
-     * 			MAC algorithm used for the KDF's Pseudo-Random Function.
+     * @return  A 4-byte (octet) quantity representing the KDF version and the
+     *          MAC algorithm used for the KDF's Pseudo-Random Function.
      * @see <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf">Format of portable serialization of org.owasp.esapi.crypto.CipherText object (pg 2)</a>
      */
-	public int getKDFInfo() {
-		final int unusedBit28 = 0x8000000;  // 1000000000000000000000000000
-		
-		// 		kdf version is bits 1-27, bit 28 (reserved) should be 0, and
-		//		bits 29-32 are the MAC algorithm indicating which PRF to use for the KDF.
-		int kdfVers = this.getKDFVersion();
-		assert CryptoHelper.isValidKDFVersion(kdfVers, true, false);
-		int kdfInfo = kdfVers;
-		int macAlg = kdfPRFAsInt();
-		assert macAlg >= 0 && macAlg <= 15 : "MAC algorithm indicator must be between 0 to 15 inclusion; value is: " + macAlg;
-		
-	    // Make sure bit28 is cleared. (Reserved for future use.)
-	    kdfInfo &= ~unusedBit28;
-
-	    // Set MAC algorithm bits in high (MSB) nibble.
-	    kdfInfo |= (macAlg << 28);
-
-		return kdfInfo;
-	}
+    public int getKDFInfo() {
+        final int unusedBit28 = 0x8000000;  // 1000000000000000000000000000
+
+        //      kdf version is bits 1-27, bit 28 (reserved) should be 0, and
+        //      bits 29-32 are the MAC algorithm indicating which PRF to use for the KDF.
+        int kdfVers = this.getKDFVersion();
+        if ( ! CryptoHelper.isValidKDFVersion(kdfVers, true, false) ) {
+            String exm = "Invalid KDF version encountered. Value as" + kdfVers;
+            throw new EnterpriseSecurityRuntimeException(exm,
+                        "Possible tampering of KDF version #? " + exm);
+        }
+        int kdfInfo = kdfVers;
+        int macAlg = kdfPRFAsInt();
+        if ( macAlg < 0 || macAlg > 15 ) {
+            String exm = "Invalid specifier for MAC algorithm: " + macAlg;
+            throw new EnterpriseSecurityRuntimeException(exm,
+                        "Possible tampering of macAlg specifier? " + exm +
+                        "; value should be 0 <= macAlg <= 15.");
+        }
+        // Make sure bit28 is cleared. (Reserved for future use.)
+        kdfInfo &= ~unusedBit28;
+
+        // Set MAC algorithm bits in high (MSB) nibble.
+        kdfInfo |= (macAlg << 28);
+
+        return kdfInfo;
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
index 06a822607..3e155f440 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
@@ -26,46 +26,47 @@
  * and do not have extensive support for the various implementation languages which ESAPI
  * supports. (Perhaps wishful thinking that other ESAPI implementations such as
  * ESAPI for .NET, ESAPI for C, ESAPI for C++, etc. will all support a single, common
- * serialization technique so they could exchange encrypted data.)
- * 
+ * serialization technique, so they could exchange encrypted data.)
+ *
  * @author kevin.w.wall@gmail.com
+ * @since 2.0
  *
  */
 public class CipherTextSerializer {
     // This should be *same* version as in CipherText & KeyDerivationFunction as
-	// these versions all need to work together.  Therefore, when one changes one
-	// one these versions, the other should be reviewed and changed as well to
-	// accommodate any differences.
-	//		Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
-	//						    20130830 - Fix to issue #306 (release 2.1.0)
-	// We check that in an static initialization block (when assertions are enabled)
-	// below.
-	public  static final  int cipherTextSerializerVersion = 20130830; // Current version. Format: YYYYMMDD, max is 99991231.
+    // these versions all need to work together.  Therefore, when one changes one
+    // one these versions, the other should be reviewed and changed as well to
+    // accommodate any differences.
+    //        Previous versions:    20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+    //                            20130830 - Fix to issue #306 (release 2.1.0)
+    // We check that in an static initialization block below.
+    public  static final  int cipherTextSerializerVersion = 20130830; // Current version. Format: YYYYMMDD, max is 99991231.
     private static final long serialVersionUID = cipherTextSerializerVersion;
 
     private static final Logger logger = ESAPI.getLogger("CipherTextSerializer");
-    
+
     private CipherText cipherText_ = null;
-    
+
     // Check if versions of KeyDerivationFunction, CipherText, and
     // CipherTextSerializer are all the same.
     {
-    	// Ignore error about comparing identical versions and dead code.
-    	// We expect them to be, but the point is to catch us if they aren't.
-    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Versions of CipherTextSerializer and CipherText are not compatible.";
-    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
-    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+        // Ignore error about comparing identical versions and dead code.
+        // We expect them to be, but the point is to catch us if they aren't.
+        if ( CipherTextSerializer.cipherTextSerializerVersion != CipherText.cipherTextVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and CipherText are not compatible.");
+        }
+        if ( CipherTextSerializer.cipherTextSerializerVersion != KeyDerivationFunction.kdfVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.");
+        }
     }
-    
+
     public CipherTextSerializer(CipherText cipherTextObj) {
-    	if ( cipherTextObj == null ) {
-    		throw new IllegalArgumentException("CipherText object must not be null.");
-    	}
-        assert cipherTextObj != null : "CipherText object must not be null.";      
+        if ( cipherTextObj == null ) {
+            throw new IllegalArgumentException("CipherText object must not be null.");
+        }
         cipherText_ = cipherTextObj;
     }
-    
+
     /**
      * Given byte array in network byte order (i.e., big-endian order), convert
      * it so that a {@code CipherText} can be constructed from it.
@@ -90,24 +91,32 @@ public byte[] asSerializedByteArray() {
         debug("asSerializedByteArray: kdfInfo = " + kdfInfo);
         long timestamp = cipherText_.getEncryptionTimestamp();
         String cipherXform = cipherText_.getCipherTransformation();
-        assert cipherText_.getKeySize() < Short.MAX_VALUE :
-                            "Key size too large. Max is " + Short.MAX_VALUE;
+        if ( cipherText_.getKeySize() >= Short.MAX_VALUE ) {
+            throw new IllegalArgumentException("Key size is too large. Max is " + Short.MAX_VALUE);
+        }
         short keySize = (short) cipherText_.getKeySize();
-        assert cipherText_.getBlockSize() < Short.MAX_VALUE :
-                            "Block size too large. Max is " + Short.MAX_VALUE;
+        if ( cipherText_.getBlockSize() >= Short.MAX_VALUE ) {
+            throw new IllegalArgumentException("Block size is too large. Max is " + Short.MAX_VALUE);
+        }
         short blockSize = (short) cipherText_.getBlockSize();
         byte[] iv = cipherText_.getIV();
-        assert iv.length < Short.MAX_VALUE :
-                            "IV size too large. Max is " + Short.MAX_VALUE;
+        if ( iv.length >= Short.MAX_VALUE ) {
+            throw new IllegalArgumentException("IV size too large. Max is " + Short.MAX_VALUE + " bytes");
+        }
         short ivLen = (short) iv.length;
         byte[] rawCiphertext = cipherText_.getRawCipherText();
         int ciphertextLen = rawCiphertext.length;
-        assert ciphertextLen >= 1 : "Raw ciphertext length must be >= 1 byte.";
+        // Coverity issue 1352406, GitHub issue # 364 - possible NPE later if assertion disabled.
+        // Replaced assertion with explicit check.
+        if ( ciphertextLen < 1 ) {
+            throw new IllegalArgumentException("Raw ciphertext length must be >= 1 byte.");
+        }
         byte[] mac = cipherText_.getSeparateMAC();
-        assert mac.length < Short.MAX_VALUE :
-                            "MAC length too large. Max is " + Short.MAX_VALUE;
+        if ( mac.length >= Short.MAX_VALUE ) {
+            throw new IllegalArgumentException("MAC length too large. Max is " + Short.MAX_VALUE + " bytes");
+        }
         short macLen = (short) mac.length;
-        
+
         byte[] serializedObj = computeSerialization(kdfInfo,
                                                     timestamp,
                                                     cipherXform,
@@ -120,43 +129,45 @@ public byte[] asSerializedByteArray() {
                                                     macLen,
                                                     mac
                                                    );
-        
+
         return serializedObj;
     }
-    
+
     /**
      * Return the actual {@code CipherText} object.
      * @return The {@code CipherText} object that we are serializing.
      */
     public CipherText asCipherText() {
-    	assert cipherText_ != null;
+        if ( cipherText_ == null ) {
+            throw new IllegalArgumentException("Program error? CipherText object, cipherText_, must not be null.");
+        }
         return cipherText_;
     }
-      
+
     /**
      * Take all the individual elements that make of the serialized ciphertext
      * format and put them in order and return them as a byte array.
-     * @param kdfInfo	Info about the KDF... which PRF and the KDF version {@link #asCipherText()}.
-     * @param timestamp	Timestamp when the data was encrypted. Intended to help
-     * 					facilitate key change operations and nothing more. If it is meaningless,
-     * 					then the expectations are just that the recipient should ignore it. Mostly
-     * 					intended when encrypted data is kept long term over a period of many
-     * 					key change operations.
-     * @param cipherXform	Details of how the ciphertext was encrypted. The format used
-     * 						is the same as used by {@code javax.crypto.Cipher}, namely,
-     * 						"cipherAlg/cipherMode/paddingScheme".
-     * @param keySize	The key size used for encrypting. Intended for cipher algorithms
-     * 					supporting multiple key sizes such as triple DES (DESede) or
-     * 					Blowfish.
-     * @param blockSize	The cipher block size. Intended to support cipher algorithms
-     * 					that support variable block sizes, such as Rijndael.
-     * @param ivLen		The length of the IV.
-     * @param iv		The actual IV (initialization vector) bytes.
-     * @param ciphertextLen	The length of the raw ciphertext.
-     * @param rawCiphertext	The actual raw ciphertext itself
-     * @param macLen	The length of the MAC (message authentication code).
-     * @param mac		The MAC itself.
-     * @return	A byte array representing the serialized ciphertext.
+     * @param kdfInfo    Info about the KDF... which PRF and the KDF version {@link #asCipherText()}.
+     * @param timestamp    Timestamp when the data was encrypted. Intended to help
+     *                     facilitate key change operations and nothing more. If it is meaningless,
+     *                     then the expectations are just that the recipient should ignore it. Mostly
+     *                     intended when encrypted data is kept long term over a period of many
+     *                     key change operations.
+     * @param cipherXform    Details of how the ciphertext was encrypted. The format used
+     *                         is the same as used by {@code javax.crypto.Cipher}, namely,
+     *                         "cipherAlg/cipherMode/paddingScheme".
+     * @param keySize    The key size used for encrypting. Intended for cipher algorithms
+     *                     supporting multiple key sizes such as triple DES (DESede) or
+     *                     Blowfish.
+     * @param blockSize    The cipher block size. Intended to support cipher algorithms
+     *                     that support variable block sizes, such as Rijndael.
+     * @param ivLen        The length of the IV.
+     * @param iv        The actual IV (initialization vector) bytes.
+     * @param ciphertextLen    The length of the raw ciphertext.
+     * @param rawCiphertext    The actual raw ciphertext itself
+     * @param macLen    The length of the MAC (message authentication code).
+     * @param mac        The MAC itself.
+     * @return    A byte array representing the serialized ciphertext.
      */
     private byte[] computeSerialization(int kdfInfo, long timestamp,
                                         String cipherXform, short keySize,
@@ -179,7 +190,9 @@ private byte[] computeSerialization(int kdfInfo, long timestamp,
         writeInt(baos, kdfInfo);
         writeLong(baos, timestamp);
         String[] parts = cipherXform.split("/");
-        assert parts.length == 3 : "Malformed cipher transformation";
+        if ( parts.length != 3 ) {
+            throw new IllegalArgumentException("Program error? Malformed cipher tranformation: " + cipherXform);
+        }
         writeString(baos, cipherXform); // Size of string is prepended to string
         writeShort(baos, keySize);
         writeShort(baos, blockSize);
@@ -191,17 +204,22 @@ private byte[] computeSerialization(int kdfInfo, long timestamp,
         if ( macLen > 0 ) baos.write(mac, 0, mac.length);
         return baos.toByteArray();
     }
-    
+
     // All strings are written as UTF-8 encoded byte streams with the
     // length prepended before it as a short. The prepended length is
-    // more for the benefit of languages like C so they can pre-allocate
+    // more for the benefit of languages like C, so they can pre-allocate
     // char arrays without worrying about buffer overflows.
     private void writeString(ByteArrayOutputStream baos, String str) {
         byte[] bytes;
         try {
-            assert str != null && str.length() > 0;
+            if ( str == null || str.length() == 0 ) {
+                throw new IllegalArgumentException("Program error? writeString: str is null or empty!");
+            }
             bytes = str.getBytes("UTF8");
-            assert bytes.length < Short.MAX_VALUE : "writeString: String exceeds max length";
+            if ( bytes.length >= Short.MAX_VALUE ) {
+                throw new IllegalArgumentException("Program error? writeString: String exceeds max length of " +
+                                                   Short.MAX_VALUE + " bytes");
+            }
             writeShort(baos, (short)bytes.length);
             baos.write(bytes, 0, bytes.length);
         } catch (UnsupportedEncodingException e) {
@@ -212,99 +230,119 @@ private void writeString(ByteArrayOutputStream baos, String str) {
                            "converting string to UTF8 encoding. Results suspect. Corrupt rt.jar????");
         }
     }
-    
+
     private String readString(ByteArrayInputStream bais, short sz)
         throws NullPointerException, IOException
     {
         byte[] bytes = new byte[sz];
         int ret = bais.read(bytes, 0, sz);
-        assert ret == sz : "readString: Failed to read " + sz + " bytes.";
+        if ( ret != sz ) {
+                throw new IllegalArgumentException("Program error? readString: Expected to read " +
+                                                   sz + " bytes, but only read " + ret + " bytes");
+        }
         return new String(bytes, "UTF8");
     }
-    
+
     private void writeShort(ByteArrayOutputStream baos, short s) {
         byte[] shortAsByteArray = ByteConversionUtil.fromShort(s);
-        assert shortAsByteArray.length == 2;
+        if ( shortAsByteArray.length != 2 ) {
+                throw new IllegalArgumentException("Program error? writeShort: Excepted byte array != 2 bytes.");
+        }
         baos.write(shortAsByteArray, 0, 2);
     }
-    
+
     private short readShort(ByteArrayInputStream bais)
         throws NullPointerException, IndexOutOfBoundsException
     {
         byte[] shortAsByteArray = new byte[2];
         int ret = bais.read(shortAsByteArray, 0, 2);
-        assert ret == 2 : "readShort: Failed to read 2 bytes.";
+        if ( ret != 2 ) {
+                throw new IllegalArgumentException("Program error? readShort: Failed to read 2 bytes.");
+        }
         return ByteConversionUtil.toShort(shortAsByteArray);
     }
-    
+
     private void writeInt(ByteArrayOutputStream baos, int i) {
         byte[] intAsByteArray = ByteConversionUtil.fromInt(i);
         baos.write(intAsByteArray, 0, 4);
     }
-    
+
     private int readInt(ByteArrayInputStream bais)
         throws NullPointerException, IndexOutOfBoundsException
     {
         byte[] intAsByteArray = new byte[4];
         int ret = bais.read(intAsByteArray, 0, 4);
-        assert ret == 4 : "readInt: Failed to read 4 bytes.";
+        if ( ret != 4 ) {
+                throw new IllegalArgumentException("Program error? readInt: Failed to read 4 bytes.");
+        }
         return ByteConversionUtil.toInt(intAsByteArray);
     }
-    
+
     private void writeLong(ByteArrayOutputStream baos, long l) {
         byte[] longAsByteArray = ByteConversionUtil.fromLong(l);
-        assert longAsByteArray.length == 8;
+        if ( longAsByteArray.length != 8 ) {
+                throw new IllegalArgumentException("Program error? writeLong: Expected byte array != 8 bytes.");
+        }
         baos.write(longAsByteArray, 0, 8);
     }
-    
+
     private long readLong(ByteArrayInputStream bais)
         throws NullPointerException, IndexOutOfBoundsException
     {
         byte[] longAsByteArray = new byte[8];
         int ret = bais.read(longAsByteArray, 0, 8);
-        assert ret == 8 : "readLong: Failed to read 8 bytes.";
+        if ( ret != 8 ) {
+                throw new IllegalArgumentException("Program error? readLong: Failed to read 8 bytes.");
+        }
         return ByteConversionUtil.toLong(longAsByteArray);
     }
-    
+
     /** Convert the serialized ciphertext byte array to a {@code CipherText}
      * object.
-     * @param cipherTextSerializedBytes	The serialized ciphertext as a byte array.
+     * @param cipherTextSerializedBytes    The serialized ciphertext as a byte array.
      * @return The corresponding {@code CipherText} object.
-     * @throws EncryptionException	Thrown if the byte array data is corrupt or
-     * 				there are version mismatches, etc.
+     * @throws EncryptionException    Thrown if the byte array data is corrupt or
+     *                 there are version mismatches, etc.
      */
     private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
         throws EncryptionException
     {
         try {
-        	assert cipherTextSerializedBytes != null : "cipherTextSerializedBytes cannot be null.";
-        	assert cipherTextSerializedBytes.length > 0 : "cipherTextSerializedBytes must be > 0 in length.";
+            if ( cipherTextSerializedBytes == null ) {
+                throw new IllegalArgumentException("cipherTextSerializedBytes cannot be null.");
+            }
+            if ( cipherTextSerializedBytes.length == 0 ) {
+                throw new IllegalArgumentException("cipherTextSerializedBytes must be > 0 in length.");
+            }
             ByteArrayInputStream bais = new ByteArrayInputStream(cipherTextSerializedBytes);
             int kdfInfo = readInt(bais);
             debug("kdfInfo: " + kdfInfo);
             int kdfPrf = (kdfInfo >>> 28);
             debug("kdfPrf: " + kdfPrf);
-            assert kdfPrf >= 0 && kdfPrf <= 15 : "kdfPrf == " + kdfPrf + " must be between 0 and 15.";
+            if ( kdfPrf < 0 || kdfPrf > 16 ) {
+                throw new IllegalArgumentException("Program error? convertToCipherText: kdPrf is " + kdfPrf +
+                                                   ". Must be between 0 and 15 inclusive");
+            }
             int kdfVers = ( kdfInfo & 0x07ffffff);
 
             // First do a quick sanity check on the argument. Previously this was an assertion.
             if ( ! CryptoHelper.isValidKDFVersion(kdfVers, false, false) ) {
-            	// TODO: Clean up. Use StringBuilder. Good enough for now.
-            	String logMsg = "KDF version read from serialized ciphertext (" + kdfVers + ") is out of range. " +
-            				    "Valid range for KDF version is [" + KeyDerivationFunction.originalVersion + ", " +
-            				    "99991231].";
-            	// This should never happen under actual circumstances (barring programming errors; but we've
-            	// tested the code, right?), so it is likely an attempted attack. Thus don't get the originator
-            	// of the suspect ciphertext too much info. They ought to know what they sent anyhow.
-            	throw new EncryptionException("Version info from serialized ciphertext not in valid range.",
-            				 "Likely tampering with KDF version on serialized ciphertext." + logMsg);
+                // TODO: Clean up. Use StringBuilder. Good enough for now.
+                String logMsg = "KDF version read from serialized ciphertext (" + kdfVers + ") is out of range. " +
+                                "Valid range for KDF version is [" + KeyDerivationFunction.originalVersion + ", " +
+                                "99991231].";
+                // This should never happen under actual circumstances (barring programming errors; but we've
+                // tested the code, right?), so it is likely an attempted attack. Thus don't get the originator
+                // of the suspect ciphertext too much info. They ought to know what they sent anyhow.
+                throw new EncryptionException("Version info from serialized ciphertext not in valid range.",
+                             "Likely tampering with KDF version on serialized ciphertext." + logMsg);
             }
-            
+
             debug("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
             if ( ! versionIsCompatible( kdfVers) ) {
-            	throw new EncryptionException("This version of ESAPI is not compatible with the version of ESAPI that encrypted your data.",
-            			"KDF version " + kdfVers + " from serialized ciphertext not compatibile with current KDF version of " + 
-            			KeyDerivationFunction.kdfVersion);
+                throw new EncryptionException("This version of ESAPI is not compatible with the version of ESAPI that encrypted your data.",
+                        "KDF version " + kdfVers + " from serialized ciphertext not compatibile with current KDF version of " +
+                        KeyDerivationFunction.kdfVersion);
             }
             long timestamp = readLong(bais);
             debug("convertToCipherText: timestamp = " + new Date(timestamp));
@@ -313,7 +351,10 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             String cipherXform = readString(bais, strSize);
             debug("convertToCipherText: cipherXform = " + cipherXform);
             String[] parts = cipherXform.split("/");
-            assert parts.length == 3 : "Malformed cipher transformation";
+            if ( parts.length != 3 ) {
+                throw new IllegalArgumentException("Program error? Malformed cipher transformation. Expecting 3 parts to cipher transformation, " +
+                                                   "alg/mode/padding, but found " + parts.length + " parts (" + cipherXform + ").");
+            }
             String cipherMode = parts[1];
             if ( ! CryptoHelper.isAllowedCipherMode(cipherMode) ) {
                 String msg = "Cipher mode " + cipherMode + " is not an allowed cipher mode";
@@ -332,7 +373,9 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             }
             int ciphertextLen = readInt(bais);
             debug("convertToCipherText: ciphertextLen = " + ciphertextLen);
-            assert ciphertextLen > 0 : "convertToCipherText: Invalid cipher text length";
+            if ( ciphertextLen <= 0 ) {
+                throw new IllegalArgumentException("convertToCipherText: Invalid cipher text length; must be > 0.");
+            }
             byte[] rawCiphertext = new byte[ciphertextLen];
             bais.read(rawCiphertext, 0, rawCiphertext.length);
             short macLen = readShort(bais);
@@ -350,7 +393,7 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             CipherText ct = new CipherText(cipherSpec);
             if ( ! (ivLen > 0 && ct.requiresIV()) ) {
                     throw new EncryptionException("convertToCipherText: Mismatch between IV length and cipher mode.",
-                    						      "Possible tampering of serialized ciphertext?");
+                                                  "Possible tampering of serialized ciphertext?");
             }
             ct.setCiphertext(rawCiphertext);
               // Set this *AFTER* setting raw ciphertext because setCiphertext()
@@ -359,11 +402,11 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             if ( macLen > 0 ) {
                 ct.storeSeparateMAC(mac);
             }
-            	// Fixed in ESAPI crypto version 20130839. Previously is didn't really matter
-            	// because there was only one version (20110203) and it defaulted to that
-            	// version, which was the current version. But we don't want that as now there
-            	// are two versions and we could be decrypting data encrypted using the previous
-            	// version.
+                // Fixed in ESAPI crypto version 20130839. Previously is didn't really matter
+                // because there was only one version (20110203) and it defaulted to that
+                // version, which was the current version. But we don't want that as now there
+                // are two versions, and we could be decrypting data encrypted using the previous
+                // version.
             ct.setKDF_PRF(kdfPrf);
             ct.setKDFVersion(kdfVers);
             return ct;
@@ -381,33 +424,34 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
      *  the serialized ciphertext. In particular, we assume that if we have a
      *  newer version of KDF than we can support it as we assume that we have
      *  built in backward compatibility.
-     *  
+     *
      *  At this point (ESAPI 2.1.0, KDF version 20130830), all we need to check
      *  if the version is either the current version or the previous version as
      *  both versions work the same. This checking may get more complicated in
      *  the future.
-     *  
-     *  @param readKdfVers	The version information extracted from the serialized
-     *  					ciphertext.
+     *
+     *  @param readKdfVers    The version information extracted from the serialized
+     *                      ciphertext.
      */
     private static boolean versionIsCompatible(int readKdfVers) {
-    	// We've checked elsewhere for this, so assertion is OK here.
-    	assert readKdfVers > 0 : "Extracted KDF version is negative!";
-    	
-		switch ( readKdfVers ) {
-		case KeyDerivationFunction.originalVersion:		// First version
-			return true;
-		// Add new versions here; hard coding is OK...
-		// case YYYYMMDD:
-		//	return true;
-		case KeyDerivationFunction.kdfVersion:			// Current version
-			return true;
-		default:
-			return false;
-		}
-	}
+        if ( readKdfVers <= 0 ) {
+            throw new IllegalArgumentException("Extracted KDF version is <= 0. Must be integer >= 1.");
+        }
+
+        switch ( readKdfVers ) {
+        case KeyDerivationFunction.originalVersion:        // First version
+            return true;
+        // Add new versions here; hard coding is OK...
+        // case YYYYMMDD:
+        //    return true;
+        case KeyDerivationFunction.kdfVersion:            // Current version
+            return true;
+        default:
+            return false;
+        }
+    }
 
-	private void debug(String msg) {
+    private void debug(String msg) {
         if ( logger.isDebugEnabled() ) {
             logger.debug(Logger.EVENT_SUCCESS, msg);
         }
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java b/src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java
index e42c8cf1f..53ab1c7c0 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java
@@ -22,8 +22,8 @@
 import java.util.regex.Pattern;
 
 public class CryptoDiscoverer {
-	private static String EOL = System.getProperty("line.separator", "\n");
-	
+    private static String EOL = System.getProperty("line.separator", "\n");
+
     public static void main(String... args) {
         String provider = ".*";
         String algorithm = ".*";
@@ -69,7 +69,7 @@ public static void main(String... args) {
     private static void usage() {
         System.out.println("CryptoDiscoverer - Discover or Query for available Crypto Providers and Algorithms");
         System.out.println(EOL + "\t--help\t\t\t\t\tShows this message" + EOL +
-        		"\t--provider <regex>\t\tSearch for particular Provider" + EOL +
+                "\t--provider <regex>\t\tSearch for particular Provider" + EOL +
                 "\t--algorithm <regex>\t\tSearch for a particular Algorithm" + EOL + EOL);
     }
 }
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 024150bda..2254837ce 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -1,6 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
@@ -31,148 +31,173 @@
  * All the cryptographic operations use the default cryptographic properties;
  * e.g., default cipher transformation, default key size, default IV type (where
  * applicable), etc.
- * 
+ *
  * @author kevin.w.wall@gmail.com
  * @since 2.0
  */
 public class CryptoHelper {
-	
-	private static final Logger logger = ESAPI.getLogger("CryptoHelper");
 
-	// TODO: Also consider supplying implementation of RFC 2898 / PKCS#5 PBKDF2
-	//		 in this file as well??? Maybe save for ESAPI 2.1 or 3.0.
-	/**
-	 * Generate a random secret key appropriate to the specified cipher algorithm
-	 * and key size.
-	 * @param alg	The cipher algorithm or cipher transformation. (If the latter is
-	 * 				passed, the cipher algorithm is determined from it.) Cannot be
-	 * 				null or empty.
-	 * @param keySize	The key size, in bits.
-	 * @return	A random {@code SecretKey} is returned.
-	 * @throws EncryptionException Thrown if cannot create secret key conforming to
-	 * 				requested algorithm with requested size. Typically this is caused by
-	 * 				specifying an unavailable algorithm or invalid key size.
-	 */
-	public static SecretKey generateSecretKey(String alg, int keySize)
-		throws EncryptionException
-	{
-		assert alg != null : "Algorithm must not be null.";			// NPE if null and assertions disabled.
-		assert !alg.equals("") : "Algorithm must not be empty";	// NoSuchAlgorithmExeption if empty & assertions disabled.
-		assert keySize > 0 : "Key size must be positive.";	// Usually should be even multiple of 8, but not strictly required by alg.
-		// Don't use CipherSpec here to get algorithm as this may cause assertion
-		// to fail (when enabled) if only algorithm name is passed to us.
-		String[] cipherSpec = alg.split("/");
-		String cipherAlg = cipherSpec[0];
-		try {
-		    // Special case for things like PBEWithMD5AndDES or PBEWithSHA1AndDESede.
-		    // In such cases, the key generator should only request an instance of "PBE".
-		    if ( cipherAlg.toUpperCase().startsWith("PBEWITH") ) {
-		        cipherAlg = "PBE";
-		    }
-			KeyGenerator kgen =
-				KeyGenerator.getInstance( cipherAlg );
-			kgen.init(keySize);
-			return kgen.generateKey();
-		} catch (NoSuchAlgorithmException e) {
-			throw new EncryptionException("Failed to generate random secret key",
-					"Invalid algorithm. Failed to generate secret key for " + alg + " with size of " + keySize + " bits.", e);
-		} catch (InvalidParameterException e) {
-			throw new EncryptionException("Failed to generate random secret key - invalid key size specified.",
-					"Invalid key size. Failed to generate secret key for " + alg + " with size of " + keySize + " bits.", e);
-		}
-	}
+    private static final Logger logger = ESAPI.getLogger("CryptoHelper");
+
+    // TODO: Also consider supplying implementation of RFC 2898 / PKCS#5 PBKDF2
+    //         in this file as well??? Maybe save for ESAPI 2.1 or 3.0.
+    /**
+     * Generate a random secret key appropriate to the specified cipher algorithm
+     * and key size.
+     * @param alg    The cipher algorithm or cipher transformation. (If the latter is
+     *                 passed, the cipher algorithm is determined from it.) Cannot be
+     *                 null or empty.
+     * @param keySize    The key size, in bits.
+     * @return    A random {@code SecretKey} is returned.
+     * @throws EncryptionException Thrown if cannot create secret key conforming to
+     *                 requested algorithm with requested size. Typically, this is caused by
+     *                 specifying an unavailable algorithm or invalid key size.
+     */
+    public static SecretKey generateSecretKey(String alg, int keySize)
+        throws EncryptionException
+    {
+        if ( alg == null || alg.equals("") ) {
+            throw new IllegalArgumentException("Algorithm must not be null or empty."); // Avoid later possibly ambiguous NPE.
+        }
+        if ( keySize <= 0 ) {
+            throw new IllegalArgumentException("Key size must be positive.");    // Usually should be an even multiple of 8, but not strictly required by alg.
+        }
+        // Don't use CipherSpec here to get algorithm as this may cause assertion
+        // to fail (when enabled) if only algorithm name is passed to us.
+        String[] cipherSpec = alg.split("/");
+        String cipherAlg = cipherSpec[0];
+        try {
+            // Special case for things like PBEWithMD5AndDES or PBEWithSHA1AndDESede.
+            // In such cases, the key generator should only request an instance of "PBE".
+            if ( cipherAlg.toUpperCase().startsWith("PBEWITH") ) {
+                cipherAlg = "PBE";
+            }
+            KeyGenerator kgen =
+                KeyGenerator.getInstance( cipherAlg );
+            kgen.init(keySize);
+            return kgen.generateKey();
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException("Failed to generate random secret key",
+                    "Invalid algorithm. Failed to generate secret key for " + alg + " with size of " + keySize + " bits.", e);
+        } catch (InvalidParameterException e) {
+            throw new EncryptionException("Failed to generate random secret key - invalid key size specified.",
+                    "Invalid key size. Failed to generate secret key for " + alg + " with size of " + keySize + " bits.", e);
+        }
+    }
 
-	/**
-	 * The method is ESAPI's Key Derivation Function (KDF) that computes a
-	 * derived key from the {@code keyDerivationKey} for either
-	 * encryption / decryption or for authentication.
-	 * <p>
-	 * <b>CAUTION:</b> If this algorithm for computing derived keys from the
-	 * key derivation key is <i>ever</i> changed, we risk breaking backward compatibility of being
-	 * able to decrypt data previously encrypted with earlier / different versions
-	 * of this method. Therefore, do not change this unless you are 100% certain that
-	 * what you are doing will NOT change either of the derived keys for
-	 * ANY "key derivation key" AT ALL!!!
-	 * <p>
-	 * <b>NOTE:</b> This method is generally not intended to be called separately.
-	 * It is used by ESAPI's reference crypto implementation class {@code JavaEncryptor}
-	 * and might be useful for someone implementing their own replacement class, but
-	 * generally it is not something that is useful to application client code.
-	 * 
-	 * @param keyDerivationKey  A key used as an input to a key derivation function
-	 *                          to derive other keys. This is the key that generally
-	 *                          is created using some key generation mechanism such as
-	 *                          {@link #generateSecretKey(String, int)}. The
-	 *                          "input" key from which the other keys are derived.
-	 * 							The derived key will have the same algorithm type
-	 * 							as this key.
-	 * @param keySize		The cipher's key size (in bits) for the {@code keyDerivationKey}.
-	 * 						Must have a minimum size of 56 bits and be an integral multiple of 8-bits.
-	 * 						<b>Note:</b> The derived key will have the same size as this.
-	 * @param purpose		The purpose for the derived key. Must be either the
-	 * 						string "encryption" or "authenticity". Use "encryption" for
+    /**
+     * The method is ESAPI's Key Derivation Function (KDF) that computes a
+     * derived key from the {@code keyDerivationKey} for either
+     * encryption / decryption or for authentication.
+     * <p>
+     * <b>CAUTION:</b> If this algorithm for computing derived keys from the
+     * key derivation key is <i>ever</i> changed, we risk breaking backward compatibility of being
+     * able to decrypt data previously encrypted with earlier / different versions
+     * of this method. Therefore, do not change this unless you are 100% certain that
+     * what you are doing will NOT change either of the derived keys for
+     * ANY "key derivation key" AT ALL!!!
+     * <p>
+     * <b>NOTE:</b> This method is generally not intended to be called separately.
+     * It is used by ESAPI's reference crypto implementation class {@code JavaEncryptor}
+     * and might be useful for someone implementing their own replacement class, but
+     * generally it is not something that is useful to application client code.
+     *
+     * @param keyDerivationKey  A key used as an input to a key derivation function
+     *                          to derive other keys. This is the key that generally
+     *                          is created using some key generation mechanism such as
+     *                          {@link #generateSecretKey(String, int)}. The
+     *                          "input" key from which the other keys are derived.
+     *                             The derived key will have the same algorithm type
+     *                             as this key.
+     * @param keySize        The cipher's key size (in bits) for the {@code keyDerivationKey}.
+     *                         Must have a minimum size of 56 bits and be an integral multiple of 8-bits.
+     *                         <b>Note:</b> The derived key will have the same size as this.
+     * @param purpose        The purpose for the derived key. Must be either the
+     *                         string "encryption" or "authenticity". Use "encryption" for
      *                      creating a derived key to use for confidentiality, and "authenticity"
      *                      for a derived key to use with a MAC to ensure message authenticity.
-	 * @return				The derived {@code SecretKey} to be used according
-	 * 						to the specified purpose. Note that this serves the same purpose
-	 * 						as "label" in section 5.1 of NIST SP 800-108.
-	 * @throws NoSuchAlgorithmException		The {@code keyDerivationKey} has an unsupported
-	 * 						encryption algorithm or no current JCE provider supports
-	 * 						"HmacSHA1".
-	 * @throws EncryptionException		If "UTF-8" is not supported as an encoding, then
-	 * 						this is thrown with the original {@code UnsupportedEncodingException}
-	 * 						as the cause. (NOTE: This should never happen as "UTF-8" is supposed to
-	 * 						be a common encoding supported by all Java implementations. Support
-	 * 					    for it is usually in rt.jar.)
-	 * @throws InvalidKeyException 	Likely indicates a coding error. Should not happen.
-	 * @throws EncryptionException  Throw for some precondition violations.
-	 * @deprecated Use{@code KeyDerivationFunction} instead. This method will be removed as of
-	 * 			   ESAPI release 2.1 so if you are using this, please change your code.
-	 */
-	public static SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, String purpose)
-			throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
-	{
-        // These really should be turned into actual runtime checks and an
-        // IllegalArgumentException should be thrown if they are violated.
-		assert keyDerivationKey != null : "Key derivation key cannot be null.";
-			// We would choose a larger minimum key size, but we want to be
-			// able to accept DES for legacy encryption needs.
-		assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
-		assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
-		assert purpose != null;
-		assert purpose.equals("encryption") || purpose.equals("authenticity") :
-			"Purpose must be \"encryption\" or \"authenticity\".";
+     * @return                The derived {@code SecretKey} to be used according
+     *                         to the specified purpose. Note that this serves the same purpose
+     *                         as "label" in section 5.1 of NIST SP 800-108.
+     * @throws NoSuchAlgorithmException        The {@code keyDerivationKey} has an unsupported
+     *                         encryption algorithm or no current JCE provider supports
+     *                         "HmacSHA1".
+     * @throws EncryptionException        If "UTF-8" is not supported as an encoding, then
+     *                         this is thrown with the original {@code UnsupportedEncodingException}
+     *                         as the cause. (NOTE: This should never happen as "UTF-8" is supposed to
+     *                         be a common encoding supported by all Java implementations. Support
+     *                         for it is usually in rt.jar.) This exception is also thrown if the
+     *                         requested {@code keySize} parameter exceeds the length of the number of
+     *                         bytes provided in the {@code keyDerivationKey} parameter.
+     * @throws InvalidKeyException     Likely indicates a coding error. Should not happen.
+     * @throws EncryptionException  Throw for some precondition violations.
+     * @deprecated Use same method in {@code KeyDerivationFunction} instead. This method will be <b>removed</b> as of
+     *                ESAPI release 2.3 so if you are using this, please CHANGE YOUR CODE. Note that the replacement
+     *                is not a static method, so create your own wrapper if you wish, but this will soon disappear.
+     */
+    @Deprecated
+    public static SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, String purpose)
+            throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
+    {
+        // Fingers cross; maybe this will help.
+        logger.warning(Logger.SECURITY_AUDIT,
+                "Your code is using the deprecated CryptoHelper.computeDerivedKey() method which will be removed next release");
 
-		// DISCUSS: Should we use HmacSHA1 (what we were using) or the HMAC defined by
-		//			Encryptor.KDF.PRF instead? Either way, this is not compatible with
-		//			previous ESAPI versions. JavaEncryptor doesn't use this any longer.
-		KeyDerivationFunction kdf = new KeyDerivationFunction(
-											KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1);
-		return kdf.computeDerivedKey(keyDerivationKey, keySize, purpose);
-	}
+        if ( keyDerivationKey == null ) {
+            throw new IllegalArgumentException("Key derivation key cannot be null.");
+        }
+            // We would choose a larger minimum key size, but we want to be
+            // able to accept DES for legacy encryption needs.
+        if ( keySize < 56 ) {
+            throw new IllegalArgumentException("Key has size of " + keySize + ", which is less than minimum of 56-bits.");
+        }
+        if ( (keySize % 8) != 0 ) {
+            throw new IllegalArgumentException("Key size (" + keySize + ") must be a even multiple of 8-bits.");
+        }
+        if ( purpose == null ) {
+            throw new IllegalArgumentException("'purpose' may not be null.");
+        }
+        if ( ! ( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+            throw new IllegalArgumentException("Purpose must be \"encryption\" or \"authenticity\".");
+        }
 
-	/**
-	 * Return true if specified cipher mode is one of those specified in the
-	 * {@code ESAPI.properties} file that supports both confidentiality
-	 * <b>and</b> authenticity (i.e., a "combined cipher mode" as NIST refers
-	 * to it).
-	 * @param cipherMode The specified cipher mode to be used for the encryption
-	 *                   or decryption operation.
-	 * @return true if the specified cipher mode is in the comma-separated list
-	 *         of cipher modes supporting both confidentiality and authenticity;
-	 *         otherwise false.
-	 * @see org.owasp.esapi.SecurityConfiguration#getCombinedCipherModes()
-	 */
-	public static boolean isCombinedCipherMode(String cipherMode)
-	{
-	    assert cipherMode != null : "Cipher mode may not be null";
-	    assert ! cipherMode.equals("") : "Cipher mode may not be empty string";
-	    List<String> combinedCipherModes =
-	        ESAPI.securityConfiguration().getCombinedCipherModes();
-	    return combinedCipherModes.contains( cipherMode );
-	}
+        // DISCUSS: Should we use HmacSHA1 (what we were using) or the HMAC defined by
+        //            Encryptor.KDF.PRF instead? Either way, this is not compatible with
+        //            previous ESAPI versions. JavaEncryptor doesn't use this any longer.
+        // ANSWER:  This is deprecated and will be removed in 2.3.0.0, so it really matter
+        //          that much. However, Since the property Encryptor.KDF.PRF is (and has
+        //          been) "HMacSHA256". changing this could unintentionally break code.
+        KeyDerivationFunction kdf = new KeyDerivationFunction(
+                                            KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1);
+        return kdf.computeDerivedKey(keyDerivationKey, keySize, purpose);
+    }
 
-	/**
+    /**
+     * Return true if specified cipher mode is one of those specified in the
+     * {@code ESAPI.properties} file that supports both confidentiality
+     * <b>and</b> authenticity (i.e., a "combined cipher mode" as NIST refers
+     * to it).
+     * @param cipherMode The specified cipher mode to be used for the encryption
+     *                   or decryption operation.
+     * @return true if the specified cipher mode is in the comma-separated list
+     *         of cipher modes supporting both confidentiality and authenticity;
+     *         otherwise false.
+     * @see org.owasp.esapi.SecurityConfiguration#getCombinedCipherModes()
+     */
+    public static boolean isCombinedCipherMode(String cipherMode)
+    {
+        if ( cipherMode == null ) {
+            throw new IllegalArgumentException("Cipher mode may not be null");
+        }
+        if ( cipherMode.equals("") ) {
+            throw new IllegalArgumentException("Cipher mode may not be empty string");
+        }
+        List<String> combinedCipherModes =
+            ESAPI.securityConfiguration().getCombinedCipherModes();
+        return combinedCipherModes.contains( cipherMode );
+    }
+
+    /**
      * Return true if specified cipher mode is one that may be used for
      * encryption / decryption operations via {@link org.owasp.esapi.Encryptor}.
      * @param cipherMode The specified cipher mode to be used for the encryption
@@ -184,16 +209,16 @@ public static boolean isCombinedCipherMode(String cipherMode)
      * @see org.owasp.esapi.SecurityConfiguration#getCombinedCipherModes()
      * @see org.owasp.esapi.SecurityConfiguration#getAdditionalAllowedCipherModes()
      */
-	public static boolean isAllowedCipherMode(String cipherMode)
-	{
-	    if ( isCombinedCipherMode(cipherMode) ) {
-	        return true;
-	    }
-	    List<String> extraCipherModes =
-	        ESAPI.securityConfiguration().getAdditionalAllowedCipherModes();
-	    return extraCipherModes.contains( cipherMode );
-	}
-	
+    public static boolean isAllowedCipherMode(String cipherMode)
+    {
+        if ( isCombinedCipherMode(cipherMode) ) {
+            return true;
+        }
+        List<String> extraCipherModes =
+            ESAPI.securityConfiguration().getAdditionalAllowedCipherModes();
+        return extraCipherModes.contains( cipherMode );
+    }
+
     /**
      * Check to see if a Message Authentication Code (MAC) is required
      * for a given {@code CipherText} object and the current ESAPI.property
@@ -222,17 +247,17 @@ public static boolean isMACRequired(CipherText ct) {
         // additional computing time.
         return ( !preferredCipherMode && wantsMAC );
     }
-	
+
     /**
      * If a Message Authentication Code (MAC) is required for the specified
      * {@code CipherText} object, then attempt to validate the MAC that
      * should be embedded within the {@code CipherText} object by using a
      * derived key based on the specified {@code SecretKey}.
      *
-     * @param sk    The {@code SecretKey} used to derived a key to check
+     * @param sk    The {@code SecretKey} used to derive a key to check
      *              the authenticity via the MAC.
      * @param ct    The {@code CipherText} that we are checking for a
-     *              valid MAC. 
+     *              valid MAC.
      *
      * @return  True is returned if a MAC is required and it is valid as
      *          verified using a key derived from the specified
@@ -243,7 +268,8 @@ public static boolean isCipherTextMACvalid(SecretKey sk, CipherText ct)
     {
         if ( CryptoHelper.isMACRequired( ct ) ) {
             try {
-                SecretKey authKey = CryptoHelper.computeDerivedKey( sk, ct.getKeySize(), "authenticity");
+                KeyDerivationFunction kdf = new KeyDerivationFunction( ct.getKDF_PRF() );
+                SecretKey authKey = kdf.computeDerivedKey(sk, ct.getKeySize(), "authenticity");
                 boolean validMAC = ct.validateMAC( authKey );
                 return validMAC;
             } catch (Exception ex) {
@@ -256,35 +282,35 @@ public static boolean isCipherTextMACvalid(SecretKey sk, CipherText ct)
         }
         return true;
     }
-    
-	/**
-	 * Overwrite a byte array with a specified byte. This is frequently done
-	 * to a plaintext byte array so the sensitive data is not lying around
-	 * exposed in memory.
-	 * @param bytes	The byte array to be overwritten.
-	 * @param x The byte array {@code bytes} is overwritten with this byte.
-	 */
-	public static void overwrite(byte[] bytes, byte x)
-	{
-		Arrays.fill(bytes, x);
-	}
-	
-	/**
-	 * Overwrite a byte array with the byte containing '*'. That is, call
-	 * <pre>
-	 * 		overwrite(bytes, (byte)'*');
-	 * </pre>
-	 * @param bytes The byte array to be overwritten.
-	 */
-	public static void overwrite(byte[] bytes)
-	{
-		overwrite(bytes, (byte)'*');
-	}
-	
-	// These provide for a bit more type safety when copying bytes around.
-	/**
-	 * Same as {@code System.arraycopy(src, 0, dest, 0, length)}.
-	 * 
+
+    /**
+     * Overwrite a byte array with a specified byte. This is frequently done
+     * to a plaintext byte array so the sensitive data is not lying around
+     * exposed in memory.
+     * @param bytes    The byte array to be overwritten.
+     * @param x The byte array {@code bytes} is overwritten with this byte.
+     */
+    public static void overwrite(byte[] bytes, byte x)
+    {
+        Arrays.fill(bytes, x);
+    }
+
+    /**
+     * Overwrite a byte array with the byte containing '*'. That is, call
+     * <pre>
+     *         overwrite(bytes, (byte)'*');
+     * </pre>
+     * @param bytes The byte array to be overwritten.
+     */
+    public static void overwrite(byte[] bytes)
+    {
+        overwrite(bytes, (byte)'*');
+    }
+
+    // These provide for a bit more type safety when copying bytes around.
+    /**
+     * Same as {@code System.arraycopy(src, 0, dest, 0, length)}.
+     *
      * @param      src      the source array.
      * @param      dest     the destination array.
      * @param      length   the number of array elements to be copied.
@@ -292,104 +318,97 @@ public static void overwrite(byte[] bytes)
      *               access of data outside array bounds.
      * @exception  NullPointerException if either <code>src</code> or
      *               <code>dest</code> is <code>null</code>.
-	 */
-	public static void copyByteArray(final byte[] src, byte[] dest, int length)
-	{
-		System.arraycopy(src, 0, dest, 0, length);
-	}
-	
-	/**
-	 * Same as {@code copyByteArray(src, dest, src.length)}.
+     */
+    public static void copyByteArray(final byte[] src, byte[] dest, int length)
+    {
+        System.arraycopy(src, 0, dest, 0, length);
+    }
+
+    /**
+     * Same as {@code copyByteArray(src, dest, src.length)}.
      * @param      src      the source array.
      * @param      dest     the destination array.
      * @exception  IndexOutOfBoundsException  if copying would cause
      *               access of data outside array bounds.
      * @exception  NullPointerException if either <code>src</code> or
      *               <code>dest</code> is <code>null</code>.
-	 */
-	public static void copyByteArray(final byte[] src, byte[] dest)
-	{
-		copyByteArray(src, dest, src.length);
-	}
-	
-	/**
-	 * A "safe" array comparison that is not vulnerable to side-channel
-	 * "timing attacks". All comparisons of non-null, equal length bytes should
-	 * take same amount of time. We use this for cryptographic comparisons.
-	 * 
-	 * @param b1   A byte array to compare.
-	 * @param b2   A second byte array to compare.
-	 * @return     {@code true} if both byte arrays are null or if both byte
-	 *             arrays are identical or have the same value; otherwise
-	 *             {@code false} is returned.
-	 */
-	public static boolean arrayCompare(byte[] b1, byte[] b2) {
-	    if ( b1 == b2 ) {
-	        return true;
-	    }
-	    if ( b1 == null || b2 == null ) {
-	        return (b1 == b2);
-	    }
-	    if ( b1.length != b2.length ) {
-	        return false;
-	    }
-	    
-	    int result = 0;
-	    // Make sure to go through ALL the bytes. We use the fact that if
-	    // you XOR any bit stream with itself the result will be all 0 bits,
-	    // which in turn yields 0 for the result.
-	    for(int i = 0; i < b1.length; i++) {
-	        // XOR the 2 current bytes and then OR with the outstanding result.
-	        result |= (b1[i] ^ b2[i]);
-	    }
-	    return (result == 0) ? true : false;
-	}
-  
-	/**
-	 * Is this particular KDF version number one that is sane? For that, we
-	 * just make sure it is inbounds of the valid range which is:
-	 * <pre>
-	 *     [20110203, 99991231]
-	 * </pre>
-	 * @param kdfVers	KDF version # that we are checking. Generally this is
-	 * 				extracted from the serialized {@code CipherText}.
-	 * @param restrictToCurrent	If this is set, we do an additional check
-	 *				to see if the KDF version is a later version than the
-	 *				one that this current ESAPI version supports.
-	 * @param throwIfError	Instead of returning {@code false} in the case of
-	 * 				an error, throw an {@code IllegalArgumentException}
-	 * @return	True if in range, false otherwise (except if {@code throwIfError}
-	 * 			is true.}
-	 */
-	public static boolean isValidKDFVersion(int kdfVers, boolean restrictToCurrent,
-											boolean throwIfError)
-				throws IllegalArgumentException
-	{
-		boolean ret = true;
-		
-		if ( kdfVers < KeyDerivationFunction.originalVersion || kdfVers > 99991231 ) {
-			ret = false;
-		} else if ( restrictToCurrent ) {
-			ret = ( kdfVers <= KeyDerivationFunction.kdfVersion );
-		}
-		if ( ret ) {
-			return ret;				// True
-		} else {					// False, so throw or not.
-			logger.warning(Logger.SECURITY_FAILURE, "Possible data tampering. Encountered invalid KDF version #. " +
-						   ( throwIfError ? "Throwing IllegalArgumentException" : "" ));
-			if ( throwIfError ) {	
-				throw new IllegalArgumentException("Version (" + kdfVers + ") invalid. " +
-					"Must be date in format of YYYYMMDD between " + KeyDerivationFunction.originalVersion + "and 99991231.");
-			}
-		}
-		return false;
-	}
-	
+     */
+    public static void copyByteArray(final byte[] src, byte[] dest)
+    {
+        copyByteArray(src, dest, src.length);
+    }
+
+    /**
+     * A "safe" array comparison that is not vulnerable to side-channel
+     * "timing attacks". All comparisons of non-null, equal length bytes should
+     * take same amount of time. We use this for cryptographic comparisons.
+     *
+     * @param b1   A byte array to compare.
+     * @param b2   A second byte array to compare.
+     * @return     {@code true} if both byte arrays are null or if both byte
+     *             arrays are identical or have the same value; otherwise
+     *             {@code false} is returned.
+     * @deprecated  Use java.security.MessageDigest#isEqual(byte[], byte[]) instead.
+     */
+    @Deprecated
+    public static boolean arrayCompare(byte[] b1, byte[] b2) {
+        // Note: See GitHub issue #246 and #554.
+        // If we make Java 8 the minimal ESAPI baseline before we remove this
+        // method, we can at least remove these next 6 lines. (Issue 554.)
+        if ( b1 == null && b2 == null ) {   // Must test this first!
+            return true;    // Prevent NPE; compatibility with Java 8 and later.
+        }
+        if ( b1 == null || b2 == null ) {
+            return false;    // Prevent NPE; compatibility with Java 8 and later.
+        }
+        return java.security.MessageDigest.isEqual(b1, b2);
+    }
+
+    /**
+     * Is this particular KDF version number one that is sane? For that, we
+     * just make sure it is inbounds of the valid range which is:
+     * <pre>
+     *     [20110203, 99991231]
+     * </pre>
+     * @param kdfVers    KDF version # that we are checking. Generally this is
+     *                 extracted from the serialized {@code CipherText}.
+     * @param restrictToCurrent    If this is set, we do an additional check
+     *                to see if the KDF version is a later version than the
+     *                one that this current ESAPI version supports.
+     * @param throwIfError    Instead of returning {@code false} in the case of
+     *                 an error, throw an {@code IllegalArgumentException}
+     * @return    True if in range, false otherwise (except if {@code throwIfError}
+     *             is true.}
+     */
+    public static boolean isValidKDFVersion(int kdfVers, boolean restrictToCurrent,
+                                            boolean throwIfError)
+                throws IllegalArgumentException
+    {
+        boolean ret = true;
+
+        if ( kdfVers < KeyDerivationFunction.originalVersion || kdfVers > 99991231 ) {
+            ret = false;
+        } else if ( restrictToCurrent ) {
+            ret = ( kdfVers <= KeyDerivationFunction.kdfVersion );
+        }
+        if ( ret ) {
+            return ret;                // True
+        } else {                    // False, so throw or not.
+            logger.warning(Logger.SECURITY_FAILURE, "Possible data tampering. Encountered invalid KDF version #. " +
+                           ( throwIfError ? "Throwing IllegalArgumentException" : "" ));
+            if ( throwIfError ) {
+                throw new IllegalArgumentException("Version (" + kdfVers + ") invalid. " +
+                    "Must be date in format of YYYYMMDD between " + KeyDerivationFunction.originalVersion + "and 99991231.");
+            }
+        }
+        return false;
+    }
+
     /**
      * Prevent public, no-argument CTOR from being auto-generated. Public CTOR
      * is not needed as all methods are static.
      */
     private CryptoHelper() {
-    	;	// Prevent default CTOR from being auto-created.
+        ;    // Prevent default CTOR from being auto-created.
     }
 }
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
index 4276079f9..c6171b75a 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
@@ -1,15 +1,15 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright &copy; 2010 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and
  * accept the LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @created 2010
  */
 package org.owasp.esapi.crypto;
@@ -33,18 +33,14 @@
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.EncodingException;
 import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EncryptionRuntimeException;
+import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.errors.ValidationException;
 
 ///// IMPORTANT NOTE: Never print / log attribute *values* as they
 /////                 may be sensitive. Also, do not log the CryptoToken
-/////				  itself as it generally is used as an authentication token.
-
-// OPEN ISSUE: Assertions vs. IllegalArgumentException must be resolved. I prefer
-//             assertions for preconditions, which is more in line with Design-by-Contract
-//             and Eiffel. There are a few places where assertions are not appropriate
-//             because if they are not disabled (they are not by default), they could cause
-//             incorrect behavior (e.g., setting the expiration time to something in the
-//             past, etc.)
+/////                 itself, because even it is encrypted, the token itself
+/////                 is often used as an authentication token.
 
 /**
  * Compute a cryptographically secure, encrypted token containing
@@ -72,19 +68,18 @@
  * </pre>
  * The attribute value may contain any value. However, values containing
  * either '=' or ';' will be quoted using '\'. Likewise, values containing '\'
- * will also be quoted using '\'. Hence if original name/value pair were
- *             name=ab=xy\;
- *         this would be represented as
- *             name=ab\=xy\\\;
+ * will also be quoted using '\'. Hence, if original name/value pair were
+ * <b>name=ab=xy\;</b> * this would be represented as <b>name=ab\=xy\\\;</b>.
  * To ensure things are "safe" (from a security perspective), attribute
- * <i>names</i> must conform the the Java regular expression
+ * <i>names</i> must conform to the Java regular expression
  * <pre>
  *          [A-Za-z0-9_\.-]+
  * </pre>
  * The attribute <i>value</i> on the other hand, may be any valid string. (That
- * is, the value is not checked, so beware!)
+ * is, the value is not checked, so beware! When rendering these values, output
+ * encoding may be required to prevent XSS. Use ESAPI's {@code Encoder} for that.
  * <p>
- * This entire semicolon-separated string is then encrypted via one of the 
+ * This entire semicolon-separated string is then encrypted via one of the
  * {@code Encryptor.encrypt()} methods and then base64-encoded, serialized
  * IV + ciphertext + MAC representation as determined by
  * {@code CipherTextasPortableSerializedByteArray()} is used as the
@@ -94,23 +89,28 @@
  * must be unique. There are some restrictions on the attribute names.
  * (See the {@link #setAttribute(String, String)} method for details.)
  *
+ * <b>WARNING:</b> You should never print / log attribute <b>values</b> as
+ *              they may be sensitive. Also, do not log the {@code CryptoToken}
+ *              itself, because even though it is encrypted, the token itself is
+ *              often used as an authentication token.
+ *
  * @author kevin.w.wall@gmail.com
  * @since 2.0
  */
 public class CryptoToken {
     /** Represents an anonymous user. */
     public static final String ANONYMOUS_USER = "<anonymous>";
-    
+
     // Default expiration time
     private static final long DEFAULT_EXP_TIME = 5 * 60 * 1000;  // 5 min == 300 milliseconds
     private static final String DELIM = ";";                     // field delimiter
     private static final char DELIM_CHAR = ';';                  // field delim as a char
     private static final char QUOTE_CHAR = '\\';                 // char used to quote delimiters, '=' and itself.
-    
+
         // OPEN ISSUE: Should we make these 2 regex's properties in ESAPI.properties???
     private static final String ATTR_NAME_REGEX = "[A-Za-z0-9_.-]+"; // One or more alphanumeric, underscore, periods, or hyphens.
     private static final String USERNAME_REGEX = "[a-z][a-z0-9_.@-]*";
-    
+
     private static Logger logger = ESAPI.getLogger("CryptoToken");
 
     private String username = ANONYMOUS_USER;        // Default user name if not set. Always lower case.
@@ -121,10 +121,10 @@ public class CryptoToken {
     private transient SecretKey secretKey = null;
     private Pattern attrNameRegex = Pattern.compile(ATTR_NAME_REGEX);
     private Pattern userNameRegex = Pattern.compile(USERNAME_REGEX);
-    
+
     /**
      * Create a cryptographic token using default secret key from the
-     * <b>ESAPI.properties</b> property <b>Encryptor.MasterKey</b>. 
+     * <b>ESAPI.properties</b> property <b>Encryptor.MasterKey</b>.
      */
     public CryptoToken() {
         secretKey = getDefaultSecretKey(
@@ -137,17 +137,19 @@ public CryptoToken() {
     // Create using specified SecretKey
     /**
      * Create a cryptographic token using specified {@code SecretKey}.
-     * 
+     *
      * @param skey  The specified {@code SecretKey} to use to encrypt the token.
      */
     public CryptoToken(SecretKey skey) {
-        assert skey != null : "SecretKey may not be null.";
+        if ( skey == null ) {
+            throw new IllegalArgumentException("SecretKey may not be null.");
+        }
         secretKey = skey;
         long now = System.currentTimeMillis();
         expirationTime = now + DEFAULT_EXP_TIME;
     }
 
-    /** 
+    /**
      * Create using previously encrypted token encrypted with default secret
      * key from <b>ESAPI.properties</b>.
      * @param token A previously encrypted token returned by one of the
@@ -170,14 +172,18 @@ public CryptoToken(String token) throws EncryptionException {
             throw new EncryptionException("Decryption of token failed. Token improperly encoded or encrypted with different key.",
                                           "Can't decrypt token because not correctly encoded or encrypted with different key.", e);
         }
-        assert username != null : "Programming error: Decrypted token found username null.";
-        assert expirationTime > 0 : "Programming error: Decrypted token found expirationTime <= 0.";
+        if ( username == null ) {
+            throw new IllegalArgumentException("Programming error or malformed token: Decrypted token found username null.");
+        }
+        if ( expirationTime <= 0 ) {
+            throw new IllegalArgumentException("Programming error or malformed token: Decrypted token found expirationTime <= 0.");
+        }
     }
 
-    /** 
+    /**
      * Create cryptographic token using previously encrypted token that was
      * encrypted with specified secret key.
-     * 
+     *
      * @param token A previously encrypted token returned by one of the
      *              {@code getToken()} or {@code updateToken()} methods.
      * @throws EncryptionException  Thrown if they are any problems while decrypting
@@ -188,8 +194,12 @@ public CryptoToken(String token) throws EncryptionException {
     // token is a previously encrypted token (i.e., CryptoToken.getToken())
     // with different SecretKey other than the one in ESAPI.properties
     public CryptoToken(SecretKey skey, String token) throws EncryptionException {
-        assert skey != null : "SecretKey may not be null.";
-        assert token != null : "Token may not be null";
+        if ( skey == null ) {
+            throw new IllegalArgumentException("SecretKey may not be null.");
+        }
+        if ( token == null ) {
+                throw new IllegalArgumentException("Token may not be null");
+        }
         secretKey = skey;
         try {
             decryptToken(secretKey, token);
@@ -197,8 +207,14 @@ public CryptoToken(SecretKey skey, String token) throws EncryptionException {
             throw new EncryptionException("Decryption of token failed. Token improperly encoded.",
                                           "Can't decrypt token because not correctly encoded.", e);
         }
-        assert username != null : "Programming error: Decrypted token found username null.";
-        assert expirationTime > 0 : "Programming error: Decrypted token found expirationTime <= 0.";
+        if ( username == null ) {
+            String exm = "Programming error???: Decrypted token found username null.";
+            throw new EncryptionException(exm, exm);
+        }
+        if ( expirationTime <= 0 ) {
+            String exm = "Programming error???: Decrypted token found expirationTime <= 0.";
+            throw new EncryptionException(exm, exm);
+        }
     }
 
     /**
@@ -211,7 +227,7 @@ public CryptoToken(SecretKey skey, String token) throws EncryptionException {
     public String getUserAccountName() {
         return ( (username != null) ? username : ANONYMOUS_USER );
     }
-    
+
     /**
      * Set the user account name associated with this cryptographic token
      * object. The user account name is converted to lower case.
@@ -224,11 +240,13 @@ public String getUserAccountName() {
      *                              expression.)
      */
     public void setUserAccountName(String userAccountName) throws ValidationException {
-        assert userAccountName != null : "User account name may not be null.";
-        
+        if ( userAccountName == null ) {
+            throw new IllegalArgumentException("User account name may not be null.");
+        }
+
         // Converting to lower case first allows a simpler regex.
         String userAcct = userAccountName.toLowerCase();
-        
+
         // Check to make sure that attribute name is valid as per our regex.
         Matcher userNameChecker = userNameRegex.matcher(userAcct);
         if ( userNameChecker.matches() ) {
@@ -247,16 +265,16 @@ public void setUserAccountName(String userAccountName) throws ValidationExceptio
     public boolean isExpired() {
         return System.currentTimeMillis() > expirationTime;
     }
-    
+
     /**
      * Set expiration time to expire in 'interval' seconds (NOT milliseconds).
      * @param intervalSecs  Number of seconds in the future from current date/time
-     *                  	to set expiration. Must be positive.
+     *                      to set expiration. Must be positive.
      */
     public void setExpiration(int intervalSecs) throws IllegalArgumentException
     {
         int intervalMillis = intervalSecs * 1000;   // Need to convert secs to millisec.
-        
+
         // Don't want to use assertion here, because if they are disabled,
         // this would result in setting the expiration time prior to the
         // current time, hence it would already be expired.
@@ -270,7 +288,7 @@ public void setExpiration(int intervalSecs) throws IllegalArgumentException
         preAdd(now, intervalMillis);
         expirationTime = now + intervalMillis;
     }
-    
+
     /**
      * Set expiration time for a specific date/time.
      * @param expirationDate    The date/time at which the token will fail. Must
@@ -286,20 +304,23 @@ public void setExpiration(Date expirationDate) throws IllegalArgumentException
         long expTime = expirationDate.getTime();
         if ( expTime <= curTime ) {
             throw new IllegalArgumentException("Expiration date must be after current date/time.");
-        }        
+        }
         expirationTime = expTime;
     }
-    
+
     /**
      * Return the expiration time in milliseconds since epoch time (midnight,
      * January 1, 1970 UTC).
      * @return  The current expiration time.
      */
     public long getExpiration() {
+        // Assertion here is safe as it is just a sanity check and this check is
+        // make elsewhere. Plus this is a getter, not a setting, so if it's
+        // messed up, it happened somewhere else.
         assert expirationTime > 0L : "Programming error: Expiration time <= 0";
         return expirationTime;
     }
-    
+
     /**
      * Return the expiration time as a {@code Date}.
      * @return The {@code Date} object representing the expiration time.
@@ -318,18 +339,12 @@ public Date getExpirationDate() {
      */
     public void setAttribute(String name, String value) throws ValidationException {
         if ( name == null || name.length() == 0 ) {
-            // CHECKME: Should this be an IllegalArgumentException instead? I
-            // would prefer an assertion here and state this as a precondition
-            // in the Javadoc.
             throw new ValidationException("Null or empty attribute NAME encountered",
                                           "Attribute NAMES may not be null or empty string.");
         }
         if ( value == null ) {
-            // CHECKME: Should this be an IllegalArgumentException instead? I
-            // would prefer an assertion here and state this as a precondition
-            // in the Javadoc.
             throw new ValidationException("Null attribute VALUE encountered for attr name " + name,
-                                          "Attribute VALUE may not be null; attr name: " + name);            
+                                          "Attribute VALUE may not be null; attr name: " + name);
         }
         // NOTE: OTOH, it *is* VALID if the _value_ is empty! Null values cause too much trouble
         // to make it worth the effort of getting it to work consistently.
@@ -344,12 +359,12 @@ public void setAttribute(String name, String value) throws ValidationException {
                                           ATTR_NAME_REGEX);
         }
     }
-    
+
     /**
      * Add the specified collection of attributes to the current attributes.
      * If there are duplicate attributes specified, they will replace any
      * existing ones.
-     * 
+     *
      * @param attrs Name/value pairs of attributes to add or replace the existing
      *              attributes. Map must be non-null, but may be empty.
      * @throws ValidationException Thrown if one of the keys in the specified
@@ -359,8 +374,9 @@ public void setAttribute(String name, String value) throws ValidationException {
      * @see #setAttribute(String, String)
      */
     public void addAttributes(final Map<String, String> attrs) throws ValidationException {
-        // CHECKME: Assertion vs. IllegalArgumentException
-        assert attrs != null : "Attribute map may not be null.";
+        if ( attrs == null ) {
+            throw new IllegalArgumentException("Attribute map may not be null.");
+        }
         Set< Entry<String,String> > keyValueSet = attrs.entrySet();
         Iterator<Entry<String, String>> it = keyValueSet.iterator();
         while( it.hasNext() ) {
@@ -371,7 +387,7 @@ public void addAttributes(final Map<String, String> attrs) throws ValidationExce
         }
         return;
     }
-    
+
     /**
      * Retrieve the attribute with the specified name.
      * @param name  The attribute name.
@@ -381,13 +397,13 @@ public void addAttributes(final Map<String, String> attrs) throws ValidationExce
     public String getAttribute(String name) {
         return attributes.get(name);
     }
-    
+
     /**
      * Retrieve a {@code Map} that is a clone of all the attributes. A <i>copy</i>
      * is returned so that the attributes in {@code CrytpToken} are unaffected
      * by alterations made the returned {@code Map}. (Otherwise, multi-threaded code
      * could get trick.
-     * 
+     *
      * @return  A {@code Map} of all the attributes.
      * @see #getAttribute(String)
      */
@@ -396,7 +412,7 @@ public Map<String, String> getAttributes() {
         // Unfortunately, this requires a cast, which requires us to supress warnings.
         return (Map<String, String>) attributes.clone();
     }
-    
+
     /**
      * Removes all the attributes (if any) associated with this token. Note
      * that this does not clear / reset the user account name or expiration time.
@@ -424,7 +440,7 @@ public void clearAttributes() {
      *      SecretKey aliceSecretKey = ...  // Shared with Alice
      *      SecretKey bobSecretKey = ...;   // Shared with Carol
      *      CryptoToken cryptoToken = new CryptoToken(aliceSecretKey, tokenFromAlice);
-     *      
+     *
      *      // Re-encrypt for Carol using my (Bob's) key...
      *      String tokenForCarol = cryptoToken.getToken(bobSecretKey);
      *      // send tokenForCarol to Carol ...
@@ -450,12 +466,12 @@ public void clearAttributes() {
     public String getToken(SecretKey skey) throws EncryptionException {
         return createEncryptedToken(skey);
     }
-    
+
     /**
      * Update the (current) expiration time by adding the specified number of
      * seconds to it and then re-encrypting with the current {@code SecretKey}
      * that was used to construct this object.
-     * 
+     *
      * @param additionalSecs    The additional number of seconds to add to the
      *                          current expiration time. This number must be
      *                          &gt;= 0 or otherwise an {@code IllegalArgumentException}
@@ -477,7 +493,7 @@ public String updateToken(int additionalSecs) throws EncryptionException, Valida
         if ( additionalSecs < 0) {
             throw new IllegalArgumentException("additionalSecs argument must be >= 0.");
         }
-        
+
         // Avoid integer overflow. This could happen if one first calls
         // setExpiration(Date) with a date far into the future. We want
         // to avoid overflows as they might lead to security vulnerabilities.
@@ -487,14 +503,14 @@ public String updateToken(int additionalSecs) throws EncryptionException, Valida
             //       'long'. Could convert to Date first, and use
             //       setExpiration(Date) but that hardly seems worth the trouble.
         expirationTime = curExpTime + (additionalSecs * 1000);
-        
+
         if ( isExpired() ) {
             // Too bad there is no ProcrastinationException ;-)
             expirationTime = curExpTime;    // Restore the original value (which still may
                                             // be expired.
             throw new ValidationException("Token timed out.",
                     "Cryptographic token not increased to sufficient value to prevent timeout.");
-            
+
         }
             // Don't change anything else (user acct name, attributes, skey, etc.)
         return getToken();
@@ -503,14 +519,14 @@ public String updateToken(int additionalSecs) throws EncryptionException, Valida
     /**
      * Return the new encrypted token as a base64-encoded string, encrypted with
      * the specified {@code SecretKey} with which this object was constructed.
-     * 
+     *
      * @return The newly encrypted token.
      * @see #getToken(SecretKey)
      */
     public String getToken() throws EncryptionException {
         return createEncryptedToken(secretKey);
     }
-   
+
     // Create the actual encrypted token based on the specified SecretKey.
     // This method will ensure that the decrypted token always ends with an
     // unquoted delimiter.
@@ -521,7 +537,7 @@ private String createEncryptedToken(SecretKey skey) throws EncryptionException {
         //          If so, then updateToken() should also be revisited.
         sb.append( getExpiration() ).append( DELIM );
         sb.append( getQuotedAttributes() );
-        
+
         Encryptor encryptor = ESAPI.encryptor();
         CipherText ct = encryptor.encrypt(skey, new PlainText( sb.toString() ) );
         String b64 =
@@ -529,7 +545,7 @@ private String createEncryptedToken(SecretKey skey) throws EncryptionException {
                                             false);
         return b64;
     }
-    
+
     // Return a string of all the attributes, properly quoted. This is used in
     // creating the encrypted token. Note that this method ensures that the
     // quoted attribute string always ends with an (quoted) delimiter.
@@ -547,7 +563,7 @@ private String getQuotedAttributes() {
         }
         return sb.toString();
     }
-    
+
     // Do NOT define a toString() method as there may be sensitive
     // information contained in the attribute names. If we absolutely
     // need this, then only return the username and expiration time, and
@@ -556,11 +572,14 @@ private String getQuotedAttributes() {
     /*
      * public String toString() { return null; }
      */
-    
-    
+
+
     // Quote any special characters in value.
     private static String quoteAttributeValue(String value) {
-        assert value != null : "Program error: Value should not be null."; // Empty is OK.
+        if ( value == null ) {
+            String exm = "Programming error???: Value should not be null."; // Empty string is OK.
+            throw new EncryptionRuntimeException(exm, exm);
+        }
         StringBuilder sb = new StringBuilder();
         char[] charArray = value.toCharArray();
         for( int i = 0; i < charArray.length; i++ ) {
@@ -573,7 +592,7 @@ private static String quoteAttributeValue(String value) {
         }
         return sb.toString();
     }
-    
+
     // Parse the possibly quoted value and return the unquoted value.
     private static String parseQuotedValue(String quotedValue) {
         StringBuilder sb = new StringBuilder();
@@ -589,7 +608,7 @@ private static String parseQuotedValue(String quotedValue) {
         }
         return sb.toString();
     }
-    
+
     /*
      * Decrypt the encrypted token and parse it into the individual components.
      * The string should always end with a semicolon (;) even when there are
@@ -608,20 +627,34 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
         try {
             token = ESAPI.encoder().decodeFromBase64(b64token);
         } catch (IOException e) {
-            // CHECKME: Not clear if we should log the actual token itself. It's encrypted,
-            //          but could be arbitrarily long, especially since it is not valid
-            //          encoding. OTOH, it may help debugging as sometimes it may be a simple
-            //          case like someone failing to apply some other type of encoding
-            //          consistently (e.g., URL encoding), in which case logging this should
-            //          make this pretty obvious once a few of these are logged.
+            // Ideally, we'd like to be able to include the actual (munged) token itself.
+            // It's encrypted, but could be arbitrarily long, especially since it is not valid
+            // encoding. In theory, it may help debugging as sometimes it may be a simple
+            // case like someone failing to apply some other type of encoding
+            // consistently (e.g., URL encoding), in which case logging this should
+            // make this pretty obvious once a few of these are logged.
+            //
+            // OTOH, since tokens may be used as authentication tokens (see
+            // "WARNING" in the class Javadoc) some insider could intentionally botch
+            // a token (e.g., just remove the base64 padding characters) just to
+            // get an otherwise valid token logged somewhere they can access it.
+            // Therefore, I have decided NOT to include in in the logMessage
+            // part of the exception.
+            //
+            // Note that prior to ESAPI 2.2.0.0, the token _was_ logged, but has
+            // now been corrected.
+            //
             throw new EncodingException("Invalid base64 encoding.",
-                                          "Invalid base64 encoding. Encrypted token was: " + b64token);
+                                        "Invalid base64 encoding for token [REDACTED]");
         }
         CipherText ct = CipherText.fromPortableSerializedBytes(token);
         Encryptor encryptor = ESAPI.encryptor();
         PlainText pt = encryptor.decrypt(skey, ct);
         String str = pt.toString();
-        assert str.endsWith(DELIM) : "Programming error: Expecting decrypted token to end with delim char, " + DELIM_CHAR;
+        if ( ! str.endsWith(DELIM) ) {
+            String exm = "Programming error???: Expecting decrypted token to end with delim char, " + DELIM_CHAR;
+            throw new EncryptionException(exm, exm);
+        }
         char[] charArray = str.toCharArray();
         int prevPos = -1;                // Position of previous unquoted delimiter.
         int fieldNo = 0;
@@ -649,17 +682,23 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
                 fields.add( record );
                 fieldNo++;
                 prevPos = curPos;
-            } 
+            }
         }
-        
+
         Object[] objArray = fields.toArray();
-        assert fieldNo == objArray.length : "Program error: Mismatch of delimited field count.";
+        if ( fieldNo != objArray.length ) {
+            String exm = "Programming error???: Mismatch of delimited field count.";
+            throw new EncryptionException(exm, exm);
+        }
         logger.debug(Logger.EVENT_UNSPECIFIED, "Found " + objArray.length + " fields.");
-        assert objArray.length >= 2 : "Missing mandatory fields from decrypted token (username &/or expiration time).";
+        if ( objArray.length < 2 ) {
+            String exm = "Missing mandatory fields from decrypted token (username &/or expiration time).";
+            throw new EncryptionException(exm, exm);
+        }
         username = ((String)(objArray[0])).toLowerCase();
         String expTime = (String)objArray[1];
         expirationTime = Long.parseLong(expTime);
-        
+
         for( int i = 2; i < objArray.length; i++ ) {
             String nvpair = (String)objArray[i];
             int equalsAt = nvpair.indexOf("=");
@@ -687,20 +726,26 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
         }
         return;
     }
-    
+
     private SecretKey getDefaultSecretKey(String encryptAlgorithm) {
-        assert encryptAlgorithm != null : "Encryption algorithm cannot be null";
+        if ( encryptAlgorithm == null ) {
+            throw new IllegalArgumentException("Encryption algorithm cannot be null");
+        }
         byte[] skey = ESAPI.securityConfiguration().getMasterKey();
-        assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
-        assert skey.length >= 7 :
+        if ( skey == null ) {
+            throw new IllegalArgumentException("Can't obtain master key, Encryptor.MasterKey");
+        }
+        if ( skey.length < 7 ) {
+            throw new ConfigurationException(
                         "Encryptor.MasterKey must be at least 7 bytes. " +
-                        "Length is: " + skey.length + " bytes.";
+                        "Length is: " + skey.length + " bytes.");
+        }
         // Set up secretKeySpec for use for symmetric encryption and decryption,
         // and set up the public/private keys for asymmetric encryption /
         // decryption.
         return new SecretKeySpec(skey, encryptAlgorithm );
     }
-    
+
     // Check precondition to see if addition of two operands will result in
     // arithmetic overflow. Note that the operands are of two different
     // integral types. I.e., check to see if:
diff --git a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
index 17635ce5a..02f925bfb 100644
--- a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
+++ b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
@@ -1,6 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
@@ -21,7 +21,7 @@
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+import static org.owasp.esapi.PropNames.KDF_PRF_ALG;
 import org.owasp.esapi.util.ByteConversionUtil;
 
 /**
@@ -41,317 +41,358 @@
  * @since 2.0
  */
 public class KeyDerivationFunction {
-	/**
-	 * Used to support backward compatibility. {@code kdfVersion} is used as the
-	 * version for the serialized encrypted ciphertext on all the "encrypt"
-	 * operations. This static field should be the same as
-	 * {@link CipherText#cipherTextVersion} and
-	 * {@link CipherTextSerializer#cipherTextSerializerVersion} to make sure
-	 * that these classes are all kept in-sync in order to support backward
-	 * compatibility of previously encrypted data.
-	 * <pre>
-	 * Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
-	 *					    20130830 - Fix to issue #306 (release 2.1.0)
-	 * </pre>
-	 * @see CipherTextSerializer#asSerializedByteArray()
-	 * @see CipherText#asPortableSerializedByteArray()
-	 * @see CipherText#fromPortableSerializedBytes(byte[])
-	 */
-	public  static final int  originalVersion  = 20110203;	 // First version. Do not change. EVER!
-	public  static final int  kdfVersion       = 20130830;   // Current version. Format: YYYYMMDD, max is 99991231.
-	private static final long serialVersionUID = kdfVersion; // Format: YYYYMMDD
-	
+    /**
+     * Used to support backward compatibility. {@code kdfVersion} is used as the
+     * version for the serialized encrypted ciphertext on all the "encrypt"
+     * operations. This static field should be the same as
+     * {@link CipherText#cipherTextVersion} and
+     * {@link CipherTextSerializer#cipherTextSerializerVersion} to make sure
+     * that these classes are all kept in-sync in order to support backward
+     * compatibility of previously encrypted data.
+     * <pre>
+     * Previous versions:    20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+     *                        20130830 - Fix to issue #306 (release 2.1.0)
+     * </pre>
+     * @see CipherTextSerializer#asSerializedByteArray()
+     * @see CipherText#asPortableSerializedByteArray()
+     * @see CipherText#fromPortableSerializedBytes(byte[])
+     */
+    public  static final int  originalVersion  = 20110203;     // First version. Do not change. EVER!
+    public  static final int  kdfVersion       = 20130830;   // Current version. Format: YYYYMMDD, max is 99991231.
+    private static final long serialVersionUID = kdfVersion; // Format: YYYYMMDD
+
     // Pseudo-random function algorithms suitable for NIST KDF in counter mode.
-	// Note that HmacMD5 is intentionally omitted here!!!
+    // Note that HmacMD5 is intentionally omitted here!!!
     public enum PRF_ALGORITHMS {
-    		// SHA-1, 160-bits
+            // SHA-1, 160-bits
         HmacSHA1(0, 160, "HmacSHA1"),
-        	// SHA-2 candidates, 256-, 384-, and 512-bits
+            // SHA-2 candidates, 256-, 384-, and 512-bits
         HmacSHA256(1, 256, "HmacSHA256"),
         HmacSHA384(2, 384, "HmacSHA384"),
         HmacSHA512(3, 512, "HmacSHA512");
-        	// Reserved for SHA-3 winner, 224-, 256-, 384-, and 512-bits
-        	// Names not yet known. Will use standard JCE alg names here.
-        	//
-        	// E.g., might be something like
-        	//		HmacSHA3_224(4, 224, "HmacSHA3-224"),
-        	//		HmacSHA3_256(5, 256, "HmacSHA3-256"),
-        	//		HmacSHA3_384(6, 384, "HmacSHA3-385"),
-        	//		HmacSHA3_512(7, 512, "HmacSHA3-512");
+            // Reserved for SHA-3 winner, 224-, 256-, 384-, and 512-bits
+            // Names not yet known. Will use standard JCE alg names here.
+            //
+            // E.g., might be something like
+            //        HmacSHA3_224(4, 224, "HmacSHA3-224"),
+            //        HmacSHA3_256(5, 256, "HmacSHA3-256"),
+            //        HmacSHA3_384(6, 384, "HmacSHA3-385"),
+            //        HmacSHA3_512(7, 512, "HmacSHA3-512");
         // Reserved for future use -- values 8 through 15
         //  Most likely these might be some other strong contenders that
         //  were are based on HMACs from the NIST SHA-3 finalists.
-        
-        private final byte value;	// Value stored in serialized encrypted data to represent PRF
+
+        private final byte value;    // Value stored in serialized encrypted data to represent PRF
         private final short bits;
         private final String algName;
-        
+
         PRF_ALGORITHMS(int value, int bits, String algName) {
-        	this.value = (byte) value;
-        	this.bits  = (short) bits;
-        	this.algName = algName;
+            this.value = (byte) value;
+            this.bits  = (short) bits;
+            this.algName = algName;
         }
-        
+
         public byte getValue() { return value; }
         public short getBits() { return bits; }
         public String getAlgName() { return algName; }
     }
 
-	private static final Logger logger = ESAPI.getLogger("KeyDerivationFunction");
+    private static final Logger logger = ESAPI.getLogger("KeyDerivationFunction");
 
-	private String prfAlg_ = null;
-	private int version_ = kdfVersion;
-	private String context_ = "";
+    private String prfAlg_ = null;
+    private int version_ = kdfVersion;
+    private String context_ = "";
 
     // Check if versions of KeyDerivationFunction, CipherText, and
     // CipherTextSerializer are all the same.
     {
-    	// Ignore error about comparing identical versions and dead code.
-    	// We expect them to be, but the point is to catch us if they aren't.
-    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Versions of CipherTextSerializer and CipherText are not compatible.";
-    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
-    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+        // Ignore error about comparing identical versions and dead code.
+        // We expect them to be, but the point is to catch us if they aren't.
+        if ( CipherTextSerializer.cipherTextSerializerVersion != CipherText.cipherTextVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and CipherText are not compatible.");
+        }
+        if ( CipherTextSerializer.cipherTextSerializerVersion != KeyDerivationFunction.kdfVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.");
+        }
+    }
+
+    /**
+     * Construct a {@code KeyDerivationFunction}.
+     * @param prfAlg    Specifies a supported algorithm.
+     */
+    public KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS prfAlg) {
+        this.prfAlg_ = prfAlg.getAlgName();
+    }
+
+    /**
+     * Construct a {@code KeyDerivationFunction} based on the
+     * <b>ESAPI.property</b> property, {@code Encryptor.KDF.PRF}.
+     */
+    public KeyDerivationFunction() {
+        String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        if ( ! KeyDerivationFunction.isValidPRF(prfName) ) {
+            throw new ConfigurationException("Algorithm name " + prfName +
+                                " not a valid algorithm name for property " +
+                                KDF_PRF_ALG);
+        }
+        prfAlg_ = prfName;
+    }
+
+    /**
+     * Return the name of the algorithm for the Pseudo Random Function (PRF)
+     * that is being used.
+     * @return    The PRF algorithm name.
+     */
+    public String getPRFAlgName() {
+        return prfAlg_;
+    }
+
+    /**
+     * Package level method for use by {@code CipherText} class to get default
+     *
+     */
+    static int getDefaultPRFSelection() {
+        String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
+            if ( prf.getAlgName().equals(prfName) ) {
+                return prf.getValue();
+            }
+        }
+        throw new ConfigurationException("Algorithm name " + prfName +
+                " not a valid algorithm name for property " + KDF_PRF_ALG);
+    }
+
+    /**
+     * Set version so backward compatibility can be supported. Used to set the
+     * version to some previous version so that previously encrypted data can
+     * be decrypted.
+     * @param version    Date as a integer, in format of YYYYMMDD. Maximum
+     *                     version date is 99991231 (December 31, 9999).
+     * @throws    IllegalArgumentException    If {@code version} is not within
+     *                     the valid range of [20110203, 99991231].
+     */
+    public void setVersion(int version) throws IllegalArgumentException {
+        CryptoHelper.isValidKDFVersion(version, false, true);
+        this.version_ = version;
+    }
+
+    /**
+     * Return the version used for backward compatibility.
+     * @return    The KDF version #, in format YYYYMMDD, used for supporting
+     *             backward compatibility.
+     */
+    public int getVersion() {
+        return version_;
+    }
+
+
+    // TODO: IMPORTANT NOTE: In a future release (hopefully starting in 2.3),
+    // we will be using the 'context' to mix in some additional things. At a
+    // minimum, we will be using the KDF version (version_) so that downgrade version
+    // attacks are not possible. Other candidates are the cipher xform and
+    // the timestamp.
+    /**
+     * Set the 'context' as specified by NIST Special Publication 800-108. NIST
+     * defines 'context' as "A binary string containing the information related
+     * to the derived keying material. It may include identities of parties who
+     * are deriving and/or using the derived keying material and, optionally, a
+     * once known by the parties who derive the keys." NIST SP 800-108 seems to
+     * imply that while 'context' is recommended, that it is optional. In section
+     * 7.6 of NIST 800-108, NIST uses "SHOULD" rather than "MUST":
+     * <blockquote>
+     * "Derived keying material should be bound to all relying
+     * entities and other information to identify the derived
+     * keying material. This is called context binding.
+     * In particular, the identity (or identifier, as the term
+     * is defined in [NIST SP 800-56A , sic] and [NIST SP
+     * 800-56B , sic]) of each entity that will access (meaning
+     * derive, hold, use, and/or distribute) any segment of
+     * the keying material should be included in the Context
+     * string input to the KDF, provided that this information
+     * is known by each entity who derives the keying material."
+     * </blockquote>
+     * The ISO/IEC's KDF2 uses a similar construction for their KDF and there
+     * 'context' data is not specified at all. Therefore, ESAPI 2.0's
+     * reference implementation, {@code JavaEncryptor}, chooses not to use
+     * 'context' at all.
+     *
+     * @param context    Optional binary string containing information related to
+     *                     the derived keying material. By default (if this method
+     *                     is never called), the empty string is used. May have any
+     *                     value but {@code null}.
+     */
+    public void setContext(String context) {
+        if ( context == null ) {
+            throw new IllegalArgumentException("Context may not be null.");
+        }
+        context_ = context;
+    }
+
+    /**
+     * Return the optional 'context' that typically contains information
+     * related to the keying material, such as the identities of the message
+     * sender and recipient.
+     * @see #setContext(String)
+     * @return The 'context' is returned.
+     */
+    public String getContext() {
+        return context_;
     }
-    
-	/**
-	 * Construct a {@code KeyDerivationFunction}.
-	 * @param prfAlg	Specifies a supported algorithm.
-	 */
-	public KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS prfAlg) {
-		this.prfAlg_ = prfAlg.getAlgName();
-	}
-
-	/**
-	 * Construct a {@code KeyDerivationFunction} based on the
-	 * <b>ESAPI.property</b> property, {@code Encryptor.KDF.PRF}.
-	 */
-	public KeyDerivationFunction() {			
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		if ( ! KeyDerivationFunction.isValidPRF(prfName) ) {
-    		throw new ConfigurationException("Algorithm name " + prfName +
-    							" not a valid algorithm name for property " +
-    							DefaultSecurityConfiguration.KDF_PRF_ALG);
-		}
-		prfAlg_ = prfName;
-	}
-
-	/**
-	 * Return the name of the algorithm for the Pseudo Random Function (PRF)
-	 * that is being used.
-	 * @return	The PRF algorithm name.
-	 */
-	public String getPRFAlgName() {
-		return prfAlg_;		
-	}
-	
-	/**
-	 * Package level method for use by {@code CipherText} class to get default
-	 * 
-	 */
-	static int getDefaultPRFSelection() {
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
-			if ( prf.getAlgName().equals(prfName) ) {
-				return prf.getValue();
-			}
-		}
-		throw new ConfigurationException("Algorithm name " + prfName +
-				" not a valid algorithm name for property " +
-				DefaultSecurityConfiguration.KDF_PRF_ALG);
-	}
-	
-	/**
-	 * Set version so backward compatibility can be supported. Used to set the
-	 * version to some previous version so that previously encrypted data can
-	 * be decrypted.
-	 * @param version	Date as a integer, in format of YYYYMMDD. Maximum
-	 * 					version date is 99991231 (December 31, 9999).
-	 * @throws	IllegalArgumentException	If {@code version} is not within
-	 * 					the valid range of [20110203, 99991231].
-	 */
-	public void setVersion(int version) throws IllegalArgumentException {
-		CryptoHelper.isValidKDFVersion(version, false, true);
-		this.version_ = version;
-	}
-
-	/**
-	 * Return the version used for backward compatibility.
-	 * @return	The KDF version #, in format YYYYMMDD, used for supporting
-	 * 			backward compatibility.
-	 */
-	public int getVersion() {
-		return version_;
-	}
-	
-	
-	// TODO: IMPORTANT NOTE: In a future release (hopefully starting in 2.1.1),
-	// we will be using the 'context' to mix in some additional things. At a
-	// minimum, we will be using the KDF version (version_) so that downgrade version
-	// attacks are not possible. Other candidates are the cipher xform and
-	// the timestamp.
-	/**
-	 * Set the 'context' as specified by NIST Special Publication 800-108. NIST
-	 * defines 'context' as "A binary string containing the information related
-	 * to the derived keying material. It may include identities of parties who
-	 * are deriving and/or using the derived keying material and, optionally, a 
-	 * once known by the parties who derive the keys." NIST SP 800-108 seems to
-	 * imply that while 'context' is recommended, that it is optional. In section
-	 * 7.6 of NIST 800-108, NIST uses "SHOULD" rather than "MUST":
-	 * <blockquote>
-	 * "Derived keying material should be bound to all relying
-	 * entities and other information to identify the derived
-	 * keying material. This is called context binding.
-	 * In particular, the identity (or identifier, as the term
-	 * is defined in [NIST SP 800-56A , sic] and [NIST SP
-	 * 800-56B , sic]) of each entity that will access (meaning
-	 * derive, hold, use, and/or distribute) any segment of
-	 * the keying material should be included in the Context
-	 * string input to the KDF, provided that this information
-	 * is known by each entity who derives the keying material."
-	 * </blockquote>
-	 * The ISO/IEC's KDF2 uses a similar construction for their KDF and there
-	 * 'context' data is not specified at all. Therefore, ESAPI 2.0's
-	 * reference implementation, {@code JavaEncryptor}, chooses not to use
-	 * 'context' at all.
-	 * 
-	 * @param context	Optional binary string containing information related to
-	 * 					the derived keying material. By default (if this method
-	 * 					is never called), the empty string is used. May have any
-	 * 					value but {@code null}.
-	 */
-	public void setContext(String context) {
-		if ( context == null ) {
-			throw new IllegalArgumentException("Context may not be null.");
-		}
-		context_ = context;
-	}
-	
-	/**
-	 * Return the optional 'context' that typically contains information
-	 * related to the keying material, such as the identities of the message
-	 * sender and recipient.
-	 * @see #setContext(String)
-	 * @return The 'context' is returned.
-	 */
-	public String getContext() {
-		return context_;
-	}
-
-	/**
-	 * The method is ESAPI's Key Derivation Function (KDF) that computes a
-	 * derived key from the {@code keyDerivationKey} for either
-	 * encryption / decryption or for authentication.
-	 * <p>
-	 * <b>CAUTION:</b> If this algorithm for computing derived keys from the
-	 * key derivation key is <i>ever</i> changed, we risk breaking backward compatibility of being
-	 * able to decrypt data previously encrypted with earlier / different versions
-	 * of this method. Therefore, do not change this unless you are 100% certain that
-	 * what you are doing will NOT change either of the derived keys for
-	 * ANY "key derivation key" AT ALL!!!
-	 * <p>
-	 * <b>NOTE:</b> This method is generally not intended to be called separately.
-	 * It is used by ESAPI's reference crypto implementation class {@code JavaEncryptor}
-	 * and might be useful for someone implementing their own replacement class, but
-	 * generally it is not something that is useful to application client code.
-	 * 
-	 * @param keyDerivationKey  A key used as an input to a key derivation function
-	 *                          to derive other keys. This is the key that generally
-	 *                          is created using some key generation mechanism such as
-	 *                          {@link CryptoHelper#generateSecretKey(String, int)}. The
-	 *                          "input" key from which the other keys are derived.
-	 * 							The derived key will have the same algorithm type
-	 * 							as this key. This KDK cannot be null.
-	 * @param keySize		The cipher's key size (in bits) for the {@code keyDerivationKey}.
-	 * 						Must have a minimum size of 56 bits and be an integral multiple of 8-bits.
-	 * 						<b>Note:</b> The derived key will have the same size as this.
-	 * @param purpose		The purpose for the derived key. For the ESAPI reference implementation,
-	 * 						{@code JavaEncryptor}, this <i>must</i> be either the string "encryption" or
-	 * 						"authenticity", where "encryption" is used for creating a derived key to use
-	 * 						for confidentiality, and "authenticity" is used for creating a derived key to
-	 * 						use with a MAC to ensure message authenticity. However, since parameter serves
-	 * 						the same purpose as the "Label" in section 5.1 of NIST SP 800-108, it really can
-	 * 						be set to anything other than {@code null} or an empty string when called outside
-	 * 						of {@code JavaEncryptor}.
-	 * @return				The derived {@code SecretKey} to be used according
-	 * 						to the specified purpose. 
-	 * @throws NoSuchAlgorithmException		The {@code keyDerivationKey} has an unsupported
-	 * 						encryption algorithm or no current JCE provider supports
-	 * 						"HmacSHA1".
-	 * @throws EncryptionException		If "UTF-8" is not supported as an encoding, then
-	 * 						this is thrown with the original {@code UnsupportedEncodingException}
-	 * 						as the cause. (NOTE: This should never happen as "UTF-8" is supposed to
-	 * 						be a common encoding supported by all Java implementations. Support
-	 * 					    for it is usually in rt.jar.)
-	 * @throws InvalidKeyException 	Likely indicates a coding error. Should not happen.
-	 * @throws EncryptionException  Throw for some precondition violations.
-	 */
-	public SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, String purpose)
-			throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
-	{
-		// Acknowledgments: David Wagner first suggested this approach, I (Kevin Wall)
-		//				    stumbled upon NIST SP 800-108 and used it as a basis to
-		//				    extend it. Later it was changed that conforms more closely
-		//					to section 5.1 of NIST SP 800-108 based on feedback from
-		//					Jeffrey Walton.
-		//
-        // These probably should be turned into actual runtime checks and an
-        // IllegalArgumentException should be thrown if they are violated.
-		assert keyDerivationKey != null : "Key derivation key cannot be null.";
-			// We would choose a larger minimum key size, but we want to be
-			// able to accept DES for legacy encryption needs.
-		assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
-		assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
-		assert purpose != null && !purpose.equals("") : "Purpose may not be null or empty.";
-
-		keySize = calcKeySize( keySize );	// Safely convert to whole # of bytes.
-		byte[] derivedKey = new byte[ keySize ];
-		byte[] label;				    	// Same purpose as NIST SP 800-108's "label" in section 5.1.
-		byte[] context;						// See setContext() for details.
-		try {
-			label = purpose.getBytes("UTF-8");
-			context = context_.getBytes("UTF-8");
-		} catch (UnsupportedEncodingException e) {
-			throw new EncryptionException("Encryption failure (internal encoding error: UTF-8)",
-					 "UTF-8 encoding is NOT supported as a standard byte encoding: " + e.getMessage(), e);
-		}
-		
-			// Note that keyDerivationKey is going to be some SecretKey like an AES or
-			// DESede key, but not an HmacSHA1 key. That means it is not likely
-			// going to be 20 bytes but something different. Experiments show
-			// that doesn't really matter though as the SecretKeySpec CTOR on
-			// the following line still returns the appropriate sized key for
-			// HmacSHA1. So, if keyDerivationKey was originally (say) a 56-bit
+
+    /**
+     * The method is ESAPI's Key Derivation Function (KDF) that computes a
+     * derived key from the {@code keyDerivationKey} for either
+     * encryption / decryption or for authentication.
+     * <p>
+     * <b>CAUTION:</b> If this algorithm for computing derived keys from the
+     * key derivation key is <i>ever</i> changed, we risk breaking backward compatibility of being
+     * able to decrypt data previously encrypted with earlier / different versions
+     * of this method. Therefore, do not change this unless you are 100% certain that
+     * what you are doing will NOT change either of the derived keys for
+     * ANY "key derivation key" AT ALL!!!
+     * <p>
+     * <b>NOTE:</b> This method is generally not intended to be called separately.
+     * It is used by ESAPI's reference crypto implementation class {@code JavaEncryptor}
+     * and might be useful for someone implementing their own replacement class, but
+     * generally it is not something that is useful to application client code.
+     *
+     * @param keyDerivationKey  A key used as an input to a key derivation function
+     *                          to derive other keys. This is the key that generally
+     *                          is created using some key generation mechanism such as
+     *                          {@link CryptoHelper#generateSecretKey(String, int)}. The
+     *                          "input" key from which the other keys are derived.
+     *                             The derived key will have the same algorithm type
+     *                             as this key. This KDK cannot be null.
+     * @param keySize        The cipher's key size (in bits) for the {@code keyDerivationKey}.
+     *                         Must have a minimum size of 56 bits and be an integral multiple of 8-bits.
+     *                         <b>Note:</b> The derived key will have the same size as this.
+     * @param purpose        The purpose for the derived key. <b>IMPORTANT:</b> For the ESAPI reference implementation,
+     *                         {@code JavaEncryptor}, this <i>must</i> be either the string "encryption" or
+     *                         "authenticity", where "encryption" is used for creating a derived key to use
+     *                         for confidentiality, and "authenticity" is used for creating a derived key to
+     *                         use with a MAC to ensure message authenticity. However, since parameter serves
+     *                         the same purpose as the "Label" in section 5.1 of NIST SP 800-108, it really can
+     *                         be set to anything other than {@code null} or an empty string when called outside
+     *                         of ESAPI's {@code JavaEncryptor} reference implementation (but you must consistent).
+     * @return                The derived {@code SecretKey} to be used according
+     *                         to the specified purpose.
+     * @throws NoSuchAlgorithmException        The {@code keyDerivationKey} has an unsupported
+     *                         encryption algorithm or no current JCE provider supports requested
+     *                         Hmac algorithrm used for the PRF for key generation.
+     * @throws EncryptionException        If "UTF-8" is not supported as an encoding, then
+     *                         this is thrown with the original {@code UnsupportedEncodingException}
+     *                         as the cause. (NOTE: This should never happen as "UTF-8" is supposed to
+     *                         be a common encoding supported by all Java implementations. Support
+     *                         for it is usually in rt.jar.) This exception is also thrown if the
+     *                         requested {@code keySize} parameter exceeds the length of the number of
+     *                         bytes provded in the {@code keyDerivationKey} parameter.
+     * @throws InvalidKeyException     Likely indicates a coding error. Should not happen.
+     * @throws EncryptionException  Throw for some precondition violations.
+     */
+    public SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, String purpose)
+            throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
+    {
+        // Acknowledgments: David Wagner first suggested this approach, I (Kevin Wall)
+        //                    stumbled upon NIST SP 800-108 and used it as a basis to
+        //                    extend it. Later it was changed that conforms more closely
+        //                    to section 5.1 of NIST SP 800-108 based on feedback from
+        //                    Jeffrey Walton.
+        //
+
+        // These checks used to be assertions prior to ESAPI 2.1.0.1
+        if ( keyDerivationKey == null ) {
+            throw new IllegalArgumentException("Key derivation key cannot be null.");
+        }
+            // We would choose a larger minimum key size, but we want to allow
+            // this KDF to be able to accept DES for legacy encryption needs. (Note that
+            // elsewhere there are checks that disallow *encryption* for key size
+            // less than Encryptor.EncryptionKeyLength bits, so if they want
+            // ESAPI to encrypt stuff for DES, they would have to set that up to
+            // be 56 bits. But I can't think of any valid symmetric encryption
+            // algorithm whose key size is less than 56 bits that we would ever
+            // want to allow.
+        if ( keySize < 56 ) {
+            throw new IllegalArgumentException("Key has size of " + keySize +
+                                               ", which is less than minimum of 56-bits.");
+        }
+        if ( (keySize % 8) != 0 ) {
+            throw new IllegalArgumentException("Key size (" + keySize +
+                                               ") must be a even multiple of 8-bits.");
+        }
+        if ( purpose == null || "".equals(purpose) ) {
+            throw new IllegalArgumentException("Purpose may not be null or empty.");
+        }
+
+        //
+        // No longer, since we no longer wish to restrict this to use only by JavaEncryptor, so
+        // we no longer test for this.  For details, see the javadoc for '@param purpose', above.
+        //
+        /*
+         *
+         *      if ( ! ( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+         *          throw new IllegalArgumentException("Purpose must be \"encryption\" or \"authenticity\".");
+         *      }
+         *
+         */
+
+        int providedKeyLen = 8 * keyDerivationKey.getEncoded().length;
+        // assert providedKeyLen >= 56 : "Coding error? Length of keyDerivationKey < 56 bits!";    // Ugh. DES compatible.
+
+        if ( providedKeyLen < keySize ) {
+            throw new EncryptionException("KeyDerivationFunction.computeDerivedKey() not intended for key stretching: " +
+                                          "provided key too short (" + providedKeyLen + " bits) to provide " + keySize + " bits.",
+                        "Key stretching not supported: Provided key, keyDerivationKey, has insufficient entropy (" +
+                            providedKeyLen + " bits) to generate key of requested size of " + keySize + " bits.");
+        }
+
+        keySize = calcKeySize( keySize );    // Safely convert from bits to a whole # of bytes.
+        byte[] derivedKey = new byte[ keySize ];
+        byte[] label;                        // Same purpose as NIST SP 800-108's "label" in section 5.1.
+        byte[] context;                        // See setContext() for details.
+        try {
+            label = purpose.getBytes("UTF-8");
+            context = context_.getBytes("UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            throw new EncryptionException("Encryption failure (internal encoding error: UTF-8)",
+                     "UTF-8 encoding is NOT supported as a standard byte encoding: " + e.getMessage(), e);
+        }
+
+            // Note that keyDerivationKey is going to be some SecretKey like an AES or
+            // DESede key, but not an HmacSHA1 key. That means it is not likely
+            // going to be 20 bytes but something different. Experiments show
+            // that doesn't really matter though as the SecretKeySpec CTOR on
+            // the following line still returns the appropriate sized key for
+            // HmacSHA1. So, if keyDerivationKey was originally (say) a 56-bit
             // DES key, then there is apparently some key-stretching going on here
             // under the hood to create 'sk' so that it is 20 bytes. I cannot vouch
             // for how secure this key-stretching is. Worse, it might not be specified
             // as to *how* it is done and left to each JCE provider.
-		SecretKey sk = new SecretKeySpec(keyDerivationKey.getEncoded(), "HmacSHA1");
-		Mac mac = null;
-
-		try {
-			mac = Mac.getInstance("HmacSHA1");
-			mac.init(sk);
-		} catch( InvalidKeyException ex ) {
-			logger.error(Logger.SECURITY_FAILURE,
-					"Created HmacSHA1 Mac but SecretKey sk has alg " +
-					sk.getAlgorithm(), ex);
-			throw ex;
-		}
-		
-		// Repeatedly call of HmacSHA1 hash until we've collected enough bits
-		// for the derived key. The first time through, we calculate the HmacSHA1
-		// on the "purpose" string, but subsequent calculations are performed
-		// on the previous result.
-		int ctr = 1;		// Iteration counter for NIST 800-108
-		int totalCopied = 0;
-		int destPos = 0;
-		int len = 0;
-		byte[] tmpKey = null;	// Do not declare inside do-while loop!!!
-		do {
-			//
-			// This is to make our KDF more along the line of NIST's.
-			// NIST's Special Publication 800-108 performs the following in
+          SecretKey sk = new SecretKeySpec(keyDerivationKey.getEncoded(), prfAlg_ );
+        Mac mac = null;
+
+        try {
+            mac = Mac.getInstance( prfAlg_ );
+            mac.init(sk);
+        } catch( InvalidKeyException ex ) {
+            logger.error(Logger.SECURITY_FAILURE,
+                    "Created " + prfAlg_ + " Mac but SecretKey sk has alg " +
+                    sk.getAlgorithm(), ex);
+            throw ex;
+        }
+
+        // Repeatedly call of PRF Hmac until we've collected enough bits
+        // for the derived key. The first time through, we calculate the HmacSHA1
+        // on the "purpose" string, but subsequent calculations are performed
+        // on the previous result.
+        int ctr = 1;        // Iteration counter for NIST 800-108
+        int totalCopied = 0;
+        int destPos = 0;
+        int len = 0;
+        byte[] tmpKey = null;    // Do not declare inside do-while loop!!!
+        do {
+            //
+            // This is to make our KDF more along the line of NIST's.
+            // NIST's Special Publication 800-108 performs the following in
             // the iterative loop of Section 5.1:
             //       n := number of blocks required to fulfill request
             //       for i = 1 to n, do
@@ -367,78 +408,87 @@ public SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, Stri
             // document (Section 7.6) implies that Context is to be an
             // optional field (based on NIST's use of the word SHOULD
             // rather than MUST)
-            // 
-			mac.update( ByteConversionUtil.fromInt( ctr++ ) );
-			mac.update(label);
-			mac.update((byte) '\0');
-			mac.update(context); // This is problematic for us. See Jeff Walton's
-								  // analysis of ESAPI 2.0's KDF for details.
-								  // Maybe for 2.1, we'll see; 2.0 too close to GA.
-			
-	            // According to the Javadoc for Mac.doFinal(byte[]),
-	            // "A call to this method resets this Mac object to the state it was
-	            // in when previously initialized via a call to init(Key) or
-	            // init(Key, AlgorithmParameterSpec). That is, the object is reset
-	            // and available to generate another MAC from the same key, if
-	            // desired, via new calls to update and doFinal." Therefore, we do
-	            // not do an explicit reset().
-			tmpKey = mac.doFinal( ByteConversionUtil.fromInt( keySize ) );
-			
-			if ( tmpKey.length >= keySize ) {
-				len = keySize;
-			} else {
-				len = Math.min(tmpKey.length, keySize - totalCopied);
-			}
-			System.arraycopy(tmpKey, 0, derivedKey, destPos, len);
-			label = tmpKey;
-			totalCopied += tmpKey.length;
-			destPos += len;
-		} while( totalCopied < keySize );
-		
-		// Don't leave remnants of the partial key in memory. (Note: we could
-		// not do this if tmpKey were declared in the do-while loop.
-		for ( int i = 0; i < tmpKey.length; i++ ) {
-			tmpKey[i] = '\0';
-		}
-		tmpKey = null;	// Make it immediately eligible for GC.
-		
+            //
+            mac.update( ByteConversionUtil.fromInt( ctr++ ) );
+            mac.update(label);
+            mac.update((byte) '\0');
+            mac.update(context); // This is problematic for us. See Jeff Walton's
+                                  // analysis of ESAPI 2.0's KDF for details.
+                                  // Maybe for 2.1, we'll see; 2.0 too close to GA.
+
+                // According to the Javadoc for Mac.doFinal(byte[]),
+                // "A call to this method resets this Mac object to the state it was
+                // in when previously initialized via a call to init(Key) or
+                // init(Key, AlgorithmParameterSpec). That is, the object is reset
+                // and available to generate another MAC from the same key, if
+                // desired, via new calls to update and doFinal." Therefore, we do
+                // not do an explicit reset().
+            tmpKey = mac.doFinal( ByteConversionUtil.fromInt( keySize ) );
+
+            if ( tmpKey.length >= keySize ) {
+                len = keySize;
+            } else {
+                len = Math.min(tmpKey.length, keySize - totalCopied);
+            }
+            System.arraycopy(tmpKey, 0, derivedKey, destPos, len);
+            label = tmpKey;
+            totalCopied += tmpKey.length;
+            destPos += len;
+        } while( totalCopied < keySize );
+
+        // Don't leave remnants of the partial key in memory. (Note: we could
+        // not do this if tmpKey were declared in the do-while loop.
+        // Of course, in reality, trying to stomp these bits out is probably not
+        // realistic because the JIT is likely toing to be smart enough to
+        // optimze this loop away. We probably could try to outsmart it, by
+        // (say) writing out the overwritten bits to /dev/null, but then even
+        // then we'd still probably have to overwrite with random bits rather
+        // than all null chars. How much is enough? Who knows? But it does point
+        // to a serious limitation in Java and many other languages that one
+        // cannot arbitrarily disable the optimizer either at compile time or
+        // run time because of security reasons. Sigh. At least we've tried.
+        for ( int i = 0; i < tmpKey.length; i++ ) {
+            tmpKey[i] = '\0';
+        }
+        tmpKey = null;    // Make it immediately eligible for GC.
+
         // Convert it back into a SecretKey of the appropriate type.
-		return new SecretKeySpec(derivedKey, keyDerivationKey.getAlgorithm());
-	}
-
-	/**
-	 * Check if specified algorithm name is a valid PRF that can be used.
-	 * @param prfAlgName	Name of the PRF algorithm; e.g., "HmacSHA1", "HmacSHA384", etc.
-	 * @return	True if {@code prfAlgName} is supported, otherwise false.
-	 */
-	public static boolean isValidPRF(String prfAlgName) {
-		for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
-			if ( prf.getAlgName().equals(prfAlgName) ) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	public static PRF_ALGORITHMS convertNameToPRF(String prfAlgName) {
-		for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
-			if ( prf.getAlgName().equals(prfAlgName) ) {
-				return prf;
-			}
-		}
-		throw new IllegalArgumentException("Algorithm name " + prfAlgName +
-				" not a valid PRF algorithm name for the ESAPI KDF.");
-	}
-	
-	public static PRF_ALGORITHMS convertIntToPRF(int selection) {
-		for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
-			if ( prf.getValue() == selection ) {
-				return prf;
-			}
-		}
-		throw new IllegalArgumentException("No KDF PRF algorithm found for value name " + selection);		
-	}
-	
+        return new SecretKeySpec(derivedKey, keyDerivationKey.getAlgorithm());
+    }
+
+    /**
+     * Check if specified algorithm name is a valid PRF that can be used.
+     * @param prfAlgName    Name of the PRF algorithm; e.g., "HmacSHA1", "HmacSHA384", etc.
+     * @return    True if {@code prfAlgName} is supported, otherwise false.
+     */
+    public static boolean isValidPRF(String prfAlgName) {
+        for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
+            if ( prf.getAlgName().equals(prfAlgName) ) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public static PRF_ALGORITHMS convertNameToPRF(String prfAlgName) {
+        for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
+            if ( prf.getAlgName().equals(prfAlgName) ) {
+                return prf;
+            }
+        }
+        throw new IllegalArgumentException("Algorithm name " + prfAlgName +
+                " not a valid PRF algorithm name for the ESAPI KDF.");
+    }
+
+    public static PRF_ALGORITHMS convertIntToPRF(int selection) {
+        for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
+            if ( prf.getValue() == selection ) {
+                return prf;
+            }
+        }
+        throw new IllegalArgumentException("No KDF PRF algorithm found for value name " + selection);
+    }
+
     /**
      * Calculate the size of a key. The key size is given in bits, but we
      * can only allocate them by octets (i.e., bytes), so make sure we
@@ -451,7 +501,9 @@ public static PRF_ALGORITHMS convertIntToPRF(int selection) {
      *              {@code ks} bits.
      */
     private static int calcKeySize(int ks) {
-        assert ks > 0 : "Key size must be > 0 bits.";
+        if ( ks <= 0 ) {
+            throw new IllegalArgumentException("Key size must be > 0 bits.");
+        }
         int numBytes = 0;
         int n = ks/8;
         int rem = ks % 8;
@@ -469,11 +521,11 @@ private static int calcKeySize(int ks) {
      *
      * @param args  Required, but not used.
      */
-	public static final void main(String args[]) {
-		System.out.println("Supported pseudo-random functions for KDF (version: " + kdfVersion + ")");
-		System.out.println("Enum Name\tAlgorithm\t# bits");
-		for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
-		    System.out.println(prf + "\t" + prf.getAlgName() + "\t" + prf.getBits());
-		}
-	}
+    public static final void main(String args[]) {
+        System.out.println("Supported pseudo-random functions for KDF (version: " + kdfVersion + ")");
+        System.out.println("Enum Name\tAlgorithm\t# bits");
+        for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
+            System.out.println(prf + "\t" + prf.getAlgName() + "\t" + prf.getBits());
+        }
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/crypto/PlainText.java b/src/main/java/org/owasp/esapi/crypto/PlainText.java
index 4491404d5..4866b8048 100644
--- a/src/main/java/org/owasp/esapi/crypto/PlainText.java
+++ b/src/main/java/org/owasp/esapi/crypto/PlainText.java
@@ -16,7 +16,7 @@
  * an {@code UnsupportedEncodingException}. However, UTF-8 encoding
  * should be a standard encoding for all Java installations, so an
  * {@code UnsupportedEncodingException} never actually be thrown. Therefore,
- * in order to to keep client code uncluttered, any possible
+ * in order to keep client code uncluttered, any possible
  * {@code UnsupportedEncodingException}s will be first logged, and then
  * re-thrown as a {@code RuntimeException} with the original
  * {@code UnsupportedEncodingException} as the cause.
@@ -29,72 +29,74 @@
  */
 public final class PlainText implements Serializable {
 
-	private static final long serialVersionUID = 20090921;
-	private static Logger logger = ESAPI.getLogger("PlainText");
-	
-	private byte[] rawBytes = null;
-	
-	/**
-	 * Construct a {@code PlainText} object from a {@code String}.
-	 * @param str	The {@code String} that is converted to a UTF-8 encoded
-	 * 				byte array to create the {@code PlainText} object.
-	 * @throws IllegalArgumentException	If {@code str} argument is null.
-	 */
-	public PlainText(String str) {
-		try {
-		    assert str != null : "String for plaintext cannot be null.";
-		    if ( str == null ) {
-		    	throw new IllegalArgumentException("String for plaintext may not be null!");
-		    }
-			rawBytes = str.getBytes("UTF-8");
-		} catch (UnsupportedEncodingException e) {
-			// Should never happen.
-			logger.error(Logger.EVENT_FAILURE, "PlainText(String) CTOR failed: Can't find UTF-8 byte-encoding!", e);
-			throw new RuntimeException("Can't find UTF-8 byte-encoding!", e);
-		}
-	}
-
-	/**
-	 * Construct a {@code PlainText} object from a {@code byte} array.
-	 * @param b	The {@code byte} array used to create the {@code PlainText}
-	 * 			object.
-	 */
-	public PlainText(byte[] b) {
-		// Must allow 0 length arrays though, to represent empty strings.
-		assert b != null : "Byte array representing plaintext cannot be null.";
-		    // Make copy so mutable byte array b can't change PlainText.
-		rawBytes = new byte[ b.length ];
-		System.arraycopy(b, 0, rawBytes, 0, b.length);
-	}
-	
-	/**
-	 * Convert the {@code PlainText} object to a UTF-8 encoded {@code String}.
-	 * @return	A {@code String} representing the {@code PlainText} object.
-	 */
-	public String toString() {
-		try {
-			return new String(rawBytes, "UTF-8");
-		} catch (UnsupportedEncodingException e) {
-			// Should never happen.
-			logger.error(Logger.EVENT_FAILURE, "PlainText.toString() failed: Can't find UTF-8 byte-encoding!", e);
-			throw new RuntimeException("Can't find UTF-8 byte-encoding!", e);
-		}
-	}
-	
-	/**
-	 * Convert the {@code PlainText} object to a byte array.
-	 * @return	A byte array representing the {@code PlainText} object.
-	 */
-	public byte[] asBytes() {
-	    byte[] bytes = new byte[ rawBytes.length ];
-	    System.arraycopy(rawBytes, 0, bytes, 0, rawBytes.length);
-		return bytes;
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override public boolean equals(Object anObject) {
+    private static final long serialVersionUID = 20090921;
+    private static Logger logger = ESAPI.getLogger("PlainText");
+
+    private byte[] rawBytes = null;
+
+    /**
+     * Construct a {@code PlainText} object from a {@code String}.
+     * @param str    The {@code String} that is converted to a UTF-8 encoded
+     *                 byte array to create the {@code PlainText} object.
+     * @throws IllegalArgumentException    If {@code str} argument is null.
+     */
+    public PlainText(String str) {
+        try {
+            if ( str == null ) {
+                throw new IllegalArgumentException("String for plaintext may not be null!");
+            }
+            rawBytes = str.getBytes("UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            // Should never happen.
+            logger.error(Logger.EVENT_FAILURE, "PlainText(String) CTOR failed: Can't find UTF-8 byte-encoding!", e);
+            throw new RuntimeException("Can't find UTF-8 byte-encoding!", e);
+        }
+    }
+
+    /**
+     * Construct a {@code PlainText} object from a {@code byte} array.
+     * @param b    The {@code byte} array used to create the {@code PlainText}
+     *             object.
+     */
+    public PlainText(byte[] b) {
+        // Must allow 0 length arrays though, to represent empty strings.
+        if ( b == null ) {
+            throw new IllegalArgumentException("Byte array representing plaintext cannot be null.");
+        }
+
+        // Make copy so mutable byte array b can't change PlainText.
+        rawBytes = new byte[ b.length ];
+        System.arraycopy(b, 0, rawBytes, 0, b.length);
+    }
+
+    /**
+     * Convert the {@code PlainText} object to a UTF-8 encoded {@code String}.
+     * @return    A {@code String} representing the {@code PlainText} object.
+     */
+    public String toString() {
+        try {
+            return new String(rawBytes, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            // Should never happen.
+            logger.error(Logger.EVENT_FAILURE, "PlainText.toString() failed: Can't find UTF-8 byte-encoding!", e);
+            throw new RuntimeException("Can't find UTF-8 byte-encoding!", e);
+        }
+    }
+
+    /**
+     * Convert the {@code PlainText} object to a byte array.
+     * @return    A byte array representing the {@code PlainText} object.
+     */
+    public byte[] asBytes() {
+        byte[] bytes = new byte[ rawBytes.length ];
+        System.arraycopy(rawBytes, 0, bytes, 0, rawBytes.length);
+        return bytes;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override public boolean equals(Object anObject) {
 
         if ( this == anObject ) return true;
         if ( anObject == null ) return false;
@@ -106,42 +108,42 @@ public byte[] asBytes() {
                   );
         }
         return result;
-	}
-	
-	/**
-	 * Same as {@code this.toString().hashCode()}.
-	 * @return	{@code this.toString().hashCode()}.
-	 */
-	@Override public int hashCode() {
-		return this.toString().hashCode();
-	}
-	
-	/**
-	 * Return the length of the UTF-8 encoded byte array representing this
-	 * object. Note that if this object was constructed with the constructor
-	 * {@code PlainText(String str)}, then this length might not necessarily
-	 * agree with {@code str.length()}.
-	 * 
-	 * @return	The length of the UTF-8 encoded byte array representing this
-	 * 			object.
-	 */
-	public int length() {
-		return rawBytes.length;
-	}
-	
-	// DISCUSS: Should we set 'rawBytes' to null??? Won't make it eligible for
-	//			GC unless this PlainText object is set to null which can't do
-	//			from here. If we set it to null, most methods will cause
-	//			NullPointerException to be thrown. Also will have to change a
-	//			lot of JUnit tests.
-	/**
-	 * First overwrite the bytes of plaintext with the character '*'.
-	 */
-	public void overwrite() {
-		CryptoHelper.overwrite( rawBytes );
-		// rawBytes = null;					// See above comment re: discussion.
-	}
-	
+    }
+
+    /**
+     * Same as {@code this.toString().hashCode()}.
+     * @return    {@code this.toString().hashCode()}.
+     */
+    @Override public int hashCode() {
+        return this.toString().hashCode();
+    }
+
+    /**
+     * Return the length of the UTF-8 encoded byte array representing this
+     * object. Note that if this object was constructed with the constructor
+     * {@code PlainText(String str)}, then this length might not necessarily
+     * agree with {@code str.length()}.
+     *
+     * @return    The length of the UTF-8 encoded byte array representing this
+     *             object.
+     */
+    public int length() {
+        return rawBytes.length;
+    }
+
+    // DISCUSS: Should we set 'rawBytes' to null??? Won't make it eligible for
+    //            GC unless this PlainText object is set to null which can't do
+    //            from here. If we set it to null, most methods will cause
+    //            NullPointerException to be thrown. Also will have to change a
+    //            lot of JUnit tests.
+    /**
+     * First overwrite the bytes of plaintext with the character '*'.
+     */
+    public void overwrite() {
+        CryptoHelper.overwrite( rawBytes );
+        // rawBytes = null;                    // See above comment re: discussion.
+    }
+
     /**
      * Needed for correct definition of equals for general classes.
      * (Technically not needed for 'final' classes though like this class
@@ -156,4 +158,4 @@ public void overwrite() {
     protected boolean canEqual(Object other) {
         return (other instanceof PlainText);
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
index cacc9c9ef..a5cbd708c 100644
--- a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
+++ b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
@@ -8,7 +8,7 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 
-/** 
+/**
  * This class provides a generic static method that loads a
  * {@code java.security.Provider} either by some generic name
  * (i.e., {@code Provider.getName()}) or by a fully-qualified class name.
@@ -43,14 +43,14 @@ public class SecurityProviderLoader  {
             // with Sun-based JREs. As of JDK 1.3 and later, it is part of the
             // standard JRE install.
         jceProviders.put("SunJCE", "com.sun.crypto.provider.SunJCE");
-        
+
             // IBMJCE is default for WebSphere and is used by IBM JDKs. They
             // also have IBMJCEFIPS, but not sure if this is *always* provided
             // with WebSphere or just an add-on, hence not including it. IBMJCEFIPS
-        	// is a FIPS 140-2 compliant JCE provider from IBM.
+            // is a FIPS 140-2 compliant JCE provider from IBM.
         jceProviders.put("IBMJCE", "com.ibm.crypto.provider.IBMJCE");
         // jceProviders.put("IBMJCEFIPS", "com.ibm.crypto.fips.provider.IBMJCEFIPS");
-        
+
             // GnuCrypto is JCE provider for GNU Compiler for Java (GCJ)
         jceProviders.put("GnuCrypto", "gnu.crypto.jce.GnuCrypto");
 
@@ -79,9 +79,9 @@ public class SecurityProviderLoader  {
         jceProviders.put("ABA", "au.net.aba.crypto.provider.ABAProvider");
     }
 
-    /** 
+    /**
      * This methods adds a provider to the {@code SecurityManager}
-     * either by some generic name or by the class name. 
+     * either by some generic name or by the class name.
      * </p><p>
      * The following generic JCE provider names are built-in:
      * <ul>
@@ -155,7 +155,12 @@ public static int insertProviderAt(String algProvider, int pos)
         Class<?> providerClass = null;
         String clzName = null;
         Provider cryptoProvider = null;
-        assert (pos == -1 || pos >= 1) : "Position pos must be -1 or integer >= 1";
+
+        // Yes; I'm aware of DeMorgan's Law, but this is easier to grok.
+        if ( ! ( (pos == -1 || pos >= 1) ) ) {
+            throw new IllegalArgumentException("Position pos must be -1 or integer >= 1");
+        }
+
         try {
             // Does algProvider look like a class name?
             if (algProvider.indexOf('.') != -1) {
@@ -204,13 +209,13 @@ public static int insertProviderAt(String algProvider, int pos)
                     // compliant JCE provider at the first position and it was
                     // already loaded at position 3, then this is not FIPS 140-2
                     // compliant. Therefore, we make it a warning and a failure.
-                	// Also log separately using 'always' in case warnings suppressed
-                	// as per NSA suggestion.
+                    // Also log separately using 'always' in case warnings suppressed
+                    // as per NSA suggestion.
                     logger.warning(Logger.SECURITY_FAILURE, msg);
                     logger.always(Logger.SECURITY_FAILURE, "(audit) " + msg);
                 }
             } else {
-            	// As per NSA suggestion.
+                // As per NSA suggestion.
                 logger.always(Logger.SECURITY_AUDIT,
                         "Successfully loaded preferred JCE provider " +
                         algProvider + " at position " + pos);
@@ -218,12 +223,12 @@ public static int insertProviderAt(String algProvider, int pos)
             return ret;
         } catch(SecurityException ex) {
             // CHECKME: Log security event here too? This is a RuntimeException.
-        	// It would only be thrown if a SecurityManager is installed that
-        	// prohibits Security.addProvider() or Security.insertProviderAt()
-        	// by the current user of this thread. Will log it here. Can always
-        	// be ignored.
-        	logger.always(Logger.SECURITY_FAILURE, "Failed to load preferred JCE provider " +
-        				  algProvider + " at position " + pos, ex);
+            // It would only be thrown if a SecurityManager is installed that
+            // prohibits Security.addProvider() or Security.insertProviderAt()
+            // by the current user of this thread. Will log it here. Can always
+            // be ignored.
+            logger.always(Logger.SECURITY_FAILURE, "Failed to load preferred JCE provider " +
+                          algProvider + " at position " + pos, ex);
             throw ex;
         } catch(Exception ex) {
             // Possibilities include: ClassNotFoundException,
@@ -231,8 +236,8 @@ public static int insertProviderAt(String algProvider, int pos)
             //
             // Log an error & re-throw original message as NoSuchProviderException,
             // since that what it probably really implied here. This probably a configuration
-        	// error (e.g., classpath problem, etc.) so we use EVENT_FAILURE rather than
-        	// SECURITY_FAILURE here.
+            // error (e.g., classpath problem, etc.) so we use EVENT_FAILURE rather than
+            // SECURITY_FAILURE here.
             logger.error(Logger.EVENT_FAILURE, "Failed to insert failed crypto " +
                     " provider " + algProvider + " at position " + pos, ex);
             throw new NoSuchProviderException("Failed to insert crypto " +
@@ -240,7 +245,7 @@ public static int insertProviderAt(String algProvider, int pos)
                                        "; exception msg: " + ex.toString());
         }
     }
-    
+
     /**
      * Load the preferred JCE provider for ESAPI based on the <b>ESAPI.properties</b>
      * property {@code Encryptor.PreferredJCEProvider}. If this property is null
@@ -267,7 +272,7 @@ public static int loadESAPIPreferredJCEProvider() throws NoSuchProviderException
         try {
             // If unset or set to empty string, then don't try to change it.
             if ( prefJCEProvider == null || prefJCEProvider.trim().length() == 0) {
-            		// Always log, per NSA suggestion.
+                    // Always log, per NSA suggestion.
                 logger.always(Logger.SECURITY_AUDIT, "No Encryptor.PreferredJCEProvider specified.");
                 return -1;  // Unchanged; it is, whatever it is.
             } else {
@@ -275,8 +280,8 @@ public static int loadESAPIPreferredJCEProvider() throws NoSuchProviderException
             }
         } catch (NoSuchProviderException ex) {
             // Will already have logged with exception msg.
-        	String msg = "failed to load *preferred* " + "JCE crypto provider, " + prefJCEProvider;
-        	logger.always(Logger.SECURITY_AUDIT, msg);	// Per NSA suggestion.
+            String msg = "failed to load *preferred* " + "JCE crypto provider, " + prefJCEProvider;
+            logger.always(Logger.SECURITY_AUDIT, msg);    // Per NSA suggestion.
             logger.error(Logger.SECURITY_FAILURE, msg);
             throw ex;
         }
diff --git a/src/main/java/org/owasp/esapi/errors/AccessControlException.java b/src/main/java/org/owasp/esapi/errors/AccessControlException.java
index 2c54417ab..fbc537f3d 100644
--- a/src/main/java/org/owasp/esapi/errors/AccessControlException.java
+++ b/src/main/java/org/owasp/esapi/errors/AccessControlException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AccessControlException should be thrown when a user attempts to access a
- * resource that they are not authorized for.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AccessControlException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new access control exception.
-	 */
-	protected AccessControlException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of {@code AccessControlException}.
-     *
-     * @param userMessage
-     * @param logMessage
-     */
-	public AccessControlException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new access control exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the root cause
-	 */
-	public AccessControlException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AccessControlException should be thrown when a user attempts to access a
+ * resource that they are not authorized for.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AccessControlException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new access control exception.
+     */
+    protected AccessControlException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of {@code AccessControlException}.
+     *
+     * @param userMessage
+     * @param logMessage
+     */
+    public AccessControlException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new access control exception.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the root cause
+     */
+    public AccessControlException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java
index 98954db6f..a08b02c88 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java
@@ -1,59 +1,59 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationAccountsException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationAccountsException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of {@code AuthenticationAccountsException}.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged     
-	 *       
-	 */
-	public AuthenticationAccountsException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the root cause
-	 */
-	public AuthenticationAccountsException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationAccountsException extends AuthenticationException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new authentication exception.
+     */
+    protected AuthenticationAccountsException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of {@code AuthenticationAccountsException}.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     *
+     */
+    public AuthenticationAccountsException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new authentication exception.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the root cause
+     */
+    public AuthenticationAccountsException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java
index 0bcd0a70f..ad3d8df6b 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java
@@ -1,58 +1,58 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationCredentialsException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationCredentialsException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of {@code AuthenticationCredentialsException}.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 */
-	public AuthenticationCredentialsException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the root cause
-	 */
-	public AuthenticationCredentialsException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationCredentialsException extends AuthenticationException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new authentication exception.
+     */
+    protected AuthenticationCredentialsException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of {@code AuthenticationCredentialsException}.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public AuthenticationCredentialsException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new authentication exception.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the root cause
+     */
+    public AuthenticationCredentialsException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationException.java
index 12ef63e9e..55abbc370 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationException.java
@@ -1,58 +1,58 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of {@code AuthenticationException}.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     */
-    public AuthenticationException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new authentication exception.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     * @param cause the root cause
-     */
-    public AuthenticationException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new authentication exception.
+     */
+    protected AuthenticationException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of {@code AuthenticationException}.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public AuthenticationException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new authentication exception.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the root cause
+     */
+    public AuthenticationException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java
index 159a60b67..4010d79b1 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationHostException should be thrown when there is a problem with
- * the host involved with authentication, particularly if the host changes unexpectedly.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationHostException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationHostException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of AuthenticationHostException.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 */
-	public AuthenticationHostException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the cause
-	 */
-	public AuthenticationHostException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationHostException should be thrown when there is a problem with
+ * the host involved with authentication, particularly if the host changes unexpectedly.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationHostException extends AuthenticationException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new authentication exception.
+     */
+    protected AuthenticationHostException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of AuthenticationHostException.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public AuthenticationHostException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new authentication exception.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the cause
+     */
+    public AuthenticationHostException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java
index 6effd2af9..0f7a3d855 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java
@@ -1,58 +1,58 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationLoginException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationLoginException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of EnterpriseSecurityException.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 */
-	public AuthenticationLoginException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the cause
-	 */
-	public AuthenticationLoginException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationLoginException extends AuthenticationException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new authentication exception.
+     */
+    protected AuthenticationLoginException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of EnterpriseSecurityException.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public AuthenticationLoginException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new authentication exception.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the cause
+     */
+    public AuthenticationLoginException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/AvailabilityException.java b/src/main/java/org/owasp/esapi/errors/AvailabilityException.java
index 3530cc3a2..98099155d 100644
--- a/src/main/java/org/owasp/esapi/errors/AvailabilityException.java
+++ b/src/main/java/org/owasp/esapi/errors/AvailabilityException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AvailabilityException should be thrown when the availability of a limited
- * resource is in jeopardy. For example, if a database connection pool runs out
- * of connections, an availability exception should be thrown.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AvailabilityException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new availability exception.
-	 */
-	protected AvailabilityException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of AvailabilityException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     */
-    public AvailabilityException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new AvailabilityException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     * @param cause the cause
-     */
-    public AvailabilityException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AvailabilityException should be thrown when the availability of a limited
+ * resource is in jeopardy. For example, if a database connection pool runs out
+ * of connections, an availability exception should be thrown.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AvailabilityException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new availability exception.
+     */
+    protected AvailabilityException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of AvailabilityException.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public AvailabilityException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new AvailabilityException.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the cause
+     */
+    public AvailabilityException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/errors/CertificateException.java b/src/main/java/org/owasp/esapi/errors/CertificateException.java
index 957d32aac..561d41179 100644
--- a/src/main/java/org/owasp/esapi/errors/CertificateException.java
+++ b/src/main/java/org/owasp/esapi/errors/CertificateException.java
@@ -1,56 +1,56 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * A CertificateException should be thrown for any problems that arise during
- * processing of digital certificates.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class CertificateException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new certificate exception.
-	 */
-	protected CertificateException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of CertificateException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     */
-    public CertificateException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new CertificateException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     * @param cause the cause
-     */
-    public CertificateException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * A CertificateException should be thrown for any problems that arise during
+ * processing of digital certificates.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class CertificateException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new certificate exception.
+     */
+    protected CertificateException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of CertificateException.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public CertificateException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new CertificateException.
+     *
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the cause
+     */
+    public CertificateException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/errors/ConfigurationException.java b/src/main/java/org/owasp/esapi/errors/ConfigurationException.java
index f34c25a36..17d6a6b3e 100644
--- a/src/main/java/org/owasp/esapi/errors/ConfigurationException.java
+++ b/src/main/java/org/owasp/esapi/errors/ConfigurationException.java
@@ -1,34 +1,34 @@
-package org.owasp.esapi.errors;
-
-/**
- * A {@code ConfigurationException} should be thrown when a problem arises because of
- * a problem in one of ESAPI's configuration files, such as a missing required
- * property or invalid setting of a property, or missing or unreadable
- * configuration file, etc.
- * <p>
- * A {@code ConfigurationException} is a {@code RuntimeException}
- * because 1) configuration properties can, for the most part, only be checked
- * at run-time, and 2) we want this to be an unchecked exception to make ESAPI
- * easy to use and not cluttered with catching a bunch of try/catch blocks.
- * </p>
- */
-public class ConfigurationException extends RuntimeException {
-
-	protected static final long serialVersionUID = 1L;
-
-	public ConfigurationException(Exception e) {
-		super(e);
-	}
-
-	public ConfigurationException(String s) {
-		super(s);
-	}
-	
-	public ConfigurationException(String s, Throwable cause) {
-		super(s, cause);
-	}
-	
-	public ConfigurationException(Throwable cause) {
-		super(cause);
-	}
-}
+package org.owasp.esapi.errors;
+
+/**
+ * A {@code ConfigurationException} should be thrown when a problem arises because of
+ * a problem in one of ESAPI's configuration files, such as a missing required
+ * property or invalid setting of a property, or missing or unreadable
+ * configuration file, etc.
+ * <p>
+ * A {@code ConfigurationException} is a {@code RuntimeException}
+ * because 1) configuration properties can, for the most part, only be checked
+ * at run-time, and 2) we want this to be an unchecked exception to make ESAPI
+ * easy to use and not cluttered with catching a bunch of try/catch blocks.
+ * </p>
+ */
+public class ConfigurationException extends RuntimeException {
+
+    protected static final long serialVersionUID = 1L;
+
+    public ConfigurationException(Exception e) {
+        super(e);
+    }
+
+    public ConfigurationException(String s) {
+        super(s);
+    }
+
+    public ConfigurationException(String s, Throwable cause) {
+        super(s, cause);
+    }
+
+    public ConfigurationException(Throwable cause) {
+        super(cause);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/errors/EncodingException.java b/src/main/java/org/owasp/esapi/errors/EncodingException.java
index 9335004a1..cee3abf2b 100644
--- a/src/main/java/org/owasp/esapi/errors/EncodingException.java
+++ b/src/main/java/org/owasp/esapi/errors/EncodingException.java
@@ -1,62 +1,62 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An EncodingException should be thrown for any problems that occur when
- * encoding or decoding data.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncodingException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new service exception.
-	 */
-	protected EncodingException() {
-		// hidden
-	}
-
-       /**
-     * Creates a new instance of EncodingException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public EncodingException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new EncodingException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public EncodingException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An EncodingException should be thrown for any problems that occur when
+ * encoding or decoding data.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncodingException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new service exception.
+     */
+    protected EncodingException() {
+        // hidden
+    }
+
+       /**
+     * Creates a new instance of EncodingException.
+     *
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+     *               the message logged
+     */
+    public EncodingException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new EncodingException.
+     *
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *            the cause
+     */
+    public EncodingException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/EncryptionException.java b/src/main/java/org/owasp/esapi/errors/EncryptionException.java
index 965a52e24..895d34eb7 100644
--- a/src/main/java/org/owasp/esapi/errors/EncryptionException.java
+++ b/src/main/java/org/owasp/esapi/errors/EncryptionException.java
@@ -1,61 +1,61 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An EncryptionException should be thrown for any problems related to
- * encryption, hashing, or digital signatures.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncryptionException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new EncryptionException.
-	 */
-	protected EncryptionException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of EncryptionException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public EncryptionException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new EncryptionException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public EncryptionException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An EncryptionException should be thrown for any problems related to
+ * encryption, hashing, or digital signatures.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncryptionException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new EncryptionException.
+     */
+    protected EncryptionException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of EncryptionException.
+     *
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+     *               the message logged
+     */
+    public EncryptionException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new EncryptionException.
+     *
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *            the cause
+     */
+    public EncryptionException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java b/src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java
index 466ef5cb1..cdc484324 100644
--- a/src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java
+++ b/src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java
@@ -1,12 +1,12 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2010 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  *
@@ -18,30 +18,30 @@
 /**
  * An EncryptionRuntimeException should be thrown for any problems related to
  * encryption, hashing, or digital signatures.
- * 
+ *
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 8, 2010
  */
 public class EncryptionRuntimeException extends EnterpriseSecurityRuntimeException {
 
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
 
-	/**
-	 * Instantiates a new EncryptionException.
-	 */
-	protected EncryptionRuntimeException() {
-		// hidden
-	}
+    /**
+     * Instantiates a new EncryptionException.
+     */
+    protected EncryptionRuntimeException() {
+        // hidden
+    }
 
     /**
      * Creates a new instance of EncryptionException.
-     * 
+     *
      * @param userMessage
      *            the message displayed to the user
      * @param logMessage
-	 * 			  the message logged
+     *               the message logged
      */
     public EncryptionRuntimeException(String userMessage, String logMessage) {
         super(userMessage, logMessage);
@@ -49,11 +49,11 @@ public EncryptionRuntimeException(String userMessage, String logMessage) {
 
     /**
      * Instantiates a new EncryptionException.
-     * 
+     *
      * @param userMessage
      *            the message displayed to the user
      * @param logMessage
-	 * 			  the message logged
+     *               the message logged
      * @param cause
      *            the cause
      */
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
index a09df2c41..6b150bb42 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
@@ -1,124 +1,152 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-
-/**
- * EnterpriseSecurityException is the base class for all security related exceptions. You should pass in the root cause
- * exception where possible. Constructors for classes extending EnterpriseSecurityException should be sure to call the
- * appropriate super() method in order to ensure that logging and intrusion detection occur properly.
- * <P>
- * All EnterpriseSecurityExceptions have two messages, one for the user and one for the log file. This way, a message
- * can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile,
- * all the critical information can be included in the exception so that it gets logged.
- * <P>
- * Note that the "logMessage" for ALL EnterpriseSecurityExceptions is logged in the log file. This feature should be
- * used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records.
- * ALL EnterpriseSecurityExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of
- * application usage.
- * <P>
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EnterpriseSecurityException extends Exception {
-
-    protected static final long serialVersionUID = 1L;
-
-    /** The logger. */
-    protected final transient Logger logger = ESAPI.getLogger("EnterpriseSecurityException");
-
-    /**
-     *
-     */
-    protected String logMessage = null;
-
-    /**
-     * Instantiates a new security exception.
-     */
-    protected EnterpriseSecurityException() {
-        // hidden
-    }
-
-    /**
-     * Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
-     * using this API, applications will generate an extensive security log. In addition, this exception is
-     * automatically registered with the IntrusionDetector, so that quotas can be checked.
-     *
-     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
-     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
-     * context of the exception.
-     * 
-     * @param userMessage 
-     * 			  the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public EnterpriseSecurityException(String userMessage, String logMessage) {
-    	super(userMessage);
-        this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
-        	ESAPI.intrusionDetector().addException(this);
-        }
-    }
-
-    /**
-     * Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
-     * 
-     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
-     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
-     * context of the exception.
-     *
-     * @param userMessage
-     * 			  the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause the cause
-     */
-    public EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, cause);
-        this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
-        	ESAPI.intrusionDetector().addException(this);
-        }
-    }
-    
-    /**
-     * Returns message meant for display to users
-     *
-     * Note that if you are unsure of what set this message, it would probably
-     * be a good idea to encode this message before displaying it to the end user.
-     * 
-     * @return a String containing a message that is safe to display to users
-     */
-    public String getUserMessage() {
-        return getMessage();
-    }
-
-    /**
-     * Returns a message that is safe to display in logs, but may contain
-     * sensitive information and therefore probably should not be displayed to
-     * users.
-     * 
-     * @return a String containing a message that is safe to display in logs,
-     * but probably not to users as it may contain sensitive information.
-     */
-    public String getLogMessage() {
-        return logMessage;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+import static org.owasp.esapi.PropNames.DISABLE_INTRUSION_DETECTION;
+
+
+/**
+ * EnterpriseSecurityException is the base class for all security related exceptions. You should pass in the root cause
+ * exception where possible. Constructors for classes extending EnterpriseSecurityException should be sure to call the
+ * appropriate super() method in order to ensure that logging and intrusion detection occur properly.
+ * <P>
+ * All EnterpriseSecurityExceptions have two messages, one for the user and one for the log file. This way, a message
+ * can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile,
+ * all the critical information can be included in the exception so that it gets logged.
+ * <P>
+ * Note that the "logMessage" for ALL EnterpriseSecurityExceptions is logged in the log file. This feature should be
+ * used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records.
+ * ALL EnterpriseSecurityExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of
+ * application usage.
+ * <P>
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EnterpriseSecurityException extends Exception {
+
+    protected static final long serialVersionUID = 1L;
+
+    /** The logger. */
+    protected final transient Logger logger = ESAPI.getLogger("EnterpriseSecurityException");
+
+    /**
+     *
+     */
+    protected String logMessage = null;
+
+    /**
+     * Instantiates a new enterprise security exception.
+     */
+    protected EnterpriseSecurityException() {
+        // hidden
+    }
+
+    /**
+     * Instantiates a new enterprise security exception with a user message.
+     * (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     */
+     protected EnterpriseSecurityException(String userMessage) {
+        // hidden
+        super(userMessage);
+     }
+
+    /**
+     * Instantiates a new enterprise security exception with a user message
+     * and cause. (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     * @param cause The cause (which is saved for later retrieval by the
+     * getCause() method). (A null value is permitted, and indicates that the
+     * cause is nonexistent or unknown.)
+     */
+     protected EnterpriseSecurityException(String userMessage, Throwable cause)
+     {
+        // hidden
+        super(userMessage, cause);
+     }
+
+    /**
+     * Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
+     * using this API, applications will generate an extensive security log. In addition, this exception is
+     * automatically registered with the IntrusionDetector, so that quotas can be checked.
+     *
+     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
+     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
+     * context of the exception.
+     *
+     * @param userMessage
+     *               the message displayed to the user
+     * @param logMessage
+     *               the message logged
+     */
+    public EnterpriseSecurityException(String userMessage, String logMessage) {
+        super(userMessage);
+        this.logMessage = logMessage;
+        if (!ESAPI.securityConfiguration().getBooleanProp( DISABLE_INTRUSION_DETECTION )) {
+            ESAPI.intrusionDetector().addException(this);
+        }
+    }
+
+    /**
+     * Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
+     *
+     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
+     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
+     * context of the exception.
+     *
+     * @param userMessage
+     *               the message displayed to the user
+     * @param logMessage
+     *               the message logged
+     * @param cause the cause
+     */
+    public EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, cause);
+        this.logMessage = logMessage;
+        if (!ESAPI.securityConfiguration().getBooleanProp( DISABLE_INTRUSION_DETECTION )) {
+            ESAPI.intrusionDetector().addException(this);
+        }
+    }
+
+    /**
+     * Returns message meant for display to users
+     *
+     * Note that if you are unsure of what set this message, it would probably
+     * be a good idea to encode this message before displaying it to the end user.
+     *
+     * @return a String containing a message that is safe to display to users
+     */
+    public String getUserMessage() {
+        return getMessage();
+    }
+
+    /**
+     * Returns a message that is safe to display in logs, but may contain
+     * sensitive information and therefore probably should not be displayed to
+     * users.
+     *
+     * @return a String containing a message that is safe to display in logs,
+     * but probably not to users as it may contain sensitive information.
+     */
+    public String getLogMessage() {
+        return logMessage;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
index 5f746f4b6..3b511c321 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
@@ -1,12 +1,12 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2010 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  *
@@ -32,7 +32,7 @@
  * used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records.
  * ALL EnterpriseSecurityRuntimeExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of
  * application usage.
- * 
+ *
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 8, 2010
@@ -50,12 +50,39 @@ public class EnterpriseSecurityRuntimeException extends java.lang.RuntimeExcepti
     protected String logMessage = null;
 
     /**
-     * Instantiates a new security exception.
+     * Instantiates a new enterprise security runtime exception.
      */
     protected EnterpriseSecurityRuntimeException() {
         // hidden
     }
 
+    /**
+     * Instantiates a new enterprise security runtime exception with a user
+     * message. (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     */
+    protected EnterpriseSecurityRuntimeException(String userMessage) {
+        super(userMessage);
+    }
+
+    /**
+     * Instantiates a new enterprise security runtime exception with a
+     * user message and cause. (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     * @param cause The cause (which is saved for later retrieval by the
+     * getCause() method). (A null value is permitted, and indicates that the
+     * cause is nonexistent or unknown.)
+     */
+    protected EnterpriseSecurityRuntimeException(String userMessage,
+                                                  Throwable cause)
+    {
+        // hidden
+        super(userMessage, cause);
+    }
+
+
     /**
      * Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
      * using this API, applications will generate an extensive security log. In addition, this exception is
@@ -64,47 +91,47 @@ protected EnterpriseSecurityRuntimeException() {
      * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
      * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
      * context of the exception.
-     * 
-     * @param userMessage 
-     * 			  the message displayed to the user
+     *
+     * @param userMessage
+     *               the message displayed to the user
      * @param logMessage
-	 * 			  the message logged
+     *               the message logged
      */
     public EnterpriseSecurityRuntimeException(String userMessage, String logMessage) {
-    	super(userMessage);
+        super(userMessage);
         this.logMessage = logMessage;
         if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
-        	ESAPI.intrusionDetector().addException(this);
+            ESAPI.intrusionDetector().addException(this);
         }
     }
 
     /**
      * Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
-     * 
+     *
      * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
      * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
      * context of the exception.
      *
      * @param userMessage
-     * 			  the message displayed to the user
+     *               the message displayed to the user
      * @param logMessage
-	 * 			  the message logged
+     *               the message logged
      * @param cause the cause
      */
     public EnterpriseSecurityRuntimeException(String userMessage, String logMessage, Throwable cause) {
         super(userMessage, cause);
         this.logMessage = logMessage;
         if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
-        	ESAPI.intrusionDetector().addException(this);
+            ESAPI.intrusionDetector().addException(this);
         }
     }
-    
+
     /**
      * Returns message meant for display to users
      *
      * Note that if you are unsure of what set this message, it would probably
      * be a good idea to encode this message before displaying it to the end user.
-     * 
+     *
      * @return a String containing a message that is safe to display to users
      */
     public String getUserMessage() {
@@ -115,7 +142,7 @@ public String getUserMessage() {
      * Returns a message that is safe to display in logs, but may contain
      * sensitive information and therefore probably should not be displayed to
      * users.
-     * 
+     *
      * @return a String containing a message that is safe to display in logs,
      * but probably not to users as it may contain sensitive information.
      */
diff --git a/src/main/java/org/owasp/esapi/errors/ExecutorException.java b/src/main/java/org/owasp/esapi/errors/ExecutorException.java
index d453129cd..9adda9296 100644
--- a/src/main/java/org/owasp/esapi/errors/ExecutorException.java
+++ b/src/main/java/org/owasp/esapi/errors/ExecutorException.java
@@ -1,62 +1,62 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An ExecutorException should be thrown for any problems that arise during the
- * execution of a system executable.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ExecutorException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new ExecutorException.
-	 */
-	protected ExecutorException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of ExecutorException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public ExecutorException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new ExecutorException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public ExecutorException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An ExecutorException should be thrown for any problems that arise during the
+ * execution of a system executable.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ExecutorException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new ExecutorException.
+     */
+    protected ExecutorException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of ExecutorException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     */
+    public ExecutorException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new ExecutorException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *            the cause
+     */
+    public ExecutorException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/IntegrityException.java b/src/main/java/org/owasp/esapi/errors/IntegrityException.java
index 02e37979a..92a546a2a 100644
--- a/src/main/java/org/owasp/esapi/errors/IntegrityException.java
+++ b/src/main/java/org/owasp/esapi/errors/IntegrityException.java
@@ -1,62 +1,62 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An IntegrityException should be thrown when a problem with the integrity of data
- * has been detected. For example, if a financial account cannot be reconciled after
- * a transaction has been performed, an integrity exception should be thrown.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntegrityException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new availability exception.
-	 */
-	protected IntegrityException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of IntegrityException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public IntegrityException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new IntegrityException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public IntegrityException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An IntegrityException should be thrown when a problem with the integrity of data
+ * has been detected. For example, if a financial account cannot be reconciled after
+ * a transaction has been performed, an integrity exception should be thrown.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntegrityException extends EnterpriseSecurityException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new availability exception.
+     */
+    protected IntegrityException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of IntegrityException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     */
+    public IntegrityException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new IntegrityException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *            the cause
+     */
+    public IntegrityException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/errors/IntrusionException.java b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
index 4af7f4122..72261d9e1 100644
--- a/src/main/java/org/owasp/esapi/errors/IntrusionException.java
+++ b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
@@ -1,92 +1,92 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-/**
- * An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack
- * in progress. IntrusionExceptions are handled specially by the IntrusionDetector, which is equipped to respond by
- * either specially logging the event, logging out the current user, or invalidating the current user's account.
- * <P>
- * Unlike other exceptions in the ESAPI, the IntrusionException is a RuntimeException so that it can be thrown from
- * anywhere and will not require a lot of special exception handling.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntrusionException extends RuntimeException {
-
-    /** The Constant serialVersionUID. */
-    private static final long serialVersionUID = 1L;
-
-    /** The logger. */
-    protected final transient Logger logger = ESAPI.getLogger("IntrusionException");
-
-    /**
-     *
-     */
-    protected String logMessage = null;
-
-    /**
-     * Creates a new instance of IntrusionException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public IntrusionException(String userMessage, String logMessage) {
-        super(userMessage);
-        this.logMessage = logMessage;
-        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage);
-    }
-
-    /**
-     * Instantiates a new intrusion exception.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause 
-     *			  the cause
-     */
-    public IntrusionException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, cause);
-        this.logMessage = logMessage;
-        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage, cause);
-    }
-
-    /**
-     * Returns a String containing a message that is safe to display to users
-     * 
-     * @return a String containing a message that is safe to display to users
-     */
-    public String getUserMessage() {
-        return getMessage();
-    }
-
-    /**
-     * Returns a String that is safe to display in logs, but probably not to users
-     * 
-     * @return a String containing a message that is safe to display in logs, but probably not to users
-     */
-    public String getLogMessage() {
-        return logMessage;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+/**
+ * An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack
+ * in progress. IntrusionExceptions are handled specially by the IntrusionDetector, which is equipped to respond by
+ * either specially logging the event, logging out the current user, or invalidating the current user's account.
+ * <P>
+ * Unlike other exceptions in the ESAPI, the IntrusionException is a RuntimeException so that it can be thrown from
+ * anywhere and will not require a lot of special exception handling.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntrusionException extends EnterpriseSecurityRuntimeException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /** The logger. */
+    protected final transient Logger logger = ESAPI.getLogger("IntrusionException");
+
+    /**
+     *
+     */
+    protected String logMessage = null;
+
+    /**
+     * Creates a new instance of IntrusionException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     */
+    public IntrusionException(String userMessage, String logMessage) {
+        super(userMessage);
+        this.logMessage = logMessage;
+        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage);
+    }
+
+    /**
+     * Instantiates a new intrusion exception.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *              the cause
+     */
+    public IntrusionException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, cause);
+        this.logMessage = logMessage;
+        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage, cause);
+    }
+
+    /**
+     * Returns a String containing a message that is safe to display to users
+     *
+     * @return a String containing a message that is safe to display to users
+     */
+    public String getUserMessage() {
+        return getMessage();
+    }
+
+    /**
+     * Returns a String that is safe to display in logs, but probably not to users
+     *
+     * @return a String containing a message that is safe to display in logs, but probably not to users
+     */
+    public String getLogMessage() {
+        return logMessage;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/NotConfiguredByDefaultException.java b/src/main/java/org/owasp/esapi/errors/NotConfiguredByDefaultException.java
new file mode 100644
index 000000000..58a0cbc98
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/errors/NotConfiguredByDefaultException.java
@@ -0,0 +1,34 @@
+package org.owasp.esapi.errors;
+
+/**
+ * A {@code NotConfiguredByDefaultException} should be thrown when a method that
+ * is disabled by default is invoked.
+ * </p><p>
+
+ * See the ESAPI properties "<b>ESAPI.dangerouslyAllowUnsafeMethods.methodNames</b>"
+ * and "<b>ESAPI.dangerouslyAllowUnsafeMethods.justification</b>" in the
+ * <b>ESAPI.properties</b> file for additional details.
+ * </p>
+ */
+public class NotConfiguredByDefaultException extends ConfigurationException {
+
+    protected static final long serialVersionUID = 1L;
+    private static final String defaultMsg = "Unknown unsafe ESAPI method invoked without being explicitly allowed. " +
+                                             "Check exception stack trace for method name.";
+
+    public NotConfiguredByDefaultException(Exception e) {
+        super(e);
+    }
+
+    public NotConfiguredByDefaultException(String s) {
+        super( (s == null || s.trim().isEmpty()) ? defaultMsg : s);
+    }
+
+    public NotConfiguredByDefaultException(String s, Throwable cause) {
+        super( (s == null || s.trim().isEmpty()) ? defaultMsg : s, cause);
+    }
+
+    public NotConfiguredByDefaultException(Throwable cause) {
+        super(defaultMsg, cause);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java b/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java
index d749e4f04..5274da5d8 100644
--- a/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java
+++ b/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationAvailabilityException extends ValidationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new validation exception.
-	 */
-	protected ValidationAvailabilityException() {
-		// hidden
-	}
-
-    /**
-     * Create a new ValidationException
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-	public ValidationAvailabilityException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-    /**
-     * Create a new ValidationException
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     * 			  the cause
-     */			  
-	public ValidationAvailabilityException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationAvailabilityException extends ValidationException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new validation exception.
+     */
+    protected ValidationAvailabilityException() {
+        // hidden
+    }
+
+    /**
+     * Create a new ValidationException
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     */
+    public ValidationAvailabilityException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Create a new ValidationException
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *               the cause
+     */
+    public ValidationAvailabilityException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/ValidationException.java b/src/main/java/org/owasp/esapi/errors/ValidationException.java
index b6ebcb9c3..c185574fb 100644
--- a/src/main/java/org/owasp/esapi/errors/ValidationException.java
+++ b/src/main/java/org/owasp/esapi/errors/ValidationException.java
@@ -1,115 +1,115 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * A ValidationException should be thrown to indicate that the data provided by
- * the user or from some other external source does not match the validation
- * rules that have been specified for that data.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationException extends EnterpriseSecurityException {
-
-    protected static final long serialVersionUID = 1L;
-
-	/** The UI reference that caused this ValidationException */
-	private String context;
-
-	/**
-	 * Instantiates a new validation exception.
-	 */
-	protected ValidationException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public ValidationException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public ValidationException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-    
-    /**
-     * Creates a new instance of ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param context
-     *            the source that caused this exception
-     */
-    public ValidationException(String userMessage, String logMessage, String context) {
-        super(userMessage, logMessage);
-        setContext(context);
-    }
-    
-    /**
-     * Instantiates a new ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     * @param context
-     *            the source that caused this exception
-     */
-    public ValidationException(String userMessage, String logMessage, Throwable cause, String context) {
-        super(userMessage, logMessage, cause);
-    	setContext(context);
-    }
-    
-	/**
-	 * Returns the UI reference that caused this ValidationException
-	 *  
-	 * @return context, the source that caused the exception, stored as a string
-	 */
-	public String getContext() {
-		return context;
-	}
-
-	/**
-	 * Set's the UI reference that caused this ValidationException
-	 *  
-	 * @param context
-	 * 			the context to set, passed as a String
-	 */
-	public void setContext(String context) {
-		this.context = context;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * A ValidationException should be thrown to indicate that the data provided by
+ * the user or from some other external source does not match the validation
+ * rules that have been specified for that data.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationException extends EnterpriseSecurityException {
+
+    protected static final long serialVersionUID = 1L;
+
+    /** The UI reference that caused this ValidationException */
+    private String context;
+
+    /**
+     * Instantiates a new validation exception.
+     */
+    protected ValidationException() {
+        // hidden
+    }
+
+    /**
+     * Creates a new instance of ValidationException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     */
+    public ValidationException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new ValidationException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *            the cause
+     */
+    public ValidationException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+    /**
+     * Creates a new instance of ValidationException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param context
+     *            the source that caused this exception
+     */
+    public ValidationException(String userMessage, String logMessage, String context) {
+        super(userMessage, logMessage);
+        setContext(context);
+    }
+
+    /**
+     * Instantiates a new ValidationException.
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *            the cause
+     * @param context
+     *            the source that caused this exception
+     */
+    public ValidationException(String userMessage, String logMessage, Throwable cause, String context) {
+        super(userMessage, logMessage, cause);
+        setContext(context);
+    }
+
+    /**
+     * Returns the UI reference that caused this ValidationException
+     *
+     * @return context, the source that caused the exception, stored as a string
+     */
+    public String getContext() {
+        return context;
+    }
+
+    /**
+     * Set's the UI reference that caused this ValidationException
+     *
+     * @param context
+     *             the context to set, passed as a String
+     */
+    public void setContext(String context) {
+        this.context = context;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java b/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java
index 0541e42cf..825f15430 100644
--- a/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java
+++ b/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java
@@ -1,59 +1,59 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationUploadException extends ValidationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new validation exception.
-	 */
-	protected ValidationUploadException() {
-		// hidden
-	}
-
-    /**
-     * Create a new ValidationException
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-	public ValidationUploadException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-    /**
-     * Create a new ValidationException
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     * 			  the cause
-     */
-	public ValidationUploadException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationUploadException extends ValidationException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Instantiates a new validation exception.
+     */
+    protected ValidationUploadException() {
+        // hidden
+    }
+
+    /**
+     * Create a new ValidationException
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     */
+    public ValidationUploadException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Create a new ValidationException
+     *
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+     *               the message logged
+     * @param cause
+     *               the cause
+     */
+    public ValidationUploadException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/errors/package.html b/src/main/java/org/owasp/esapi/errors/package.html
index cb35f9c0b..4e061dd18 100644
--- a/src/main/java/org/owasp/esapi/errors/package.html
+++ b/src/main/java/org/owasp/esapi/errors/package.html
@@ -1,17 +1,17 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-A set of exception classes designed to model the error conditions that
-frequently arise in enterprise web applications and web services. The
-root class is the EnterpriseSecurityException and all the other
-exception classes extend this basic class. The
-EnterpriseSecurityException automatically logs a message in the
-constructor so that a full set of security events are captured in the
-logs.
-
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+A set of exception classes designed to model the error conditions that
+frequently arise in enterprise web applications and web services. The
+root class is the EnterpriseSecurityException and all the other
+exception classes extend this basic class. The
+EnterpriseSecurityException automatically logs a message in the
+constructor so that a full set of security events are captured in the
+logs.
+
+</body>
+</html>
diff --git a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
index 735d21ec0..e10a4e163 100644
--- a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
@@ -1,108 +1,114 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created    February 6, 2009
- */
-
-package org.owasp.esapi.filters;
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * The {@code ClickjackFilter} is discussed at
- * {@link http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE}.
- * <pre>
- *     <filter>
- *            <filter-name>ClickjackFilterDeny</filter-name>
- *            <filter-class>org.owasp.filters.ClickjackFilter</filter-class>
- *            <init-param>
- *                <param-name>mode</param-name>
- *                 <param-value>DENY</param-value>
- *             </init-param>
- *         </filter>
- *         
- *         <filter>
- *             <filter-name>ClickjackFilterSameOrigin</filter-name>
- *             <filter-class>org.owasp.filters.ClickjackFilter</filter-class>
- *             <init-param>
- *                 <param-name>mode</param-name>
- *                 <param-value>SAMEORIGIN</param-value>
- *             </init-param>
- *         </filter>
- *        
- *        <!--  use the Deny version to prevent anyone, including yourself, from framing the page -->
- *        <filter-mapping> 
- *            <filter-name>ClickjackFilterDeny</filter-name>
- *            <url-pattern>/*</url-pattern>
- *        </filter-mapping>
- *         
- *         <!-- use the SameOrigin version to allow your application to frame, but nobody else
- *         <filter-mapping> 
- *            <filter-name>ClickjackFilterSameOrigin</filter-name>
- *             <url-pattern>/*</url-pattern>
- *         </filter-mapping>
- * </pre>
- */
-public class ClickjackFilter implements Filter 
-{
-
-	private String mode = "DENY";
-
-	/**
-	 * Initialize "mode" parameter from web.xml. Valid values are "DENY" and "SAMEORIGIN". 
-	 * If you leave this parameter out, the default is to use the DENY mode.
-	 * 
-	 * @param filterConfig A filter configuration object used by a servlet container
-	 *                     to pass information to a filter during initialization. 
-	 */
-	public void init(FilterConfig filterConfig) {
-		String configMode = filterConfig.getInitParameter("mode");
-		if ( configMode != null && ( configMode.equals( "DENY" ) || configMode.equals( "SAMEORIGIN" ) ) ) {
-			mode = configMode;
-		}
-	}
-	
-	/**
-	 * Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
-	 * decide to implement) not to display this content in a frame. For details, please
-	 * refer to
-	 * {@link http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx}.
-	 * 
-	 * @param request The request object.
-	 * @param response The response object.
-	 * @param chain Refers to the {@code FilterChain} object to pass control to the
-	 *              next {@code Filter}.
-	 * @throws IOException
-	 * @throws ServletException
-	 */
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
-	{
-        HttpServletResponse res = (HttpServletResponse)response;
-        chain.doFilter(request, response);
-        res.addHeader("X-FRAME-OPTIONS", mode );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void destroy() {
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    February 6, 2009
+ */
+
+package org.owasp.esapi.filters;
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * The {@code ClickjackFilter} is configured as follows:
+ * <pre>
+ *
+ *     &lt;filter&gt;
+ *            &lt;filter-name&gt;ClickjackFilterDeny&lt;/filter-name&gt;
+ *            &lt;filter-class&gt;org.owasp.filters.ClickjackFilter&lt;/filter-class&gt;
+ *            &lt;init-param&gt;
+ *                &lt;param-name&gt;mode&lt;/param-name&gt;
+ *                 &lt;param-value&gt;DENY&lt;/param-value&gt;
+ *             &lt;/init-param&gt;
+ *         &lt;/filter&gt;
+ *
+ *         &lt;filter&gt;
+ *             &lt;filter-name&gt;ClickjackFilterSameOrigin&lt;/filter-name&gt;
+ *             &lt;filter-class&gt;org.owasp.filters.ClickjackFilter&lt;/filter-class&gt;
+ *             &lt;init-param&gt;
+ *                 &lt;param-name&gt;mode&lt;/param-name&gt;
+ *                 &lt;param-value&gt;SAMEORIGIN&lt;/param-value&gt;
+ *             &lt;/init-param&gt;
+ *         &lt;/filter&gt;
+ *
+ *        &lt;!--  use the Deny version to prevent anyone, including yourself, from framing the page --&gt;
+ *        &lt;filter-mapping&gt;
+ *            &lt;filter-name&gt;ClickjackFilterDeny&lt;/filter-name&gt;
+ *            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+ *        &lt;/filter-mapping&gt;
+ *
+ *         &lt;!-- use the SameOrigin version to allow your application to frame, but nobody else
+ *         &lt;filter-mapping&gt;
+ *            &lt;filter-name&gt;ClickjackFilterSameOrigin&lt;/filter-name&gt;
+ *             &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+ *         &lt;/filter-mapping&gt;
+ * </pre>
+ *
+ * @see <a href="https://web.archive.org/web/20131020084831/https://www.owasp.org/index.php/ClickjackFilter_for_Java_EE">
+ *          OWASP - Clickjacking Filter for JavaEE</a>
+ * @see <a href="https://owasp.org/www-community/attacks/Clickjacking">OWASP - Clickjacking Attack</a>
+ * @see <a href="https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html">
+ *          OWASP - Clickjacking Defense Cheat Sheet</a>
+ */
+public class ClickjackFilter implements Filter
+{
+
+    private String mode = "DENY";
+
+    /**
+     * Initialize "mode" parameter from web.xml. Valid values are "DENY" and "SAMEORIGIN".
+     * If you leave this parameter out, the default is to use the DENY mode.
+     *
+     * @param filterConfig A filter configuration object used by a servlet container
+     *                     to pass information to a filter during initialization.
+     */
+    public void init(FilterConfig filterConfig) {
+        String configMode = filterConfig.getInitParameter("mode");
+        if ( configMode != null && ( configMode.equals( "DENY" ) || configMode.equals( "SAMEORIGIN" ) ) ) {
+            mode = configMode;
+        }
+    }
+
+    /**
+     * Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
+     * decide to implement) not to display this content in a frame. For details, please
+     * refer to
+     * @link http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx
+     *
+     * @param request The request object.
+     * @param response The response object.
+     * @param chain Refers to the {@code FilterChain} object to pass control to the
+     *              next {@code Filter}.
+     * @throws IOException
+     * @throws ServletException
+     */
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
+    {
+        HttpServletResponse res = (HttpServletResponse)response;
+        res.addHeader("X-FRAME-OPTIONS", mode );
+        chain.doFilter(request, response);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void destroy() {
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
index 840d17bdd..be0417bcf 100644
--- a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
@@ -1,141 +1,162 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.IOException;
-import java.util.Arrays;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-
-/**
- *
- * @author jwilliams
- */
-public class ESAPIFilter implements Filter {
-
-	private final Logger logger = ESAPI.getLogger("ESAPIFilter");
-
-	private static final String[] obfuscate = { "password" };
-
-	/**
-	 * Called by the web container to indicate to a filter that it is being
-	 * placed into service. The servlet container calls the init method exactly
-	 * once after instantiating the filter. The init method must complete
-	 * successfully before the filter is asked to do any filtering work.
-	 * 
-	 * @param filterConfig
-	 *            configuration object
-	 */
-	public void init(FilterConfig filterConfig) {
-		String path = filterConfig.getInitParameter("resourceDirectory");
-		if ( path != null ) {
-			ESAPI.securityConfiguration().setResourceDirectory( path );
-		}
-	}
-
-	/**
-	 * The doFilter method of the Filter is called by the container each time a
-	 * request/response pair is passed through the chain due to a client request
-	 * for a resource at the end of the chain. The FilterChain passed in to this
-	 * method allows the Filter to pass on the request and response to the next
-	 * entity in the chain.
-	 * 
-	 * @param req
-	 *            Request object to be processed
-	 * @param resp
-	 *            Response object
-	 * @param chain
-	 *            current FilterChain
-	 * @exception IOException
-	 *                if any occurs
-	 */
-	public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) resp;
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		
-		try {
-			// figure out who the current user is
-			try {
-				ESAPI.authenticator().login(request, response);
-			} catch( AuthenticationException e ) {
-				ESAPI.authenticator().logout();
-				request.setAttribute("message", "Authentication failed");
-				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/login.jsp");
-				dispatcher.forward(request, response);
-				return;
-			}
-
-			// log this request, obfuscating any parameter named password
-			ESAPI.httpUtilities().logHTTPRequest(request, logger, Arrays.asList(obfuscate));
-
-			// check access to this URL
-			if ( !ESAPI.accessController().isAuthorizedForURL(request.getRequestURI()) ) {
-				request.setAttribute("message", "Unauthorized" );
-				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/index.jsp");
-				dispatcher.forward(request, response);
-				return;
-			}
-
-			// check for CSRF attacks
-			// ESAPI.httpUtilities().checkCSRFToken();
-			
-			// forward this request on to the web application
-			chain.doFilter(request, response);
-
-			// set up response with content type
-			ESAPI.httpUtilities().setContentType( response );
-
-            // set no-cache headers on every response
-            // only do this if the entire site should not be cached
-            // otherwise you should do this strategically in your controller or actions
-			ESAPI.httpUtilities().setNoCacheHeaders( response );
-            
-		} catch (Exception e) {
-			logger.error( Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e );
-			request.setAttribute("message", e.getMessage() );
-			
-		} finally {
-			// VERY IMPORTANT
-			// clear out the ThreadLocal variables in the authenticator
-			// some containers could possibly reuse this thread without clearing the User
-			ESAPI.clearCurrent();
-		}
-	}
-
-	/**
-	 * Called by the web container to indicate to a filter that it is being
-	 * taken out of service. This method is only called once all threads within
-	 * the filter's doFilter method have exited or after a timeout period has
-	 * passed. After the web container calls this method, it will not call the
-	 * doFilter method again on this instance of the filter.
-	 */
-	public void destroy() {
-		// finalize
-	}
-
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AuthenticationException;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class ESAPIFilter implements Filter {
+
+    private final Logger logger = ESAPI.getLogger("ESAPIFilter");
+
+    private static final String[] obfuscate = { "password" };
+
+    private String loginPage                     = "WEB-INF/login.jsp";
+    private String publicUnauthorizedLandingPage = "WEB-INF/index.jsp";
+
+    /**
+     * Called by the web container to indicate to a filter that it is being
+     * placed into service. The servlet container calls the init method exactly
+     * once after instantiating the filter. The init method must complete
+     * successfully before the filter is asked to do any filtering work.
+     * <p>
+     * Init parameters in web.xml for this filter:
+     * <ul>
+     * <li>resourceDirectory: sets ESAPI resource directory. No default.</li>
+     * <li>loginPage: login page for your application. Default is "WEB-INF/login.jsp".</li>
+     * <li>publicUnauthorizedLandingPage: page to forward unauthorized attempts
+     * to. Generally should be public, but must at least be available to all authenticated users.
+     * Default is "WEB-INF/index.jsp".</li>
+     * </ul>
+     * </p>
+     *
+     * @param filterConfig
+     *            configuration object
+     */
+    public void init(FilterConfig filterConfig) {
+        String path = filterConfig.getInitParameter("resourceDirectory");
+        if ( path != null ) {
+            ESAPI.securityConfiguration().setResourceDirectory( path );
+        }
+        String paramLoginPage = filterConfig.getInitParameter("loginPage");
+        if ( paramLoginPage != null ) {
+            loginPage = paramLoginPage;
+        }
+        String paramUnauthorizedPage = filterConfig.getInitParameter("publicUnauthorizedLandingPage");
+        if ( paramUnauthorizedPage != null ) {
+            publicUnauthorizedLandingPage = paramUnauthorizedPage;
+        }
+    }
+
+    /**
+     * The doFilter method of the Filter is called by the container each time a
+     * request/response pair is passed through the chain due to a client request
+     * for a resource at the end of the chain. The FilterChain passed in to this
+     * method allows the Filter to pass on the request and response to the next
+     * entity in the chain.
+     *
+     * @param req
+     *            Request object to be processed
+     * @param resp
+     *            Response object
+     * @param chain
+     *            current FilterChain
+     * @exception IOException
+     *                if any occurs
+     */
+    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException {
+        HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) resp;
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+
+        try {
+            // figure out who the current user is
+            try {
+                ESAPI.authenticator().login(request, response);
+            } catch( AuthenticationException e ) {
+                ESAPI.authenticator().logout();
+                request.setAttribute("message", "Authentication failed");
+                RequestDispatcher dispatcher = request.getRequestDispatcher(loginPage);
+                dispatcher.forward(request, response);
+                return;
+            }
+
+            // log this request, obfuscating any parameter named password
+            ESAPI.httpUtilities().logHTTPRequest(request, logger, Arrays.asList(obfuscate));
+
+            // check access to this URL
+            if ( !ESAPI.accessController().isAuthorizedForURL(request.getRequestURI()) ) {
+                request.setAttribute("message", "Unauthorized" );
+                RequestDispatcher dispatcher = request.getRequestDispatcher(publicUnauthorizedLandingPage);
+                dispatcher.forward(request, response);
+                return;
+            }
+
+            // check for CSRF attacks
+            // ESAPI.httpUtilities().checkCSRFToken();
+
+            // forward this request on to the web application
+            chain.doFilter(request, response);
+
+            // set up response with content type
+            ESAPI.httpUtilities().setContentType( response );
+
+            // set no-cache headers on every response
+            // only do this if the entire site should not be cached
+            // otherwise you should do this strategically in your controller or actions
+            ESAPI.httpUtilities().setNoCacheHeaders( response );
+
+        } catch (Exception e) {
+            logger.error( Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e );
+            request.setAttribute("message", e.getMessage() );
+
+        } finally {
+            // VERY IMPORTANT
+            // clear out the ThreadLocal variables in the authenticator
+            // some containers could possibly reuse this thread without clearing the User
+            ESAPI.clearCurrent();
+        }
+    }
+
+    /**
+     * Called by the web container to indicate to a filter that it is being
+     * taken out of service. This method is only called once all threads within
+     * the filter's doFilter method have exited or after a timeout period has
+     * passed. After the web container calls this method, it will not call the
+     * doFilter method again on this instance of the filter.
+     */
+    public void destroy() {
+        // finalize
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
index 0ca121ec6..47774b895 100644
--- a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
@@ -1,114 +1,110 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import org.owasp.esapi.ESAPI;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-import java.util.Date;
-import java.util.Stack;
-
-/**
- * A simple servlet filter that limits the request rate to a certain threshold of requests per second.
- * The default rate is 5 hits in 10 seconds. This can be overridden in the web.xml file by adding
- * parameters named "hits" and "period" with the desired values. When the rate is exceeded, a short
- * string is written to the response output stream and the chain method is not invoked. Otherwise,
- * processing proceeds as normal.
- */
-public class RequestRateThrottleFilter implements Filter
-{
-
-    private int hits = 5;
-
-    private int period = 10;
-
-    private static final String HITS = "hits";
-
-    private static final String PERIOD = "period";
-
-    /**
-     * Called by the web container to indicate to a filter that it is being
-     * placed into service. The servlet container calls the init method exactly
-     * once after instantiating the filter. The init method must complete
-     * successfully before the filter is asked to do any filtering work.
-     * 
-     * @param filterConfig
-     *            configuration object
-     */
-    public void init(FilterConfig filterConfig)
-    {
-        hits = Integer.parseInt(filterConfig.getInitParameter(HITS));
-        period = Integer.parseInt(filterConfig.getInitParameter(PERIOD));
-    }
-
-    /**
-     * Checks to see if the current session has exceeded the allowed number
-     * of requests in the specified time period. If the threshold has been
-     * exceeded, then a short error message is written to the output stream and
-     * no further processing is done on the request. Otherwise the request is
-     * processed as normal.
-     * @param request 
-     * @param response 
-     * @param chain 
-     * @throws IOException
-     * @throws ServletException
-     */
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
-    {
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpSession session = httpRequest.getSession(true);
-        
-        synchronized( session.getId().intern() ) {
-	        Stack<Date> times = ESAPI.httpUtilities().getSessionAttribute("times");
-	        if (times == null)
-	        {
-	            times = new Stack<Date>();
-	            times.push(new Date(0));
-	            session.setAttribute("times", times);
-	        }
-	        times.push(new Date());
-	        if (times.size() >= hits)
-	        {
-	            times.removeElementAt(0);
-	        }
-	        Date newest = times.get(times.size() - 1);
-	        Date oldest = times.get(0);
-	        long elapsed = newest.getTime() - oldest.getTime();        
-	        if (elapsed < period * 1000) // seconds
-	        {
-	            response.getWriter().println("Request rate too high");
-	            return;
-	        }
-        }        
-        chain.doFilter(request, response);
-    }
-
-    /**
-     * Called by the web container to indicate to a filter that it is being
-     * taken out of service. This method is only called once all threads within
-     * the filter's doFilter method have exited or after a timeout period has
-     * passed. After the web container calls this method, it will not call the
-     * doFilter method again on this instance of the filter.
-     */
-    public void destroy()
-    {
-        // finalize
-    }
-
-}
\ No newline at end of file
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import org.owasp.esapi.ESAPI;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+import java.util.LinkedList;
+
+/**
+ * A simple servlet filter that limits the request rate to a certain threshold of requests per second.
+ * The default rate is 5 hits in 10 seconds. This can be overridden in the web.xml file by adding
+ * parameters named "hits" and "period" with the desired values. When the rate is exceeded, a short
+ * string is written to the response output stream and the chain method is not invoked. Otherwise,
+ * processing proceeds as normal.
+ */
+public class RequestRateThrottleFilter implements Filter
+{
+
+    private int hits = 5;
+
+    private int period = 10;
+
+    private static final String HITS = "hits";
+
+    private static final String PERIOD = "period";
+
+    /**
+     * Called by the web container to indicate to a filter that it is being
+     * placed into service. The servlet container calls the init method exactly
+     * once after instantiating the filter. The init method must complete
+     * successfully before the filter is asked to do any filtering work.
+     *
+     * @param filterConfig
+     *            configuration object
+     */
+    public void init(FilterConfig filterConfig)
+    {
+        hits = filterConfig.getInitParameter(HITS) == null ? 5 : Integer.parseInt(filterConfig.getInitParameter(HITS));
+        period = filterConfig.getInitParameter(PERIOD) == null ? 10 : Integer.parseInt(filterConfig.getInitParameter(PERIOD));
+    }
+
+    /**
+     * Checks to see if the current session has exceeded the allowed number
+     * of requests in the specified time period. If the threshold has been
+     * exceeded, then a short error message is written to the output stream and
+     * no further processing is done on the request. Otherwise, the request is
+     * processed as normal.
+     * @param request
+     * @param response
+     * @param chain
+     * @throws IOException
+     * @throws ServletException
+     */
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
+    {
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpSession session = httpRequest.getSession(true);
+
+        synchronized( session.getId().intern() ) {
+            List<Long> times = ESAPI.httpUtilities().getSessionAttribute("times");
+            if (times == null) {
+                times = new LinkedList<Long>();
+                session.setAttribute("times", times);
+            }
+            Long newest = System.currentTimeMillis();
+            times.add(newest);
+            if (times.size() > hits) {
+                Long oldest = times.remove(0);
+                long elapsed = newest - oldest;
+                if (elapsed < period * 1000) {
+                    response.getWriter().println("Request rate too high");
+                    return;
+                }
+            }
+        }
+        chain.doFilter(request, response);
+    }
+
+    /**
+     * Called by the web container to indicate to a filter that it is being
+     * taken out of service. This method is only called once all threads within
+     * the filter's doFilter method have exited or after a timeout period has
+     * passed. After the web container calls this method, it will not call the
+     * doFilter method again on this instance of the filter.
+     */
+    public void destroy()
+    {
+        // finalize
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java
index ba32981b6..cea61ba65 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java
@@ -1,136 +1,136 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.StringUtilities;
-
-
-/**
- * This filter wraps the incoming request and outgoing response and overrides
- * many methods with safer versions. Many of the safer versions simply validate
- * parts of the request or response for unwanted characters before allowing the
- * call to complete. Some examples of attacks that use these
- * vectors include request splitting, response splitting, and file download
- * injection. Attackers use techniques like CRLF injection and null byte injection
- * to confuse the parsing of requests and responses.
- * <p/>
- * <b>Example Configuration #1 (Default Configuration allows /WEB-INF):</b>
- * <pre>
- * &lt;filter&gt;
- *    &lt;filter-name&gt;SecurityWrapperDefault&lt;/filter-name&gt;
- *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
- * &lt;/filter&gt;
- * </pre>
- * <p/>
- * <b>Example Configuration #2 (Allows /servlet)</b>
- * <pre>
- * &lt;filter&gt;
- *    &lt;filter-name&gt;SecurityWrapperForServlet&lt;/filter-name&gt;
- *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
- *    &lt;init-param&gt;
- *       &lt;param-name&gt;allowableResourceRoot&lt;/param-name&gt;
- *       &lt;param-value&gt;/servlet&lt;/param-value&gt;
- *    &lt;/init-param&gt;
- * &lt;/filter&gt;
- * </pre>
- *
- * @author  Chris Schmidt (chrisisbeef@gmail.com)
- */
-public class SecurityWrapper implements Filter {
-
-    private final Logger logger = ESAPI.getLogger("SecurityWrapper");
-
-    /**
-     * This is the root path of what resources this filter will allow a RequestDispatcher to be dispatched to. This
-     * defaults to WEB-INF as best practice dictates that dispatched requests should be done to resources that are
-     * not browsable and everything behind WEB-INF is protected by the container. However, it is possible and sometimes
-     * required to dispatch requests to places outside of the WEB-INF path (such as to another servlet).
-     *
-     * See <a href="http://code.google.com/p/owasp-esapi-java/issues/detail?id=70">http://code.google.com/p/owasp-esapi-java/issues/detail?id=70</a>
-     * and <a href="https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html">https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html</a>
-     * for details.
-     */
-    private String allowableResourcesRoot = "WEB-INF";
-
-    /**
-     *
-     * @param request
-     * @param response
-     * @param chain
-     * @throws java.io.IOException
-     * @throws javax.servlet.ServletException
-     */
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        if (!(request instanceof HttpServletRequest)) {
-            chain.doFilter(request, response);
-            return;
-        }
-
-        try {
-            HttpServletRequest hrequest = (HttpServletRequest)request;
-            HttpServletResponse hresponse = (HttpServletResponse)response;
-
-            SecurityWrapperRequest secureRequest = new SecurityWrapperRequest(hrequest);
-            SecurityWrapperResponse secureResponse = new SecurityWrapperResponse(hresponse);
-
-            // Set the configuration on the wrapped request
-            secureRequest.setAllowableContentRoot(allowableResourcesRoot);
-
-            ESAPI.httpUtilities().setCurrentHTTP(secureRequest, secureResponse);
-
-            chain.doFilter(ESAPI.currentRequest(), ESAPI.currentResponse());
-        } catch (Exception e) {
-            logger.error( Logger.SECURITY_FAILURE, "Error in SecurityWrapper: " + e.getMessage(), e );
-            request.setAttribute("message", e.getMessage() );
-        } finally {
-            // VERY IMPORTANT
-            // clear out the ThreadLocal variables in the authenticator
-            // some containers could possibly reuse this thread without clearing the User
-            // Issue 70 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=70
-            ESAPI.httpUtilities().clearCurrent();
-        }
-    }
-
-    /**
-     *
-     */
-    public void destroy() {
-		// no special action
-	}
-
-    /**
-     *
-     * @param filterConfig
-     * @throws javax.servlet.ServletException
-     */
-    public void init(FilterConfig filterConfig) throws ServletException {
-		this.allowableResourcesRoot = StringUtilities.replaceNull( filterConfig.getInitParameter( "allowableResourcesRoot" ), allowableResourcesRoot );
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.StringUtilities;
+
+
+/**
+ * This filter wraps the incoming request and outgoing response and overrides
+ * many methods with safer versions. Many of the safer versions simply validate
+ * parts of the request or response for unwanted characters before allowing the
+ * call to complete. Some examples of attacks that use these
+ * vectors include request splitting, response splitting, and file download
+ * injection. Attackers use techniques like CRLF injection and null byte injection
+ * to confuse the parsing of requests and responses.
+ * <p/>
+ * <b>Example Configuration #1 (Default Configuration allows /WEB-INF):</b>
+ * <pre>
+ * &lt;filter&gt;
+ *    &lt;filter-name&gt;SecurityWrapperDefault&lt;/filter-name&gt;
+ *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
+ * &lt;/filter&gt;
+ * </pre>
+ * <p/>
+ * <b>Example Configuration #2 (Allows /servlet)</b>
+ * <pre>
+ * &lt;filter&gt;
+ *    &lt;filter-name&gt;SecurityWrapperForServlet&lt;/filter-name&gt;
+ *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
+ *    &lt;init-param&gt;
+ *       &lt;param-name&gt;allowableResourceRoot&lt;/param-name&gt;
+ *       &lt;param-value&gt;/servlet&lt;/param-value&gt;
+ *    &lt;/init-param&gt;
+ * &lt;/filter&gt;
+ * </pre>
+ *
+ * @author  Chris Schmidt (chrisisbeef@gmail.com)
+ */
+public class SecurityWrapper implements Filter {
+
+    private final Logger logger = ESAPI.getLogger("SecurityWrapper");
+
+    /**
+     * This is the root path of what resources this filter will allow a RequestDispatcher to be dispatched to. This
+     * defaults to WEB-INF as best practice dictates that dispatched requests should be done to resources that are
+     * not browsable and everything behind WEB-INF is protected by the container. However, it is possible and sometimes
+     * required to dispatch requests to places outside of the WEB-INF path (such as to another servlet).
+     *
+     * See <a href="http://code.google.com/p/owasp-esapi-java/issues/detail?id=70">http://code.google.com/p/owasp-esapi-java/issues/detail?id=70</a>
+     * and <a href="https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html">https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html</a>
+     * for details.
+     */
+    private String allowableResourcesRoot = "WEB-INF";
+
+    /**
+     *
+     * @param request
+     * @param response
+     * @param chain
+     * @throws java.io.IOException
+     * @throws javax.servlet.ServletException
+     */
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        if (!(request instanceof HttpServletRequest)) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        try {
+            HttpServletRequest hrequest = (HttpServletRequest)request;
+            HttpServletResponse hresponse = (HttpServletResponse)response;
+
+            SecurityWrapperRequest secureRequest = new SecurityWrapperRequest(hrequest);
+            SecurityWrapperResponse secureResponse = new SecurityWrapperResponse(hresponse);
+
+            // Set the configuration on the wrapped request
+            secureRequest.setAllowableContentRoot(allowableResourcesRoot);
+
+            ESAPI.httpUtilities().setCurrentHTTP(secureRequest, secureResponse);
+
+            chain.doFilter(ESAPI.currentRequest(), ESAPI.currentResponse());
+        } catch (Exception e) {
+            logger.error( Logger.SECURITY_FAILURE, "Error in SecurityWrapper: " + e.getMessage(), e );
+            request.setAttribute("message", e.getMessage() );
+        } finally {
+            // VERY IMPORTANT
+            // clear out the ThreadLocal variables in the authenticator
+            // some containers could possibly reuse this thread without clearing the User
+            // Issue 70 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=70
+            ESAPI.httpUtilities().clearCurrent();
+        }
+    }
+
+    /**
+     *
+     */
+    public void destroy() {
+        // no special action
+    }
+
+    /**
+     *
+     * @param filterConfig
+     * @throws javax.servlet.ServletException
+     */
+    public void init(FilterConfig filterConfig) throws ServletException {
+        this.allowableResourcesRoot = StringUtilities.replaceNull( filterConfig.getInitParameter( "allowableResourcesRoot" ), allowableResourcesRoot );
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 2777e4253..71c74c652 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -1,836 +1,854 @@
-/**
- * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
- * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
- * For details, please see <a
- * href="http://www.owasp.org/index.php/ESAPI">http://
- * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
- * The ESAPI is published by OWASP under the BSD license. You should read and
- * accept the LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
- *         Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.errors.AccessControlException;
-
-/**
- * This request wrapper simply overrides unsafe methods in the
- * HttpServletRequest API with safe versions that return canonicalized data
- * where possible. The wrapper returns a safe value when a validation error is
- * detected, including stripped or empty strings.
- */
-public class SecurityWrapperRequest extends HttpServletRequestWrapper implements HttpServletRequest {
-
-    private final Logger logger = ESAPI.getLogger("SecurityWrapperRequest");
-
-    private String allowableContentRoot = "WEB-INF";
-
-    /** 
-     * Construct a safe request that overrides the default request methods with
-     * safer versions.
-     * 
-     * @param request The {@code HttpServletRequest} we are wrapping.
-     */
-    public SecurityWrapperRequest(HttpServletRequest request) {
-    	super( request );
-    }
-
-    private HttpServletRequest getHttpServletRequest() {
-    	return (HttpServletRequest)super.getRequest();
-    }
-    
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The attribute name
-     * @return The attribute value
-     */
-    public Object getAttribute(String name) {
-        return getHttpServletRequest().getAttribute(name);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return An {@code Enumeration} of attribute names.
-     */
-    public Enumeration getAttributeNames() {
-        return getHttpServletRequest().getAttributeNames();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The authentication type
-     */
-    public String getAuthType() {
-        return getHttpServletRequest().getAuthType();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return  The character-encoding for this {@code HttpServletRequest}
-     */
-    public String getCharacterEncoding() {
-        return getHttpServletRequest().getCharacterEncoding();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The content-length for this {@code HttpServletRequest}
-     */
-    public int getContentLength() {
-        return getHttpServletRequest().getContentLength();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The content-type for this {@code HttpServletRequest}
-     */
-    public String getContentType() {
-        return getHttpServletRequest().getContentType();
-    }
-
-    /**
-     * Returns the context path from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return The context path for this {@code HttpServletRequest}
-     */
-    public String getContextPath() {
-        String path = getHttpServletRequest().getContextPath();
-
-		//Return empty String for the ROOT context
-		if (path == null || "".equals(path.trim())) return "";
-
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP context path: " + path, path, "HTTPContextPath", 150, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the array of Cookies from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return An array of {@code Cookie}s for this {@code HttpServletRequest}
-     */
-    public Cookie[] getCookies() {
-        Cookie[] cookies = getHttpServletRequest().getCookies();
-        if (cookies == null) return new Cookie[0];
-        
-        List<Cookie> newCookies = new ArrayList<Cookie>();
-        for (Cookie c : cookies) {
-            // build a new clean cookie
-            try {
-                // get data from original cookie
-                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", 150, true);
-                String value = ESAPI.validator().getValidInput("Cookie value: " + c.getValue(), c.getValue(), "HTTPCookieValue", 1000, true);
-                int maxAge = c.getMaxAge();
-                String domain = c.getDomain();
-                String path = c.getPath();
-				
-                Cookie n = new Cookie(name, value);
-                n.setMaxAge(maxAge);
-
-                if (domain != null) {
-                    n.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", 200, false));
-                }
-                if (path != null) {
-                    n.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", 200, false));
-                }
-                newCookies.add(n);
-            } catch (ValidationException e) {
-                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad cookie: " + c.getName() + "=" + c.getValue(), e );
-            }
-        }
-        return newCookies.toArray(new Cookie[newCookies.size()]);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name Specifies the name of the HTTP request header; e.g.,
-     *             {@code If-Modified-Since}.
-     * @return a long value representing the date specified in the header
-     * expressed as the number of milliseconds since {@code January 1, 1970 GMT},
-     * or {@code -1} if the named header was not included with the request.
-     */
-    public long getDateHeader(String name) {
-        return getHttpServletRequest().getDateHeader(name);
-    }
-
-    /**
-     * Returns the named header from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @param name The name of an HTTP request header
-     * @return The specified header value is returned.
-     */
-    public String getHeader(String name) {
-        String value = getHttpServletRequest().getHeader(name);
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 150, true);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the enumeration of header names from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return An {@code Enumeration} of header names associated with this request.
-     */
-    public Enumeration getHeaderNames() {
-        Vector<String> v = new Vector<String>();
-        Enumeration en = getHttpServletRequest().getHeaderNames();
-        while (en.hasMoreElements()) {
-            try {
-                String name = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP header name: " + name, name, "HTTPHeaderName", 150, true);
-                v.add(clean);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Returns the enumeration of headers from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The name of an HTTP request header.
-     * @return An {@code Enumeration} of headers from the request after
-     *         canonicalizing and filtering has been performed.
-     */
-    public Enumeration getHeaders(String name) {
-        Vector<String> v = new Vector<String>();
-        Enumeration en = getHttpServletRequest().getHeaders(name);
-        while (en.hasMoreElements()) {
-            try {
-                String value = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", 150, true);
-                v.add(clean);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required. Note that this
-     * input stream may contain attacks and the developer is responsible for
-     * canonicalizing, validating, and encoding any data from this stream.
-     * @return The {@code ServletInputStream} associated with this
-     *         {@code HttpServletRequest}.
-     * @throws IOException Thrown if an input exception is thrown, such as the
-     *         remote peer closing the connection.
-     */
-    public ServletInputStream getInputStream() throws IOException {
-        return getHttpServletRequest().getInputStream();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The name of an HTTP request header.
-     * @return Returns the value of the specified request header as an {@code int}.
-     */
-    public int getIntHeader(String name) {
-        return getHttpServletRequest().getIntHeader(name);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return A {@code String} containing the IP address on which the
-     *         request was received.
-     */
-    public String getLocalAddr() {
-        return getHttpServletRequest().getLocalAddr();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The preferred {@code Locale} for the client.
-     */
-    public Locale getLocale() {
-        return getHttpServletRequest().getLocale();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return An {@code Enumeration} of preferred {@code Locale}
-     *         objects for the client.
-     */
-    public Enumeration getLocales() {
-        return getHttpServletRequest().getLocales();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return A {@code String} containing the host name of the IP on which
-     *         the request was received.
-     */
-    public String getLocalName() {
-        return getHttpServletRequest().getLocalName();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the Internet Protocol (IP) port number of the interface
-     *         on which the request was received.
-     */
-    public int getLocalPort() {
-        return getHttpServletRequest().getLocalPort();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the name of the HTTP method with which this request was made.
-     */
-    public String getMethod() {
-        return getHttpServletRequest().getMethod();
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name) {
-        return getParameter(name, true);
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @param allowNull Whether null values are allowed
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name, boolean allowNull) {
-        return getParameter(name, allowNull, 2000, "HTTPParameterValue");
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @param allowNull Whether null values are allowed
-     * @param maxLength The maximum length allowed
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name, boolean allowNull, int maxLength) {
-        return getParameter(name,allowNull,maxLength,"HTTPParameterValue");
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @param allowNull Whether null values are allowed
-     * @param maxLength The maximum length allowed
-     * @param regexName The name of the regex mapped from ESAPI.properties
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name, boolean allowNull, int maxLength, String regexName) {
-        String orig = getHttpServletRequest().getParameter(name);
-        String clean = null;
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, orig, regexName, maxLength, allowNull);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the parameter map from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return A {@code Map} containing scrubbed parameter names / value pairs.
-     */
-    public Map getParameterMap() {
-        @SuppressWarnings({"unchecked"})
-        Map<String,String[]> map = getHttpServletRequest().getParameterMap();
-        Map<String,String[]> cleanMap = new HashMap<String,String[]>();
-        for (Object o : map.entrySet()) {
-            try {
-                Map.Entry e = (Map.Entry) o;
-                String name = (String) e.getKey();
-                String cleanName = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 100, true);
-
-                String[] value = (String[]) e.getValue();
-                String[] cleanValues = new String[value.length];
-                for (int j = 0; j < value.length; j++) {
-                    String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value[j], value[j], "HTTPParameterValue", 2000, true);
-                    cleanValues[j] = cleanValue;
-                }
-                cleanMap.put(cleanName, cleanValues);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return cleanMap;
-    }
-
-    /**
-     * Returns the enumeration of parameter names from the HttpServletRequest
-     * after canonicalizing and filtering out any dangerous characters.
-     * @return An {@code Enumeration} of properly "scrubbed" parameter names.
-     */
-    public Enumeration getParameterNames() {
-        Vector<String> v = new Vector<String>();
-        Enumeration en = getHttpServletRequest().getParameterNames();
-        while (en.hasMoreElements()) {
-            try {
-                String name = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 150, true);
-                v.add(clean);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Returns the array of matching parameter values from the
-     * HttpServletRequest after canonicalizing and filtering out any dangerous
-     * characters.
-     * @param name The parameter name
-     * @return An array of matching "scrubbed" parameter values or
-     * <code>null</code> if the parameter does not exist.
-     */
-    public String[] getParameterValues(String name) {
-        String[] values = getHttpServletRequest().getParameterValues(name);
-        List<String> newValues;
-
-	if(values == null)
-		return null;
-        newValues = new ArrayList<String>();
-        for (String value : values) {
-            try {
-                String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
-                newValues.add(cleanValue);
-            } catch (ValidationException e) {
-                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad parameter");
-            }
-        }
-        return newValues.toArray(new String[newValues.size()]);
-    }
-
-    /**
-     * Returns the path info from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return Returns any extra path information, appropriately scrubbed,
-     *         associated with the URL the client sent when it made this request.
-     */
-    public String getPathInfo() {
-        String path = getHttpServletRequest().getPathInfo();
-		if (path == null) return null;
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP path: " + path, path, "HTTPPath", 150, true);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns any extra path information, appropriate scrubbed,
-     *         after the servlet name but before the query string, and
-     *         translates it to a real path.
-     */
-    public String getPathTranslated() {
-        return getHttpServletRequest().getPathTranslated();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the name and version of the protocol the request uses in
-     *       the form protocol/majorVersion.minorVersion, for example, HTTP/1.1.
-     */
-    public String getProtocol() {
-        return getHttpServletRequest().getProtocol();
-    }
-
-    /**
-     * Returns the query string from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return The scrubbed query string is returned.
-     */
-    public String getQueryString() {
-        String query = getHttpServletRequest().getQueryString();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP query string: " + query, query, "HTTPQueryString", 2000, true);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required. Note that this
-     * reader may contain attacks and the developer is responsible for
-     * canonicalizing, validating, and encoding any data from this stream.
-     * @return aA {@code BufferedReader} containing the body of the request. 
-     * @throws IOException If an input error occurred while reading the request
-     *                     body (e.g., premature EOF).
-     */
-    public BufferedReader getReader() throws IOException {
-        return getHttpServletRequest().getReader();
-    }
-
-    // CHECKME: Should this be deprecated since ServletRequest.getRealPath(String)
-    //          is deprecated? Should use ServletContext.getRealPath(String) instead.
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param path A virtual path on a web or application server; e.g., "/index.htm".
-     * @return Returns a String containing the real path for a given virtual path.
-     * @deprecated in servlet spec 2.1. Use {@link javax.servlet.ServletContext#getRealPath(String)} instead.
-     */
-    @SuppressWarnings({"deprecation"})
-    @Deprecated
-    public String getRealPath(String path) {
-        return getHttpServletRequest().getRealPath(path);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the IP address of the client or last proxy that sent the request.
-     */
-    public String getRemoteAddr() {
-        return getHttpServletRequest().getRemoteAddr();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The remote host
-     */
-    public String getRemoteHost() {
-        return getHttpServletRequest().getRemoteHost();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The remote port
-     */
-    public int getRemotePort() {
-        return getHttpServletRequest().getRemotePort();
-    }
-
-    /**
-     * Returns the name of the ESAPI user associated with this getHttpServletRequest().
-     * @return Returns the fully qualified name of the client or the last proxy
-     *         that sent the request
-     */
-    public String getRemoteUser() {
-        return ESAPI.authenticator().getCurrentUser().getAccountName();
-    }
-
-    /**
-     * Checks to make sure the path to forward to is within the WEB-INF
-     * directory and then returns the dispatcher. Otherwise returns null.
-     * @param path The path to create a request dispatcher for
-     * @return A {@code RequestDispatcher} object that acts as a wrapper for the
-     *         resource at the specified path, or null if the servlet container
-     *         cannot return a {@code RequestDispatcher}.
-     */
-    public RequestDispatcher getRequestDispatcher(String path) {
-        if (path.startsWith(allowableContentRoot)) {
-            return getHttpServletRequest().getRequestDispatcher(path);
-        }
-        return null;
-    }
-
-    /**
-     * Returns the URI from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters. Code must be very careful not to
-     * depend on the value of a requested session id reported by the user.
-     * @return The requested Session ID
-     */
-    public String getRequestedSessionId() {
-        String id = getHttpServletRequest().getRequestedSessionId();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("Requested cookie: " + id, id, "HTTPJSESSIONID", 50, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the URI from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters.
-     * @return The current request URI
-     */
-    public String getRequestURI() {
-        String uri = getHttpServletRequest().getRequestURI();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP URI: " + uri, uri, "HTTPURI", 2000, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the URL from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters.
-     * @return The currect request URL
-     */
-    public StringBuffer getRequestURL() {
-        String url = getHttpServletRequest().getRequestURL().toString();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP URL: " + url, url, "HTTPURL", 2000, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return new StringBuffer(clean);
-    }
-
-    /**
-     * Returns the scheme from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters.
-     * @return The scheme of the current request
-     */
-    public String getScheme() {
-        String scheme = getHttpServletRequest().getScheme();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", 10, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the server name (host header) from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return The local server name
-     */
-    public String getServerName() {
-        String name = getHttpServletRequest().getServerName();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP server name: " + name, name, "HTTPServerName", 100, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the server port (after the : in the host header) from the
-     * HttpServletRequest after parsing and checking the range 0-65536.
-     * @return The local server port
-     */
-	public int getServerPort() {
-		int port = getHttpServletRequest().getServerPort();
-		if ( port < 0 || port > 0xFFFF ) {
-			logger.warning( Logger.SECURITY_FAILURE, "HTTP server port out of range: " + port );
-			port = 0;
-		}
-		return port;
-	}
- 	
-
-    /**
-     * Returns the server path from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return The servlet path
-     */
-    public String getServletPath() {
-        String path = getHttpServletRequest().getServletPath();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP servlet path: " + path, path, "HTTPServletPath", 100, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns a session, creating it if necessary, and sets the HttpOnly flag
-     * on the Session ID cookie.
-     * @return The current session
-     */
-    public HttpSession getSession() {
-		HttpSession session = getHttpServletRequest().getSession();
-
-		// send a new cookie header with HttpOnly on first and second responses
-	    if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
-	        if (session.getAttribute("HTTP_ONLY") == null) {
-				session.setAttribute("HTTP_ONLY", "set");
-				Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
-				cookie.setPath( getHttpServletRequest().getContextPath() );
-				cookie.setMaxAge(-1); // session cookie
-	            HttpServletResponse response = ESAPI.currentResponse();
-	            if (response != null) {
-	                ESAPI.currentResponse().addCookie(cookie);
-	            }
-	        }
-	    }
-        return session;
-    }
-
-    /**
-     * Returns a session, creating it if necessary, and sets the HttpOnly flag
-     * on the Session ID cookie.
-     * @param create Create a new session if one doesn't exist
-     * @return The current session
-     */
-    public HttpSession getSession(boolean create) {
-        HttpSession session = getHttpServletRequest().getSession(create);
-        if (session == null) {
-            return null;
-        }
-
-        // send a new cookie header with HttpOnly on first and second responses
-        if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
-	        if (session.getAttribute("HTTP_ONLY") == null) {
-	            session.setAttribute("HTTP_ONLY", "set");
-	            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
-	            cookie.setMaxAge(-1); // session cookie
-	            cookie.setPath( getHttpServletRequest().getContextPath() );
-	            HttpServletResponse response = ESAPI.currentResponse();
-	            if (response != null) {
-	                ESAPI.currentResponse().addCookie(cookie);
-	            }
-	        }
-        }
-        return session;
-    }
-
-    /**
-     * Returns the ESAPI User associated with this getHttpServletRequest().
-     * @return The ESAPI User
-     */
-    public Principal getUserPrincipal() {
-        return ESAPI.authenticator().getCurrentUser();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return if requested session id is from a cookie
-     */
-    public boolean isRequestedSessionIdFromCookie() {
-        return getHttpServletRequest().isRequestedSessionIdFromCookie();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the requested session id is from the URL
-     * @deprecated in servlet spec 2.1. Use {@link #isRequestedSessionIdFromURL()} instead.
-     */
-    @SuppressWarnings({"deprecation"})
-    @Deprecated
-    public boolean isRequestedSessionIdFromUrl() {
-        return getHttpServletRequest().isRequestedSessionIdFromUrl();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the requested session id is from the URL
-     */
-    public boolean isRequestedSessionIdFromURL() {
-        return getHttpServletRequest().isRequestedSessionIdFromURL();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the requested session id is valid
-     */
-    public boolean isRequestedSessionIdValid() {
-        return getHttpServletRequest().isRequestedSessionIdValid();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the current request is secure
-     */
-    public boolean isSecure() {
-        try {
-            ESAPI.httpUtilities().assertSecureChannel();
-        } catch (AccessControlException e) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Returns true if the ESAPI User associated with this request has the
-     * specified role.
-     * @param role The role to check
-     * @return Whether the current user is in the passed role
-     */
-    public boolean isUserInRole(String role) {
-        return ESAPI.authenticator().getCurrentUser().isInRole(role);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The attribute name
-     */
-    public void removeAttribute(String name) {
-        getHttpServletRequest().removeAttribute(name);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The attribute name
-     * @param o The attribute value
-     */
-    public void setAttribute(String name, Object o) {
-        getHttpServletRequest().setAttribute(name, o);
-    }
-
-    /**
-     * Sets the character encoding scheme to the ESAPI configured encoding scheme.
-     * @param enc The encoding scheme
-     * @throws UnsupportedEncodingException
-     */
-    public void setCharacterEncoding(String enc) throws UnsupportedEncodingException {
-        getHttpServletRequest().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
-    }
-
-    public String getAllowableContentRoot() {
-        return allowableContentRoot;
-    }
-
-    public void setAllowableContentRoot(String allowableContentRoot) {
-        this.allowableContentRoot = allowableContentRoot.startsWith( "/" ) ? allowableContentRoot : "/" + allowableContentRoot;
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
+ * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
+ * For details, please see <a
+ * href="http://www.owasp.org/index.php/ESAPI">http://
+ * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
+ * The ESAPI is published by OWASP under the BSD license. You should read and
+ * accept the LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
+ *         Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.ValidationException;
+
+// TODO: Parameterize these various lengths in calls to ESAPI.validator().getValidInput()
+// so that they can be placed in ESAPI.properties file (or other property file,
+// such as Validator.properties) rather than being hard-coded. This is desirable
+// because many of the values are well less than the commonly accepted maximum
+// values.
+
+/**
+ * This request wrapper simply overrides unsafe methods in the
+ * HttpServletRequest API with safe versions that return canonicalized data
+ * where possible. The wrapper returns a safe value when a validation error is
+ * detected, including stripped or empty strings.
+ */
+public class SecurityWrapperRequest extends HttpServletRequestWrapper implements HttpServletRequest {
+
+    private final Logger logger = ESAPI.getLogger("SecurityWrapperRequest");
+
+    private String allowableContentRoot = "WEB-INF";
+
+    /**
+     * Construct a safe request that overrides the default request methods with
+     * safer versions.
+     *
+     * @param request The {@code HttpServletRequest} we are wrapping.
+     */
+    public SecurityWrapperRequest(HttpServletRequest request) {
+        super( request );
+    }
+
+    private HttpServletRequest getHttpServletRequest() {
+        return (HttpServletRequest)super.getRequest();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The attribute name
+     * @return The attribute value
+     */
+    public Object getAttribute(String name) {
+        return getHttpServletRequest().getAttribute(name);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return An {@code Enumeration} of attribute names.
+     */
+    public Enumeration getAttributeNames() {
+        return getHttpServletRequest().getAttributeNames();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The authentication type
+     */
+    public String getAuthType() {
+        return getHttpServletRequest().getAuthType();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return  The character-encoding for this {@code HttpServletRequest}
+     */
+    public String getCharacterEncoding() {
+        return getHttpServletRequest().getCharacterEncoding();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The content-length for this {@code HttpServletRequest}
+     */
+    public int getContentLength() {
+        return getHttpServletRequest().getContentLength();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The content-type for this {@code HttpServletRequest}
+     */
+    public String getContentType() {
+        return getHttpServletRequest().getContentType();
+    }
+
+    /**
+     * Returns the context path from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return The context path for this {@code HttpServletRequest}
+     */
+    public String getContextPath() {
+        String path = getHttpServletRequest().getContextPath();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        //Return empty String for the ROOT context
+        if (path == null || "".equals(path.trim())) return "";
+
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP context path: " + path, path, "HTTPContextPath", sc.getIntProp("HttpUtilities.contextPathLength"), false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the array of Cookies from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return An array of {@code Cookie}s for this {@code HttpServletRequest}
+     */
+    public Cookie[] getCookies() {
+        Cookie[] cookies = getHttpServletRequest().getCookies();
+        if (cookies == null) return new Cookie[0];
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        List<Cookie> newCookies = new ArrayList<Cookie>();
+        for (Cookie c : cookies) {
+            // build a new clean cookie
+            try {
+                // get data from original cookie
+                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+                String value = ESAPI.validator().getValidInput("Cookie value: " + c.getValue(), c.getValue(), "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), true);
+                int maxAge = c.getMaxAge();
+                String domain = c.getDomain();
+                String path = c.getPath();
+
+                Cookie n = new Cookie(name, value);
+                n.setMaxAge(maxAge);
+
+                if (domain != null) {
+                    // kww TODO: HTTPHeaderValue seems way too liberal of a regex for cookie domain
+                    // as it allows invalid characters for a domain name. Maybe create a new custom
+                    // HTTPCookieDomain regex???
+                    n.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
+                }
+                if (path != null) {
+                    // kww TODO: OPEN ISSUE: Would not HTTPServletPath make more sense here???
+                    n.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
+                }
+                newCookies.add(n);
+            } catch (ValidationException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad cookie: " + c.getName() + "=" + c.getValue(), e );
+            }
+        }
+        return newCookies.toArray(new Cookie[newCookies.size()]);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name Specifies the name of the HTTP request header; e.g.,
+     *             {@code If-Modified-Since}.
+     * @return a long value representing the date specified in the header
+     * expressed as the number of milliseconds since {@code January 1, 1970 GMT},
+     * or {@code -1} if the named header was not included with the request.
+     */
+    public long getDateHeader(String name) {
+        return getHttpServletRequest().getDateHeader(name);
+    }
+
+    /**
+     * Returns the named header from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @param name The name of an HTTP request header
+     * @return The specified header value is returned.
+     */
+    public String getHeader(String name) {
+        String value = getHttpServletRequest().getHeader(name);
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), true);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the enumeration of header names from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return An {@code Enumeration} of header names associated with this request.
+     */
+    public Enumeration getHeaderNames() {
+        Vector<String> v = new Vector<String>();
+        Enumeration en = getHttpServletRequest().getHeaderNames();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        while (en.hasMoreElements()) {
+            try {
+                String name = (String) en.nextElement();
+                String clean = ESAPI.validator().getValidInput("HTTP header name: " + name, name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), true);
+                v.add(clean);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return v.elements();
+    }
+
+    /**
+     * Returns the enumeration of headers from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The name of an HTTP request header.
+     * @return An {@code Enumeration} of headers from the request after
+     *         canonicalizing and filtering has been performed.
+     */
+    public Enumeration getHeaders(String name) {
+        Vector<String> v = new Vector<String>();
+        Enumeration en = getHttpServletRequest().getHeaders(name);
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        while (en.hasMoreElements()) {
+            try {
+                String value = (String) en.nextElement();
+                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.httpQueryParamValueLength"), true);
+                v.add(clean);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return v.elements();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required. Note that this
+     * input stream may contain attacks and the developer is responsible for
+     * canonicalizing, validating, and encoding any data from this stream.
+     * @return The {@code ServletInputStream} associated with this
+     *         {@code HttpServletRequest}.
+     * @throws IOException Thrown if an input exception is thrown, such as the
+     *         remote peer closing the connection.
+     */
+    public ServletInputStream getInputStream() throws IOException {
+        return getHttpServletRequest().getInputStream();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The name of an HTTP request header.
+     * @return Returns the value of the specified request header as an {@code int}.
+     */
+    public int getIntHeader(String name) {
+        return getHttpServletRequest().getIntHeader(name);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return A {@code String} containing the IP address on which the
+     *         request was received.
+     */
+    public String getLocalAddr() {
+        return getHttpServletRequest().getLocalAddr();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The preferred {@code Locale} for the client.
+     */
+    public Locale getLocale() {
+        return getHttpServletRequest().getLocale();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return An {@code Enumeration} of preferred {@code Locale}
+     *         objects for the client.
+     */
+    public Enumeration getLocales() {
+        return getHttpServletRequest().getLocales();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return A {@code String} containing the host name of the IP on which
+     *         the request was received.
+     */
+    public String getLocalName() {
+        return getHttpServletRequest().getLocalName();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the Internet Protocol (IP) port number of the interface
+     *         on which the request was received.
+     */
+    public int getLocalPort() {
+        return getHttpServletRequest().getLocalPort();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the name of the HTTP method with which this request was made.
+     */
+    public String getMethod() {
+        return getHttpServletRequest().getMethod();
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name) {
+        return getParameter(name, true);
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @param allowNull Whether null values are allowed
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name, boolean allowNull) {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        return getParameter(name, allowNull, sc.getIntProp("HttpUtilities.httpQueryParamValueLength"), "HTTPParameterValue");
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @param allowNull Whether null values are allowed
+     * @param maxLength The maximum length allowed
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name, boolean allowNull, int maxLength) {
+        return getParameter(name,allowNull,maxLength,"HTTPParameterValue");
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @param allowNull Whether null values are allowed
+     * @param maxLength The maximum length allowed
+     * @param regexName The name of the regex mapped from ESAPI.properties
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name, boolean allowNull, int maxLength, String regexName) {
+        String orig = getHttpServletRequest().getParameter(name);
+        String clean = null;
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, orig, regexName, maxLength, allowNull);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the parameter map from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return A {@code Map} containing scrubbed parameter names / value pairs.
+     */
+    public Map getParameterMap() {
+        @SuppressWarnings({"unchecked"})
+        Map<String,String[]> map = getHttpServletRequest().getParameterMap();
+        Map<String,String[]> cleanMap = new HashMap<String,String[]>();
+        for (Object o : map.entrySet()) {
+            try {
+                Map.Entry e = (Map.Entry) o;
+                String name = (String) e.getKey();
+                SecurityConfiguration sc = ESAPI.securityConfiguration();
+                String cleanName = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", sc.getIntProp("HttpUtilities.httpQueryParamNameLength"), true);
+
+                String[] value = (String[]) e.getValue();
+                String[] cleanValues = new String[value.length];
+                for (int j = 0; j < value.length; j++) {
+                    String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value[j], value[j], "HTTPParameterValue", sc.getIntProp("HttpUtilities.httpQueryParamValueLength"), true);
+                    cleanValues[j] = cleanValue;
+                }
+                cleanMap.put(cleanName, cleanValues);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return cleanMap;
+    }
+
+    /**
+     * Returns the enumeration of parameter names from the HttpServletRequest
+     * after canonicalizing and filtering out any dangerous characters.
+     * @return An {@code Enumeration} of properly "scrubbed" parameter names.
+     */
+    public Enumeration getParameterNames() {
+        Vector<String> v = new Vector<String>();
+        Enumeration en = getHttpServletRequest().getParameterNames();
+        while (en.hasMoreElements()) {
+            try {
+                SecurityConfiguration sc = ESAPI.securityConfiguration();
+                String name = (String) en.nextElement();
+                String clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", sc.getIntProp("HttpUtilities.httpQueryParamNameLength"), true);
+                v.add(clean);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return v.elements();
+    }
+
+    /**
+     * Returns the array of matching parameter values from the
+     * HttpServletRequest after canonicalizing and filtering out any dangerous
+     * characters.
+     * @param name The parameter name
+     * @return An array of matching "scrubbed" parameter values or
+     * <code>null</code> if the parameter does not exist.
+     */
+    public String[] getParameterValues(String name) {
+        String[] values = getHttpServletRequest().getParameterValues(name);
+        List<String> newValues;
+
+    if(values == null)
+        return null;
+        newValues = new ArrayList<String>();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        for (String value : values) {
+            try {
+                String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", sc.getIntProp("HttpUtilities.URILENGTH"), true);
+                newValues.add(cleanValue);
+            } catch (ValidationException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad parameter");
+            }
+        }
+        return newValues.toArray(new String[newValues.size()]);
+    }
+
+    /**
+     * Returns the path info from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return Returns any extra path information, appropriately scrubbed,
+     *         associated with the URL the client sent when it made this request.
+     */
+    public String getPathInfo() {
+        String path = getHttpServletRequest().getPathInfo();
+        if (path == null) return null;
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP path: " + path, path, "HTTPPath", sc.getIntProp("HttpUtilities.HTTPPATHLENGTH"), true);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns any extra path information, appropriate scrubbed,
+     *         after the servlet name but before the query string, and
+     *         translates it to a real path.
+     */
+    public String getPathTranslated() {
+        return getHttpServletRequest().getPathTranslated();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the name and version of the protocol the request uses in
+     *       the form protocol/majorVersion.minorVersion, for example, HTTP/1.1.
+     */
+    public String getProtocol() {
+        return getHttpServletRequest().getProtocol();
+    }
+
+    /**
+     * Returns the query string from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return The scrubbed query string is returned.
+     */
+    public String getQueryString() {
+        String query = getHttpServletRequest().getQueryString();
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP query string: " + query, query, "HTTPQueryString", sc.getIntProp("HttpUtilities.URILENGTH"), true);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required. Note that this
+     * reader may contain attacks and the developer is responsible for
+     * canonicalizing, validating, and encoding any data from this stream.
+     * @return aA {@code BufferedReader} containing the body of the request.
+     * @throws IOException If an input error occurred while reading the request
+     *                     body (e.g., premature EOF).
+     */
+    public BufferedReader getReader() throws IOException {
+        return getHttpServletRequest().getReader();
+    }
+
+    // CHECKME: Should this be deprecated since ServletRequest.getRealPath(String)
+    //          is deprecated? Should use ServletContext.getRealPath(String) instead.
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param path A virtual path on a web or application server; e.g., "/index.htm".
+     * @return Returns a String containing the real path for a given virtual path.
+     * @deprecated in servlet spec 2.1. Use {@link javax.servlet.ServletContext#getRealPath(String)} instead.
+     */
+    @SuppressWarnings({"deprecation"})
+    @Deprecated
+    public String getRealPath(String path) {
+        return getHttpServletRequest().getRealPath(path);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the IP address of the client or last proxy that sent the request.
+     */
+    public String getRemoteAddr() {
+        return getHttpServletRequest().getRemoteAddr();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The remote host
+     */
+    public String getRemoteHost() {
+        return getHttpServletRequest().getRemoteHost();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The remote port
+     */
+    public int getRemotePort() {
+        return getHttpServletRequest().getRemotePort();
+    }
+
+    /**
+     * Returns the name of the ESAPI user associated with this getHttpServletRequest().
+     * @return Returns the fully qualified name of the client or the last proxy
+     *         that sent the request
+     */
+    public String getRemoteUser() {
+        return ESAPI.authenticator().getCurrentUser().getAccountName();
+    }
+
+    /**
+     * Checks to make sure the path to forward to is within the WEB-INF
+     * directory and then returns the dispatcher. Otherwise returns null.
+     * @param path The path to create a request dispatcher for
+     * @return A {@code RequestDispatcher} object that acts as a wrapper for the
+     *         resource at the specified path, or null if the servlet container
+     *         cannot return a {@code RequestDispatcher}.
+     */
+    public RequestDispatcher getRequestDispatcher(String path) {
+        if (path.startsWith(allowableContentRoot)) {
+            return getHttpServletRequest().getRequestDispatcher(path);
+        }
+        return null;
+    }
+
+    /**
+     * Returns the URI from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters. Code must be very careful not to
+     * depend on the value of a requested session id reported by the user.
+     * @return The requested Session ID
+     */
+    public String getRequestedSessionId() {
+        String id = getHttpServletRequest().getRequestedSessionId();
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("Requested cookie: " + id, id, "HTTPJSESSIONID", sc.getIntProp("HttpUtilities.HTTPJSESSIONIDLENGTH"), false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the URI from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters.
+     * @return The current request URI
+     */
+    public String getRequestURI() {
+        String uri = getHttpServletRequest().getRequestURI();
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP URI: " + uri, uri, "HTTPURI", sc.getIntProp("HttpUtilities.URILENGTH"), false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the URL from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters.
+     * @return The current request URL
+     */
+    public StringBuffer getRequestURL() {
+        String url = getHttpServletRequest().getRequestURL().toString();
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP URL: " + url, url, "HTTPURL", sc.getIntProp("HttpUtilities.URILENGTH"), false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return new StringBuffer(clean);
+    }
+
+    /**
+     * Returns the scheme from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters.
+     * @return The scheme of the current request
+     */
+    public String getScheme() {
+        String scheme = getHttpServletRequest().getScheme();
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", sc.getIntProp("HttpUtilities.HTTPSCHEMELENGTH"), false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the server name (host header) from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return The local server name
+     */
+    public String getServerName() {
+        String name = getHttpServletRequest().getServerName();
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP server name: " + name, name, "HTTPServerName", sc.getIntProp("HttpUtilities.HTTPHOSTLENGTH"), false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the server port (after the : in the host header) from the
+     * HttpServletRequest after parsing and checking the range 0-65536.
+     * @return The local server port
+     */
+    public int getServerPort() {
+        int port = getHttpServletRequest().getServerPort();
+        if ( port < 0 || port > 0xFFFF ) {
+            logger.warning( Logger.SECURITY_FAILURE, "HTTP server port out of range: " + port );
+            port = 0;
+        }
+        return port;
+    }
+
+
+    /**
+     * Returns the server path from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return The servlet path
+     */
+    public String getServletPath() {
+        String path = getHttpServletRequest().getServletPath();
+        String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP servlet path: " + path, path, "HTTPServletPath", sc.getIntProp("HttpUtilities.HTTPSERVLETPATHLENGTH"), false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns a session, creating it if necessary, and sets the HttpOnly flag
+     * on the Session ID cookie.  The 'secure' flag is also set if the property
+     * {@code HttpUtilities.ForceSecureCookies} is set to {@code true} in the <b>ESAPI.properties</b> file.
+     * @return The current session
+     */
+    public HttpSession getSession() {
+        return getSession(true);
+    }
+
+    /**
+     * Returns the current session associated with this request or, if there is no current session and
+     * {@code create} is {@code true}, returns a new session and sets the HttpOnly flag on the session ID cookie.
+     * The 'secure' flag is also set if the property {@code HttpUtilities.ForceSecureCookies} is set to
+     * {@code true} in the <b>ESAPI.properties</b> file.
+     * @param create If set to {@code true}, create a new session if one doesn't exist, otherwise return {@code null}
+     * @return The current session
+     */
+    public HttpSession getSession(boolean create) {
+        HttpSession session = getHttpServletRequest().getSession(create);
+
+        if (session == null) {
+            return null;
+        }
+
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+
+        // send a new cookie header with HttpOnly on first and second responses
+        if ( sc.getBooleanProp("HttpUtilities.ForceHttpOnlySession") ) {
+            if (session.getAttribute("HTTP_ONLY") == null) {
+                session.setAttribute("HTTP_ONLY", "set");
+                Cookie cookie = new Cookie( sc.getStringProp("HttpUtilities.HttpSessionIdName"), session.getId() );
+                cookie.setMaxAge(-1); // session cookie
+                cookie.setPath( getHttpServletRequest().getContextPath() );
+                cookie.setSecure( sc.getBooleanProp("HttpUtilities.ForceSecureCookies") );
+                HttpServletResponse response = ESAPI.currentResponse();
+                if (response != null) {
+                    ESAPI.currentResponse().addCookie(cookie);
+                }
+            }
+        }
+        return session;
+    }
+
+    /**
+     * Returns the ESAPI User associated with this getHttpServletRequest().
+     * @return The ESAPI User
+     */
+    public Principal getUserPrincipal() {
+        return ESAPI.authenticator().getCurrentUser();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return if requested session id is from a cookie
+     */
+    public boolean isRequestedSessionIdFromCookie() {
+        return getHttpServletRequest().isRequestedSessionIdFromCookie();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the requested session id is from the URL
+     * @deprecated in servlet spec 2.1. Use {@link #isRequestedSessionIdFromURL()} instead.
+     */
+    @SuppressWarnings({"deprecation"})
+    @Deprecated
+    public boolean isRequestedSessionIdFromUrl() {
+        return getHttpServletRequest().isRequestedSessionIdFromUrl();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the requested session id is from the URL
+     */
+    public boolean isRequestedSessionIdFromURL() {
+        return getHttpServletRequest().isRequestedSessionIdFromURL();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the requested session id is valid
+     */
+    public boolean isRequestedSessionIdValid() {
+        return getHttpServletRequest().isRequestedSessionIdValid();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the current request is secure
+     */
+    public boolean isSecure() {
+        try {
+            ESAPI.httpUtilities().assertSecureChannel();
+        } catch (AccessControlException e) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Returns true if the ESAPI User associated with this request has the
+     * specified role.
+     * @param role The role to check
+     * @return Whether the current user is in the passed role
+     */
+    public boolean isUserInRole(String role) {
+        return ESAPI.authenticator().getCurrentUser().isInRole(role);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The attribute name
+     */
+    public void removeAttribute(String name) {
+        getHttpServletRequest().removeAttribute(name);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The attribute name
+     * @param o The attribute value
+     */
+    public void setAttribute(String name, Object o) {
+        getHttpServletRequest().setAttribute(name, o);
+    }
+
+    /**
+     * Sets the character encoding scheme to the ESAPI configured encoding scheme.
+     * @param enc The encoding scheme
+     * @throws UnsupportedEncodingException
+     */
+    public void setCharacterEncoding(String enc) throws UnsupportedEncodingException {
+        getHttpServletRequest().setCharacterEncoding(ESAPI.securityConfiguration().getStringProp("HttpUtilities.CharacterEncoding"));
+    }
+
+    public String getAllowableContentRoot() {
+        return allowableContentRoot;
+    }
+
+    public void setAllowableContentRoot(String allowableContentRoot) {
+        this.allowableContentRoot = allowableContentRoot.startsWith( "/" ) ? allowableContentRoot : "/" + allowableContentRoot;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index efc001372..f05682cba 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -1,513 +1,592 @@
-/**
- * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
- * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
- * For details, please see <a
- * href="http://www.owasp.org/index.php/ESAPI">http://
- * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
- * The ESAPI is published by OWASP under the BSD license. You should read and
- * accept the LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
- *         Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Locale;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * This response wrapper simply overrides unsafe methods in the
- * HttpServletResponse API with safe versions.
- */
-public class SecurityWrapperResponse extends HttpServletResponseWrapper implements HttpServletResponse {
-
-    private final Logger logger = ESAPI.getLogger("SecurityWrapperResponse");
-
-    // modes are "log", "skip", "sanitize", "throw"
-    // TODO: move this to SecurityConfiguration
-    private String mode = "log";
-
-    /**
-     * Construct a safe response that overrides the default response methods
-     * with safer versions. 
-     * 
-     * @param response
-     */
-    public SecurityWrapperResponse(HttpServletResponse response) {
-    	super( response );
-    }
-
-    /**
-     *
-     * @param response
-     * @param mode
-     */
-    public SecurityWrapperResponse(HttpServletResponse response, String mode) {
-    	super( response );
-        this.mode = mode;
-    }
-
-
-    private HttpServletResponse getHttpServletResponse() {
-    	return (HttpServletResponse)super.getResponse();
-    }
-
-    /**
-     * Add a cookie to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This method also sets
-     * the secure and HttpOnly flags on the cookie. This implementation uses a
-     * custom "set-cookie" header instead of using Java's cookie interface which
-     * doesn't allow the use of HttpOnly.
-     * @param cookie
-     */
-    public void addCookie(Cookie cookie) {
-        String name = cookie.getName();
-        String value = cookie.getValue();
-        int maxAge = cookie.getMaxAge();
-        String domain = cookie.getDomain();
-        String path = cookie.getPath();
-        boolean secure = cookie.getSecure();
-
-        // validate the name and value
-        ValidationErrorList errors = new ValidationErrorList();
-        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
-        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false, errors);
-
-        // if there are no errors, then just set a cookie header
-        if (errors.size() == 0) {
-            String header = createCookieHeader(name, value, maxAge, domain, path, secure);
-            this.addHeader("Set-Cookie", header);
-            return;
-        }
-
-        // if there was an error
-        if (mode.equals("skip")) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
-            return;
-        }
-
-        // add the original cookie to the response and continue
-        if (mode.equals("log")) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (log mode). Adding unsafe cookie anyway and continuing.");
-            getHttpServletResponse().addCookie(cookie);
-            return;
-        }
-
-        // create a sanitized cookie header and continue
-        if (mode.equals("sanitize")) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (sanitize mode). Sanitizing cookie and continuing.");
-            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
-            this.addHeader("Set-Cookie", header);
-            return;
-        }
-
-        // throw an exception if necessary or add original cookie header
-        throw new IntrusionException("Security error", "Attempt to add unsafe data to cookie (throw mode)");
-    }
-
-    private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
-        // create the special cookie header instead of creating a Java cookie
-        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
-        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
-        String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
-        if (domain != null) {
-            header += "; Domain=" + domain;
-        }
-        if (path != null) {
-            header += "; Path=" + path;
-        }
-        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
-			header += "; Secure";
-        }
-        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
-			header += "; HttpOnly";
-        }
-        return header;
-    }
-
-    /**
-     * Add a cookie to the response after ensuring that there are no encoded or
-     * illegal characters in the name.
-     * @param name 
-     * @param date
-     */
-    public void addDateHeader(String name, long date) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().addDateHeader(safeName, date);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
-        }
-    }
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This implementation
-     * follows the following recommendation: "A recipient MAY replace any linear
-     * white space with a single SP before interpreting the field value or
-     * forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     * @param name
-     * @param value
-     */
-    public void addHeader(String name, String value) {
-        try {
-            // TODO: make stripping a global config
-            String strippedName = StringUtilities.stripControls(name);
-            String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
-            getHttpServletResponse().setHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
-        }
-    }
-
-    /**
-     * Add an int header to the response after ensuring that there are no
-     * encoded or illegal characters in the name and name.
-     * @param name 
-     * @param value
-     */
-    public void addIntHeader(String name, int value) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().addIntHeader(safeName, value);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
-        }
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param name
-     * @return
-     */
-    public boolean containsHeader(String name) {
-        return getHttpServletResponse().containsHeader(name);
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID. The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     * @deprecated in servlet spec 2.1. Use
-     * {@link #encodeRedirectUrl(String)} instead.
-     */
-    @Deprecated
-    public String encodeRedirectUrl(String url) {
-        return url;
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     */
-    public String encodeRedirectURL(String url) {
-        return url;
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     * @deprecated in servlet spec 2.1. Use
-     * {@link #encodeURL(String)} instead.
-     */
-    @Deprecated
-    public String encodeUrl(String url) {
-        return url;
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     */
-    public String encodeURL(String url) {
-        return url;
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @throws IOException
-     */
-    public void flushBuffer() throws IOException {
-        getHttpServletResponse().flushBuffer();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public int getBufferSize() {
-        return getHttpServletResponse().getBufferSize();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public String getCharacterEncoding() {
-        return getHttpServletResponse().getCharacterEncoding();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public String getContentType() {
-        return getHttpServletResponse().getContentType();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public Locale getLocale() {
-        return getHttpServletResponse().getLocale();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return 
-     * @throws IOException
-     */
-    public ServletOutputStream getOutputStream() throws IOException {
-        return getHttpServletResponse().getOutputStream();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return 
-     * @throws IOException
-     */
-    public PrintWriter getWriter() throws IOException {
-        return getHttpServletResponse().getWriter();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public boolean isCommitted() {
-        return getHttpServletResponse().isCommitted();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     */
-    public void reset() {
-        getHttpServletResponse().reset();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     */
-    public void resetBuffer() {
-        getHttpServletResponse().resetBuffer();
-    }
-
-    /**
-     * Override the error code with a 200 in order to confound attackers using
-     * automated scanners.
-     * @param sc 
-     * @throws IOException
-     */
-    public void sendError(int sc) throws IOException {
-        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
-    }
-
-    /**
-     * Override the error code with a 200 in order to confound attackers using
-     * automated scanners. The message is canonicalized and filtered for
-     * dangerous characters.
-     * @param sc 
-     * @param msg
-     * @throws IOException
-     */
-    public void sendError(int sc, String msg) throws IOException {
-        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
-    }
-
-    /**
-     * This method generates a redirect response that can only be used to
-     * redirect the browser to safe locations, as configured in the ESAPI
-     * security configuration. This method does not that redirect requests can
-     * be modified by attackers, so do not rely information contained within
-     * redirect requests, and do not include sensitive information in a
-     * redirect.
-     * @param location 
-     * @throws IOException
-     */
-    public void sendRedirect(String location) throws IOException {
-        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
-            throw new IOException("Redirect failed");
-        }
-        getHttpServletResponse().sendRedirect(location);
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param size
-     */
-    public void setBufferSize(int size) {
-        getHttpServletResponse().setBufferSize(size);
-    }
-
-    /**
-     * Sets the character encoding to the ESAPI configured encoding.
-     * @param charset
-     */
-    public void setCharacterEncoding(String charset) {
-        getHttpServletResponse().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param len
-     */
-    public void setContentLength(int len) {
-        getHttpServletResponse().setContentLength(len);
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param type
-     */
-    public void setContentType(String type) {
-        getHttpServletResponse().setContentType(type);
-    }
-
-    /**
-     * Add a date header to the response after ensuring that there are no
-     * encoded or illegal characters in the name.
-     * @param name 
-     * @param date
-     */
-    public void setDateHeader(String name, long date) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().setDateHeader(safeName, date);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
-        }
-    }
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and value. "A recipient MAY replace any
-     * linear white space with a single SP before interpreting the field value
-     * or forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     * @param name 
-     * @param value
-     */
-    public void setHeader(String name, String value) {
-        try {
-            String strippedName = StringUtilities.stripControls(name);
-            String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
-            getHttpServletResponse().setHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
-        }
-    }
-
-    /**
-     * Add an int header to the response after ensuring that there are no
-     * encoded or illegal characters in the name.
-     * @param name 
-     * @param value
-     */
-    public void setIntHeader(String name, int value) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().setIntHeader(safeName, value);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
-        }
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param loc
-     */
-    public void setLocale(Locale loc) {
-        // TODO investigate the character set issues here
-        getHttpServletResponse().setLocale(loc);
-    }
-
-    /**
-     * Override the status code with a 200 in order to confound attackers using
-     * automated scanners.
-     * @param sc
-     */
-    public void setStatus(int sc) {
-        getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
-    }
-
-    /**
-     * Override the status code with a 200 in order to confound attackers using
-     * automated scanners. The message is canonicalized and filtered for
-     * dangerous characters.
-     * @param sc 
-     * @param sm
-     * @deprecated In Servlet spec 2.1.
-     */
-    @Deprecated
-    public void setStatus(int sc, String sm) {
-        try {
-            // setStatus is deprecated so use sendError instead
-            sendError(HttpServletResponse.SC_OK, sm);
-        } catch (IOException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set response status failed", e);
-        }
-    }
-
-    /**
-     * returns a text message for the HTTP response code
-     */
-    private String getHTTPMessage(int sc) {
-        return "HTTP error code: " + sc;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
+ * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
+ * For details, please see <a
+ * href="http://www.owasp.org/index.php/ESAPI">http://
+ * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
+ * The ESAPI is published by OWASP under the BSD license. You should read and
+ * accept the LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
+ *         Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Locale;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * This response wrapper simply overrides unsafe methods in the
+ * HttpServletResponse API with safe versions.
+ */
+public class SecurityWrapperResponse extends HttpServletResponseWrapper implements HttpServletResponse {
+
+    private final Logger logger = ESAPI.getLogger("SecurityWrapperResponse");
+
+    // modes are "log", "skip", "sanitize", "throw"
+    // TODO: move this to SecurityConfiguration
+    private String mode = "log";
+
+    /**
+     * Construct a safe response that overrides the default response methods
+     * with safer versions. Default is 'log' mode.
+     *
+     * @param response
+     */
+    public SecurityWrapperResponse(HttpServletResponse response) {
+        super( response );
+    }
+
+    /**
+     * Construct a safe response that overrides the default response methods
+     * with safer versions.
+     *
+     * @param response
+     * @param mode The mode for this wrapper. Legal modes are "log", "skip", "sanitize", "throw".
+     */
+    public SecurityWrapperResponse(HttpServletResponse response, String mode) {
+        super( response );
+        this.mode = mode;
+    }
+
+
+    private HttpServletResponse getHttpServletResponse() {
+        return (HttpServletResponse)super.getResponse();
+    }
+
+    /**
+     * Add a cookie to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This method also sets
+     * the secure and HttpOnly flags on the cookie. This implementation uses a
+     * custom "set-cookie" header instead of using Java's cookie interface which
+     * doesn't allow the use of HttpOnly.
+     * @param cookie
+     */
+    public void addCookie(Cookie cookie) {
+        String name = cookie.getName();
+        String value = cookie.getValue();
+        int maxAge = cookie.getMaxAge();
+        String domain = cookie.getDomain();
+        String path = cookie.getPath();
+        boolean secure = cookie.getSecure();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+
+        // validate the name and value
+        ValidationErrorList errors = new ValidationErrorList();
+        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false, errors);
+        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false, errors);
+
+        // if there are no errors, then just set a cookie header
+        if (errors.size() == 0) {
+            String header = createCookieHeader(name, value, maxAge, domain, path, secure);
+            this.addHeader("Set-Cookie", header);
+            return;
+        }
+
+        // if there was an error
+        if (mode.equals("skip")) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
+            return;
+        }
+
+        // add the original cookie to the response and continue
+        if (mode.equals("log")) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (log mode). Adding unsafe cookie anyway and continuing.");
+            getHttpServletResponse().addCookie(cookie);
+            return;
+        }
+
+        // create a sanitized cookie header and continue
+        if (mode.equals("sanitize")) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (sanitize mode). Sanitizing cookie and continuing.");
+            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
+            this.addHeader("Set-Cookie", header);
+            return;
+        }
+
+        // throw an exception if necessary or add original cookie header
+        throw new IntrusionException("Security error", "Attempt to add unsafe data to cookie (throw mode)");
+    }
+
+    private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
+        // create the special cookie header instead of creating a Java cookie
+        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
+        String header = name + "=" + value;
+        if (maxAge >= 0) {
+            header += "; Max-Age=" + maxAge;
+        }
+        if (domain != null) {
+            header += "; Domain=" + domain;
+        }
+        if (path != null) {
+            header += "; Path=" + path;
+        }
+        if ( secure || ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceSecureCookies") ) {
+            header += "; Secure";
+        }
+        if ( ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlyCookies") ) {
+            header += "; HttpOnly";
+        }
+        return header;
+    }
+
+    /**
+     * Add a cookie to the response after ensuring that there are no encoded or
+     * illegal characters in the name.
+     * @param name
+     * @param date
+     */
+    public void addDateHeader(String name, long date) {
+        try {
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            getHttpServletResponse().addDateHeader(safeName, date);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
+        }
+    }
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This implementation
+     * follows the following recommendation: "A recipient MAY replace any linear
+     * white space with a single SP before interpreting the field value or
+     * forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     * @param name
+     * @param value
+     */
+    public void addHeader(String name, String value) {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        String strippedName = StringUtilities.stripControls(name);
+        String strippedValue = StringUtilities.stripControls(value);
+        String safeName = null;
+        String safeValue = null;
+        try {
+            safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header NAME denied: HTTPHeaderName:"+ name, e);
+        }
+
+        try {
+            safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header VALUE denied: HTTPHeaderName:"+ name, e);
+        }
+
+        boolean validName = StringUtilities.notNullOrEmpty(safeName, true);
+        boolean validValue = StringUtilities.notNullOrEmpty(safeValue, true);
+
+        if (validName && validValue) {
+            getHttpServletResponse().addHeader(safeName, safeValue);
+        }
+    }
+
+    /**
+     * Add a referer header to the response, after validating there are no illegal characters according to the
+     * Validator.isValidURI() method, as well as ensuring there are no instances of mixed or double encoding
+     * depending on how you have configured ESAPI defaults.
+     * @param uri
+     */
+    public void addReferer( String uri) {
+
+        // TODO: make stripping a global config
+        String strippedValue = StringUtilities.stripControls(uri);
+        boolean isValidURI = ESAPI.validator().isValidURI("refererHeader", strippedValue, false);
+        String safeValue = "";
+        if(isValidURI) {
+            safeValue = strippedValue;
+        }
+
+        getHttpServletResponse().addHeader("referer", safeValue);
+    }
+
+    /**
+     * Add an int header to the response after ensuring that there are no
+     * encoded or illegal characters in the name and value. git
+     * @param name
+     * @param value
+     */
+    public void addIntHeader(String name, int value) {
+        try {
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            getHttpServletResponse().addIntHeader(safeName, value);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
+        }
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param name
+     * @return True if the current response already contains a header of the supplied name.
+     */
+    public boolean containsHeader(String name) {
+        return getHttpServletResponse().containsHeader(name);
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID. The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     *
+     * @param url
+     * @return original url
+     * @deprecated in servlet spec 2.1. Use
+     * {@link #encodeRedirectUrl(String)} instead.
+     */
+    @Deprecated
+    public String encodeRedirectUrl(String url) {
+        return url;
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     *
+     * @param url
+     * @return original url
+     */
+    public String encodeRedirectURL(String url) {
+        return url;
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     *
+     * @param url
+     * @return original url
+     * @deprecated in servlet spec 2.1. Use
+     * {@link #encodeURL(String)} instead.
+     */
+    @Deprecated
+    public String encodeUrl(String url) {
+        return url;
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     *
+     * @param url
+     * @return original url
+     */
+    public String encodeURL(String url) {
+        return url;
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @throws IOException
+     */
+    public void flushBuffer() throws IOException {
+        getHttpServletResponse().flushBuffer();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return The buffer size of the current HTTP response.
+     */
+    public int getBufferSize() {
+        return getHttpServletResponse().getBufferSize();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return The character encoding of the current HTTP response.
+     */
+    public String getCharacterEncoding() {
+        return getHttpServletResponse().getCharacterEncoding();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return The content type of the current HTTP response.
+     */
+    public String getContentType() {
+        return getHttpServletResponse().getContentType();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return The Locale of the current HTTP response.
+     */
+    public Locale getLocale() {
+        return getHttpServletResponse().getLocale();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return The ServletOutputStream of the current HTTP response.
+     * @throws IOException
+     */
+    public ServletOutputStream getOutputStream() throws IOException {
+        return getHttpServletResponse().getOutputStream();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return The PrintWriter of the current HTTP response.
+     * @throws IOException
+     */
+    public PrintWriter getWriter() throws IOException {
+        return getHttpServletResponse().getWriter();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return The isCommitted() status of the current HTTP response.
+     */
+    public boolean isCommitted() {
+        return getHttpServletResponse().isCommitted();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     */
+    public void reset() {
+        getHttpServletResponse().reset();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     */
+    public void resetBuffer() {
+        getHttpServletResponse().resetBuffer();
+    }
+
+    /**
+     * Override the error code with a 200 in order to confound attackers using
+     * automated scanners.  Overwriting is controlled by {@code HttpUtilities.OverwriteStatusCodes}
+     * in ESAPI.properties.
+     * @param sc -- http status code
+     * @throws IOException
+     */
+    public void sendError(int sc) throws IOException {
+        SecurityConfiguration config = ESAPI.securityConfiguration();
+        if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+            getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
+        }else{
+            getHttpServletResponse().sendError(sc, getHTTPMessage(sc));
+        }
+    }
+
+    /**
+     * Override the error code with a 200 in order to confound attackers using
+     * automated scanners. The message is canonicalized and filtered for
+     * dangerous characters.  Overwriting is controlled by {@code HttpUtilities.OverwriteStatusCodes}
+     * in ESAPI.properties.
+     * @param sc -- http status code
+     * @param msg -- error message
+     * @throws IOException
+     */
+    public void sendError(int sc, String msg) throws IOException {
+        SecurityConfiguration config = ESAPI.securityConfiguration();
+        if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+            getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
+        }else{
+            getHttpServletResponse().sendError(sc, ESAPI.encoder().encodeForHTML(msg));
+        }
+    }
+
+    /**
+     * This method generates a redirect response that can only be used to
+     * redirect the browser to safe locations, as configured in the ESAPI
+     * security configuration. This method does not that redirect requests can
+     * be modified by attackers, so do not rely information contained within
+     * redirect requests, and do not include sensitive information in a
+     * redirect.
+     * @param location
+     * @throws IOException
+     */
+    public void sendRedirect(String location) throws IOException {
+        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
+            throw new IOException("Redirect failed");
+        }
+        getHttpServletResponse().sendRedirect(location);
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param size
+     */
+    public void setBufferSize(int size) {
+        getHttpServletResponse().setBufferSize(size);
+    }
+
+    /**
+     * Sets the character encoding to the ESAPI configured encoding.
+     * @param charset
+     */
+    public void setCharacterEncoding(String charset) {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        getHttpServletResponse().setCharacterEncoding(sc.getStringProp("HttpUtilities.CharacterEncoding"));
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param len
+     */
+    public void setContentLength(int len) {
+        getHttpServletResponse().setContentLength(len);
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param type
+     */
+    public void setContentType(String type) {
+        getHttpServletResponse().setContentType(type);
+    }
+
+    /**
+     * Add a date header to the response after ensuring that there are no
+     * encoded or illegal characters in the name.
+     * @param name
+     * @param date
+     */
+    public void setDateHeader(String name, long date) {
+        try {
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            getHttpServletResponse().setDateHeader(safeName, date);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
+        }
+    }
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and value. "A recipient MAY replace any
+     * linear white space with a single SP before interpreting the field value
+     * or forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     * @param name
+     * @param value
+     */
+    public void setHeader(String name, String value) {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        String strippedName = StringUtilities.stripControls(name);
+        String strippedValue = StringUtilities.stripControls(value);
+        String safeName = null;
+        String safeValue = null;
+        try {
+            safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header NAME denied: HTTPHeaderName:"+ name, e);
+        }
+
+        try {
+            safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header VALUE denied: HTTPHeaderName:"+ name, e);
+        }
+
+        boolean validName = StringUtilities.notNullOrEmpty(safeName, true);
+        boolean validValue = StringUtilities.notNullOrEmpty(safeValue, true);
+
+        if (validName && validValue) {
+            getHttpServletResponse().setHeader(safeName, safeValue);
+        }
+    }
+
+    /**
+     * Add an int header to the response after ensuring that there are no
+     * encoded or illegal characters in the name.
+     * @param name
+     * @param value
+     */
+    public void setIntHeader(String name, int value) {
+        try {
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            getHttpServletResponse().setIntHeader(safeName, value);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
+        }
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param loc
+     */
+    public void setLocale(Locale loc) {
+        // TODO investigate the character set issues here
+        getHttpServletResponse().setLocale(loc);
+    }
+
+    /**
+     * Override the status code with a 200 in order to confound attackers using
+     * automated scanners.
+     * @param sc
+     */
+    public void setStatus(int sc) {
+        SecurityConfiguration config = ESAPI.securityConfiguration();
+        if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+            getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
+        }else{
+            getHttpServletResponse().setStatus(sc);
+        }
+
+    }
+
+    /**
+     * Override the status code with a 200 in order to confound attackers using
+     * automated scanners. The message is canonicalized and filtered for
+     * dangerous characters.
+     * @param sc
+     * @param sm
+     * @deprecated In Servlet spec 2.1.
+     */
+    @Deprecated
+    public void setStatus(int sc, String sm) {
+        try {
+            SecurityConfiguration config = ESAPI.securityConfiguration();
+            if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+                sendError(HttpServletResponse.SC_OK, sm);
+            }else{
+                sendError(sc, sm);
+            }
+        } catch (IOException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set response status failed", e);
+        }
+    }
+
+    /**
+     * returns a text message for the HTTP response code
+     */
+    private String getHTTPMessage(int sc) {
+        return "HTTP error code: " + sc;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
new file mode 100644
index 000000000..21d0955c8
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -0,0 +1,92 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+
+/**
+ * Supplier which can provide a String representing the client-side connection
+ * information.
+ */
+public class ClientInfoSupplier implements Supplier<String>
+{
+    /** Default Last Host string if the Authenticated user is null.*/
+    private static final String DEFAULT_LAST_HOST = "#UNKNOWN_HOST#";
+    /** Session Attribute containing the ESAPI Session id. */
+    private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+    /**
+     * Minimum value for generating a random session value if one is not defined.
+     */
+    private static final int ESAPI_SESSION_RAND_MIN = 0;
+    /**
+     * Maximum value for generating a random session value if one is not defined.
+     */
+    private static final int ESAPI_SESSION_RAND_MAX = 1000000;
+
+    /** Format for supplier output. */
+    private static final String USER_INFO_FORMAT = "%s@%s"; // SID, USER_HOST_ADDRESS
+
+    /** Whether to log the user info from this instance. */
+    private boolean logClientInfo = true;
+
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
+    public String get() {
+        String clientInfo = "";
+
+        if (logClientInfo) {
+            HttpServletRequest request = ESAPI.currentRequest();
+            // create a random session number for the user to represent the user's
+            // 'session', if it doesn't exist already
+            String sid = "";
+            if (request != null) {
+                HttpSession session = request.getSession(false);
+                if (session != null) {
+                    sid = (String) session.getAttribute(ESAPI_SESSION_ATTR);
+                    // if there is no session ID for the user yet, we create one and store it in the
+                    // user's session
+                    if (sid == null) {
+                        sid = "" + ESAPI.randomizer().getRandomInteger(ESAPI_SESSION_RAND_MIN, ESAPI_SESSION_RAND_MAX);
+                        session.setAttribute(ESAPI_SESSION_ATTR, sid);
+                    }
+                }
+            }
+            // log user information - username:session@ipaddr
+            User user = ESAPI.authenticator().getCurrentUser();
+            if (user == null) {
+                clientInfo = String.format(USER_INFO_FORMAT, sid, DEFAULT_LAST_HOST);
+            } else {
+                clientInfo = String.format(USER_INFO_FORMAT, sid, user.getLastHostAddress());
+            }
+        }
+        return clientInfo;
+    }
+
+    /**
+     * Specify whether the instance should record the client info.
+     *
+     * @param log {@code true} to record
+     */
+    public void setLogClientInfo(boolean log) {
+        this.logClientInfo = log;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
new file mode 100644
index 000000000..0788d558c
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -0,0 +1,52 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+
+/**
+ * Supplier implementation which returns a consistent String representation of
+ * an EventType for logging
+ *
+ */
+public class EventTypeLogSupplier implements Supplier<String>
+{
+    /** EventType reference to supply log representation of. */
+    private final EventType eventType;
+    /** Whether to log or not the event type */
+    private boolean logEventType = true;
+
+    /**
+     * Ctr
+     *
+     * @param eventType EventType reference to supply log representation for
+     */
+    public EventTypeLogSupplier(EventType eventType) {
+        this.eventType = eventType == null ? Logger.EVENT_UNSPECIFIED : eventType;
+    }
+
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
+    public String get() {
+        return logEventType ? eventType.toString() : "";
+    }
+
+    public void setLogEventType(boolean logEventType) {
+        this.logEventType = logEventType;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
new file mode 100644
index 000000000..b764a7ad4
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
@@ -0,0 +1,35 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import org.owasp.esapi.Logger.EventType;
+
+/**
+ * Contract interface for appending content to a log message.
+ *
+ */
+public interface LogAppender {
+
+    /**
+     * Creates a replacement Log Message and returns it to the caller.
+     * @param logName name of the logger.
+     * @param eventType EventType of the log event being processed.
+     * @param message The original message.
+     * @return Updated replacement message.
+     */
+    public String appendTo(String logName, EventType eventType, String message);
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
new file mode 100644
index 000000000..237d43ac6
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -0,0 +1,119 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import org.owasp.esapi.Logger.EventType;
+
+/**
+ * LogAppender Implementation which can prefix the common logger information for
+ * EventType, Client data, and server data.
+ */
+public class LogPrefixAppender implements LogAppender {
+    /** Output format used to assemble return values. */
+    private static final String RESULT_FORMAT = "[%s] %s"; //Assembled Prefix, MSG
+
+    /** Whether or not to record user information. */
+    private final boolean logUserInfo;
+    /** Whether or not to record client information. */
+    private final boolean logClientInfo;
+    /** Whether or not to record server ip information. */
+    private final boolean logServerIp;
+    /** Whether or not to record application name. */
+    private final boolean logApplicationName;
+    /** Application Name to record. */
+    private final String appName;
+    /** Whether or not to print the prefix. */
+    private final boolean logPrefix;
+
+    /**
+     * Constructor
+     *
+     * @param logUserInfo      Whether or not to record user information
+     * @param logClientInfo      Whether or not to record client information
+     * @param logServerIp        Whether or not to record server ip information
+     * @param logApplicationName Whether or not to record application name
+     * @param appName            Application Name to record.
+     */
+    @SuppressWarnings("JavadocReference")
+    public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        this(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, true);
+    }
+
+    /**
+     * Constructor
+     *
+     * @param logUserInfo        Whether or not to record user information
+     * @param logClientInfo      Whether or not to record client information
+     * @param logServerIp        Whether or not to record server ip information
+     * @param logApplicationName Whether or not to record application name
+     * @param appName            Application Name to record.
+     * @param logPrefix          Whether or not to print the prefix
+     */
+    public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logPrefix) {
+        this.logUserInfo = logUserInfo;
+        this.logClientInfo = logClientInfo;
+        this.logServerIp = logServerIp;
+        this.logApplicationName = logApplicationName;
+        this.appName = appName;
+        this.logPrefix = logPrefix;
+    }
+
+    @Override
+    public String appendTo(String logName, EventType eventType, String message) {
+        EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
+        eventTypeSupplier.setLogEventType(this.logPrefix);
+
+        UserInfoSupplier userInfoSupplier = new UserInfoSupplier();
+        userInfoSupplier.setLogUserInfo(logUserInfo);
+
+        ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
+        clientInfoSupplier.setLogClientInfo(logClientInfo);
+
+        ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
+        serverInfoSupplier.setLogServerIp(logServerIp);
+        serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
+        serverInfoSupplier.setLogLogName(logPrefix);
+
+        String eventTypeMsg = eventTypeSupplier.get().trim();
+        String userInfoMsg = userInfoSupplier.get().trim();
+        String clientInfoMsg = clientInfoSupplier.get().trim();
+        String serverInfoMsg = serverInfoSupplier.get().trim();
+
+        //If both user and client have content, then postfix the semicolon to the userInfoMsg at this point to simplify the StringBuilder operations later.
+        userInfoMsg = (!userInfoMsg.isEmpty() && !clientInfoMsg.isEmpty()) ? userInfoMsg + ":" : userInfoMsg;
+
+        //If both server has content, then prefix the arrow to the serverInfoMsg at this point to simplify the StringBuilder operations later.
+        serverInfoMsg = (!serverInfoMsg.isEmpty()) ? "-> " + serverInfoMsg: serverInfoMsg;
+
+        String[] optionalPrefixContent = new String[] {userInfoMsg + clientInfoMsg, serverInfoMsg};
+
+        StringBuilder logPrefixBuilder = new StringBuilder();
+        //EventType is always appended (unless we specifically asked not to Log Prefix)
+        if (this.logPrefix) {
+            logPrefixBuilder.append(eventTypeMsg);
+        }
+
+        for (String element : optionalPrefixContent) {
+            if (!element.isEmpty()) {
+                logPrefixBuilder.append(" ");
+                logPrefixBuilder.append(element);
+            }
+        }
+
+        String logPrefixContent = logPrefixBuilder.toString();
+        return logPrefixContent.trim().isEmpty() ? message : String.format(RESULT_FORMAT, logPrefixContent, message);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
new file mode 100644
index 000000000..88cc786b8
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
@@ -0,0 +1,100 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.esapi.ESAPI;
+
+/**
+ * Supplier which can provide a String representing the server-side connection
+ * information.
+ */
+public class ServerInfoSupplier     implements Supplier<String>
+{
+    /** Whether to log the server connection info. */
+    private boolean logServerIP = true;
+    /** Whether to log the application name. */
+    private boolean logAppName = true;
+    /** The application name to log. */
+    private String applicationName = "";
+    /** Whether to log the Name */
+    private boolean logLogName = true;
+    /** Reference to the associated logname/module name. */
+    private final String logName;
+
+    /**
+     * Ctr.
+     *
+     * @param logName Reference to the logName to record as the module information
+     */
+    public ServerInfoSupplier(String logName) {
+        this.logName = logName;
+    }
+
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
+    public String get() {
+        // log server, port, app name, module name -- server:80/app/module
+        StringBuilder appInfo = new StringBuilder();
+        if (logServerIP) {
+            HttpServletRequest request = ESAPI.currentRequest();
+            if (request != null) {
+                appInfo.append(request.getLocalAddr()).append(":").append(request.getLocalPort());
+            }
+        }
+        
+        if (this.logAppName) {
+            appInfo.append("/").append(this.applicationName);
+        }
+
+        if (this.logLogName) {
+            appInfo.append("/").append(logName);
+        }
+
+        return appInfo.toString();
+    }
+
+    /**
+     * Specify whether the instance should record the server connection info.
+     *
+     * @param log {@code true} to record
+     */
+    public void setLogServerIp(boolean log) {
+        this.logServerIP = log;
+    }
+
+    /**
+     * Specify whether the instance should record the prefix.
+     *
+     * @param logLogName {@code true} to record
+     */
+    public void setLogLogName(boolean logLogName) {
+        this.logLogName = logLogName;
+    }
+
+    /**
+     * Specify whether the instance should record the application name
+     *
+     * @param log     {@code true} to record
+     * @param appName String to record as the application name
+     */
+    public void setLogApplicationName(boolean log, String appName) {
+        this.logAppName = log;
+        this.applicationName = appName;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
new file mode 100644
index 000000000..bf5fd731c
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
@@ -0,0 +1,60 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+
+/**
+ * Supplier which can provide a String representing the client-side connection
+ * information.
+ */
+public class UserInfoSupplier   implements Supplier<String>
+{
+    /** Default UserName string if the Authenticated user is null.*/
+    private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
+
+    /** Whether to log the user info from this instance. */
+    private boolean logUserInfo = true;
+
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
+    public String get() {
+        // log user information - username:session@ipaddr
+        User user = ESAPI.authenticator().getCurrentUser();
+
+        String userInfo = "";
+        if (logUserInfo) {
+            if (user == null) {
+                userInfo = DEFAULT_USERNAME;
+            } else {
+                userInfo = user.getAccountName();
+            }
+        }
+
+        return userInfo;
+    }
+
+    /**
+     * Specify whether the instance should record the client info.
+     *
+     * @param log {@code true} to record
+     */
+    public void setLogUserInfo(boolean log) {
+        this.logUserInfo = log;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
new file mode 100644
index 000000000..4ce14bac5
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
@@ -0,0 +1,52 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.cleaning;
+
+import org.owasp.esapi.codecs.Codec;
+
+/**
+ * Implementation of a LogScrubber which passes strings through a delegate codec
+ * with specific character immunity sets.
+ *
+ */
+public class CodecLogScrubber implements LogScrubber {
+    /** Codec implementation used to scrub messages. */
+    private final Codec<?> customizedMessageCodec;
+    /**
+     * Set of characters which will not be altered by the codec for this scrubber.
+     */
+    private final char[] immuneMessageChars;
+
+    /**
+     * Ctr.
+     *
+     * @param messageCodec
+     *            Delegate codec. Cannot be {@code null}
+     * @param immuneChars
+     *            Immune character set.
+     */
+    public CodecLogScrubber(Codec<?> messageCodec, char[] immuneChars) {
+        if (messageCodec == null) {
+            throw new IllegalArgumentException("Codec reference cannot be null");
+        }
+        this.customizedMessageCodec = messageCodec;
+        this.immuneMessageChars = immuneChars == null ? new char[0] : immuneChars;
+    }
+
+    @Override
+    public String cleanMessage(String message) {
+        return customizedMessageCodec.encode(immuneMessageChars, message);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
new file mode 100644
index 000000000..72da7f2ba
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
@@ -0,0 +1,55 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.cleaning;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * LogScrubber implementation which performs iterative delegate to an ordered
+ * List of LogScrubbers. <br>
+ * The results of the delegate list of LogScrubbers is additive, meaning that
+ * the original message is passed to the first delegate and its return value
+ * is passed to the second (etc). <br>
+ *
+ */
+public class CompositeLogScrubber implements LogScrubber {
+    /** Delegate scrubbers. */
+    private final List<LogScrubber> messageCleaners;
+
+    /**
+     * Ctr.
+     *
+     * @param orderedCleaner
+     *            Ordered List of delegate implementations. Cannot be {@code null}
+     */
+    public CompositeLogScrubber(List<LogScrubber> orderedCleaner) {
+        if (orderedCleaner == null) {
+            throw new IllegalArgumentException("Delegate LogScrubber List cannot be null");
+        }
+        this.messageCleaners = new ArrayList<>(orderedCleaner);
+    }
+
+    @Override
+    public String cleanMessage(String message) {
+        String cleaned = message;
+
+        for (LogScrubber scrubadub : messageCleaners) {
+            cleaned = scrubadub.cleanMessage(cleaned);
+        }
+
+        return cleaned;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
new file mode 100644
index 000000000..fd8a54a41
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
@@ -0,0 +1,34 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.cleaning;
+
+/**
+ * Contract interface for cleaning log message output.
+ *
+ */
+public interface LogScrubber {
+
+    /**
+     * Updates the given message to account for restrictions for this implementation
+     * and returns the result.
+     *
+     * @param message
+     *            Original message to clean.
+     * @return Cleaned message.
+     */
+    public String cleanMessage(String message);
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
new file mode 100644
index 000000000..025896861
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
@@ -0,0 +1,33 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.cleaning;
+
+/**
+ * LogScrubber implementation which replaces newline and carriage return values.
+ *
+ */
+public class NewlineLogScrubber implements LogScrubber {
+    /** Newline */
+    private static final char NEWLINE = '\n';
+    /** Carriage Return. */
+    private static final char CARRIAGE_RETURN = '\r';
+    /** Default Replacement value. */
+    private static final char LINE_WRAP_REPLACE = '_';
+
+    @Override
+    public String cleanMessage(String message) {
+        return message.replace(NEWLINE, LINE_WRAP_REPLACE).replace(CARRIAGE_RETURN, LINE_WRAP_REPLACE);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
new file mode 100644
index 000000000..36a005eb0
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
@@ -0,0 +1,48 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+
+/**
+ *  Definitions of customized Java Logging Level options to map ESAPI behavior to the desired Java Log output behaviors.
+ */
+public class ESAPICustomJavaLevel extends Level {
+
+    protected static final long serialVersionUID = 1L;
+
+    /**
+     * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
+     * by java.util.Logger already.
+     */
+    public static final Level ERROR_LEVEL = new ESAPICustomJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
+
+    /**
+     * Defines a custom level that should result in content always being recorded, unless the Java Logging configuration is set to OFF.
+     */
+    public static final Level ALWAYS_LEVEL = new ESAPICustomJavaLevel( "ALWAYS", Level.OFF.intValue() - 1);
+
+    /**
+     * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
+     * the defined level and its numeric value.
+     *
+     * @param name The name of the JavaLoggerLevel
+     * @param value The associated numeric value
+     */
+    private ESAPICustomJavaLevel(String name, int value) {
+        super(name, value);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
new file mode 100644
index 000000000..f8288c3ad
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
@@ -0,0 +1,49 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+
+/**
+ *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
+ *  @deprecated 10/24/2020 : References should use ESAPICustomJavaLevel.ERROR_LEVEL
+ *  @see ESAPICustomJavaLevel#ERROR_LEVEL
+ */
+@Deprecated
+public class ESAPIErrorJavaLevel extends Level {
+
+    protected static final long serialVersionUID = 1L;
+
+    /**
+     * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
+     * by java.util.Logger already.
+     * @deprecated
+     * @see ESAPICustomJavaLevel#ERROR_LEVEL
+     */
+    @Deprecated
+    public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( ESAPICustomJavaLevel.ERROR_LEVEL.getName(),ESAPICustomJavaLevel.ERROR_LEVEL.intValue());
+
+    /**
+     * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
+     * the defined level and its numeric value.
+     *
+     * @param name The name of the JavaLoggerLevel
+     * @param value The associated numeric value
+     */
+    private ESAPIErrorJavaLevel(String name, int value) {
+        super(name, value);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
new file mode 100644
index 000000000..2d1243c05
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
@@ -0,0 +1,44 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Logger;
+
+import org.owasp.esapi.Logger.EventType;
+
+/**
+ * Contract for translating an ESAPI log event into a Java log event.
+ *
+ */
+public interface JavaLogBridge {
+    /**
+     * Translation for the provided ESAPI level, type, and message to the specified Java Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message) ;
+    /**
+     * Translation for the provided ESAPI level, type, message, and Throwable to the specified Java Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     * @param throwable ESAPI event Throwable content
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
new file mode 100644
index 000000000..042a56202
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
@@ -0,0 +1,75 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.java;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+
+/**
+ * Implementation which is intended to bridge the ESAPI Logging API into Java supported Object structures.
+ *
+ */
+public class JavaLogBridgeImpl implements JavaLogBridge {
+    /** Configuration providing associations between esapi log levels and Java levels.*/
+    private final Map<Integer,JavaLogLevelHandler> esapiJavaLevelMap;
+    /** Cleaner used for log content.*/
+    private final LogScrubber scrubber;
+    /** Appender used for assembling default message content for all logs.*/
+    private final LogAppender appender;
+
+    /**
+     * Constructor.
+     * @param logScrubber  Log message cleaner.
+     * @param esapiJavaHandlerMap Map identifying ESAPI -> Java log level associations.
+     */
+    public JavaLogBridgeImpl(LogAppender messageAppender, LogScrubber logScrubber, Map<Integer, JavaLogLevelHandler> esapiJavaHandlerMap) {
+        //Defensive copy to prevent external mutations.
+        this.esapiJavaLevelMap = new HashMap<>(esapiJavaHandlerMap);
+        this.scrubber = logScrubber;
+        this.appender = messageAppender;
+    }
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message) {
+        JavaLogLevelHandler handler = esapiJavaLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup Java level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+
+            handler.log(logger, cleanString);
+        }
+    }
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
+        JavaLogLevelHandler handler = esapiJavaLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup Java level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+
+            handler.log(logger, cleanString, throwable);
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
new file mode 100644
index 000000000..8cca8fb25
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -0,0 +1,185 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import static org.owasp.esapi.PropNames.APPLICATION_NAME;
+import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME;
+import static org.owasp.esapi.PropNames.LOG_CLIENT_INFO;
+import static org.owasp.esapi.PropNames.LOG_ENCODING_REQUIRED;
+import static org.owasp.esapi.PropNames.LOG_SERVER_IP;
+import static org.owasp.esapi.PropNames.LOG_USER_INFO;
+import static org.owasp.esapi.PropNames.LOG_PREFIX;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.LogFactory;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+
+/**
+ * LogFactory implementation which creates JAVA supporting Loggers.
+ * <br><br>
+ * Options for customizing this configuration (in recommended order)
+ * <ol>
+ * <li>Consider using the <i>SLF4JLogFactory</i> with a java-logging implementation.</li>
+ * <li>Configure the runtime startup command to set the desired system properties for the <i>java.util.logging.LogManager</i> instance.  EG: <code>-Djava.util.logging.config.file=/custom/file/path.properties</code></li>
+ * <li>Overwrite the esapi-java-logging.properties file with the desired logging configurations. <br>A default file implementation is available in the configuration jar on GitHub under the 'Releases'</li>
+ * <li>Apply custom-code solution to set the system properties for the <i>java.util.logging.LogManager</i> at runtime. EG: <code>System.setProperty("java.util.logging.config.file", "/custom/file/path.properties");</code></li>
+ * <li>Create a custom JavaLogFactory class in client project baseline and update the ESAPI.properties configuration to use that reference.</li>
+ * </ol>
+ *
+ * @see <a href="https://github.com/ESAPI/esapi-java-legacy/wiki/Configuration-Reference:-JavaLogFactory">ESAPI Wiki - Configuration Reference: JavaLogFactory</a>
+ *
+ */
+public class JavaLogFactory implements LogFactory {
+    /**Consistent message offered as a part of the ConfigurationException which is thrown if esapi-java-logging.properties is found on the path. */
+    private static final String PROPERTY_CONFIG_MSG = "esapi-java-logging.properties is no longer supported.  See https://github.com/ESAPI/esapi-java-legacy/wiki/Configuring-the-JavaLogFactory for information on corrective actions.";
+    /** Immune characters for the codec log scrubber for JAVA context.*/
+    private static final char[] IMMUNE_JAVA_HTML = {',', '.', '-', '_', ' ' };
+    /** Codec being used to clean messages for logging.*/
+    private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
+    /** Log appender instance.*/
+    private static LogAppender JAVA_LOG_APPENDER;
+    /** Log cleaner instance.*/
+    private static LogScrubber JAVA_LOG_SCRUBBER;
+    /** Bridge class for mapping esapi -> java log levels.*/
+    private static JavaLogBridge LOG_BRIDGE;
+
+    static {
+        boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(LOG_ENCODING_REQUIRED);
+        JAVA_LOG_SCRUBBER = createLogScrubber(encodeLog);
+
+
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(LOG_CLIENT_INFO);
+        boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME);
+        String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME);
+        boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP);
+
+        boolean logPrefix = true;
+        try {
+            logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX);
+        } catch (ConfigurationException ex) {
+            System.out.println("ESAPI: Failed to read Log Prefix configuration " + LOG_PREFIX + ". Defaulting to enabled" +
+                    ". Caught " + ex.getClass().getName() +
+                    "; exception message was: " + ex);
+        }
+
+        JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix);
+
+        Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALWAYS);
+        levelLookup.put(Logger.TRACE, JavaLogLevelHandlers.FINEST);
+        levelLookup.put(Logger.DEBUG, JavaLogLevelHandlers.FINE);
+        levelLookup.put(Logger.INFO, JavaLogLevelHandlers.INFO);
+        levelLookup.put(Logger.ERROR, JavaLogLevelHandlers.ERROR);
+        levelLookup.put(Logger.WARNING, JavaLogLevelHandlers.WARNING);
+        levelLookup.put(Logger.FATAL, JavaLogLevelHandlers.SEVERE);
+        //LEVEL.OFF not used.  If it's off why would we try to log it?
+
+        LOG_BRIDGE = new JavaLogBridgeImpl(JAVA_LOG_APPENDER, JAVA_LOG_SCRUBBER, levelLookup);
+
+        /*
+         * esapi-java-logging.properties file may lead to confusing logging behavior
+         * by overriding desired configurations provided through Java's LogManager class.
+         * 
+         * Verify the file is not present and fail if found to enforce understanding of
+         * the configuration method.
+         */
+        try (InputStream stream = JavaLogFactory.class.getClassLoader().
+                getResourceAsStream("esapi-java-logging.properties")) {
+            if (stream != null) {
+                throw new ConfigurationException(PROPERTY_CONFIG_MSG);
+            }
+
+        } catch (IOException ioe) {
+            // This is a little strange, I know.
+            // If the IOException is thrown, then the file actually exists but is malformatted or has some other issue.
+            // The file should not exist at all, so use the same message as above but include the original exception in the log as well.
+            throw new ConfigurationException(PROPERTY_CONFIG_MSG, ioe);
+        }
+    }
+
+    /**
+     * Populates the default log scrubber for use in factory-created loggers.
+     * @param requiresEncoding {@code true} if encoding is required for log content.
+     * @return LogScrubber instance.
+     */
+    /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
+        List<LogScrubber> messageScrubber = new ArrayList<>();
+        messageScrubber.add(new NewlineLogScrubber());
+
+        if (requiresEncoding) {
+            messageScrubber.add(new CodecLogScrubber(HTML_CODEC, IMMUNE_JAVA_HTML));
+        }
+
+        return new CompositeLogScrubber(messageScrubber);
+
+    }
+
+    /**
+     * Populates the default log appender for use in factory-created loggers.
+     * @param appName
+     * @param logApplicationName
+     * @param logServerIp
+     * @param logClientInfo
+     *
+     * @return LogAppender instance.
+     */
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
+    }
+
+    /**
+     * Populates the default log appender for use in factory-created loggers.
+     * @param appName
+     * @param logApplicationName
+     * @param logServerIp
+     * @param logClientInfo
+     * @param logPrefix
+     *
+     * @return LogAppender instance.
+     */
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logPrefix) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix);
+    }
+
+
+    @Override
+    public Logger getLogger(String moduleName) {
+        java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(moduleName);
+        return new JavaLogger(javaLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+    @Override
+    public Logger getLogger(@SuppressWarnings("rawtypes") Class clazz) {
+        java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(clazz.getName());
+        return new JavaLogger(javaLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
new file mode 100644
index 000000000..ea237459d
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
@@ -0,0 +1,42 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Logger;
+
+/**
+ * Contract used to isolate translations for each Java Logging Level.
+ *
+ * @see JavaLogLevelHandlers
+ * @see JavaLogBridgeImpl
+ *
+ */
+interface JavaLogLevelHandler {
+    /** Check if the logging level is enabled for the specified logger.*/
+    boolean isEnabled(Logger logger);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke.
+     * @param msg Message to log.
+     */
+    void log(Logger logger, String msg);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke
+     * @param msg Message to log
+     * @param th Throwable to log.
+     */
+    void log(Logger logger, String msg, Throwable th);
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
new file mode 100644
index 000000000..57a90dae7
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
@@ -0,0 +1,52 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+public enum JavaLogLevelHandlers implements JavaLogLevelHandler {
+
+    SEVERE(Level.SEVERE),
+    WARNING(Level.WARNING),
+    INFO(Level.INFO),
+    CONFIG(Level.CONFIG),
+    FINE(Level.FINE),
+    FINER(Level.FINER),
+    FINEST(Level.FINEST),
+    ALWAYS(ESAPICustomJavaLevel.ALWAYS_LEVEL),
+    ERROR(ESAPICustomJavaLevel.ERROR_LEVEL);
+
+    private final Level level;
+
+    private JavaLogLevelHandlers(Level lvl) {
+        this.level = lvl;
+    }
+
+    @Override
+    public boolean isEnabled(Logger logger) {
+        return logger.isLoggable(level);
+    }
+
+    @Override
+    public void log(Logger logger, String msg) {
+        logger.log(level, msg);
+    }
+
+    @Override
+    public void log(Logger logger, String msg, Throwable th) {
+        logger.log(level, msg, th);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
new file mode 100644
index 000000000..1ac4a484f
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
@@ -0,0 +1,167 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import org.owasp.esapi.Logger;
+/**
+ * ESAPI Logger implementation which relays events to an Java delegate.
+ */
+public class JavaLogger implements org.owasp.esapi.Logger {
+    /** Delegate Logger.*/
+    private final java.util.logging.Logger delegate;
+    /** Handler for translating events from ESAPI context for Java processing.*/
+    private final JavaLogBridge logBridge;
+    /** Maximum log level that will be forwarded to Java from the ESAPI context.*/
+    private int loggingLevel;
+
+    /**
+     * Constructs a new instance.
+     * @param JavaLogger Delegate Java logger.
+     * @param bridge Translator for ESAPI -> Java logging events.
+     * @param defaultEsapiLevel Maximum ESAPI log level events to propagate.
+     */
+    public JavaLogger(java.util.logging.Logger JavaLogger, JavaLogBridge bridge, int defaultEsapiLevel) {
+        delegate = JavaLogger;
+        this.logBridge = bridge;
+        loggingLevel = defaultEsapiLevel;
+    }
+
+    private void log(int esapiLevel, EventType type, String message) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message);
+        }
+    }
+
+    private void log(int esapiLevel, EventType type, String message, Throwable throwable) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message, throwable);
+        }
+    }
+
+
+    private boolean isEnabled(int esapiLevel) {
+        return esapiLevel >= loggingLevel;
+    }
+
+    @Override
+    public void always(EventType type, String message) {
+        log (Logger.ALL, type, message);
+    }
+
+    @Override
+    public void always(EventType type, String message, Throwable throwable) {
+        log (Logger.ALL, type, message, throwable);
+    }
+
+    @Override
+    public void trace(EventType type, String message) {
+        log (Logger.TRACE, type, message);
+    }
+
+    @Override
+    public void trace(EventType type, String message, Throwable throwable) {
+        log (Logger.TRACE, type, message, throwable);
+    }
+
+    @Override
+    public void debug(EventType type, String message) {
+        log (Logger.DEBUG, type, message);
+    }
+
+    @Override
+    public void debug(EventType type, String message, Throwable throwable) {
+        log (Logger.DEBUG, type, message, throwable);
+    }
+
+    @Override
+    public void info(EventType type, String message) {
+        log (Logger.INFO, type, message);
+    }
+
+    @Override
+    public void info(EventType type, String message, Throwable throwable) {
+        log (Logger.INFO, type, message, throwable);
+    }
+
+    @Override
+    public void warning(EventType type, String message) {
+        log (Logger.WARNING, type, message);
+    }
+
+    @Override
+    public void warning(EventType type, String message, Throwable throwable) {
+        log (Logger.WARNING, type, message, throwable);
+    }
+
+    @Override
+    public void error(EventType type, String message) {
+        log (Logger.ERROR, type, message);
+    }
+
+    @Override
+    public void error(EventType type, String message, Throwable throwable) {
+        log (Logger.ERROR, type, message, throwable);
+    }
+
+    @Override
+    public void fatal(EventType type, String message) {
+        log (Logger.FATAL, type, message);
+    }
+
+    @Override
+    public void fatal(EventType type, String message, Throwable throwable) {
+        log (Logger.FATAL, type, message, throwable);
+    }
+
+    @Override
+    public int getESAPILevel() {
+        return loggingLevel;
+    }
+
+    @Override
+    public boolean isTraceEnabled() {
+        return isEnabled(Logger.TRACE);
+    }
+
+    @Override
+    public boolean isDebugEnabled() {
+        return isEnabled(Logger.DEBUG);
+    }
+    @Override
+    public boolean isInfoEnabled() {
+        return isEnabled(Logger.INFO);
+    }
+    @Override
+    public boolean isWarningEnabled() {
+        return isEnabled(Logger.WARNING);
+    }
+
+    @Override
+    public boolean isErrorEnabled() {
+        return isEnabled(Logger.ERROR);
+    }
+
+    @Override
+    public boolean isFatalEnabled() {
+        return isEnabled(Logger.FATAL);
+    }
+
+
+    @Override
+    public void setLevel(int level) {
+        loggingLevel = level;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
new file mode 100644
index 000000000..4b73f7a83
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
@@ -0,0 +1,42 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import org.owasp.esapi.Logger.EventType;
+import org.slf4j.Logger;
+/**
+ * Contract for translating an ESAPI log event into an SLF4J log event.
+ *
+ */
+public interface Slf4JLogBridge {
+    /**
+     * Translation for the provided ESAPI level, type, and message to the specified SLF4J Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message) ;
+    /**
+     * Translation for the provided ESAPI level, type, message, and Throwable to the specified SLF4J Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     * @param throwable ESAPI event Throwable content
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
new file mode 100644
index 000000000..44c1a7616
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
@@ -0,0 +1,85 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.slf4j.IMarkerFactory;
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+import org.slf4j.helpers.BasicMarkerFactory;
+
+/**
+ * Implementation which is intended to bridge the ESAPI Logging API into SLF4J supported Object structures.
+ *
+ */
+public class Slf4JLogBridgeImpl implements Slf4JLogBridge {
+    //BasicMarkerFactory uses ConcurrentHashMap to track data.  This *should be* thread safe.
+    private static final IMarkerFactory MARKER_FACTORY = new BasicMarkerFactory();
+    /** Configuration providing associations between esapi log levels and SLF4J levels.*/
+    private final Map<Integer,Slf4JLogLevelHandler> esapiSlfLevelMap;
+    /** Cleaner used for log content.*/
+    private final LogScrubber scrubber;
+    /** Appender used for assembling default message content for all logs.*/
+    private final LogAppender appender;
+
+    /**
+     * Constructor.
+     * @param logScrubber  Log message cleaner.
+     * @param esapiSlfHandlerMap Map identifying ESAPI -> SLF4J log level associations.
+     */
+    public Slf4JLogBridgeImpl(LogAppender messageAppender, LogScrubber logScrubber, Map<Integer, Slf4JLogLevelHandler> esapiSlfHandlerMap) {
+        //Defensive copy to prevent external mutations.
+        this.esapiSlfLevelMap = new HashMap<>(esapiSlfHandlerMap);
+        this.scrubber = logScrubber;
+        this.appender = messageAppender;
+    }
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message) {
+        Slf4JLogLevelHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+            type = type == null ? org.owasp.esapi.Logger.EVENT_UNSPECIFIED : type;
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+
+            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
+            handler.log(logger, typeMarker, cleanString);
+        }
+    }
+
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
+        Slf4JLogLevelHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+            type = type == null ? org.owasp.esapi.Logger.EVENT_UNSPECIFIED : type;
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+
+            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
+            handler.log(logger, typeMarker, cleanString, throwable);
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
new file mode 100644
index 000000000..5e1810a93
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -0,0 +1,155 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.LogFactory;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+
+import static org.owasp.esapi.PropNames.LOG_ENCODING_REQUIRED;
+import static org.owasp.esapi.PropNames.LOG_USER_INFO;
+import static org.owasp.esapi.PropNames.LOG_CLIENT_INFO;
+import static org.owasp.esapi.PropNames.LOG_APPLICATION_NAME;
+import static org.owasp.esapi.PropNames.APPLICATION_NAME;
+import static org.owasp.esapi.PropNames.LOG_SERVER_IP;
+import static org.owasp.esapi.PropNames.LOG_PREFIX;
+import org.slf4j.LoggerFactory;
+/**
+ * LogFactory implementation which creates SLF4J supporting Loggers.
+ *
+ */
+public class Slf4JLogFactory implements LogFactory {
+    /** Html encoding backslash.*/
+    private static final char BACKSLASH = '\\';
+    /** Html encoding for SLF4J open replacement marker.*/
+    private static final char OPEN_SLF_FORMAT='{';
+    /** Html encoding for SLF4J close replacement marker.*/
+    private static final char CLOSE_SLF_FORMAT='}';
+    /** Immune characters for the codec log scrubber for SLF4J context.*/
+    private static final char[] IMMUNE_SLF4J_HTML = {',', '.', '-', '_', ' ',BACKSLASH, OPEN_SLF_FORMAT, CLOSE_SLF_FORMAT };
+    /** Codec being used to clean messages for logging.*/
+    private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
+    /** Log appender instance.*/
+    private static LogAppender SLF4J_LOG_APPENDER;
+    /** Log cleaner instance.*/
+    private static LogScrubber SLF4J_LOG_SCRUBBER;
+    /** Bridge class for mapping esapi -> slf4j log levels.*/
+    private static Slf4JLogBridge LOG_BRIDGE;
+
+    static {
+        boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(LOG_ENCODING_REQUIRED);
+        SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
+
+
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(LOG_CLIENT_INFO);
+        boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(LOG_APPLICATION_NAME);
+        String appName = ESAPI.securityConfiguration().getStringProp(APPLICATION_NAME);
+        boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(LOG_SERVER_IP);
+
+        boolean logPrefix = true;
+        try {
+            logPrefix = ESAPI.securityConfiguration().getBooleanProp(LOG_PREFIX);
+        } catch (ConfigurationException ex) {
+            System.out.println("ESAPI: Failed to read Log Prefix configuration " + LOG_PREFIX + ". Defaulting to enabled" +
+                    ". Caught " + ex.getClass().getName() +
+                    "; exception message was: " + ex);
+        }
+
+        SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix);
+
+        Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE);
+        levelLookup.put(Logger.TRACE, Slf4JLogLevelHandlers.TRACE);
+        levelLookup.put(Logger.DEBUG, Slf4JLogLevelHandlers.DEBUG);
+        levelLookup.put(Logger.INFO, Slf4JLogLevelHandlers.INFO);
+        levelLookup.put(Logger.ERROR, Slf4JLogLevelHandlers.ERROR);
+        levelLookup.put(Logger.WARNING, Slf4JLogLevelHandlers.WARN);
+        levelLookup.put(Logger.FATAL, Slf4JLogLevelHandlers.ERROR);
+        //LEVEL.OFF not used.  If it's off why would we try to log it?
+
+        LOG_BRIDGE = new Slf4JLogBridgeImpl(SLF4J_LOG_APPENDER, SLF4J_LOG_SCRUBBER, levelLookup);
+    }
+
+    /**
+     * Populates the default log scrubber for use in factory-created loggers.
+     * @param requiresEncoding {@code true} if encoding is required for log content.
+     * @return LogScrubber instance.
+     */
+    /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
+        List<LogScrubber> messageScrubber = new ArrayList<>();
+        messageScrubber.add(new NewlineLogScrubber());
+
+        if (requiresEncoding) {
+            messageScrubber.add(new CodecLogScrubber(HTML_CODEC, IMMUNE_SLF4J_HTML));
+        }
+
+        return new CompositeLogScrubber(messageScrubber);
+
+    }
+
+    /**
+     * Populates the default log appender for use in factory-created loggers.
+     * @param appName
+     * @param logApplicationName
+     * @param logServerIp
+     * @param logClientInfo
+     *
+     * @return LogAppender instance.
+     */
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
+    }
+
+    /**
+     * Populates the default log appender for use in factory-created loggers.
+     * @param appName
+     * @param logApplicationName
+     * @param logServerIp
+     * @param logClientInfo
+     * @param logPrefix
+     *
+     * @return LogAppender instance.
+     */
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName, boolean logPrefix) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName, logPrefix);
+    }
+
+    @Override
+    public Logger getLogger(String moduleName) {
+        org.slf4j.Logger slf4JLogger = LoggerFactory.getLogger(moduleName);
+        return new Slf4JLogger(slf4JLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+    @Override
+    public Logger getLogger(@SuppressWarnings("rawtypes") Class clazz) {
+        org.slf4j.Logger slf4JLogger = LoggerFactory.getLogger(clazz);
+        return new Slf4JLogger(slf4JLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandler.java
new file mode 100644
index 000000000..1232374a9
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandler.java
@@ -0,0 +1,44 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+/**
+ * Contract used to isolate translations for each SLF4J Logging Level.
+ *
+ * @see Slf4JLogLevelHandlers
+ * @see Slf4JLogBridgeImpl
+ *
+ */
+ interface Slf4JLogLevelHandler {
+     /** Check if the logging level is enabled for the specified logger.*/
+    boolean isEnabled(Logger logger);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke.
+     * @param marker Marker to apply to event
+     * @param msg Message to log.
+     */
+    void log(Logger logger, Marker marker, String msg);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke
+     * @param marker Marker to apply to the event.
+     * @param msg Message to log
+     * @param th Throwable to log.
+     */
+    void log(Logger logger, Marker marker, String msg, Throwable th);
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlers.java
new file mode 100644
index 000000000..e26da6509
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlers.java
@@ -0,0 +1,113 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+/**
+ * Enumeration capturing the propagation of SLF4J level events.
+ *
+ */
+public enum Slf4JLogLevelHandlers implements Slf4JLogLevelHandler {
+    ERROR {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isErrorEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.error(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.error(marker, msg, th);
+        }
+    },
+    WARN {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isWarnEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.warn(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.warn(marker, msg, th);
+        }
+    },
+    INFO {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isInfoEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.info(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.info(marker, msg, th);
+        }
+    },
+    DEBUG {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isDebugEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.debug(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.debug(marker, msg, th);
+        }
+    },
+    TRACE{
+
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isTraceEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.trace(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.trace(marker, msg, th);
+        }
+
+    };
+    @Override
+    public abstract boolean isEnabled(Logger logger);
+    @Override
+    public abstract void log(Logger logger, Marker marker, String msg);
+    @Override
+    public abstract void log(Logger logger, Marker marker, String msg, Throwable th);
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
new file mode 100644
index 000000000..adb64ce20
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
@@ -0,0 +1,167 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import org.owasp.esapi.Logger;
+/**
+ * ESAPI Logger implementation which relays events to an SLF4J delegate.
+ */
+public class Slf4JLogger implements org.owasp.esapi.Logger {
+    /** Delegate Logger.*/
+    private final org.slf4j.Logger delegate;
+    /** Handler for translating events from ESAPI context for SLF4J processing.*/
+    private final Slf4JLogBridge logBridge;
+    /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
+    private int loggingLevel;
+
+    /**
+     * Constructs a new instance.
+     * @param slf4JLogger Delegate SLF4J logger.
+     * @param bridge Translator for ESAPI -> SLF4J logging events.
+     * @param defaultEsapiLevel Maximum ESAPI log level events to propagate.
+     */
+    public Slf4JLogger(org.slf4j.Logger slf4JLogger, Slf4JLogBridge bridge, int defaultEsapiLevel) {
+        delegate = slf4JLogger;
+        this.logBridge = bridge;
+        loggingLevel = defaultEsapiLevel;
+    }
+
+    private void log(int esapiLevel, EventType type, String message) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message);
+        }
+    }
+
+    private void log(int esapiLevel, EventType type, String message, Throwable throwable) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message, throwable);
+        }
+    }
+
+
+    private boolean isEnabled(int esapiLevel) {
+       return esapiLevel >= loggingLevel;
+    }
+
+    @Override
+    public void always(EventType type, String message) {
+        log (Logger.ALL, type, message);
+    }
+
+    @Override
+    public void always(EventType type, String message, Throwable throwable) {
+        log (Logger.ALL, type, message, throwable);
+    }
+
+    @Override
+    public void trace(EventType type, String message) {
+        log (Logger.TRACE, type, message);
+    }
+
+    @Override
+    public void trace(EventType type, String message, Throwable throwable) {
+        log (Logger.TRACE, type, message, throwable);
+    }
+
+    @Override
+    public void debug(EventType type, String message) {
+        log (Logger.DEBUG, type, message);
+    }
+
+    @Override
+    public void debug(EventType type, String message, Throwable throwable) {
+        log (Logger.DEBUG, type, message, throwable);
+    }
+
+    @Override
+    public void info(EventType type, String message) {
+        log (Logger.INFO, type, message);
+    }
+
+    @Override
+    public void info(EventType type, String message, Throwable throwable) {
+        log (Logger.INFO, type, message, throwable);
+    }
+
+    @Override
+    public void warning(EventType type, String message) {
+        log (Logger.WARNING, type, message);
+    }
+
+    @Override
+    public void warning(EventType type, String message, Throwable throwable) {
+        log (Logger.WARNING, type, message, throwable);
+    }
+
+    @Override
+    public void error(EventType type, String message) {
+        log (Logger.ERROR, type, message);
+    }
+
+    @Override
+    public void error(EventType type, String message, Throwable throwable) {
+        log (Logger.ERROR, type, message, throwable);
+    }
+
+    @Override
+    public void fatal(EventType type, String message) {
+        log (Logger.FATAL, type, message);
+    }
+
+    @Override
+    public void fatal(EventType type, String message, Throwable throwable) {
+        log (Logger.FATAL, type, message, throwable);
+    }
+
+    @Override
+    public int getESAPILevel() {
+        return loggingLevel;
+    }
+
+    @Override
+    public boolean isTraceEnabled() {
+        return isEnabled(Logger.TRACE);
+    }
+
+    @Override
+    public boolean isDebugEnabled() {
+        return isEnabled(Logger.DEBUG);
+    }
+    @Override
+    public boolean isInfoEnabled() {
+        return isEnabled(Logger.INFO);
+    }
+    @Override
+    public boolean isWarningEnabled() {
+        return isEnabled(Logger.WARNING);
+    }
+
+    @Override
+    public boolean isErrorEnabled() {
+        return isEnabled(Logger.ERROR);
+    }
+
+    @Override
+    public boolean isFatalEnabled() {
+       return isEnabled(Logger.FATAL);
+    }
+
+
+    @Override
+    public void setLevel(int level) {
+       loggingLevel = level;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/package.html b/src/main/java/org/owasp/esapi/package.html
index cb23a58ac..a5e2252c3 100644
--- a/src/main/java/org/owasp/esapi/package.html
+++ b/src/main/java/org/owasp/esapi/package.html
@@ -28,46 +28,46 @@ <h2>Sponsor</h2>
 is free to participate in OWASP and all of our materials are available
 under an open source license. The OWASP Foundation is a 501c3
 not-for-profit charitable organization that ensures the ongoing
-availability and support for our work.</p> 
- 
+availability and support for our work.</p>
+
 <p>The
 <a href="http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API">
 OWASP ESAPI Project</a>
 is led by Jeff Williams,
 <a href="http://www.aspectsecurity.com">Aspect Security</a>.
- 
+
 <p>You can find more information about the ESAPI Java project, or join
 the mailing list and help us make it better from the OWASP project page
 at <a
-href="http://www.owasp.org/index.php/ESAPI#tab=Java_EE">http://www.owasp.org/index.php/ESAPI#tab=Java_EE</a>.</p> 
- 
+href="http://www.owasp.org/index.php/ESAPI#tab=Java_EE">http://www.owasp.org/index.php/ESAPI#tab=Java_EE</a>.</p>
+
 <h2>ESAPI Architecture</h2>
- 
+
 <p>The ESAPI class library builds on the excellent security libraries available,
-such as Java Logging, JCE, and Adobe Commons FileUpload. It uses the
-concepts from many of the security packages out there, such as ACEGI,
+such as Java Logging, JCE, and Apache Commons FileUpload. It uses the
+concepts from many of the security packages out there, such as Spring Security,
 Apache Commons Validator, Microsoft's AntiXSS library, and many many
 more. This library provides a single consistent interface to security
-functions that is intuitive for enterprise developers.</p> 
+functions that is intuitive for enterprise developers.</p>
 
-<img src="doc-files/Architecture.jpg"> 
+<img src="doc-files/Architecture.jpg">
 
 <h2>Addressing OWASP Top Ten</h2>
- 
+
 <p>Used properly, the ESAPI provides enough functions to protect
 against most of the
 <a href="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">
 OWASP Top Ten</a>.  The only real exception is the
 Insecure Communications category, which is generally outside the control
-of the software developer.</p> 
-<img src="doc-files/OWASPTopTen.jpg"> 
+of the software developer.</p>
+<img src="doc-files/OWASPTopTen.jpg">
 
 <h2>Copyright and License</h2>
- 
-<p>This project and all associated code is Copyright (c) 2007 - The OWASP Foundation</p> 
- 
-<p>This project licensed under the <a href="http://en.wikipedia.org/wiki/BSD_license">BSD license</a>, 
-which is very permissive and about as close to public domain as is possible. You can use or modify 
+
+<p>This project and all associated code is Copyright (c) 2007 - The OWASP Foundation</p>
+
+<p>This project licensed under the <a href="http://en.wikipedia.org/wiki/BSD_license">BSD license</a>,
+which is very permissive and about as close to public domain as is possible. You can use or modify
 ESAPI however you want, even include it in commercial products.</p>
 
 <h2>References</h2>
diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java b/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java
index b8fc30ecb..c17109913 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java
@@ -15,20 +15,37 @@
  */
 package org.owasp.esapi.reference;
 
-import org.owasp.esapi.AccessReferenceMap;
-import org.owasp.esapi.errors.AccessControlException;
-
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeSet;
-import java.util.concurrent.ConcurrentHashMap;
+
+import org.owasp.esapi.AccessReferenceMap;
+import org.owasp.esapi.errors.AccessControlException;
 
 /**
- * Abstract Implementation of the AccessReferenceMap that is backed by ConcurrentHashMaps to
- * provide a thread-safe implementation of the AccessReferenceMap. Implementations of this
- * abstract class should implement the #getUniqueReference() method.
+ * Abstract Implementation of the AccessReferenceMap.
+ * <br>
+ * Implementation offers default synchronization on all public API
+ * to assist with thread safety.
+ * <br>
+ * For complex interactions spanning multiple calls, it is recommended
+ * to add a synchronized block around all invocations to maintain intended data integrity.
  *
+ * <pre>
+ * public MyClassUsingAARM {
+ *  private AbstractAccessReferenceMap<Object> aarm;
+ *
+ *  public void replaceAARMDirect(Object oldDirect, Object newDirect) {
+ *     synchronized (aarm) {
+ *        aarm.removeDirectReference(oldDirect);
+ *        aarm.addDirectReference(newDirect);
+ *     }
+ *  }
+ * }
+ * </pre>
  * @author  Chris Schmidt (chrisisbeef@gmail.com)
  * @since   July 21, 2009
  */
@@ -43,15 +60,15 @@ public abstract class AbstractAccessReferenceMap<K> implements AccessReferenceMa
 
    /**
     * Instantiates a new access reference map. Note that this will create the underlying Maps with an initialSize
-    * of {@link ConcurrentHashMap#DEFAULT_INITIAL_CAPACITY} and that resizing a Map is an expensive process. Consider
+    * of {@link HashMap#DEFAULT_INITIAL_CAPACITY} and that resizing a Map is an expensive process. Consider
     * using a constructor where the initialSize is passed in to maximize performance of the AccessReferenceMap.
     *
     * @see #AbstractAccessReferenceMap(java.util.Set, int)
     * @see #AbstractAccessReferenceMap(int)
     */
    public AbstractAccessReferenceMap() {
-      itod = new ConcurrentHashMap<K, Object>();
-      dtoi = new ConcurrentHashMap<Object,K>();
+      itod = new HashMap<K, Object>();
+      dtoi = new HashMap<Object,K>();
    }
 
    /**
@@ -62,8 +79,8 @@ public AbstractAccessReferenceMap() {
     *          The initial size of the underlying maps
     */
    public AbstractAccessReferenceMap( int initialSize ) {
-      itod = new ConcurrentHashMap<K, Object>(initialSize);
-      dtoi = new ConcurrentHashMap<Object,K>(initialSize);
+      itod = new HashMap<K, Object>(initialSize);
+      dtoi = new HashMap<Object,K>(initialSize);
    }
 
    /**
@@ -72,18 +89,18 @@ public AbstractAccessReferenceMap( int initialSize ) {
     * @param directReferences
     *            the direct references
     * @deprecated This constructor internally calls the abstract method
-    *	{@link #getUniqueReference()}. Since this is a constructor, any
-    *	subclass that implements getUniqueReference() has not had it's
-    *	own constructor run. This leads to strange bugs because subclass
-    *	internal state is initializaed after calls to getUniqueReference()
-    *	have already happened. If this constructor is desired in a
-    *	subclass, consider running {@link #update(Set)} in the subclass
-    *	constructor instead.
+    *    {@link #getUniqueReference()}. Since this is a constructor, any
+    *    subclass that implements getUniqueReference() has not had its
+    *    own constructor run. This leads to strange bugs because subclass
+    *    internal state is initialized after calls to getUniqueReference()
+    *    have already happened. If this constructor is desired in a
+    *    subclass, consider running {@link #update(Set)} in the subclass
+    *    constructor instead.
     */
    @Deprecated
    public AbstractAccessReferenceMap( Set<Object> directReferences ) {
-      itod = new ConcurrentHashMap<K, Object>(directReferences.size());
-      dtoi = new ConcurrentHashMap<Object,K>(directReferences.size());
+      itod = new HashMap<K, Object>(directReferences.size());
+      dtoi = new HashMap<Object,K>(directReferences.size());
       update(directReferences);
    }
 
@@ -91,7 +108,7 @@ public AbstractAccessReferenceMap( Set<Object> directReferences ) {
     * Instantiates a new access reference map with the specified size allotment
     * and initializes the map with the passed in references. Note that if you pass
     * in an initialSize that is less than the size of the passed in set, the map will
-    * need to be resized while it is being loaded with the references so it is
+    * need to be resized while it is being loaded with the references, so it is
     * best practice to verify that the size being passed in is always larger than
     * the size of the set that is being passed in.
     *
@@ -101,18 +118,18 @@ public AbstractAccessReferenceMap( Set<Object> directReferences ) {
     *          The initial size to set the map to.
     *
     * @deprecated This constructor internally calls the abstract method
-    *	{@link #getUniqueReference()}. Since this is a constructor, any
-    *	subclass that implements getUniqueReference() has not had it's
-    *	own constructor run. This leads to strange bugs because subclass
-    *	internal state is initializaed after calls to getUniqueReference()
-    *	have already happened. If this constructor is desired in a
-    *	subclass, consider running {@link #update(Set)} in the subclass
-    *	constructor instead.
+    *    {@link #getUniqueReference()}. Since this is a constructor, any
+    *    subclass that implements getUniqueReference() has not had its
+    *    own constructor run. This leads to strange bugs because subclass
+    *    internal state is initialized after calls to getUniqueReference()
+    *    have already happened. If this constructor is desired in a
+    *    subclass, consider running {@link #update(Set)} in the subclass
+    *    constructor instead.
     */
    @Deprecated
    public AbstractAccessReferenceMap( Set<Object> directReferences, int initialSize ) {
-      itod = new ConcurrentHashMap<K, Object>(initialSize);
-      dtoi = new ConcurrentHashMap<Object,K>(initialSize);
+      itod = new HashMap<K, Object>(initialSize);
+      dtoi = new HashMap<Object,K>(initialSize);
       update(directReferences);
    }
 
@@ -135,7 +152,7 @@ public synchronized Iterator iterator() {
    /**
    * {@inheritDoc}
    */
-   public <T> K addDirectReference(T direct) {
+   public synchronized <T> K addDirectReference(T direct) {
       if ( dtoi.keySet().contains( direct ) ) {
          return dtoi.get( direct );
       }
@@ -148,7 +165,7 @@ public <T> K addDirectReference(T direct) {
    /**
    * {@inheritDoc}
    */
-   public <T> K removeDirectReference(T direct) throws AccessControlException
+   public synchronized <T> K removeDirectReference(T direct) throws AccessControlException
    {
       K indirect = dtoi.get(direct);
       if ( indirect != null ) {
@@ -162,33 +179,52 @@ public <T> K removeDirectReference(T direct) throws AccessControlException
    * {@inheritDoc}
    */
    public final synchronized void update(Set directReferences) {
-      Map<Object,K> new_dtoi = new ConcurrentHashMap<Object,K>( directReferences.size() );
-      Map<K,Object> new_itod = new ConcurrentHashMap<K,Object>( directReferences.size() );
-
-      for ( Object o : directReferences ) {
-         K indirect = dtoi.get( o );
-
-         if ( indirect == null ) {
-            indirect = getUniqueReference();
-         }
-         new_dtoi.put( o, indirect );
-         new_itod.put( indirect, o );
-      }
-      dtoi = new_dtoi;
-      itod = new_itod;
+       Map<Object,K> new_dtoi = new HashMap<Object,K>( directReferences.size() );
+       Map<K,Object> new_itod = new HashMap<K,Object>( directReferences.size() );
+
+       Set<Object> newDirect = new HashSet<>(directReferences);
+       Set<Object> dtoiCurrent = new HashSet<>(dtoi.keySet());
+
+       //Preserve all keys that are in the new set
+       dtoiCurrent.retainAll(newDirect);
+
+       //Transfer existing values into the new map
+       for (Object current: dtoiCurrent) {
+           K idCurrent = dtoi.get(current);
+           new_dtoi.put(current, idCurrent);
+           new_itod.put(idCurrent, current);
+       }
+
+       //Trim the new map to only new values
+       newDirect.removeAll(dtoiCurrent);
+
+       //Add new values with new indirect keys to the new map
+       for (Object newD : newDirect) {
+           K idCurrent;
+           do {
+               idCurrent = getUniqueReference();
+               //Unlikey, but just in case we generate the exact same key multiple times...
+           } while (dtoi.containsValue(idCurrent));
+
+           new_dtoi.put(newD, idCurrent);
+           new_itod.put(idCurrent, newD);
+       }
+
+       dtoi = new_dtoi;
+       itod = new_itod;
    }
 
    /**
    * {@inheritDoc}
    */
-   public <T> K getIndirectReference(T directReference) {
+   public synchronized <T> K getIndirectReference(T directReference) {
       return dtoi.get(directReference);
    }
 
    /**
    * {@inheritDoc}
    */
-   public <T> T getDirectReference(K indirectReference) throws AccessControlException {
+   public synchronized <T> T getDirectReference(K indirectReference) throws AccessControlException {
       if (itod.containsKey(indirectReference) ) {
          try
          {
diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
index 4876da49d..9e3f7843b 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
@@ -1,297 +1,300 @@
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationCredentialsException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.AuthenticationLoginException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-/**
- * A partial implementation of the Authenticator interface.
- * This class should not implement any methods that would be meant
- * to modify a User object, since that's probably implementation specific.
- *
- */
-public abstract class AbstractAuthenticator implements org.owasp.esapi.Authenticator {
-
-	/**
-     * Key for user in session
-     */
-    protected static final String USER = "ESAPIUserSessionKey";
-    
-    private final Logger logger = ESAPI.getLogger("Authenticator");
-    
-    /**
-     * The currentUser ThreadLocal variable is used to make the currentUser available to any call in any part of an
-     * application. Otherwise, each thread would have to pass the User object through the calltree to any methods that
-     * need it. Because we want exceptions and log calls to contain user data, that could be almost anywhere. Therefore,
-     * the ThreadLocal approach simplifies things greatly. <P> As a possible extension, one could create a delegation
-     * framework by adding another ThreadLocal to hold the delegating user identity.
-     */
-    private final ThreadLocalUser currentUser = new ThreadLocalUser();
-
-    private class ThreadLocalUser extends InheritableThreadLocal<User> {
-
-        public User initialValue() {
-            return User.ANONYMOUS;
-        }
-
-        public User getUser() {
-            return super.get();
-        }
-
-        public void setUser(User newUser) {
-            super.set(newUser);
-        }
-    }
-    
-	/**
-	 *
-	 */
-	public AbstractAuthenticator() {
-		super();
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-    public void clearCurrent() {
-        // logger.logWarning(Logger.SECURITY, "************Clearing threadlocals. Thread" + Thread.currentThread().getName() );
-        currentUser.setUser(null);
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public boolean exists(String accountName) {
-        return getUser(accountName) != null;
-    }
-    
-    /**
-     * {@inheritDoc}
-     * <p/>
-     * Returns the currently logged user as set by the setCurrentUser() methods. Must not log in this method because the
-     * logger calls getCurrentUser() and this could cause a loop.
-     */
-    public User getCurrentUser() {
-        User user = currentUser.get();
-        if (user == null) {
-            user = User.ANONYMOUS;
-        }
-        return user;
-    }
-    
-    /**
-     * Gets the user from session.
-     *
-     * @return the user from session or null if no user is found in the session
-     */
-    protected User getUserFromSession() {
-        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
-        if (session == null) return null;
-        return ESAPI.httpUtilities().getSessionAttribute(USER);
-    }
-    
-    /**
-     * Returns the user if a matching remember token is found, or null if the token
-     * is missing, token is corrupt, token is expired, account name does not match
-     * and existing account, or hashed password does not match user's hashed password.
-     *
-     * @return the user if a matching remember token is found, or null if the token
-     *         is missing, token is corrupt, token is expired, account name does not match
-     *         and existing account, or hashed password does not match user's hashed password.
-     */
-    protected DefaultUser getUserFromRememberToken() {
-        try {
-            String token = ESAPI.httpUtilities().getCookie(ESAPI.currentRequest(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
-            if (token == null) return null;
-            
-            // See Google Issue 144 regarding first URLDecode the token and THEN unsealing.
-            // Note that this Google Issue was marked as "WontFix".
-
-            String[] data = ESAPI.encryptor().unseal(token).split("\\|");
-            if (data.length != 2) {
-                logger.warning(Logger.SECURITY_FAILURE, "Found corrupt or expired remember token");
-                ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
-                return null;
-            }
-
-            String username = data[0];
-            String password = data[1];
-            DefaultUser user = (DefaultUser) getUser(username);
-            if (user == null) {
-                logger.warning(Logger.SECURITY_FAILURE, "Found valid remember token but no user matching " + username);
-                return null;
-            }
-
-            logger.info(Logger.SECURITY_SUCCESS, "Logging in user with remember token: " + user.getAccountName());
-            user.loginWithPassword(password);
-            return user;
-        } catch (AuthenticationException ae) {
-            logger.warning(Logger.SECURITY_FAILURE, "Login via remember me cookie failed", ae);
-        } catch (EnterpriseSecurityException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Remember token was missing, corrupt, or expired");
-        }
-        ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
-        return null;
-    }
-    
-    /**
-     * Utility method to extract credentials and verify them.
-     *
-     * @param request The current HTTP request
-     * @return The user that successfully authenticated
-     * @throws AuthenticationException if the submitted credentials are invalid.
-     */
-    private User loginWithUsernameAndPassword(HttpServletRequest request) throws AuthenticationException {
-
-        String username = request.getParameter(ESAPI.securityConfiguration().getUsernameParameterName());
-        String password = request.getParameter(ESAPI.securityConfiguration().getPasswordParameterName());
-
-        // if a logged-in user is requesting to login, log them out first
-        User user = getCurrentUser();
-        if (user != null && !user.isAnonymous()) {
-            logger.warning(Logger.SECURITY_SUCCESS, "User requested relogin. Performing logout then authentication");
-            user.logout();
-        }
-
-        // now authenticate with username and password
-        if (username == null || password == null) {
-            if (username == null) {
-                username = "unspecified user";
-            }
-            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed for " + username + " because of null username or password");
-        }
-        user = getUser(username);
-        if (user == null) {
-            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed because user " + username + " doesn't exist");
-        }
-        user.loginWithPassword(password);
-
-        request.setAttribute(user.getCSRFToken(), "authenticated");
-        return user;
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public User login() throws AuthenticationException {
-        return login(ESAPI.currentRequest(), ESAPI.currentResponse());
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-
-        if (request == null || response == null) {
-            throw new AuthenticationCredentialsException("Invalid request", "Request or response objects were null");
-        }
-
-        // if there's a user in the session then use that
-        DefaultUser user = (DefaultUser) getUserFromSession();
-
-        // else if there's a remember token then use that
-        if (user == null) {
-            user = getUserFromRememberToken();
-        }
-
-        // else try to verify credentials - throws exception if login fails
-        if (user == null) {
-            user = (DefaultUser) loginWithUsernameAndPassword(request);
-        }
-
-        // set last host address
-        user.setLastHostAddress(request.getRemoteHost());
-
-        // warn if this authentication request was not POST or non-SSL connection, exposing credentials or session id
-        try {
-            ESAPI.httpUtilities().assertSecureRequest(ESAPI.currentRequest());
-        } catch (AccessControlException e) {
-            throw new AuthenticationException("Attempt to login with an insecure request", e.getLogMessage(), e);
-        }
-
-        // don't let anonymous user log in
-        if (user.isAnonymous()) {
-            user.logout();
-            throw new AuthenticationLoginException("Login failed", "Anonymous user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // don't let disabled users log in
-        if (!user.isEnabled()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Disabled user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // don't let locked users log in
-        if (user.isLocked()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Locked user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // don't let expired users log in
-        if (user.isExpired()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Expired user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // check session inactivity timeout
-        if (user.isSessionTimeout()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Session inactivity timeout: " + user.getAccountName());
-        }
-
-        // check session absolute timeout
-        if (user.isSessionAbsoluteTimeout()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Session absolute timeout: " + user.getAccountName());
-        }
-
-        //set Locale to the user object in the session from request
-        user.setLocale(request.getLocale());
-
-        // create new session for this User
-        HttpSession session = request.getSession();
-        user.addSession(session);
-        session.setAttribute(USER, user);
-        setCurrentUser(user);
-        return user;
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public void logout() {
-        User user = getCurrentUser();
-        if (user != null && !user.isAnonymous()) {
-            user.logout();
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public void setCurrentUser(User user) {
-        currentUser.setUser(user);
-    }
-
-}
+package org.owasp.esapi.reference;
+
+import java.util.Date;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationCredentialsException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.AuthenticationLoginException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+/**
+ * A partial implementation of the Authenticator interface.
+ * This class should not implement any methods that would be meant
+ * to modify a User object, since that's probably implementation specific.
+ *
+ */
+public abstract class AbstractAuthenticator implements org.owasp.esapi.Authenticator {
+
+    /**
+     * Key for user in session
+     */
+    protected static final String USER = "ESAPIUserSessionKey";
+
+    private final Logger logger = ESAPI.getLogger("Authenticator");
+
+    /**
+     * The currentUser ThreadLocal variable is used to make the currentUser available to any call in any part of an
+     * application. Otherwise, each thread would have to pass the User object through the calltree to any methods that
+     * need it. Because we want exceptions and log calls to contain user data, that could be almost anywhere. Therefore,
+     * the ThreadLocal approach simplifies things greatly. <P> As a possible extension, one could create a delegation
+     * framework by adding another ThreadLocal to hold the delegating user identity.
+     */
+    private final ThreadLocalUser currentUser = new ThreadLocalUser();
+
+    private class ThreadLocalUser extends InheritableThreadLocal<User> {
+
+        public User initialValue() {
+            return User.ANONYMOUS;
+        }
+
+        public User getUser() {
+            return super.get();
+        }
+
+        public void setUser(User newUser) {
+            super.set(newUser);
+        }
+    }
+
+    /**
+     *
+     */
+    public AbstractAuthenticator() {
+        super();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void clearCurrent() {
+        // logger.logWarning(Logger.SECURITY, "************Clearing threadlocals. Thread" + Thread.currentThread().getName() );
+        currentUser.setUser(null);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean exists(String accountName) {
+        return getUser(accountName) != null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p/>
+     * Returns the currently logged user as set by the setCurrentUser() methods. Must not log in this method because the
+     * logger calls getCurrentUser() and this could cause a loop.
+     */
+    public User getCurrentUser() {
+        User user = currentUser.get();
+        if (user == null) {
+            user = User.ANONYMOUS;
+        }
+        return user;
+    }
+
+    /**
+     * Gets the user from session.
+     *
+     * @return the user from session or null if no user is found in the session
+     */
+    protected User getUserFromSession() {
+        HTTPUtilities httpUtils = ESAPI.httpUtilities();
+        HttpServletRequest req = httpUtils.getCurrentRequest();
+        HttpSession session = req.getSession(false);
+        if (session == null) return null;
+        return ESAPI.httpUtilities().getSessionAttribute(USER);
+    }
+
+    /**
+     * Returns the user if a matching remember token is found, or null if the token
+     * is missing, token is corrupt, token is expired, account name does not match
+     * and existing account, or hashed password does not match user's hashed password.
+     *
+     * @return the user if a matching remember token is found, or null if the token
+     *         is missing, token is corrupt, token is expired, account name does not match
+     *         and existing account, or hashed password does not match user's hashed password.
+     */
+    protected DefaultUser getUserFromRememberToken() {
+        try {
+            HTTPUtilities utils =ESAPI.httpUtilities();
+            String token = utils.getCookie(ESAPI.currentRequest(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
+            if (token == null) return null;
+
+            // See Google Issue 144 regarding first URLDecode the token and THEN unsealing.
+            // Note that this Google Issue was marked as "WontFix".
+
+            String[] data = ESAPI.encryptor().unseal(token).split("\\|");
+            if (data.length != 2) {
+                logger.warning(Logger.SECURITY_FAILURE, "Found corrupt or expired remember token");
+                ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
+                return null;
+            }
+
+            String username = data[0];
+            String password = data[1];
+            DefaultUser user = (DefaultUser) getUser(username);
+            if (user == null) {
+                logger.warning(Logger.SECURITY_FAILURE, "Found valid remember token but no user matching " + username);
+                return null;
+            }
+
+            logger.info(Logger.SECURITY_SUCCESS, "Logging in user with remember token: " + user.getAccountName());
+            user.loginWithPassword(password);
+            return user;
+        } catch (AuthenticationException ae) {
+            logger.warning(Logger.SECURITY_FAILURE, "Login via remember me cookie failed", ae);
+        } catch (EnterpriseSecurityException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Remember token was missing, corrupt, or expired");
+        }
+        ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
+        return null;
+    }
+
+    /**
+     * Utility method to extract credentials and verify them.
+     *
+     * @param request The current HTTP request
+     * @return The user that successfully authenticated
+     * @throws AuthenticationException if the submitted credentials are invalid.
+     */
+    private User loginWithUsernameAndPassword(HttpServletRequest request) throws AuthenticationException {
+
+        String username = request.getParameter(ESAPI.securityConfiguration().getUsernameParameterName());
+        String password = request.getParameter(ESAPI.securityConfiguration().getPasswordParameterName());
+
+        // if a logged-in user is requesting to login, log them out first
+        User user = getCurrentUser();
+        if (user != null && !user.isAnonymous()) {
+            logger.warning(Logger.SECURITY_SUCCESS, "User requested relogin. Performing logout then authentication");
+            user.logout();
+        }
+
+        // now authenticate with username and password
+        if (username == null || password == null) {
+            if (username == null) {
+                username = "unspecified user";
+            }
+            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed for " + username + " because of null username or password");
+        }
+        user = getUser(username);
+        if (user == null) {
+            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed because user " + username + " doesn't exist");
+        }
+        user.loginWithPassword(password);
+
+        request.setAttribute(user.getCSRFToken(), "authenticated");
+        return user;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public User login() throws AuthenticationException {
+        return login(ESAPI.currentRequest(), ESAPI.currentResponse());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+
+        if (request == null || response == null) {
+            throw new AuthenticationCredentialsException("Invalid request", "Request or response objects were null");
+        }
+
+        // if there's a user in the session then use that
+        DefaultUser user = (DefaultUser) getUserFromSession();
+
+        // else if there's a remember token then use that
+        if (user == null) {
+            user = getUserFromRememberToken();
+        }
+
+        // else try to verify credentials - throws exception if login fails
+        if (user == null) {
+            user = (DefaultUser) loginWithUsernameAndPassword(request);
+        }
+
+        // set last host address
+        user.setLastHostAddress(request.getRemoteHost());
+
+        // warn if this authentication request was not POST or non-SSL connection, exposing credentials or session id
+        try {
+            ESAPI.httpUtilities().assertSecureRequest(ESAPI.currentRequest());
+        } catch (AccessControlException e) {
+            throw new AuthenticationException("Attempt to login with an insecure request", e.getLogMessage(), e);
+        }
+
+        // don't let anonymous user log in
+        if (user.isAnonymous()) {
+            user.logout();
+            throw new AuthenticationLoginException("Login failed", "Anonymous user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // don't let disabled users log in
+        if (!user.isEnabled()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Disabled user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // don't let locked users log in
+        if (user.isLocked()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Locked user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // don't let expired users log in
+        if (user.isExpired()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Expired user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // check session inactivity timeout
+        if (user.isSessionTimeout()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Session inactivity timeout: " + user.getAccountName());
+        }
+
+        // check session absolute timeout
+        if (user.isSessionAbsoluteTimeout()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Session absolute timeout: " + user.getAccountName());
+        }
+
+        //set Locale to the user object in the session from request
+        user.setLocale(request.getLocale());
+
+        // create new session for this User
+        HttpSession session = request.getSession();
+        user.addSession(session);
+        session.setAttribute(USER, user);
+        setCurrentUser(user);
+        return user;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void logout() {
+        User user = getCurrentUser();
+        if (user != null && !user.isAnonymous()) {
+            user.logout();
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setCurrentUser(User user) {
+        currentUser.setUser(user);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java b/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
index 3d51338c3..7f978ca37 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
@@ -1,146 +1,147 @@
-package org.owasp.esapi.reference;
-
-import java.util.Map;
-
-import org.owasp.esapi.AccessControlRule;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
-import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
-
-public class DefaultAccessController implements AccessController {
-	private Map ruleMap;
-
-    private static volatile AccessController singletonInstance = null;
-
-    public static AccessController getInstance() throws AccessControlException {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultAccessController.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultAccessController();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-	protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
-
-	private DefaultAccessController() throws AccessControlException {
-		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
-		PolicyDTO policyDTO = policyDescriptor.load();		
-		ruleMap = policyDTO.getAccessControlRules();
-	}
-
-    /**
-     * {@inheritDoc}
-     */
-	public boolean isAuthorized(Object key, Object runtimeParameter) {
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied",
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			return rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			try {
-				//Log the exception by throwing and then catching it.
-				//TODO figure out what which string goes where.		
-				throw new AccessControlException("Access Denied",
-					"An unhandled Exception was " +
-					"caught, so access is denied.",  
-					e);	
-			} catch(AccessControlException ace) {
-				//the exception was just logged. There's nothing left to do.
-			}
-			return false; //fail closed
-		}
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorized(Object key, Object runtimeParameter) throws AccessControlException {
-		boolean isAuthorized;
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied", 
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			isAuthorized = rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			//TODO figure out what which string goes where.		
-			throw new AccessControlException("Access Denied", "An unhandled Exception was " +
-					"caught, so access is denied." +
-					"AccessControlException.",
-					e);
-		}
-		if(!isAuthorized) {
-			throw new AccessControlException("Access Denied", 
-					"Access Denied for key: " + key + 
-					" runtimeParameter: " + runtimeParameter);
-		}
-	}
-	
-    /** {@inheritDoc} */
-	public void assertAuthorizedForData(String action, Object data)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-	/**
-     * {@inheritDoc}
-	 * @deprecated
-	 */
-	public void assertAuthorizedForFile(String filepath)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorizedForFunction(String functionName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorizedForService(String serviceName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorizedForURL(String url)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForData(String action, Object data) {
-		return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForFile(String filepath) {
-		return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForFunction(String functionName) {
-		return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForService(String serviceName) {
-		return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForURL(String url) {
-		return this.isAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-}
+package org.owasp.esapi.reference;
+
+import java.util.Map;
+
+import org.owasp.esapi.AccessControlRule;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
+import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
+
+public class DefaultAccessController implements AccessController {
+    private Map ruleMap;
+
+    private static volatile AccessController singletonInstance = null;
+
+    public static AccessController getInstance() throws AccessControlException {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultAccessController.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultAccessController();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
+
+    private DefaultAccessController() throws AccessControlException {
+        ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
+        PolicyDTO policyDTO = policyDescriptor.load();
+        ruleMap = policyDTO.getAccessControlRules();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isAuthorized(Object key, Object runtimeParameter) {
+        try {
+            AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+            if(rule == null) {
+                throw new AccessControlException("Access Denied",
+                        "AccessControlRule was not found for key: " + key);
+            }
+            if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+            return rule.isAuthorized(runtimeParameter);
+        } catch(Exception e) {
+            try {
+                //Log the exception by throwing and then catching it.
+                //TODO figure out what which string goes where.
+                throw new AccessControlException("Access Denied",
+                    "An unhandled Exception was " +
+                    "caught, so access is denied.",
+                    e);
+            } catch(AccessControlException ace) {
+                //the exception was just logged. There's nothing left to do.
+            }
+            return false; //fail closed
+        }
+    }
+
+    /** {@inheritDoc} */
+    public void assertAuthorized(Object key, Object runtimeParameter) throws AccessControlException {
+        boolean isAuthorized;
+        try {
+            AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+            if(rule == null) {
+                throw new AccessControlException("Access Denied",
+                        "AccessControlRule was not found for key: " + key);
+            }
+            if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+            isAuthorized = rule.isAuthorized(runtimeParameter);
+        } catch(Exception e) {
+            //TODO figure out what which string goes where.
+            throw new AccessControlException("Access Denied", "An unhandled Exception was " +
+                    "caught, so access is denied." +
+                    "AccessControlException.",
+                    e);
+        }
+        if(!isAuthorized) {
+            throw new AccessControlException("Access Denied",
+                    "Access Denied for key: " + key +
+                    " runtimeParameter: " + runtimeParameter);
+        }
+    }
+
+    /** {@inheritDoc} */
+    public void assertAuthorizedForData(String action, Object data)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+    @Deprecated
+    public void assertAuthorizedForFile(String filepath)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
+    }
+
+    /** {@inheritDoc} */
+    public void assertAuthorizedForFunction(String functionName)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
+    }
+
+    /** {@inheritDoc} */
+    public void assertAuthorizedForService(String serviceName)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
+    }
+
+    /** {@inheritDoc} */
+    public void assertAuthorizedForURL(String url)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 URL", new Object[] {url});
+    }
+
+    /** {@inheritDoc} */
+    public boolean isAuthorizedForData(String action, Object data) {
+        return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
+    }
+
+    /** {@inheritDoc} */
+    public boolean isAuthorizedForFile(String filepath) {
+        return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
+    }
+
+    /** {@inheritDoc} */
+    public boolean isAuthorizedForFunction(String functionName) {
+        return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
+    }
+
+    /** {@inheritDoc} */
+    public boolean isAuthorizedForService(String serviceName) {
+        return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
+    }
+
+    /** {@inheritDoc} */
+    public boolean isAuthorizedForURL(String url) {
+        return this.isAuthorized("AC 1.0 URL", new Object[] {url});
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 4fadcf0f9..2b87e0d34 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -1,448 +1,764 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.codecs.Base64;
-import org.owasp.esapi.codecs.CSSCodec;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.HTMLEntityCodec;
-import org.owasp.esapi.codecs.JavaScriptCodec;
-import org.owasp.esapi.codecs.PercentCodec;
-import org.owasp.esapi.codecs.VBScriptCodec;
-import org.owasp.esapi.codecs.XMLEntityCodec;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.IntrusionException;
-
-
-/**
- * Reference implementation of the Encoder interface. This implementation takes
- * a whitelist approach to encoding, meaning that everything not specifically identified in a
- * list of "immune" characters is encoded.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class DefaultEncoder implements Encoder {
-
-    private static volatile Encoder singletonInstance;
-
-    public static Encoder getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultEncoder.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultEncoder();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-	// Codecs
-	private List codecs = new ArrayList();
-	private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
-	private XMLEntityCodec xmlCodec = new XMLEntityCodec();
-	private PercentCodec percentCodec = new PercentCodec();
-	private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
-	private VBScriptCodec vbScriptCodec = new VBScriptCodec();
-	private CSSCodec cssCodec = new CSSCodec();
-
-	private final Logger logger = ESAPI.getLogger("Encoder");
-	
-	/**
-	 *  Character sets that define characters (in addition to alphanumerics) that are
-	 * immune from encoding in various formats
-	 */
-	private final static char[]     IMMUNE_HTML = { ',', '.', '-', '_', ' ' };
-	private final static char[] IMMUNE_HTMLATTR = { ',', '.', '-', '_' };
-	private final static char[] IMMUNE_CSS = {};
-	private final static char[] IMMUNE_JAVASCRIPT = { ',', '.', '_' };
-	private final static char[] IMMUNE_VBSCRIPT = { ',', '.', '_' };
-	private final static char[] IMMUNE_XML = { ',', '.', '-', '_', ' ' };
-	private final static char[] IMMUNE_SQL = { ' ' };
-	private final static char[] IMMUNE_OS = { '-' };
-	private final static char[] IMMUNE_XMLATTR = { ',', '.', '-', '_' };
-	private final static char[] IMMUNE_XPATH = { ',', '.', '-', '_', ' ' };
-	
-	
-	/**
-	 * Instantiates a new DefaultEncoder
-	 */
-	private DefaultEncoder() {
-		codecs.add( htmlCodec );
-		codecs.add( percentCodec );
-		codecs.add( javaScriptCodec );
-	}
-	
-	public DefaultEncoder( List<String> codecNames ) {
-		for ( String clazz : codecNames ) {
-			try {
-				if ( clazz.indexOf( '.' ) == -1 ) clazz = "org.owasp.esapi.codecs." + clazz;
-				codecs.add( Class.forName( clazz ).newInstance() );
-			} catch ( Exception e ) {
-				logger.warning( Logger.EVENT_FAILURE, "Codec " + clazz + " listed in ESAPI.properties not on classpath" );
-			}
-		}
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String canonicalize( String input ) {
-		if ( input == null ) {
-			return null;
-		}
-
-        // Issue 231 - These are reverse boolean logic in the Encoder interface, so we need to invert these values - CS
-		return canonicalize(input, 
-							!ESAPI.securityConfiguration().getAllowMultipleEncoding(),
-							!ESAPI.securityConfiguration().getAllowMixedEncoding() );
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String canonicalize( String input, boolean strict) {
-		return canonicalize(input, strict, strict);
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String canonicalize( String input, boolean restrictMultiple, boolean restrictMixed ) {
-		if ( input == null ) {
-			return null;
-		}
-		
-        String working = input;
-        Codec codecFound = null;
-        int mixedCount = 1;
-        int foundCount = 0;
-        boolean clean = false;
-        while( !clean ) {
-            clean = true;
-            
-            // try each codec and keep track of which ones work
-            Iterator i = codecs.iterator();
-            while ( i.hasNext() ) {
-                Codec codec = (Codec)i.next();
-                String old = working;
-                working = codec.decode( working );
-                if ( !old.equals( working ) ) {
-                    if ( codecFound != null && codecFound != codec ) {
-                        mixedCount++;
-                    }
-                    codecFound = codec;
-                    if ( clean ) {
-                        foundCount++;
-                    }
-                    clean = false;
-                }
-            }
-        }
-        
-        // do strict tests and handle if any mixed, multiple, nested encoding were found
-        if ( foundCount >= 2 && mixedCount > 1 ) {
-            if ( restrictMultiple || restrictMixed ) {
-                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
-            } else {
-                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
-            }
-        }
-        else if ( foundCount >= 2 ) {
-            if ( restrictMultiple ) {
-                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) encoding detected in " + input );
-            } else {
-                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) encoding detected in " + input );
-            }
-        }
-        else if ( mixedCount > 1 ) {
-            if ( restrictMixed ) {
-                throw new IntrusionException( "Input validation failure", "Mixed encoding ("+ mixedCount +"x) detected in " + input );
-            } else {
-                logger.warning( Logger.SECURITY_FAILURE, "Mixed encoding ("+ mixedCount +"x) detected in " + input );
-            }
-        }
-        return working;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForHTML(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return htmlCodec.encode( IMMUNE_HTML, input);	    
-	 }
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String decodeForHTML(String input) {
-		
-		if( input == null ) {
-	    	return null;
-	    }
-	    return htmlCodec.decode( input);	 
-    }
-	 
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForHTMLAttribute(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return htmlCodec.encode( IMMUNE_HTMLATTR, input);
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForCSS(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return cssCodec.encode( IMMUNE_CSS, input);
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForJavaScript(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return javaScriptCodec.encode(IMMUNE_JAVASCRIPT, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForVBScript(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return vbScriptCodec.encode(IMMUNE_VBSCRIPT, input);	    
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForSQL(Codec codec, String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return codec.encode(IMMUNE_SQL, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForOS(Codec codec, String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return codec.encode( IMMUNE_OS, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForLDAP(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-		// TODO: replace with LDAP codec
-	    StringBuilder sb = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			switch (c) {
-			case '\\':
-				sb.append("\\5c");
-				break;
-			case '*':
-				sb.append("\\2a");
-				break;
-			case '(':
-				sb.append("\\28");
-				break;
-			case ')':
-				sb.append("\\29");
-				break;
-			case '\0':
-				sb.append("\\00");
-				break;
-			default:
-				sb.append(c);
-			}
-		}
-		return sb.toString();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForDN(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-		// TODO: replace with DN codec
-	    StringBuilder sb = new StringBuilder();
-		if ((input.length() > 0) && ((input.charAt(0) == ' ') || (input.charAt(0) == '#'))) {
-			sb.append('\\'); // add the leading backslash if needed
-		}
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			switch (c) {
-			case '\\':
-				sb.append("\\\\");
-				break;
-			case ',':
-				sb.append("\\,");
-				break;
-			case '+':
-				sb.append("\\+");
-				break;
-			case '"':
-				sb.append("\\\"");
-				break;
-			case '<':
-				sb.append("\\<");
-				break;
-			case '>':
-				sb.append("\\>");
-				break;
-			case ';':
-				sb.append("\\;");
-				break;
-			default:
-				sb.append(c);
-			}
-		}
-		// add the trailing backslash if needed
-		if ((input.length() > 1) && (input.charAt(input.length() - 1) == ' ')) {
-			sb.insert(sb.length() - 1, '\\');
-		}
-		return sb.toString();
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForXPath(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return htmlCodec.encode( IMMUNE_XPATH, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForXML(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return xmlCodec.encode( IMMUNE_XML, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForXMLAttribute(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return xmlCodec.encode( IMMUNE_XMLATTR, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForURL(String input) throws EncodingException {
-		if ( input == null ) {
-			return null;
-		}
-		try {
-			return URLEncoder.encode(input, ESAPI.securityConfiguration().getCharacterEncoding());
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncodingException("Encoding failure", "Character encoding not supported", ex);
-		} catch (Exception e) {
-			throw new EncodingException("Encoding failure", "Problem URL encoding input", e);
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String decodeFromURL(String input) throws EncodingException {
-		if ( input == null ) {
-			return null;
-		}
-		String canonical = canonicalize(input);
-		try {
-			return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getCharacterEncoding());
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncodingException("Decoding failed", "Character encoding not supported", ex);
-		} catch (Exception e) {
-			throw new EncodingException("Decoding failed", "Problem URL decoding input", e);
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForBase64(byte[] input, boolean wrap) {
-		if ( input == null ) {
-			return null;
-		}
-		int options = 0;
-		if ( !wrap ) {
-			options |= Base64.DONT_BREAK_LINES;
-		}
-		return Base64.encodeBytes(input, options);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public byte[] decodeFromBase64(String input) throws IOException {
-		if ( input == null ) {
-			return null;
-		}
-		return Base64.decode( input );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.EnumMap;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.codecs.Base64;
+import org.owasp.esapi.codecs.CSSCodec;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.codecs.JavaScriptCodec;
+import org.owasp.esapi.codecs.PercentCodec;
+import org.owasp.esapi.codecs.VBScriptCodec;
+import org.owasp.esapi.codecs.XMLEntityCodec;
+import org.owasp.esapi.codecs.JSONCodec;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.errors.NotConfiguredByDefaultException;
+
+import static org.owasp.esapi.PropNames.ACCEPTED_UNSAFE_METHOD_NAMES;
+import static  org.owasp.esapi.PropNames.ACCEPTED_UNSAFE_METHODS_JUSTIFICATION;
+
+
+/**
+ * Reference implementation of the Encoder interface. This implementation takes
+ * a whitelist approach to encoding, meaning that everything not specifically identified in a
+ * list of "immune" characters is encoded.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class DefaultEncoder implements Encoder {
+
+    private static volatile Encoder singletonInstance;
+
+    public static Encoder getInstance() {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultEncoder.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultEncoder();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    // Codecs
+    private List codecs = new ArrayList();
+    private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
+    private XMLEntityCodec xmlCodec = new XMLEntityCodec();
+    private PercentCodec percentCodec = new PercentCodec();
+    private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
+    private VBScriptCodec vbScriptCodec = new VBScriptCodec();
+    private CSSCodec cssCodec = new CSSCodec();
+    private JSONCodec jsonCodec = new JSONCodec();
+
+    private final Logger logger = ESAPI.getLogger("Encoder");
+
+    /**
+     *  Character sets that define characters (in addition to alphanumerics) that are
+     * immune from encoding in various formats
+     */
+    private final static char[] IMMUNE_HTML = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_HTMLATTR = { ',', '.', '-', '_' };
+    private final static char[] IMMUNE_CSS = { '#' };
+    private final static char[] IMMUNE_JAVASCRIPT = { ',', '.', '_' };
+    private final static char[] IMMUNE_VBSCRIPT = { ',', '.', '_' };
+    private final static char[] IMMUNE_XML = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_SQL = { ' ' };
+    private final static char[] IMMUNE_OS = { '-' };
+    private final static char[] IMMUNE_XMLATTR = { ',', '.', '-', '_' };
+    private final static char[] IMMUNE_XPATH = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_JSON = { };
+
+
+    /**
+     * Instantiates a new {@code DefaultEncoder} based on the property {@code Encoder.DefaultCodecList}
+     * from the {@code ESAPI.properties} file.
+     */
+    private DefaultEncoder() {
+        this( ESAPI.securityConfiguration().getDefaultCanonicalizationCodecs() );
+    }
+
+    /**
+     * Instantiates a new {@code DefaultEncoder} based on the specified list of
+     * codec names. Unqualified codec names are assumed to belong to the package
+     * "org.owasp.esapi.codecs".
+     */
+    public DefaultEncoder( List<String> codecNames ) {
+        for ( String clazz : codecNames ) {
+            try {
+                if ( clazz.indexOf( '.' ) == -1 ) clazz = "org.owasp.esapi.codecs." + clazz;
+                codecs.add( Class.forName( clazz ).newInstance() );
+            } catch ( Exception e ) {
+                logger.warning( Logger.EVENT_FAILURE, "Codec " + clazz + " listed in ESAPI.properties not on classpath" );
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String canonicalize( String input ) {
+        if ( input == null ) {
+            return null;
+        }
+
+        // Issue 231 - These are reverse boolean logic in the Encoder interface, so we need to invert these values - CS
+        return canonicalize(input,
+                            !ESAPI.securityConfiguration().getAllowMultipleEncoding(),
+                            !ESAPI.securityConfiguration().getAllowMixedEncoding() );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String canonicalize( String input, boolean strict) {
+        return canonicalize(input, strict, strict);
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String canonicalize( String input, boolean restrictMultiple, boolean restrictMixed ) {
+        if ( input == null ) {
+            return null;
+        }
+
+        String working = input;
+        Codec codecFound = null;
+        int mixedCount = 1;
+        int foundCount = 0;
+        boolean clean = false;
+        while( !clean ) {
+            clean = true;
+
+            // try each codec and keep track of which ones work
+            Iterator i = codecs.iterator();
+            while ( i.hasNext() ) {
+                Codec codec = (Codec)i.next();
+                String old = working;
+                working = codec.decode( working );
+                if ( !old.equals( working ) ) {
+                    if ( codecFound != null && codecFound != codec ) {
+                        mixedCount++;
+                    }
+                    codecFound = codec;
+                    if ( clean ) {
+                        foundCount++;
+                    }
+                    clean = false;
+                }
+            }
+        }
+
+        // do strict tests and handle if any mixed, multiple, nested encoding were found
+        if ( foundCount >= 2 && mixedCount > 1 ) {
+            if ( restrictMultiple || restrictMixed ) {
+                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
+            } else {
+                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
+            }
+        }
+        else if ( foundCount >= 2 ) {
+            if ( restrictMultiple ) {
+                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) encoding detected in " + input );
+            } else {
+                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) encoding detected in " + input );
+            }
+        }
+        else if ( mixedCount > 1 ) {
+            if ( restrictMixed ) {
+                throw new IntrusionException( "Input validation failure", "Mixed encoding ("+ mixedCount +"x) detected in " + input );
+            } else {
+                logger.warning( Logger.SECURITY_FAILURE, "Mixed encoding ("+ mixedCount +"x) detected in " + input );
+            }
+        }
+        return working;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForHTML(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return htmlCodec.encode( IMMUNE_HTML, input);
+     }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String decodeForHTML(String input) {
+
+        if( input == null ) {
+            return null;
+        }
+        return htmlCodec.decode( input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForHTMLAttribute(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return htmlCodec.encode( IMMUNE_HTMLATTR, input);
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForCSS(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return cssCodec.encode( IMMUNE_CSS, input);
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForJavaScript(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return javaScriptCodec.encode(IMMUNE_JAVASCRIPT, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForVBScript(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return vbScriptCodec.encode(IMMUNE_VBSCRIPT, input);
+    }
+
+    ///////////////////////////////////////////////////////////////////////
+    // TODO - Move this method to some utility class (where?) when we
+    //        are ready to use it on other methods than just encodeForSQL.
+    //
+    //        At that time, also move the method ESAPI.isMethodExplicityEnabled
+    //        to the same utility class.
+    /**
+     * Utility class to throw {@code NotConfiguredByDefaultException} if the
+     * specified method name is not enabled by default.
+     *
+     * @param fullyQualifiedMethodName is the method name that we are checkig if
+     *                                 enabled in ESAPI.properties.
+     * @param customAuditMsg is a audit message to log and use in exceptions. If
+     *                       this value passed in is {@code null} or the string
+     *                       "&lt;default&gt;", then a canned message is used to
+     *                       compose the error message.
+     * @param seeAlso is a string that provides additional reference for context
+     *                such as a CVE ID, GHAS Security Advisory, or ESAPI Security Bulletin.
+     * @throws NotConfiguredByDefaultException if the specified method name is
+     *                not listed in the property <b>ESAPI.dangerouslyAllowUnsafeMethods.methodNames</b>
+     *                in the <b>ESAPI.properties</b> file.
+     */
+    private void ensureDangerousMethodExplicitlyEnabled(String fullyQualifiedMethodName,
+                                                        String customAuditMsg,
+                                                        String seeAlso) {
+
+        String auditMsg = null;
+        if ( customAuditMsg == null || customAuditMsg.equalsIgnoreCase("<default>") ) {
+            // Special case. Compose an audit message from a canned template.
+            // TODO: Null / empty check for 'seeAlso'.
+            auditMsg = "SIEM ALERT: Method '" + fullyQualifiedMethodName + "' has been invoked despite having credible " +
+                       "security concerns; for additional details, see " + seeAlso + ".";
+        } else {
+            auditMsg = customAuditMsg;  // Use the custom audit message
+        }
+ 
+        if ( ! ESAPI.isMethodExplicityEnabled( fullyQualifiedMethodName ) ) {
+            throw new NotConfiguredByDefaultException( "Method not explicitly enabled in property " +
+                                                        ACCEPTED_UNSAFE_METHOD_NAMES + "; " + auditMsg );
+        } else {
+            String justification = null;
+            try {
+                // This throws a ConfigurationException (rather than returning null if
+                // the property name is not found so we need to handle that.
+                justification = ESAPI.securityConfiguration().getStringProp( ACCEPTED_UNSAFE_METHODS_JUSTIFICATION );
+            } catch ( ConfigurationException cex ) {
+                logger.debug( Logger.EVENT_FAILURE, "Property " + ACCEPTED_UNSAFE_METHODS_JUSTIFICATION + " not found.");
+                justification = "None";
+            }
+
+            if ( justification == null || justification.trim().isEmpty() ) {
+                justification = "None";
+            }
+            logger.warning( Logger.SECURITY_FAILURE, auditMsg + " Provided justification: " + justification );
+        }
+        return;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * @deprecated  This method is considered dangerous and not easily made safe and thus under strong
+     *              consideration to be removed within 1 years time after the 2.7.0.0 release. Please
+     *              see the referenced ESAPI Security Bulletin #13 for further details.
+     */
+    @Deprecated
+    public String encodeForSQL(Codec codec, String input) {
+
+        // This will throw if this method is not explicitly enabled in ESAPI.properties.
+        ensureDangerousMethodExplicitlyEnabled( DefaultEncoder.class.getName() + ".encodeForSQL",
+                                                "<default>",
+                                                "see CVE-2025-5878 and ESAPI Security Bulletin #13 for details" );
+
+        if( input == null ) {
+            return null;
+        }
+        return codec.encode(IMMUNE_SQL, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForOS(Codec codec, String input) {
+        if( input == null ) {
+            return null;
+        }
+        return codec.encode( IMMUNE_OS, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForLDAP(String input) {
+        return encodeForLDAP(input, true);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForLDAP(String input, boolean encodeWildcards) {
+        if( input == null ) {
+            return null;
+        }
+        // TODO: replace with LDAP codec
+        StringBuilder sb = new StringBuilder();
+        // According to Microsoft docs [1,2], the forward slash ('/') MUST be escaped.
+        // According to RFC 4515 Section 3 [3], the forward slash (and other characters) MAY be escaped.
+        // Since Microsoft is a MUST, escape forward slash for all implementations. Also see discussion at [4].
+        // Characters above 0x7F are converted to UTF-8 and then hex encoded in the default case.
+        // [1] https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax
+        // [2] https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx
+        // [3] https://tools.ietf.org/search/rfc4515#section-3
+        // [4] https://lists.openldap.org/hyperkitty/list/openldap-technical@openldap.org/thread/3QPDDLO356ONSJM3JUKD7NMPOOIKIQ5T/
+        for (int i = 0; i < input.length(); i++) {
+            char c = input.charAt(i);
+            switch (c) {
+                case '\\':
+                    sb.append("\\5c");
+                    break;
+                case '/':
+                    sb.append("\\2f");
+                    break;
+                case '*':
+                    if (encodeWildcards) {
+                        sb.append("\\2a");
+                    }
+                    else {
+                        sb.append(c);
+                    }
+
+                    break;
+                case '(':
+                    sb.append("\\28");
+                    break;
+                case ')':
+                    sb.append("\\29");
+                    break;
+                case '\0':
+                    sb.append("\\00");
+                    break;
+                default:
+                    if (c >= 0x80) {
+                        try {
+                            final byte[] u = String.valueOf(c).getBytes("UTF-8");
+                            for (byte b : u) {
+                                sb.append(String.format("\\%02x", b));
+                            }
+                        } catch (UnsupportedEncodingException ex) {
+                            // UTF-8 is always supported
+                        }
+                    } else {
+                        sb.append(c);
+                    }
+            }
+        }
+        return sb.toString();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForDN(String input) {
+        if( input == null ) {
+            return null;
+        }
+        // TODO: replace with DN codec
+        StringBuilder sb = new StringBuilder();
+        if ((input.length() > 0) && ((input.charAt(0) == ' ') || (input.charAt(0) == '#'))) {
+            sb.append('\\'); // add the leading backslash if needed
+        }
+        // See discussion of forward slash ('/') in encodeForLDAP()
+        for (int i = 0; i < input.length(); i++) {
+            char c = input.charAt(i);
+            switch (c) {
+            case '\0':
+                sb.append("\\00");
+                break;
+            case '\\':
+                sb.append("\\\\");
+                break;
+            case '/':
+                sb.append("\\/");
+                break;
+            case ',':
+                sb.append("\\,");
+                break;
+            case '+':
+                sb.append("\\+");
+                break;
+            case '"':
+                sb.append("\\\"");
+                break;
+            case '<':
+                sb.append("\\<");
+                break;
+            case '>':
+                sb.append("\\>");
+                break;
+            case ';':
+                sb.append("\\;");
+                break;
+            default:
+                if (c >= 0x80) {
+                    try {
+                        final byte[] u = String.valueOf(c).getBytes("UTF-8");
+                        for (byte b : u) {
+                            sb.append(String.format("\\%02x", b));
+                        }
+                    } catch (UnsupportedEncodingException ex) {
+                        // UTF-8 is always supported
+                    }
+                } else {
+                    sb.append(c);
+                }
+            }
+        }
+        // add the trailing backslash if needed
+        if ((input.length() > 1) && (input.charAt(input.length() - 1) == ' ')) {
+            sb.insert(sb.length() - 1, '\\');
+        }
+        return sb.toString();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForXPath(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return htmlCodec.encode( IMMUNE_XPATH, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForXML(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return xmlCodec.encode( IMMUNE_XML, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForXMLAttribute(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return xmlCodec.encode( IMMUNE_XMLATTR, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForURL(String input) throws EncodingException {
+        if ( input == null ) {
+            return null;
+        }
+        try {
+            return URLEncoder.encode(input, ESAPI.securityConfiguration().getCharacterEncoding());
+        } catch (UnsupportedEncodingException ex) {
+            throw new EncodingException("Encoding failure", "Character encoding not supported", ex);
+        } catch (Exception e) {
+            throw new EncodingException("Encoding failure", "Problem URL encoding input", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String decodeFromURL(String input) throws EncodingException {
+        if ( input == null ) {
+            return null;
+        }
+        String canonical = canonicalize(input);
+        try {
+            return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getCharacterEncoding());
+        } catch (UnsupportedEncodingException ex) {
+            throw new EncodingException("Decoding failed", "Character encoding not supported", ex);
+        } catch (Exception e) {
+            throw new EncodingException("Decoding failed", "Problem URL decoding input", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForBase64(byte[] input, boolean wrap) {
+        if ( input == null ) {
+            return null;
+        }
+        int options = 0;
+        if ( !wrap ) {
+            options |= Base64.DONT_BREAK_LINES;
+        }
+        return Base64.encodeBytes(input, options);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public byte[] decodeFromBase64(String input) throws IOException {
+        if ( input == null ) {
+            return null;
+        }
+        return Base64.decode( input );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * This will extract each piece of a URI according to parse zone as specified in <a href="https://www.ietf.org/rfc/rfc3986.txt">RFC-3986</a> section 3,
+     * and it will construct a canonicalized String representing a version of the URI that is safe to
+     * run regex against.
+	 * 
+	 * NOTE:  This method will obey the ESAPI.properties configurations for allowing
+	 * Mixed and Multiple Encoding URLs.  
+     *
+     * @param dirtyUri
+     * @return Canonicalized URI string.
+     * @throws IntrusionException
+     */
+    public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
+
+//        From RFC-3986 section 3
+//          URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+//
+//                  hier-part   = "//" authority path-abempty
+//                              / path-absolute
+//                              / path-rootless
+//                              / path-empty
+
+//           The following are two example URIs and their component parts:
+//
+//                 foo://example.com:8042/over/there?name=ferret#nose
+//                 \_/   \______________/\_________/ \_________/ \__/
+//                  |           |            |            |        |
+//               scheme     authority       path        query   fragment
+//                  |   _____________________|__
+//                 / \ /                        \
+//                 urn:example:animal:ferret:nose
+        Map<UriSegment, String> parseMap = new EnumMap<UriSegment, String>(UriSegment.class);
+        parseMap.put(UriSegment.SCHEME, dirtyUri.getScheme());
+        //authority   = [ userinfo "@" ] host [ ":" port ]
+        parseMap.put(UriSegment.AUTHORITY, dirtyUri.getRawAuthority());
+        parseMap.put(UriSegment.HOST, dirtyUri.getHost());
+        //if port is undefined, it will return -1
+        Integer port = new Integer(dirtyUri.getPort());
+        parseMap.put(UriSegment.PORT, port == -1 ? "": port.toString());
+        parseMap.put(UriSegment.PATH, dirtyUri.getRawPath());
+        parseMap.put(UriSegment.QUERY, dirtyUri.getRawQuery());
+        parseMap.put(UriSegment.FRAGMENT, dirtyUri.getRawFragment());
+
+        //Replace all the items in the map with canonicalized versions.
+
+        Set<UriSegment> set = parseMap.keySet();
+
+        SecurityConfiguration sg = ESAPI.securityConfiguration();
+        boolean allowMixed = sg.getBooleanProp("Encoder.AllowMixedEncoding");
+        boolean allowMultiple = sg.getBooleanProp("Encoder.AllowMultipleEncoding");
+        for(UriSegment seg: set){
+        	String value = "";
+            //In the case of a uri query, we need to break up and canonicalize the internal parts of the query.
+            if(seg == UriSegment.QUERY && null != parseMap.get(seg)){
+                StringBuilder qBuilder = new StringBuilder();
+                try {
+                    Map<String, List<String>> canonicalizedMap = this.splitQuery(dirtyUri);
+                    Set<Entry<String, List<String>>> query = canonicalizedMap.entrySet();
+                    Iterator<Entry<String, List<String>>> i = query.iterator();
+                    while(i.hasNext()){
+                        Entry<String, List<String>> e = i.next();
+                        String key = e.getKey();
+                        String qVal = "";
+                        List<String> list = e.getValue();
+                        if(!list.isEmpty()){
+                            qVal = list.get(0);
+                        }
+                        qBuilder.append(key)
+                        .append("=")
+                        .append(qVal);
+
+                        if(i.hasNext()){
+                            qBuilder.append("&");
+                        }
+                    }
+                    value = qBuilder.toString();
+                } catch (UnsupportedEncodingException e) {
+                    logger.debug(Logger.EVENT_FAILURE, "decoding error when parsing [" + dirtyUri.toString() + "]");
+                }
+            } else {
+            	String extractedInput = parseMap.get(seg);
+                value = canonicalize(extractedInput, allowMultiple, allowMixed);
+                value = value == null ? "" : value;
+            }
+            //Check if the port is -1, if it is, omit it from the output.
+            if(seg == UriSegment.PORT){
+                if("-1" == parseMap.get(seg)){
+                    value = "";
+                }
+            }
+            parseMap.put(seg, value );
+        }
+
+        return buildUrl(parseMap);
+    }
+
+    /**
+     * All the parts should be canonicalized by this point.  This is straightforward assembly.
+     *
+     * @param parseMap The parts of the URL to put back together.
+     * @return The canonicalized URL.
+     */
+    protected String buildUrl(Map<UriSegment, String> parseMap){
+        StringBuilder sb = new StringBuilder();
+        boolean schemePresent = parseMap.get(UriSegment.SCHEME).equals("") ? false : true;
+        
+        if(schemePresent) {
+        	sb.append(parseMap.get(UriSegment.SCHEME))
+        	.append("://");
+        }
+        
+        //can't use SCHEMESPECIFICPART for this, because we need to canonicalize all the parts of the query.
+        //USERINFO is also deprecated.  So we technically have more than we need.
+        sb.append(parseMap.get(UriSegment.AUTHORITY) == null || parseMap.get(UriSegment.AUTHORITY).equals("") ? "" : parseMap.get(UriSegment.AUTHORITY))
+        .append(parseMap.get(UriSegment.PATH) == null || parseMap.get(UriSegment.PATH).equals("") ? ""  : parseMap.get(UriSegment.PATH))
+        .append(parseMap.get(UriSegment.QUERY) == null || parseMap.get(UriSegment.QUERY).equals("")
+                ? "" : "?" + parseMap.get(UriSegment.QUERY))
+        .append((parseMap.get(UriSegment.FRAGMENT) == null) || parseMap.get(UriSegment.FRAGMENT).equals("")
+                ? "": "#" + parseMap.get(UriSegment.FRAGMENT))
+        ;
+        return sb.toString();
+    }
+
+    public enum UriSegment {
+        AUTHORITY, SCHEME, SCHEMSPECIFICPART, USERINFO, HOST, PORT, PATH, QUERY, FRAGMENT
+    }
+
+
+    /**
+     * The meat of this method was taken from StackOverflow:  http://stackoverflow.com/a/13592567/557153
+     * It has been modified to return a canonicalized key and value pairing.
+     *
+     * @param uri The URI to analyze.
+     * @return a map of canonicalized query parameters.
+     * @throws UnsupportedEncodingException
+     */
+    public Map<String, List<String>> splitQuery(URI uri) throws UnsupportedEncodingException {
+      final Map<String, List<String>> query_pairs = new LinkedHashMap<String, List<String>>();
+      final String[] pairs = uri.getQuery().split("&");
+      for (String pair : pairs) {
+        final int idx = pair.indexOf("=");
+        final String key = idx > 0 ? canonicalize(pair.substring(0, idx)) : pair;
+        if (!query_pairs.containsKey(key)) {
+          query_pairs.put(key, new LinkedList<String>());
+        }
+        final String value = idx > 0 && pair.length() > idx + 1 ? URLDecoder.decode(pair.substring(idx + 1), "UTF-8") : null;
+        query_pairs.get(key).add(canonicalize(value));
+      }
+      return query_pairs;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeForJSON(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return jsonCodec.encode(IMMUNE_JSON, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String decodeFromJSON(String input) {
+        if( input == null ) {
+            return null;
+        }
+        return jsonCodec.decode(input);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
index 9f4976591..619e633ec 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
@@ -1,234 +1,234 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.util.List;
-import java.util.Map;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.ExecuteResult;
-import org.owasp.esapi.Executor;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.UnixCodec;
-import org.owasp.esapi.codecs.WindowsCodec;
-import org.owasp.esapi.errors.ExecutorException;
-
-/**
- * Reference implementation of the Executor interface. This implementation is very restrictive. Commands must exactly
- * equal the canonical path to an executable on the system. 
- * 
- * <p>Valid characters for parameters are codec dependent, but will usually only include alphanumeric, forward-slash, and dash.</p>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Executor
- */
-public class DefaultExecutor implements org.owasp.esapi.Executor {
-    private static volatile Executor singletonInstance;
-
-    public static Executor getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultExecutor.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultExecutor();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    /** The logger. */
-    private final Logger logger = ESAPI.getLogger("Executor");
-    private Codec codec = null;
-    //private final int MAX_SYSTEM_COMMAND_LENGTH = 2500;
-    
-
-    /**
-     * Instantiate a new Executor
-     */
-    private DefaultExecutor() {
-		if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
-			logger.warning( Logger.SECURITY_SUCCESS, "Using WindowsCodec for Executor. If this is not running on Windows this could allow injection" );
-			codec = new WindowsCodec();
-		} else {
-			logger.warning( Logger.SECURITY_SUCCESS, "Using UnixCodec for Executor. If this is not running on Unix this could allow injection" );
-			codec = new UnixCodec();
-		}
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException {
-    	File workdir = ESAPI.securityConfiguration().getWorkingDirectory();
-    	boolean logParams = false;
-    	boolean redirectErrorStream = false;
-    	return executeSystemCommand( executable, params, workdir, codec, logParams, redirectErrorStream );
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * The reference implementation sets the work directory, escapes the parameters as per the Codec in use,
-     * and then executes the command without using concatenation. The exact, absolute, canonical path of each
-     * executable must be listed as an approved executable in the ESAPI properties. The executable must also
-     * exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if
-     * you are going to invoke this interface with confidential information.
-     */
-    public ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream ) throws ExecutorException {
-        try {
-            // executable must exist
-            if (!executable.exists()) {
-                throw new ExecutorException("Execution failure", "No such executable: " + executable);
-            }
-            
-            // executable must use canonical path
-            if ( !executable.isAbsolute() ) {
-                throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-absolute path: " + executable);
-            }
-            
-            // executable must use canonical path
-            if ( !executable.getPath().equals( executable.getCanonicalPath() ) ) {
-            	throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-canonical path: " + executable);
-        	}
-            
-            // exact, absolute, canonical path to executable must be listed in ESAPI configuration 
-            List approved = ESAPI.securityConfiguration().getAllowedExecutables();
-            if (!approved.contains(executable.getPath())) {
-                throw new ExecutorException("Execution failure", "Attempt to invoke executable that is not listed as an approved executable in ESAPI configuration: " + executable.getPath() + " not listed in " + approved );
-            }
-
-            // escape any special characters in the parameters
-            for ( int i = 0; i < params.size(); i++ ) {
-            	String param = (String)params.get(i);
-            	params.set( i, ESAPI.encoder().encodeForOS(codec, param));
-            }
-            
-            // working directory must exist
-            if (!workdir.exists()) {
-                throw new ExecutorException("Execution failure", "No such working directory for running executable: " + workdir.getPath());
-            }
-            
-            // set the command into the list and create command array
-            params.add(0, executable.getCanonicalPath());
-
-            // Legacy - this is how to implement in Java 1.4
-            // String[] command = (String[])params.toArray( new String[0] );
-            // Process process = Runtime.getRuntime().exec(command, new String[0], workdir);
-            
-            // The following is host to implement in Java 1.5+
-            ProcessBuilder pb = new ProcessBuilder(params);
-            Map env = pb.environment();
-            env.clear();  // Security check - clear environment variables!
-            pb.directory(workdir);
-            pb.redirectErrorStream(redirectErrorStream);
-
-            if ( logParams ) {
-            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " " + params + " in " + workdir);
-            } else {
-            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " [sensitive parameters obscured] in " + workdir);
-            }
-
-            final StringBuilder outputBuffer = new StringBuilder();
-            final StringBuilder errorsBuffer = new StringBuilder();
-            final Process process = pb.start();
-            try {
-                ReadThread errorReader;
-                if (!redirectErrorStream) {
-                	errorReader = new ReadThread(process.getErrorStream(), errorsBuffer);
-                	errorReader.start();
-                } else {
-                	errorReader = null;
-                }
-            	readStream( process.getInputStream(), outputBuffer );
-            	if (errorReader != null) {
-            		errorReader.join();
-            		if (errorReader.exception != null) {
-            			throw errorReader.exception;
-            		}
-            	}
-            	process.waitFor();
-            } catch (Throwable e) {
-            	process.destroy();
-            	throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
-            }
-
-            String output = outputBuffer.toString();
-            String errors = errorsBuffer.toString();
-            int exitValue = process.exitValue();
-            if ( errors != null && errors.length() > 0 ) {
-            	String logErrors = errors;
-            	final int MAX_LEN = 256;
-            	if (logErrors.length() > MAX_LEN) {
-            		logErrors = logErrors.substring(0, MAX_LEN) + "(truncated at "+MAX_LEN+" characters)";
-            	}
-            	logger.warning( Logger.SECURITY_SUCCESS, "Error during system command: " + logErrors );
-            }
-            if ( exitValue != 0 ) {
-            	logger.warning( Logger.EVENT_FAILURE, "System command exited with non-zero status: " + exitValue );
-            }
-
-            logger.warning(Logger.SECURITY_SUCCESS, "System command complete");
-            return new ExecuteResult(exitValue, output, errors);
-        } catch (IOException e) {
-            throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * readStream reads lines from an input stream and returns all of them in a single string
-     * 
-     * @param is
-     * 			input stream to read from
-     * @throws IOException
-     */
-    private static void readStream( InputStream is, StringBuilder sb ) throws IOException {
-	    InputStreamReader isr = new InputStreamReader(is);
-	    BufferedReader br = new BufferedReader(isr);
-	    String line;
-	    while ((line = br.readLine()) != null) {
-	        sb.append(line).append('\n');
-	    }
-    }
-    
-    private static class ReadThread extends Thread {
-    	volatile IOException exception;
-    	private final InputStream stream;
-    	private final StringBuilder buffer;
-
-    	ReadThread(InputStream stream, StringBuilder buffer) {
-    		this.stream = stream;
-    		this.buffer = buffer;
-    	}
-
-    	@Override
-		public void run() {
-    		try {
-    			readStream(stream, buffer);
-    		} catch (IOException e) {
-    			exception = e;
-    		}
-    	}
-
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.List;
+import java.util.Map;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.ExecuteResult;
+import org.owasp.esapi.Executor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.UnixCodec;
+import org.owasp.esapi.codecs.WindowsCodec;
+import org.owasp.esapi.errors.ExecutorException;
+
+/**
+ * Reference implementation of the Executor interface. This implementation is very restrictive. Commands must exactly
+ * equal the canonical path to an executable on the system.
+ *
+ * <p>Valid characters for parameters are codec dependent, but will usually only include alphanumeric, forward-slash, and dash.</p>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Executor
+ */
+public class DefaultExecutor implements org.owasp.esapi.Executor {
+    private static volatile Executor singletonInstance;
+
+    public static Executor getInstance() {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultExecutor.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultExecutor();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger("Executor");
+    private Codec codec = null;
+    //private final int MAX_SYSTEM_COMMAND_LENGTH = 2500;
+
+
+    /**
+     * Instantiate a new Executor
+     */
+    private DefaultExecutor() {
+        if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
+            logger.warning( Logger.SECURITY_SUCCESS, "Using WindowsCodec for Executor. If this is not running on Windows this could allow injection" );
+            codec = new WindowsCodec();
+        } else {
+            logger.warning( Logger.SECURITY_SUCCESS, "Using UnixCodec for Executor. If this is not running on Unix this could allow injection" );
+            codec = new UnixCodec();
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException {
+        File workdir = ESAPI.securityConfiguration().getWorkingDirectory();
+        boolean logParams = false;
+        boolean redirectErrorStream = false;
+        return executeSystemCommand( executable, params, workdir, codec, logParams, redirectErrorStream );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * The reference implementation sets the work directory, escapes the parameters as per the Codec in use,
+     * and then executes the command without using concatenation. The exact, absolute, canonical path of each
+     * executable must be listed as an approved executable in the ESAPI properties. The executable must also
+     * exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if
+     * you are going to invoke this interface with confidential information.
+     */
+    public ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream ) throws ExecutorException {
+        try {
+            // executable must exist
+            if (!executable.exists()) {
+                throw new ExecutorException("Execution failure", "No such executable: " + executable);
+            }
+
+            // executable must use canonical path
+            if ( !executable.isAbsolute() ) {
+                throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-absolute path: " + executable);
+            }
+
+            // executable must use canonical path
+            if ( !executable.getPath().equals( executable.getCanonicalPath() ) ) {
+                throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-canonical path: " + executable);
+            }
+
+            // exact, absolute, canonical path to executable must be listed in ESAPI configuration
+            List approved = ESAPI.securityConfiguration().getAllowedExecutables();
+            if (!approved.contains(executable.getPath())) {
+                throw new ExecutorException("Execution failure", "Attempt to invoke executable that is not listed as an approved executable in ESAPI configuration: " + executable.getPath() + " not listed in " + approved );
+            }
+
+            // escape any special characters in the parameters
+            for ( int i = 0; i < params.size(); i++ ) {
+                String param = (String)params.get(i);
+                params.set( i, ESAPI.encoder().encodeForOS(codec, param));
+            }
+
+            // working directory must exist
+            if (!workdir.exists()) {
+                throw new ExecutorException("Execution failure", "No such working directory for running executable: " + workdir.getPath());
+            }
+
+            // set the command into the list and create command array
+            params.add(0, executable.getCanonicalPath());
+
+            // Legacy - this is how to implement in Java 1.4
+            // String[] command = (String[])params.toArray( new String[0] );
+            // Process process = Runtime.getRuntime().exec(command, new String[0], workdir);
+
+            // The following is host to implement in Java 1.5+
+            ProcessBuilder pb = new ProcessBuilder(params);
+            Map env = pb.environment();
+            env.clear();  // Security check - clear environment variables!
+            pb.directory(workdir);
+            pb.redirectErrorStream(redirectErrorStream);
+
+            if ( logParams ) {
+                logger.debug(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " " + params + " in " + workdir);
+            } else {
+                logger.debug(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " [sensitive parameters obscured] in " + workdir);
+            }
+
+            final StringBuilder outputBuffer = new StringBuilder();
+            final StringBuilder errorsBuffer = new StringBuilder();
+            final Process process = pb.start();
+            try {
+                ReadThread errorReader;
+                if (!redirectErrorStream) {
+                    errorReader = new ReadThread(process.getErrorStream(), errorsBuffer);
+                    errorReader.start();
+                } else {
+                    errorReader = null;
+                }
+                readStream( process.getInputStream(), outputBuffer );
+                if (errorReader != null) {
+                    errorReader.join();
+                    if (errorReader.exception != null) {
+                        throw errorReader.exception;
+                    }
+                }
+                process.waitFor();
+            } catch (Throwable e) {
+                process.destroy();
+                throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
+            }
+
+            String output = outputBuffer.toString();
+            String errors = errorsBuffer.toString();
+            int exitValue = process.exitValue();
+            if ( errors != null && errors.length() > 0 ) {
+                String logErrors = errors;
+                final int MAX_LEN = 256;
+                if (logErrors.length() > MAX_LEN) {
+                    logErrors = logErrors.substring(0, MAX_LEN) + "(truncated at "+MAX_LEN+" characters)";
+                }
+                logger.warning( Logger.SECURITY_SUCCESS, "Error during system command: " + logErrors );
+            }
+            if ( exitValue != 0 ) {
+                logger.warning( Logger.EVENT_FAILURE, "System command exited with non-zero status: " + exitValue );
+            }
+
+            logger.debug(Logger.SECURITY_SUCCESS, "System command complete");
+            return new ExecuteResult(exitValue, output, errors);
+        } catch (IOException e) {
+            throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * readStream reads lines from an input stream and returns all of them in a single string
+     *
+     * @param is
+     *             input stream to read from
+     * @throws IOException
+     */
+    private static void readStream( InputStream is, StringBuilder sb ) throws IOException {
+        InputStreamReader isr = new InputStreamReader(is);
+        BufferedReader br = new BufferedReader(isr);
+        String line;
+        while ((line = br.readLine()) != null) {
+            sb.append(line).append('\n');
+        }
+    }
+
+    private static class ReadThread extends Thread {
+        volatile IOException exception;
+        private final InputStream stream;
+        private final StringBuilder buffer;
+
+        ReadThread(InputStream stream, StringBuilder buffer) {
+            this.stream = stream;
+            this.buffer = buffer;
+        }
+
+        @Override
+        public void run() {
+            try {
+                readStream(stream, buffer);
+            } catch (IOException e) {
+                exception = e;
+            }
+        }
+
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index dc99d76b3..2dabec23c 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -1,1022 +1,1179 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.ProgressListener;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.owasp.esapi.*;
-import org.owasp.esapi.codecs.Hex;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.*;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.*;
-import java.util.concurrent.ConcurrentHashMap;
-
-/**
- * Reference implementation of the HTTPUtilities interface. This implementation
- * uses the Apache Commons FileUploader library, which in turn uses the Apache
- * Commons IO library.
- * <P>
- * To simplify the interface, some methods use the current request and response that
- * are tracked by ThreadLocal variables in the Authenticator. This means that you
- * must have called ESAPI.authenticator().setCurrentHTTP(request, response) before
- * calling these methods.
- * <P>
- * Typically, this is done by calling the Authenticator.login() method, which
- * calls setCurrentHTTP() automatically. However if you want to use these methods
- * in another application, you should explicitly call setCurrentHTTP() in your
- * own code. In either case, you *must* call ESAPI.clearCurrent() to clear threadlocal
- * variables before the thread is reused. The advantages of having identity everywhere
- * outweigh the disadvantages of this approach.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.HTTPUtilities
- */
-public class DefaultHTTPUtilities implements org.owasp.esapi.HTTPUtilities {
-    private static volatile HTTPUtilities instance = null;
-
-    public static HTTPUtilities getInstance() {
-        if ( instance == null ) {
-            synchronized ( DefaultHTTPUtilities.class ) {
-                if ( instance == null ) {
-                    instance = new DefaultHTTPUtilities();
-                }
-            }
-        }
-        return instance;
-    }
-
-	/**
-     * Defines the ThreadLocalRequest to store the current request for this thread.
-     */
-    private class ThreadLocalRequest extends InheritableThreadLocal<HttpServletRequest> {
-
-        public HttpServletRequest getRequest() {
-            return super.get();
-        }
-
-        public HttpServletRequest initialValue() {
-        	return null;
-        }
-
-        public void setRequest(HttpServletRequest newRequest) {
-            super.set(newRequest);
-        }
-    }
-
-	/**
-     * Defines the ThreadLocalResponse to store the current response for this thread.
-     */
-    private class ThreadLocalResponse extends InheritableThreadLocal<HttpServletResponse> {
-
-        public HttpServletResponse getResponse() {
-            return super.get();
-        }
-
-        public HttpServletResponse initialValue() {
-        	return null;
-        }
-
-        public void setResponse(HttpServletResponse newResponse) {
-            super.set(newResponse);
-        }
-    }
-
-    /** The logger. */
-	private final Logger logger = ESAPI.getLogger("HTTPUtilities");
-
-    /** The max bytes. */
-	static final int maxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
-
-
-    /*
-     * The currentRequest ThreadLocal variable is used to make the currentRequest available to any call in any part of an
-     * application. This enables API's for actions that require the request to be much simpler. For example, the logout()
-     * method in the Authenticator class requires the currentRequest to get the session in order to invalidate it.
-     */
-    private ThreadLocalRequest currentRequest = new ThreadLocalRequest();
-
-	/*
-     * The currentResponse ThreadLocal variable is used to make the currentResponse available to any call in any part of an
-     * application. This enables API's for actions that require the response to be much simpler. For example, the logout()
-     * method in the Authenticator class requires the currentResponse to kill the Session ID cookie.
-     */
-    private ThreadLocalResponse currentResponse = new ThreadLocalResponse();
-
-
-
-	/**
-     * No arg constructor.
-     */
-    public DefaultHTTPUtilities() {
-	}
-
-
-	/**
-	 * {@inheritDoc}
-     * This implementation uses a custom "set-cookie" header rather than Java's
-     * cookie interface which doesn't allow the use of HttpOnly. Configure the
-     * HttpOnly and Secure settings in ESAPI.properties.
-	 */
-	public void addCookie( Cookie cookie ) {
-		addCookie( getCurrentResponse(), cookie );
-    }
-
-    /**
-	 * {@inheritDoc}
-     * This implementation uses a custom "set-cookie" header rather than Java's
-     * cookie interface which doesn't allow the use of HttpOnly. Configure the
-     * HttpOnly and Secure settings in ESAPI.properties.
-	 */
-    public void addCookie(HttpServletResponse response, Cookie cookie) {
-        String name = cookie.getName();
-        String value = cookie.getValue();
-        int maxAge = cookie.getMaxAge();
-        String domain = cookie.getDomain();
-        String path = cookie.getPath();
-        boolean secure = cookie.getSecure();
-
-        // validate the name and value
-        ValidationErrorList errors = new ValidationErrorList();
-        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
-        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", 5000, false, errors);
-
-        // if there are no errors, then set the cookie either with a header or normally
-        if (errors.size() == 0) {
-        	if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
-	            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
-	            addHeader(response, "Set-Cookie", header);
-        	} else {
-                // Issue 23 - If the ESAPI Configuration is set to force secure cookies, force the secure flag on the cookie before setting it
-                cookie.setSecure( secure || ESAPI.securityConfiguration().getForceSecureCookies() );
-        		response.addCookie(cookie);
-        	}
-            return;
-        }
-        logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
-    }
-
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String addCSRFToken(String href) {
-		User user = ESAPI.authenticator().getCurrentUser();
-		if (user.isAnonymous()) {
-			return href;
-		}
-
-		// if there are already parameters append with &, otherwise append with ?
-		String token = CSRF_TOKEN_NAME + "=" + user.getCSRFToken();
-		return href.indexOf( '?') != -1 ? href + "&" + token : href + "?" + token;
-	}
-
-    /**
-	 * {@inheritDoc}
-     */
-    public void addHeader(String name, String value) {
-    	addHeader( getCurrentResponse(), name, value );
-    }
-
-    /**
-	 * {@inheritDoc}
-     */
-    public void addHeader(HttpServletResponse response, String name, String value) {
-        try {
-            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
-            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", 500, false);
-            response.addHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
-        }
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertSecureChannel() throws AccessControlException {
-    	assertSecureChannel( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * This implementation ignores the built-in isSecure() method
-	 * and uses the URL to determine if the request was transmitted over SSL.
-	 * This is because SSL may have been terminated somewhere outside the
-	 * container.
-	 */
-	public void assertSecureChannel(HttpServletRequest request) throws AccessControlException {
-	    if ( request == null ) {
-	    	throw new AccessControlException( "Insecure request received", "HTTP request was null" );
-	    }
-	    StringBuffer sb = request.getRequestURL();
-	    if ( sb == null ) {
-	    	throw new AccessControlException( "Insecure request received", "HTTP request URL was null" );
-	    }
-	    String url = sb.toString();
-	    if ( !url.startsWith( "https" ) ) {
-	    	throw new AccessControlException( "Insecure request received", "HTTP request did not use SSL" );
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertSecureRequest() throws AccessControlException {
-    	assertSecureRequest( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     */
-	public void assertSecureRequest(HttpServletRequest request) throws AccessControlException {
-		assertSecureChannel( request );
-		String receivedMethod = request.getMethod();
-		String requiredMethod = "POST";
-		if ( !receivedMethod.equals( requiredMethod ) ) {
-			throw new AccessControlException( "Insecure request received", "Received request using " + receivedMethod + " when only " + requiredMethod + " is allowed" );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public HttpSession changeSessionIdentifier() throws AuthenticationException {
-    	return changeSessionIdentifier( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     */
-	public HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException {
-
-		// get the current session
-		HttpSession oldSession = request.getSession();
-
-		// make a copy of the session content
-		Map<String,Object> temp = new ConcurrentHashMap<String,Object>();
-		Enumeration e = oldSession.getAttributeNames();
-		while (e != null && e.hasMoreElements()) {
-			String name = (String) e.nextElement();
-			Object value = oldSession.getAttribute(name);
-			temp.put(name, value);
-		}
-
-		// kill the old session and create a new one
-		oldSession.invalidate();
-		HttpSession newSession = request.getSession();
-		User user = ESAPI.authenticator().getCurrentUser();
-		user.addSession( newSession );
-		user.removeSession( oldSession );
-
-		// copy back the session content
-      for (Map.Entry<String, Object> stringObjectEntry : temp.entrySet())
-      {
-         newSession.setAttribute(stringObjectEntry.getKey(), stringObjectEntry.getValue());
-		}
-		return newSession;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void clearCurrent() {
-		currentRequest.set(null);
-		currentResponse.set(null);
-	}
-
-	private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
-        // create the special cookie header instead of creating a Java cookie
-        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
-        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly]
-        String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
-        if (domain != null) {
-            header += "; Domain=" + domain;
-        }
-        if (path != null) {
-            header += "; Path=" + path;
-        }
-        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
-            header += "; Secure";
-        }
-        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
-            header += "; HttpOnly";
-        }
-        return header;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String decryptHiddenField(String encrypted) {
-    	try {
-    		return decryptString(encrypted);
-    	} catch( EncryptionException e ) {
-    		throw new IntrusionException("Invalid request","Tampering detected. Hidden field data did not decrypt properly.", e);
-    	}
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Map<String,String> decryptQueryString(String encrypted) throws EncryptionException {
-        String plaintext = decryptString(encrypted);
-		return queryToMap(plaintext);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Map<String,String> decryptStateFromCookie() throws EncryptionException {
-		return decryptStateFromCookie( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param request
-     */
-    public Map<String,String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException {
-    	try {
-    		String encrypted = getCookie( request, ESAPI_STATE );
-    		if ( encrypted == null ) return new HashMap<String,String>();
-    		String plaintext = decryptString(encrypted);
-    		return queryToMap( plaintext );
-    	} catch( ValidationException e ) {
-        	return null;
-    	}
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encryptHiddenField(String value) throws EncryptionException {
-    	return encryptString(value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encryptQueryString(String query) throws EncryptionException {
-	    return encryptString(query);
-	}
-
-	/**
-	 * {@inheritDoc}
-     */
-    public void encryptStateInCookie(HttpServletResponse response, Map<String,String> cleartext) throws EncryptionException {
-    	StringBuilder sb = new StringBuilder();
-    	Iterator i = cleartext.entrySet().iterator();
-    	while ( i.hasNext() ) {
-    		try {
-	    		Map.Entry entry = (Map.Entry)i.next();
-	    		
-	    		    // What do these need to be URL encoded? They are encrypted!
-	    		String name = ESAPI.encoder().encodeForURL( entry.getKey().toString() );
-	    		String value = ESAPI.encoder().encodeForURL( entry.getValue().toString() );
-             sb.append(name).append("=").append(value);
-	    		if ( i.hasNext() ) sb.append( "&" );
-    		} catch( EncodingException e ) {
-    			logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry", e );
-    		}
-    	}
-
-		String encrypted = encryptString(sb.toString());
-
-		if ( encrypted.length() > (MAX_COOKIE_LEN ) ) {
-			logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry");
-			throw new EncryptionException("Encryption failure", "Encrypted cookie state of " + encrypted.length() + " longer than allowed " + MAX_COOKIE_LEN );
-		}
-
-    	Cookie cookie = new Cookie( ESAPI_STATE, encrypted );
-    	addCookie( response, cookie );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void encryptStateInCookie( Map<String,String> cleartext ) throws EncryptionException {
-		encryptStateInCookie( getCurrentResponse(), cleartext );
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getCookie( HttpServletRequest request, String name ) throws ValidationException {
-        Cookie c = getFirstCookie( request, name );
-        if ( c == null ) return null;
-		String value = c.getValue();
-		return ESAPI.validator().getValidInput("HTTP cookie value: " + value, value, "HTTPCookieValue", 1000, false);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public String getCookie( String name ) throws ValidationException {
-    	return getCookie( getCurrentRequest(), name );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getCSRFToken() {
-		User user = ESAPI.authenticator().getCurrentUser();
-		if (user == null) return null;
-		return user.getCSRFToken();
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public HttpServletRequest getCurrentRequest() {
-    	return currentRequest.getRequest();
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public HttpServletResponse getCurrentResponse() {
-        return currentResponse.getResponse();
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public List<File> getFileUploads() throws ValidationException {
-    	return getFileUploads( getCurrentRequest(), ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions() );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public List<File> getFileUploads(HttpServletRequest request) throws ValidationException {
-    	return getFileUploads(request, ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions());
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public List<File> getFileUploads(HttpServletRequest request, File finalDir ) throws ValidationException {
-    	return getFileUploads(request, finalDir, ESAPI.securityConfiguration().getAllowedFileExtensions());
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public List<File> getFileUploads(HttpServletRequest request, File finalDir, List allowedExtensions) throws ValidationException {
-        File tempDir = ESAPI.securityConfiguration().getUploadTempDirectory();
-		if ( !tempDir.exists() ) {
-		    if ( !tempDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create temp directory: " + tempDir.getAbsolutePath() );
-		}
-
-		if( finalDir != null){
-			if ( !finalDir.exists() ) {
-				if ( !finalDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + finalDir.getAbsolutePath() );
-			}
-		}
-		else {
-			if ( !ESAPI.securityConfiguration().getUploadDirectory().exists()) {
-				if ( !ESAPI.securityConfiguration().getUploadDirectory().mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + ESAPI.securityConfiguration().getUploadDirectory().getAbsolutePath() );
-			}
-			finalDir = ESAPI.securityConfiguration().getUploadDirectory();
-		}
-
-		List<File> newFiles = new ArrayList<File>();
-		try {
-			final HttpSession session = request.getSession(false);
-			if (!ServletFileUpload.isMultipartContent(request)) {
-				throw new ValidationUploadException("Upload failed", "Not a multipart request");
-			}
-
-			// this factory will store ALL files in the temp directory,
-			// regardless of size
-			DiskFileItemFactory factory = new DiskFileItemFactory(0, tempDir);
-			ServletFileUpload upload = new ServletFileUpload(factory);
-			upload.setSizeMax(maxBytes);
-
-			// Create a progress listener
-			ProgressListener progressListener = new ProgressListener() {
-				private long megaBytes = -1;
-				private long progress = 0;
-
-				public void update(long pBytesRead, long pContentLength, int pItems) {
-					if (pItems == 0)
-						return;
-					long mBytes = pBytesRead / 1000000;
-					if (megaBytes == mBytes)
-						return;
-					megaBytes = mBytes;
-					progress = (long) (((double) pBytesRead / (double) pContentLength) * 100);
-					if ( session != null ) {
-					    session.setAttribute("progress", Long.toString(progress));
-					}
-					// logger.logSuccess(Logger.SECURITY, "   Item " + pItems + " (" + progress + "% of " + pContentLength + " bytes]");
-				}
-			};
-			upload.setProgressListener(progressListener);
-
-			List<FileItem> items = upload.parseRequest(request);
-         for (FileItem item : items)
-         {
-            if (!item.isFormField() && item.getName() != null && !(item.getName().equals("")))
-            {
-					String[] fparts = item.getName().split("[\\/\\\\]");
-					String filename = fparts[fparts.length - 1];
-
-               if (!ESAPI.validator().isValidFileName("upload", filename, allowedExtensions, false))
-               {
-						throw new ValidationUploadException("Upload only simple filenames with the following extensions " + allowedExtensions, "Upload failed isValidFileName check");
-					}
-
-					logger.info(Logger.SECURITY_SUCCESS, "File upload requested: " + filename);
-					File f = new File(finalDir, filename);
-               if (f.exists())
-               {
-						String[] parts = filename.split("\\/.");
-						String extension = "";
-                  if (parts.length > 1)
-                  {
-							extension = parts[parts.length - 1];
-						}
-						String filenm = filename.substring(0, filename.length() - extension.length());
-						f = File.createTempFile(filenm, "." + extension, finalDir);
-					}
-					item.write(f);
-               newFiles.add(f);
-					// delete temporary file
-					item.delete();
-					logger.fatal(Logger.SECURITY_SUCCESS, "File successfully uploaded: " + f);
-               if (session != null)
-               {
-					    session.setAttribute("progress", Long.toString(0));
-					}
-				}
-			}
-		} catch (Exception e) {
-			if (e instanceof ValidationUploadException) {
-				throw (ValidationException)e;
-			}
-			throw new ValidationUploadException("Upload failure", "Problem during upload:" + e.getMessage(), e);
-		}
-		return Collections.synchronizedList(newFiles);
-	}
-
-
-
-	/**
-     * Utility to return the first cookie matching the provided name.
-     * @param request
-     * @param name
-     */
-	private Cookie getFirstCookie(HttpServletRequest request, String name) {
-		Cookie[] cookies = request.getCookies();
-		if (cookies != null) {
-         for (Cookie cookie : cookies)
-         {
-            if (cookie.getName().equals(name))
-            {
-					return cookie;
-				}
-			}
-		}
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getHeader( HttpServletRequest request, String name ) throws ValidationException {
-        String value = request.getHeader(name);
-        return ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 150, false);
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public String getHeader( String name ) throws ValidationException {
-    	return getHeader( getCurrentRequest(), name );
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public String getParameter( HttpServletRequest request, String name ) throws ValidationException {
-	    String value = request.getParameter(name);
-	    return ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public String getParameter( String name ) throws ValidationException {
-    	return getParameter( getCurrentRequest(), name );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void killAllCookies() {
-    	killAllCookies( getCurrentRequest(), getCurrentResponse() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param request
-     * @param response
-     */
-	public void killAllCookies(HttpServletRequest request, HttpServletResponse response) {
-		Cookie[] cookies = request.getCookies();
-		if (cookies != null) {
-         for (Cookie cookie : cookies)
-         {
-				killCookie(request, response, cookie.getName());
-			}
-		}
-	}
-
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param request
-     * @param response
-     * @param name
-     */
-	public void killCookie(HttpServletRequest request, HttpServletResponse response, String name) {
-		String path = "//";
-		String domain="";
-		Cookie cookie = getFirstCookie(request, name);
-		if ( cookie != null ) {
-			path = cookie.getPath();
-			domain = cookie.getDomain();
-		}
-		Cookie deleter = new Cookie( name, "deleted" );
-		deleter.setMaxAge( 0 );
-		if ( domain != null ) deleter.setDomain( domain );
-		if ( path != null ) deleter.setPath( path );
-		response.addCookie( deleter );
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void killCookie( String name ) {
-    	killCookie( getCurrentRequest(), getCurrentResponse(), name );
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void logHTTPRequest() {
-    	logHTTPRequest( getCurrentRequest(), logger, null );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void logHTTPRequest(HttpServletRequest request, Logger logger) {
-    	logHTTPRequest( request, logger, null );
-    }
-
-		/**
-		 * Formats an HTTP request into a log suitable string. This implementation logs the remote host IP address (or
-		 * hostname if available), the request method (GET/POST), the URL, and all the querystring and form parameters. All
-		 * the parameters are presented as though they were in the URL even if they were in a form. Any parameters that
-		 * match items in the parameterNamesToObfuscate are shown as eight asterisks.
-		 *
-		 *
-		 * @param request
-		 */
-		public void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate) {
-			StringBuilder params = new StringBuilder();
-		    Iterator i = request.getParameterMap().keySet().iterator();
-		    while (i.hasNext()) {
-		        String key = (String) i.next();
-		        String[] value = (String[]) request.getParameterMap().get(key);
-		        for (int j = 0; j < value.length; j++) {
-                 params.append(key).append("=");
-		            if (parameterNamesToObfuscate != null && parameterNamesToObfuscate.contains(key)) {
-		                params.append("********");
-		            } else {
-		                params.append(value[j]);
-		            }
-		            if (j < value.length - 1) {
-		                params.append("&");
-		            }
-		        }
-		        if (i.hasNext())
-		            params.append("&");
-		    }
-		    Cookie[] cookies = request.getCookies();
-		    if ( cookies != null ) {
-             for (Cookie cooky : cookies)
-             {
-                if (!cooky.getName().equals(ESAPI.securityConfiguration().getHttpSessionIdName())) 
-                {
-                   params.append("+").append(cooky.getName()).append("=").append(cooky.getValue());
-		                    }
-		            }
-		    }
-		    String msg = request.getMethod() + " " + request.getRequestURL() + (params.length() > 0 ? "?" + params : "");
-		    logger.info(Logger.SECURITY_SUCCESS, msg);
-		}
-
-	private Map<String,String> queryToMap(String query) {
-		TreeMap<String,String> map = new TreeMap<String,String>();
-		String[] parts = query.split("&");
-      for (String part : parts)
-      {
-         try
-         {
-            String[] nvpair = part.split("=");
-				String name = ESAPI.encoder().decodeFromURL(nvpair[0]);
-				String value = ESAPI.encoder().decodeFromURL(nvpair[1]);
-            map.put(name, value);
-         }
-         catch (EncodingException e)
-         {
-				// skip the nvpair with the encoding problem - note this is already logged.
-			}
-		}
-		return map;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * This implementation simply checks to make sure that the forward location starts with "WEB-INF" and
-	 * is intended for use in frameworks that forward to JSP files inside the WEB-INF folder.
-	 */
-	public void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException,ServletException,IOException {
-		if (!location.startsWith("WEB-INF")) {
-			throw new AccessControlException("Forward failed", "Bad forward location: " + location);
-		}
-		RequestDispatcher dispatcher = request.getRequestDispatcher(location);
-		dispatcher.forward( request, response );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void sendForward( String location )  throws AccessControlException,ServletException,IOException {
-    	sendForward( getCurrentRequest(), getCurrentResponse(), location);
-    }
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * This implementation checks against the list of safe redirect locations defined in ESAPI.properties.
-     *
-     * @param response
-     */
-    public void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException {
-        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
-            throw new IOException("Redirect failed");
-        }
-        response.sendRedirect(location);
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void sendRedirect( String location )  throws AccessControlException,IOException {
-    	sendRedirect( getCurrentResponse(), location);
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void setContentType() {
-    	setContentType( getCurrentResponse() );
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setContentType(HttpServletResponse response) {
-		response.setContentType((ESAPI.securityConfiguration()).getResponseContentType());
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response) {
-     	currentRequest.setRequest(request);
-        currentResponse.setResponse(response);
-    }
-
-    /**
-	 * {@inheritDoc}
-     */
-    public void setHeader(HttpServletResponse response, String name, String value) {
-        try {
-            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
-            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", 500, false);
-            response.setHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
-        }
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void setHeader( String name, String value ) {
-    	setHeader( getCurrentResponse(), name, value );
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setNoCacheHeaders() {
-    	setNoCacheHeaders( getCurrentResponse() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param response
-     */
-	public void setNoCacheHeaders(HttpServletResponse response) {
-		// HTTP 1.1
-		response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
-
-		// HTTP 1.0
-		response.setHeader("Pragma","no-cache");
-		response.setDateHeader("Expires", -1);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * Save the user's remember me data in an encrypted cookie and send it to the user.
-	 * Any old remember me cookie is destroyed first. Setting this cookie will keep the user
-	 * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
-	 * If the cookie exists for the current user, it will automatically be used by ESAPI to
-	 * log the user in, if the data is valid and not expired.
-     *
-     * @param request
-     * @param response
-     */
-	public String setRememberToken( HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path ) {
-		User user = ESAPI.authenticator().getCurrentUser();
-		try {
-			killCookie(request, response, REMEMBER_TOKEN_COOKIE_NAME );
-			// seal already contains random data
-			String clearToken = user.getAccountName() + "|" + password;
-			long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
-			String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
-
-            // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
-			// which was marked as "WontFix".
-
-			Cookie cookie = new Cookie( REMEMBER_TOKEN_COOKIE_NAME, cryptToken );
-			cookie.setMaxAge( maxAge );
-			cookie.setDomain( domain );
-			cookie.setPath( path );
-			response.addCookie( cookie );
-			logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
-			return cryptToken;
-		} catch( IntegrityException e ) {
-			logger.warning(Logger.SECURITY_FAILURE, "Attempt to set remember me token failed for " + user.getAccountName(), e );
-			return null;
-		}
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String setRememberToken( String password, int maxAge, String domain, String path ) {
-    	return setRememberToken( getCurrentRequest(), getCurrentResponse(), password, maxAge, domain, path );
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public void verifyCSRFToken() throws IntrusionException {
-    	verifyCSRFToken( getCurrentRequest() );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 *
-	 * This implementation uses the CSRF_TOKEN_NAME parameter for the token.
-     *
-     * @param request
-     */
-	public void verifyCSRFToken(HttpServletRequest request) throws IntrusionException {
-		User user = ESAPI.authenticator().getCurrentUser();
-
-		// check if user authenticated with this request - no CSRF protection required
-		if( request.getAttribute(user.getCSRFToken()) != null ) {
-			return;
-		}
-		String token = request.getParameter(CSRF_TOKEN_NAME);
-		if ( !user.getCSRFToken().equals( token ) ) {
-			throw new IntrusionException("Authentication failed", "Possibly forged HTTP request without proper CSRF token detected");
-		}
-	}
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getSessionAttribute( String key ) {
-        final HttpSession session = ESAPI.currentRequest().getSession(false);
-        if ( session != null )
-            return (T) session.getAttribute(key);
-        return null;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getSessionAttribute(HttpSession session, String key)
-    {
-        return (T) session.getAttribute(key);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getRequestAttribute(String key)
-    {
-        return (T)  ESAPI.currentRequest().getAttribute(key);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getRequestAttribute(HttpServletRequest request, String key)
-    {
-        return (T) request.getAttribute( key );
-    }
-    
-    /////////////////////
-    
-    /* Helper method to encrypt using new Encryptor encryption methods and
-     * return the serialized ciphertext as a hex-encoded string.
-     */
-    private String encryptString(String plaintext) throws EncryptionException {
-        PlainText pt = new PlainText(plaintext);
-        CipherText ct = ESAPI.encryptor().encrypt(pt);
-        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
-        return Hex.encode(serializedCiphertext, false);
-    }
-    
-    /* Helper method to decrypt a hex-encode serialized ciphertext string and
-     * to decrypt it using the new Encryptor decryption methods.
-     */
-    private String decryptString(String ciphertext) throws EncryptionException {
-        byte[] serializedCiphertext = Hex.decode(ciphertext);
-        CipherText restoredCipherText =
-            CipherText.fromPortableSerializedBytes(serializedCiphertext);
-        PlainText plaintext = ESAPI.encryptor().decrypt(restoredCipherText);
-        return plaintext.toString();
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.ProgressListener;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.PropNames;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.User;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.codecs.Hex;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.errors.ValidationUploadException;
+
+/**
+ * Reference implementation of the HTTPUtilities interface. This implementation
+ * uses the Apache Commons FileUploader library, which in turn uses the Apache
+ * Commons IO library.
+ * <P>
+ * To simplify the interface, some methods use the current request and response that
+ * are tracked by ThreadLocal variables in the Authenticator. This means that you
+ * must have called ESAPI.authenticator().setCurrentHTTP(request, response) before
+ * calling these methods.
+ * <P>
+ * Typically, this is done by calling the Authenticator.login() method, which
+ * calls setCurrentHTTP() automatically. However if you want to use these methods
+ * in another application, you should explicitly call setCurrentHTTP() in your
+ * own code. In either case, you *must* call ESAPI.clearCurrent() to clear threadlocal
+ * variables before the thread is reused. The advantages of having identity everywhere
+ * outweigh the disadvantages of this approach.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.HTTPUtilities
+ */
+public class DefaultHTTPUtilities implements org.owasp.esapi.HTTPUtilities {
+    private static volatile HTTPUtilities instance = null;
+
+    // Apache Commons FileUpload property for enabling / disabling Java deserialization via file uploads.
+    // ESAPI will save current value, set it to "false", and then restore value before returning. GitHub issue #417.
+    private static String DISKFILEITEM_SERIALIZABLE = "org.apache.commons.fileupload.disk.DiskFileItem.serializable";
+
+    public static HTTPUtilities getInstance() {
+        if ( instance == null ) {
+            synchronized ( DefaultHTTPUtilities.class ) {
+                if ( instance == null ) {
+                    instance = new DefaultHTTPUtilities();
+                }
+            }
+        }
+        return instance;
+    }
+
+    /**
+     * Defines the ThreadLocalRequest to store the current request for this thread.
+     */
+    private class ThreadLocalRequest extends InheritableThreadLocal<HttpServletRequest> {
+
+        public HttpServletRequest getRequest() {
+            return super.get();
+        }
+
+        public HttpServletRequest initialValue() {
+            return null;
+        }
+
+        public void setRequest(HttpServletRequest newRequest) {
+            super.set(newRequest);
+        }
+    }
+
+    /**
+     * Defines the ThreadLocalResponse to store the current response for this thread.
+     */
+    private class ThreadLocalResponse extends InheritableThreadLocal<HttpServletResponse> {
+
+        public HttpServletResponse getResponse() {
+            return super.get();
+        }
+
+        public HttpServletResponse initialValue() {
+            return null;
+        }
+
+        public void setResponse(HttpServletResponse newResponse) {
+            super.set(newResponse);
+        }
+    }
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger("HTTPUtilities");
+
+    /** The max bytes. */
+    static final int maxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
+
+    /** The max # of files per request. */
+    static int maxFiles = 20;   // Same as default in configuration/esapi/ESAPI.properties
+
+    static boolean fileUploadAllowAnonymousUsers = true;
+
+    static {
+        // OPENISSUE - Not sure if we should log this. I can throw because the
+        // property is not set in ESAPI.properties, but it can also throw
+        // because ESAPI.properties can't be found. If the latter is the case,
+        // then trying to log it would cause another ConfigurationException to
+        // be thrown while trying do the logging making the exception stack
+        // traces even more obtuse. And I don't want to spend then next 5 years
+        // answering Stack Overflow questions about that.
+        try {
+            maxFiles = ESAPI.securityConfiguration().getIntProp( PropNames.MAX_UPLOAD_FILE_COUNT );
+        } catch ( ConfigurationException ex ) {
+            // TODO: Figure out what we want to do log this. See OPENISSUE, above.
+            System.err.println("WARNING: Caught exception looking for property " + PropNames.MAX_UPLOAD_FILE_COUNT +
+                    " in ESAPI.properties. Using hard-coded default of " + maxFiles +
+                    "; exception was: " + ex);
+        }
+        try {
+            fileUploadAllowAnonymousUsers = ESAPI.securityConfiguration().getBooleanProp( PropNames.FILEUPLOAD_ALLOW_ANONYMOUS_USERS );
+        } catch ( ConfigurationException ex ) {
+            // This likely will be the normal case (because ESAPI clients seldom update
+            // their ESAPI.properties file from release to release. Therefore, I am
+            // going to ignore it, and we silently go with the default of 'false'.
+            ;      // Intentionally ignore!
+        }
+    }
+
+    /*
+     * The currentRequest ThreadLocal variable is used to make the currentRequest available to any call in any part of an
+     * application. This enables API's for actions that require the request to be much simpler. For example, the logout()
+     * method in the Authenticator class requires the currentRequest to get the session in order to invalidate it.
+     */
+    private ThreadLocalRequest currentRequest = new ThreadLocalRequest();
+
+    /*
+     * The currentResponse ThreadLocal variable is used to make the currentResponse available to any call in any part of an
+     * application. This enables API's for actions that require the response to be much simpler. For example, the logout()
+     * method in the Authenticator class requires the currentResponse to kill the Session ID cookie.
+     */
+    private ThreadLocalResponse currentResponse = new ThreadLocalResponse();
+
+
+
+    /**
+     * No arg constructor.
+     */
+    public DefaultHTTPUtilities() {     // Public CTOR for singletons. SMH. Sigh.
+    }
+
+
+    /**
+     * {@inheritDoc}
+     * This implementation uses a custom "set-cookie" header rather than Java's
+     * cookie interface which doesn't allow the use of HttpOnly. Configure the
+     * HttpOnly and Secure settings in ESAPI.properties.
+     */
+    public void addCookie( Cookie cookie ) {
+        addCookie( getCurrentResponse(), cookie );
+    }
+
+    /**
+     * {@inheritDoc}
+     * This implementation uses a custom "set-cookie" header rather than Java's
+     * cookie interface which doesn't allow the use of HttpOnly. Configure the
+     * HttpOnly and Secure settings in ESAPI.properties.
+     */
+    public void addCookie(HttpServletResponse response, Cookie cookie) {
+        String name = cookie.getName();
+        String value = cookie.getValue();
+        int maxAge = cookie.getMaxAge();
+        String domain = cookie.getDomain();
+        String path = cookie.getPath();
+        boolean secure = cookie.getSecure();
+
+        // validate the name and value
+        ValidationErrorList errors = new ValidationErrorList();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false, errors);
+        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false, errors);
+
+        // if there are no errors, then set the cookie either with a header or normally
+        if (errors.size() == 0) {
+            if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+                String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
+                addHeader(response, "Set-Cookie", header);
+            } else {
+                // Issue 23 - If the ESAPI Configuration is set to force secure cookies, force the secure flag on the cookie before setting it
+                cookie.setSecure( secure || ESAPI.securityConfiguration().getForceSecureCookies() );
+                response.addCookie(cookie);
+            }
+            return;
+        }
+        logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
+    }
+
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String addCSRFToken(String href) {
+        User user = ESAPI.authenticator().getCurrentUser();
+        if (user.isAnonymous()) {
+            return href;
+        }
+
+        // if there are already parameters append with &, otherwise append with ?
+        String token = CSRF_TOKEN_NAME + "=" + user.getCSRFToken();
+        return href.indexOf( '?') != -1 ? href + "&" + token : href + "?" + token;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addHeader(String name, String value) {
+        addHeader( getCurrentResponse(), name, value );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addHeader(HttpServletResponse response, String name, String value) {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        try {
+            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
+            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
+            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+            response.addHeader(safeName, safeValue);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void assertSecureChannel() throws AccessControlException {
+        assertSecureChannel( getCurrentRequest() );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * This implementation ignores the built-in isSecure() method
+     * and uses the URL to determine if the request was transmitted over SSL.
+     * This is because SSL may have been terminated somewhere outside the
+     * container.
+     */
+    public void assertSecureChannel(HttpServletRequest request) throws AccessControlException {
+        if ( request == null ) {
+            throw new AccessControlException( "Insecure request received", "HTTP request was null" );
+        }
+        StringBuffer sb = request.getRequestURL();
+        if ( sb == null ) {
+            throw new AccessControlException( "Insecure request received", "HTTP request URL was null" );
+        }
+        String url = sb.toString();
+        if ( !url.startsWith( "https" ) ) {
+            throw new AccessControlException( "Insecure request received", "HTTP request did not use SSL" );
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void assertSecureRequest() throws AccessControlException {
+        assertSecureRequest( getCurrentRequest() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void assertSecureRequest(HttpServletRequest request) throws AccessControlException {
+        assertSecureChannel( request );
+        String receivedMethod = request.getMethod();
+        String requiredMethod = "POST";
+        if ( !receivedMethod.equals( requiredMethod ) ) {
+            throw new AccessControlException( "Insecure request received", "Received request using " + receivedMethod + " when only " + requiredMethod + " is allowed" );
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public HttpSession changeSessionIdentifier() throws AuthenticationException {
+        return changeSessionIdentifier( getCurrentRequest() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException {
+
+        // get the current session
+        HttpSession oldSession = request.getSession();
+
+        // make a copy of the session content
+        Map<String,Object> temp = new ConcurrentHashMap<String,Object>();
+        Enumeration e = oldSession.getAttributeNames();
+        while (e != null && e.hasMoreElements()) {
+            String name = (String) e.nextElement();
+            Object value = oldSession.getAttribute(name);
+            temp.put(name, value);
+        }
+
+        // kill the old session and create a new one
+        oldSession.invalidate();
+        HttpSession newSession = request.getSession();
+        User user = ESAPI.authenticator().getCurrentUser();
+        user.addSession( newSession );
+        user.removeSession( oldSession );
+
+        // copy back the session content
+      for (Map.Entry<String, Object> stringObjectEntry : temp.entrySet())
+      {
+         newSession.setAttribute(stringObjectEntry.getKey(), stringObjectEntry.getValue());
+        }
+        return newSession;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void clearCurrent() {
+        currentRequest.set(null);
+        currentResponse.set(null);
+    }
+
+    private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
+        // create the special cookie header instead of creating a Java cookie
+        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly]
+        String header = name + "=" + value;
+        if (maxAge >= 0) {
+            header += "; Max-Age=" + maxAge;
+        }
+        if (domain != null) {
+            header += "; Domain=" + domain;
+        }
+        if (path != null) {
+            header += "; Path=" + path;
+        }
+        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
+            header += "; Secure";
+        }
+        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+            header += "; HttpOnly";
+        }
+        return header;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String decryptHiddenField(String encrypted) {
+        try {
+            return decryptString(encrypted);
+        } catch( EncryptionException e ) {
+            throw new IntrusionException("Invalid request","Tampering detected. Hidden field data did not decrypt properly.", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Map<String,String> decryptQueryString(String encrypted) throws EncryptionException {
+        String plaintext = decryptString(encrypted);
+        return queryToMap(plaintext);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Map<String,String> decryptStateFromCookie() throws EncryptionException {
+        return decryptStateFromCookie( getCurrentRequest() );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param request
+     */
+    public Map<String,String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException {
+        try {
+            String encrypted = getCookie( request, ESAPI_STATE );
+            if ( encrypted == null ) return new HashMap<String,String>();
+            String plaintext = decryptString(encrypted);
+            return queryToMap( plaintext );
+        } catch( ValidationException e ) {
+            return null;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encryptHiddenField(String value) throws EncryptionException {
+        return encryptString(value);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encryptQueryString(String query) throws EncryptionException {
+        return encryptString(query);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void encryptStateInCookie(HttpServletResponse response, Map<String,String> cleartext) throws EncryptionException {
+        StringBuilder sb = new StringBuilder();
+        Iterator i = cleartext.entrySet().iterator();
+        while ( i.hasNext() ) {
+            try {
+                Map.Entry entry = (Map.Entry)i.next();
+
+                    // What do these need to be URL encoded? They are encrypted!
+                String name = ESAPI.encoder().encodeForURL( entry.getKey().toString() );
+                String value = ESAPI.encoder().encodeForURL( entry.getValue().toString() );
+             sb.append(name).append("=").append(value);
+                if ( i.hasNext() ) sb.append( "&" );
+            } catch( EncodingException e ) {
+                logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry", e );
+            }
+        }
+
+        String encrypted = encryptString(sb.toString());
+
+        if ( encrypted.length() > (MAX_COOKIE_LEN ) ) {
+            logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry");
+            throw new EncryptionException("Encryption failure", "Encrypted cookie state of " + encrypted.length() + " longer than allowed " + MAX_COOKIE_LEN );
+        }
+
+        Cookie cookie = new Cookie( ESAPI_STATE, encrypted );
+        addCookie( response, cookie );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void encryptStateInCookie( Map<String,String> cleartext ) throws EncryptionException {
+        encryptStateInCookie( getCurrentResponse(), cleartext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCookie( HttpServletRequest request, String name ) throws ValidationException {
+        Cookie c = getFirstCookie( request, name );
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        if ( c == null ) return null;
+        String value = c.getValue();
+        return ESAPI.validator().getValidInput("HTTP cookie value: " + value, value, "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCookie( String name ) throws ValidationException {
+        return getCookie( getCurrentRequest(), name );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCSRFToken() {
+        User user = ESAPI.authenticator().getCurrentUser();
+        if (user == null) return null;
+        return user.getCSRFToken();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public HttpServletRequest getCurrentRequest() {
+        return currentRequest.getRequest();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public HttpServletResponse getCurrentResponse() {
+        return currentResponse.getResponse();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<File> getFileUploads() throws ValidationException {
+        return getFileUploads( getCurrentRequest(), ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<File> getFileUploads(HttpServletRequest request) throws ValidationException {
+        return getFileUploads(request, ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<File> getFileUploads(HttpServletRequest request, File finalDir ) throws ValidationException {
+        return getFileUploads(request, finalDir, ESAPI.securityConfiguration().getAllowedFileExtensions());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<File> getFileUploads(HttpServletRequest request, File finalDir, List allowedExtensions) throws ValidationException {
+        File tempDir = ESAPI.securityConfiguration().getUploadTempDirectory();
+        if ( !tempDir.exists() ) {
+            if ( !tempDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create temp directory: " + tempDir.getAbsolutePath() );
+        }
+
+        if( finalDir != null){
+            if ( !finalDir.exists() ) {
+                if ( !finalDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + finalDir.getAbsolutePath() );
+            }
+        }
+        else {
+            if ( !ESAPI.securityConfiguration().getUploadDirectory().exists()) {
+                if ( !ESAPI.securityConfiguration().getUploadDirectory().mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + ESAPI.securityConfiguration().getUploadDirectory().getAbsolutePath() );
+            }
+            finalDir = ESAPI.securityConfiguration().getUploadDirectory();
+        }
+
+        // Check if this user should be blocked from file upload access. See allowUserFileUploadAccess() and comments
+        // around 'HttpUtilities.FileUploadAllowAnonymousUser' in ESAPI.properties file for details.
+        if ( ! allowUserFileUploadAccess() ) {
+            final String authZErrorMsg = "Upload failed. Anonymous user disallowed by ESAPI property " +
+                                          "'HttpUtilities.FileUploadAllowAnonymousUser'; attempted file upload blocked.";
+            logger.warning(Logger.SECURITY_FAILURE, authZErrorMsg);
+            throw new java.security.AccessControlException( authZErrorMsg );
+        }
+
+
+        List<File> newFiles = new ArrayList<File>();
+        String dfiPrevValue = "false";   // Fail safely in case of Java Security Manager & weird security policy
+        try {
+            dfiPrevValue = System.getProperty(DISKFILEITEM_SERIALIZABLE);
+            System.setProperty(DISKFILEITEM_SERIALIZABLE, "false");
+            final HttpSession session = request.getSession(false);
+            if (!ServletFileUpload.isMultipartContent(request)) {
+                throw new ValidationUploadException("Upload failed", "Not a multipart request");
+            }
+
+            // this factory will store ALL files in the temp directory, regardless of size
+            DiskFileItemFactory factory = new DiskFileItemFactory(0, tempDir);
+            ServletFileUpload upload = new ServletFileUpload(factory);
+            upload.setSizeMax(maxBytes);
+            upload.setFileCountMax(maxFiles);   // Required to address CVE-2023-24998.
+
+            // Create a progress listener
+            ProgressListener progressListener = new ProgressListener() {
+                private long megaBytes = -1;
+                private long progress = 0;
+
+                public void update(long pBytesRead, long pContentLength, int pItems) {
+                    if (pItems == 0)
+                        return;
+                    long mBytes = pBytesRead / 1000000;
+                    if (megaBytes == mBytes)
+                        return;
+                    megaBytes = mBytes;
+                    progress = (long) (((double) pBytesRead / (double) pContentLength) * 100);
+                    if ( session != null ) {
+                        session.setAttribute("progress", Long.toString(progress));
+                    }
+                    // logger.logSuccess(Logger.SECURITY, "   Item " + pItems + " (" + progress + "% of " + pContentLength + " bytes]");
+                }
+            };
+            upload.setProgressListener(progressListener);
+
+            List<FileItem> items = upload.parseRequest(request);
+            for (FileItem item : items)
+            {
+                if (!item.isFormField() && item.getName() != null && !(item.getName().equals("")))
+                {
+                    String[] fparts = item.getName().split("[\\/\\\\]");
+                    String filename = fparts[fparts.length - 1];
+
+                    if (!ESAPI.validator().isValidFileName("upload", filename, allowedExtensions, false))
+                    {
+                        throw new ValidationUploadException("Upload only simple filenames with the following extensions " + allowedExtensions, "Upload failed isValidFileName check");
+                    }
+
+                    logger.info(Logger.SECURITY_SUCCESS, "File upload requested: " + filename);
+                    File f = new File(finalDir, filename);
+                    if (f.exists())
+                    {
+                        String[] parts = filename.split("\\/.");
+                        String extension = "";
+                        if (parts.length > 1)
+                        {
+                            extension = parts[parts.length - 1];
+                        }
+                        String filenm = filename.substring(0, filename.length() - extension.length());
+                        f = File.createTempFile(filenm, "." + extension, finalDir);
+                    }
+
+                    item.write(f);
+                    newFiles.add(f);
+                    // delete temporary file
+                    item.delete();
+                    logger.fatal(Logger.SECURITY_SUCCESS, "File successfully uploaded: " + f);
+                    if (session != null)
+                    {
+                        session.setAttribute("progress", Long.toString(0));
+                    }
+                }
+            }
+        } catch (Exception e) {
+            if (e instanceof ValidationUploadException) {
+                throw (ValidationException)e;
+            }
+            throw new ValidationUploadException("Upload failure", "Problem during upload:" + e.getMessage(), e);
+        }
+        finally {
+            if ( dfiPrevValue != null ) {
+                System.setProperty(DISKFILEITEM_SERIALIZABLE, dfiPrevValue);
+            }
+        }
+        return Collections.synchronizedList(newFiles);
+    }
+
+
+
+    /**
+     * Utility to return the first cookie matching the provided name.
+     * @param request
+     * @param name
+     */
+    private Cookie getFirstCookie(HttpServletRequest request, String name) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+         for (Cookie cookie : cookies)
+         {
+            if (cookie.getName().equals(name))
+            {
+                    return cookie;
+                }
+            }
+        }
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHeader( HttpServletRequest request, String name ) throws ValidationException {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        String value = request.getHeader(name);
+        return ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHeader( String name ) throws ValidationException {
+        return getHeader( getCurrentRequest(), name );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getParameter( HttpServletRequest request, String name ) throws ValidationException {
+        String value = request.getParameter(name);
+        return ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getParameter( String name ) throws ValidationException {
+        return getParameter( getCurrentRequest(), name );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void killAllCookies() {
+        killAllCookies( getCurrentRequest(), getCurrentResponse() );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param request
+     * @param response
+     */
+    public void killAllCookies(HttpServletRequest request, HttpServletResponse response) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+         for (Cookie cookie : cookies)
+         {
+                killCookie(request, response, cookie.getName());
+            }
+        }
+    }
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param request
+     * @param response
+     * @param name
+     */
+    public void killCookie(HttpServletRequest request, HttpServletResponse response, String name) {
+        String path = "/";
+        String domain="";
+        Cookie cookie = getFirstCookie(request, name);
+        if ( cookie != null ) {
+            path = cookie.getPath();
+            domain = cookie.getDomain();
+        }
+        Cookie deleter = new Cookie( name, "deleted" );
+        deleter.setMaxAge( 0 );
+        if ( domain != null ) deleter.setDomain( domain );
+        if ( path != null ) deleter.setPath( path );
+        response.addCookie( deleter );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void killCookie( String name ) {
+        killCookie( getCurrentRequest(), getCurrentResponse(), name );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void logHTTPRequest() {
+        logHTTPRequest( getCurrentRequest(), logger, null );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void logHTTPRequest(HttpServletRequest request, Logger logger) {
+        logHTTPRequest( request, logger, null );
+    }
+
+        /**
+         * Formats an HTTP request into a log suitable string. This implementation logs the remote host IP address (or
+         * hostname if available), the request method (GET/POST), the URL, and all the querystring and form parameters. All
+         * the parameters are presented as though they were in the URL even if they were in a form. Any parameters that
+         * match items in the parameterNamesToObfuscate are shown as eight asterisks.
+         *
+         *
+         * @param request
+         */
+        public void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate) {
+            StringBuilder params = new StringBuilder();
+            Iterator i = request.getParameterMap().keySet().iterator();
+            while (i.hasNext()) {
+                String key = (String) i.next();
+                String[] value = request.getParameterMap().get(key);
+                for (int j = 0; j < value.length; j++) {
+                 params.append(key).append("=");
+                    if (parameterNamesToObfuscate != null && parameterNamesToObfuscate.contains(key)) {
+                        params.append("********");
+                    } else {
+                        params.append(value[j]);
+                    }
+                    if (j < value.length - 1) {
+                        params.append("&");
+                    }
+                }
+                if (i.hasNext())
+                    params.append("&");
+            }
+            Cookie[] cookies = request.getCookies();
+            if ( cookies != null ) {
+             for (Cookie cooky : cookies)
+             {
+                if (!cooky.getName().equals(ESAPI.securityConfiguration().getHttpSessionIdName()))
+                {
+                   params.append("+").append(cooky.getName()).append("=").append(cooky.getValue());
+                            }
+                    }
+            }
+            String msg = request.getMethod() + " " + request.getRequestURL() + (params.length() > 0 ? "?" + params : "");
+            logger.info(Logger.SECURITY_SUCCESS, msg);
+        }
+
+    private Map<String,String> queryToMap(String query) {
+        TreeMap<String,String> map = new TreeMap<String,String>();
+        String[] parts = query.split("&");
+      for (String part : parts)
+      {
+         try
+         {
+            String[] nvpair = part.split("=");
+                String name = ESAPI.encoder().decodeFromURL(nvpair[0]);
+                String value = ESAPI.encoder().decodeFromURL(nvpair[1]);
+            map.put(name, value);
+         }
+         catch (EncodingException e)
+         {
+                // skip the nvpair with the encoding problem - note this is already logged.
+            }
+        }
+        return map;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * This implementation simply checks to make sure that the forward location starts with "WEB-INF" and
+     * is intended for use in frameworks that forward to JSP files inside the WEB-INF folder.
+     */
+    public void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException,ServletException,IOException {
+        if (!location.startsWith("WEB-INF")) {
+            throw new AccessControlException("Forward failed", "Bad forward location: " + location);
+        }
+        RequestDispatcher dispatcher = request.getRequestDispatcher(location);
+        dispatcher.forward( request, response );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void sendForward( String location )  throws AccessControlException,ServletException,IOException {
+        sendForward( getCurrentRequest(), getCurrentResponse(), location);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * This implementation checks against the list of safe redirect locations defined in ESAPI.properties.
+     */
+    public void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException {
+        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
+            throw new AccessControlException("Redirect failed", "Bad redirect location: " + location);
+        }
+        response.sendRedirect(location);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void sendRedirect( String location )  throws AccessControlException,IOException {
+        sendRedirect( getCurrentResponse(), location);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setContentType() {
+        setContentType( getCurrentResponse() );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setContentType(HttpServletResponse response) {
+        response.setContentType((ESAPI.securityConfiguration()).getResponseContentType());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response) {
+         currentRequest.setRequest(request);
+        currentResponse.setResponse(response);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setHeader(HttpServletResponse response, String name, String value) {
+        try {
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
+            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+            response.setHeader(safeName, safeValue);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
+        }
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setHeader( String name, String value ) {
+        setHeader( getCurrentResponse(), name, value );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setNoCacheHeaders() {
+        setNoCacheHeaders( getCurrentResponse() );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param response
+     */
+    public void setNoCacheHeaders(HttpServletResponse response) {
+        // HTTP 1.1
+        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
+
+        // HTTP 1.0
+        response.setHeader("Pragma","no-cache");
+        response.setDateHeader("Expires", -1);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Save the user's remember me data in an encrypted cookie and send it to the user.
+     * Any old remember me cookie is destroyed first. Setting this cookie will keep the user
+     * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
+     * If the cookie exists for the current user, it will automatically be used by ESAPI to
+     * log the user in, if the data is valid and not expired.
+     *
+     * @param request
+     * @param response
+     */
+    public String setRememberToken( HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path ) {
+        User user = ESAPI.authenticator().getCurrentUser();
+        try {
+            killCookie(request, response, REMEMBER_TOKEN_COOKIE_NAME );
+            // seal already contains random data
+            String clearToken = user.getAccountName() + "|" + password;
+            long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
+            String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
+            SecurityConfiguration sg = ESAPI.securityConfiguration();
+            boolean forceSecureCookies = sg.getBooleanProp("HttpUtilities.ForceSecureCookies");
+            boolean forceHttpOnly = sg.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies");
+
+            // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
+            // which was marked as "WontFix".
+
+            Cookie cookie = new Cookie( REMEMBER_TOKEN_COOKIE_NAME, cryptToken );
+            cookie.setMaxAge( maxAge );
+            cookie.setDomain( domain );
+            cookie.setPath( path );
+            cookie.setHttpOnly(forceHttpOnly);
+            cookie.setSecure(forceSecureCookies);
+            response.addCookie( cookie );
+            logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
+            return cryptToken;
+        } catch( IntegrityException e ) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set remember me token failed for " + user.getAccountName(), e );
+            return null;
+        }
+    }
+
+
+    public String setRememberToken(HttpServletRequest request, HttpServletResponse response, int maxAge, String domain, String path){
+        String rval = "";
+        User user = ESAPI.authenticator().getCurrentUser();
+
+        try{
+            killCookie(request,response, REMEMBER_TOKEN_COOKIE_NAME);
+            // seal already contains random data
+            String clearToken = user.getAccountName();
+            long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
+            String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
+            SecurityConfiguration sg = ESAPI.securityConfiguration();
+            boolean forceSecureCookies = sg.getBooleanProp("HttpUtilities.ForceSecureCookies");
+            boolean forceHttpOnly = sg.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies");
+            // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
+            // which was marked as "WontFix".
+
+            Cookie cookie = new Cookie( REMEMBER_TOKEN_COOKIE_NAME, cryptToken );
+            cookie.setMaxAge( maxAge );
+            cookie.setDomain( domain );
+            cookie.setPath( path );
+            cookie.setHttpOnly(forceHttpOnly);
+            cookie.setSecure(forceSecureCookies);
+            response.addCookie( cookie );
+            logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
+        } catch( IntegrityException e){
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set remember me token failed for " + user.getAccountName(), e );
+            return null;
+        }
+
+
+        return rval;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String setRememberToken( String password, int maxAge, String domain, String path ) {
+        return setRememberToken( getCurrentRequest(), getCurrentResponse(), password, maxAge, domain, path );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void verifyCSRFToken() throws IntrusionException {
+        verifyCSRFToken( getCurrentRequest() );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * This implementation uses the CSRF_TOKEN_NAME parameter for the token.
+     *
+     * @param request
+     */
+    public void verifyCSRFToken(HttpServletRequest request) throws IntrusionException {
+        User user = ESAPI.authenticator().getCurrentUser();
+
+        // check if user authenticated with this request - no CSRF protection required
+        if( request.getAttribute(user.getCSRFToken()) != null ) {
+            return;
+        }
+        String token = request.getParameter(CSRF_TOKEN_NAME);
+        if ( !user.getCSRFToken().equals( token ) ) {
+            throw new IntrusionException("Authentication failed", "Possibly forged HTTP request without proper CSRF token detected");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getSessionAttribute( String key ) {
+        final HttpSession session = ESAPI.currentRequest().getSession(false);
+        if ( session != null )
+            return (T) session.getAttribute(key);
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getSessionAttribute(HttpSession session, String key)
+    {
+        return (T) session.getAttribute(key);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getRequestAttribute(String key)
+    {
+        return (T)  ESAPI.currentRequest().getAttribute(key);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getRequestAttribute(HttpServletRequest request, String key)
+    {
+        return (T) request.getAttribute( key );
+    }
+
+    /////////////////////
+
+    /* Helper method to encrypt using new Encryptor encryption methods and
+     * return the serialized ciphertext as a hex-encoded string.
+     */
+    private String encryptString(String plaintext) throws EncryptionException {
+        PlainText pt = new PlainText(plaintext);
+        CipherText ct = ESAPI.encryptor().encrypt(pt);
+        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
+        return Hex.encode(serializedCiphertext, false);
+    }
+
+    /* Helper method to decrypt a hex-encode serialized ciphertext string and
+     * to decrypt it using the new Encryptor decryption methods.
+     */
+    private String decryptString(String ciphertext) throws EncryptionException {
+        byte[] serializedCiphertext = Hex.decode(ciphertext);
+        CipherText restoredCipherText =
+            CipherText.fromPortableSerializedBytes(serializedCiphertext);
+        PlainText plaintext = ESAPI.encryptor().decrypt(restoredCipherText);
+        return plaintext.toString();
+    }
+
+    /* Helper method, currently used only to check if we allow anonymous
+     * (i.e., unauthenticated) users to perform file uploads.
+     * The default is do allow anonymous users. We start to see if the property
+     * specified by "HttpUtilities.FileUploadAllowAnonymousUser" is set to
+     * {@code true} (which is the default). If that is true, we immediately
+     * return true as no further authentication check is required. However, if
+     * that property is false, then we check if the user is authenticated (i.e.,
+     * the returned {@code User} object is not null).
+     */
+    private boolean allowUserFileUploadAccess() {
+        if ( fileUploadAllowAnonymousUsers ) {
+            return true;    // Okay to allow anonymous users
+        }
+
+        // Check if the current user is authenticated as per ESAPI Authenticator.
+        User currentUser = ESAPI.authenticator().getCurrentUser();
+
+        if ( ! currentUser.isAnonymous() ) {
+                //
+                // The logging here is set to 'debug' rather than 'info'
+                // because I figured that the web / app server access logs
+                // should pick up the the authenticated user and log it
+                // along with whatever the HTTP request is, presumably including
+                // the authenticated user account name.
+                //
+                // If you are using JUL for logging and want to see this debug
+                // output, you need to change both instances of 'INFO' in your
+                // 'esapi-java-logging.properties' from 'INFO' to 'FINE' (not
+                // 'DEBUG', which isn't a thing in JUL).
+                //
+            logger.debug(Logger.SECURITY_SUCCESS, "Allowing authenticated user '" + currentUser.getAccountName() +
+                                                  " to upload file(s) via getFileUploads method.");
+            return true;       // User is authenticated, so allow access.
+        }
+        return false;   // User not authenticated; deny access.
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
index 2a71e1483..9f9c0e432 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
@@ -1,193 +1,193 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Stack;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.SecurityConfiguration.Threshold;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.IntrusionException;
-
-/**
- * Reference implementation of the IntrusionDetector interface. This
- * implementation monitors EnterpriseSecurityExceptions to see if any user
- * exceeds a configurable threshold in a configurable time period. For example,
- * it can monitor to see if a user exceeds 10 input validation issues in a 1
- * minute period. Or if there are more than 3 authentication problems in a 10
- * second period. More complex implementations are certainly possible, such as
- * one that establishes a baseline of expected behavior, and then detects
- * deviations from that baseline. This implementation stores state in the
- * user's session, so that it will be properly cleaned up when the session is
- * terminated. State is not otherwise persisted, so attacks that span sessions
- * will not be detectable.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.IntrusionDetector
- */
-public class DefaultIntrusionDetector implements org.owasp.esapi.IntrusionDetector {
-
-	/** The logger. */
-	private final Logger logger = ESAPI.getLogger("IntrusionDetector");
-
-    public DefaultIntrusionDetector() {
-	}
-	
-	/**
-	 * {@inheritDoc}
-     *
-     * @param e
-     */
-	public void addException(Exception e) {
-		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-		
-        if ( e instanceof EnterpriseSecurityException ) {
-            logger.warning( Logger.SECURITY_FAILURE, ((EnterpriseSecurityException)e).getLogMessage(), e );
-        } else {
-            logger.warning( Logger.SECURITY_FAILURE, e.getMessage(), e );
-        }
-
-        // add the exception to the current user, which may trigger a detector 
-		User user = ESAPI.authenticator().getCurrentUser();
-        String eventName = e.getClass().getName();
-
-        if ( e instanceof IntrusionException) {
-            return;
-        }
-        
-        // add the exception to the user's store, handle IntrusionException if thrown
-		try {
-			addSecurityEvent(user, eventName);
-		} catch( IntrusionException ex ) {
-            Threshold quota = ESAPI.securityConfiguration().getQuota(eventName);
-            Iterator i = quota.actions.iterator();
-            while ( i.hasNext() ) {
-                String action = (String)i.next();
-                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
-                takeSecurityAction( action, message );
-            }
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void addEvent(String eventName, String logMessage) throws IntrusionException {
-    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-    	
-        logger.warning( Logger.SECURITY_FAILURE, "Security event " + eventName + " received : " + logMessage );
-
-        // add the event to the current user, which may trigger a detector 
-        User user = ESAPI.authenticator().getCurrentUser();
-        try {
-            addSecurityEvent(user, "event." + eventName);
-        } catch( IntrusionException ex ) {
-            Threshold quota = ESAPI.securityConfiguration().getQuota("event." + eventName);
-            Iterator i = quota.actions.iterator();
-            while ( i.hasNext() ) {
-                String action = (String)i.next();
-                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
-                takeSecurityAction( action, message );
-            }
-        }
-    }
-
-    /**
-     * Take a specified security action.  In this implementation, acceptable
-     * actions are: log, disable, logout.
-     * 
-     * @param action
-     * 		the action to take (log, disable, logout)
-     * @param message
-     * 		the message to log if the action is "log"
-     */
-    private void takeSecurityAction( String action, String message ) {
-    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-    	
-        if ( action.equals( "log" ) ) {
-            logger.fatal( Logger.SECURITY_FAILURE, "INTRUSION - " + message );
-        }
-        User user = ESAPI.authenticator().getCurrentUser();
-        if (user == User.ANONYMOUS)
-        	return;
-        if ( action.equals( "disable" ) ) {
-            user.disable();
-        }
-        if ( action.equals( "logout" ) ) {
-            user.logout();
-        }
-    }
-
-	 /**
-	 * Adds a security event to the user.  These events are used to check that the user has not
-	 * reached the security thresholds set in the properties file.
-	 * 
-	 * @param user
-	 * 			The user that caused the event.
-	 * @param eventName
-	 * 			The name of the event that occurred.
-	 */
-	private void addSecurityEvent(User user, String eventName) {
-		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-		
-		if ( user.isAnonymous() ) return;
-		
-		HashMap eventMap = user.getEventMap();
-		
-		// if there is a threshold, then track this event
-		Threshold threshold = ESAPI.securityConfiguration().getQuota( eventName );
-		if ( threshold != null ) {
-			Event event = (Event)eventMap.get( eventName );
-			if ( event == null ) {
-				event = new Event( eventName );
-				eventMap.put( eventName, event );
-			}
-			// increment
-			event.increment(threshold.count, threshold.interval);
-		}
-	}
-
-    private static class Event {
-        public String key;
-        public Stack times = new Stack();
-        //public long count = 0;
-        public Event( String key ) {
-            this.key = key;
-        }
-        public void increment(int count, long interval) throws IntrusionException {
-        	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-        	
-            Date now = new Date();
-            times.add( 0, now );
-            while ( times.size() > count ) times.remove( times.size()-1 );
-            if ( times.size() == count ) {
-                Date past = (Date)times.get( count-1 );
-                long plong = past.getTime();
-                long nlong = now.getTime(); 
-                if ( nlong - plong < interval * 1000 ) {
-                    throw new IntrusionException( "Threshold exceeded", "Exceeded threshold for " + key );
-                }
-            }
-        }
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Stack;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.SecurityConfiguration.Threshold;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.IntrusionException;
+
+/**
+ * Reference implementation of the IntrusionDetector interface. This
+ * implementation monitors EnterpriseSecurityExceptions to see if any user
+ * exceeds a configurable threshold in a configurable time period. For example,
+ * it can monitor to see if a user exceeds 10 input validation issues in a 1
+ * minute period. Or if there are more than 3 authentication problems in a 10
+ * second period. More complex implementations are certainly possible, such as
+ * one that establishes a baseline of expected behavior, and then detects
+ * deviations from that baseline. This implementation stores state in the
+ * user's session, so that it will be properly cleaned up when the session is
+ * terminated. State is not otherwise persisted, so attacks that span sessions
+ * will not be detectable.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.IntrusionDetector
+ */
+public class DefaultIntrusionDetector implements org.owasp.esapi.IntrusionDetector {
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger("IntrusionDetector");
+
+    public DefaultIntrusionDetector() {
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param e
+     */
+    public void addException(Exception e) {
+        if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+
+        if ( e instanceof EnterpriseSecurityException ) {
+            logger.warning( Logger.SECURITY_FAILURE, ((EnterpriseSecurityException)e).getLogMessage(), e );
+        } else {
+            logger.warning( Logger.SECURITY_FAILURE, e.getMessage(), e );
+        }
+
+        // add the exception to the current user, which may trigger a detector
+        User user = ESAPI.authenticator().getCurrentUser();
+        String eventName = e.getClass().getName();
+
+        if ( e instanceof IntrusionException) {
+            return;
+        }
+
+        // add the exception to the user's store, handle IntrusionException if thrown
+        try {
+            addSecurityEvent(user, eventName);
+        } catch( IntrusionException ex ) {
+            Threshold quota = ESAPI.securityConfiguration().getQuota(eventName);
+            Iterator i = quota.actions.iterator();
+            while ( i.hasNext() ) {
+                String action = (String)i.next();
+                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
+                takeSecurityAction( action, message );
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addEvent(String eventName, String logMessage) throws IntrusionException {
+        if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+
+        logger.warning( Logger.SECURITY_FAILURE, "Security event " + eventName + " received : " + logMessage );
+
+        // add the event to the current user, which may trigger a detector
+        User user = ESAPI.authenticator().getCurrentUser();
+        try {
+            addSecurityEvent(user, "event." + eventName);
+        } catch( IntrusionException ex ) {
+            Threshold quota = ESAPI.securityConfiguration().getQuota("event." + eventName);
+            Iterator i = quota.actions.iterator();
+            while ( i.hasNext() ) {
+                String action = (String)i.next();
+                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
+                takeSecurityAction( action, message );
+            }
+        }
+    }
+
+    /**
+     * Take a specified security action.  In this implementation, acceptable
+     * actions are: log, disable, logout.
+     *
+     * @param action
+     *         the action to take (log, disable, logout)
+     * @param message
+     *         the message to log if the action is "log"
+     */
+    private void takeSecurityAction( String action, String message ) {
+        if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+
+        if ( action.equals( "log" ) ) {
+            logger.fatal( Logger.SECURITY_FAILURE, "INTRUSION - " + message );
+        }
+        User user = ESAPI.authenticator().getCurrentUser();
+        if (user == User.ANONYMOUS)
+            return;
+        if ( action.equals( "disable" ) ) {
+            user.disable();
+        }
+        if ( action.equals( "logout" ) ) {
+            user.logout();
+        }
+    }
+
+     /**
+     * Adds a security event to the user.  These events are used to check that the user has not
+     * reached the security thresholds set in the properties file.
+     *
+     * @param user
+     *             The user that caused the event.
+     * @param eventName
+     *             The name of the event that occurred.
+     */
+    private void addSecurityEvent(User user, String eventName) {
+        if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+
+        if ( user.isAnonymous() ) return;
+
+        HashMap eventMap = user.getEventMap();
+
+        // if there is a threshold, then track this event
+        Threshold threshold = ESAPI.securityConfiguration().getQuota( eventName );
+        if ( threshold != null ) {
+            Event event = (Event)eventMap.get( eventName );
+            if ( event == null ) {
+                event = new Event( eventName );
+                eventMap.put( eventName, event );
+            }
+            // increment
+            event.increment(threshold.count, threshold.interval);
+        }
+    }
+
+    private static class Event {
+        public String key;
+        public Stack times = new Stack();
+        //public long count = 0;
+        public Event( String key ) {
+            this.key = key;
+        }
+        public void increment(int count, long interval) throws IntrusionException {
+            if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+
+            Date now = new Date();
+            times.add( 0, now );
+            while ( times.size() > count ) times.remove( times.size()-1 );
+            if ( times.size() == count ) {
+                Date past = (Date)times.get( count-1 );
+                long plong = past.getTime();
+                long nlong = now.getTime();
+                if ( nlong - plong < interval * 1000 ) {
+                    throw new IntrusionException( "Threshold exceeded", "Exceeded threshold for " + key );
+                }
+            }
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
index 3272a6946..6ac3b4f70 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
@@ -1,134 +1,134 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.UUID;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.Randomizer;
-import org.owasp.esapi.errors.EncryptionException;
-
-/**
- * Reference implementation of the Randomizer interface. This implementation builds on the JCE provider to provide a
- * cryptographically strong source of entropy. The specific algorithm used is configurable in ESAPI.properties.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Randomizer
- */
-public class DefaultRandomizer implements org.owasp.esapi.Randomizer {
-    private static volatile Randomizer singletonInstance;
-
-    public static Randomizer getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultRandomizer.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultRandomizer();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    /** The sr. */
-    private SecureRandom secureRandom = null;
-
-    /** The logger. */
-    private final Logger logger = ESAPI.getLogger("Randomizer");
-
-    private DefaultRandomizer() {
-        String algorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
-        try {
-            secureRandom = SecureRandom.getInstance(algorithm);
-        } catch (NoSuchAlgorithmException e) {
-            // Can't throw an exception from the constructor, but this will get
-            // it logged and tracked
-            new EncryptionException("Error creating randomizer", "Can't find random algorithm " + algorithm, e);
-        }
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomString(int length, char[] characterSet) {
-    	StringBuilder sb = new StringBuilder();
-        for (int loop = 0; loop < length; loop++) {
-            int index = secureRandom.nextInt(characterSet.length);
-            sb.append(characterSet[index]);
-        }
-        String nonce = sb.toString();
-        return nonce;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getRandomBoolean() {
-        return secureRandom.nextBoolean();
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getRandomInteger(int min, int max) {
-        return secureRandom.nextInt(max - min) + min;
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public long getRandomLong() {
-        return secureRandom.nextLong();    
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public float getRandomReal(float min, float max) {
-        float factor = max - min;
-        return secureRandom.nextFloat() * factor + min;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomFilename(String extension) {
-        String fn = getRandomString(12, EncoderConstants.CHAR_ALPHANUMERICS) + "." + extension;
-        logger.debug(Logger.SECURITY_SUCCESS, "Generated new random filename: " + fn );
-        return fn;
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomGUID() throws EncryptionException {
-    	return UUID.randomUUID().toString();
-    }
-    	
-    /**
-     * {@inheritDoc}
-     */
-    public byte[] getRandomBytes(int n) {
-    	byte[] result = new byte[ n ];
-    	secureRandom.nextBytes(result);
-    	return result;
-    }
-    	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.UUID;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.errors.EncryptionException;
+
+/**
+ * Reference implementation of the Randomizer interface. This implementation builds on the JCE provider to provide a
+ * cryptographically strong source of entropy. The specific algorithm used is configurable in ESAPI.properties.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Randomizer
+ */
+public class DefaultRandomizer implements org.owasp.esapi.Randomizer {
+    private static volatile Randomizer singletonInstance;
+
+    public static Randomizer getInstance() {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultRandomizer.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultRandomizer();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    /** The sr. */
+    private SecureRandom secureRandom = null;
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger("Randomizer");
+
+    private DefaultRandomizer() {
+        String algorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        try {
+            secureRandom = SecureRandom.getInstance(algorithm);
+        } catch (NoSuchAlgorithmException e) {
+            // Can't throw an exception from the constructor, but this will get
+            // it logged and tracked
+            new EncryptionException("Error creating randomizer", "Can't find random algorithm " + algorithm, e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRandomString(int length, char[] characterSet) {
+        StringBuilder sb = new StringBuilder();
+        for (int loop = 0; loop < length; loop++) {
+            int index = secureRandom.nextInt(characterSet.length);
+            sb.append(characterSet[index]);
+        }
+        String nonce = sb.toString();
+        return nonce;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getRandomBoolean() {
+        return secureRandom.nextBoolean();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getRandomInteger(int min, int max) {
+        return secureRandom.nextInt(max - min) + min;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public long getRandomLong() {
+        return secureRandom.nextLong();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public float getRandomReal(float min, float max) {
+        float factor = max - min;
+        return secureRandom.nextFloat() * factor + min;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRandomFilename(String extension) {
+        String fn = getRandomString(12, EncoderConstants.CHAR_ALPHANUMERICS) + "." + extension;
+        logger.debug(Logger.SECURITY_SUCCESS, "Generated new random filename: " + fn );
+        return fn;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRandomGUID() throws EncryptionException {
+        return UUID.randomUUID().toString();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public byte[] getRandomBytes(int n) {
+        byte[] result = new byte[ n ];
+        secureRandom.nextBytes(result);
+        return result;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index fd95f04a6..7b622c32d 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -1,1247 +1,1517 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-
-import org.apache.commons.lang.text.StrTokenizer;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.SecurityConfiguration;
-import org.owasp.esapi.errors.ConfigurationException;
-
-/**
- * The reference {@code SecurityConfiguration} manages all the settings used by the ESAPI in a single place. In this reference
- * implementation, resources can be put in several locations, which are searched in the following order:
- * <p>
- * 1) Inside a directory set with a call to SecurityConfiguration.setResourceDirectory( "C:\temp\resources" ).
- * <p>
- * 2) Inside the System.getProperty( "org.owasp.esapi.resources" ) directory.
- * You can set this on the java command line as follows (for example):
- * <pre>
- * 		java -Dorg.owasp.esapi.resources="C:\temp\resources"
- * </pre>
- * You may have to add this to the start-up script that starts your web server. For example, for Tomcat,
- * in the "catalina" script that starts Tomcat, you can set the JAVA_OPTS variable to the {@code -D} string above.
- * <p>
- * 3) Inside the {@code System.getProperty( "user.home" ) + "/.esapi"} directory (supported for backward compatibility) or
- * inside the {@code System.getProperty( "user.home" ) + "/esapi"} directory.
- * <p>
- * 4) The first ".esapi" or "esapi" directory on the classpath. (The former for backward compatibility.)
- * <p>
- * Once the Configuration is initialized with a resource directory, you can edit it to set things like master
- * keys and passwords, logging locations, error thresholds, and allowed file extensions.
- * <p>
- * WARNING: Do not forget to update ESAPI.properties to change the master key and other security critical settings.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim .at. manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @author Kevin Wall (kevin.w.wall .at. gmail.com)
- */
-
-public class DefaultSecurityConfiguration implements SecurityConfiguration {
-    private static volatile SecurityConfiguration instance = null;
-
-    public static SecurityConfiguration getInstance() {
-        if ( instance == null ) {
-            synchronized (DefaultSecurityConfiguration.class) {
-                if ( instance == null ) {
-                    instance = new DefaultSecurityConfiguration();
-                }
-            }
-        }
-        return instance;
-    }
-    
-    private Properties properties = null;
-    private String cipherXformFromESAPIProp = null;	// New in ESAPI 2.0
-    private String cipherXformCurrent = null;		// New in ESAPI 2.0
-
-	/** The name of the ESAPI property file */
-	public static final String DEFAULT_RESOURCE_FILE = "ESAPI.properties";
-	
-    public static final String REMEMBER_TOKEN_DURATION = "Authenticator.RememberTokenDuration";
-    public static final String IDLE_TIMEOUT_DURATION = "Authenticator.IdleTimeoutDuration";
-    public static final String ABSOLUTE_TIMEOUT_DURATION = "Authenticator.AbsoluteTimeoutDuration";
-    public static final String ALLOWED_LOGIN_ATTEMPTS = "Authenticator.AllowedLoginAttempts";
-    public static final String USERNAME_PARAMETER_NAME = "Authenticator.UsernameParameterName";
-    public static final String PASSWORD_PARAMETER_NAME = "Authenticator.PasswordParameterName";
-    public static final String MAX_OLD_PASSWORD_HASHES = "Authenticator.MaxOldPasswordHashes";
-
-    public static final String ALLOW_MULTIPLE_ENCODING = "Encoder.AllowMultipleEncoding";
-    public static final String ALLOW_MIXED_ENCODING	= "Encoder.AllowMixedEncoding";
-    public static final String CANONICALIZATION_CODECS = "Encoder.DefaultCodecList";
-
-    public static final String DISABLE_INTRUSION_DETECTION  = "IntrusionDetector.Disable";
-    
-    public static final String MASTER_KEY = "Encryptor.MasterKey";
-    public static final String MASTER_SALT = "Encryptor.MasterSalt";
-    public static final String KEY_LENGTH = "Encryptor.EncryptionKeyLength";
-    public static final String ENCRYPTION_ALGORITHM = "Encryptor.EncryptionAlgorithm";
-    public static final String HASH_ALGORITHM = "Encryptor.HashAlgorithm";
-    public static final String HASH_ITERATIONS = "Encryptor.HashIterations";
-    public static final String CHARACTER_ENCODING = "Encryptor.CharacterEncoding";
-    public static final String RANDOM_ALGORITHM = "Encryptor.RandomAlgorithm";
-    public static final String DIGITAL_SIGNATURE_ALGORITHM = "Encryptor.DigitalSignatureAlgorithm";
-    public static final String DIGITAL_SIGNATURE_KEY_LENGTH = "Encryptor.DigitalSignatureKeyLength";
-    			// ==================================//
-    			//		New in ESAPI Java 2.0		 //
-    			// ================================= //
-    public static final String PREFERRED_JCE_PROVIDER = "Encryptor.PreferredJCEProvider";
-    public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION = "Encryptor.CipherTransformation";
-    public static final String CIPHERTEXT_USE_MAC = "Encryptor.CipherText.useMAC";
-    public static final String PLAINTEXT_OVERWRITE = "Encryptor.PlainText.overwrite";
-    public static final String IV_TYPE = "Encryptor.ChooseIVMethod";
-    public static final String FIXED_IV = "Encryptor.fixedIV";
-    public static final String COMBINED_CIPHER_MODES = "Encryptor.cipher_modes.combined_modes";
-    public static final String ADDITIONAL_ALLOWED_CIPHER_MODES = "Encryptor.cipher_modes.additional_allowed";
-    public static final String KDF_PRF_ALG = "Encryptor.KDF.PRF";
-	public static final String PRINT_PROPERTIES_WHEN_LOADED = "ESAPI.printProperties";
-
-    public static final String WORKING_DIRECTORY = "Executor.WorkingDirectory";
-    public static final String APPROVED_EXECUTABLES = "Executor.ApprovedExecutables";
-
-    public static final String FORCE_HTTPONLYSESSION = "HttpUtilities.ForceHttpOnlySession";
-    public static final String FORCE_SECURESESSION = "HttpUtilities.SecureSession";
-    public static final String FORCE_HTTPONLYCOOKIES = "HttpUtilities.ForceHttpOnlyCookies";
-    public static final String FORCE_SECURECOOKIES = "HttpUtilities.ForceSecureCookies";
-	public static final String MAX_HTTP_HEADER_SIZE = "HttpUtilities.MaxHeaderSize";
-    public static final String UPLOAD_DIRECTORY = "HttpUtilities.UploadDir";
-    public static final String UPLOAD_TEMP_DIRECTORY = "HttpUtilities.UploadTempDir";
-    public static final String APPROVED_UPLOAD_EXTENSIONS = "HttpUtilities.ApprovedUploadExtensions";
-    public static final String MAX_UPLOAD_FILE_BYTES = "HttpUtilities.MaxUploadFileBytes";
-    public static final String RESPONSE_CONTENT_TYPE = "HttpUtilities.ResponseContentType";
-    public static final String HTTP_SESSION_ID_NAME = "HttpUtilities.HttpSessionIdName";
-
-    public static final String APPLICATION_NAME = "Logger.ApplicationName";
-    public static final String LOG_LEVEL = "Logger.LogLevel";
-    public static final String LOG_FILE_NAME = "Logger.LogFileName";
-    public static final String MAX_LOG_FILE_SIZE = "Logger.MaxLogFileSize";
-    public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired";
-    public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
-    public static final String LOG_SERVER_IP = "Logger.LogServerIP";
-    public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
-    public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
-    public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
-
-
-
-    /**
-	 * The default max log file size is set to 10,000,000 bytes (10 Meg). If the current log file exceeds the current
-	 * max log file size, the logger will move the old log data into another log file. There currently is a max of
-	 * 1000 log files of the same name. If that is exceeded it will presumably start discarding the oldest logs.
-	 */
-	public static final int DEFAULT_MAX_LOG_FILE_SIZE = 10000000;
-	
-    protected final int MAX_REDIRECT_LOCATION = 1000;
-    
-    /**
-     * @deprecated	It is not clear whether this is intended to be the max file name length for the basename(1) of
-     *				a file or the max full path name length of a canonical full path name. Since it is not used anywhere
-     *				in the ESAPI code it is being deprecated and scheduled to be removed in release 2.1.
-     */
-    protected final int MAX_FILE_NAME_LENGTH = 1000;	// DISCUSS: Is this for given directory or refer to canonicalized full path name?
-    													// Too long if the former! (Usually 255 is limit there.) Hard to tell since not used
-    													// here in this class and it's protected, so not sure what it's intent is. It's not
-    													// used anywhere in the ESAPI code base. I am going to deprecate it because of this. -kww
-
-    /*
-     * Implementation Keys
-     */
-    public static final String LOG_IMPLEMENTATION = "ESAPI.Logger";
-    public static final String AUTHENTICATION_IMPLEMENTATION = "ESAPI.Authenticator";
-    public static final String ENCODER_IMPLEMENTATION = "ESAPI.Encoder";
-    public static final String ACCESS_CONTROL_IMPLEMENTATION = "ESAPI.AccessControl";
-    public static final String ENCRYPTION_IMPLEMENTATION = "ESAPI.Encryptor";
-    public static final String INTRUSION_DETECTION_IMPLEMENTATION = "ESAPI.IntrusionDetector";
-    public static final String RANDOMIZER_IMPLEMENTATION = "ESAPI.Randomizer";
-	public static final String EXECUTOR_IMPLEMENTATION = "ESAPI.Executor";
-	public static final String VALIDATOR_IMPLEMENTATION = "ESAPI.Validator";
-	public static final String HTTP_UTILITIES_IMPLEMENTATION = "ESAPI.HTTPUtilities";
-
-    /*
-     * Default Implementations
-     */
-    public static final String DEFAULT_LOG_IMPLEMENTATION = "org.owasp.esapi.reference.JavaLogFactory";
-    public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION = "org.owasp.esapi.reference.FileBasedAuthenticator";
-    public static final String DEFAULT_ENCODER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultEncoder";
-    public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.accesscontrol.DefaultAccessController";
-    public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION = "org.owasp.esapi.reference.crypto.JavaEncryptor";
-    public static final String DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultIntrusionDetector";
-    public static final String DEFAULT_RANDOMIZER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultRandomizer";
-    public static final String DEFAULT_EXECUTOR_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultExecutor";
-    public static final String DEFAULT_HTTP_UTILITIES_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultHTTPUtilities";
-    public static final String DEFAULT_VALIDATOR_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultValidator";
-
-    private static final Map<String, Pattern> patternCache = new HashMap<String, Pattern>();
-
-    /*
-     * Absolute path to the user.home. No longer includes the ESAPI portion as it used to.
-     */
-    private static final String userHome = System.getProperty("user.home" );
-    /*
-     * Absolute path to the customDirectory
-     */	// DISCUSS: Implicit assumption here that there is no SecurityManager installed enforcing the
-        //			prevention of reading system properties. Otherwise this will fail with SecurityException.
-    private static String customDirectory = System.getProperty("org.owasp.esapi.resources");
-    /*
-     * Relative path to the resourceDirectory. Relative to the classpath.
-     * Specifically, ClassLoader.getResource(resourceDirectory + filename) will
-     * be used to load the file.
-     */
-    private String resourceDirectory = ".esapi";	// For backward compatibility (vs. "esapi")
-	private final String resourceFile;
-
-//    private static long lastModified = -1;
-
-    /**
-     * Instantiates a new configuration, using the provided property file name
-     * 
-     * @param resourceFile The name of the property file to load
-     */
-    DefaultSecurityConfiguration(String resourceFile) {
-    	this.resourceFile = resourceFile;
-    	// load security configuration
-    	try {
-        	loadConfiguration();
-        	this.setCipherXProperties();
-        } catch( IOException e ) {
-	        logSpecial("Failed to load security configuration", e );
-	        throw new ConfigurationException("Failed to load security configuration", e);
-        }
-    }
-    
-    /**
-     * Instantiates a new configuration with the supplied properties.
-     * 
-     * Warning - if the setResourceDirectory() method is invoked the properties will
-     * be re-loaded, replacing the supplied properties.
-     * 
-     * @param properties
-     */
-    public DefaultSecurityConfiguration(Properties properties) {
-    	resourceFile = DEFAULT_RESOURCE_FILE;
-    	this.properties = properties; 
-    	this.setCipherXProperties();
-    }
-    
-    /**
-     * Instantiates a new configuration.
-     */
-    public DefaultSecurityConfiguration(){
-    	this(DEFAULT_RESOURCE_FILE);
-    }
-    private void setCipherXProperties() {
-		// TODO: FUTURE: Replace by future CryptoControls class???
-		// See SecurityConfiguration.setCipherTransformation() for
-		// explanation of this.
-        // (Propose this in 2.1 via future email to ESAPI-DEV list.)
-		cipherXformFromESAPIProp =
-			getESAPIProperty(CIPHER_TRANSFORMATION_IMPLEMENTATION,
-							 "AES/CBC/PKCS5Padding");
-		cipherXformCurrent = cipherXformFromESAPIProp;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getApplicationName() {
-    	return getESAPIProperty(APPLICATION_NAME, "DefaultName");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getLogImplementation() {
-    	return getESAPIProperty(LOG_IMPLEMENTATION, DEFAULT_LOG_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getAuthenticationImplementation() {
-    	return getESAPIProperty(AUTHENTICATION_IMPLEMENTATION, DEFAULT_AUTHENTICATION_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getEncoderImplementation() {
-    	return getESAPIProperty(ENCODER_IMPLEMENTATION, DEFAULT_ENCODER_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getAccessControlImplementation() {
-    	return getESAPIProperty(ACCESS_CONTROL_IMPLEMENTATION, DEFAULT_ACCESS_CONTROL_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getEncryptionImplementation() {
-    	return getESAPIProperty(ENCRYPTION_IMPLEMENTATION, DEFAULT_ENCRYPTION_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getIntrusionDetectionImplementation() {
-    	return getESAPIProperty(INTRUSION_DETECTION_IMPLEMENTATION, DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomizerImplementation() {
-    	return getESAPIProperty(RANDOMIZER_IMPLEMENTATION, DEFAULT_RANDOMIZER_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getExecutorImplementation() {
-    	return getESAPIProperty(EXECUTOR_IMPLEMENTATION, DEFAULT_EXECUTOR_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getHTTPUtilitiesImplementation() {
-    	return getESAPIProperty(HTTP_UTILITIES_IMPLEMENTATION, DEFAULT_HTTP_UTILITIES_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getValidationImplementation() {
-    	return getESAPIProperty(VALIDATOR_IMPLEMENTATION, DEFAULT_VALIDATOR_IMPLEMENTATION);
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public byte[] getMasterKey() {
-    	byte[] key = getESAPIPropertyEncoded( MASTER_KEY, null );
-    	if ( key == null || key.length == 0 ) {
-    		throw new ConfigurationException("Property '" + MASTER_KEY +
-    							"' missing or empty in ESAPI.properties file.");
-    }
-    	return key;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setResourceDirectory( String dir ) {
-    	resourceDirectory = dir;
-        logSpecial( "Reset resource directory to: " + dir, null );
-
-        // reload configuration if necessary
-    	try {
-    		this.loadConfiguration();
-    	} catch( IOException e ) {
-	        logSpecial("Failed to load security configuration from " + dir, e);
-    	}
-    }
-
-    public int getEncryptionKeyLength() {
-    	return getESAPIProperty(KEY_LENGTH, 128 );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public byte[] getMasterSalt() {
-    	byte[] salt = getESAPIPropertyEncoded( MASTER_SALT, null );
-    	if ( salt == null || salt.length == 0 ) {
-    		throw new ConfigurationException("Property '" + MASTER_SALT +
-    							"' missing or empty in ESAPI.properties file.");
-    }
-    	return salt;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public List<String> getAllowedExecutables() {
-    	String def = "";
-        String[] exList = getESAPIProperty(APPROVED_EXECUTABLES,def).split(",");
-        return Arrays.asList(exList);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public List<String> getAllowedFileExtensions() {
-    	String def = ".zip,.pdf,.tar,.gz,.xls,.properties,.txt,.xml";
-        String[] extList = getESAPIProperty(APPROVED_UPLOAD_EXTENSIONS,def).split(",");
-        return Arrays.asList(extList);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getAllowedFileUploadSize() {
-        return getESAPIProperty(MAX_UPLOAD_FILE_BYTES, 5000000);
-    }
-
-
-    private Properties loadPropertiesFromStream( InputStream is, String name ) throws IOException {
-    	Properties config = new Properties();
-        try {
-	        config.load(is);
-	        logSpecial("Loaded '" + name + "' properties file", null);
-        } finally {
-            if ( is != null ) try { is.close(); } catch( Exception e ) {}
-        }
-        return config;
-    }
-
-	/**
-	 * Load configuration. Never prints properties.
-	 * 
-	 * @throws java.io.IOException
-	 *             if the file is inaccessible
-	 */
-	protected void loadConfiguration() throws IOException {
-		try {
-		    //first attempt file IO loading of properties
-			logSpecial("Attempting to load " + resourceFile + " via file I/O.");
-			properties = loadPropertiesFromStream(getResourceStream(resourceFile), resourceFile);
-			
-		} catch (Exception iae) {
-		    //if file I/O loading fails, attempt classpath based loading next
-		    logSpecial("Loading " + resourceFile + " via file I/O failed. Exception was: " + iae);
-			logSpecial("Attempting to load " + resourceFile + " via the classpath.");
-			try {
-				properties = loadConfigurationFromClasspath(resourceFile);
-			} catch (Exception e) {				
-				logSpecial(resourceFile + " could not be loaded by any means. Fail.", e);
-				throw new ConfigurationException(resourceFile + " could not be loaded by any means. Fail.", e);
-			}			
-		}
-		
-		// if properties loaded properly above, get validation properties and merge them into the main properties
-		if (properties != null) {
-			final Iterator<String> validationPropFileNames;
-			
-			//defaults to single-valued for backwards compatibility
-			final boolean multivalued= getESAPIProperty(VALIDATION_PROPERTIES_MULTIVALUED, false);
-			final String validationPropValue = getESAPIProperty(VALIDATION_PROPERTIES, "validation.properties");
-			
-			if(multivalued){
-				// the following cast warning goes away if the apache commons lib is updated to current version				
-				validationPropFileNames = StrTokenizer.getCSVInstance(validationPropValue);
-			} else {
-				validationPropFileNames = Collections.singletonList(validationPropValue).iterator();
-			}
-			
-			//clear any cached validation patterns so they can be reloaded from validation.properties
-			patternCache.clear();
-			while(validationPropFileNames.hasNext()){
-				String validationPropFileName = validationPropFileNames.next();
-				Properties validationProperties = null;
-				try {
-				    //first attempt file IO loading of properties
-					logSpecial("Attempting to load " + validationPropFileName + " via file I/O.");
-					validationProperties = loadPropertiesFromStream(getResourceStream(validationPropFileName), validationPropFileName);
-					
-				} catch (Exception iae) {
-				    //if file I/O loading fails, attempt classpath based loading next
-				    logSpecial("Loading " + validationPropFileName + " via file I/O failed.");
-					logSpecial("Attempting to load " + validationPropFileName + " via the classpath.");		
-					try {
-						validationProperties = loadConfigurationFromClasspath(validationPropFileName);
-					} catch (Exception e) {				
-						logSpecial(validationPropFileName + " could not be loaded by any means. fail.", e);
-					}			
-				}
-				
-				if (validationProperties != null) {
-			    	Iterator<?> i = validationProperties.keySet().iterator();
-			    	while( i.hasNext() ) {
-			    		String key = (String)i.next();
-			    		String value = validationProperties.getProperty(key);
-			    		properties.put( key, value);
-			    	}
-				}
-				
-		        if ( shouldPrintProperties() ) {
-		    	
-		    	//FIXME - make this chunk configurable
-		    	/*
-		        logSpecial("  ========Master Configuration========", null);
-		        //logSpecial( "  ResourceDirectory: " + DefaultSecurityConfiguration.resourceDirectory );
-		        Iterator j = new TreeSet( properties.keySet() ).iterator();
-		        while (j.hasNext()) {
-		            String key = (String)j.next();
-		            // print out properties, but not sensitive ones like MasterKey and MasterSalt
-		            if ( !key.contains( "Master" ) ) {
-		            		logSpecial("  |   " + key + "=" + properties.get(key), null);
-		        	}
-		        }
-		        */
-		        }   	
-	        }
-		}
-	}	
-	
-	/**
-	 * @param filename
-	 * @return An {@code InputStream} associated with the specified file name as
-	 *         a resource stream.
-	 * @throws IOException
-	 *             If the file cannot be found or opened for reading.
-	 */
-	public InputStream getResourceStream(String filename) throws IOException {
-		if (filename == null) {
-			return null;
-		}
-
-		try {
-			File f = getResourceFile(filename);
-			if (f != null && f.exists()) {
-				return new FileInputStream(f);
-			}
-		} catch (Exception e) {
-		}
-
-		throw new FileNotFoundException();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public File getResourceFile(String filename) {
-		logSpecial("Attempting to load " + filename + " as resource file via file I/O.");
-
-		if (filename == null) {
-			logSpecial("Failed to load properties via FileIO. Filename is null.");
-			return null; // not found.
-		}
-
-		File f = null;
-
-		// first, allow command line overrides. -Dorg.owasp.esapi.resources
-		// directory
-		f = new File(customDirectory, filename);
-		if (customDirectory != null && f.canRead()) {
-			logSpecial("Found in 'org.owasp.esapi.resources' directory: " + f.getAbsolutePath());
-			return f;
-		} else {
-			logSpecial("Not found in 'org.owasp.esapi.resources' directory or file not readable: " + f.getAbsolutePath());
-		}
-
-		// if not found, then try the programmatically set resource directory
-		// (this defaults to SystemResource directory/resourceFile
-		URL fileUrl = ClassLoader.getSystemResource(resourceDirectory + "/" + filename);
-        if ( fileUrl == null ) {
-            fileUrl = ClassLoader.getSystemResource("esapi/" + filename);
-        }
-
-		if (fileUrl != null) {
-			String fileLocation = fileUrl.getFile();
-			f = new File(fileLocation);
-			if (f.exists()) {
-				logSpecial("Found in SystemResource Directory/resourceDirectory: " + f.getAbsolutePath());
-				return f;
-			} else {
-				logSpecial("Not found in SystemResource Directory/resourceDirectory (this should never happen): " + f.getAbsolutePath());
-			}
-		} else {
-			logSpecial("Not found in SystemResource Directory/resourceDirectory: " + resourceDirectory + File.separator + filename);
-		}
-
-		// If not found, then try immediately under user's home directory first in
-		//		userHome + "/.esapi"		and secondly under
-		//		userHome + "/esapi"
-		// We look in that order because of backward compatibility issues.
-		String homeDir = userHome;
-		if ( homeDir == null ) {
-			homeDir = "";	// Without this,	homeDir + "/.esapi"	would produce
-							// the string		"null/.esapi"		which surely is not intended.
-		}
-		// First look under ".esapi" (for reasons of backward compatibility).
-		f = new File(homeDir + "/.esapi", filename);
-		if ( f.canRead() ) {
-			logSpecial("[Compatibility] Found in 'user.home' directory: " + f.getAbsolutePath());
-			return f;
-		} else {
-			// Didn't find it under old directory ".esapi" so now look under the "esapi" directory.
-			f = new File(homeDir + "/esapi", filename);
-			if ( f.canRead() ) {
-				logSpecial("Found in 'user.home' directory: " + f.getAbsolutePath());
-				return f;
-			} else {
-				logSpecial("Not found in 'user.home' (" + homeDir + ") directory: " + f.getAbsolutePath());
-			}
-		}
-
-		// return null if not found
-		return null;
-	}
-	
-    /**
-     * Used to load ESAPI.properties from a variety of different classpath locations.
-     *
-     * @param fileName The properties file filename.
-     */
-	private Properties loadConfigurationFromClasspath(String fileName) throws IllegalArgumentException {
-		Properties result = null;
-		InputStream in = null;
-
-		ClassLoader[] loaders = new ClassLoader[] {
-				Thread.currentThread().getContextClassLoader(),
-				ClassLoader.getSystemClassLoader(),
-				getClass().getClassLoader() 
-		};
-		String[] classLoaderNames = {
-				"current thread context class loader",
-				"system class loader",
-				"class loader for DefaultSecurityConfiguration class"
-		};
-
-		ClassLoader currentLoader = null;
-		for (int i = 0; i < loaders.length; i++) {
-			if (loaders[i] != null) {
-				currentLoader = loaders[i];
-				try {
-					// try root
-					String currentClasspathSearchLocation = "/ (root)";
-					in = loaders[i].getResourceAsStream(fileName);
-					
-					// try resourceDirectory folder
-					if (in == null) {
-						currentClasspathSearchLocation = resourceDirectory + "/";
-						in = currentLoader.getResourceAsStream(resourceDirectory + "/" + fileName);
-					}
-
-					// try .esapi folder. Look here first for backward compatibility.
-					if (in == null) {
-						currentClasspathSearchLocation = ".esapi/";
-						in = currentLoader.getResourceAsStream(".esapi/" + fileName);
-					} 
-					
-					// try esapi folder (new directory)
-					if (in == null) {
-						currentClasspathSearchLocation = "esapi/";
-						in = currentLoader.getResourceAsStream("esapi/" + fileName);
-					} 
-					
-					// try resources folder
-					if (in == null) {
-						currentClasspathSearchLocation = "resources/";
-						in = currentLoader.getResourceAsStream("resources/" + fileName);
-					}
-		
-					// now load the properties
-					if (in != null) {
-						result = new Properties();
-						result.load(in); // Can throw IOException
-						logSpecial("SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" +
-								currentClasspathSearchLocation + "' using " + classLoaderNames[i] + "!");
-						break;	// Outta here since we've found and loaded it.
-					}
-				} catch (Exception e) {
-					result = null;
-		
-				} finally {
-					try {
-						in.close();
-					} catch (Exception e) {
-					}
-				}
-			}
-		}
-
-		if (result == null) {
-			// CHECKME: This is odd...why not ConfigurationException?
-		    throw new IllegalArgumentException("Failed to load " + resourceFile + " as a classloader resource.");
-		}
-
-		return result;
-	}
-
-    /**
-     * Used to log errors to the console during the loading of the properties file itself. Can't use
-     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
-     * {@code PrintStream} {@code System.out}.
-     *
-     * @param message The message to send to the console.
-     * @param e The error that occurred. (This value printed via {@code e.toString()}.)
-     */
-    private void logSpecial(String message, Throwable e) {
-    	StringBuffer msg = new StringBuffer(message);
-    	if (e != null) {
-    		msg.append(" Exception was: ").append( e.toString() );
-    	}
-		System.out.println( msg.toString() );
-		// if ( e != null) e.printStackTrace();		// TODO ??? Do we want this?
-    }
-
-    /**
-     * Used to log errors to the console during the loading of the properties file itself. Can't use
-     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
-     * {@code PrintStream} {@code System.out}.
-     *
-     * @param message The message to send to the console.
-     */
-    private void logSpecial(String message) {
-		System.out.println(message);
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getPasswordParameterName() {
-        return getESAPIProperty(PASSWORD_PARAMETER_NAME, "password");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getUsernameParameterName() {
-        return getESAPIProperty(USERNAME_PARAMETER_NAME, "username");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getEncryptionAlgorithm() {
-        return getESAPIProperty(ENCRYPTION_ALGORITHM, "AES");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getCipherTransformation() {
-    	assert cipherXformCurrent != null : "Current cipher transformation is null";
-    	return cipherXformCurrent;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public String setCipherTransformation(String cipherXform) {
-    	String previous = getCipherTransformation();
-    	if ( cipherXform == null ) {
-    		// Special case... means set it to original value from ESAPI.properties
-    		cipherXformCurrent = cipherXformFromESAPIProp;
-    	} else {
-    		assert ! cipherXform.trim().equals("") :
-    			"Cipher transformation cannot be just white space or empty string";
-    		cipherXformCurrent = cipherXform;	// Note: No other sanity checks!!!
-    	}
-    	return previous;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public boolean useMACforCipherText() {
-    	return getESAPIProperty(CIPHERTEXT_USE_MAC, true);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public boolean overwritePlainText() {
-    	return getESAPIProperty(PLAINTEXT_OVERWRITE, true);
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getIVType() {
-    	String value = getESAPIProperty(IV_TYPE, "random");
-    	if ( value.equalsIgnoreCase("fixed") || value.equalsIgnoreCase("random") ) {
-    		return value;
-    	} else if ( value.equalsIgnoreCase("specified") ) {
-    		// This is planned for future implementation where setting
-    		// Encryptor.ChooseIVMethod=specified   will require setting some
-    		// other TBD property that will specify an implementation class that
-    		// will generate appropriate IVs. The intent of this would be to use
-    		// such a class with various feedback modes where it is imperative
-    		// that for a given key, any particular IV is *NEVER* reused. For
-    		// now, we will assume that generating a random IV is usually going
-    		// to be sufficient to prevent this.
-    		throw new ConfigurationException("'" + IV_TYPE + "=specified' is not yet implemented. Use 'fixed' or 'random'");
-    	} else {
-    		// TODO: Once 'specified' is legal, adjust exception msg, below.
-    		// DISCUSS: Could just log this and then silently return "random" instead.
-    		throw new ConfigurationException(value + " is illegal value for " + IV_TYPE +
-    										 ". Use 'random' (preferred) or 'fixed'.");
-    	}
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getFixedIV() {
-    	if ( getIVType().equalsIgnoreCase("fixed") ) {
-    		String ivAsHex = getESAPIProperty(FIXED_IV, ""); // No default
-    		if ( ivAsHex == null || ivAsHex.trim().equals("") ) {
-    			throw new ConfigurationException("Fixed IV requires property " +
-    						FIXED_IV + " to be set, but it is not.");
-    		}
-    		return ivAsHex;		// We do no further checks here as we have no context.
-    	} else {
-    		// DISCUSS: Should we just log a warning here and return null instead?
-    		//			If so, may cause NullPointException somewhere later.
-    		throw new ConfigurationException("IV type not 'fixed' (set to '" +
-    										 getIVType() + "'), so no fixed IV applicable.");
-    	}
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getHashAlgorithm() {
-        return getESAPIProperty(HASH_ALGORITHM, "SHA-512");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getHashIterations() {
-    	return getESAPIProperty(HASH_ITERATIONS, 1024);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-	public String getKDFPseudoRandomFunction() {
-		return getESAPIProperty(KDF_PRF_ALG, "HmacSHA256");  // NSA recommended SHA2 or better.
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getCharacterEncoding() {
-        return getESAPIProperty(CHARACTER_ENCODING, "UTF-8");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public boolean getAllowMultipleEncoding() {
-		return getESAPIProperty( ALLOW_MULTIPLE_ENCODING, false );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public boolean getAllowMixedEncoding() {
-		return getESAPIProperty( ALLOW_MIXED_ENCODING, false );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public List<String> getDefaultCanonicalizationCodecs() {
-		List<String> def = new ArrayList<String>();
-		def.add( "org.owasp.esapi.codecs.HTMLEntityCodec" );
-		def.add( "org.owasp.esapi.codecs.PercentCodec" );
-		def.add( "org.owasp.esapi.codecs.JavaScriptCodec" );
-		return getESAPIProperty( CANONICALIZATION_CODECS, def );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getDigitalSignatureAlgorithm() {
-        return getESAPIProperty(DIGITAL_SIGNATURE_ALGORITHM, "SHAwithDSA");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getDigitalSignatureKeyLength() {
-        return getESAPIProperty(DIGITAL_SIGNATURE_KEY_LENGTH, 1024);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomAlgorithm() {
-        return getESAPIProperty(RANDOM_ALGORITHM, "SHA1PRNG");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getAllowedLoginAttempts() {
-        return getESAPIProperty(ALLOWED_LOGIN_ATTEMPTS, 5);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getMaxOldPasswordHashes() {
-        return getESAPIProperty(MAX_OLD_PASSWORD_HASHES, 12);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public File getUploadDirectory() {
-    	String dir = getESAPIProperty( UPLOAD_DIRECTORY, "UploadDir");
-    	return new File( dir );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public File getUploadTempDirectory() {
-    	String dir = getESAPIProperty(UPLOAD_TEMP_DIRECTORY,
-            System.getProperty("java.io.tmpdir","UploadTempDir"));
-    	return new File( dir );
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-	public boolean getDisableIntrusionDetection() {
-    	String value = properties.getProperty( DISABLE_INTRUSION_DETECTION );
-    	if ("true".equalsIgnoreCase(value)) return true;
-    	return false;	// Default result
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public Threshold getQuota(String eventName) {
-        int count = getESAPIProperty("IntrusionDetector." + eventName + ".count", 0);
-        int interval =  getESAPIProperty("IntrusionDetector." + eventName + ".interval", 0);
-        List<String> actions = new ArrayList<String>();
-        String actionString = getESAPIProperty("IntrusionDetector." + eventName + ".actions", "");
-        if (actionString != null) {
-            String[] actionList = actionString.split(",");
-            actions = Arrays.asList(actionList);
-        }
-        if ( count > 0 && interval > 0 && actions.size() > 0 ) {
-        	return new Threshold(eventName, count, interval, actions);
-        }
-        return null;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getLogLevel() {
-        String level = getESAPIProperty(LOG_LEVEL, "WARNING" );
-
-        if (level.equalsIgnoreCase("OFF"))
-            return Logger.OFF;
-        if (level.equalsIgnoreCase("FATAL"))
-            return Logger.FATAL;
-        if (level.equalsIgnoreCase("ERROR"))
-            return Logger.ERROR ;
-        if (level.equalsIgnoreCase("WARNING"))
-            return Logger.WARNING;
-        if (level.equalsIgnoreCase("INFO"))
-            return Logger.INFO;
-        if (level.equalsIgnoreCase("DEBUG"))
-            return Logger.DEBUG;
-        if (level.equalsIgnoreCase("TRACE"))
-            return Logger.TRACE;
-        if (level.equalsIgnoreCase("ALL"))
-            return Logger.ALL;
-
-		// This error is NOT logged the normal way because the logger constructor calls getLogLevel() and if this error occurred it would cause
-		// an infinite loop.
-        logSpecial("The LOG-LEVEL property in the ESAPI properties file has the unrecognized value: " + level + ". Using default: WARNING", null);
-        return Logger.WARNING;  // Note: The default logging level is WARNING.
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getLogFileName() {
-    	return getESAPIProperty( LOG_FILE_NAME, "ESAPI_logging_file" );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public int getMaxLogFileSize() {
-    	return getESAPIProperty( MAX_LOG_FILE_SIZE, DEFAULT_MAX_LOG_FILE_SIZE );
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getLogEncodingRequired() {
-    	return getESAPIProperty( LOG_ENCODING_REQUIRED, false );
-	}
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getLogApplicationName() {
-    	return getESAPIProperty( LOG_APPLICATION_NAME, true );
-	}
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getLogServerIP() {
-    	return getESAPIProperty( LOG_SERVER_IP, true );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceHttpOnlySession() {
-    	return getESAPIProperty( FORCE_HTTPONLYSESSION, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceSecureSession() {
-    	return getESAPIProperty( FORCE_SECURESESSION, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceHttpOnlyCookies() {
-    	return getESAPIProperty( FORCE_HTTPONLYCOOKIES, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceSecureCookies() {
-    	return getESAPIProperty( FORCE_SECURECOOKIES, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public int getMaxHttpHeaderSize() {
-        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096 );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public String getResponseContentType() {
-        return getESAPIProperty( RESPONSE_CONTENT_TYPE, "text/html; charset=UTF-8" );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getHttpSessionIdName() {
-        return getESAPIProperty( HTTP_SESSION_ID_NAME, "JSESSIONID" );
-    }
-	
-	/**
-	 * {@inheritDoc}
-	 */
-    public long getRememberTokenDuration() {
-        int days = getESAPIProperty( REMEMBER_TOKEN_DURATION, 14 );
-        return (long) (1000 * 60 * 60 * 24 * days);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public int getSessionIdleTimeoutLength() {
-        int minutes = getESAPIProperty( IDLE_TIMEOUT_DURATION, 20 );
-        return 1000 * 60 * minutes;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public int getSessionAbsoluteTimeoutLength() {
-        int minutes = getESAPIProperty(ABSOLUTE_TIMEOUT_DURATION, 20 );
-        return 1000 * 60 * minutes;
-	}
-
-   /**
-    * getValidationPattern returns a single pattern based upon key
-    *
-    *  @param key
-    *  			validation pattern name you'd like
-    *  @return
-    *  			if key exists, the associated validation pattern, null otherwise
-	*/
-    public Pattern getValidationPattern( String key ) {
-    	String value = getESAPIProperty( "Validator." + key, "" );
-    	// check cache
-    	Pattern p = patternCache.get( value );
-    	if ( p != null ) return p;
-
-    	// compile a new pattern
-    	if ( value == null || value.equals( "" ) ) return null;
-    	try {
-    		Pattern q = Pattern.compile(value);
-    		patternCache.put( value, q );
-    		return q;
-    	} catch ( PatternSyntaxException e ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not a valid regex in ESAPI.properties. Returning null", null );
-    		return null;
-    	}
-    }
-
-    /**
-     * getWorkingDirectory returns the default directory where processes will be executed
-     * by the Executor.
-     */
-	public File getWorkingDirectory() {
-		String dir = getESAPIProperty( WORKING_DIRECTORY, System.getProperty( "user.dir") );
-		if ( dir != null ) {
-			return new File( dir );
-		}
-		return null;
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getPreferredJCEProvider() {
-	    return properties.getProperty(PREFERRED_JCE_PROVIDER); // No default!
-	}  
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public List<String> getCombinedCipherModes()
-	{
-	    List<String> empty = new ArrayList<String>();     // Default is empty list
-	    return getESAPIProperty(COMBINED_CIPHER_MODES, empty);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public List<String> getAdditionalAllowedCipherModes()
-	{
-	    List<String> empty = new ArrayList<String>();     // Default is empty list
-	    return getESAPIProperty(ADDITIONAL_ALLOWED_CIPHER_MODES, empty);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean getLenientDatesAccepted() {
-		return getESAPIProperty( ACCEPT_LENIENT_DATES, false);
-	}
-
-	protected String getESAPIProperty( String key, String def ) {
-		String value = properties.getProperty(key);
-		if ( value == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-		return value;
-	}
-
-	protected boolean getESAPIProperty( String key, boolean def ) {
-		String property = properties.getProperty(key);
-		if ( property == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-		if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
-			return true;
-		}
-		if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
-			return false;
-		}
-		logSpecial( "SecurityConfiguration for " + key + " not either \"true\" or \"false\" in ESAPI.properties. Using default: " + def, null );
-		return def;
-	}
-
-	protected byte[] getESAPIPropertyEncoded( String key, byte[] def ) {
-		String property = properties.getProperty(key);
-		if ( property == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-        try {
-            return ESAPI.encoder().decodeFromBase64(property);
-        } catch( IOException e ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not properly Base64 encoded in ESAPI.properties. Using default: " + def, null );
-            return null;
-        }
-	}
-
-	protected int getESAPIProperty( String key, int def ) {
-		String property = properties.getProperty(key);
-		if ( property == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-		try {
-            return Integer.parseInt( property );
-		} catch( NumberFormatException e ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not an integer in ESAPI.properties. Using default: " + def, null );
-			return def;
-		}
-	}
-
-	/**
-     * Returns a {@code List} representing the parsed, comma-separated property.
-     * 
-	 * @param key  The specified property name
-	 * @param def  A default value for the property name to return if the property
-	 *             is not set.
-	 * @return A list of strings.
-	 */
-	protected List<String> getESAPIProperty( String key, List<String> def ) {
-	    String property = properties.getProperty( key );
-	    if ( property == null ) {
-	        logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-	        return def;
-	    }
-	    String[] parts = property.split(",");
-	    return Arrays.asList( parts );
-	}
-
-	protected boolean shouldPrintProperties() {
-        return getESAPIProperty(PRINT_PROPERTIES_WHEN_LOADED, false);
-	}
-
-    protected Properties getESAPIProperties() {
-        return properties;
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see{
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+import org.apache.commons.lang.text.StrTokenizer;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.PropNames;   // <== Actual property names moved to here. Eventually we'll do static import.
+import org.owasp.esapi.PropNames.DefaultSearchPath;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.configuration.EsapiPropertyManager;
+import org.owasp.esapi.errors.ConfigurationException;
+
+/**
+ * Thse reference implementation class for {@code SecurityConfiguration} manages all the settings used by the ESAPI
+ * in a single place. In this reference implementation, resources can be put in several locations, which are
+ * searched in the following order:
+ * <p>
+ * <ol>
+ * <li>
+ * Inside a directory set with a call to SecurityConfiguration.setResourceDirectory( "C:\temp\resources" ).
+ * </p><p>
+ * <b>CAUTION:</b> Generally this technique should be avoided if you are
+ * using ESAPI in a resusable library, as it makes it very difficult for an
+ * application using your library to use its own version of
+ * <b>ESAPI.properties</b>.
+ * </p><p>
+ * The only exception might be if you are writing a wrapper library for ESAPI
+ * and wish to provide a set of ESAPI properties that the application cannot <i>accidentally</i>
+ * change. However, selecting this option won't intentionally prevent changing <b>ESAPI.properties</b>
+ * unless you are signing the jar * and somehow forcing the verifiction of its digital signature at
+ * runtime. That's because it's easy enough to unjar your library, edit the <b>ESAPI.properties</b>
+ * file and then re-jar the library.
+ * </p><p>
+ * This option was probably more intended for use by web applications by embedding
+ * them as resources in .war or .ear files, possibly with the intent of
+ * dissauding operations staff from making "improvements", a practice which
+ * makes much less--if any--sense in the era of DevOps and DevSecOps.
+ * </p>
+ * </li>
+ * <li>
+ * Inside the {@code System.getProperty( "org.owasp.esapi.resources" )} directory.
+ * You can set this on the java command line as follows (for example):
+ * <pre>
+ *
+ *         java -Dorg.owasp.esapi.resources="C:\apps\myApp\resources"
+ * </pre>
+ * You may have to add this to the start-up script that starts your web server. For example, for Tomcat,
+ * in the "catalina" script that starts Tomcat, you can set the JAVA_OPTS variable to the {@code -D} string above.
+ * </li>
+ * <li>
+ * Inside the {@code System.getProperty( "user.home" ) + "/.esapi"} directory (supported for backward compatibility) or
+ * inside the {@code System.getProperty( "user.home" ) + "/esapi"} directory.
+ * </li>
+ * <li>
+ * The first ".esapi" or "esapi" directory on the classpath. (The former for backward compatibility.)
+ * </li>
+ * </ol>
+ * </p><p>
+ * Once the ESAPI configuration is initialized with a resource directory, you can edit it to set things like master
+ * keys and passwords, logging locations, error thresholds, and allowed file extensions. (But see the above cautionary
+ * note if you are using ESAPI in a reusable library.)
+ * </p><p>
+ * <b>WARNING:</b> Do not forget to update ESAPI.properties to change the master key and other security critical settings
+ * as well as reviewing changes in the <code>esapi-&lt;<i>vers</i>-configuration.jar</code> for differences
+ * with your current version to see if any important properties were added or removed.
+ * </p><p>
+ * <b>DEPRECATION WARNING</b>: All of the variables of the type '{@code public static final String}'
+ * are now declared and defined in the {@code org.owasp.esapi.PropNames}. These public fields
+ * representing property names and values in <i>this</i> class <i>will</i> be eventually deleted and
+ * no longer available, so please migrate to the corresponding names in {@code PropNames}. Removal of these
+ * public fields from this class will likely occur sometime in 2Q2024.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim .at. manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @author Kevin W. Wall (kevin.w.wall .at. gmail.com)
+ *
+ */
+
+public class DefaultSecurityConfiguration implements SecurityConfiguration {
+    private static volatile SecurityConfiguration instance = null;
+
+    public static SecurityConfiguration getInstance() {
+        if ( instance == null ) {
+            synchronized (DefaultSecurityConfiguration.class) {
+                if ( instance == null ) {
+                    instance = new DefaultSecurityConfiguration();
+                }
+            }
+        }
+        return instance;
+    }
+
+    private Properties properties = null;
+    private String cipherXformFromESAPIProp = null;    // New in ESAPI 2.0
+    private String cipherXformCurrent = null;          // New in ESAPI 2.0
+
+    /** The name of the ESAPI property file.
+     *  @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead.
+     */
+    @Deprecated public static final String DEFAULT_RESOURCE_FILE = PropNames.DEFAULT_RESOURCE_FILE;
+
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String REMEMBER_TOKEN_DURATION = PropNames.REMEMBER_TOKEN_DURATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String IDLE_TIMEOUT_DURATION = PropNames.IDLE_TIMEOUT_DURATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ABSOLUTE_TIMEOUT_DURATION = PropNames.ABSOLUTE_TIMEOUT_DURATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ALLOWED_LOGIN_ATTEMPTS = PropNames.ALLOWED_LOGIN_ATTEMPTS;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String USERNAME_PARAMETER_NAME = PropNames.USERNAME_PARAMETER_NAME;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String PASSWORD_PARAMETER_NAME = PropNames.PASSWORD_PARAMETER_NAME;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String MAX_OLD_PASSWORD_HASHES = PropNames.MAX_OLD_PASSWORD_HASHES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ALLOW_MULTIPLE_ENCODING = PropNames.ALLOW_MULTIPLE_ENCODING;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ALLOW_MIXED_ENCODING    = PropNames.ALLOW_MIXED_ENCODING   ;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String CANONICALIZATION_CODECS = PropNames.CANONICALIZATION_CODECS;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DISABLE_INTRUSION_DETECTION  = PropNames.DISABLE_INTRUSION_DETECTION ;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String MASTER_KEY = PropNames.MASTER_KEY;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String MASTER_SALT = PropNames.MASTER_SALT;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String KEY_LENGTH = PropNames.KEY_LENGTH;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ENCRYPTION_ALGORITHM = PropNames.ENCRYPTION_ALGORITHM;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String HASH_ALGORITHM = PropNames.HASH_ALGORITHM;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String HASH_ITERATIONS = PropNames.HASH_ITERATIONS;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String CHARACTER_ENCODING = PropNames.CHARACTER_ENCODING;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String RANDOM_ALGORITHM = PropNames.RANDOM_ALGORITHM;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DIGITAL_SIGNATURE_ALGORITHM = PropNames.DIGITAL_SIGNATURE_ALGORITHM;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DIGITAL_SIGNATURE_KEY_LENGTH = PropNames.DIGITAL_SIGNATURE_KEY_LENGTH;
+
+                // ==================================//
+                //        New in ESAPI Java 2.x      //
+                // ================================= //
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String PREFERRED_JCE_PROVIDER = PropNames.PREFERRED_JCE_PROVIDER;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION = PropNames.CIPHER_TRANSFORMATION_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String CIPHERTEXT_USE_MAC = PropNames.CIPHERTEXT_USE_MAC;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String PLAINTEXT_OVERWRITE = PropNames.PLAINTEXT_OVERWRITE;
+
+    @Deprecated public static final String IV_TYPE = PropNames.IV_TYPE;    // Will be removed in future release.
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String COMBINED_CIPHER_MODES = PropNames.COMBINED_CIPHER_MODES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ADDITIONAL_ALLOWED_CIPHER_MODES = PropNames.ADDITIONAL_ALLOWED_CIPHER_MODES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String KDF_PRF_ALG = PropNames.KDF_PRF_ALG;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String PRINT_PROPERTIES_WHEN_LOADED = PropNames.PRINT_PROPERTIES_WHEN_LOADED;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String WORKING_DIRECTORY = PropNames.WORKING_DIRECTORY;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String APPROVED_EXECUTABLES = PropNames.APPROVED_EXECUTABLES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String FORCE_HTTPONLYSESSION = PropNames.FORCE_HTTPONLYSESSION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String FORCE_SECURESESSION = PropNames.FORCE_SECURESESSION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String FORCE_HTTPONLYCOOKIES = PropNames.FORCE_HTTPONLYCOOKIES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String FORCE_SECURECOOKIES = PropNames.FORCE_SECURECOOKIES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String MAX_HTTP_HEADER_SIZE = PropNames.MAX_HTTP_HEADER_SIZE;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String UPLOAD_DIRECTORY = PropNames.UPLOAD_DIRECTORY;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String UPLOAD_TEMP_DIRECTORY = PropNames.UPLOAD_TEMP_DIRECTORY;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String APPROVED_UPLOAD_EXTENSIONS = PropNames.APPROVED_UPLOAD_EXTENSIONS;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String MAX_UPLOAD_FILE_BYTES = PropNames.MAX_UPLOAD_FILE_BYTES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String RESPONSE_CONTENT_TYPE = PropNames.RESPONSE_CONTENT_TYPE;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String HTTP_SESSION_ID_NAME = PropNames.HTTP_SESSION_ID_NAME;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String APPLICATION_NAME = PropNames.APPLICATION_NAME;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String LOG_ENCODING_REQUIRED = PropNames.LOG_ENCODING_REQUIRED;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String LOG_APPLICATION_NAME = PropNames.LOG_APPLICATION_NAME;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String LOG_SERVER_IP = PropNames.LOG_SERVER_IP;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String LOG_USER_INFO = PropNames.LOG_USER_INFO;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String LOG_CLIENT_INFO = PropNames.LOG_CLIENT_INFO;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String VALIDATION_PROPERTIES = PropNames.VALIDATION_PROPERTIES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String VALIDATION_PROPERTIES_MULTIVALUED = PropNames.VALIDATION_PROPERTIES_MULTIVALUED;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ACCEPT_LENIENT_DATES = PropNames.ACCEPT_LENIENT_DATES;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String VALIDATOR_HTML_VALIDATION_ACTION = PropNames.VALIDATOR_HTML_VALIDATION_ACTION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE = PropNames.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE;
+
+    /**
+     * Special {@code java.lang.System} property that, if set to {@code true}, will
+     * disable logging from {@code DefaultSecurityConfiguration.logToStdout()}
+     * methods, which is called from various {@code logSpecial()} methods.
+     * @see org.owasp.esapi.reference.DefaultSecurityConfiguration#logToStdout(String msg, Throwable t)
+     * @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead.
+     */
+    @Deprecated public static final String DISCARD_LOGSPECIAL = PropNames.DISCARD_LOGSPECIAL;
+
+    // We assume that this does not change in the middle of processing the
+    // ESAPI.properties files and thus only fetch its value once.
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated private static final String logSpecialValue = System.getProperty( PropNames.DISCARD_LOGSPECIAL, "false" );
+
+
+    protected final int MAX_REDIRECT_LOCATION = 1000;
+
+
+    /*
+     * Implementation Keys
+     */
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String LOG_IMPLEMENTATION = PropNames.LOG_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String AUTHENTICATION_IMPLEMENTATION = PropNames.AUTHENTICATION_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ENCODER_IMPLEMENTATION = PropNames.ENCODER_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ACCESS_CONTROL_IMPLEMENTATION = PropNames.ACCESS_CONTROL_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String ENCRYPTION_IMPLEMENTATION = PropNames.ENCRYPTION_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String INTRUSION_DETECTION_IMPLEMENTATION = PropNames.INTRUSION_DETECTION_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String RANDOMIZER_IMPLEMENTATION = PropNames.RANDOMIZER_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String EXECUTOR_IMPLEMENTATION = PropNames.EXECUTOR_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String VALIDATOR_IMPLEMENTATION = PropNames.VALIDATOR_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String HTTP_UTILITIES_IMPLEMENTATION = PropNames.HTTP_UTILITIES_IMPLEMENTATION;
+
+
+    /*
+     * Default Implementations
+     */
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_LOG_IMPLEMENTATION = PropNames.DEFAULT_LOG_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION = PropNames.DEFAULT_AUTHENTICATION_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_ENCODER_IMPLEMENTATION = PropNames.DEFAULT_ENCODER_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = PropNames.DEFAULT_ACCESS_CONTROL_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION = PropNames.DEFAULT_ENCRYPTION_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION = PropNames.DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_RANDOMIZER_IMPLEMENTATION = PropNames.DEFAULT_RANDOMIZER_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_EXECUTOR_IMPLEMENTATION = PropNames.DEFAULT_EXECUTOR_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_HTTP_UTILITIES_IMPLEMENTATION = PropNames.DEFAULT_HTTP_UTILITIES_IMPLEMENTATION;
+
+    /** @deprecated Use same field name, but from {@code org.owasp.esapi.PropNames} instead. */
+    @Deprecated public static final String DEFAULT_VALIDATOR_IMPLEMENTATION = PropNames.DEFAULT_VALIDATOR_IMPLEMENTATION;
+
+    private static final Map<String, Pattern> patternCache = new HashMap<String, Pattern>();
+
+    /*
+     * Absolute path to the user.home. No longer includes the ESAPI portion as it used to.
+     */
+    private static final String userHome = System.getProperty("user.home" );
+    /*
+     * Absolute path to the customDirectory
+     */    // DISCUSS: Implicit assumption here that there is no SecurityManager installed enforcing the
+        //            prevention of reading system properties. Otherwise this will fail with SecurityException.
+    private static String customDirectory = System.getProperty("org.owasp.esapi.resources");
+    /*
+     * Relative path to the resourceDirectory. Relative to the classpath.
+     * Specifically, ClassLoader.getResource(resourceDirectory + filename) will
+     * be used to load the file.
+     */
+    private String resourceDirectory = ".esapi";    // For backward compatibility (vs. "esapi")
+    private final String resourceFile;
+    private EsapiPropertyManager esapiPropertyManager;
+
+
+    /**
+     * Instantiates a new configuration, using the provided property file name.
+     *
+     * @param resourceFile The name of the property file to load
+     */
+    DefaultSecurityConfiguration(String resourceFile) {
+        this.resourceFile = resourceFile;
+        // load security configuration
+        try {
+            this.esapiPropertyManager = new EsapiPropertyManager();
+            loadConfiguration();
+            this.setCipherXProperties();
+        } catch( IOException e ) {
+            logSpecial("Failed to load security configuration", e );
+            throw new ConfigurationException("Failed to load security configuration", e);
+        }
+    }
+
+    /**
+     * Instantiates a new configuration with the supplied properties.
+     *
+     * Warning - if the setResourceDirectory() method is invoked the properties will
+     * be re-loaded, replacing the supplied properties.
+     *
+     * @param properties
+     */
+    public DefaultSecurityConfiguration(Properties properties) {
+        resourceFile = DEFAULT_RESOURCE_FILE;
+        try {
+            this.esapiPropertyManager = new EsapiPropertyManager();
+            // Do NOT call loadConfiguration() here!
+        } catch( IOException e ) {
+            logSpecial("Failed to load security configuration", e );
+            throw new ConfigurationException("Failed to load security configuration", e);
+        }
+        this.properties = properties;
+        this.setCipherXProperties();
+    }
+
+    /**
+     * Instantiates a new configuration.
+     */
+    public DefaultSecurityConfiguration(){
+        this(DEFAULT_RESOURCE_FILE);
+    }
+    private void setCipherXProperties() {
+        // TODO: FUTURE: Replace by future CryptoControls class???
+        // See SecurityConfiguration.setCipherTransformation() for
+        // explanation of this.
+        // (Propose this in a future 2.x release via future email to ESAPI-DEV list.)
+        cipherXformFromESAPIProp =
+            getESAPIProperty(CIPHER_TRANSFORMATION_IMPLEMENTATION,
+                             "AES/CBC/PKCS5Padding");
+        cipherXformCurrent = cipherXformFromESAPIProp;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getApplicationName() {
+        return getESAPIProperty(APPLICATION_NAME, "DefaultName");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getLogImplementation() {
+        return getESAPIProperty(LOG_IMPLEMENTATION, DEFAULT_LOG_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getAuthenticationImplementation() {
+        return getESAPIProperty(AUTHENTICATION_IMPLEMENTATION, DEFAULT_AUTHENTICATION_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getEncoderImplementation() {
+        return getESAPIProperty(ENCODER_IMPLEMENTATION, DEFAULT_ENCODER_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getAccessControlImplementation() {
+        return getESAPIProperty(ACCESS_CONTROL_IMPLEMENTATION, DEFAULT_ACCESS_CONTROL_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getEncryptionImplementation() {
+        return getESAPIProperty(ENCRYPTION_IMPLEMENTATION, DEFAULT_ENCRYPTION_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getIntrusionDetectionImplementation() {
+        return getESAPIProperty(INTRUSION_DETECTION_IMPLEMENTATION, DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRandomizerImplementation() {
+        return getESAPIProperty(RANDOMIZER_IMPLEMENTATION, DEFAULT_RANDOMIZER_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getExecutorImplementation() {
+        return getESAPIProperty(EXECUTOR_IMPLEMENTATION, DEFAULT_EXECUTOR_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHTTPUtilitiesImplementation() {
+        return getESAPIProperty(HTTP_UTILITIES_IMPLEMENTATION, DEFAULT_HTTP_UTILITIES_IMPLEMENTATION);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getValidationImplementation() {
+        return getESAPIProperty(VALIDATOR_IMPLEMENTATION, DEFAULT_VALIDATOR_IMPLEMENTATION);
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public byte[] getMasterKey() {
+        byte[] key = getESAPIPropertyEncoded( MASTER_KEY, null );
+        if ( key == null || key.length == 0 ) {
+            throw new ConfigurationException("Property '" + MASTER_KEY +
+                                "' missing or empty in ESAPI.properties file.");
+    }
+        return key;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setResourceDirectory( String dir ) {
+        resourceDirectory = dir;
+        logSpecial( "Reset resource directory to: " + dir, null );
+
+        // reload configuration if necessary
+        try {
+            this.loadConfiguration();
+        } catch( IOException e ) {
+            logSpecial("Failed to load security configuration from " + dir, e);
+        }
+    }
+
+    public int getEncryptionKeyLength() {
+        return getESAPIProperty(KEY_LENGTH, 128 );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public byte[] getMasterSalt() {
+        byte[] salt = getESAPIPropertyEncoded( MASTER_SALT, null );
+        if ( salt == null || salt.length == 0 ) {
+            throw new ConfigurationException("Property '" + MASTER_SALT +
+                                "' missing or empty in ESAPI.properties file.");
+    }
+        return salt;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<String> getAllowedExecutables() {
+        String def = "";
+        String[] exList = getESAPIProperty(APPROVED_EXECUTABLES,def).split(",");
+        return Arrays.asList(exList);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<String> getAllowedFileExtensions() {
+        String def = ".pdf,.txt,.jpg,.png";
+        String[] extList = getESAPIProperty(APPROVED_UPLOAD_EXTENSIONS,def).split(",");
+        return Arrays.asList(extList);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getAllowedFileUploadSize() {
+        return getESAPIProperty(MAX_UPLOAD_FILE_BYTES, 5000000);
+    }
+
+
+    private Properties loadPropertiesFromStream( InputStream is, String name ) throws IOException {
+        Properties config = new Properties();
+        try {
+            config.load(is);
+            logSpecial("Loaded '" + name + "' properties file", null);
+        } finally {
+            if ( is != null ) try { is.close(); } catch( Exception e ) {}
+        }
+        return config;
+    }
+
+    /**
+     * Load configuration. Never prints properties.
+     *
+     * @throws java.io.IOException
+     *             if the file is inaccessible
+     */
+    protected void loadConfiguration() throws IOException {
+        try {
+            //first attempt file IO loading of properties
+            logSpecial("Attempting to load " + resourceFile + " via file I/O.");
+            properties = loadPropertiesFromStream(getResourceStream(resourceFile), resourceFile);
+        } catch (Exception iae) {
+            //if file I/O loading fails, attempt classpath based loading next
+            logSpecial("Loading " + resourceFile + " via file I/O failed. Exception was: " + iae);
+            logSpecial("Attempting to load " + resourceFile + " via the classpath.");
+            try {
+                properties = loadConfigurationFromClasspath(resourceFile);
+            } catch (Exception e) {
+                logSpecial(resourceFile + " could not be loaded by any means. Fail.", e);
+                throw new ConfigurationException(resourceFile + " could not be loaded by any means. Fail.", e);
+            }
+        }
+
+        // if properties loaded properly above, get validation properties and merge them into the main properties
+        if (properties != null) {
+            final Iterator<String> validationPropFileNames;
+
+            //defaults to single-valued for backwards compatibility
+            final boolean multivalued= getESAPIProperty(VALIDATION_PROPERTIES_MULTIVALUED, false);
+            final String validationPropValue = getESAPIProperty(VALIDATION_PROPERTIES, "validation.properties");
+
+            if(multivalued){
+                // the following cast warning goes away if the apache commons lib is updated to current version
+                validationPropFileNames = StrTokenizer.getCSVInstance(validationPropValue);
+            } else {
+                validationPropFileNames = Collections.singletonList(validationPropValue).iterator();
+            }
+
+            //clear any cached validation patterns so they can be reloaded from validation.properties
+            patternCache.clear();
+            while(validationPropFileNames.hasNext()){
+                String validationPropFileName = validationPropFileNames.next();
+                Properties validationProperties = null;
+                try {
+                    //first attempt file IO loading of properties
+                    logSpecial("Attempting to load " + validationPropFileName + " via file I/O.");
+                    validationProperties = loadPropertiesFromStream(getResourceStream(validationPropFileName), validationPropFileName);
+                } catch (Exception iae) {
+                    //if file I/O loading fails, attempt classpath based loading next
+                    logSpecial("Loading " + validationPropFileName + " via file I/O failed.");
+                    logSpecial("Attempting to load " + validationPropFileName + " via the classpath.");
+                    try {
+                        validationProperties = loadConfigurationFromClasspath(validationPropFileName);
+                    } catch (Exception e) {
+                        logSpecial(validationPropFileName + " could not be loaded by any means. fail.", e);
+                    }
+                }
+
+                if (validationProperties != null) {
+                    Iterator<?> i = validationProperties.keySet().iterator();
+                    while( i.hasNext() ) {
+                        String key = (String)i.next();
+                        String value = validationProperties.getProperty(key);
+                        properties.put( key, value);
+                    }
+                }
+
+                if ( shouldPrintProperties() ) {
+                        // Gotta give them something.
+                    logSpecial("DefaultSecurityConfiguration: The code to print all the properties is currently commented out");
+
+                    //FIXME - make this chunk configurable
+                    /*
+                        logSpecial("  ========Master Configuration========", null);
+                        //logSpecial( "  ResourceDirectory: " + DefaultSecurityConfiguration.resourceDirectory );
+                        Iterator j = new TreeSet( properties.keySet() ).iterator();
+                        while (j.hasNext()) {
+                            String key = (String)j.next();
+                            // print out properties, but not sensitive ones like MasterKey and MasterSalt
+                            if ( !key.contains( "Master" ) ) {
+                                    logSpecial("  |   " + key + "=" + properties.get(key), null);
+                            }
+                        }
+                    */
+                }
+            }
+        }
+    }
+
+    /**
+     * @param filename
+     * @return An {@code InputStream} associated with the specified file name as
+     *         a resource stream.
+     * @throws IOException
+     *             If the file cannot be found or opened for reading.
+     */
+    public InputStream getResourceStream(String filename) throws IOException {
+        if (filename == null) {
+            return null;
+        }
+
+        try {
+            File f = getResourceFile(filename);
+            if (f != null && f.exists()) {
+                return new FileInputStream(f);
+            }
+        } catch (Exception e) {
+        }
+
+        throw new FileNotFoundException();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public File getResourceFile(String filename) {
+        logSpecial("Attempting to load " + filename + " as resource file via file I/O.");
+
+        if (filename == null) {
+            logSpecial("Failed to load properties via FileIO. Filename is null.");
+            return null; // not found.
+        }
+
+        File f = null;
+
+        // first, allow command line overrides. -Dorg.owasp.esapi.resources
+        // directory
+        f = new File(customDirectory, filename);
+        if (customDirectory != null && f.canRead()) {
+            logSpecial("Found in 'org.owasp.esapi.resources' directory: " + f.getAbsolutePath());
+            return f;
+        } else {
+            logSpecial("Not found in 'org.owasp.esapi.resources' directory or file not readable: " + f.getAbsolutePath());
+        }
+
+        // if not found, then try the programmatically set resource directory
+        // (this defaults to SystemResource directory/resourceFile
+        URL fileUrl = ClassLoader.getSystemResource(resourceDirectory + "/" + filename);
+        if ( fileUrl == null ) {
+            fileUrl = ClassLoader.getSystemResource("esapi/" + filename);
+        }
+
+        if (fileUrl != null) {
+            try {
+                String fileLocation = fileUrl.toURI().getPath();
+                f = new File(fileLocation);
+                if (f.exists()) {
+                    logSpecial("Found in SystemResource Directory/resourceDirectory: " + f.getAbsolutePath());
+                    return f;
+                } else {
+                    logSpecial("Not found in SystemResource Directory/resourceDirectory (this should never happen): " + f.getAbsolutePath());
+                }
+            } catch (URISyntaxException e) {
+                logSpecial("Error while converting URL " + fileUrl + " to file path: " + e.getMessage());
+            }
+        } else {
+            logSpecial("Not found in SystemResource Directory/resourceDirectory: " + resourceDirectory + File.separator + filename);
+        }
+
+        // If not found, then try immediately under user's home directory first in
+        //        userHome + "/.esapi"        and secondly under
+        //        userHome + "/esapi"
+        // We look in that order because of backward compatibility issues.
+        String homeDir = userHome;
+        if ( homeDir == null ) {
+            homeDir = "";    // Without this,    homeDir + "/.esapi"    would produce
+                            // the string        "null/.esapi"        which surely is not intended.
+        }
+        // First look under ".esapi" (for reasons of backward compatibility).
+        f = new File(homeDir + "/.esapi", filename);
+        if ( f.canRead() ) {
+            logSpecial("[Compatibility] Found in 'user.home' directory: " + f.getAbsolutePath());
+            return f;
+        } else {
+            // Didn't find it under old directory ".esapi" so now look under the "esapi" directory.
+            f = new File(homeDir + "/esapi", filename);
+            if ( f.canRead() ) {
+                logSpecial("Found in 'user.home' directory: " + f.getAbsolutePath());
+                return f;
+            } else {
+                logSpecial("Not found in 'user.home' (" + homeDir + ") directory: " + f.getAbsolutePath());
+            }
+        }
+
+        // return null if not found
+        return null;
+    }
+
+    /**
+     * Used to load ESAPI.properties from a variety of different classpath locations. The order is described in the
+     * class overview Javadoc for this class.
+     *
+     * @param fileName The properties file filename.
+     */
+    private Properties loadConfigurationFromClasspath(String fileName) throws IllegalArgumentException {
+        Properties result = null;
+        InputStream in = null;
+
+        ClassLoader[] loaders = new ClassLoader[] {
+                Thread.currentThread().getContextClassLoader(),
+                ClassLoader.getSystemClassLoader(),
+                getClass().getClassLoader()
+        };
+        String[] classLoaderNames = {
+                "current thread context class loader",
+                "system class loader",
+                "class loader for DefaultSecurityConfiguration class"
+        };
+
+        ClassLoader currentLoader = null;
+        for (int i = 0; i < loaders.length; i++) {
+            if (loaders[i] != null) {
+                currentLoader = loaders[i];
+                try {
+                    // try root
+                    String currentClasspathSearchLocation = "/ (root)";
+                        // Note: do NOT add '/' anywhere here even though root value is empty string!
+                        // Note that since DefaultSearchPath.ROOT.value() is now "" (the empty string),
+                        // then this is logically equivalent to what we used to have, which was:
+                        //
+                        //      in = loaders[i].getResourceAsStream(fileName);
+                        //
+                    in = loaders[i].getResourceAsStream(DefaultSearchPath.ROOT.value() + fileName);
+
+                    // try resourceDirectory folder
+                    if (in == null) {
+                        currentClasspathSearchLocation = resourceDirectory + "/";
+                        in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCE_DIRECTORY.value() + fileName);
+                    }
+
+                    // try .esapi folder. Look here first for backward compatibility.
+                    if (in == null) {
+                        currentClasspathSearchLocation = ".esapi/";
+                        in = currentLoader.getResourceAsStream(DefaultSearchPath.DOT_ESAPI.value() + fileName);
+                    }
+
+                    // try esapi folder (new directory)
+                    if (in == null) {
+                        currentClasspathSearchLocation = "esapi/";
+                        in = currentLoader.getResourceAsStream(DefaultSearchPath.ESAPI.value() + fileName);
+                    }
+
+                    // try resources folder
+                    if (in == null) {
+                        currentClasspathSearchLocation = "resources/";
+                        in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCES.value() + fileName);
+                    }
+
+                    // try src/main/resources folder
+                    if (in == null) {
+                        currentClasspathSearchLocation = "src/main/resources/";
+                        in = currentLoader.getResourceAsStream(DefaultSearchPath.SRC_MAIN_RESOURCES.value() + fileName);
+                    }
+
+                    // now load the properties
+                    if (in != null) {
+                        result = new Properties();
+                        result.load(in); // Can throw IOException
+                        logSpecial("SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" +
+                                currentClasspathSearchLocation + "' using " + classLoaderNames[i] + "!");
+                        break;    // Outta here since we've found and loaded it.
+                    }
+                } catch (Exception e) {
+                    result = null;
+                } finally {
+                    try {
+                        in.close();
+                    } catch (Exception e) {
+                    }
+                }
+            }
+        }
+
+        if (result == null) {
+            // CHECKME: This is odd...why not ConfigurationException?
+            throw new IllegalArgumentException("Failed to load " + resourceFile + " as a classloader resource.");
+        }
+
+        return result;
+    }
+
+    /**
+     * Log to standard output (i.e., {@code System.out}. This method is
+     * synchronized to reduce the possibility of interleaving the message
+     * output (since the {@code System.out} {@code PrintStream} is buffered)
+     * it invoked from multiple threads. Output is discarded if the
+     * {@code System} property "org.owasp.esapi.logSpecial.discard" is set to
+     * {@code true}.
+     *
+     * @param msg   Message to be logged.
+     * @param t     Associated exception that was caught. The class name and
+     *              exception message is also logged.
+     */
+    public final synchronized static void logToStdout(String msg, Throwable t) {
+     // Note that this class was made final because it is called from this class'
+     // CTOR and we want to prohibit someone from <i>easily</i> doing sneaky
+     // things like subclassing this class and inserting a malicious code as a
+     // shim. Of course, really in hindsight, this entire class should have been
+     // declared 'final', but doing so at this point would likely break someone's
+     // code, including possibly some of our own test code. But since this is a
+     // new method, we can get away with it here.
+        boolean discard = logSpecialValue.trim().equalsIgnoreCase("true");
+        if ( discard ) {
+            return; // Output is discarded!
+        }
+        if ( t == null ) {
+            System.out.println("ESAPI: " + msg);
+        } else {
+            System.out.println("ESAPI: " + msg +
+                               ". Caught " + t.getClass().getName() +
+                               "; exception message was: " + t);
+        }
+    }
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
+     *
+     * @param message The message to send to the console.
+     * @param e The error that occurred. (This value printed via {@code e.toString()}.)
+     */
+    private void logSpecial(String message, Throwable e) {
+        logToStdout(message, e);
+    }
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
+     *
+     * @param message The message to send to the console.
+     */
+    private void logSpecial(String message) {
+        logToStdout(message, null);
+    }
+    /**
+     * {@inheritDoc}
+     */
+    public String getPasswordParameterName() {
+        return getESAPIProperty(PASSWORD_PARAMETER_NAME, "password");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getUsernameParameterName() {
+        return getESAPIProperty(USERNAME_PARAMETER_NAME, "username");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getEncryptionAlgorithm() {
+        return getESAPIProperty(ENCRYPTION_ALGORITHM, "AES");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCipherTransformation() {
+        // Assertion should be okay here. An NPE is likely at runtime if disabled.
+        assert cipherXformCurrent != null : "Current cipher transformation is null";
+        return cipherXformCurrent;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String setCipherTransformation(String cipherXform) {
+        String previous = getCipherTransformation();
+        if ( cipherXform == null ) {
+            // Special case... means set it to original value from ESAPI.properties
+            cipherXformCurrent = cipherXformFromESAPIProp;
+        } else {
+            if ( cipherXform.trim().equals("") ) {
+                throw new ConfigurationException("Cipher transformation cannot be just white space or empty string");
+            }
+            cipherXformCurrent = cipherXform;   // Note: No other sanity checks!!!
+        }
+        return previous;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean useMACforCipherText() {
+        return getESAPIProperty(CIPHERTEXT_USE_MAC, true);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean overwritePlainText() {
+        return getESAPIProperty(PLAINTEXT_OVERWRITE, true);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Deprecated
+    public String getIVType() {
+        String value = getESAPIProperty(IV_TYPE, "random");
+        if ( value.equalsIgnoreCase("random") ) {
+            return value;
+        } else if ( value.equalsIgnoreCase("fixed") ) {
+            logSpecial("WARNING: Property '" + IV_TYPE + "=fixed' is no longer supported AT ALL!!! It had been deprecated since 2.2.0.0 and back then, was announced it would be removed in release 2.3.0.0. It was originally intended to support legacy applications, but is inherently insecure, especially with any streaming mode.");
+            throw new ConfigurationException("'" + IV_TYPE + "=fixed' is no longer supported AT ALL. It has been deprecated since release 2.2 and has been removed since 2.3.");
+        } else if ( value.equalsIgnoreCase("specified") ) {
+            // Originally, this was planned for future implementation where setting
+            //      Encryptor.ChooseIVMethod=specified
+            // would have allowed a dev to write their own static method to be
+            // invoked in a future TBD property, but that is a recipe for
+            // disaster. So, it's not going to happen. Ever.
+            throw new ConfigurationException("Contrary to previous internal comments, '" + IV_TYPE + "=specified' is not going to be supported -- ever.");
+        } else {
+            logSpecial("WARNING: '" + value + "' is illegal value for " + IV_TYPE +
+                                             ". Using 'random' for the IV type.");
+        }
+        return "random";
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHashAlgorithm() {
+        return getESAPIProperty(HASH_ALGORITHM, "SHA-512");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getHashIterations() {
+        return getESAPIProperty(HASH_ITERATIONS, 1024);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getKDFPseudoRandomFunction() {
+        return getESAPIProperty(KDF_PRF_ALG, "HmacSHA256");  // NSA recommended SHA2 or better.
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCharacterEncoding() {
+        return getESAPIProperty(CHARACTER_ENCODING, "UTF-8");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getAllowMultipleEncoding() {
+        return getESAPIProperty( ALLOW_MULTIPLE_ENCODING, false );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getAllowMixedEncoding() {
+        return getESAPIProperty( ALLOW_MIXED_ENCODING, false );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<String> getDefaultCanonicalizationCodecs() {
+        List<String> def = new ArrayList<String>();
+        def.add( "org.owasp.esapi.codecs.HTMLEntityCodec" );
+        def.add( "org.owasp.esapi.codecs.PercentCodec" );
+        def.add( "org.owasp.esapi.codecs.JavaScriptCodec" );
+        return getESAPIProperty( CANONICALIZATION_CODECS, def );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getDigitalSignatureAlgorithm() {
+        return getESAPIProperty(DIGITAL_SIGNATURE_ALGORITHM, "SHAwithDSA");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getDigitalSignatureKeyLength() {
+        return getESAPIProperty(DIGITAL_SIGNATURE_KEY_LENGTH, 2048);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRandomAlgorithm() {
+        return getESAPIProperty(RANDOM_ALGORITHM, "SHA1PRNG");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getAllowedLoginAttempts() {
+        return getESAPIProperty(ALLOWED_LOGIN_ATTEMPTS, 5);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getMaxOldPasswordHashes() {
+        return getESAPIProperty(MAX_OLD_PASSWORD_HASHES, 12);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public File getUploadDirectory() {
+        String dir = getESAPIProperty( UPLOAD_DIRECTORY, "UploadDir");
+        return new File( dir );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public File getUploadTempDirectory() {
+        String dir = getESAPIProperty(UPLOAD_TEMP_DIRECTORY,
+                                      System.getProperty("java.io.tmpdir","UploadTempDir")
+                                     );
+        return new File( dir );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getDisableIntrusionDetection() {
+        String value = properties.getProperty( DISABLE_INTRUSION_DETECTION );
+        if ("true".equalsIgnoreCase(value)) return true;
+        return false;    // Default result
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Threshold getQuota(String eventName) {
+        int count = getESAPIProperty("IntrusionDetector." + eventName + ".count", 0);
+        int interval =  getESAPIProperty("IntrusionDetector." + eventName + ".interval", 0);
+        List<String> actions = new ArrayList<String>();
+        String actionString = getESAPIProperty("IntrusionDetector." + eventName + ".actions", "");
+        if (actionString != null) {
+            String[] actionList = actionString.split(",");
+            actions = Arrays.asList(actionList);
+        }
+        if ( count > 0 && interval > 0 && actions.size() > 0 ) {
+            return new Threshold(eventName, count, interval, actions);
+        }
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getLogEncodingRequired() {
+        return getESAPIProperty( LOG_ENCODING_REQUIRED, false );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getLogApplicationName() {
+        return getESAPIProperty( LOG_APPLICATION_NAME, true );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getLogServerIP() {
+        return getESAPIProperty( LOG_SERVER_IP, true );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getForceHttpOnlySession() {
+        return getESAPIProperty( FORCE_HTTPONLYSESSION, true );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getForceSecureSession() {
+        return getESAPIProperty( FORCE_SECURESESSION, true );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getForceHttpOnlyCookies() {
+        return getESAPIProperty( FORCE_HTTPONLYCOOKIES, true );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getForceSecureCookies() {
+        return getESAPIProperty( FORCE_SECURECOOKIES, true );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getMaxHttpHeaderSize() {
+        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getResponseContentType() {
+        return getESAPIProperty( RESPONSE_CONTENT_TYPE, "text/html; charset=UTF-8" );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHttpSessionIdName() {
+        return getESAPIProperty( HTTP_SESSION_ID_NAME, "JSESSIONID" );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public long getRememberTokenDuration() {
+        int days = getESAPIProperty( REMEMBER_TOKEN_DURATION, 14 );
+        return (long) (1000 * 60 * 60 * 24 * days);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getSessionIdleTimeoutLength() {
+        int minutes = getESAPIProperty( IDLE_TIMEOUT_DURATION, 20 );
+        return 1000 * 60 * minutes;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getSessionAbsoluteTimeoutLength() {
+        int minutes = getESAPIProperty(ABSOLUTE_TIMEOUT_DURATION, 20 );
+        return 1000 * 60 * minutes;
+    }
+
+   /**
+    * getValidationPattern returns a single pattern based upon key
+    *
+    *  @param key
+    *              validation pattern name you'd like
+    *  @return
+    *              if key exists, the associated validation pattern, null otherwise
+    */
+    public Pattern getValidationPattern( String key ) {
+        String value = getESAPIProperty( "Validator." + key, "" );
+        // check cache
+        Pattern p = patternCache.get( value );
+        if ( p != null ) return p;
+
+        // compile a new pattern
+        if ( value == null || value.equals( "" ) ) return null;
+        try {
+            Pattern q = Pattern.compile(value);
+            patternCache.put( value, q );
+            return q;
+        } catch ( PatternSyntaxException e ) {
+            logSpecial( "SecurityConfiguration for " + key + " not a valid regex in ESAPI.properties. Returning null", null );
+            return null;
+        }
+    }
+
+    /**
+     * getWorkingDirectory returns the default directory where processes will be executed
+     * by the Executor.
+     */
+    public File getWorkingDirectory() {
+        String dir = getESAPIProperty( WORKING_DIRECTORY, System.getProperty( "user.dir") );
+        if ( dir != null ) {
+            return new File( dir );
+        }
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getPreferredJCEProvider() {
+        return properties.getProperty(PREFERRED_JCE_PROVIDER); // No default!
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<String> getCombinedCipherModes()
+    {
+        List<String> empty = new ArrayList<String>();     // Default is empty list
+        return getESAPIProperty(COMBINED_CIPHER_MODES, empty);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<String> getAdditionalAllowedCipherModes()
+    {
+        List<String> empty = new ArrayList<String>();     // Default is empty list
+        return getESAPIProperty(ADDITIONAL_ALLOWED_CIPHER_MODES, empty);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getLenientDatesAccepted() {
+        return getESAPIProperty( ACCEPT_LENIENT_DATES, false);
+    }
+
+    protected String getESAPIProperty( String key, String def ) {
+        String value = properties.getProperty(key);
+        if ( value == null ) {
+            logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+            return def;
+        }
+        return value;
+    }
+
+    protected boolean getESAPIProperty( String key, boolean def ) {
+        String property = properties.getProperty(key);
+        if ( property == null ) {
+            logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+            return def;
+        }
+        if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
+            return true;
+        }
+        if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
+            return false;
+        }
+        logSpecial( "SecurityConfiguration for " + key + " not either \"true\" or \"false\" in ESAPI.properties. Using default: " + def, null );
+        return def;
+    }
+
+    protected byte[] getESAPIPropertyEncoded( String key, byte[] def ) {
+        String property = properties.getProperty(key);
+        if ( property == null ) {
+            logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+            return def;
+        }
+        try {
+            return ESAPI.encoder().decodeFromBase64(property);
+        } catch( IOException e ) {
+            logSpecial( "SecurityConfiguration for " + key + " not properly Base64 encoded in ESAPI.properties. Using default: " + def, null );
+            return null;
+        }
+    }
+
+    protected int getESAPIProperty( String key, int def ) {
+        String property = properties.getProperty(key);
+        if ( property == null ) {
+            logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+            return def;
+        }
+        try {
+            return Integer.parseInt( property );
+        } catch( NumberFormatException e ) {
+            logSpecial( "SecurityConfiguration for " + key + " not an integer in ESAPI.properties. Using default: " + def, null );
+            return def;
+        }
+    }
+
+    /**
+     * Returns a {@code List} representing the parsed, comma-separated property.
+     *
+     * @param key  The specified property name
+     * @param def  A default value for the property name to return if the property
+     *             is not set.
+     * @return A list of strings.
+     */
+    protected List<String> getESAPIProperty( String key, List<String> def ) {
+        String property = properties.getProperty( key );
+        if ( property == null ) {
+            logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+            return def;
+        }
+        String[] parts = property.split(",");
+        return Arrays.asList( parts );
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property
+     * 2.) In file defined as org.owasp.esapi.devteam system property
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getIntProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty(propertyName);
+            try {
+                return Integer.parseInt(property);
+            } catch (NumberFormatException e) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                        "type");
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property
+     * 2.) In file defined as org.owasp.esapi.devteam system property
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getByteArrayProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty(propertyName);
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            try {
+                return ESAPI.encoder().decodeFromBase64(property);
+            } catch( IOException e ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                        "type");
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property
+     * 2.) In file defined as org.owasp.esapi.devteam system property
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getBooleanProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty(propertyName);
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes") ) {
+                return true;
+            }
+            if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no") ) {
+                return false;
+            }
+            throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                    "type");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property
+     * 2.) In file defined as org.owasp.esapi.devteam system property
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getStringProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty( propertyName );
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            return property;
+        }
+    }
+
+
+    protected boolean shouldPrintProperties() {
+        return getESAPIProperty(PRINT_PROPERTIES_WHEN_LOADED, false);
+    }
+
+    protected Properties getESAPIProperties() {
+        return properties;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultUser.java b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
index 6b24f1aae..c9065427b 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultUser.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
@@ -1,614 +1,608 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.*;
-
-import javax.servlet.http.HttpSession;
-import java.io.Serializable;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Date;
-import java.util.Locale;
-import java.util.Collections;
-import java.util.HashMap;
-/**
- * Reference implementation of the User interface. This implementation is serialized into a flat file in a simple format.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.User
- */
-public class DefaultUser implements User, Serializable {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/** The idle timeout length specified in the ESAPI config file. */
-	private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionIdleTimeoutLength();
-	
-	/** The absolute timeout length specified in the ESAPI config file. */
-	private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionAbsoluteTimeoutLength();
-	
-	/** The logger used by the class. */
-	private transient final Logger logger = ESAPI.getLogger("DefaultUser");
-    
-	/** This user's account id. */
-	long accountId = 0;
-
-	/** This user's account name. */
-	private String accountName = "";
-
-	/** This user's screen name (account name alias). */
-	private String screenName = "";
-
-	/** This user's CSRF token. */
-	private String csrfToken = resetCSRFToken();
-
-	/** This user's assigned roles. */
-	private Set<String> roles = new HashSet<String>();
-
-	/** Whether this user's account is locked. */
-	private boolean locked = false;
-
-	/** Whether this user is logged in. */
-	private boolean loggedIn = true;
-
-    /** Whether this user's account is enabled. */
-	private boolean enabled = false;
-
-    /** The last host address used by this user. */
-    private String lastHostAddress;
-
-	/** The last password change time for this user. */
-	private Date lastPasswordChangeTime = new Date(0);
-
-	/** The last login time for this user. */
-	private Date lastLoginTime = new Date(0);
-
-	/** The last failed login time for this user. */
-	private Date lastFailedLoginTime = new Date(0);
-	
-	/** The expiration date/time for this user's account. */
-	private Date expirationTime = new Date(Long.MAX_VALUE);
-
-	/** The sessions this user is associated with */
-	private transient Set<HttpSession> sessions = new HashSet<HttpSession>();
-	
-	/** The event map for this User */ 
-	private transient HashMap eventMap = new HashMap();
-	
-	/* A flag to indicate that the password must be changed before the account can be used. */
-	// private boolean requiresPasswordChange = true;
-	
-	/** The failed login count for this user's account. */
-	private int failedLoginCount = 0;
-	
-	/** This user's Locale. */
-	private Locale locale;
-    
-    private static final int MAX_ROLE_LENGTH = 250;
-    
-	/**
-	 * Instantiates a new user.
-	 *
-	 * @param accountName
-	 * 		The name of this user's account.
-	 */
-	public DefaultUser(String accountName) {
-		this.accountName = accountName.toLowerCase();
-		while( true ) {
-			long id = Math.abs( ESAPI.randomizer().getRandomLong() );
-			if ( ESAPI.authenticator().getUser( id ) == null && id != 0 ) {
-				this.accountId = id;
-				break;
-			}
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void addRole(String role) throws AuthenticationException {
-		String roleName = role.toLowerCase();
-		if ( ESAPI.validator().isValidInput("addRole", roleName, "RoleName", MAX_ROLE_LENGTH, false) ) {
-			roles.add(roleName);
-			logger.info(Logger.SECURITY_SUCCESS, "Role " + roleName + " added to " + getAccountName() );
-		} else {
-			throw new AuthenticationAccountsException( "Add role failed", "Attempt to add invalid role " + roleName + " to " + getAccountName() );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void addRoles(Set<String> newRoles) throws AuthenticationException {
-        for (String newRole : newRoles)
-        {
-            addRole(newRole);
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException {
-		ESAPI.authenticator().changePassword(this, oldPassword, newPassword1, newPassword2);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void disable() {
-		enabled = false;
-		logger.info( Logger.SECURITY_SUCCESS, "Account disabled: " + getAccountName() );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void enable() {
-		this.enabled = true;
-		logger.info( Logger.SECURITY_SUCCESS, "Account enabled: " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public long getAccountId() {
-        return accountId;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getAccountName() {
-		return accountName;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getCSRFToken() {
-		return csrfToken;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getExpirationTime() {
-		return (Date)expirationTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public int getFailedLoginCount() {
-		return failedLoginCount;
-	}
-	
-	/**
-	 * Set the failed login count
-	 * 
-	 * @param count
-	 * 			the number of failed logins
-	 */
-	void setFailedLoginCount(int count) {
-		failedLoginCount = count;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getLastFailedLoginTime() {
-		return (Date)lastFailedLoginTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getLastHostAddress() {
-		if ( lastHostAddress == null ) {
-			return "unknown";
-		}
-        return lastHostAddress;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getLastLoginTime() {
-		return (Date)lastLoginTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getLastPasswordChangeTime() {
-		return (Date)lastPasswordChangeTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @return
-     */
-	public String getName() {
-		return this.getAccountName();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public Set<String> getRoles() {
-		return Collections.unmodifiableSet(roles);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getScreenName() {
-		return screenName;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void addSession( HttpSession s ) {
-        sessions.add( s );
-    }
-    
-	/**
-	 * {@inheritDoc}
-	 */
-    public void removeSession( HttpSession s ) {
-        sessions.remove( s );
-    }
-    
-	/**
-	 * {@inheritDoc}
-     *
-     * @return
-     */
-	public Set getSessions() {
-	    return sessions;
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void incrementFailedLoginCount() {
-		failedLoginCount++;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isAnonymous() {
-		// User cannot be anonymous, since we have a special User.ANONYMOUS instance
-		// for the anonymous user
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isEnabled() {
-		return enabled;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isExpired() {
-		return getExpirationTime().before( new Date() );
-
-		// If expiration should happen automatically or based on lastPasswordChangeTime?
-		//		long from = lastPasswordChangeTime.getTime();
-		//		long to = new Date().getTime();
-		//		double difference = to - from;
-		//		long days = Math.round((difference / (1000 * 60 * 60 * 24)));
-		//		return days > 60;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isInRole(String role) {
-		return roles.contains(role.toLowerCase());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isLocked() {
-		return locked;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isLoggedIn() {
-		return loggedIn;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isSessionAbsoluteTimeout() {
-		HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
-		if ( session == null ) return true;
-		Date deadline = new Date( session.getCreationTime() + ABSOLUTE_TIMEOUT_LENGTH);
-		Date now = new Date();
-		return now.after(deadline);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isSessionTimeout() {
-		HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
-		if ( session == null ) return true;
-		Date deadline = new Date( session.getLastAccessedTime() + IDLE_TIMEOUT_LENGTH);
-		Date now = new Date();
-		return now.after(deadline);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void lock() {
-		this.locked = true;
-		logger.info(Logger.SECURITY_SUCCESS, "Account locked: " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void loginWithPassword(String password) throws AuthenticationException {
-		if ( password == null || password.equals("") ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException( "Login failed", "Missing password: " + accountName  );
-		}
-		
-		// don't let disabled users log in
-		if ( !isEnabled() ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException("Login failed", "Disabled user attempt to login: " + accountName );
-		}
-		
-		// don't let locked users log in
-		if ( isLocked() ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException("Login failed", "Locked user attempt to login: " + accountName );
-		}
-		
-		// don't let expired users log in
-		if ( isExpired() ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException("Login failed", "Expired user attempt to login: " + accountName );
-		}
-		
-		logout();
-
-		if ( verifyPassword( password ) ) {
-			loggedIn = true;
-			ESAPI.httpUtilities().changeSessionIdentifier( ESAPI.currentRequest() );
-			ESAPI.authenticator().setCurrentUser(this);
-			setLastLoginTime(new Date());
-            setLastHostAddress( ESAPI.httpUtilities().getCurrentRequest().getRemoteAddr() );
-			logger.trace(Logger.SECURITY_SUCCESS, "User logged in: " + accountName );
-		} else {
-			loggedIn = false;
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			if (getFailedLoginCount() >= ESAPI.securityConfiguration().getAllowedLoginAttempts()) {
-				lock();
-			}
-			throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " + getAccountName() );
-		}
-	}
- 
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void logout() {
-		ESAPI.httpUtilities().killCookie( ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME );
-		
-		HttpSession session = ESAPI.currentRequest().getSession(false);
-		if (session != null) {
-            removeSession(session);
-			session.invalidate();
-		}
-		ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getHttpSessionIdName());
-		loggedIn = false;
-		logger.info(Logger.SECURITY_SUCCESS, "Logout successful" );
-		ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void removeRole(String role) {
-		roles.remove(role.toLowerCase());
-		logger.trace(Logger.SECURITY_SUCCESS, "Role " + role + " removed from " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * In this implementation, we have chosen to use a random token that is
-	 * stored in the User object. Note that it is possible to avoid the use of
-	 * server side state by using either the hash of the users's session id or
-	 * an encrypted token that includes a timestamp and the user's IP address.
-	 * user's IP address. A relatively short 8 character string has been chosen
-	 * because this token will appear in all links and forms.
-	 * 
-	 * @return the string
-	 */
-	public String resetCSRFToken() {
-		// user.csrfToken = ESAPI.encryptor().hash( session.getId(),user.name );
-		// user.csrfToken = ESAPI.encryptor().encrypt( address + ":" + ESAPI.encryptor().getTimeStamp();
-		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		return csrfToken;
-	}
-
-	/**
-	 * Sets the account id for this user's account.
-	 */
-	private void setAccountId(long accountId) {
-		this.accountId = accountId;
-	}
-	
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setAccountName(String accountName) {
-		String old = getAccountName();
-		this.accountName = accountName.toLowerCase();
-		if (old != null) {
-			if ( old.equals( "" ) ) {
-				old = "[nothing]";
-			}
-			logger.info(Logger.SECURITY_SUCCESS, "Account name changed from " + old + " to " + getAccountName() );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setExpirationTime(Date expirationTime) {
-		this.expirationTime = new Date( expirationTime.getTime() );
-		logger.info(Logger.SECURITY_SUCCESS, "Account expiration time set to " + expirationTime + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastFailedLoginTime(Date lastFailedLoginTime) {
-		this.lastFailedLoginTime = lastFailedLoginTime;
-		logger.info(Logger.SECURITY_SUCCESS, "Set last failed login time to " + lastFailedLoginTime + " for " + getAccountName() );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastHostAddress(String remoteHost) throws AuthenticationHostException
-    {
-		if ( lastHostAddress != null && !lastHostAddress.equals(remoteHost)) {
-        	// returning remote address not remote hostname to prevent DNS lookup
-			throw new AuthenticationHostException("Host change", "User session just jumped from " + lastHostAddress + " to " + remoteHost );
-		}
-		lastHostAddress = remoteHost;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastLoginTime(Date lastLoginTime) {
-		this.lastLoginTime = lastLoginTime;
-		logger.info(Logger.SECURITY_SUCCESS, "Set last successful login time to " + lastLoginTime + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
-		this.lastPasswordChangeTime = lastPasswordChangeTime;
-		logger.info(Logger.SECURITY_SUCCESS, "Set last password change time to " + lastPasswordChangeTime + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setRoles(Set<String> roles) throws AuthenticationException {
-		this.roles = new HashSet<String>();
-		addRoles(roles);
-		logger.info(Logger.SECURITY_SUCCESS, "Adding roles " + roles + " to " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setScreenName(String screenName) {
-		this.screenName = screenName;
-		logger.info(Logger.SECURITY_SUCCESS, "ScreenName changed to " + screenName + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @return
-     */
-	public String toString() {
-		return "USER:" + accountName;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void unlock() {
-		this.locked = false;
-		this.failedLoginCount = 0;
-		logger.info( Logger.SECURITY_SUCCESS, "Account unlocked: " + getAccountName() );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean verifyPassword(String password) {
-		return ESAPI.authenticator().verifyPassword(this, password);
-	}
-    
-    /**
-     * Override clone and make final to prevent duplicate user objects.
-     * @return 
-     * @throws java.lang.CloneNotSupportedException
-     */
-    public final Object clone() throws java.lang.CloneNotSupportedException {
-    	  throw new java.lang.CloneNotSupportedException();
-    }
-	/**
-	 * @return the locale
-	 */
-	public Locale getLocale() {
-		return locale;
-	}
-
-	/**
-	 * @param locale the locale to set
-	 */
-	public void setLocale(Locale locale) {
-		this.locale = locale;
-	}
-    
-    public HashMap getEventMap() {
-    	return eventMap;
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.*;
+
+import javax.servlet.http.HttpSession;
+import java.io.Serializable;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Date;
+import java.util.Locale;
+import java.util.Collections;
+import java.util.HashMap;
+/**
+ * Reference implementation of the User interface. This implementation is serialized into a flat file in a simple format.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.User
+ */
+public class DefaultUser implements User, Serializable {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /** The idle timeout length specified in the ESAPI config file. */
+    private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionIdleTimeoutLength();
+
+    /** The absolute timeout length specified in the ESAPI config file. */
+    private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionAbsoluteTimeoutLength();
+
+    /** The logger used by the class. */
+    private transient final Logger logger = ESAPI.getLogger("DefaultUser");
+
+    /** This user's account id. */
+    long accountId = 0;
+
+    /** This user's account name. */
+    private String accountName = "";
+
+    /** This user's screen name (account name alias). */
+    private String screenName = "";
+
+    /** This user's CSRF token. */
+    private String csrfToken = resetCSRFToken();
+
+    /** This user's assigned roles. */
+    private Set<String> roles = new HashSet<String>();
+
+    /** Whether this user's account is locked. */
+    private boolean locked = false;
+
+    /** Whether this user is logged in. */
+    private boolean loggedIn = true;
+
+    /** Whether this user's account is enabled. */
+    private boolean enabled = false;
+
+    /** The last host address used by this user. */
+    private String lastHostAddress;
+
+    /** The last password change time for this user. */
+    private Date lastPasswordChangeTime = new Date(0);
+
+    /** The last login time for this user. */
+    private Date lastLoginTime = new Date(0);
+
+    /** The last failed login time for this user. */
+    private Date lastFailedLoginTime = new Date(0);
+
+    /** The expiration date/time for this user's account. */
+    private Date expirationTime = new Date(Long.MAX_VALUE);
+
+    /** The sessions this user is associated with */
+    private transient Set<HttpSession> sessions = new HashSet<HttpSession>();
+
+    /** The event map for this User */
+    private transient HashMap eventMap = new HashMap();
+
+    /* A flag to indicate that the password must be changed before the account can be used. */
+    // private boolean requiresPasswordChange = true;
+
+    /** The failed login count for this user's account. */
+    private int failedLoginCount = 0;
+
+    /** This user's Locale. */
+    private Locale locale;
+
+    private static final int MAX_ROLE_LENGTH = 250;
+
+    /**
+     * Instantiates a new user.
+     *
+     * @param accountName
+     *         The name of this user's account.
+     */
+    public DefaultUser(String accountName) {
+        this.accountName = accountName.toLowerCase();
+        while( true ) {
+            long id = Math.abs( ESAPI.randomizer().getRandomLong() );
+            if ( ESAPI.authenticator().getUser( id ) == null && id != 0 ) {
+                this.accountId = id;
+                break;
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addRole(String role) throws AuthenticationException {
+        String roleName = role.toLowerCase();
+        if ( ESAPI.validator().isValidInput("addRole", roleName, "RoleName", MAX_ROLE_LENGTH, false) ) {
+            roles.add(roleName);
+            logger.info(Logger.SECURITY_SUCCESS, "Role " + roleName + " added to " + getAccountName() );
+        } else {
+            throw new AuthenticationAccountsException( "Add role failed", "Attempt to add invalid role " + roleName + " to " + getAccountName() );
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addRoles(Set<String> newRoles) throws AuthenticationException {
+        for (String newRole : newRoles)
+        {
+            addRole(newRole);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException {
+        ESAPI.authenticator().changePassword(this, oldPassword, newPassword1, newPassword2);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void disable() {
+        enabled = false;
+        logger.info( Logger.SECURITY_SUCCESS, "Account disabled: " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void enable() {
+        this.enabled = true;
+        logger.info( Logger.SECURITY_SUCCESS, "Account enabled: " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public long getAccountId() {
+        return accountId;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getAccountName() {
+        return accountName;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCSRFToken() {
+        return csrfToken;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Date getExpirationTime() {
+        return (Date)expirationTime.clone();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getFailedLoginCount() {
+        return failedLoginCount;
+    }
+
+    /**
+     * Set the failed login count
+     *
+     * @param count
+     *             the number of failed logins
+     */
+    void setFailedLoginCount(int count) {
+        failedLoginCount = count;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Date getLastFailedLoginTime() {
+        return (Date)lastFailedLoginTime.clone();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getLastHostAddress() {
+        if ( lastHostAddress == null ) {
+            return "unknown";
+        }
+        return lastHostAddress;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Date getLastLoginTime() {
+        return (Date)lastLoginTime.clone();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Date getLastPasswordChangeTime() {
+        return (Date)lastPasswordChangeTime.clone();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getName() {
+        return this.getAccountName();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Set<String> getRoles() {
+        return Collections.unmodifiableSet(roles);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getScreenName() {
+        return screenName;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addSession( HttpSession s ) {
+        sessions.add( s );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void removeSession( HttpSession s ) {
+        sessions.remove( s );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Set getSessions() {
+        return sessions;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void incrementFailedLoginCount() {
+        failedLoginCount++;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isAnonymous() {
+        // User cannot be anonymous, since we have a special User.ANONYMOUS instance
+        // for the anonymous user
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isExpired() {
+        return getExpirationTime().before( new Date() );
+
+        // If expiration should happen automatically or based on lastPasswordChangeTime?
+        //        long from = lastPasswordChangeTime.getTime();
+        //        long to = new Date().getTime();
+        //        double difference = to - from;
+        //        long days = Math.round((difference / (1000 * 60 * 60 * 24)));
+        //        return days > 60;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isInRole(String role) {
+        return roles.contains(role.toLowerCase());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isLocked() {
+        return locked;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isLoggedIn() {
+        return loggedIn;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isSessionAbsoluteTimeout() {
+        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
+        if ( session == null ) return true;
+        Date deadline = new Date( session.getCreationTime() + ABSOLUTE_TIMEOUT_LENGTH);
+        Date now = new Date();
+        return now.after(deadline);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isSessionTimeout() {
+        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
+        if ( session == null ) return true;
+        Date deadline = new Date( session.getLastAccessedTime() + IDLE_TIMEOUT_LENGTH);
+        Date now = new Date();
+        return now.after(deadline);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void lock() {
+        this.locked = true;
+        logger.info(Logger.SECURITY_SUCCESS, "Account locked: " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void loginWithPassword(String password) throws AuthenticationException {
+        if ( password == null || password.equals("") ) {
+            setLastFailedLoginTime(new Date());
+            incrementFailedLoginCount();
+            throw new AuthenticationLoginException( "Login failed", "Missing password: " + accountName  );
+        }
+
+        // don't let disabled users log in
+        if ( !isEnabled() ) {
+            setLastFailedLoginTime(new Date());
+            incrementFailedLoginCount();
+            throw new AuthenticationLoginException("Login failed", "Disabled user attempt to login: " + accountName );
+        }
+
+        // don't let locked users log in
+        if ( isLocked() ) {
+            setLastFailedLoginTime(new Date());
+            incrementFailedLoginCount();
+            throw new AuthenticationLoginException("Login failed", "Locked user attempt to login: " + accountName );
+        }
+
+        // don't let expired users log in
+        if ( isExpired() ) {
+            setLastFailedLoginTime(new Date());
+            incrementFailedLoginCount();
+            throw new AuthenticationLoginException("Login failed", "Expired user attempt to login: " + accountName );
+        }
+
+        logout();
+
+        if ( verifyPassword( password ) ) {
+            loggedIn = true;
+            ESAPI.httpUtilities().changeSessionIdentifier( ESAPI.currentRequest() );
+            ESAPI.authenticator().setCurrentUser(this);
+            setLastLoginTime(new Date());
+            setLastHostAddress( ESAPI.httpUtilities().getCurrentRequest().getRemoteAddr() );
+            logger.trace(Logger.SECURITY_SUCCESS, "User logged in: " + accountName );
+        } else {
+            loggedIn = false;
+            setLastFailedLoginTime(new Date());
+            incrementFailedLoginCount();
+            if (getFailedLoginCount() >= ESAPI.securityConfiguration().getAllowedLoginAttempts()) {
+                lock();
+            }
+            throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " + getAccountName() );
+        }
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void logout() {
+        ESAPI.httpUtilities().killCookie( ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME );
+
+        HttpSession session = ESAPI.currentRequest().getSession(false);
+        if (session != null) {
+            removeSession(session);
+            session.invalidate();
+        }
+        ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getHttpSessionIdName());
+        loggedIn = false;
+        logger.info(Logger.SECURITY_SUCCESS, "Logout successful" );
+        ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void removeRole(String role) {
+        roles.remove(role.toLowerCase());
+        logger.trace(Logger.SECURITY_SUCCESS, "Role " + role + " removed from " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * In this implementation, we have chosen to use a random token that is
+     * stored in the User object. Note that it is possible to avoid the use of
+     * server side state by using either the hash of the users's session id or
+     * an encrypted token that includes a timestamp and the user's IP address.
+     * user's IP address. A relatively short 8 character string has been chosen
+     * because this token will appear in all links and forms.
+     *
+     * @return the string
+     */
+    public String resetCSRFToken() {
+        // user.csrfToken = ESAPI.encryptor().hash( session.getId(),user.name );
+        // user.csrfToken = ESAPI.encryptor().encrypt( address + ":" + ESAPI.encryptor().getTimeStamp();
+        csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        return csrfToken;
+    }
+
+    /**
+     * Sets the account id for this user's account.
+     */
+    private void setAccountId(long accountId) {
+        this.accountId = accountId;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setAccountName(String accountName) {
+        String old = getAccountName();
+        this.accountName = accountName.toLowerCase();
+        if (old != null) {
+            if ( old.equals( "" ) ) {
+                old = "[nothing]";
+            }
+            logger.info(Logger.SECURITY_SUCCESS, "Account name changed from " + old + " to " + getAccountName() );
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setExpirationTime(Date expirationTime) {
+        this.expirationTime = new Date( expirationTime.getTime() );
+        logger.info(Logger.SECURITY_SUCCESS, "Account expiration time set to " + expirationTime + " for " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setLastFailedLoginTime(Date lastFailedLoginTime) {
+        this.lastFailedLoginTime = lastFailedLoginTime;
+        logger.info(Logger.SECURITY_SUCCESS, "Set last failed login time to " + lastFailedLoginTime + " for " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setLastHostAddress(String remoteHost) throws AuthenticationHostException
+    {
+        if ( lastHostAddress != null && !lastHostAddress.equals(remoteHost)) {
+            // returning remote address not remote hostname to prevent DNS lookup
+            throw new AuthenticationHostException("Host change", "User session just jumped from " + lastHostAddress + " to " + remoteHost );
+        }
+        lastHostAddress = remoteHost;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setLastLoginTime(Date lastLoginTime) {
+        this.lastLoginTime = lastLoginTime;
+        logger.info(Logger.SECURITY_SUCCESS, "Set last successful login time to " + lastLoginTime + " for " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
+        this.lastPasswordChangeTime = lastPasswordChangeTime;
+        logger.info(Logger.SECURITY_SUCCESS, "Set last password change time to " + lastPasswordChangeTime + " for " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setRoles(Set<String> roles) throws AuthenticationException {
+        this.roles = new HashSet<String>();
+        addRoles(roles);
+        logger.info(Logger.SECURITY_SUCCESS, "Adding roles " + roles + " to " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setScreenName(String screenName) {
+        this.screenName = screenName;
+        logger.info(Logger.SECURITY_SUCCESS, "ScreenName changed to " + screenName + " for " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String toString() {
+        return "USER:" + accountName;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void unlock() {
+        this.locked = false;
+        this.failedLoginCount = 0;
+        logger.info( Logger.SECURITY_SUCCESS, "Account unlocked: " + getAccountName() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean verifyPassword(String password) {
+        return ESAPI.authenticator().verifyPassword(this, password);
+    }
+
+    /**
+     * Override clone and make final to prevent duplicate user objects.
+     * @return Nothing, as clone() is not supported for this class. A CloneNotSupportedException is always thrown for this class.
+     * @throws java.lang.CloneNotSupportedException
+     */
+    public final Object clone() throws java.lang.CloneNotSupportedException {
+          throw new java.lang.CloneNotSupportedException();
+    }
+    /**
+     * @return the locale
+     */
+    public Locale getLocale() {
+        return locale;
+    }
+
+    /**
+     * @param locale the locale to set
+     */
+    public void setLocale(Locale locale) {
+        this.locale = locale;
+    }
+
+    public HashMap getEventMap() {
+        return eventMap;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 85c334323..a458f40db 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -1,1194 +1,1387 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- *
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.text.DateFormat;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.ValidationRule;
-import org.owasp.esapi.Validator;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationAvailabilityException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.reference.validation.CreditCardValidationRule;
-import org.owasp.esapi.reference.validation.DateValidationRule;
-import org.owasp.esapi.reference.validation.HTMLValidationRule;
-import org.owasp.esapi.reference.validation.IntegerValidationRule;
-import org.owasp.esapi.reference.validation.NumberValidationRule;
-import org.owasp.esapi.reference.validation.StringValidationRule;
-
-/**
- * Reference implementation of the Validator interface. This implementation
- * relies on the ESAPI Encoder, Java Pattern (regex), Date,
- * and several other classes to provide basic validation functions. This library
- * has a heavy emphasis on whitelist validation and canonicalization.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- *
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class DefaultValidator implements org.owasp.esapi.Validator {
-    private static volatile Validator instance = null;
-
-    public static Validator getInstance() {
-        if ( instance == null ) {
-            synchronized ( Validator.class ) {
-                if ( instance == null ) {
-                    instance = new DefaultValidator();
-                }
-            }
-        }
-        return instance;
-    }
-
-	/** A map of validation rules */
-	private Map<String, ValidationRule> rules = new HashMap<String, ValidationRule>();
-
-	/** The encoder to use for canonicalization */
-	private Encoder encoder = null;
-
-	/** The encoder to use for file system */
-	private static Validator fileValidator = null;
-
-	/** Initialize file validator with an appropriate set of codecs */
-	static {
-		List<String> list = new ArrayList<String>();
-		list.add( "HTMLEntityCodec" );
-		list.add( "PercentCodec" );
-		Encoder fileEncoder = new DefaultEncoder( list );
-		fileValidator = new DefaultValidator( fileEncoder );
-	}
-
-
-	/**
-	 * Default constructor uses the ESAPI standard encoder for canonicalization.
-	 */
-	public DefaultValidator() {
-	    this.encoder = ESAPI.encoder();
-	}
-
-	/**
-	 * Construct a new DefaultValidator that will use the specified
-	 * Encoder for canonicalization.
-     *
-     * @param encoder
-     */
-	public DefaultValidator( Encoder encoder ) {
-	    this.encoder = encoder;
-	}
-
-
-	/**
-	 * Add a validation rule to the registry using the "type name" of the rule as the key.
-	 */
-	public void addRule( ValidationRule rule ) {
-		rules.put( rule.getTypeName(), rule );
-	}
-
-	/**
-	 * Get a validation rule from the registry with the "type name" of the rule as the key.
-	 */
-	public ValidationRule getRule( String name ) {
-		return rules.get( name );
-	}
-
-
-	/**
-	 * Returns true if data received from browser is valid. Double encoding is treated as an attack. The
-	 * default encoder supports html encoding, URL encoding, and javascript escaping. Input is canonicalized
-	 * by default before validation.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum post-canonicalized String length allowed.
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @return The canonicalized user input.
-	 * @throws IntrusionException
-	 */
-	public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException  {
-		return isValidInput(context, input, type, maxLength, allowNull, true);
-	}
-
-        public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException  {
-		return isValidInput(context, input, type, maxLength, allowNull, true, errors);
-	}
-
-	public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException  {
-		try {
-			getValidInput( context, input, type, maxLength, allowNull, canonicalize);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException  {
-		try {
-			getValidInput( context, input, type, maxLength, allowNull, canonicalize);
-			return true;
-		} catch( ValidationException e ) {
-			errors.addError( context, e );
-			return false;
-		}
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version.
-	 * Double encoding is treated as an attack. The default encoder supports
-	 * html encoding, URL encoding, and javascript escaping. Input is
-	 * canonicalized by default before validation.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name which maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum post-canonicalized String length allowed.
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @return The canonicalized user input.
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException {
-		return getValidInput(context, input, type, maxLength, allowNull, true);
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version. Only
-	 * URL encoding is supported. Double encoding is treated as an attack.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name which maps to the actual regular expression in the ESAPI validation configuration file
-	 * @param maxLength The maximum String length allowed. If input is canonicalized per the canonicalize argument, then maxLength must be verified after canonicalization
-     * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param canonicalize If canonicalize is true then input will be canonicalized before validation
-	 * @return The user input, may be canonicalized if canonicalize argument is true
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException {
-		StringValidationRule rvr = new StringValidationRule( type, encoder );
-		Pattern p = ESAPI.securityConfiguration().getValidationPattern( type );
-		if ( p != null ) {
-			rvr.addWhitelistPattern( p );
-		} else {
-            // Issue 232 - Specify requested type in exception message - CS
-			throw new IllegalArgumentException("The selected type [" + type + "] was not set via the ESAPI validation configuration");
-		}
-		rvr.setMaximumLength(maxLength);
-		rvr.setAllowNull(allowNull);
-		rvr.setValidateInputAndCanonical(canonicalize);
-		return rvr.getValid(context, input);
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version. Only
-	 * URL encoding is supported. Double encoding is treated as an attack. Input
-	 * is canonicalized by default before validation.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum String length allowed. If input is canonicalized per the canonicalize argument, then maxLength must be verified after canonicalization
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param errors If ValidationException is thrown, then add to error list instead of throwing out to caller
-	 * @return The canonicalized user input.
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return getValidInput(context, input, type, maxLength, allowNull, true, errors);
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version. Only
-	 * URL encoding is supported. Double encoding is treated as an attack.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum post-canonicalized String length allowed
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param canonicalize If canonicalize is true then input will be canonicalized before validation
-	 * @param errors If ValidationException is thrown, then add to error list instead of throwing out to caller
-	 * @return The user input, may be canonicalized if canonicalize argument is true
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidInput(context,  input,  type,  maxLength,  allowNull, canonicalize);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) throws IntrusionException {
-		try {
-			getValidDate( context, input, format, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidDate( context, input, format, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException {
-		DateValidationRule dvr = new DateValidationRule( "SimpleDate", encoder, format);
-		dvr.setAllowNull(allowNull);
-		return dvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidDate(context, input, format, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return null
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws IntrusionException {
-		try {
-			getValidSafeHTML( context, input, maxLength, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidSafeHTML( context, input, maxLength, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * This implementation relies on the OWASP AntiSamy project.
-	 */
-	public String getValidSafeHTML( String context, String input, int maxLength, boolean allowNull ) throws ValidationException, IntrusionException {
-		HTMLValidationRule hvr = new HTMLValidationRule( "safehtml", encoder );
-		hvr.setMaximumLength(maxLength);
-		hvr.setAllowNull(allowNull);
-		hvr.setValidateInputAndCanonical(false);
-		return hvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidSafeHTML(context, input, maxLength, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidCreditCard(String context, String input, boolean allowNull) throws IntrusionException {
-		try {
-			getValidCreditCard( context, input, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidCreditCard( context, input, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
-		CreditCardValidationRule ccvr = new CreditCardValidationRule( "creditcard", encoder );
-		ccvr.setAllowNull(allowNull);
-		return ccvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidCreditCard(context, input, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-	 */
-	public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws IntrusionException {
-		try {
-			getValidDirectoryPath( context, input, parent, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-	 */
-	public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidDirectoryPath( context, input, parent, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException {
-		try {
-			if (isEmpty(input)) {
-				if (allowNull) return null;
-       			throw new ValidationException( context + ": Input directory path required", "Input directory path required: context=" + context + ", input=" + input, context );
-			}
-
-			File dir = new File( input );
-
-			// check dir exists and parent exists and dir is inside parent
-			if ( !dir.exists() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, does not exist: context=" + context + ", input=" + input );
-			}
-			if ( !dir.isDirectory() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not a directory: context=" + context + ", input=" + input );
-			}
-			if ( !parent.exists() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent does not exist: context=" + context + ", input=" + input + ", parent=" + parent );
-			}
-			if ( !parent.isDirectory() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
-			}
-			if ( !dir.getCanonicalPath().startsWith(parent.getCanonicalPath() ) ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
-			}
-
-			// check canonical form matches input
-			String canonicalPath = dir.getCanonicalPath();
-			String canonical = fileValidator.getValidInput( context, canonicalPath, "DirectoryName", 255, false);
-			if ( !canonical.equals( input ) ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
-			}
-			return canonical;
-		} catch (Exception e) {
-			throw new ValidationException( context + ": Invalid directory name", "Failure to validate directory path: context=" + context + ", input=" + input, e, context );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-
-		try {
-			return getValidDirectoryPath(context, input, parent, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException {
-		return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull );
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull, errors );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws IntrusionException {
-		try {
-			getValidFileName( context, input, allowedExtensions, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidFileName( context, input, allowedExtensions, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
-		if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
-			throw new ValidationException( "Internal Error", "getValidFileName called with an empty or null list of allowed Extensions, therefore no files can be uploaded" );
-		}
-
-		String canonical = "";
-		// detect path manipulation
-		try {
-			if (isEmpty(input)) {
-				if (allowNull) return null;
-	   			throw new ValidationException( context + ": Input file name required", "Input required: context=" + context + ", input=" + input, context );
-			}
-
-			// do basic validation
-	        canonical = new File(input).getCanonicalFile().getName();
-	        getValidInput( context, input, "FileName", 255, true );
-
-			File f = new File(canonical);
-			String c = f.getCanonicalPath();
-			String cpath = c.substring(c.lastIndexOf(File.separator) + 1);
-
-
-			// the path is valid if the input matches the canonical path
-			if (!input.equals(cpath)) {
-				throw new ValidationException( context + ": Invalid file name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
-			}
-
-		} catch (IOException e) {
-			throw new ValidationException( context + ": Invalid file name", "Invalid file name does not exist: context=" + context + ", canonical=" + canonical, e, context );
-		}
-
-		// verify extensions
-		Iterator<String> i = allowedExtensions.iterator();
-		while (i.hasNext()) {
-			String ext = i.next();
-			if (input.toLowerCase().endsWith(ext.toLowerCase())) {
-				return canonical;
-			}
-		}
-		throw new ValidationException( context + ": Invalid file name does not have valid extension ( "+allowedExtensions+")", "Invalid file name does not have valid extension ( "+allowedExtensions+"): context=" + context+", input=" + input, context );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidFileName(String context, String input, List<String> allowedParameters, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidFileName(context, input, allowedParameters, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException {
-		try {
-			getValidNumber(context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidNumber(context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException {
-		Double minDoubleValue = new Double(minValue);
-		Double maxDoubleValue = new Double(maxValue);
-		return getValidDouble(context, input, minDoubleValue.doubleValue(), maxDoubleValue.doubleValue(), allowNull);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidNumber(context, input, minValue, maxValue, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException {
-        try {
-            getValidDouble( context, input, minValue, maxValue, allowNull );
-            return true;
-        } catch( Exception e ) {
-            return false;
-        }
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-        try {
-            getValidDouble( context, input, minValue, maxValue, allowNull );
-            return true;
-        } catch( ValidationException e ) {
-            errors.addError(context, e);
-            return false;
-        }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException {
-		NumberValidationRule nvr = new NumberValidationRule( "number", encoder, minValue, maxValue );
-		nvr.setAllowNull(allowNull);
-		return nvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidDouble(context, input, minValue, maxValue, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return new Double(Double.NaN);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException {
-		try {
-			getValidInteger( context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidInteger( context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException {
-		IntegerValidationRule ivr = new IntegerValidationRule( "number", encoder, minValue, maxValue );
-		ivr.setAllowNull(allowNull);
-		return ivr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidInteger(context, input, minValue, maxValue, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException {
-		try {
-			getValidFileContent( context, input, maxBytes, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidFileContent( context, input, maxBytes, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException {
-		if (isEmpty(input)) {
-			if (allowNull) return null;
-   			throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + input, context );
-		}
-
-		long esapiMaxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
-		if (input.length > esapiMaxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + esapiMaxBytes + " bytes", "Exceeded ESAPI max length", context );
-		if (input.length > maxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + maxBytes + " bytes", "Exceeded maxBytes ( " + input.length + ")", context );
-
-		return input;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidFileContent(context, input, maxBytes, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// return empty byte array on error
-		return new byte[0];
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-     */
-	public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException {
-		return( isValidFileName( context, filename, allowNull ) &&
-				isValidDirectoryPath( context, directorypath, parent, allowNull ) &&
-				isValidFileContent( context, content, maxBytes, allowNull ) );
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-     */
-	public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return( isValidFileName( context, filename, allowNull, errors ) &&
-				isValidDirectoryPath( context, directorypath, parent, allowNull, errors ) &&
-				isValidFileContent( context, content, maxBytes, allowNull, errors ) );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
-		getValidFileName( context, filename, allowedExtensions, allowNull );
-		getValidDirectoryPath( context, directorypath, parent, allowNull );
-		getValidFileContent( context, content, maxBytes, allowNull );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors)
-		throws IntrusionException {
-		try {
-			assertValidFileUpload(context, filepath, filename, parent, content, maxBytes, allowedExtensions, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-	}
-
-	 /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is a valid list item.
-	 */
-	public boolean isValidListItem(String context, String input, List<String> list) {
-		try {
-			getValidListItem( context, input, list);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is a valid list item.
-	 */
-	public boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errors) {
-		try {
-			getValidListItem( context, input, list);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Returns the list item that exactly matches the canonicalized input. Invalid or non-matching input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 */
-	public String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException {
-		if (list.contains(input)) return input;
-		throw new ValidationException( context + ": Invalid list item", "Invalid list item: context=" + context + ", input=" + input, context );
-	}
-
-
-	/**
-	 * ValidationErrorList variant of getValidListItem
-     *
-     * @param errors
-     */
-	public String getValidListItem(String context, String input, List<String> list, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidListItem(context, input, list);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-	 /**
-	 * {@inheritDoc}
-     */
-	public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames) {
-		try {
-			assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-         /**
-	 * {@inheritDoc}
-     */
-	public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames, ValidationErrorList errors) {
-		try {
-			assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Validates that the parameters in the current request contain all required parameters and only optional ones in
-	 * addition. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * Uses current HTTPRequest
-	 */
-	public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException {
-		Set<String> actualNames = request.getParameterMap().keySet();
-
-		// verify ALL required parameters are present
-		Set<String> missing = new HashSet<String>(required);
-		missing.removeAll(actualNames);
-		if (missing.size() > 0) {
-			throw new ValidationException( context + ": Invalid HTTP request missing parameters", "Invalid HTTP request missing parameters " + missing + ": context=" + context, context );
-		}
-
-		// verify ONLY optional + required parameters are present
-		Set<String> extra = new HashSet<String>(actualNames);
-		extra.removeAll(required);
-		extra.removeAll(optional);
-		if (extra.size() > 0) {
-			throw new ValidationException( context + ": Invalid HTTP request extra parameters " + extra, "Invalid HTTP request extra parameters " + extra + ": context=" + context, context );
-		}
-	}
-
-	/**
-	 * ValidationErrorList variant of assertIsValidHTTPRequestParameterSet
-     *
-	 * Uses current HTTPRequest saved in ESAPI Authenticator
-     * @param errors
-     */
-	public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errors) throws IntrusionException {
-		try {
-			assertValidHTTPRequestParameterSet(context, request, required, optional);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-	 * Checks that all bytes are valid ASCII characters (between 33 and 126
-	 * inclusive). This implementation does no decoding. http://en.wikipedia.org/wiki/ASCII.
-	 */
-	public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-     * {@inheritDoc}
-     *
-	 * Checks that all bytes are valid ASCII characters (between 33 and 126
-	 * inclusive). This implementation does no decoding. http://en.wikipedia.org/wiki/ASCII.
-	 */
-	public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Returns canonicalized and validated printable characters as a byte array. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-     *
-     * @throws IntrusionException
-     */
-	public char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException {
-		if (isEmpty(input)) {
-			if (allowNull) return null;
-   			throw new ValidationException(context + ": Input bytes required", "Input bytes required: HTTP request is null", context );
-		}
-
-		if (input.length > maxLength) {
-			throw new ValidationException(context + ": Input bytes can not exceed " + maxLength + " bytes", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length-maxLength) + " bytes: context=" + context + ", input=" + new String( input ), context);
-		}
-
-		for (int i = 0; i < input.length; i++) {
-			if (input[i] <= 0x20 || input[i] >= 0x7E ) {
-				throw new ValidationException(context + ": Invalid input bytes: context=" + context, "Invalid non-ASCII input bytes, context=" + context + ", input=" + new String( input ), context);
-			}
-		}
-		return input;
-	}
-
-	/**
-	 * ValidationErrorList variant of getValidPrintable
-     *
-     * @param errors
-     */
-	public char[] getValidPrintable(String context, char[] input,int maxLength, boolean allowNull, ValidationErrorList errors)
-		throws IntrusionException {
-
-		try {
-			return getValidPrintable(context, input, maxLength, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-
-	 /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is valid printable ASCII characters (32-126).
-	 */
-	public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is valid printable ASCII characters (32-126).
-	 */
-	public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Returns canonicalized and validated printable characters as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-     *
-     * @throws IntrusionException
-     */
-	public String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException {
-		try {
-    		String canonical = encoder.canonicalize(input);
-    		return new String( getValidPrintable( context, canonical.toCharArray(), maxLength, allowNull) );
-	    //TODO - changed this to base Exception since we no longer need EncodingException
-    	//TODO - this is a bit lame: we need to re-think this function.
-		} catch (Exception e) {
-	        throw new ValidationException( context + ": Invalid printable input", "Invalid encoding of printable input, context=" + context + ", input=" + input, e, context);
-	    }
-	}
-
-	/**
-	 * ValidationErrorList variant of getValidPrintable
-     *
-     * @param errors
-     */
-	public String getValidPrintable(String context, String input,int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidPrintable(context, input, maxLength, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-
-	/**
-	 * Returns true if input is a valid redirect location.
-	 */
-	public boolean isValidRedirectLocation(String context, String input, boolean allowNull) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull);
-	}
-
-        /**
-	 * Returns true if input is a valid redirect location.
-	 */
-	public boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull, errors);
-	}
-
-
-	/**
-	 * Returns a canonicalized and validated redirect location as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 */
-	public String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
-		return ESAPI.validator().getValidInput( context, input, "Redirect", 512, allowNull);
-	}
-
-	/**
-	 * ValidationErrorList variant of getValidRedirectLocation
-     *
-     * @param errors
-     */
-	public String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidRedirectLocation(context, input, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-	 * This implementation reads until a newline or the specified number of
-	 * characters.
-     *
-     * @param in
-     * @param max
-     */
-	public String safeReadLine(InputStream in, int max) throws ValidationException {
-		if (max <= 0) {
-			throw new ValidationAvailabilityException( "Invalid input", "Invalid readline. Must read a positive number of bytes from the stream");
-		}
-
-		StringBuilder sb = new StringBuilder();
-		int count = 0;
-		int c;
-
-		try {
-			while (true) {
-				c = in.read();
-				if ( c == -1 ) {
-					if (sb.length() == 0) {
-						return null;
-					}
-					break;
-				}
-				if (c == '\n' || c == '\r') {
-					break;
-				}
-				count++;
-				if (count > max) {
-					throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Read more than maximum characters allowed (" + max + ")");
-				}
-				sb.append((char) c);
-			}
-			return sb.toString();
-		} catch (IOException e) {
-			throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Problem reading from input stream", e);
-		}
-	}
-
-	/**
-	 * Helper function to check if a String is empty
-	 *
-	 * @param input string input value
-	 * @return boolean response if input is empty or not
-	 */
-	private final boolean isEmpty(String input) {
-		return (input==null || input.trim().length() == 0);
-	}
-
-	/**
-	 * Helper function to check if a byte array is empty
-	 *
-	 * @param input string input value
-	 * @return boolean response if input is empty or not
-	 */
-	private final boolean isEmpty(byte[] input) {
-		return (input==null || input.length == 0);
-	}
-
-
-	/**
-	 * Helper function to check if a char array is empty
-	 *
-	 * @param input string input value
-	 * @return boolean response if input is empty or not
-	 */
-	private final boolean isEmpty(char[] input) {
-		return (input==null || input.length == 0);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ *
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationAvailabilityException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.CreditCardValidationRule;
+import org.owasp.esapi.reference.validation.DateValidationRule;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+import org.owasp.esapi.reference.validation.IntegerValidationRule;
+import org.owasp.esapi.reference.validation.NumberValidationRule;
+import org.owasp.esapi.reference.validation.StringValidationRule;
+
+/**
+ * Reference implementation of the {@code Validator} interface. This implementation
+ * relies on the ESAPI {@code Encoder}, {@link java.util.regex.Pattern},
+ * {@link java.util.Date},
+ * and several other classes to provide basic validation functions. This library
+ * has a heavy emphasis on allow-list validation and canonicalization.
+ * <p>
+ * <b>A Note about Canonicalization</b>:
+ * The behaviors of objects of this class are largely driven by how the
+ * associated {@code Encoder} is created and passed to one of this
+ * class' constructors. Specifically, what {@link org.owasp.esapi.codecs.Codec}
+ * types are referenced by the {@link org.owasp.esapi.Encoder} instance
+ * associated with this particular {@code DefaultValidator} instance. In places
+ * where the default {@code Encoder} instance is used, the behavior is driven
+ * by three ESAPI properties as defined in the <b>ESAPI.properties</b> file.
+ * These property names and their default values (as delivered in ESAPI's
+ * "configuration" jar) are as follows:
+ * <pre>
+ * Encoder.AllowMultipleEncoding=false
+ * Encoder.AllowMixedEncoding=false
+ * Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+ * </pre>
+ * In places where canonicalization is checked, multiple
+ * encoding (the first property, which refers to encoding in the <i>same</i> manner
+ * more than once) or mixed encoding (the second property, which refers to
+ * encoding using multiple <i>different</i> encoding mechanisms) are generally
+ * considered attacks unless these respective property values are set to
+ * "true".
+ * </p><p>
+ * Note that changing any of these three properties may affect the behavior as
+ * documented in this class' methods.
+ * </p>
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @author Matt Seil (mseil .at. acm.org)
+ *
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ * @see org.owasp.esapi.Encoder
+ * @see org.owasp.esapi.Encoder#canonicalize(String,boolean,boolean)
+ */
+public class DefaultValidator implements org.owasp.esapi.Validator {
+    private static Logger logger = ESAPI.log();
+    private static volatile Validator instance = null;
+    private static boolean alreadyLogged = false;
+
+    public static Validator getInstance() {
+        if ( instance == null ) {
+            synchronized ( Validator.class ) {
+                if ( instance == null ) {
+                    instance = new DefaultValidator();
+                }
+            }
+        }
+        return instance;
+    }
+
+    /** A map of validation rules */
+    private Map<String, ValidationRule> rules = new HashMap<String, ValidationRule>();
+
+    /** The encoder to use for canonicalization */
+    private Encoder encoder = null;
+
+    /** The encoder to use for file system */
+    private static Validator fileValidator = null;
+
+    /* Initialize file validator with an appropriate set of codecs */
+    static {
+        List<String> list = new ArrayList<String>();
+        list.add( "HTMLEntityCodec" );
+        list.add( "PercentCodec" );
+        Encoder fileEncoder = new DefaultEncoder( list );
+        fileValidator = new DefaultValidator( fileEncoder );
+    }
+
+
+    /**
+     * Default constructor uses the ESAPI standard encoder for canonicalization.
+     * This uses an {@code Encoder} created based on the {@code Codec}s
+     * specified by the value of the {@code Encoder.DefaultCodecList} ESAPI
+     * property as defined in your <b>ESAPI.properties</b> file.
+     */
+    public DefaultValidator() {
+        this.encoder = ESAPI.encoder();
+    }
+
+    /**
+     * Construct a new DefaultValidator that will use the specified
+     * {@code Encoder} for canonicalization.
+     * @param encoder The specially constructed ESAPI {@code Encoder} instance
+     *                that uses a custom list of {@code Codec}s for
+     *                canonicalization purposes. See
+     *                {@link org.owasp.esapi.Encoder#canonicalize(String,boolean,boolean)}
+     *                for an example of how to create a custom {@code Encoder}.
+     */
+    public DefaultValidator( Encoder encoder ) {
+        this.encoder = encoder;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void addRule(ValidationRule rule ) {
+        rules.put( rule.getTypeName(), rule );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public ValidationRule getRule(String name ) {
+        return rules.get( name );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     */
+    @Override
+    public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException  {
+        return isValidInput(context, input, type, maxLength, allowNull, true);
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     */
+    @Override
+    public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors)  {
+        return isValidInput(context, input, type, maxLength, allowNull, true, errors);
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) {
+        try {
+            getValidInput( context, input, type, maxLength, allowNull, canonicalize);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     */
+    @Override
+    public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException  {
+        try {
+            getValidInput( context, input, type, maxLength, allowNull, canonicalize);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError( context, e );
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     */
+    @Override
+    public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException {
+        return getValidInput(context, input, type, maxLength, allowNull, true);
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     */
+    @Override
+    public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException {
+        StringValidationRule rvr = new StringValidationRule( type, encoder );
+        Pattern p = ESAPI.securityConfiguration().getValidationPattern( type );
+        if ( p != null ) {
+            rvr.addWhitelistPattern( p );
+        } else {
+            // Issue 232 - Specify requested type in exception message - CS
+            throw new IllegalArgumentException("The selected type [" + type + "] was not set via the ESAPI validation configuration");
+        }
+        rvr.setMaximumLength(maxLength);
+        rvr.setAllowNull(allowNull);
+        rvr.setCanonicalize(canonicalize);
+        return rvr.getValid(context, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     */
+    @Override
+    public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        return getValidInput(context, input, type, maxLength, allowNull, true, errors);
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Double encoding is treated as an attack.
+     * The canonicalization behavior is controlled by the instance's associated ESAPI
+     * {@code Encoder} and generally driven through the ESAPI property
+     * {@code Encoder.DefaultCodecList} specified in the <b>ESAPI.properties</b>
+     * file. See the class level documentation section "<b>A Note about Canonicalization</b>"
+     * for additional details.
+     */
+    @Override
+    public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidInput(context,  input,  type,  maxLength,  allowNull, canonicalize);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+
+        return "";
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) {
+        try {
+            getValidDate( context, input, format, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        getValidDate( context, input, format, allowNull, errors);
+        return errors.isEmpty();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException {
+
+        ValidationErrorList vel = new ValidationErrorList();
+        Date validDate =  getValidDate(context, input, format, allowNull, vel);
+
+        if (vel.isEmpty()) {
+            return validDate;
+        }
+
+        throw vel.errors().get(0);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        DateValidationRule dvr = new DateValidationRule( "SimpleDate", encoder, format);
+        dvr.setAllowNull(allowNull);
+        Date safeDate = dvr.sanitize(context, input, errors);
+        if (!errors.isEmpty()) {
+            safeDate = null;
+        }
+        // error has been added to list, so return null
+        return safeDate;
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation relies on the <a href="https://owasp.org/www-project-antisamy/">OWASP AntiSamy project</a>.
+     */
+    @Override
+    public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull ) throws ValidationException, IntrusionException {
+        HTMLValidationRule hvr = new HTMLValidationRule( "safehtml", encoder );
+        hvr.setMaximumLength(maxLength);
+        hvr.setAllowNull(allowNull);
+        return hvr.getValid(context, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidSafeHTML(context, input, maxLength, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+
+        return "";
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidCreditCard(String context, String input, boolean allowNull) {
+        try {
+            getValidCreditCard( context, input, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidCreditCard( context, input, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
+        CreditCardValidationRule ccvr = new CreditCardValidationRule( "creditcard", encoder );
+        ccvr.setAllowNull(allowNull);
+        return ccvr.getValid(context, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidCreditCard(context, input, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+
+        return "";
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+     * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+     * path (/private/etc), not the symlink (/etc).</p>
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) {
+        try {
+            getValidDirectoryPath( context, input, parent, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+     * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+     * path (/private/etc), not the symlink (/etc).</p>
+     */
+    @Override
+    public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidDirectoryPath( context, input, parent, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+     * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+     * path (/private/etc), not the symlink (/etc).</p>
+     */
+    @Override
+    public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException {
+        try {
+            if (isEmpty(input)) {
+                if (allowNull) {
+                    return null;
+                }
+                throw new ValidationException( context + ": Input directory path required", "Input directory path required: context=" + context + ", input=" + input, context );
+            }
+
+            File dir = new File( input );
+
+            // check dir exists and parent exists and dir is inside parent
+            if ( !dir.exists() ) {
+                throw new ValidationException( context + ": Invalid directory name", "Invalid directory, does not exist: context=" + context + ", input=" + input );
+            }
+            if ( !dir.isDirectory() ) {
+                throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not a directory: context=" + context + ", input=" + input );
+            }
+            if ( !parent.exists() ) {
+                throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent does not exist: context=" + context + ", input=" + input + ", parent=" + parent );
+            }
+            if ( !parent.isDirectory() ) {
+                throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
+            }
+            if ( !dir.getCanonicalFile().toPath().startsWith( parent.getCanonicalFile().toPath() ) ) { // Fixes GHSL-2022-008
+                throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
+            }
+
+            // check canonical form matches input
+            String canonicalPath = dir.getCanonicalPath();
+            String canonical = fileValidator.getValidInput( context, canonicalPath, "DirectoryName", 255, false);
+            if ( !canonical.equals( input ) ) {
+                throw new ValidationException( context + ": Invalid directory name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
+            }
+            return canonical;
+        } catch (Exception e) {
+            throw new ValidationException( context + ": Invalid directory name", "Failure to validate directory path: context=" + context + ", input=" + input, e, context );
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+     * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+     * path (/private/etc), not the symlink (/etc).</p>
+     */
+    @Override
+    public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+
+        try {
+            return getValidDirectoryPath(context, input, parent, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+
+        return "";
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException {
+        return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull, errors );
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) {
+        try {
+            getValidFileName( context, input, allowedExtensions, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidFileName( context, input, allowedExtensions, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
+        if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
+            throw new ValidationException( "Internal Error", "getValidFileName called with an empty or null list of allowed Extensions, therefore no files can be uploaded" );
+        }
+
+        String canonical = "";
+        // detect path manipulation
+        try {
+            if (isEmpty(input)) {
+                if (allowNull) {
+                    return null;
+                }
+                throw new ValidationException( context + ": Input file name required", "Input required: context=" + context + ", input=" + input, context );
+            }
+
+            // do basic validation
+            canonical = new File(input).getCanonicalFile().getName();
+            getValidInput( context, input, "FileName", 255, true );
+
+            File f = new File(canonical);
+            String c = f.getCanonicalPath();
+            String cpath = c.substring(c.lastIndexOf(File.separator) + 1);
+
+
+            // the path is valid if the input matches the canonical path
+            if (!input.equals(cpath)) {
+                throw new ValidationException( context + ": Invalid file name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
+            }
+
+        } catch (IOException e) {
+            throw new ValidationException( context + ": Invalid file name", "Invalid file name does not exist: context=" + context + ", canonical=" + canonical, e, context );
+        }
+
+        // verify extensions
+        Iterator<String> i = allowedExtensions.iterator();
+        while (i.hasNext()) {
+            String ext = i.next();
+            if (input.toLowerCase().endsWith(ext.toLowerCase())) {
+                return canonical;
+            }
+        }
+        throw new ValidationException( context + ": Invalid file name does not have valid extension ( "+allowedExtensions+")", "Invalid file name does not have valid extension ( "+allowedExtensions+"): context=" + context+", input=" + input, context );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidFileName(String context, String input, List<String> allowedParameters, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidFileName(context, input, allowedParameters, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+
+        return "";
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) {
+        try {
+            getValidNumber(context, input, minValue, maxValue, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidNumber(context, input, minValue, maxValue, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException {
+        Double minDoubleValue = new Double(minValue);
+        Double maxDoubleValue = new Double(maxValue);
+        return getValidDouble(context, input, minDoubleValue.doubleValue(), maxDoubleValue.doubleValue(), allowNull);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidNumber(context, input, minValue, maxValue, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) {
+        try {
+            getValidDouble( context, input, minValue, maxValue, allowNull );
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidDouble( context, input, minValue, maxValue, allowNull );
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException {
+        NumberValidationRule nvr = new NumberValidationRule( "number", encoder, minValue, maxValue );
+        nvr.setAllowNull(allowNull);
+        return nvr.getValid(context, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidDouble(context, input, minValue, maxValue, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+
+        return new Double(Double.NaN);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException {
+        try {
+            getValidInteger( context, input, minValue, maxValue, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidInteger( context, input, minValue, maxValue, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException {
+        IntegerValidationRule ivr = new IntegerValidationRule( "number", encoder, minValue, maxValue );
+        ivr.setAllowNull(allowNull);
+        return ivr.getValid(context, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidInteger(context, input, minValue, maxValue, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+        // error has been added to list, so return original input
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) {
+        try {
+            getValidFileContent( context, input, maxBytes, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidFileContent( context, input, maxBytes, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException {
+        if (isEmpty(input)) {
+            if (allowNull) {
+                return null;
+            }
+            throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + Arrays.toString(input), context );
+        }
+
+        long esapiMaxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
+        if (input.length > esapiMaxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + esapiMaxBytes + " bytes", "Exceeded ESAPI max length", context );
+        if (input.length > maxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + maxBytes + " bytes", "Exceeded maxBytes ( " + input.length + ")", context );
+
+        return input;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidFileContent(context, input, maxBytes, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+        // return empty byte array on error
+        return new byte[0];
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+     * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+     * path (/private/etc), not the symlink (/etc).</p>
+     */
+    @Override
+    public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException {
+        return( isValidFileName( context, filename, allowNull ) &&
+                isValidDirectoryPath( context, directorypath, parent, allowNull ) &&
+                isValidFileContent( context, content, maxBytes, allowNull ) );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+     * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+     * path (/private/etc), not the symlink (/etc).</p>
+     */
+    @Override
+    public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        return( isValidFileName( context, filename, allowNull, errors ) &&
+                isValidDirectoryPath( context, directorypath, parent, allowNull, errors ) &&
+                isValidFileContent( context, content, maxBytes, allowNull, errors ) );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void assertValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
+        getValidFileName( context, filename, allowedExtensions, allowNull );
+        getValidDirectoryPath( context, directorypath, parent, allowNull );
+        getValidFileContent( context, content, maxBytes, allowNull );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors)
+        throws IntrusionException {
+        try {
+            assertValidFileUpload(context, filepath, filename, parent, content, maxBytes, allowedExtensions, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidListItem(String context, String input, List<String> list) {
+        try {
+            getValidListItem( context, input, list);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errors) {
+        try {
+            getValidListItem( context, input, list);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException {
+        if (list.contains(input)) return input;
+        throw new ValidationException( context + ": Invalid list item", "Invalid list item: context=" + context + ", input=" + input, context );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidListItem(String context, String input, List<String> list, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidListItem(context, input, list);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+        // error has been added to list, so return original input
+        return input;
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     */
+    @Override
+    public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames) {
+        try {
+            assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames, ValidationErrorList errors) {
+        try {
+            assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException {
+        Set<String> actualNames = request.getParameterMap().keySet();
+
+        // verify ALL required parameters are present
+        Set<String> missing = new HashSet<String>(required);
+        missing.removeAll(actualNames);
+        if (missing.size() > 0) {
+            throw new ValidationException( context + ": Invalid HTTP request missing parameters", "Invalid HTTP request missing parameters " + missing + ": context=" + context, context );
+        }
+
+        // verify ONLY optional + required parameters are present
+        Set<String> extra = new HashSet<String>(actualNames);
+        extra.removeAll(required);
+        extra.removeAll(optional);
+        if (extra.size() > 0) {
+            throw new ValidationException( context + ": Invalid HTTP request extra parameters " + extra, "Invalid HTTP request extra parameters " + extra + ": context=" + context, context );
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errors) throws IntrusionException {
+        try {
+            assertValidHTTPRequestParameterSet(context, request, required, optional);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Checks that all bytes are valid ASCII characters (between 33 and 126 inclusive).
+     * This implementation does no decoding.
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) {
+        try {
+            getValidPrintable( context, input, maxLength, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Checks that all bytes are valid ASCII characters (between 33 and 126
+     * inclusive). This implementation does no decoding.
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidPrintable( context, input, maxLength, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Input is valid if it only contains printable ASCII characters (33-126 inclusive).
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException {
+        if (isEmpty(input)) {
+            if (allowNull) {
+                return null;
+            }
+            throw new ValidationException(context + ": Input bytes required", "Input bytes required: HTTP request is null", context );
+        }
+
+        if (input.length > maxLength) {
+            throw new ValidationException(context + ": Input bytes can not exceed " + maxLength + " bytes", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length-maxLength) + " bytes: context=" + context + ", input=" + new String( input ), context);
+        }
+
+        for (int i = 0; i < input.length; i++) {
+            if (input[i] <= 0x20 || input[i] >= 0x7E ) {
+                throw new ValidationException(context + ": Invalid input bytes: context=" + context, "Invalid non-ASCII input bytes, context=" + context + ", input=" + new String( input ), context);
+            }
+        }
+        return input;
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Input is valid if it only contains printable ASCII characters (33-126 inclusive).
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errors)
+        throws IntrusionException {
+
+        try {
+            return getValidPrintable(context, input, maxLength, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+        // error has been added to list, so return original input
+        return input;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Returns true if input is valid printable ASCII characters (33-126 inclusive).
+     * <p>
+     * This implementation does not throw {@link IntrusionException}.
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) {
+        try {
+            getValidPrintable( context, input, maxLength, allowNull);
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Returns true if input is valid printable ASCII characters (33-126 inclusive).
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidPrintable( context, input, maxLength, allowNull);
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * Input is valid if it only contains printable ASCII characters (33-126 inclusive).
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException {
+        try {
+            String canonical = encoder.canonicalize(input);
+            return new String( getValidPrintable( context, canonical.toCharArray(), maxLength, allowNull) );
+        //TODO - changed this to base Exception since we no longer need EncodingException
+        //TODO - this is a bit lame: we need to re-think this function.
+        } catch (Exception e) {
+            throw new ValidationException( context + ": Invalid printable input", "Invalid encoding of printable input, context=" + context + ", input=" + input, e, context);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Input is valid if it only contains printable ASCII characters (33-126 inclusive).
+     *
+     * @see <a href="https://en.wikipedia.org/wiki/ASCII">Wikipedia - ASCII</a>
+     */
+    @Override
+    public String getValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidPrintable(context, input, maxLength, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+        // error has been added to list, so return original input
+        return input;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidRedirectLocation(String context, String input, boolean allowNull) throws IntrusionException {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        return ESAPI.validator().isValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        return ESAPI.validator().isValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull, errors);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        return ESAPI.validator().getValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            return getValidRedirectLocation(context, input, allowNull);
+        } catch (ValidationException e) {
+            errors.addError(context, e);
+        }
+        // error has been added to list, so return original input
+        return input;
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p>
+     * This implementation reads until a newline or the specified number of
+     * characters.
+     */
+    @Override
+    public String safeReadLine(InputStream in, int max) throws ValidationException {
+        if (max <= 0) {
+            throw new ValidationAvailabilityException( "Invalid input", "Invalid readline. Must read a positive number of bytes from the stream");
+        }
+
+        StringBuilder sb = new StringBuilder();
+        int count = 0;
+        int c;
+
+        try {
+            while (true) {
+                c = in.read();
+                if ( c == -1 ) {
+                    if (sb.length() == 0) {
+                        return null;
+                    }
+                    break;
+                }
+                if (c == '\n' || c == '\r') {
+                    break;
+                }
+                count++;
+                if (count > max) {
+                    throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Read more than maximum characters allowed (" + max + ")");
+                }
+                sb.append((char) c);
+            }
+            return sb.toString();
+        } catch (IOException e) {
+            throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Problem reading from input stream", e);
+        }
+    }
+
+    /**
+     * Helper function to check if a String is empty
+     *
+     * @param input string input value
+     * @return boolean response if input is empty or not
+     */
+    private final boolean isEmpty(String input) {
+        return (input==null || input.trim().length() == 0);
+    }
+
+    /**
+     * Helper function to check if a byte array is empty
+     *
+     * @param input string input value
+     * @return boolean response if input is empty or not
+     */
+    private final boolean isEmpty(byte[] input) {
+        return (input==null || input.length == 0);
+    }
+
+
+    /**
+     * Helper function to check if a char array is empty
+     *
+     * @param input string input value
+     * @return boolean response if input is empty or not
+     */
+    private final boolean isEmpty(char[] input) {
+        return (input==null || input.length == 0);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean isValidURI(String context, String input, boolean allowNull) {
+        boolean isValid = false;
+        boolean inputIsNullOrEmpty = input == null || "".equals(input);
+        Encoder encoder = ESAPI.encoder();
+        try{
+            URI compliantURI = null == input ? new URI("") :  this.getRfcCompliantURI(input);
+            if(null != compliantURI && input != null){
+                String canonicalizedURI = encoder.getCanonicalizedURI(compliantURI);
+                //if getCanonicalizedURI doesn't throw an IntrusionException, then the URI contains no mixed or
+                //double-encoding attacks.
+                logger.debug(Logger.SECURITY_SUCCESS, "We did not detect any mixed or multiple encoding in the uri:[" + input + "]");
+                Validator v = ESAPI.validator();
+                //This part will use the regex from validation.properties.  This regex should be super-simple, and
+                //used mainly to restrict certain parts of a URL.
+                Pattern p = ESAPI.securityConfiguration().getValidationPattern( "URL" );
+                if(p != null){
+                    //We're doing this instead of using the normal validator API, because it will canonicalize the input again
+                    //and if the URI has any queries that also happen to match HTML entities, like &para;
+                    //it will cease conforming to the regex we now specify for a URL.
+                    isValid = p.matcher(canonicalizedURI).matches();
+                }else{
+                    logger.error(Logger.EVENT_FAILURE, "Invalid regex pulled from configuration.  Check the regex for URL and correct.");
+                }
+            }else{
+                if(allowNull && inputIsNullOrEmpty ){
+                    isValid = true;
+                }
+            }
+
+        }catch (IntrusionException e){
+            logger.error(Logger.SECURITY_FAILURE, e.getMessage());
+            isValid = false;
+        } catch (URISyntaxException e) {
+            logger.error(Logger.EVENT_FAILURE, e.getMessage());
+        }
+
+
+        return isValid;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public URI getRfcCompliantURI(String input){
+        URI rval = null;
+        try {
+            rval = new URI(input);
+        } catch (URISyntaxException e) {
+            logger.error(Logger.EVENT_FAILURE, e.getMessage());
+        }
+        return rval;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
index 6b76c5e91..111e3f8be 100644
--- a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -1,725 +1,754 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.owasp.esapi.*;
-import org.owasp.esapi.errors.*;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * Reference implementation of the Authenticator interface. This reference implementation is backed by a simple text
- * file that contains serialized information about users. Many organizations will want to create their own
- * implementation of the methods provided in the Authenticator interface backed by their own user repository. This
- * reference implementation captures information about users in a simple text file format that contains user information
- * separated by the pipe "|" character. Here's an example of a single line from the users.txt file:
- * <p/>
- * <PRE>
- * <p/>
- * account id | account name | hashed password | roles | lockout | status | old password hashes | last
- * hostname | last change | last login | last failed | expiration | failed
- * ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- * 1203123710837 | mitch | 44k/NAzQUlrCq9musTGGkcMNmdzEGJ8w8qZTLzpxLuQ= | admin,user | unlocked | enabled |
- * u10dW4vTo3ZkoM5xP+blayWCz7KdPKyKUojOn9GJobg= | 192.168.1.255 | 1187201000926 | 1187200991568 | 1187200605330 |
- * 2187200605330 | 1
- * <p/>
- * </PRE>
- *
- * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
- * @see org.owasp.esapi.Authenticator
- * @since June 1, 2007
- */
-public class FileBasedAuthenticator extends AbstractAuthenticator {
-
-    private static volatile Authenticator singletonInstance;
-
-    public static Authenticator getInstance()
-    {
-        if ( singletonInstance == null ) {
-            synchronized ( FileBasedAuthenticator.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new FileBasedAuthenticator();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    /**
-     * The logger.
-     */
-    private final Logger logger = ESAPI.getLogger("Authenticator");
-
-    /**
-     * The file that contains the user db
-     */
-    private File userDB = null;
-
-    /**
-     * How frequently to check the user db for external modifications
-     */
-    private long checkInterval = 60 * 1000;
-
-    /**
-     * The last modified time we saw on the user db.
-     */
-    private long lastModified = 0;
-
-    /**
-     * The last time we checked if the user db had been modified externally
-     */
-    private long lastChecked = 0;
-
-    private static final int MAX_ACCOUNT_NAME_LENGTH = 250;
-
-    /**
-     * Fail safe main program to add or update an account in an emergency.
-     * <p/>
-     * Warning: this method does not perform the level of validation and checks
-     * generally required in ESAPI, and can therefore be used to create a username and password that do not comply
-     * with the username and password strength requirements.
-     * <p/>
-     * Example: Use this to add the alice account with the admin role to the users file:
-     * <PRE>
-     * <p/>
-     * java -Dorg.owasp.esapi.resources="/path/resources" -classpath esapi.jar org.owasp.esapi.Authenticator alice password admin
-     * <p/>
-     * </PRE>
-     *
-     * @param args the arguments (username, password, role)
-     * @throws Exception the exception
-     */
-    public static void main(String[] args) throws Exception {
-        if (args.length != 3) {
-            System.out.println("Usage: Authenticator accountname password role");
-            return;
-        }
-        FileBasedAuthenticator auth = new FileBasedAuthenticator();
-        String accountName = args[0].toLowerCase();
-        String password = args[1];
-        String role = args[2];
-        DefaultUser user = (DefaultUser) auth.getUser(args[0]);
-        if (user == null) {
-            user = new DefaultUser(accountName);
-            String newHash = auth.hashPassword(password, accountName);
-            auth.setHashedPassword(user, newHash);
-            user.addRole(role);
-            user.enable();
-            user.unlock();
-            auth.userMap.put(user.getAccountId(), user);
-            System.out.println("New user created: " + accountName);
-            auth.saveUsers();
-            System.out.println("User account " + user.getAccountName() + " updated");
-        } else {
-            System.err.println("User account " + user.getAccountName() + " already exists!");
-        }
-    }
-
-    /**
-     * Add a hash to a User's hashed password list.  This method is used to store a user's old password hashes
-     * to be sure that any new passwords are not too similar to old passwords.
-     *
-     * @param user the user to associate with the new hash
-     * @param hash the hash to store in the user's password hash list
-     */
-    private void setHashedPassword(User user, String hash) {
-        List<String> hashes = getAllHashedPasswords(user, true);
-        hashes.add(0, hash);
-        if (hashes.size() > ESAPI.securityConfiguration().getMaxOldPasswordHashes()) {
-            hashes.remove(hashes.size() - 1);
-        }
-        logger.info(Logger.SECURITY_SUCCESS, "New hashed password stored for " + user.getAccountName());
-    }
-
-    /**
-     * Return the specified User's current hashed password.
-     *
-     * @param user this User's current hashed password will be returned
-     * @return the specified User's current hashed password
-     */
-    String getHashedPassword(User user) {
-        List hashes = getAllHashedPasswords(user, false);
-        return (String) hashes.get(0);
-    }
-
-    /**
-     * Set the specified User's old password hashes.  This will not set the User's current password hash.
-     *
-     * @param user      the User whose old password hashes will be set
-     * @param oldHashes a list of the User's old password hashes     *
-     */
-    void setOldPasswordHashes(User user, List<String> oldHashes) {
-        List<String> hashes = getAllHashedPasswords(user, true);
-        if (hashes.size() > 1) {
-            hashes.removeAll(hashes.subList(1, hashes.size() - 1));
-        }
-        hashes.addAll(oldHashes);
-    }
-
-    /**
-     * Returns all of the specified User's hashed passwords.  If the User's list of passwords is null,
-     * and create is set to true, an empty password list will be associated with the specified User
-     * and then returned. If the User's password map is null and create is set to false, an exception
-     * will be thrown.
-     *
-     * @param user   the User whose old hashes should be returned
-     * @param create true - if no password list is associated with this user, create one
-     *               false - if no password list is associated with this user, do not create one
-     * @return a List containing all of the specified User's password hashes
-     */
-    List<String> getAllHashedPasswords(User user, boolean create) {
-        List<String> hashes = passwordMap.get(user);
-        if (hashes != null) {
-            return hashes;
-        }
-        if (create) {
-            hashes = new ArrayList<String>();
-            passwordMap.put(user, hashes);
-            return hashes;
-        }
-        throw new RuntimeException("No hashes found for " + user.getAccountName() + ". Is User.hashcode() and equals() implemented correctly?");
-    }
-
-    /**
-     * Get a List of the specified User's old password hashes.  This will not return the User's current
-     * password hash.
-     *
-     * @param user he user whose old password hashes should be returned
-     * @return the specified User's old password hashes
-     */
-    List<String> getOldPasswordHashes(User user) {
-        List<String> hashes = getAllHashedPasswords(user, false);
-        if (hashes.size() > 1) {
-            return Collections.unmodifiableList(hashes.subList(1, hashes.size() - 1));
-        }
-        return Collections.emptyList();
-    }
-
-    /**
-     * The user map.
-     */
-    private Map<Long, User> userMap = new HashMap<Long, User>();
-
-    // Map<User, List<String>>, where the strings are password hashes, with the current hash in entry 0
-    private Map<User, List<String>> passwordMap = new Hashtable<User, List<String>>();
-
-
-
-    /**
-     *
-     */
-    private FileBasedAuthenticator() {
-    	super();
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized User createUser(String accountName, String password1, String password2) throws AuthenticationException {
-        loadUsersIfNecessary();
-        if (accountName == null) {
-            throw new AuthenticationAccountsException("Account creation failed", "Attempt to create user with null accountName");
-        }
-        if (getUser(accountName) != null) {
-            throw new AuthenticationAccountsException("Account creation failed", "Duplicate user creation denied for " + accountName);
-        }
-
-        verifyAccountNameStrength(accountName);
-
-        if (password1 == null) {
-            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account " + accountName + " with a null password");
-        }
-        
-        DefaultUser user = new DefaultUser(accountName);
-        
-        verifyPasswordStrength(null, password1, user);
-
-        if (!password1.equals(password2)) {
-            throw new AuthenticationCredentialsException("Passwords do not match", "Passwords for " + accountName + " do not match");
-        }
-
-        try {
-            setHashedPassword(user, hashPassword(password1, accountName));
-        } catch (EncryptionException ee) {
-            throw new AuthenticationException("Internal error", "Error hashing password for " + accountName, ee);
-        }
-        userMap.put(user.getAccountId(), user);
-        logger.info(Logger.SECURITY_SUCCESS, "New user created: " + accountName);
-        saveUsers();
-        return user;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public String generateStrongPassword() {
-        return generateStrongPassword("");
-    }
-
-    /**
-     * Generate a strong password that is not similar to the specified old password.
-     *
-     * @param oldPassword the password to be compared to the new password for similarity
-     * @return a new strong password that is dissimilar to the specified old password
-     */
-    private String generateStrongPassword(String oldPassword) {
-        Randomizer r = ESAPI.randomizer();
-        int letters = r.getRandomInteger(4, 6);  // inclusive, exclusive
-        int digits = 7 - letters;
-        String passLetters = r.getRandomString(letters, EncoderConstants.CHAR_PASSWORD_LETTERS);
-        String passDigits = r.getRandomString(digits, EncoderConstants.CHAR_PASSWORD_DIGITS);
-        String passSpecial = r.getRandomString(1, EncoderConstants.CHAR_PASSWORD_SPECIALS);
-        String newPassword = passLetters + passSpecial + passDigits;
-        if (StringUtilities.getLevenshteinDistance(oldPassword, newPassword) > 5) {
-            return newPassword;
-        }
-        return generateStrongPassword(oldPassword);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public void changePassword(User user, String currentPassword,
-                               String newPassword, String newPassword2)
-            throws AuthenticationException {
-        String accountName = user.getAccountName();
-        try {
-            String currentHash = getHashedPassword(user);
-            String verifyHash = hashPassword(currentPassword, accountName);
-            if (!currentHash.equals(verifyHash)) {
-                throw new AuthenticationCredentialsException("Password change failed", "Authentication failed for password change on user: " + accountName);
-            }
-            if (newPassword == null || newPassword2 == null || !newPassword.equals(newPassword2)) {
-                throw new AuthenticationCredentialsException("Password change failed", "Passwords do not match for password change on user: " + accountName);
-            }
-            verifyPasswordStrength(currentPassword, newPassword, user);
-            user.setLastPasswordChangeTime(new Date());
-            String newHash = hashPassword(newPassword, accountName);
-            if (getOldPasswordHashes(user).contains(newHash)) {
-                throw new AuthenticationCredentialsException("Password change failed", "Password change matches a recent password for user: " + accountName);
-            }
-            setHashedPassword(user, newHash);
-            logger.info(Logger.SECURITY_SUCCESS, "Password changed for user: " + accountName);
-            // jtm - 11/2/2010 - added to resolve http://code.google.com/p/owasp-esapi-java/issues/detail?id=13
-            saveUsers();
-        } catch (EncryptionException ee) {
-            throw new AuthenticationException("Password change failed", "Encryption exception changing password for " + accountName, ee);
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public boolean verifyPassword(User user, String password) {
-        String accountName = user.getAccountName();
-        try {
-            String hash = hashPassword(password, accountName);
-            String currentHash = getHashedPassword(user);
-            if (hash.equals(currentHash)) {
-                user.setLastLoginTime(new Date());
-                ((DefaultUser) user).setFailedLoginCount(0);
-                logger.info(Logger.SECURITY_SUCCESS, "Password verified for " + accountName);
-                return true;
-            }
-        } catch (EncryptionException e) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Encryption error verifying password for " + accountName);
-        }
-        logger.fatal(Logger.SECURITY_FAILURE, "Password verification failed for " + accountName);
-        return false;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public String generateStrongPassword(User user, String oldPassword) {
-        String newPassword = generateStrongPassword(oldPassword);
-        if (newPassword != null) {
-            logger.info(Logger.SECURITY_SUCCESS, "Generated strong password for " + user.getAccountName());
-        }
-        return newPassword;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized User getUser(long accountId) {
-        if (accountId == 0) {
-            return User.ANONYMOUS;
-        }
-        loadUsersIfNecessary();
-        return userMap.get(accountId);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized User getUser(String accountName) {
-        if (accountName == null) {
-            return User.ANONYMOUS;
-        }
-        loadUsersIfNecessary();
-        for (User u : userMap.values()) {
-            if (u.getAccountName().equalsIgnoreCase(accountName)) {
-                return u;
-            }
-        }
-        return null;
-    }
-
- 
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized Set getUserNames() {
-        loadUsersIfNecessary();
-        HashSet<String> results = new HashSet<String>();
-        for (User u : userMap.values()) {
-            results.add(u.getAccountName());
-        }
-        return results;
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws EncryptionException
-     */
-    public String hashPassword(String password, String accountName) throws EncryptionException {
-        String salt = accountName.toLowerCase();
-        return ESAPI.encryptor().hash(password, salt);
-    }
-
-    /**
-     * Load users if they haven't been loaded in a while.
-     */
-    protected void loadUsersIfNecessary() {
-        if (userDB == null) {
-            userDB = ESAPI.securityConfiguration().getResourceFile("users.txt");
-        }
-        if (userDB == null) {
-            userDB = new File(System.getProperty("user.home") + "/.esapi", "users.txt");
-            try {
-                if (!userDB.createNewFile()) throw new IOException("Unable to create the user file");
-                logger.warning(Logger.SECURITY_SUCCESS, "Created " + userDB.getAbsolutePath());
-            } catch (IOException e) {
-                logger.fatal(Logger.SECURITY_FAILURE, "Could not create " + userDB.getAbsolutePath(), e);
-            }
-        }
-
-        // We only check at most every checkInterval milliseconds
-        long now = System.currentTimeMillis();
-        if (now - lastChecked < checkInterval) {
-            return;
-        }
-        lastChecked = now;
-
-        if (lastModified == userDB.lastModified()) {
-            return;
-        }
-        loadUsersImmediately();
-    }
-
-    // file was touched so reload it
-    /**
-     *
-     */
-    protected void loadUsersImmediately() {
-        synchronized (this) {
-            logger.trace(Logger.SECURITY_SUCCESS, "Loading users from " + userDB.getAbsolutePath(), null);
-
-            BufferedReader reader = null;
-            try {
-                HashMap<Long, User> map = new HashMap<Long, User>();
-                reader = new BufferedReader(new FileReader(userDB));
-                String line;
-                while ((line = reader.readLine()) != null) {
-                    if (line.length() > 0 && line.charAt(0) != '#') {
-                        DefaultUser user = createUser(line);
-                        if (map.containsKey(new Long(user.getAccountId()))) {
-                            logger.fatal(Logger.SECURITY_FAILURE, "Problem in user file. Skipping duplicate user: " + user, null);
-                        }
-                        map.put(user.getAccountId(), user);
-                    }
-                }
-                userMap = map;
-                this.lastModified = System.currentTimeMillis();
-                logger.trace(Logger.SECURITY_SUCCESS, "User file reloaded: " + map.size(), null);
-            } catch (Exception e) {
-                logger.fatal(Logger.SECURITY_FAILURE, "Failure loading user file: " + userDB.getAbsolutePath(), e);
-            } finally {
-                try {
-                    if (reader != null) {
-                        reader.close();
-                    }
-                } catch (IOException e) {
-                    logger.fatal(Logger.SECURITY_FAILURE, "Failure closing user file: " + userDB.getAbsolutePath(), e);
-                }
-            }
-        }
-    }
-
-    /**
-     * Create a new user with all attributes from a String.  The format is:
-     * accountId | accountName | password | roles (comma separated) | unlocked | enabled | old password hashes (comma separated) | last host address | last password change time | last long time | last failed login time | expiration time | failed login count
-     * This method verifies the account name and password strength, creates a new CSRF token, then returns the newly created user.
-     *
-     * @param line parameters to set as attributes for the new User.
-     * @return the newly created User
-     * @throws AuthenticationException
-     */
-    private DefaultUser createUser(String line) throws AuthenticationException {
-        String[] parts = line.split(" *\\| *");
-        String accountIdString = parts[0];
-        long accountId = Long.parseLong(accountIdString);
-        String accountName = parts[1];
-
-        verifyAccountNameStrength(accountName);
-        DefaultUser user = new DefaultUser(accountName);
-        user.accountId = accountId;
-
-        String password = parts[2];
-        verifyPasswordStrength(null, password, user);
-        setHashedPassword(user, password);
-
-        String[] roles = parts[3].toLowerCase().split(" *, *");
-        for (String role : roles) {
-            if (!"".equals(role)) {
-                user.addRole(role);
-            }
-        }
-        if (!"unlocked".equalsIgnoreCase(parts[4])) {
-            user.lock();
-        }
-        if ("enabled".equalsIgnoreCase(parts[5])) {
-            user.enable();
-        } else {
-            user.disable();
-        }
-
-        // generate a new csrf token
-        user.resetCSRFToken();
-
-        setOldPasswordHashes(user, Arrays.asList(parts[6].split(" *, *")));
-        user.setLastHostAddress("null".equals(parts[7]) ? null : parts[7]);
-        user.setLastPasswordChangeTime(new Date(Long.parseLong(parts[8])));
-        user.setLastLoginTime(new Date(Long.parseLong(parts[9])));
-        user.setLastFailedLoginTime(new Date(Long.parseLong(parts[10])));
-        user.setExpirationTime(new Date(Long.parseLong(parts[11])));
-        user.setFailedLoginCount(Integer.parseInt(parts[12]));
-        return user;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized void removeUser(String accountName) throws AuthenticationException {
-        loadUsersIfNecessary();
-        User user = getUser(accountName);
-        if (user == null) {
-            throw new AuthenticationAccountsException("Remove user failed", "Can't remove invalid accountName " + accountName);
-        }
-        userMap.remove(user.getAccountId());
-        logger.info(Logger.SECURITY_SUCCESS, "Removing user " + user.getAccountName());
-        passwordMap.remove(user);
-        saveUsers();
-    }
-
-    /**
-     * Saves the user database to the file system. In this implementation you must call save to commit any changes to
-     * the user file. Otherwise changes will be lost when the program ends.
-     *
-     * @throws AuthenticationException if the user file could not be written
-     */
-    public synchronized void saveUsers() throws AuthenticationException {
-        PrintWriter writer = null;
-        try {
-            writer = new PrintWriter(new FileWriter(userDB));
-            writer.println("# This is the user file associated with the ESAPI library from http://www.owasp.org");
-            writer.println("# accountId | accountName | hashedPassword | roles | locked | enabled | csrfToken | oldPasswordHashes | lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime | expirationTime | failedLoginCount");
-            writer.println();
-            saveUsers(writer);
-            writer.flush();
-            logger.info(Logger.SECURITY_SUCCESS, "User file written to disk");
-        } catch (IOException e) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Problem saving user file " + userDB.getAbsolutePath(), e);
-            throw new AuthenticationException("Internal Error", "Problem saving user file " + userDB.getAbsolutePath(), e);
-        } finally {
-            if (writer != null) {
-                writer.close();
-                lastModified = userDB.lastModified();
-                lastChecked = lastModified;
-            }
-        }
-    }
-
-    /**
-     * Save users.
-     *
-     * @param writer the print writer to use for saving
-     */
-    protected synchronized void saveUsers(PrintWriter writer) throws AuthenticationCredentialsException {
-        for (Object o : getUserNames()) {
-            String accountName = (String) o;
-            DefaultUser u = (DefaultUser) getUser(accountName);
-            if (u != null && !u.isAnonymous()) {
-                writer.println(save(u));
-            } else {
-                throw new AuthenticationCredentialsException("Problem saving user", "Skipping save of user " + accountName);
-            }
-        }
-    }
-
-    /**
-     * Save.
-     *
-     * @param user the User to save
-     * @return a line containing properly formatted information to save regarding the user
-     */
-    private String save(DefaultUser user) {
-        StringBuilder sb = new StringBuilder();
-        sb.append(user.getAccountId());
-        sb.append(" | ");
-        sb.append(user.getAccountName());
-        sb.append(" | ");
-        sb.append(getHashedPassword(user));
-        sb.append(" | ");
-        sb.append(dump(user.getRoles()));
-        sb.append(" | ");
-        sb.append(user.isLocked() ? "locked" : "unlocked");
-        sb.append(" | ");
-        sb.append(user.isEnabled() ? "enabled" : "disabled");
-        sb.append(" | ");
-        sb.append(dump(getOldPasswordHashes(user)));
-        sb.append(" | ");
-        sb.append(user.getLastHostAddress());
-        sb.append(" | ");
-        sb.append(user.getLastPasswordChangeTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getLastLoginTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getLastFailedLoginTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getExpirationTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getFailedLoginCount());
-        return sb.toString();
-    }
-
-    /**
-     * Dump a collection as a comma-separated list.
-     *
-     * @param c the collection to convert to a comma separated list
-     * @return a comma separated list containing the values in c
-     */
-    private String dump(Collection<String> c) {
-        StringBuilder sb = new StringBuilder();
-        for (String s : c) {
-            sb.append(s).append(",");
-        }
-        if ( c.size() > 0) {
-        	return sb.toString().substring(0, sb.length() - 1);
-        }
-        return "";
-        
-    }
-
-    /**
-     * {@inheritDoc}
-     * <p/>
-     * This implementation simply verifies that account names are at least 5 characters long. This helps to defeat a
-     * brute force attack, however the real strength comes from the name length and complexity.
-     *
-     * @param newAccountName
-     */
-    public void verifyAccountNameStrength(String newAccountName) throws AuthenticationException {
-        if (newAccountName == null) {
-            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account with a null account name");
-        }
-        if (!ESAPI.validator().isValidInput("verifyAccountNameStrength", newAccountName, "AccountName", MAX_ACCOUNT_NAME_LENGTH, false)) {
-            throw new AuthenticationCredentialsException("Invalid account name", "New account name is not valid: " + newAccountName);
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     * <p/>
-     * This implementation checks: - for any 3 character substrings of the old password - for use of a length *
-     * character sets > 16 (where character sets are upper, lower, digit, and special
-     * jtm - 11/16/2010 - added check to verify pw != username (fix for http://code.google.com/p/owasp-esapi-java/issues/detail?id=108)
-     */
-    public void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException {
-        if (newPassword == null) {
-            throw new AuthenticationCredentialsException("Invalid password", "New password cannot be null");
-        }
-
-        // can't change to a password that contains any 3 character substring of old password
-        if (oldPassword != null) {
-            int length = oldPassword.length();
-            for (int i = 0; i < length - 2; i++) {
-                String sub = oldPassword.substring(i, i + 3);
-                if (newPassword.indexOf(sub) > -1) {
-                    throw new AuthenticationCredentialsException("Invalid password", "New password cannot contain pieces of old password");
-                }
-            }
-        }
-
-        // new password must have enough character sets and length
-        int charsets = 0;
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_LOWERS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_UPPERS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_DIGITS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_SPECIALS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-
-        // calculate and verify password strength
-        int strength = newPassword.length() * charsets;
-        if (strength < 16) {
-            throw new AuthenticationCredentialsException("Invalid password", "New password is not long and complex enough");
-        }
-        
-        String accountName = user.getAccountName();
-        
-        //jtm - 11/3/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
-        if (accountName.equalsIgnoreCase(newPassword)) {
-        	//password can't be account name
-        	throw new AuthenticationCredentialsException("Invalid password", "Password matches account name, irrespective of case");
-        }
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.*;
+import org.owasp.esapi.errors.*;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * Reference implementation of the Authenticator interface. This reference implementation is intended to be
+ * an <b>EXAMPLE</b> only and is not really suitable for enterprise-wide applications. It is backed by a simple unsorted
+ * text file that contains serialized information about users and it uses a relative weak password hashing algorithm.
+ * (For further details, see the "See Also" section, below.)
+ * <p>
+ * Many organizations will want to create their own implementation of the methods provided in the
+ * {@code Authenticator} interface backed by their own user repository as this reference implementation
+ * is not very scalable. This reference implementation captures information about users in a simple text file
+ * format that contains user information separated by the pipe "|" character.
+ * <p/>
+ * <p>Here's an example of a single line from the users.txt file:<p/>
+ * <p>
+ * <PRE>
+ * account id | account name | hashed password | roles | lockout | status | old password hashes | last
+ * hostname | last change | last login | last failed | expiration | failed
+ * ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ * 1203123710837 | mitch | 44k/NAzQUlrCq9musTGGkcMNmdzEGJ8w8qZTLzpxLuQ= | admin,user | unlocked | enabled |
+ * u10dW4vTo3ZkoM5xP+blayWCz7KdPKyKUojOn9GJobg= | 192.168.1.255 | 1187201000926 | 1187200991568 | 1187200605330 |
+ * 2187200605330 | 1
+ * </PRE>
+ * <p/>
+ *
+ * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
+ * @see org.owasp.esapi.Authenticator
+ * @see #hashPassword(String password, String accountName)
+ * @see <a href="https://github.com/ESAPI/esapi-java-legacy/issues/233" target="_blank" rel="noopener">GitHub Issue #233: Weak password storage</a>
+ * @since June 1, 2007
+ */
+public class FileBasedAuthenticator extends AbstractAuthenticator {
+
+    private static volatile Authenticator singletonInstance;
+
+    public static Authenticator getInstance()
+    {
+        if ( singletonInstance == null ) {
+            synchronized ( FileBasedAuthenticator.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new FileBasedAuthenticator();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    /**
+     * The logger.
+     */
+    private final Logger logger = ESAPI.getLogger("Authenticator");
+
+    /**
+     * The file that contains the user db
+     */
+    private File userDB = null;
+
+    /**
+     * How frequently to check the user db for external modifications
+     */
+    private long checkInterval = 60 * 1000;
+
+    /**
+     * The last modified time we saw on the user db.
+     */
+    private long lastModified = 0;
+
+    /**
+     * The last time we checked if the user db had been modified externally
+     */
+    private long lastChecked = 0;
+
+    private static final int MAX_ACCOUNT_NAME_LENGTH = 250;
+
+    /**
+     * Fail safe main program to add or update an account in an emergency.
+     * <p/>
+     * Warning: this method does not perform the level of validation and checks
+     * generally required in ESAPI, and can therefore be used to create a username and password that do not comply
+     * with the username and password strength requirements.
+     * <p/>
+     * Example: Use this to add the alice account with the admin role to the users file:
+     * <PRE>
+     * <p/>
+     * java -Dorg.owasp.esapi.resources="/path/resources" -classpath esapi.jar org.owasp.esapi.Authenticator alice password admin
+     * <p/>
+     * </PRE>
+     *
+     * @param args the arguments (username, password, role)
+     * @throws Exception the exception
+     */
+    public static void main(String[] args) throws Exception {
+        if (args.length != 3) {
+            System.out.println("Usage: Authenticator accountname password role");
+            return;
+        }
+        FileBasedAuthenticator auth = new FileBasedAuthenticator();
+        String accountName = args[0].toLowerCase();
+        String password = args[1];
+        String role = args[2];
+        DefaultUser user = (DefaultUser) auth.getUser(args[0]);
+        if (user == null) {
+            user = new DefaultUser(accountName);
+            String newHash = auth.hashPassword(password, accountName);
+            auth.setHashedPassword(user, newHash);
+            user.addRole(role);
+            user.enable();
+            user.unlock();
+            auth.userMap.put(user.getAccountId(), user);
+            System.out.println("New user created: " + accountName);
+            auth.saveUsers();
+            System.out.println("User account " + user.getAccountName() + " updated");
+        } else {
+            System.err.println("User account " + user.getAccountName() + " already exists!");
+        }
+    }
+
+    /**
+     * Add a hash to a User's hashed password list.  This method is used to store a user's old password hashes
+     * to be sure that any new passwords are not too similar to old passwords.
+     *
+     * @param user the user to associate with the new hash
+     * @param hash the hash to store in the user's password hash list
+     */
+    private void setHashedPassword(User user, String hash) {
+        List<String> hashes = getAllHashedPasswords(user, true);
+        hashes.add(0, hash);
+        if (hashes.size() > ESAPI.securityConfiguration().getMaxOldPasswordHashes()) {
+            hashes.remove(hashes.size() - 1);
+        }
+        logger.info(Logger.SECURITY_SUCCESS, "New hashed password stored for " + user.getAccountName());
+    }
+
+    /**
+     * Return the specified User's current hashed password.
+     *
+     * @param user this User's current hashed password will be returned
+     * @return the specified User's current hashed password
+     */
+    String getHashedPassword(User user) {
+        List hashes = getAllHashedPasswords(user, false);
+        return (String) hashes.get(0);
+    }
+
+    /**
+     * Set the specified User's old password hashes.  This will not set the User's current password hash.
+     *
+     * @param user      the User whose old password hashes will be set
+     * @param oldHashes a list of the User's old password hashes
+     */
+    void setOldPasswordHashes(User user, List<String> oldHashes) {
+        List<String> hashes = getAllHashedPasswords(user, true);
+        if (hashes.size() > 1) {
+            hashes.removeAll(hashes.subList(1, hashes.size()));
+        }
+        hashes.addAll(oldHashes);
+    }
+
+    /**
+     * Returns all of the specified User's hashed passwords.  If the User's list of passwords is null,
+     * and create is set to true, an empty password list will be associated with the specified User
+     * and then returned. If the User's password map is null and create is set to false, an exception
+     * will be thrown.
+     *
+     * @param user   the User whose old hashes should be returned
+     * @param create true - if no password list is associated with this user, create one
+     *               false - if no password list is associated with this user, do not create one
+     * @return a List containing all of the specified User's password hashes
+     */
+    List<String> getAllHashedPasswords(User user, boolean create) {
+        List<String> hashes = passwordMap.get(user);
+        if (hashes != null) {
+            return hashes;
+        }
+        if (create) {
+            hashes = new ArrayList<String>();
+            passwordMap.put(user, hashes);
+            return hashes;
+        }
+        throw new RuntimeException("No hashes found for " + user.getAccountName() + ". Is User.hashcode() and equals() implemented correctly?");
+    }
+
+    /**
+     * Get a List of the specified User's old password hashes.  This will not return the User's current
+     * password hash.
+     *
+     * @param user he user whose old password hashes should be returned
+     * @return the specified User's old password hashes
+     */
+    List<String> getOldPasswordHashes(User user) {
+        List<String> hashes = getAllHashedPasswords(user, false);
+        if (hashes.size() > 1) {
+            return Collections.unmodifiableList(hashes.subList(1, hashes.size()));
+        }
+        return Collections.emptyList();
+    }
+
+    /**
+     * The user map.
+     */
+    private Map<Long, User> userMap = new HashMap<Long, User>();
+
+    // Map<User, List<String>>, where the strings are password hashes, with the current hash in entry 0
+    private Map<User, List<String>> passwordMap = new Hashtable<User, List<String>>();
+
+
+
+    /**
+     *
+     */
+    private FileBasedAuthenticator() {
+        super();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized User createUser(String accountName, String password1, String password2) throws AuthenticationException {
+        loadUsersIfNecessary();
+        if (accountName == null) {
+            throw new AuthenticationAccountsException("Account creation failed", "Attempt to create user with null accountName");
+        }
+        if (getUser(accountName) != null) {
+            throw new AuthenticationAccountsException("Account creation failed", "Duplicate user creation denied for " + accountName);
+        }
+
+        verifyAccountNameStrength(accountName);
+
+        if (password1 == null) {
+            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account " + accountName + " with a null password");
+        }
+
+        DefaultUser user = new DefaultUser(accountName);
+
+        verifyPasswordStrength(null, password1, user);
+
+        if (!password1.equals(password2)) {
+            throw new AuthenticationCredentialsException("Passwords do not match", "Passwords for " + accountName + " do not match");
+        }
+
+        try {
+            setHashedPassword(user, hashPassword(password1, accountName));
+        } catch (EncryptionException ee) {
+            throw new AuthenticationException("Internal error", "Error hashing password for " + accountName, ee);
+        }
+        userMap.put(user.getAccountId(), user);
+        logger.info(Logger.SECURITY_SUCCESS, "New user created: " + accountName);
+        saveUsers();
+        return user;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String generateStrongPassword() {
+        return generateStrongPassword("");
+    }
+
+    /**
+     * Generate a strong password that is not similar to the specified old password.
+     *
+     * @param oldPassword the password to be compared to the new password for similarity
+     * @return a new strong password that is dissimilar to the specified old password
+     */
+    private String generateStrongPassword(String oldPassword) {
+        Randomizer r = ESAPI.randomizer();
+        int letters = r.getRandomInteger(4, 6);  // inclusive, exclusive
+        int digits = 7 - letters;
+        String passLetters = r.getRandomString(letters, EncoderConstants.CHAR_PASSWORD_LETTERS);
+        String passDigits = r.getRandomString(digits, EncoderConstants.CHAR_PASSWORD_DIGITS);
+        String passSpecial = r.getRandomString(1, EncoderConstants.CHAR_PASSWORD_SPECIALS);
+        String newPassword = passLetters + passSpecial + passDigits;
+        if (StringUtilities.getLevenshteinDistance(oldPassword, newPassword) > 5) {
+            return newPassword;
+        }
+        return generateStrongPassword(oldPassword);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void changePassword(User user, String currentPassword,
+                               String newPassword, String newPassword2)
+            throws AuthenticationException {
+        String accountName = user.getAccountName();
+        try {
+            String currentHash = getHashedPassword(user);
+            String verifyHash = hashPassword(currentPassword, accountName);
+            if (!currentHash.equals(verifyHash)) {
+                throw new AuthenticationCredentialsException("Password change failed", "Authentication failed for password change on user: " + accountName);
+            }
+            if (newPassword == null || newPassword2 == null || !newPassword.equals(newPassword2)) {
+                throw new AuthenticationCredentialsException("Password change failed", "Passwords do not match for password change on user: " + accountName);
+            }
+            verifyPasswordStrength(currentPassword, newPassword, user);
+            user.setLastPasswordChangeTime(new Date());
+            String newHash = hashPassword(newPassword, accountName);
+            if (getOldPasswordHashes(user).contains(newHash)) {
+                throw new AuthenticationCredentialsException("Password change failed", "Password change matches a recent password for user: " + accountName);
+            }
+            setHashedPassword(user, newHash);
+            logger.info(Logger.SECURITY_SUCCESS, "Password changed for user: " + accountName);
+            // jtm - 11/2/2010 - added to resolve http://code.google.com/p/owasp-esapi-java/issues/detail?id=13
+            saveUsers();
+        } catch (EncryptionException ee) {
+            throw new AuthenticationException("Password change failed", "Encryption exception changing password for " + accountName, ee);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean verifyPassword(User user, String password) {
+        String accountName = user.getAccountName();
+        try {
+            String hash = hashPassword(password, accountName);
+            String currentHash = getHashedPassword(user);
+            if (hash.equals(currentHash)) {
+                user.setLastLoginTime(new Date());
+                ((DefaultUser) user).setFailedLoginCount(0);
+                logger.info(Logger.SECURITY_SUCCESS, "Password verified for " + accountName);
+                return true;
+            }
+        } catch (EncryptionException e) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Encryption error verifying password for " + accountName);
+        }
+        logger.fatal(Logger.SECURITY_FAILURE, "Password verification failed for " + accountName);
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String generateStrongPassword(User user, String oldPassword) {
+        String newPassword = generateStrongPassword(oldPassword);
+        if (newPassword != null) {
+            logger.info(Logger.SECURITY_SUCCESS, "Generated strong password for " + user.getAccountName());
+        }
+        return newPassword;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized User getUser(long accountId) {
+        if (accountId == 0) {
+            return User.ANONYMOUS;
+        }
+        loadUsersIfNecessary();
+        return userMap.get(accountId);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized User getUser(String accountName) {
+        if (accountName == null) {
+            return User.ANONYMOUS;
+        }
+        loadUsersIfNecessary();
+        for (User u : userMap.values()) {
+            if (u.getAccountName().equalsIgnoreCase(accountName)) {
+                return u;
+            }
+        }
+        return null;
+    }
+
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized Set getUserNames() {
+        loadUsersIfNecessary();
+        HashSet<String> results = new HashSet<String>();
+        for (User u : userMap.values()) {
+            results.add(u.getAccountName());
+        }
+        return results;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <b>WARNING:</b> There are several weaknesses in this method:
+     * <ol>
+     * <li>The salt should really be a randomly generated salt, typically at
+     * least 64-bits, but in this method, the {@code accountName} parameter is
+     * used as the salt.</li>
+     * <li>This salt is then combined with the <b>ESAPI.properties</b> file's
+     * {@code Encryptor.MasterSalt}, meaning that if that property is changed,
+     * all previously stored passwords become invalid and need to be reset.</li>
+     * <li>Only 1024 iterations of the hash algorithm (SHA-512) are made. While that
+     * may have been fine in 2007, it is no longer considered sufficient.</li>
+     * </ol>
+     *
+     * @throws EncryptionException
+     */
+    public String hashPassword(String password, String accountName) throws EncryptionException {
+        // Here is but one weakness: This salt should ideally be a _random_ salt,
+        // at least 64 bits in length. Unfortunately, if anyone is actually using
+        // this method in a production application (let's hope not) fixing this
+        // now will those application's previously stored passwords. See this
+        // GitHub issue comment for further details:
+        //    https://github.com/ESAPI/esapi-java-legacy/issues/233#issuecomment-450401400
+        String salt = accountName.toLowerCase();
+        //
+        // Other weaknesses are that only 1024 iterations of the hash algorithm
+        // (SHA-512) is used and the final hash is tied to the Encryptor.MasterSalt
+        // so if that is ever changed, all users passwords must be reset.
+        return ESAPI.encryptor().hash(password, salt);
+    }
+
+    /**
+     * Load users if they haven't been loaded in a while.
+     */
+    protected void loadUsersIfNecessary() {
+        if (userDB == null) {
+            userDB = ESAPI.securityConfiguration().getResourceFile("users.txt");
+        }
+        if (userDB == null) {
+            userDB = new File(System.getProperty("user.home") + "/.esapi", "users.txt");
+            try {
+                if (!userDB.createNewFile()) throw new IOException("Unable to create the user file");
+                logger.warning(Logger.SECURITY_SUCCESS, "Created " + userDB.getAbsolutePath());
+            } catch (IOException e) {
+                logger.fatal(Logger.SECURITY_FAILURE, "Could not create " + userDB.getAbsolutePath(), e);
+            }
+        }
+
+        // We only check at most every checkInterval milliseconds
+        long now = System.currentTimeMillis();
+        if (now - lastChecked < checkInterval) {
+            return;
+        }
+        lastChecked = now;
+
+        if (lastModified == userDB.lastModified()) {
+            return;
+        }
+        loadUsersImmediately();
+    }
+
+    // file was touched so reload it
+    /**
+     *
+     */
+    protected void loadUsersImmediately() {
+        synchronized (this) {
+            logger.trace(Logger.SECURITY_SUCCESS, "Loading users from " + userDB.getAbsolutePath(), null);
+
+            BufferedReader reader = null;
+            try {
+                HashMap<Long, User> map = new HashMap<Long, User>();
+                reader = new BufferedReader(new FileReader(userDB));
+                String line;
+                while ((line = reader.readLine()) != null) {
+                    if (line.length() > 0 && line.charAt(0) != '#') {
+                        DefaultUser user = createUser(line);
+                        if (map.containsKey(new Long(user.getAccountId()))) {
+                            logger.fatal(Logger.SECURITY_FAILURE, "Problem in user file. Skipping duplicate user: " + user, null);
+                        }
+                        map.put(user.getAccountId(), user);
+                    }
+                }
+                userMap = map;
+                this.lastModified = System.currentTimeMillis();
+                logger.trace(Logger.SECURITY_SUCCESS, "User file reloaded: " + map.size(), null);
+            } catch (Exception e) {
+                logger.fatal(Logger.SECURITY_FAILURE, "Failure loading user file: " + userDB.getAbsolutePath(), e);
+            } finally {
+                try {
+                    if (reader != null) {
+                        reader.close();
+                    }
+                } catch (IOException e) {
+                    logger.fatal(Logger.SECURITY_FAILURE, "Failure closing user file: " + userDB.getAbsolutePath(), e);
+                }
+            }
+        }
+    }
+
+    /**
+     * Create a new user with all attributes from a String.  The format is:
+     * accountId | accountName | password | roles (comma separated) | unlocked | enabled | old password hashes (comma separated) | last host address | last password change time | last long time | last failed login time | expiration time | failed login count
+     * This method verifies the account name and password strength, creates a new CSRF token, then returns the newly created user.
+     *
+     * @param line parameters to set as attributes for the new User.
+     * @return the newly created User
+     * @throws AuthenticationException
+     */
+    private DefaultUser createUser(String line) throws AuthenticationException {
+        String[] parts = line.split(" *\\| *");
+        String accountIdString = parts[0];
+        long accountId = Long.parseLong(accountIdString);
+        String accountName = parts[1];
+
+        verifyAccountNameStrength(accountName);
+        DefaultUser user = new DefaultUser(accountName);
+        user.accountId = accountId;
+
+        String password = parts[2];
+        verifyPasswordStrength(null, password, user);
+        setHashedPassword(user, password);
+
+        String[] roles = parts[3].toLowerCase().split(" *, *");
+        for (String role : roles) {
+            if (!"".equals(role)) {
+                user.addRole(role);
+            }
+        }
+        if (!"unlocked".equalsIgnoreCase(parts[4])) {
+            user.lock();
+        }
+        if ("enabled".equalsIgnoreCase(parts[5])) {
+            user.enable();
+        } else {
+            user.disable();
+        }
+
+        // generate a new csrf token
+        user.resetCSRFToken();
+
+        setOldPasswordHashes(user, Arrays.asList(parts[6].split(" *, *")));
+        user.setLastHostAddress("null".equals(parts[7]) ? null : parts[7]);
+        user.setLastPasswordChangeTime(new Date(Long.parseLong(parts[8])));
+        user.setLastLoginTime(new Date(Long.parseLong(parts[9])));
+        user.setLastFailedLoginTime(new Date(Long.parseLong(parts[10])));
+        user.setExpirationTime(new Date(Long.parseLong(parts[11])));
+        user.setFailedLoginCount(Integer.parseInt(parts[12]));
+        return user;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized void removeUser(String accountName) throws AuthenticationException {
+        loadUsersIfNecessary();
+        User user = getUser(accountName);
+        if (user == null) {
+            throw new AuthenticationAccountsException("Remove user failed", "Can't remove invalid accountName " + accountName);
+        }
+        userMap.remove(user.getAccountId());
+        logger.info(Logger.SECURITY_SUCCESS, "Removing user " + user.getAccountName());
+        passwordMap.remove(user);
+        saveUsers();
+    }
+
+    /**
+     * Saves the user database to the file system. In this implementation you must call save to commit any changes to
+     * the user file. Otherwise changes will be lost when the program ends.
+     *
+     * @throws AuthenticationException if the user file could not be written
+     */
+    public synchronized void saveUsers() throws AuthenticationException {
+        PrintWriter writer = null;
+        try {
+            writer = new PrintWriter(new FileWriter(userDB));
+            writer.println("# This is the user file associated with the ESAPI library from http://www.owasp.org");
+            writer.println("# accountId | accountName | hashedPassword | roles | locked | enabled | csrfToken | oldPasswordHashes | lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime | expirationTime | failedLoginCount");
+            writer.println();
+            saveUsers(writer);
+            writer.flush();
+            logger.info(Logger.SECURITY_SUCCESS, "User file written to disk");
+        } catch (IOException e) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Problem saving user file " + userDB.getAbsolutePath(), e);
+            throw new AuthenticationException("Internal Error", "Problem saving user file " + userDB.getAbsolutePath(), e);
+        } finally {
+            if (writer != null) {
+                writer.close();
+                lastModified = userDB.lastModified();
+                lastChecked = lastModified;
+            }
+        }
+    }
+
+    /**
+     * Save users.
+     *
+     * @param writer the print writer to use for saving
+     */
+    protected synchronized void saveUsers(PrintWriter writer) throws AuthenticationCredentialsException {
+        for (Object o : getUserNames()) {
+            String accountName = (String) o;
+            DefaultUser u = (DefaultUser) getUser(accountName);
+            if (u != null && !u.isAnonymous()) {
+                writer.println(save(u));
+            } else {
+                throw new AuthenticationCredentialsException("Problem saving user", "Skipping save of user " + accountName);
+            }
+        }
+    }
+
+    /**
+     * Save.
+     *
+     * @param user the User to save
+     * @return a line containing properly formatted information to save regarding the user
+     */
+    private String save(DefaultUser user) {
+        StringBuilder sb = new StringBuilder();
+        sb.append(user.getAccountId());
+        sb.append(" | ");
+        sb.append(user.getAccountName());
+        sb.append(" | ");
+        sb.append(getHashedPassword(user));
+        sb.append(" | ");
+        sb.append(dump(user.getRoles()));
+        sb.append(" | ");
+        sb.append(user.isLocked() ? "locked" : "unlocked");
+        sb.append(" | ");
+        sb.append(user.isEnabled() ? "enabled" : "disabled");
+        sb.append(" | ");
+        sb.append(dump(getOldPasswordHashes(user)));
+        sb.append(" | ");
+        sb.append(user.getLastHostAddress());
+        sb.append(" | ");
+        sb.append(user.getLastPasswordChangeTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getLastLoginTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getLastFailedLoginTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getExpirationTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getFailedLoginCount());
+        return sb.toString();
+    }
+
+    /**
+     * Dump a collection as a comma-separated list.
+     *
+     * @param c the collection to convert to a comma separated list
+     * @return a comma separated list containing the values in c
+     */
+    private String dump(Collection<String> c) {
+        StringBuilder sb = new StringBuilder();
+        for (String s : c) {
+            sb.append(s).append(",");
+        }
+        if ( c.size() > 0) {
+            return sb.toString().substring(0, sb.length() - 1);
+        }
+        return "";
+
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p/>
+     * This implementation simply verifies that account names are at least 5 characters long. This helps to defeat a
+     * brute force attack, however the real strength comes from the name length and complexity.
+     *
+     * @param newAccountName
+     */
+    public void verifyAccountNameStrength(String newAccountName) throws AuthenticationException {
+        if (newAccountName == null) {
+            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account with a null account name");
+        }
+        if (!ESAPI.validator().isValidInput("verifyAccountNameStrength", newAccountName, "AccountName", MAX_ACCOUNT_NAME_LENGTH, false)) {
+            throw new AuthenticationCredentialsException("Invalid account name", "New account name is not valid: " + newAccountName);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p/>
+     * This implementation checks: - for any 3 character substrings of the old password - for use of a length *
+     * character sets > 16 (where character sets are upper, lower, digit, and special
+     * jtm - 11/16/2010 - added check to verify pw != username (fix for http://code.google.com/p/owasp-esapi-java/issues/detail?id=108)
+     */
+    public void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException {
+        if (newPassword == null) {
+            throw new AuthenticationCredentialsException("Invalid password", "New password cannot be null");
+        }
+
+        // can't change to a password that contains any 3 character substring of old password
+        if (oldPassword != null) {
+            int length = oldPassword.length();
+            for (int i = 0; i < length - 2; i++) {
+                String sub = oldPassword.substring(i, i + 3);
+                if (newPassword.indexOf(sub) > -1) {
+                    throw new AuthenticationCredentialsException("Invalid password", "New password cannot contain pieces of old password");
+                }
+            }
+        }
+
+        // new password must have enough character sets and length
+        int charsets = 0;
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_LOWERS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_UPPERS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_DIGITS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_SPECIALS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+
+        // calculate and verify password strength
+        int strength = newPassword.length() * charsets;
+        if (strength < 16) {
+            throw new AuthenticationCredentialsException("Invalid password", "New password is not long and complex enough");
+        }
+
+        String accountName = user.getAccountName();
+
+        //jtm - 11/3/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
+        if (accountName.equalsIgnoreCase(newPassword)) {
+            //password can't be account name
+            throw new AuthenticationCredentialsException("Invalid password", "Password matches account name, irrespective of case");
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java b/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
index 8bb36d6d7..24ff9d6e9 100644
--- a/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
@@ -1,80 +1,80 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Set;
-
-/**
- * Reference implementation of the AccessReferenceMap interface. This
- * implementation generates integers for indirect references.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author Chris Schmidt (chrisisbeef@gmail.com)
- * @since June 1, 2007
- * @see org.owasp.esapi.AccessReferenceMap
- */
-public class IntegerAccessReferenceMap extends AbstractAccessReferenceMap<String> {
-
-	private static final long serialVersionUID = 5311769278372489771L;
-
-	int count = 1;
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap()
-	{
-	}
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap(int initialSize)
-	{
-		super(initialSize);
-	}
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap(Set<Object> directReferences)
-	{
-		super(directReferences.size());
-		update(directReferences);
-	}
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap(Set<Object> directReferences, int initialSize)
-	{
-		super(initialSize);
-		update(directReferences);
-	}
-
-	/**
-	 * TODO Javadoc
-	 * Note: this is final as redefinition by subclasses
-	 * can lead to use before initialization issues as
-	 * {@link #RandomAccessReferenceMap(Set)} and
-	 * {@link #RandomAccessReferenceMap(Set,int)} both call it
-	 * internally.
-	 */
-	protected final synchronized String getUniqueReference() {
-		return "" + count++;  // returns a string version of the counter
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.Set;
+
+/**
+ * Reference implementation of the AccessReferenceMap interface. This
+ * implementation generates integers for indirect references.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author Chris Schmidt (chrisisbeef@gmail.com)
+ * @since June 1, 2007
+ * @see org.owasp.esapi.AccessReferenceMap
+ */
+public class IntegerAccessReferenceMap extends AbstractAccessReferenceMap<String> {
+
+    private static final long serialVersionUID = 5311769278372489771L;
+
+    int count = 1;
+
+    /**
+     * TODO Javadoc
+     */
+    public IntegerAccessReferenceMap()
+    {
+    }
+
+    /**
+     * TODO Javadoc
+     */
+    public IntegerAccessReferenceMap(int initialSize)
+    {
+        super(initialSize);
+    }
+
+    /**
+     * TODO Javadoc
+     */
+    public IntegerAccessReferenceMap(Set<Object> directReferences)
+    {
+        super(directReferences.size());
+        update(directReferences);
+    }
+
+    /**
+     * TODO Javadoc
+     */
+    public IntegerAccessReferenceMap(Set<Object> directReferences, int initialSize)
+    {
+        super(initialSize);
+        update(directReferences);
+    }
+
+    /**
+     * {@inheritDoc}
+     * Note: this is final as redefinition by subclasses
+     * can lead to use before initialization issues as
+     * {@link #IntegerAccessReferenceMap(Set)} and
+     * {@link #IntegerAccessReferenceMap(Set,int)} both call it
+     * internally.
+     */
+    protected final synchronized String getUniqueReference() {
+        return "" + count++;  // returns a string version of the counter
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
deleted file mode 100644
index 0970818e8..000000000
--- a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
+++ /dev/null
@@ -1,409 +0,0 @@
-package org.owasp.esapi.reference;
-
-import java.io.Serializable;
-import java.util.HashMap;
-import java.util.logging.Level;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.LogFactory;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-
-/**
- * Reference implementation of the LogFactory and Logger interfaces. This implementation uses the Java logging package, and marks each
- * log message with the currently logged in user and the word "SECURITY" for security related events. See the 
- * <a href="JavaLogFactory.JavaLogger.html">JavaLogFactory.JavaLogger</a> Javadocs for the details on the JavaLogger reference implementation.
- * 
- * @author Mike Fauzy (mike.fauzy@aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.LogFactory
- * @see org.owasp.esapi.reference.JavaLogFactory.JavaLogger
- */
-public class JavaLogFactory implements LogFactory {
-	private static volatile LogFactory singletonInstance;
-
-    public static LogFactory getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( JavaLogFactory.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new JavaLogFactory();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-	private HashMap<Serializable, Logger> loggersMap = new HashMap<Serializable, Logger>();
-	
-	/**
-	* Null argument constructor for this implementation of the LogFactory interface
-	* needed for dynamic configuration.
-	*/
-	public JavaLogFactory() {}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public Logger getLogger(Class clazz) {
-    	
-    	// If a logger for this class already exists, we return the same one, otherwise we create a new one.
-    	Logger classLogger = (Logger) loggersMap.get(clazz);
-    	
-    	if (classLogger == null) {
-    		classLogger = new JavaLogger(clazz.getName());
-    		loggersMap.put(clazz, classLogger);
-    	}
-		return classLogger;
-    }
-
-    /**
-	* {@inheritDoc}
-	*/
-    public Logger getLogger(String moduleName) {
-    	
-    	// If a logger for this module already exists, we return the same one, otherwise we create a new one.
-    	Logger moduleLogger = (Logger) loggersMap.get(moduleName);
-    	
-    	if (moduleLogger == null) {
-    		moduleLogger = new JavaLogger(moduleName);
-    		loggersMap.put(moduleName, moduleLogger);    		
-    	}
-		return moduleLogger;
-    }
-
-
-    /**
-     *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
-     */
-    public static class JavaLoggerLevel extends Level {
-
-        protected static final long serialVersionUID = 1L;
-
-        /**
-    	 * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
-    	 * by java.util.Logger already.
-    	 */
-    	public static final Level ERROR_LEVEL = new JavaLoggerLevel( "ERROR", Level.SEVERE.intValue() - 1);
-    	
-    	/**
-    	 * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
-    	 * the defined level and its numeric value.
-    	 * 
-    	 * @param name The name of the JavaLoggerLevel
-    	 * @param value The associated numeric value
-    	 */
-		protected JavaLoggerLevel(String name, int value) {
-			super(name, value);
-		}
-    }
-        
-    /**
-     * Reference implementation of the Logger interface.
-     * 
-     * It implements most of the recommendations defined in the Logger interface description. It does not
-     * filter out any sensitive data specific to the current application or organization, such as credit 
-     * cards, social security numbers, etc.  
-     * 
-     * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
-     * @since June 1, 2007
-     * @see org.owasp.esapi.LogFactory
-     */
-    private static class JavaLogger implements org.owasp.esapi.Logger {
-
-    	/** The jlogger object used by this class to log everything. */
-        private java.util.logging.Logger jlogger = null;
-
-        /** The module name using this log. */
-        private String moduleName = null;
-
-        /** The application name defined in ESAPI.properties */
-    	private String applicationName=ESAPI.securityConfiguration().getApplicationName();
-
-        /** Log the application name? */
-    	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
-
-    	/** Log the server ip? */
-    	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
-    	
-        /**
-         * Public constructor should only ever be called via the appropriate LogFactory
-         * 
-         * @param moduleName the module name
-         */
-        private JavaLogger(String moduleName) {
-            this.moduleName = moduleName;
-            this.jlogger = java.util.logging.Logger.getLogger(applicationName + ":" + moduleName);
-        }
-
-        /**
-         * {@inheritDoc}
-         * Note: In this implementation, this change is not persistent,
-         * meaning that if the application is restarted, the log level will revert to the level defined in the 
-         * ESAPI SecurityConfiguration properties file.
-         */
-        public void setLevel(int level)
-        {
-        	try {
-        		jlogger.setLevel(convertESAPILeveltoLoggerLevel( level ));
-        	}
-        	catch (IllegalArgumentException e) {
-       			this.error(Logger.SECURITY_FAILURE, "", e);    		
-        	}
-         }
-        
-        /**
-         * {@inheritDoc}
-         * @see org.owasp.esapi.reference.Log4JLogger#getESAPILevel()
-         */
-        public int getESAPILevel() {
-        	return jlogger.getLevel().intValue();
-        }
-        
-        /**
-         * Converts the ESAPI logging level (a number) into the levels used by Java's logger.
-         * @param level The ESAPI to convert.
-         * @return The Java logging Level that is equivalent.
-         * @throws IllegalArgumentException if the supplied ESAPI level doesn't make a level that is currently defined.
-         */
-        private static Level convertESAPILeveltoLoggerLevel(int level)
-        {
-        	switch (level) {
-        		case Logger.OFF:     return Level.OFF;
-        		case Logger.FATAL:   return Level.SEVERE;
-        		case Logger.ERROR:   return JavaLoggerLevel.ERROR_LEVEL; // This is a custom level.
-        		case Logger.WARNING: return Level.WARNING;
-        		case Logger.INFO:    return Level.INFO;
-        		case Logger.DEBUG:   return Level.FINE;
-        		case Logger.TRACE:   return Level.FINEST;
-        		case Logger.ALL:     return Level.ALL;       		
-        		default: {
-        			throw new IllegalArgumentException("Invalid logging level. Value was: " + level);
-        		}
-        	}
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void trace(EventType type, String message, Throwable throwable) {
-            log(Level.FINEST, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void trace(EventType type, String message) {
-            log(Level.FINEST, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void debug(EventType type, String message, Throwable throwable) {
-            log(Level.FINE, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void debug(EventType type, String message) {
-            log(Level.FINE, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void info(EventType type, String message) {
-            log(Level.INFO, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void info(EventType type, String message, Throwable throwable) {
-            log(Level.INFO, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void warning(EventType type, String message, Throwable throwable) {
-            log(Level.WARNING, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void warning(EventType type, String message) {
-            log(Level.WARNING, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void error(EventType type, String message, Throwable throwable) {
-            log(Level.SEVERE, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void error(EventType type, String message) {
-            log(Level.SEVERE, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void fatal(EventType type, String message, Throwable throwable) {
-            log(Level.SEVERE, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void fatal(EventType type, String message) {
-            log(Level.SEVERE, type, message, null);
-        }
-
-        /**
-         * Log the message after optionally encoding any special characters that might be dangerous when viewed
-         * by an HTML based log viewer. Also encode any carriage returns and line feeds to prevent log 
-         * injection attacks. This logs all the supplied parameters plus the user ID, user's source IP, a logging
-         * specific session ID, and the current date/time.
-         * 
-         * It will only log the message if the current logging level is enabled, otherwise it will 
-         * discard the message. 
-         * 
-         * @param level defines the set of recognized logging levels (TRACE, INFO, DEBUG, WARNING, ERROR, FATAL)
-         * @param type the type of the event (SECURITY SUCCESS, SECURITY FAILURE, EVENT SUCCESS, EVENT FAILURE)
-         * @param message the message
-         * @param throwable the throwable
-         */
-        private void log(Level level, EventType type, String message, Throwable throwable) {
-        	
-        	// Check to see if we need to log
-        	if (!jlogger.isLoggable( level )) return;
-
-            // ensure there's something to log
-            if ( message == null ) {
-            	message = "";
-            }
-            
-            // ensure no CRLF injection into logs for forging records
-            String clean = message.replace( '\n', '_' ).replace( '\r', '_' );
-            if ( ESAPI.securityConfiguration().getLogEncodingRequired() ) {
-            	clean = ESAPI.encoder().encodeForHTML(message);
-                if (!message.equals(clean)) {
-                    clean += " (Encoded)";
-                }
-            }
-
-			// log server, port, app name, module name -- server:80/app/module
-			StringBuilder appInfo = new StringBuilder();
-			if ( ESAPI.currentRequest() != null && logServerIP ) {
-				appInfo.append( ESAPI.currentRequest().getLocalAddr() + ":" + ESAPI.currentRequest().getLocalPort() );
-			}
-			if ( logAppName ) {
-				appInfo.append( "/" + applicationName );
-			}
-			appInfo.append( "/"  + moduleName );
-			
-			//get the type text if it exists
-			String typeInfo = "";
-			if (type != null) {
-				typeInfo += type + " ";
-			}
-			
-			// log the message
-			jlogger.log(level, "[" + typeInfo + getUserInfo() + " -> " + appInfo + "] " + clean, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isDebugEnabled() {
-    	    return jlogger.isLoggable(Level.FINE);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isErrorEnabled() {
-    	    return jlogger.isLoggable(JavaLoggerLevel.ERROR_LEVEL);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isFatalEnabled() {
-    	    return jlogger.isLoggable(Level.SEVERE);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isInfoEnabled() {
-    	    return jlogger.isLoggable(Level.INFO);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isTraceEnabled() {
-    	    return jlogger.isLoggable(Level.FINEST);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isWarningEnabled() {
-    	    return jlogger.isLoggable(Level.WARNING);
-        }
-        
-        public String getUserInfo() {
-            // create a random session number for the user to represent the user's 'session', if it doesn't exist already
-            String sid = null;
-            HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-            if ( request != null ) {
-                HttpSession session = request.getSession( false );
-                if ( session != null ) {
-	                sid = (String)session.getAttribute("ESAPI_SESSION");
-	                // if there is no session ID for the user yet, we create one and store it in the user's session
-		            if ( sid == null ) {
-		            	sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
-		            	session.setAttribute("ESAPI_SESSION", sid);
-		            }
-                }
-            }
-            
-			// log user information - username:session@ipaddr
-			User user = ESAPI.authenticator().getCurrentUser();            
-			String userInfo = "";
-			//TODO - Make Type Logging configurable
-			if ( user != null) {
-				userInfo += user.getAccountName()+ ":" + sid + "@"+ user.getLastHostAddress();
-			}
-			
-			return userInfo;
-        }
-
-    	/**
-    	 * {@inheritDoc}
-    	 */
-		public void always(EventType type, String message) {
-            always(type, message, null);	
-		}
-
-		/**
-		 * {@inheritDoc}
-		 */
-		public void always(EventType type, String message, Throwable throwable) {
-            log(Level.OFF, type, message, throwable);  // Seems backward, but this is what works, not Level.ALL	
-		}
-    }
-}
diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java
deleted file mode 100644
index cab4d5dad..000000000
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.HashMap;
-
-import org.apache.log4j.LogManager;
-import org.apache.log4j.spi.LoggerFactory;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.LogFactory;
-import org.owasp.esapi.Logger;
-
-/**
- * Reference implementation of the LogFactory interface. This implementation uses the Apache Log4J package, and marks each
- * log message with the currently logged in user and the word "SECURITY" for security related events. See the 
- * <a href="JavaLogFactory.JavaLogger.html">JavaLogFactory.JavaLogger</a> Javadocs for the details on the JavaLogger reference implementation.
- * 
- * At class initialization time, the file log4j.properties or log4j.xml file will be loaded from the classpath. This configuration file is 
- * fundamental to make log4j work for you. Please see http://logging.apache.org/log4j/1.2/manual.html for more information.
- *
- * Note that <b>you must specify the LogFactory</b> in either log4j.properties:
- *
- * <code>
- *     log4j.loggerFactory=org.owasp.esapi.reference.Log4JLoggerFactory
- * </code>
- *
- * or log4j.xml:
- * 
- * <code>
- *     &lt;loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/&gt;
-
- * </code>
- * 
- * @author Mike H. Fauzy (mike.fauzy@aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author August Detlefsen (augustd at codemagi dot com) <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.LogFactory
- * @see org.owasp.esapi.reference.Log4JLogger
- * @see org.owasp.esapi.reference.Log4JLoggerFactory
- */
-public class Log4JLogFactory implements LogFactory {
-
-	private static volatile LogFactory singletonInstance;
-
-	//The Log4j logger factory to use
-	LoggerFactory factory = new Log4JLoggerFactory();
-
-    public static LogFactory getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( Log4JLogFactory.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new Log4JLogFactory();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-	
-	protected Log4JLogFactory() {}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public org.owasp.esapi.Logger getLogger(Class clazz) {
-		return (org.owasp.esapi.Logger)LogManager.getLogger(clazz.getName(), factory);
-    }
-
-    /**
-	* {@inheritDoc}
-	*/
-	public org.owasp.esapi.Logger getLogger(String moduleName) {
-		return (org.owasp.esapi.Logger)LogManager.getLogger(moduleName, factory);
-    }
-
-}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
deleted file mode 100644
index 7782f89c7..000000000
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
+++ /dev/null
@@ -1,525 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import org.apache.log4j.Category;
-import org.apache.log4j.Level;
-import org.apache.log4j.LogManager;
-import org.apache.log4j.Logger;
-import org.apache.log4j.spi.LoggerFactory;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.User;
-
-/**
- * Reference implementation of the Logger interface. This implementation extends org.apache.log4j.Logger
- * in order to take advantage of per-class and per-package configuration options provided by Log4J. 
- *
- * @author August Detlefsen (augustd at codemagi dot com)
- *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLogFactory
- * @see org.owasp.esapi.reference.Log4JLoggerFactory
- */
-public class Log4JLogger extends org.apache.log4j.Logger implements org.owasp.esapi.Logger {
-
-	/** The log factory to use in creating new instances. */
-	private static LoggerFactory factory = new Log4JLoggerFactory();
-
-	/** The application name using this log */
-	private static String applicationName = ESAPI.securityConfiguration().getApplicationName();
-
-	/** Log the application name? */
-	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
-	
-	/** Log the server ip? */
-	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
-
-	public Log4JLogger(String name) {
-		super(name);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getInstance} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static Category getInstance(String name) {
-		return LogManager.getLogger(name, factory);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getInstance} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static Category getInstance(Class clazz) {
-		return LogManager.getLogger(clazz.getName(), factory);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getLogger} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static Logger getLogger(String name) {
-		return LogManager.getLogger(name, factory);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getLogger} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static org.apache.log4j.Logger getLogger(Class clazz) {
-		return LogManager.getLogger(clazz.getName(), factory);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * Note: In this implementation, this change is not persistent,
-	 * meaning that if the application is restarted, the log level will revert to the level defined in the
-	 * ESAPI SecurityConfiguration properties file.
-	 */
-	public void setLevel(int level) {
-		try {
-			super.setLevel(convertESAPILeveltoLoggerLevel(level));
-		} catch (IllegalArgumentException e) {
-			this.error(org.owasp.esapi.Logger.SECURITY_FAILURE, "", e);
-		}
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * Explanation: Since this class extends Log4j's Logger class which has a
-	 * {@code getLevel()} method that returns {@code extended by org.apache.log4j.Level},
-	 * we can't simply have a {@code getLevel()} that simply returns an {@code int}.
-	 * Hence we renamed it to {@code getESAPILevel()}.
-	 */
-	public int getESAPILevel() {
-		Level level = super.getLevel();
-    return (level == null ) ? Level.OFF_INT : level.toInt();
-	}
-
-	/**
-	 * Converts the ESAPI logging level (a number) into the levels used by Java's logger.
-	 * @param level The ESAPI to convert.
-	 * @return The Log4J logging Level that is equivalent.
-	 * @throws IllegalArgumentException if the supplied ESAPI level doesn't make a level that is currently defined.
-	 */
-	private static Level convertESAPILeveltoLoggerLevel(int level) {
-		switch (level) {
-		case org.owasp.esapi.Logger.OFF:
-			return Level.OFF;
-		case org.owasp.esapi.Logger.FATAL:
-			return Level.FATAL;
-		case org.owasp.esapi.Logger.ERROR:
-			return Level.ERROR;
-		case org.owasp.esapi.Logger.WARNING:
-			return Level.WARN;
-		case org.owasp.esapi.Logger.INFO:
-			return Level.INFO;
-		case org.owasp.esapi.Logger.DEBUG:
-			return Level.DEBUG; //fine
-		case org.owasp.esapi.Logger.TRACE:
-			return Level.TRACE; //finest
-		case org.owasp.esapi.Logger.ALL:
-			return Level.ALL;
-		default: {
-			throw new IllegalArgumentException("Invalid logging level. Value was: " + level);
-		}
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void always(EventType type, String message, Throwable throwable) {
-		log(Level.OFF, type, message, throwable);	// Seems like Level.ALL is what we
-													// would want here, but this is what
-													// works. Level.ALL does not.
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void always(EventType type, String message) {
-		always(type, message, null);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void trace(EventType type, String message, Throwable throwable) {
-		log(Level.TRACE, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void trace(EventType type, String message) {
-		log(Level.TRACE, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void debug(EventType type, String message, Throwable throwable) {
-		log(Level.DEBUG, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void debug(EventType type, String message) {
-		log(Level.DEBUG, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void info(EventType type, String message) {
-		log(Level.INFO, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void info(EventType type, String message, Throwable throwable) {
-		log(Level.INFO, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void warning(EventType type, String message, Throwable throwable) {
-		log(Level.WARN, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void warning(EventType type, String message) {
-		log(Level.WARN, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void error(EventType type, String message, Throwable throwable) {
-		log(Level.ERROR, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void error(EventType type, String message) {
-		log(Level.ERROR, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void fatal(EventType type, String message, Throwable throwable) {
-		log(Level.FATAL, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void fatal(EventType type, String message) {
-		log(Level.FATAL, type, message, null);
-	}
-
-	/**
-	 * Always log the specified message as a {@code SECURITY_AUDIT} event type.
-	 * 
-	 * @param message	The {@code String} representation of the specified message as
-	 * 					logged by calling the object's {@code toString()} method.
-	 */
-	public void always(Object message) {
-		this.always(message, null);
-	}
-
-	/**
-	 * Always log the specified message as a {@code SECURITY_AUDIT} event type, along
-	 * with its associated exception stack trace (if any).
-	 * 
-	 * @param message	The {@code String} representation of the specified message as
-	 * 					logged by calling the object's {@code toString()} method.
-	 */
-	public void always(Object message, Throwable throwable) {
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-		this.always(org.owasp.esapi.Logger.SECURITY_AUDIT, toLog, throwable);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void trace(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.trace(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void trace(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.trace(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void debug(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.debug(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void debug(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.debug(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void info(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.info(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void info(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.info(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void warn(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.warning(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void warn(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.warning(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void error(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.error(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void error(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.error(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void fatal(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.fatal(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void fatal(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.fatal(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * Log the message after optionally encoding any special characters that might be dangerous when viewed
-	 * by an HTML based log viewer. Also encode any carriage returns and line feeds to prevent log
-	 * injection attacks. This logs all the supplied parameters plus the user ID, user's source IP, a logging
-	 * specific session ID, and the current date/time.
-	 *
-	 * It will only log the message if the current logging level is enabled, otherwise it will
-	 * discard the message.
-	 *
-	 * @param level defines the set of recognized logging levels (TRACE, INFO, DEBUG, WARNING, ERROR, FATAL)
-	 * @param type the type of the event (SECURITY SUCCESS, SECURITY FAILURE, EVENT SUCCESS, EVENT FAILURE)
-	 * @param message the message to be logged
-	 * @param throwable the {@code Throwable} from which to generate an exception stack trace.
-	 */
-	private void log(Level level, EventType type, String message, Throwable throwable) {
-
-		// Check to see if we need to log.
-		if (!isEnabledFor(level)) {
-			return;
-		}
-
-		// ensure there's something to log
-		if (message == null) {
-			message = "";
-		}
-
-		// ensure no CRLF injection into logs for forging records
-		String clean = message.replace('\n', '_').replace('\r', '_');
-		if (ESAPI.securityConfiguration().getLogEncodingRequired()) {
-			clean = ESAPI.encoder().encodeForHTML(message);
-			if (!message.equals(clean)) {
-				clean += " (Encoded)";
-			}
-		}
-
-		// log server, port, app name, module name -- server:80/app/module
-		StringBuilder appInfo = new StringBuilder();
-		if (ESAPI.currentRequest() != null && logServerIP) {
-			appInfo.append(ESAPI.currentRequest().getLocalAddr()).append(":").append(ESAPI.currentRequest().getLocalPort());
-		}
-		if (logAppName) {
-			appInfo.append("/").append(applicationName);
-		}
-		appInfo.append("/").append(getName());
-
-		//get the type text if it exists
-		String typeInfo = "";
-		if (type != null) {
-			typeInfo += type + " ";
-		}
-
-		// log the message
-		log(level, "[" + typeInfo + getUserInfo() + " -> " + appInfo + "] " + clean, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public boolean isDebugEnabled() {
-		return isEnabledFor(Level.DEBUG);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isErrorEnabled() {
-		return isEnabledFor(Level.ERROR);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isFatalEnabled() {
-		return isEnabledFor(Level.FATAL);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public boolean isInfoEnabled() {
-		return isEnabledFor(Level.INFO);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public boolean isTraceEnabled() {
-		return isEnabledFor(Level.TRACE);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isWarningEnabled() {
-		return isEnabledFor(Level.WARN);
-	}
-
-	public String getUserInfo() {
-		// create a random session number for the user to represent the user's 'session', if it doesn't exist already
-		String sid = null;
-		HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-		if (request != null) {
-			HttpSession session = request.getSession(false);
-			if (session != null) {
-				sid = (String) session.getAttribute("ESAPI_SESSION");
-				// if there is no session ID for the user yet, we create one and store it in the user's session
-				if (sid == null) {
-					sid = "" + ESAPI.randomizer().getRandomInteger(0, 1000000);
-					session.setAttribute("ESAPI_SESSION", sid);
-				}
-			}
-		}
-
-		// log user information - username:session@ipaddr
-		User user = ESAPI.authenticator().getCurrentUser();
-		String userInfo = "";
-		//TODO - make type logging configurable
-		if (user != null) {
-			userInfo += user.getAccountName() + ":" + sid + "@" + user.getLastHostAddress();
-		}
-
-		return userInfo;
-	}
-	
-}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java
deleted file mode 100644
index f5a671380..000000000
--- a/src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.apache.log4j.spi.LoggerFactory;
-
-/**
- * Implementation of the LoggerFactory interface. This implementation has been 
- * overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
- *
- * @author August Detlefsen (augustd at codemagi dot com)
- *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLogFactory
- * @see org.owasp.esapi.reference.Log4JLogger
- */
-public class Log4JLoggerFactory implements LoggerFactory {
-
-	/**
-	 * This constructor must be public so it can be accessed from within log4j
-	 */
-	public Log4JLoggerFactory() {}
-
-	/**
-	 * Overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
-	 * 
-	 * @param name The class name to return a logger for.
-	 * @return org.owasp.esapi.reference.Log4JLogger
-	 */
-	public org.apache.log4j.Logger makeNewLoggerInstance(String name) {
-		return new Log4JLogger(name);
-	}
-	
-}
diff --git a/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java b/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java
index 28c3cb87f..1018b64be 100644
--- a/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java
@@ -1,85 +1,85 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-
-import java.util.Set;
-
-/**
- * Reference implementation of the AccessReferenceMap interface. This
- * implementation generates random 6 character alphanumeric strings for indirect
- * references. It is possible to use simple integers as indirect references, but
- * the random string approach provides a certain level of protection from CSRF
- * attacks, because an attacker would have difficulty guessing the indirect
- * reference.
- *
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author Chris Schmidt (chrisisbeef@gmail.com)
- * @see org.owasp.esapi.AccessReferenceMap
- * @since June 1, 2007
- */
-public class RandomAccessReferenceMap extends AbstractAccessReferenceMap<String>
-{
-
-   private static final long serialVersionUID = 8544133840739803001L;
-
-   public RandomAccessReferenceMap(int initialSize)
-   {
-      super(initialSize);
-   }
-
-   /**
-    * This AccessReferenceMap implementation uses short random strings to
-    * create a layer of indirection. Other possible implementations would use
-    * simple integers as indirect references.
-    */
-   public RandomAccessReferenceMap()
-   {
-      // call update to set up the references
-   }
-
-   public RandomAccessReferenceMap(Set<Object> directReferences)
-   {
-      super(directReferences.size());
-      update(directReferences);
-   }
-
-   public RandomAccessReferenceMap(Set<Object> directReferences, int initialSize)
-   {
-      super(initialSize);
-      update(directReferences);
-   }
-
-   /**
-    * {@inheritDoc}
-    * Note: this is final as redefinition by subclasses can lead to use
-    * before initialization issues as
-    * {@link #RandomAccessReferenceMap(Set)} and
-    * {@link #RandomAccessReferenceMap(Set,int)} both call it internally.
-    */
-   protected final synchronized String getUniqueReference()
-   {
-      String candidate;
-      do
-      {
-         candidate = ESAPI.randomizer().getRandomString(6, EncoderConstants.CHAR_ALPHANUMERICS);
-      }
-      while (itod.keySet().contains(candidate));
-      return candidate;
-   }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+
+import java.util.Set;
+
+/**
+ * Reference implementation of the AccessReferenceMap interface. This
+ * implementation generates random 6 character alphanumeric strings for indirect
+ * references. It is possible to use simple integers as indirect references, but
+ * the random string approach provides a certain level of protection from CSRF
+ * attacks, because an attacker would have difficulty guessing the indirect
+ * reference.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author Chris Schmidt (chrisisbeef@gmail.com)
+ * @see org.owasp.esapi.AccessReferenceMap
+ * @since June 1, 2007
+ */
+public class RandomAccessReferenceMap extends AbstractAccessReferenceMap<String>
+{
+
+   private static final long serialVersionUID = 8544133840739803001L;
+
+   public RandomAccessReferenceMap(int initialSize)
+   {
+      super(initialSize);
+   }
+
+   /**
+    * This AccessReferenceMap implementation uses short random strings to
+    * create a layer of indirection. Other possible implementations would use
+    * simple integers as indirect references.
+    */
+   public RandomAccessReferenceMap()
+   {
+      // call update to set up the references
+   }
+
+   public RandomAccessReferenceMap(Set<Object> directReferences)
+   {
+      super(directReferences.size());
+      update(directReferences);
+   }
+
+   public RandomAccessReferenceMap(Set<Object> directReferences, int initialSize)
+   {
+      super(initialSize);
+      update(directReferences);
+   }
+
+   /**
+    * {@inheritDoc}
+    * Note: this is final as redefinition by subclasses can lead to use
+    * before initialization issues as
+    * {@link #RandomAccessReferenceMap(Set)} and
+    * {@link #RandomAccessReferenceMap(Set,int)} both call it internally.
+    */
+   protected final synchronized String getUniqueReference()
+   {
+      String candidate;
+      do
+      {
+         candidate = ESAPI.randomizer().getRandomString(6, EncoderConstants.CHAR_ALPHANUMERICS);
+      }
+      while (itod.keySet().contains(candidate));
+      return candidate;
+   }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java
index 9d3863dd1..bd25ab86f 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java
@@ -1,9 +1,9 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-public class AlwaysFalseACR extends BaseACR<Object, Object> {
-
-//	@Override
-	public boolean isAuthorized(Object runtimeParameter) {
-		return false;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+public class AlwaysFalseACR extends BaseACR<Object, Object> {
+
+//    @Override
+    public boolean isAuthorized(Object runtimeParameter) {
+        return false;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java
index d7cab33b5..a132722ba 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java
@@ -1,9 +1,9 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-public class AlwaysTrueACR extends BaseACR<Object, Object> {
-	
-//	@Override
-	public boolean isAuthorized(Object runtimeParameter) {
-		return true;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+public class AlwaysTrueACR extends BaseACR<Object, Object> {
+
+//    @Override
+    public boolean isAuthorized(Object runtimeParameter) {
+        return true;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java
index f2221e086..1e307a731 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java
@@ -1,18 +1,18 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import org.owasp.esapi.AccessControlRule;
-
-abstract public class BaseACR<P, R> implements AccessControlRule<P, R> {
-
-	protected P policyParameters;
-	
-//	@Override
-	public void setPolicyParameters(P policyParameter) {
-		this.policyParameters = policyParameter;
-	}
-	
-//	@Override
-	public P getPolicyParameters() {
-		return policyParameters;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import org.owasp.esapi.AccessControlRule;
+
+abstract public class BaseACR<P, R> implements AccessControlRule<P, R> {
+
+    protected P policyParameters;
+
+//    @Override
+    public void setPolicyParameters(P policyParameter) {
+        this.policyParameters = policyParameter;
+    }
+
+//    @Override
+    public P getPolicyParameters() {
+        return policyParameters;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
index 193f91ef7..eaa35799c 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
@@ -1,99 +1,100 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-import java.util.Iterator;
-import java.util.Vector;
-
-import org.apache.commons.collections.iterators.ArrayListIterator;
-
-public class DelegatingACR extends BaseACR<DynaBeanACRParameter, Object[]> {
-	protected Method delegateMethod;
-	protected Object delegateInstance;
-	
-	@Override
-	public void setPolicyParameters(DynaBeanACRParameter policyParameter) {
-		String delegateClassName = policyParameter.getString("delegateClass", "").trim();
-		String methodName = policyParameter.getString("delegateMethod", "").trim();
-		String[] parameterClassNames = policyParameter.getStringArray("parameterClasses");
-
-		//Convert the classNames into Classes and get the delegate method.
-		Class delegateClass = getClass(delegateClassName, "delegate");
-		Class parameterClasses[] = getParameters(parameterClassNames);
-		try {
-			this.delegateMethod = delegateClass.getMethod(methodName, parameterClasses);
-		} catch (SecurityException e) {
-			throw new IllegalArgumentException(e.getMessage() + 
-					" delegateClass.delegateMethod(parameterClasses): \"" +  
-					delegateClassName + "." + methodName + "(" + parameterClassNames +
-					")\" must be public.", e);
-		} catch (NoSuchMethodException e) {
-			throw new IllegalArgumentException(e.getMessage() + 
-					" delegateClass.delegateMethod(parameterClasses): \"" +  
-					delegateClassName + "." + methodName + "(" + parameterClassNames +
-					")\" does not exist.", e);
-		}
-	
-		//static methods do not need a delegateInstance. Non-static methods do.
-		if(!Modifier.isStatic(this.delegateMethod.getModifiers())) {
-			try {
-				this.delegateInstance = delegateClass.newInstance();
-			} catch (InstantiationException ex) {
-				throw new IllegalArgumentException( 
-						" Delegate class \"" + delegateClassName + 
-						"\" must be concrete, because method " +
-						delegateClassName + "." + methodName + "(" + parameterClassNames +
-						") is not static.", ex);
-			} catch (IllegalAccessException ex) {
-				new IllegalArgumentException( 
-						" Delegate class \"" + delegateClassName + 
-						"\" must must have a zero-argument constructor, because " +
-						"method delegateClass.delegateMethod(parameterClasses): \"" +  
-						delegateClassName + "." + methodName + "(" + parameterClassNames +
-						")\" is not static.", ex);
-			}	
-		} else {
-			this.delegateInstance = null;
-		}
-	}
-	/**
-	 * Convert an array of fully qualified class names into an array of Class objects
-	 * @param parameterClassNames
-	 * @return
-	 */
-	protected final Class[] getParameters(String[] parameterClassNames) {
-		if(parameterClassNames == null) {
-			return new Class[0];
-		}
-		Vector<Class> classes = new Vector<Class>();
-		Iterator<String> classNames = new ArrayListIterator(parameterClassNames);
-		while(classNames.hasNext()) {
-			classes.add(getClass(classNames.next(), "parameter"));
-		}
-		return classes.toArray(new Class[classes.size()]);
-	}
-	/**
-	 * Convert a single fully qualified class name into a Class object
-	 * @param className
-	 * @param purpose
-	 * @return
-	 */
-	protected final Class getClass(String className, String purpose) {
-		try {
-	        Class theClass = Class.forName(className);
-	        return theClass;
-	    } catch ( ClassNotFoundException ex ) {
-			throw new IllegalArgumentException(ex.getMessage() + 
-					" " + purpose + " Class " + className + 
-					" must be in the classpath", ex);
-	    } 
-	}
-	/**
-	 * Delegates to the method specified in setPolicyParameters
-	 */
-	public boolean isAuthorized(Object[] runtimeParameters) throws Exception {
-		return ((Boolean)delegateMethod.invoke(delegateInstance, runtimeParameters)).booleanValue();
-	}
-}
-
-
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.util.Iterator;
+import java.util.Vector;
+import java.util.Arrays;
+
+import org.apache.commons.collections4.iterators.ArrayListIterator;
+
+public class DelegatingACR extends BaseACR<DynaBeanACRParameter, Object[]> {
+    protected Method delegateMethod;
+    protected Object delegateInstance;
+
+    @Override
+    public void setPolicyParameters(DynaBeanACRParameter policyParameter) {
+        String delegateClassName = policyParameter.getString("delegateClass", "").trim();
+        String methodName = policyParameter.getString("delegateMethod", "").trim();
+        String[] parameterClassNames = policyParameter.getStringArray("parameterClasses");
+
+        //Convert the classNames into Classes and get the delegate method.
+        Class delegateClass = getClass(delegateClassName, "delegate");
+        Class parameterClasses[] = getParameters(parameterClassNames);
+        try {
+            this.delegateMethod = delegateClass.getMethod(methodName, parameterClasses);
+        } catch (SecurityException e) {
+            throw new IllegalArgumentException(e.getMessage() +
+                    " delegateClass.delegateMethod(parameterClasses): \"" +
+                    delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
+                    ")\" must be public.", e);
+        } catch (NoSuchMethodException e) {
+            throw new IllegalArgumentException(e.getMessage() +
+                    " delegateClass.delegateMethod(parameterClasses): \"" +
+                    delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
+                    ")\" does not exist.", e);
+        }
+
+        //static methods do not need a delegateInstance. Non-static methods do.
+        if(!Modifier.isStatic(this.delegateMethod.getModifiers())) {
+            try {
+                this.delegateInstance = delegateClass.newInstance();
+            } catch (InstantiationException ex) {
+                throw new IllegalArgumentException(
+                        " Delegate class \"" + delegateClassName +
+                        "\" must be concrete, because method " +
+                        delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
+                        ") is not static.", ex);
+            } catch (IllegalAccessException ex) {
+                new IllegalArgumentException(
+                        " Delegate class \"" + delegateClassName +
+                        "\" must must have a zero-argument constructor, because " +
+                        "method delegateClass.delegateMethod(parameterClasses): \"" +
+                        delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
+                        ")\" is not static.", ex);
+            }
+        } else {
+            this.delegateInstance = null;
+        }
+    }
+    /**
+     * Convert an array of fully qualified class names into an array of Class objects
+     * @param parameterClassNames
+     * @return The Class objects found that match the specified class names provided.
+     */
+    protected final Class[] getParameters(String[] parameterClassNames) {
+        if (parameterClassNames == null) {
+            return new Class[0];
+        }
+        Vector<Class> classes = new Vector<Class>();
+        Iterator<String> classNames = new ArrayListIterator(parameterClassNames);
+        while(classNames.hasNext()) {
+            classes.add(getClass(classNames.next(), "parameter"));
+        }
+        return classes.toArray(new Class[classes.size()]);
+    }
+    /**
+     * Convert a single fully qualified class name into a Class object
+     * @param className
+     * @param purpose
+     * @return The Class matching the specified name, if it exists.
+     */
+    protected final Class getClass(String className, String purpose) {
+        try {
+            Class theClass = Class.forName(className);
+            return theClass;
+        } catch ( ClassNotFoundException ex ) {
+            throw new IllegalArgumentException(ex.getMessage() +
+                    " " + purpose + " Class " + className +
+                    " must be in the classpath", ex);
+        }
+    }
+    /**
+     * Delegates to the method specified in setPolicyParameters
+     */
+    public boolean isAuthorized(Object[] runtimeParameters) throws Exception {
+        return ((Boolean)delegateMethod.invoke(delegateInstance, runtimeParameters)).booleanValue();
+    }
+}
+
+
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
index 7c4879e7b..c0d29f382 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
@@ -1,186 +1,196 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.math.BigDecimal;
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Iterator;
-
-import org.apache.commons.beanutils.*;
-import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters;
-
-/**
- * A DynaBean comes from the apache bean utils. It is basically a 
- * convenient way to dynamically assign getters and setters. Essentially, 
- * the way we use DynaBean is a HashMap that can be set to read only.
- * @author Mike H. Fauzy
- */
-public class DynaBeanACRParameter implements PolicyParameters {
-	protected LazyDynaMap policyProperties;
-	
-	public DynaBeanACRParameter() {
-		policyProperties = new LazyDynaMap();
-	}
-	
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#get(java.lang.String)
-	 */
-	public Object get(String key) {
-		return policyProperties.get(key);
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public boolean getBoolean(String key) {
-		return ((Boolean)get(key)).booleanValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public byte getByte(String key) {
-		return ((Byte)get(key)).byteValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public char getChar(String key) {
-		return ((Character)get(key)).charValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public int getInt(String key) {
-		return ((Integer)get(key)).intValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public long getLong(String key) {
-		return ((Long)get(key)).longValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public float getFloat(String key) {
-		return ((Float)get(key)).floatValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public double getDouble(String key) {
-		return ((Double)get(key)).doubleValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public BigDecimal getBigDecimal(String key) {
-		return (BigDecimal)get(key);
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public BigInteger getBigInteger(String key) {
-		return (BigInteger)get(key);
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public Date getDate(String key) {
-		return (Date)get(key);
-	}
-	
-	/**
-	 * Convenience method to avoid common casts. Note that the time object
-	 * is the same as a date object
-	 * @param key
-	 * @return
-	 */
-	public Date getTime(String key) {
-		return (Date)get(key);
-	}
-	
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public String getString(String key) {
-		return (String)get(key);
-	}
-	
-	public String getString(String key, String defaultValue) {
-		return (String)get(key) == null ? defaultValue : (String)get(key);
-	}
-	
-	public String[] getStringArray(String key) {
-		return (String[])get(key);
-	}
-	
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public Object getObject(String key) {
-		return get(key);
-	}	
-
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#set(java.lang.String, java.lang.Object)
-	 */
-	public void set(String key, Object value) throws IllegalArgumentException {
-		policyProperties.set(key, value);
-	}
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#put(java.lang.String, java.lang.Object)
-	 */
-	public void put(String key, Object value) throws IllegalArgumentException {
-		set(key, value);
-	}
-	
-	/**
-	 * This makes the map itself read only, but the mutability of objects 
-	 * that this map contains is not affected. Specifically, properties 
-	 * cannot be added or removed and the reference cannot be changed to 
-	 * a different object, but this does not change whether the values that the 
-	 * object contains can be changed. 
-	 */
-	public void lock() {
-		policyProperties.setRestricted(true);
-	}
-	
-	public String toString() {
-		StringBuilder sb = new StringBuilder();
-		Iterator keys = policyProperties.getMap().keySet().iterator();
-		String currentKey;
-		while(keys.hasNext()) {
-			currentKey = (String)keys.next();
-			sb.append(currentKey);
-			sb.append("=");
-			sb.append(policyProperties.get(currentKey));
-			if(keys.hasNext()) {
-				sb.append(",");
-			}
-		}
-		return sb.toString();
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.util.Date;
+import java.util.Iterator;
+
+import org.apache.commons.beanutils.LazyDynaMap;
+import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters;
+
+/**
+ * A DynaBean comes from the apache bean utils. It is basically a
+ * convenient way to dynamically assign getters and setters. Essentially,
+ * the way we use DynaBean is a HashMap that can be set to read only.
+ * @author Mike H. Fauzy
+ */
+public class DynaBeanACRParameter implements PolicyParameters {
+    protected LazyDynaMap policyProperties;
+
+    public DynaBeanACRParameter() {
+        policyProperties = new LazyDynaMap();
+    }
+
+    /* (non-Javadoc)
+     * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#get(java.lang.String)
+     */
+    public Object get(String key) {
+        return policyProperties.get(key);
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The true/false value of the specified key. False if not found.
+     */
+    public boolean getBoolean(String key) {
+        return ((Boolean)get(key)).booleanValue();
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The byte value of the specified key.
+     */
+    public byte getByte(String key) {
+        return ((Byte)get(key)).byteValue();
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The char value of the specified key.
+     */
+    public char getChar(String key) {
+        return ((Character)get(key)).charValue();
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The int value of the specified key.
+     */
+    public int getInt(String key) {
+        return ((Integer)get(key)).intValue();
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The long value of the specified key.
+     */
+    public long getLong(String key) {
+        return ((Long)get(key)).longValue();
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The float value of the specified key.
+     */
+    public float getFloat(String key) {
+        return ((Float)get(key)).floatValue();
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The double value of the specified key.
+     */
+    public double getDouble(String key) {
+        return ((Double)get(key)).doubleValue();
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The BigDecimal value of the specified key.
+     */
+    public BigDecimal getBigDecimal(String key) {
+        return (BigDecimal)get(key);
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The BigInteger value of the specified key.
+     */
+    public BigInteger getBigInteger(String key) {
+        return (BigInteger)get(key);
+    }
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The Date value of the specified key.
+     */
+    public Date getDate(String key) {
+        return (Date)get(key);
+    }
+
+    /**
+     * Convenience method to avoid common casts. Note that the time object
+     * is the same as a date object
+     * @param key
+     * @return The Date value of the specified key.
+     */
+    public Date getTime(String key) {
+        return (Date)get(key);
+    }
+
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The String value of the specified key. null if the key is not defined.
+     */
+    public String getString(String key) {
+        return (String)get(key);
+    }
+
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The String value of the specified key. If the key is not defined, the default value is returned instead.
+     */
+    public String getString(String key, String defaultValue) {
+        return (String)get(key) == null ? defaultValue : (String)get(key);
+    }
+
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The String[] value of the specified key.
+     */
+    public String[] getStringArray(String key) {
+        return (String[])get(key);
+    }
+
+    /**
+     * Convenience method to avoid common casts.
+     * @param key
+     * @return The value of the specified key, returned generically as an Object.
+     */
+    public Object getObject(String key) {
+        return get(key);
+    }
+
+    /* (non-Javadoc)
+     * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#set(java.lang.String, java.lang.Object)
+     */
+    public void set(String key, Object value) throws IllegalArgumentException {
+        policyProperties.set(key, value);
+    }
+    /* (non-Javadoc)
+     * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#put(java.lang.String, java.lang.Object)
+     */
+    public void put(String key, Object value) throws IllegalArgumentException {
+        set(key, value);
+    }
+
+    /**
+     * This makes the map itself read only, but the mutability of objects
+     * that this map contains is not affected. Specifically, properties
+     * cannot be added or removed and the reference cannot be changed to
+     * a different object, but this does not change whether the values that the
+     * object contains can be changed.
+     */
+    public void lock() {
+        policyProperties.setRestricted(true);
+    }
+
+    public String toString() {
+        StringBuilder sb = new StringBuilder();
+        Iterator keys = policyProperties.getMap().keySet().iterator();
+        String currentKey;
+        while(keys.hasNext()) {
+            currentKey = (String)keys.next();
+            sb.append(currentKey);
+            sb.append("=");
+            sb.append(policyProperties.get(currentKey));
+            if(keys.hasNext()) {
+                sb.append(",");
+            }
+        }
+        return sb.toString();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java
index bbc816898..2bafc3864 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java
@@ -1,13 +1,13 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-public class EchoRuntimeParameterACR extends BaseACR<Object, Boolean>{
-
-	/**
-	 * Returns true iff runtimeParameter is a Boolean true.
-	 * throws ClassCastException if runtimeParameter is not a Boolean.
-	 */
-	public boolean isAuthorized(Boolean runtimeParameter) throws ClassCastException{
-		return runtimeParameter.booleanValue();
-	}
-
+package org.owasp.esapi.reference.accesscontrol;
+
+public class EchoRuntimeParameterACR extends BaseACR<Object, Boolean>{
+
+    /**
+     * Returns true iff runtimeParameter is a Boolean true.
+     * throws ClassCastException if runtimeParameter is not a Boolean.
+     */
+    public boolean isAuthorized(Boolean runtimeParameter) throws ClassCastException{
+        return runtimeParameter.booleanValue();
+    }
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
index f97b22677..0b1e4cfb2 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
@@ -1,184 +1,194 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.util.Map;
-
-import org.owasp.esapi.AccessControlRule;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
-import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
-
-public class ExperimentalAccessController implements AccessController {
-	private Map ruleMap;
-
-	protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
-	
-	public ExperimentalAccessController(Map ruleMap) {
-		this.ruleMap = ruleMap;	
-	}
-	public ExperimentalAccessController() throws AccessControlException {
-		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
-		PolicyDTO policyDTO = policyDescriptor.load();		
-		ruleMap = policyDTO.getAccessControlRules();
-	}
-	
-	public boolean isAuthorized(Object key, Object runtimeParameter) {
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied",
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			return rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			try {
-				//Log the exception by throwing and then catching it.
-				//TODO figure out what which string goes where.		
-				throw new AccessControlException("Access Denied",
-					"An unhandled Exception was " +
-					"caught, so access is denied.",  
-					e);	
-			} catch(AccessControlException ace) {
-				//the exception was just logged. There's nothing left to do.
-			}
-			return false; //fail closed
-		}
-	}
-
-	public void assertAuthorized(Object key, Object runtimeParameter)
-		throws AccessControlException {
-		boolean isAuthorized = false;
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied", 
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			isAuthorized = rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			//TODO figure out what which string goes where.		
-			throw new AccessControlException("Access Denied", "An unhandled Exception was " +
-					"caught, so access is denied." +
-					"AccessControlException.",
-					e);
-		}
-		if(!isAuthorized) {
-			throw new AccessControlException("Access Denied", 
-					"Access Denied for key: " + key + 
-					" runtimeParameter: " + runtimeParameter);
-		}
-	}
-	
-	/**** Below this line is legacy support ****/
-	
-	/**
-	 * @param action
-	 * @param data
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForData(java.lang.String, java.lang.Object)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForData(String action, Object data)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-	/**
-	 * @param filepath
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFile(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForFile(String filepath)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-	/**
-	 * @param functionName
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFunction(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForFunction(String functionName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-	/**
-	 * @param serviceName
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForService(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForService(String serviceName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-	/**
-	 * @param url
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForURL(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForURL(String url)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-
-	/**
-	 * @param action
-	 * @param data
-	 * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForData(java.lang.String, java.lang.Object)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForData(String action, Object data) {
-		return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-	/**
-	 * @param filepath
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFile(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForFile(String filepath) {
-		return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-	/**
-	 * @param functionName
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFunction(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForFunction(String functionName) {
-		return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-	/**
-	 * @param serviceName
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForService(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForService(String serviceName) {
-		return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-	/**
-	 * @param url
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForURL(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForURL(String url) {
-		return this.isAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.util.Map;
+
+import org.owasp.esapi.AccessControlRule;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
+import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
+
+public class ExperimentalAccessController implements AccessController {
+    private Map ruleMap;
+
+    protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
+
+    public ExperimentalAccessController(Map ruleMap) {
+        this.ruleMap = ruleMap;
+    }
+    public ExperimentalAccessController() throws AccessControlException {
+        ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
+        PolicyDTO policyDTO = policyDescriptor.load();
+        ruleMap = policyDTO.getAccessControlRules();
+    }
+
+    public boolean isAuthorized(Object key, Object runtimeParameter) {
+        try {
+            AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+            if(rule == null) {
+                throw new AccessControlException("Access Denied",
+                        "AccessControlRule was not found for key: " + key);
+            }
+            if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+            return rule.isAuthorized(runtimeParameter);
+        } catch(Exception e) {
+            try {
+                //Log the exception by throwing and then catching it.
+                //TODO figure out what which string goes where.
+                throw new AccessControlException("Access Denied",
+                    "An unhandled Exception was " +
+                    "caught, so access is denied.",
+                    e);
+            } catch(AccessControlException ace) {
+                //the exception was just logged. There's nothing left to do.
+            }
+            return false; //fail closed
+        }
+    }
+
+    public void assertAuthorized(Object key, Object runtimeParameter)
+        throws AccessControlException {
+        boolean isAuthorized = false;
+        try {
+            AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+            if(rule == null) {
+                throw new AccessControlException("Access Denied",
+                        "AccessControlRule was not found for key: " + key);
+            }
+            if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+            isAuthorized = rule.isAuthorized(runtimeParameter);
+        } catch(Exception e) {
+            //TODO figure out what which string goes where.
+            throw new AccessControlException("Access Denied", "An unhandled Exception was " +
+                    "caught, so access is denied." +
+                    "AccessControlException.",
+                    e);
+        }
+        if(!isAuthorized) {
+            throw new AccessControlException("Access Denied",
+                    "Access Denied for key: " + key +
+                    " runtimeParameter: " + runtimeParameter);
+        }
+    }
+
+    /**** Below this line is legacy support ****/
+
+    /**
+     * @param action
+     * @param data
+     * @throws AccessControlException
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForData(java.lang.String, java.lang.Object)
+     * @deprecated
+     */
+    @Deprecated
+    public void assertAuthorizedForData(String action, Object data)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
+    }
+
+    /**
+     * @param filepath
+     * @throws AccessControlException
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFile(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public void assertAuthorizedForFile(String filepath)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
+    }
+
+    /**
+     * @param functionName
+     * @throws AccessControlException
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFunction(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public void assertAuthorizedForFunction(String functionName)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
+    }
+
+    /**
+     * @param serviceName
+     * @throws AccessControlException
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForService(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public void assertAuthorizedForService(String serviceName)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
+    }
+
+    /**
+     * @param url
+     * @throws AccessControlException
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForURL(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public void assertAuthorizedForURL(String url)
+            throws AccessControlException {
+        this.assertAuthorized("AC 1.0 URL", new Object[] {url});
+    }
+
+    /**
+     * @param action
+     * @param data
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForData(java.lang.String, java.lang.Object)
+     * @deprecated
+     */
+    @Deprecated
+    public boolean isAuthorizedForData(String action, Object data) {
+        return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
+    }
+
+    /**
+     * @param filepath
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFile(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public boolean isAuthorizedForFile(String filepath) {
+        return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
+    }
+
+    /**
+     * @param functionName
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFunction(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public boolean isAuthorizedForFunction(String functionName) {
+        return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
+    }
+
+    /**
+     * @param serviceName
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForService(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public boolean isAuthorizedForService(String serviceName) {
+        return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
+    }
+
+    /**
+     * @param url
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+     * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForURL(java.lang.String)
+     * @deprecated
+     */
+    @Deprecated
+    public boolean isAuthorizedForURL(String url) {
+        return this.isAuthorized("AC 1.0 URL", new Object[] {url});
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java
index c788b875c..2e19304f5 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java
@@ -1,559 +1,559 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.IntrusionException;
-
-// CHECKME: If this exists for backward compatibility, should this
-//          class be deprecated??? If so, mark it using annotation.
-/**
- * This class exists for backwards compatibility with the AccessController 1.0 
- * reference implementation.
- *
- * This reference implementation uses a simple model for specifying a set of
- * access control rules. Many organizations will want to create their own
- * implementation of the methods provided in the AccessController interface.
- * <P>
- * This reference implementation uses a simple scheme for specifying the rules.
- * The first step is to create a namespace for the resources being accessed. For
- * files and URL's, this is easy as they already have a namespace. Be extremely
- * careful about canonicalizing when relying on information from the user in an
- * access control decision.
- * <P>
- * For functions, data, and services, you will have to come up with your own
- * namespace for the resources being accessed. You might simply define a flat
- * namespace with a list of category names. For example, you might specify
- * 'FunctionA', 'FunctionB', and 'FunctionC'. Or you can create a richer
- * namespace with a hierarchical structure, such as:
- * <P>
- * /functions
- * <ul>
- * <li>purchasing</li>
- * <li>shipping</li>
- * <li>inventory</li>
- * </ul>
- * /admin
- * <ul>
- * <li>createUser</li>
- * <li>deleteUser</li>
- * </ul>
- * Once you've defined your namespace, you have to work out the rules that
- * govern access to the different parts of the namespace. This implementation
- * allows you to attach a simple access control list (ACL) to any part of the
- * namespace tree. The ACL lists a set of roles that are either allowed or
- * denied access to a part of the tree. You specify these rules in a textfile
- * with a simple format.
- * <P>
- * There is a single configuration file supporting each of the five methods in
- * the AccessController interface. These files are located in the ESAPI
- * resources directory as specified when the JVM was started. The use of a
- * default deny rule is STRONGLY recommended. The file format is as follows:
- * 
- * <pre>
- * path          | role,role   | allow/deny | comment
- * ------------------------------------------------------------------------------------
- * /banking/*    | user,admin  | allow      | authenticated users can access /banking
- * /admin        | admin       | allow      | only admin role can access /admin
- * /             | any         | deny       | default deny rule
- * </pre>
- * 
- * To find the matching rules, this implementation follows the general approach
- * used in Java EE when matching HTTP requests to servlets in web.xml. The four
- * mapping rules are used in the following order:
- * <ul>
- * <li>exact match, e.g. /access/login</li>
- * <li>longest path prefix match, beginning / and ending /*, e.g. /access/* or
- * /*</li>
- * <li>extension match, beginning *., e.g. *.css</li>
- * <li>default rule, specified by the single character pattern /</li>
- * </ul>
- * 
- * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @since June 1, 2007
- */
-public class FileBasedACRs {
-
-	/** The url map. */
-	private Map urlMap = new HashMap();
-
-	/** The function map. */
-	private Map functionMap = new HashMap();
-
-	/** The data map. */
-	private Map dataMap = new HashMap();
-
-	/** The file map. */
-	private Map fileMap = new HashMap();
-
-	/** The service map. */
-	private Map serviceMap = new HashMap();
-
-	/** A rule containing "deny". */
-	private Rule deny = new Rule();
-
-	/** The logger. */
-	private Logger logger = ESAPI.getLogger("FileBasedACRs");
-
-    /**
-	* Check if URL is authorized.
-	* @param url The URL tested for authorization
-	* @return {@code true} if access is allowed, {@code false} otherwise.
-	*/
-    public boolean isAuthorizedForURL(String url) {
-		if (urlMap==null || urlMap.isEmpty()) {
-			urlMap = loadRules("URLAccessRules.txt");
-		}
-		return matchRule(urlMap, url);
-	}
-
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForFunction(String functionName) throws AccessControlException {
-    	if (functionMap==null || functionMap.isEmpty()) {
-			functionMap = loadRules("FunctionAccessRules.txt");
-		}
-		return matchRule(functionMap, functionName);
-	}
-  
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForData(String action, Object data) throws AccessControlException{
-    	if (dataMap==null || dataMap.isEmpty()) {
-			dataMap = loadDataRules("DataAccessRules.txt");
-    	}		
-    	return matchRule(dataMap, (Class)data, action);    	
-    }
-    
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForFile(String filepath) throws AccessControlException {
-		if (fileMap==null || fileMap.isEmpty()) {
-			fileMap = loadRules("FileAccessRules.txt");
-		}
-		return matchRule(fileMap, filepath.replaceAll("\\\\","/"));
-	}
-
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForService(String serviceName) throws AccessControlException {    	
-		if (serviceMap==null || serviceMap.isEmpty()) {
-			serviceMap = loadRules("ServiceAccessRules.txt");
-		}
-		return matchRule(serviceMap, serviceName);
-	}
-
-	/**
-	 * Checks to see if the current user has access to the specified data, File, Object, etc.
-	 * If the User has access, as specified by the map parameter, this method returns true.  If the 
-	 * User does not have access or an exception is thrown, false is returned.
-	 * 
-	 * @param map
-	 *       the map containing access rules
-	 * @param path
-	 *       the path of the requested File, URL, Object, etc.
-	 * 
-	 * @return 
-	 * 		true, if the user has access, false otherwise
-	 * 
-	 */
-	private boolean matchRule(Map map, String path) {
-		// get users roles
-		User user = ESAPI.authenticator().getCurrentUser();
-		Set roles = user.getRoles();
-		// search for the first rule that matches the path and rules
-		Rule rule = searchForRule(map, roles, path);
-		return rule.allow;
-	}
-	
-	/**
-	 * Checks to see if the current user has access to the specified Class and action.
-	 * If the User has access, as specified by the map parameter, this method returns true.
-     * If the User does not have access or an exception is thrown, false is returned.
-	 * 
-	 * @param map
-	 *       the map containing access rules
-	 * @param clazz
-	 *       the Class being requested for access
-	 * @param action
-	 * 		 the action the User has asked to perform
-	 * @return 
-	 * 		true, if the user has access, false otherwise
-	 * 
-	 */
-	private boolean matchRule(Map map, Class clazz, String action) {
-		// get users roles
-		User user = ESAPI.authenticator().getCurrentUser();
-		Set roles = user.getRoles();
-		// search for the first rule that matches the path and rules
-		Rule rule = searchForRule(map, roles, clazz, action);
-		return rule != null;
-	}
-
-	/**
-	 * Search for rule. Four mapping rules are used in order: - exact match,
-	 * e.g. /access/login - longest path prefix match, beginning / and ending
-	 * /*, e.g. /access/* or /* - extension match, beginning *., e.g. *.css -
-	 * default servlet, specified by the single character pattern /
-	 * 
-	 * @param map
-	 *       the map containing access rules
-	 * @param roles
-	 *       the roles of the User being checked for access
-	 * @param path
-	 *       the File, URL, Object, etc. being checked for access
-	 * 
-	 * @return 
-	 *       the rule stating whether to allow or deny access
-	 * 
-	 */
-	private Rule searchForRule(Map map, Set roles, String path) {
-		String canonical = ESAPI.encoder().canonicalize(path);
-
-		String part = canonical;
-        if ( part == null ) {
-            part = "";
-        }
-        
-		while (part.endsWith("/")) {
-			part = part.substring(0, part.length() - 1);
-		}
-
-		if (part.indexOf("..") != -1) {
-			throw new IntrusionException("Attempt to manipulate access control path", "Attempt to manipulate access control path: " + path );
-		}
-		
-		// extract extension if any
-		String extension = "";
-		int extIndex = part.lastIndexOf(".");
-		if (extIndex != -1) {
-			extension = part.substring(extIndex + 1);
-		}
-
-		// Check for exact match - ignore any ending slash
-		Rule rule = (Rule) map.get(part);
-
-		// Check for ending with /*
-		if (rule == null)
-			rule = (Rule) map.get(part + "/*");
-
-		// Check for matching extension rule *.ext
-		if (rule == null)
-			rule = (Rule) map.get("*." + extension);
-
-		// if rule found and user's roles match rules' roles, return the rule
-		if (rule != null && overlap(rule.roles, roles))
-			return rule;
-
-		// rule hasn't been found - if there are no more parts, return a deny
-		int slash = part.lastIndexOf('/');
-		if ( slash == -1 ) {
-			return deny;
-		}
-		
-		// if there are more parts, strip off the last part and recurse
-		part = part.substring(0, part.lastIndexOf('/'));
-		
-		// return default deny
-		if (part.length() <= 1) {
-			return deny;
-		}
-		
-		return searchForRule(map, roles, part);
-	}
-	
-	/**
-	 * Search for rule. Searches the specified access map to see if any of the roles specified have 
-	 * access to perform the specified action on the specified Class.
-	 * 
-	 * @param map
-	 *      the map containing access rules
-	 * @param roles
-	 *      the roles used to determine access level
-	 * @param clazz
-	 *      the Class being requested for access
-	 * @param action
-	 * 		the action the User has asked to perform
-	 * 
-	 * @return 
-	 * 		the rule that allows the specified roles access to perform the requested action on the specified Class, or null if access is not granted
-	 * 
-	 */
-	private Rule searchForRule(Map map, Set roles, Class clazz, String action) {
-
-		// Check for exact match - ignore any ending slash
-		Rule rule = (Rule) map.get(clazz);
-		if( ( rule != null ) && ( overlap(rule.actions, action) ) && ( overlap(rule.roles, roles) )){
-			return rule;
-		}
-		return null;
-	}
-
-	/**
-	 * Return true if there is overlap between the two sets.  This method merely checks to see if 
-	 * ruleRoles contains any of the roles listed in userRoles.
-	 * 
-	 * @param ruleRoles
-	 *      the rule roles
-	 * @param userRoles
-	 *      the user roles
-	 * 
-	 * @return 
-	 * 		true, if any roles exist in both Sets.  False otherwise.
-	 */
-	private boolean overlap(Set ruleRoles, Set userRoles) {
-		if (ruleRoles.contains("any")) {
-			return true;
-		}
-		Iterator i = userRoles.iterator();
-		while (i.hasNext()) {
-			String role = (String) i.next();
-			if (ruleRoles.contains(role)) {
-				return true;
-			}
-		}
-		return false;
-	}
-	
-	/**
-	 * This method merely checks to see if ruleActions contains the action requested.
-	 * 
-	 * @param ruleActions
-	 *      actions listed for a rule
-	 * @param action
-	 *      the action requested that will be searched for in ruleActions
-	 * 
-	 * @return 
-	 * 		true, if any action exists in ruleActions.  False otherwise.
-	 */
-	private boolean overlap( List ruleActions, String action){
-		if( ruleActions.contains(action) )
-			return true;
-		return false;
-	}
-		
-	/**
-	 * Checks that the roles passed in contain only letters, numbers, and underscores.  Also checks that
-	 * roles are no more than 10 characters long.  If a role does not pass validation, it is not included in the 
-	 * list of roles returned by this method.  A log warning is also generated for any invalid roles.
-	 * 
-	 * @param roles
-	 * 		roles to validate according to criteria started above
-	 * @return
-	 * 		a List of roles that are valid according to the criteria stated above.
-	 * 
-	 */
-	private List validateRoles(List roles){
-		List ret = new ArrayList();	
-		for(int x = 0; x < roles.size(); x++){
-			String canonical = ESAPI.encoder().canonicalize(((String)roles.get(x)).trim());
-
-			if(!ESAPI.validator().isValidInput("Validating user roles in FileBasedAccessController", canonical, "RoleName", 20, false)) {
-				logger.warning( Logger.SECURITY_FAILURE, "Role: " + ((String)roles.get(x)).trim() + " is invalid, so was not added to the list of roles for this Rule.");
-			} else { 
-				ret.add(canonical.trim());
-			}
-		}
-		return ret;
-	}
-	
-	/**
-	 * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
-	 * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
-	 * are split by the pipe character ('|').  The method loads all paths, replacing '\' characters with '/' for uniformity then loads
-	 * the list of comma separated roles. The roles are validated to be sure they are within a 
-	 * length and character set, specified in the validateRoles(String) method.  Then the permissions are stored for each item in the rules list.
-	 * If the word "allow" appears on the line, the specified roles are granted access to the data - otherwise, they will be denied access.
-	 * 
-	 * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored. 
-	 *  
-	 * @param ruleset
-	 *      the name of the data that contains access rules
-	 * 
-	 * @return 
-	 * 		a hash map containing the ruleset
-	 */
-	private Map loadRules(String ruleset) {
-		ruleset = "fbac-policies/" + ruleset;
-		Map map = new HashMap();
-		InputStream is = null;
-		try {
-			is = ESAPI.securityConfiguration().getResourceStream(ruleset);
-			String line = "";
-			while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
-				if (line.length() > 0 && line.charAt(0) != '#') {
-					Rule rule = new Rule();
-					String[] parts = line.split("\\|");
-					// fix Windows paths
-					rule.path = parts[0].trim().replaceAll("\\\\", "/");
-					
-					List roles = commaSplit(parts[1].trim().toLowerCase());
-					roles = validateRoles(roles);
-					for(int x = 0; x < roles.size(); x++)
-						rule.roles.add(((String)roles.get(x)).trim());
-					
-					String action = parts[2].trim();
-					rule.allow = action.equalsIgnoreCase("allow");
-					if (map.containsKey(rule.path)) {
-						logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
-					} else {
-						map.put(rule.path, rule);
-					}
-				}
-			}
-		} catch (Exception e) {
-			logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file: " + ruleset, e );
-		} finally {
-			try {
-				if (is != null) {
-					is.close();
-				}
-			} catch (IOException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file: " + ruleset, e);
-			}
-		}
-		return map;
-	}
-	
-	/**
-	 * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
-	 * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
-	 * are split by the pipe character ('|').  The method then loads all Classes, loads the list of comma separated roles, then the list of comma separated actions.  
-	 * The roles are validated to be sure they are within a length and character set, specified in the validateRoles(String) method.  
-	 * 
-	 * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored. 
-	 *  
-	 * @param ruleset
-	 *      the name of the data that contains access rules
-	 * 
-	 * @return 
-	 * 		a hash map containing the ruleset
-	 */
-	private Map loadDataRules(String ruleset) {
-		Map map = new HashMap();
-		InputStream is = null;
-
-		try {
-			ruleset = "fbac-policies/" + ruleset;
-			is = ESAPI.securityConfiguration().getResourceStream(ruleset);
-			String line = "";
-			while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
-				if (line.length() > 0 && line.charAt(0) != '#') {
-					Rule rule = new Rule();
-					String[] parts = line.split("\\|");
-					rule.clazz = Class.forName(parts[0].trim());
-					
-					List roles = commaSplit(parts[1].trim().toLowerCase());
-					roles = validateRoles(roles);
-					for(int x = 0; x < roles.size(); x++)
-						rule.roles.add(((String)roles.get(x)).trim());
-					
-					List action = commaSplit(parts[2].trim().toLowerCase());
-					for(int x = 0; x < action.size(); x++)
-						rule.actions.add(((String) action.get(x)).trim());
-					
-					if (map.containsKey(rule.path)) {
-						logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
-					} else {
-						map.put(rule.clazz, rule);		
-					}
-				}
-			}
-		} catch (Exception e) {
-			logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file : " + ruleset, e );
-		} finally {
-			
-			try {
-				if (is != null) {
-					is.close();
-				}
-			} catch (IOException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file : " + ruleset, e);
-			}
-		}
-		return map;
-	}
-
-	/**
-	 * This method splits a String by the ',' and returns the result as a List.
-	 * 
-	 * @param input
-	 * 		the String to split by ','
-	 * @return
-	 * 		a List where each entry was on either side of a ',' in the original String
-	 */
-	private List commaSplit(String input){
-		String[] array = input.split(",");
-		return Arrays.asList(array);
-	}
-	
-	/**
-	 * The Class Rule.
-	 */
-	private class Rule {
-
-		
-		protected String path = "";
-
-		
-		protected Set roles = new HashSet();
-
-		
-		protected boolean allow = false;
-		
-		
-		protected Class clazz = null;
-		
-		
-		protected List actions = new ArrayList();
-
-		/**
-		 * 
-		 * Creates a new Rule object.
-		 */
-		protected Rule() {
-			// to replace synthetic accessor method
-		}
-
-		/**
-	     * {@inheritDoc}
-		 */
-		public String toString() {
-			return "URL:" + path + " | " + roles + " | " + (allow ? "allow" : "deny");
-		}
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.IntrusionException;
+
+// CHECKME: If this exists for backward compatibility, should this
+//          class be deprecated??? If so, mark it using annotation.
+/**
+ * This class exists for backwards compatibility with the AccessController 1.0
+ * reference implementation.
+ *
+ * This reference implementation uses a simple model for specifying a set of
+ * access control rules. Many organizations will want to create their own
+ * implementation of the methods provided in the AccessController interface.
+ * <P>
+ * This reference implementation uses a simple scheme for specifying the rules.
+ * The first step is to create a namespace for the resources being accessed. For
+ * files and URL's, this is easy as they already have a namespace. Be extremely
+ * careful about canonicalizing when relying on information from the user in an
+ * access control decision.
+ * <P>
+ * For functions, data, and services, you will have to come up with your own
+ * namespace for the resources being accessed. You might simply define a flat
+ * namespace with a list of category names. For example, you might specify
+ * 'FunctionA', 'FunctionB', and 'FunctionC'. Or you can create a richer
+ * namespace with a hierarchical structure, such as:
+ * <P>
+ * /functions
+ * <ul>
+ * <li>purchasing</li>
+ * <li>shipping</li>
+ * <li>inventory</li>
+ * </ul>
+ * /admin
+ * <ul>
+ * <li>createUser</li>
+ * <li>deleteUser</li>
+ * </ul>
+ * Once you've defined your namespace, you have to work out the rules that
+ * govern access to the different parts of the namespace. This implementation
+ * allows you to attach a simple access control list (ACL) to any part of the
+ * namespace tree. The ACL lists a set of roles that are either allowed or
+ * denied access to a part of the tree. You specify these rules in a textfile
+ * with a simple format.
+ * <P>
+ * There is a single configuration file supporting each of the five methods in
+ * the AccessController interface. These files are located in the ESAPI
+ * resources directory as specified when the JVM was started. The use of a
+ * default deny rule is STRONGLY recommended. The file format is as follows:
+ *
+ * <pre>
+ * path          | role,role   | allow/deny | comment
+ * ------------------------------------------------------------------------------------
+ * /banking/*    | user,admin  | allow      | authenticated users can access /banking
+ * /admin        | admin       | allow      | only admin role can access /admin
+ * /             | any         | deny       | default deny rule
+ * </pre>
+ *
+ * To find the matching rules, this implementation follows the general approach
+ * used in Java EE when matching HTTP requests to servlets in web.xml. The four
+ * mapping rules are used in the following order:
+ * <ul>
+ * <li>exact match, e.g. /access/login</li>
+ * <li>longest path prefix match, beginning / and ending /*, e.g. /access/* or
+ * /*</li>
+ * <li>extension match, beginning *., e.g. *.css</li>
+ * <li>default rule, specified by the single character pattern /</li>
+ * </ul>
+ *
+ * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @since June 1, 2007
+ */
+public class FileBasedACRs {
+
+    /** The url map. */
+    private Map urlMap = new HashMap();
+
+    /** The function map. */
+    private Map functionMap = new HashMap();
+
+    /** The data map. */
+    private Map dataMap = new HashMap();
+
+    /** The file map. */
+    private Map fileMap = new HashMap();
+
+    /** The service map. */
+    private Map serviceMap = new HashMap();
+
+    /** A rule containing "deny". */
+    private Rule deny = new Rule();
+
+    /** The logger. */
+    private Logger logger = ESAPI.getLogger("FileBasedACRs");
+
+    /**
+    * Check if URL is authorized.
+    * @param url The URL tested for authorization
+    * @return {@code true} if access is allowed, {@code false} otherwise.
+    */
+    public boolean isAuthorizedForURL(String url) {
+        if (urlMap==null || urlMap.isEmpty()) {
+            urlMap = loadRules("URLAccessRules.txt");
+        }
+        return matchRule(urlMap, url);
+    }
+
+    /**
+    * TODO Javadoc
+    */
+    public boolean isAuthorizedForFunction(String functionName) throws AccessControlException {
+        if (functionMap==null || functionMap.isEmpty()) {
+            functionMap = loadRules("FunctionAccessRules.txt");
+        }
+        return matchRule(functionMap, functionName);
+    }
+
+    /**
+    * TODO Javadoc
+    */
+    public boolean isAuthorizedForData(String action, Object data) throws AccessControlException{
+        if (dataMap==null || dataMap.isEmpty()) {
+            dataMap = loadDataRules("DataAccessRules.txt");
+        }
+        return matchRule(dataMap, (Class)data, action);
+    }
+
+    /**
+    * TODO Javadoc
+    */
+    public boolean isAuthorizedForFile(String filepath) throws AccessControlException {
+        if (fileMap==null || fileMap.isEmpty()) {
+            fileMap = loadRules("FileAccessRules.txt");
+        }
+        return matchRule(fileMap, filepath.replaceAll("\\\\","/"));
+    }
+
+    /**
+    * TODO Javadoc
+    */
+    public boolean isAuthorizedForService(String serviceName) throws AccessControlException {
+        if (serviceMap==null || serviceMap.isEmpty()) {
+            serviceMap = loadRules("ServiceAccessRules.txt");
+        }
+        return matchRule(serviceMap, serviceName);
+    }
+
+    /**
+     * Checks to see if the current user has access to the specified data, File, Object, etc.
+     * If the User has access, as specified by the map parameter, this method returns true.  If the
+     * User does not have access or an exception is thrown, false is returned.
+     *
+     * @param map
+     *       the map containing access rules
+     * @param path
+     *       the path of the requested File, URL, Object, etc.
+     *
+     * @return
+     *         true, if the user has access, false otherwise
+     *
+     */
+    private boolean matchRule(Map map, String path) {
+        // get users roles
+        User user = ESAPI.authenticator().getCurrentUser();
+        Set roles = user.getRoles();
+        // search for the first rule that matches the path and rules
+        Rule rule = searchForRule(map, roles, path);
+        return rule.allow;
+    }
+
+    /**
+     * Checks to see if the current user has access to the specified Class and action.
+     * If the User has access, as specified by the map parameter, this method returns true.
+     * If the User does not have access or an exception is thrown, false is returned.
+     *
+     * @param map
+     *       the map containing access rules
+     * @param clazz
+     *       the Class being requested for access
+     * @param action
+     *          the action the User has asked to perform
+     * @return
+     *         true, if the user has access, false otherwise
+     *
+     */
+    private boolean matchRule(Map map, Class clazz, String action) {
+        // get users roles
+        User user = ESAPI.authenticator().getCurrentUser();
+        Set roles = user.getRoles();
+        // search for the first rule that matches the path and rules
+        Rule rule = searchForRule(map, roles, clazz, action);
+        return rule != null;
+    }
+
+    /**
+     * Search for rule. Four mapping rules are used in order: - exact match,
+     * e.g. /access/login - longest path prefix match, beginning / and ending
+     * /*, e.g. /access/* or /* - extension match, beginning *., e.g. *.css -
+     * default servlet, specified by the single character pattern /
+     *
+     * @param map
+     *       the map containing access rules
+     * @param roles
+     *       the roles of the User being checked for access
+     * @param path
+     *       the File, URL, Object, etc. being checked for access
+     *
+     * @return
+     *       the rule stating whether to allow or deny access
+     *
+     */
+    private Rule searchForRule(Map map, Set roles, String path) {
+        String canonical = ESAPI.encoder().canonicalize(path);
+
+        String part = canonical;
+        if ( part == null ) {
+            part = "";
+        }
+
+        while (part.endsWith("/")) {
+            part = part.substring(0, part.length() - 1);
+        }
+
+        if (part.indexOf("..") != -1) {
+            throw new IntrusionException("Attempt to manipulate access control path", "Attempt to manipulate access control path: " + path );
+        }
+
+        // extract extension if any
+        String extension = "";
+        int extIndex = part.lastIndexOf(".");
+        if (extIndex != -1) {
+            extension = part.substring(extIndex + 1);
+        }
+
+        // Check for exact match - ignore any ending slash
+        Rule rule = (Rule) map.get(part);
+
+        // Check for ending with /*
+        if (rule == null)
+            rule = (Rule) map.get(part + "/*");
+
+        // Check for matching extension rule *.ext
+        if (rule == null)
+            rule = (Rule) map.get("*." + extension);
+
+        // if rule found and user's roles match rules' roles, return the rule
+        if (rule != null && overlap(rule.roles, roles))
+            return rule;
+
+        // rule hasn't been found - if there are no more parts, return a deny
+        int slash = part.lastIndexOf('/');
+        if ( slash == -1 ) {
+            return deny;
+        }
+
+        // if there are more parts, strip off the last part and recurse
+        part = part.substring(0, part.lastIndexOf('/'));
+
+        // return default deny
+        if (part.length() <= 1) {
+            return deny;
+        }
+
+        return searchForRule(map, roles, part);
+    }
+
+    /**
+     * Search for rule. Searches the specified access map to see if any of the roles specified have
+     * access to perform the specified action on the specified Class.
+     *
+     * @param map
+     *      the map containing access rules
+     * @param roles
+     *      the roles used to determine access level
+     * @param clazz
+     *      the Class being requested for access
+     * @param action
+     *         the action the User has asked to perform
+     *
+     * @return
+     *         the rule that allows the specified roles access to perform the requested action on the specified Class, or null if access is not granted
+     *
+     */
+    private Rule searchForRule(Map map, Set roles, Class clazz, String action) {
+
+        // Check for exact match - ignore any ending slash
+        Rule rule = (Rule) map.get(clazz);
+        if( ( rule != null ) && ( overlap(rule.actions, action) ) && ( overlap(rule.roles, roles) )){
+            return rule;
+        }
+        return null;
+    }
+
+    /**
+     * Return true if there is overlap between the two sets.  This method merely checks to see if
+     * ruleRoles contains any of the roles listed in userRoles.
+     *
+     * @param ruleRoles
+     *      the rule roles
+     * @param userRoles
+     *      the user roles
+     *
+     * @return
+     *         true, if any roles exist in both Sets.  False otherwise.
+     */
+    private boolean overlap(Set ruleRoles, Set userRoles) {
+        if (ruleRoles.contains("any")) {
+            return true;
+        }
+        Iterator i = userRoles.iterator();
+        while (i.hasNext()) {
+            String role = (String) i.next();
+            if (ruleRoles.contains(role)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * This method merely checks to see if ruleActions contains the action requested.
+     *
+     * @param ruleActions
+     *      actions listed for a rule
+     * @param action
+     *      the action requested that will be searched for in ruleActions
+     *
+     * @return
+     *         true, if any action exists in ruleActions.  False otherwise.
+     */
+    private boolean overlap( List ruleActions, String action){
+        if( ruleActions.contains(action) )
+            return true;
+        return false;
+    }
+
+    /**
+     * Checks that the roles passed in contain only letters, numbers, and underscores.  Also checks that
+     * roles are no more than 10 characters long.  If a role does not pass validation, it is not included in the
+     * list of roles returned by this method.  A log warning is also generated for any invalid roles.
+     *
+     * @param roles
+     *         roles to validate according to criteria started above
+     * @return
+     *         a List of roles that are valid according to the criteria stated above.
+     *
+     */
+    private List validateRoles(List roles){
+        List ret = new ArrayList();
+        for(int x = 0; x < roles.size(); x++){
+            String canonical = ESAPI.encoder().canonicalize(((String)roles.get(x)).trim());
+
+            if(!ESAPI.validator().isValidInput("Validating user roles in FileBasedAccessController", canonical, "RoleName", 20, false)) {
+                logger.warning( Logger.SECURITY_FAILURE, "Role: " + ((String)roles.get(x)).trim() + " is invalid, so was not added to the list of roles for this Rule.");
+            } else {
+                ret.add(canonical.trim());
+            }
+        }
+        return ret;
+    }
+
+    /**
+     * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
+     * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
+     * are split by the pipe character ('|').  The method loads all paths, replacing '\' characters with '/' for uniformity then loads
+     * the list of comma separated roles. The roles are validated to be sure they are within a
+     * length and character set, specified in the validateRoles(String) method.  Then the permissions are stored for each item in the rules list.
+     * If the word "allow" appears on the line, the specified roles are granted access to the data - otherwise, they will be denied access.
+     *
+     * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored.
+     *
+     * @param ruleset
+     *      the name of the data that contains access rules
+     *
+     * @return
+     *         a hash map containing the ruleset
+     */
+    private Map loadRules(String ruleset) {
+        ruleset = "fbac-policies/" + ruleset;
+        Map map = new HashMap();
+        InputStream is = null;
+        try {
+            is = ESAPI.securityConfiguration().getResourceStream(ruleset);
+            String line = "";
+            while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
+                if (line.length() > 0 && line.charAt(0) != '#') {
+                    Rule rule = new Rule();
+                    String[] parts = line.split("\\|");
+                    // fix Windows paths
+                    rule.path = parts[0].trim().replaceAll("\\\\", "/");
+
+                    List roles = commaSplit(parts[1].trim().toLowerCase());
+                    roles = validateRoles(roles);
+                    for(int x = 0; x < roles.size(); x++)
+                        rule.roles.add(((String)roles.get(x)).trim());
+
+                    String action = parts[2].trim();
+                    rule.allow = action.equalsIgnoreCase("allow");
+                    if (map.containsKey(rule.path)) {
+                        logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
+                    } else {
+                        map.put(rule.path, rule);
+                    }
+                }
+            }
+        } catch (Exception e) {
+            logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file: " + ruleset, e );
+        } finally {
+            try {
+                if (is != null) {
+                    is.close();
+                }
+            } catch (IOException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file: " + ruleset, e);
+            }
+        }
+        return map;
+    }
+
+    /**
+     * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
+     * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
+     * are split by the pipe character ('|').  The method then loads all Classes, loads the list of comma separated roles, then the list of comma separated actions.
+     * The roles are validated to be sure they are within a length and character set, specified in the validateRoles(String) method.
+     *
+     * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored.
+     *
+     * @param ruleset
+     *      the name of the data that contains access rules
+     *
+     * @return
+     *         a hash map containing the ruleset
+     */
+    private Map loadDataRules(String ruleset) {
+        Map map = new HashMap();
+        InputStream is = null;
+
+        try {
+            ruleset = "fbac-policies/" + ruleset;
+            is = ESAPI.securityConfiguration().getResourceStream(ruleset);
+            String line = "";
+            while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
+                if (line.length() > 0 && line.charAt(0) != '#') {
+                    Rule rule = new Rule();
+                    String[] parts = line.split("\\|");
+                    rule.clazz = Class.forName(parts[0].trim());
+
+                    List roles = commaSplit(parts[1].trim().toLowerCase());
+                    roles = validateRoles(roles);
+                    for(int x = 0; x < roles.size(); x++)
+                        rule.roles.add(((String)roles.get(x)).trim());
+
+                    List action = commaSplit(parts[2].trim().toLowerCase());
+                    for(int x = 0; x < action.size(); x++)
+                        rule.actions.add(((String) action.get(x)).trim());
+
+                    if (map.containsKey(rule.path)) {
+                        logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
+                    } else {
+                        map.put(rule.clazz, rule);
+                    }
+                }
+            }
+        } catch (Exception e) {
+            logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file : " + ruleset, e );
+        } finally {
+
+            try {
+                if (is != null) {
+                    is.close();
+                }
+            } catch (IOException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file : " + ruleset, e);
+            }
+        }
+        return map;
+    }
+
+    /**
+     * This method splits a String by the ',' and returns the result as a List.
+     *
+     * @param input
+     *         the String to split by ','
+     * @return
+     *         a List where each entry was on either side of a ',' in the original String
+     */
+    private List commaSplit(String input){
+        String[] array = input.split(",");
+        return Arrays.asList(array);
+    }
+
+    /**
+     * The Class Rule.
+     */
+    private class Rule {
+
+
+        protected String path = "";
+
+
+        protected Set roles = new HashSet();
+
+
+        protected boolean allow = false;
+
+
+        protected Class clazz = null;
+
+
+        protected List actions = new ArrayList();
+
+        /**
+         *
+         * Creates a new Rule object.
+         */
+        protected Rule() {
+            // to replace synthetic accessor method
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String toString() {
+            return "URL:" + path + " | " + roles + " | " + (allow ? "allow" : "deny");
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java
index 7de31d940..a0ae77f95 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java
@@ -1,9 +1,9 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.apache.commons.configuration.XMLConfiguration;
-
-
-public interface ACRParameterLoader <T> {
-	public abstract T getParameters(XMLConfiguration config, int currentRule)
-		throws java.lang.Exception; //TODO this exception could be more specific
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.apache.commons.configuration.XMLConfiguration;
+
+
+public interface ACRParameterLoader <T> {
+    public abstract T getParameters(XMLConfiguration config, int currentRule)
+        throws java.lang.Exception; //TODO this exception could be more specific
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java
index 720dcc3cf..d0846fc2a 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java
@@ -1,46 +1,46 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.apache.commons.configuration.XMLConfiguration;
-
-final public class ACRParameterLoaderHelper {
-	
-	public static Object getParameterValue(XMLConfiguration config, int currentRule, int currentParameter, String parameterType) throws Exception {
-		String key = "AccessControlRules.AccessControlRule(" + 
-			currentRule + ").Parameters.Parameter(" + currentParameter + ")[@value]";
-		Object parameterValue;
-		if("String".equalsIgnoreCase(parameterType)) {
-			parameterValue = config.getString(key);
-		} else if("StringArray".equalsIgnoreCase(parameterType)) {
-			parameterValue = config.getStringArray(key);
-		} else if("Boolean".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getBoolean(key);
-		} else if("Byte".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getByte(key);
-		} else if("Int".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getInt(key);
-		} else if("Long".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getLong(key);
-		} else if("Float".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getFloat(key);
-		} else if("Double".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getDouble(key);
-		} else if("BigDecimal".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getBigDecimal(key);
-		} else if("BigInteger".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getBigInteger(key);
-		} else if("Date".equalsIgnoreCase(parameterType)){
-			parameterValue = java.text.DateFormat.getDateInstance().parse(config.getString(key));
-		} else if("Time".equalsIgnoreCase(parameterType)){
-			java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("h:mm a");
-			parameterValue = sdf.parseObject(config.getString(key)); 
-//			parameterValue = java.text.DateFormat.getTimeInstance().parse(config.getString(key));
-		}		
-		//add timestamp. check for other stuff.
-		else {
-			throw new IllegalArgumentException("Unable to load the key \"" + key 
-					+ "\", because " + "the type \"" + parameterType + 
-					"\" was not recognized." );
-		}
-		return parameterValue;
-	}	
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.apache.commons.configuration.XMLConfiguration;
+
+final public class ACRParameterLoaderHelper {
+
+    public static Object getParameterValue(XMLConfiguration config, int currentRule, int currentParameter, String parameterType) throws Exception {
+        String key = "AccessControlRules.AccessControlRule(" +
+            currentRule + ").Parameters.Parameter(" + currentParameter + ")[@value]";
+        Object parameterValue;
+        if("String".equalsIgnoreCase(parameterType)) {
+            parameterValue = config.getString(key);
+        } else if("StringArray".equalsIgnoreCase(parameterType)) {
+            parameterValue = config.getStringArray(key);
+        } else if("Boolean".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getBoolean(key);
+        } else if("Byte".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getByte(key);
+        } else if("Int".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getInt(key);
+        } else if("Long".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getLong(key);
+        } else if("Float".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getFloat(key);
+        } else if("Double".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getDouble(key);
+        } else if("BigDecimal".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getBigDecimal(key);
+        } else if("BigInteger".equalsIgnoreCase(parameterType)){
+            parameterValue = config.getBigInteger(key);
+        } else if("Date".equalsIgnoreCase(parameterType)){
+            parameterValue = java.text.DateFormat.getDateInstance().parse(config.getString(key));
+        } else if("Time".equalsIgnoreCase(parameterType)){
+            java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("h:mm a");
+            parameterValue = sdf.parseObject(config.getString(key));
+//            parameterValue = java.text.DateFormat.getTimeInstance().parse(config.getString(key));
+        }
+        //add timestamp. check for other stuff.
+        else {
+            throw new IllegalArgumentException("Unable to load the key \"" + key
+                    + "\", because " + "the type \"" + parameterType +
+                    "\" was not recognized." );
+        }
+        return parameterValue;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java
index d0ce3615c..9a7f5955b 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java
@@ -1,99 +1,99 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import java.io.File;
-import java.util.Collection;
-
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.commons.configuration.XMLConfiguration;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AccessControlException;
-
-final public class ACRPolicyFileLoader {
-	protected final Logger logger = ESAPI.getLogger("ACRPolicyFileLoader");
-	
-	public PolicyDTO load() throws AccessControlException {
-		PolicyDTO policyDTO = new PolicyDTO();
-		XMLConfiguration config;
-		File file = ESAPI.securityConfiguration().getResourceFile("ESAPI-AccessControlPolicy.xml"); 
-		try
-		{
-		    config = new XMLConfiguration(file);		    
-		}
-		catch(ConfigurationException cex)
-		{
-			if(file == null) {
-				throw new AccessControlException("Unable to load configuration file for the following: " + "ESAPI-AccessControlPolicy.xml", "", cex);
-			}
-		    throw new AccessControlException("Unable to load configuration file from the following location: " + file.getAbsolutePath(), "", cex);
-		} 
-
-		Object property = config.getProperty("AccessControlRules.AccessControlRule[@name]");
-		logger.info(Logger.EVENT_SUCCESS, "Loading Property: " + property);
-		int numberOfRules = 0;
-		if(property instanceof Collection) {
-			numberOfRules = ((Collection)property).size();
-		} //implied else property == null -> return new PolicyDTO
-				 
-		String ruleName = "";
-		String ruleClass = "";
-		Object rulePolicyParameter = null;
-		int currentRule = 0;
-	    try {	    	
-	    	logger.info(Logger.EVENT_SUCCESS, "Number of rules: " + numberOfRules);
-			for(currentRule = 0; currentRule < numberOfRules; currentRule++) {
-				logger.trace(Logger.EVENT_SUCCESS, "----");
-				ruleName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@name]");
-				logger.trace(Logger.EVENT_SUCCESS, "Rule name: " + ruleName);
-				ruleClass = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@class]");
-				logger.trace(Logger.EVENT_SUCCESS, "Rule Class: " + ruleClass);
-				rulePolicyParameter = getPolicyParameter(config, currentRule);
-				logger.trace(Logger.EVENT_SUCCESS, "rulePolicyParameters: " + rulePolicyParameter);
-				policyDTO.addAccessControlRule(
-						ruleName,
-						ruleClass,
-						rulePolicyParameter);		    	
-			}
-			logger.info(Logger.EVENT_SUCCESS, "policyDTO loaded: " + policyDTO);
-		} catch (Exception e) {
-			throw new AccessControlException("Unable to load AccessControlRule parameter. " + 
-					" Rule number: " + currentRule + 
-					" Probably: Rule.name: " + ruleName +
-					" Probably: Rule.class: " + ruleClass +
-					e.getMessage(), "", e);
-		}
-		return policyDTO;
-	}
-
-	protected Object getPolicyParameter(XMLConfiguration config, int currentRule)
-		throws ClassNotFoundException, IllegalAccessException, InstantiationException, Exception {
-		//If there aren't any properties: short circuit and return null.
-//		Properties tempParameters = config.getProperties("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
-		Object property = config.getProperty("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
-		if(property == null) {
-			return null;
-		}
-		
-		int numberOfProperties = 0;		
-		if(property instanceof Collection) {
-			numberOfProperties = ((Collection)property).size(); 
-		} else {
-			numberOfProperties = 1;
-		}
-		logger.info(Logger.EVENT_SUCCESS, "Number of properties: " + numberOfProperties);
-		
-		if(numberOfProperties < 1) {
-			return null;
-		}
-		String parametersLoaderClassName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters[@parametersLoader]");
-		if("".equals(parametersLoaderClassName) || parametersLoaderClassName == null) {
-			//this default should have a properties file override option
-			parametersLoaderClassName = "org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader";
-		}
-		logger.info(Logger.EVENT_SUCCESS, "Parameters Loader:" + parametersLoaderClassName);
-		ACRParameterLoader acrParamaterLoader = 
-			(ACRParameterLoader)
-			Class.forName(parametersLoaderClassName).newInstance();
-		return acrParamaterLoader.getParameters(config, currentRule);		
-	}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import java.io.File;
+import java.util.Collection;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AccessControlException;
+
+final public class ACRPolicyFileLoader {
+    protected final Logger logger = ESAPI.getLogger("ACRPolicyFileLoader");
+
+    public PolicyDTO load() throws AccessControlException {
+        PolicyDTO policyDTO = new PolicyDTO();
+        XMLConfiguration config;
+        File file = ESAPI.securityConfiguration().getResourceFile("ESAPI-AccessControlPolicy.xml");
+        try
+        {
+            config = new XMLConfiguration(file);
+        }
+        catch(ConfigurationException cex)
+        {
+            if(file == null) {
+                throw new AccessControlException("Unable to load configuration file for the following: " + "ESAPI-AccessControlPolicy.xml", "", cex);
+            }
+            throw new AccessControlException("Unable to load configuration file from the following location: " + file.getAbsolutePath(), "", cex);
+        }
+
+        Object property = config.getProperty("AccessControlRules.AccessControlRule[@name]");
+        logger.info(Logger.EVENT_SUCCESS, "Loading Property: " + property);
+        int numberOfRules = 0;
+        if(property instanceof Collection) {
+            numberOfRules = ((Collection)property).size();
+        } //implied else property == null -> return new PolicyDTO
+
+        String ruleName = "";
+        String ruleClass = "";
+        Object rulePolicyParameter = null;
+        int currentRule = 0;
+        try {
+            logger.info(Logger.EVENT_SUCCESS, "Number of rules: " + numberOfRules);
+            for(currentRule = 0; currentRule < numberOfRules; currentRule++) {
+                logger.trace(Logger.EVENT_SUCCESS, "----");
+                ruleName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@name]");
+                logger.trace(Logger.EVENT_SUCCESS, "Rule name: " + ruleName);
+                ruleClass = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@class]");
+                logger.trace(Logger.EVENT_SUCCESS, "Rule Class: " + ruleClass);
+                rulePolicyParameter = getPolicyParameter(config, currentRule);
+                logger.trace(Logger.EVENT_SUCCESS, "rulePolicyParameters: " + rulePolicyParameter);
+                policyDTO.addAccessControlRule(
+                        ruleName,
+                        ruleClass,
+                        rulePolicyParameter);
+            }
+            logger.info(Logger.EVENT_SUCCESS, "policyDTO loaded: " + policyDTO);
+        } catch (Exception e) {
+            throw new AccessControlException("Unable to load AccessControlRule parameter. " +
+                    " Rule number: " + currentRule +
+                    " Probably: Rule.name: " + ruleName +
+                    " Probably: Rule.class: " + ruleClass +
+                    e.getMessage(), "", e);
+        }
+        return policyDTO;
+    }
+
+    protected Object getPolicyParameter(XMLConfiguration config, int currentRule)
+        throws ClassNotFoundException, IllegalAccessException, InstantiationException, Exception {
+        //If there aren't any properties: short circuit and return null.
+//        Properties tempParameters = config.getProperties("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
+        Object property = config.getProperty("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
+        if(property == null) {
+            return null;
+        }
+
+        int numberOfProperties = 0;
+        if(property instanceof Collection) {
+            numberOfProperties = ((Collection)property).size();
+        } else {
+            numberOfProperties = 1;
+        }
+        logger.info(Logger.EVENT_SUCCESS, "Number of properties: " + numberOfProperties);
+
+        if(numberOfProperties < 1) {
+            return null;
+        }
+        String parametersLoaderClassName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters[@parametersLoader]");
+        if("".equals(parametersLoaderClassName) || parametersLoaderClassName == null) {
+            //this default should have a properties file override option
+            parametersLoaderClassName = "org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader";
+        }
+        logger.info(Logger.EVENT_SUCCESS, "Parameters Loader:" + parametersLoaderClassName);
+        ACRParameterLoader acrParamaterLoader =
+            (ACRParameterLoader)
+            Class.forName(parametersLoaderClassName).newInstance();
+        return acrParamaterLoader.getParameters(config, currentRule);
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java
index acf7c1096..14174625d 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java
@@ -1,30 +1,30 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.apache.commons.configuration.XMLConfiguration;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
-
-import static org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper.getParameterValue;
-
-final public class DynaBeanACRParameterLoader  
-	implements ACRParameterLoader<DynaBeanACRParameter> {
-	
-	Logger logger = ESAPI.getLogger(this.getClass());
-	
-//	@Override
-	public DynaBeanACRParameter getParameters(XMLConfiguration config, int currentRule) throws java.lang.Exception { //TODO reduce the exception
-		DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
-		int numberOfParameters = config.getList("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]").size();
-		for(int currentParameter = 0; currentParameter < numberOfParameters; currentParameter++) {
-			String parameterName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@name]");
-			String parameterType = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@type]");
-			Object parameterValue = getParameterValue(config, currentRule, currentParameter, parameterType);
-			policyParameter.set(parameterName, parameterValue);
-		}
-		policyParameter.lock(); //This line makes the policyParameter read only. 
-		logger.info(Logger.SECURITY_SUCCESS, "Loaded " + numberOfParameters + 
-				" parameters: " + policyParameter.toString());
-		return policyParameter;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.apache.commons.configuration.XMLConfiguration;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
+
+import static org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper.getParameterValue;
+
+final public class DynaBeanACRParameterLoader
+    implements ACRParameterLoader<DynaBeanACRParameter> {
+
+    Logger logger = ESAPI.getLogger(this.getClass());
+
+//    @Override
+    public DynaBeanACRParameter getParameters(XMLConfiguration config, int currentRule) throws java.lang.Exception { //TODO reduce the exception
+        DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
+        int numberOfParameters = config.getList("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]").size();
+        for(int currentParameter = 0; currentParameter < numberOfParameters; currentParameter++) {
+            String parameterName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@name]");
+            String parameterType = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@type]");
+            Object parameterValue = getParameterValue(config, currentRule, currentParameter, parameterType);
+            policyParameter.set(parameterName, parameterValue);
+        }
+        policyParameter.lock(); //This line makes the policyParameter read only.
+        logger.info(Logger.SECURITY_SUCCESS, "Loaded " + numberOfParameters +
+                " parameters: " + policyParameter.toString());
+        return policyParameter;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java
index ad35cefb4..f30919c71 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java
@@ -1,15 +1,15 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.owasp.esapi.reference.accesscontrol.BaseACR;
-import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
-
-//public class EchoDynaBeanPolicyParameterACR extends BaseDynaBeanACR {
-public class EchoDynaBeanPolicyParameterACR extends BaseACR<DynaBeanACRParameter, Object> {
-	/**
-	 * Returns true if runtimeParameter is a Boolean true.
-	 * throws ClassCastException if runtimeParameter is not a Boolean.
-	 */
-	public boolean isAuthorized(Object runtimeParameter) throws ClassCastException{		
-		return getPolicyParameters().getBoolean("isTrue");
-	}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.owasp.esapi.reference.accesscontrol.BaseACR;
+import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
+
+//public class EchoDynaBeanPolicyParameterACR extends BaseDynaBeanACR {
+public class EchoDynaBeanPolicyParameterACR extends BaseACR<DynaBeanACRParameter, Object> {
+    /**
+     * Returns true if runtimeParameter is a Boolean true.
+     * throws ClassCastException if runtimeParameter is not a Boolean.
+     */
+    public boolean isAuthorized(Object runtimeParameter) throws ClassCastException{
+        return getPolicyParameters().getBoolean("isTrue");
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java
index 78b5f61d5..7be99150b 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java
@@ -1,55 +1,55 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import java.lang.reflect.Constructor;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.owasp.esapi.AccessControlRule;
-import org.owasp.esapi.errors.AccessControlException;
-
-/**
- * The point of the loaders is to create this
- * @author Mike H. Fauzy
- *
- */
-final public class PolicyDTO {
-	private Map accessControlRules;
-
-	public PolicyDTO() {
-		this.accessControlRules = new HashMap();
-	}
-	
-	public Map getAccessControlRules() {
-		return accessControlRules;
-	}
-
-	public void addAccessControlRule(String key, String accessControlRuleClassName,
-			Object policyParameter) throws AccessControlException {
-		if (accessControlRules.get(key) != null) {
-			throw new AccessControlException("Duplicate keys are not allowed. "
-					+ "Key: " + key, "");
-		}
-		Constructor accessControlRuleConstructor;
-		try {
-			
-			
-			Class accessControlRuleClass = Class.forName(accessControlRuleClassName, false, this.getClass().getClassLoader());
-			accessControlRuleConstructor = accessControlRuleClass
-					.getConstructor();
-			AccessControlRule accessControlRule = 
-				(AccessControlRule) accessControlRuleConstructor
-					.newInstance();
-			accessControlRule.setPolicyParameters(policyParameter);
-			accessControlRules.put(key, accessControlRule);
-		} catch (Exception e) {
-			throw new AccessControlException(
-					"Unable to create Access Control Rule for key: \"" + key
-							+ "\" with policyParameters: \"" + policyParameter + "\"",
-					"", 
-					e);
-		}
-	}
-	public String toString() {
-		return accessControlRules.toString();
-	}
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import java.lang.reflect.Constructor;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.owasp.esapi.AccessControlRule;
+import org.owasp.esapi.errors.AccessControlException;
+
+/**
+ * The point of the loaders is to create this
+ * @author Mike H. Fauzy
+ *
+ */
+final public class PolicyDTO {
+    private Map accessControlRules;
+
+    public PolicyDTO() {
+        this.accessControlRules = new HashMap();
+    }
+
+    public Map getAccessControlRules() {
+        return accessControlRules;
+    }
+
+    public void addAccessControlRule(String key, String accessControlRuleClassName,
+            Object policyParameter) throws AccessControlException {
+        if (accessControlRules.get(key) != null) {
+            throw new AccessControlException("Duplicate keys are not allowed. "
+                    + "Key: " + key, "");
+        }
+        Constructor accessControlRuleConstructor;
+        try {
+
+
+            Class accessControlRuleClass = Class.forName(accessControlRuleClassName, false, this.getClass().getClassLoader());
+            accessControlRuleConstructor = accessControlRuleClass
+                    .getConstructor();
+            AccessControlRule accessControlRule =
+                (AccessControlRule) accessControlRuleConstructor
+                    .newInstance();
+            accessControlRule.setPolicyParameters(policyParameter);
+            accessControlRules.put(key, accessControlRule);
+        } catch (Exception e) {
+            throw new AccessControlException(
+                    "Unable to create Access Control Rule for key: \"" + key
+                            + "\" with policyParameters: \"" + policyParameter + "\"",
+                    "",
+                    e);
+        }
+    }
+    public String toString() {
+        return accessControlRules.toString();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
index 0bcbe8570..65175f878 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
@@ -1,42 +1,42 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-public interface PolicyParameters {
-
-	/**
-	 * Follows the contract for java.util.Map;
-	 * @param key
-	 * @return
-	 * @see java.util.Map
-	 */
-	public abstract Object get(String key);
-
-	/**
-	 * This works just like a Map, except it will throw an exception if lock()
-	 * has been called. 
-	 * @param key
-	 * @param value
-	 * @throws IllegalArgumentException if this DynaBeanACRParameter instance 
-	 * has already been locked.
-	 */
-	public abstract void set(String key, Object value)
-			throws IllegalArgumentException;
-
-	/**
-	 * This is a convenience method for developers that prefer to think of this
-	 * as a map instead of being bean-like. 
-	 * 
-	 * @see set(String, Object)
-	 */
-	public abstract void put(String key, Object value)
-			throws IllegalArgumentException;
-
-	/**
-	 * This makes the map itself read only, but the mutability of objects 
-	 * that this map contains is not affected. Specifically, properties 
-	 * cannot be added or removed and the reference cannot be changed to 
-	 * a different object, but this does not change whether the values that the 
-	 * object contains can be changed.
-	 */
-	public abstract void lock();
-	
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+public interface PolicyParameters {
+
+    /**
+     * Follows the contract for java.util.Map;
+     * @param key
+     * @return The Object referred to by this key, if it exists.
+     * @see java.util.Map
+     */
+    public abstract Object get(String key);
+
+    /**
+     * This works just like a Map, except it will throw an exception if lock()
+     * has been called.
+     * @param key
+     * @param value
+     * @throws IllegalArgumentException if this DynaBeanACRParameter instance
+     * has already been locked.
+     */
+    public abstract void set(String key, Object value)
+            throws IllegalArgumentException;
+
+    /**
+     * This is a convenience method for developers that prefer to think of this
+     * as a map instead of being bean-like.
+     *
+     * @see #set(String, Object)
+     */
+    public abstract void put(String key, Object value)
+            throws IllegalArgumentException;
+
+    /**
+     * This makes the map itself read only, but the mutability of objects
+     * that this map contains is not affected. Specifically, properties
+     * cannot be added or removed and the reference cannot be changed to
+     * a different object, but this does not change whether the values that the
+     * object contains can be changed.
+     */
+    public abstract void lock();
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
index 4f6d1a381..397088915 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
@@ -1,214 +1,216 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.util.Iterator;
-import java.util.Properties;
-import java.util.Set;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-
-/**
- * Reference implementation of the {@code EncryptedProperties} interface. This
- * implementation wraps a normal properties file, and creates surrogates for the
- * {@code getProperty} and {@code setProperty} methods that perform encryption
- * and decryption based on {@code Encryptor}.
- * <p>
- * A very simple main program is provided that can be used to create an
- * encrypted properties file. A better approach would be to allow unencrypted
- * properties in the file and to encrypt them the first time the file is
- * accessed.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @since June 1, 2007
- * @see org.owasp.esapi.EncryptedProperties
- * @see org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
- */
-public class DefaultEncryptedProperties implements org.owasp.esapi.EncryptedProperties {
-
-	/** The properties. */
-	private final Properties properties = new Properties();
-
-	/** The logger. */
-	private final Logger logger = ESAPI.getLogger("EncryptedProperties");
-
-	/**
-	 * Instantiates a new encrypted properties.
-	 */
-	public DefaultEncryptedProperties() {
-		// hidden
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public synchronized String getProperty(String key) throws EncryptionException {
-	    String[] errorMsgs = new String[] {
-	            ": failed decoding from base64",
-	            ": failed to deserialize properly",
-	            ": failed to decrypt properly"
-	        };
-
-	    int progressMark = 0;
-	    try {
-	        String encryptedValue = properties.getProperty(key);
-
-	        if(encryptedValue==null)
-	            return null;
-
-	        progressMark = 0;
-	        byte[] serializedCiphertext   = ESAPI.encoder().decodeFromBase64(encryptedValue);
-	        progressMark++;
-	        CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(serializedCiphertext);
-	        progressMark++;
-	        PlainText plaintext           = ESAPI.encryptor().decrypt(restoredCipherText);
-	        
-	        return plaintext.toString();
-	    } catch (Exception e) {
-	        throw new EncryptionException("Property retrieval failure",
-	                                      "Couldn't retrieve encrypted property for property " + key +
-	                                      errorMsgs[progressMark], e);
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public synchronized String setProperty(String key, String value) throws EncryptionException {
-	    String[] errorMsgs = new String[] {
-	            ": failed to encrypt properly",
-	            ": failed to serialize correctly",
-	            ": failed to base64-encode properly",
-	            ": failed to set base64-encoded value as property. Illegal key name?"
-	    };
-
-	    int progressMark = 0;
-	    try {
-	        if ( key == null ) {
-	            throw new NullPointerException("Property name may not be null.");
-	        }
-	        if ( value == null ) {
-	            throw new NullPointerException("Property value may not be null.");
-	        }
-	        // NOTE: Not backward compatible w/ ESAPI 1.4.
-	        PlainText pt = new PlainText(value);
-	        CipherText ct = ESAPI.encryptor().encrypt(pt);
-	        progressMark++;
-	        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
-	        progressMark++;
-	        String b64str = ESAPI.encoder().encodeForBase64(serializedCiphertext, false);
-	        progressMark++;
-	        String encryptedValue = (String)properties.setProperty(key, b64str);
-	        progressMark++;
-	        return encryptedValue;
-	    } catch (Exception e) {
-	        throw new EncryptionException("Property setting failure",
-	                                      "Couldn't set encrypted property " + key +
-	                                      errorMsgs[progressMark], e);
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Set<?> keySet() {
-		return properties.keySet();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void load(InputStream in) throws IOException {
-		properties.load(in);
-		logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void store(OutputStream out, String comments) throws IOException {
-		properties.store(out, comments);
-	}
-
-	/**
-	 * Loads encrypted properties file based on the location passed in args then prompts the 
-	 * user to input key-value pairs.  When the user enters a null or blank key, the values 
-	 * are stored to the properties file.
-	 * 
-	 * @param args
-	 *            the location of the properties file to load and write to
-	 * 
-	 * @throws Exception
-	 *             Any exception thrown
-	 * @deprecated Use {@code EncryptedPropertiesUtils} instead, which allows creating, reading,
-	 *			   and writing encrypted properties.
-	 */
-	public static void main(String[] args) throws Exception {
-		File f = new File(args[0]);
-		ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Loading encrypted properties from " + f.getAbsolutePath() );
-		if ( !f.exists() ) throw new IOException( "Properties file not found: " + f.getAbsolutePath() );
-		ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Encrypted properties found in " + f.getAbsolutePath() );
-		DefaultEncryptedProperties ep = new DefaultEncryptedProperties();
-
-		FileInputStream in = null;
-		FileOutputStream out = null;
-		try {
-    		in = new FileInputStream(f);
-            out = new FileOutputStream(f);
-
-            ep.load(in);   
-    		BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
-    		String key = null;
-    		do {
-    			System.out.print("Enter key: ");
-    			key = br.readLine();
-    			System.out.print("Enter value: ");
-    			String value = br.readLine();
-    			if (key != null && key.length() > 0 && value != null && value.length() > 0) {
-    				ep.setProperty(key, value);
-    			}
-    		} while (key != null && key.length() > 0);
-    		ep.store(out, "Encrypted Properties File");
-		} finally {
-		    // FindBugs and PMD both complain about these next lines, that they may
-		    // ignore thrown exceptions. Really!!! That's the whole point.
-    		try { if ( in != null ) in.close(); } catch( Exception e ) {}
-    		try { if ( out != null ) out.close(); } catch( Exception e ) {}
-		}
-		
-		Iterator<?> i = ep.keySet().iterator();
-		while (i.hasNext()) {
-			String k = (String) i.next();
-			String value = ep.getProperty(k);
-			System.out.println("   " + k + "=" + value);
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Set;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+
+/**
+ * Reference implementation of the {@code EncryptedProperties} interface. This
+ * implementation wraps a normal properties file, and creates surrogates for the
+ * {@code getProperty} and {@code setProperty} methods that perform encryption
+ * and decryption based on {@code Encryptor}.
+ * <p>
+ * A very simple main program is provided that can be used to create an
+ * encrypted properties file. A better approach would be to allow unencrypted
+ * properties in the file and to encrypt them the first time the file is
+ * accessed.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @since June 1, 2007
+ * @see org.owasp.esapi.EncryptedProperties
+ * @see org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
+ */
+public class DefaultEncryptedProperties implements org.owasp.esapi.EncryptedProperties {
+
+    /** The properties. */
+    private final Properties properties = new Properties();
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger("EncryptedProperties");
+
+    /**
+     * Instantiates a new encrypted properties.
+     */
+    public DefaultEncryptedProperties() {
+        // hidden
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized String getProperty(String key) throws EncryptionException {
+        String[] errorMsgs = new String[] {
+                ": failed decoding from base64",
+                ": failed to deserialize properly",
+                ": failed to decrypt properly"
+            };
+
+        int progressMark = 0;
+        try {
+            String encryptedValue = properties.getProperty(key);
+
+            if(encryptedValue==null)
+                return null;
+
+            progressMark = 0;
+            byte[] serializedCiphertext   = ESAPI.encoder().decodeFromBase64(encryptedValue);
+            progressMark++;
+            CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(serializedCiphertext);
+            progressMark++;
+            PlainText plaintext           = ESAPI.encryptor().decrypt(restoredCipherText);
+
+            return plaintext.toString();
+        } catch (Exception e) {
+            throw new EncryptionException("Property retrieval failure",
+                                          "Couldn't retrieve encrypted property for property " + key +
+                                          errorMsgs[progressMark], e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized String setProperty(String key, String value) throws EncryptionException {
+        String[] errorMsgs = new String[] {
+                ": failed to encrypt properly",
+                ": failed to serialize correctly",
+                ": failed to base64-encode properly",
+                ": failed to set base64-encoded value as property. Illegal key name?"
+        };
+
+        int progressMark = 0;
+        try {
+            if ( key == null ) {
+                throw new NullPointerException("Property name may not be null.");
+            }
+            if ( value == null ) {
+                throw new NullPointerException("Property value may not be null.");
+            }
+            // NOTE: Not backward compatible w/ ESAPI 1.4.
+            PlainText pt = new PlainText(value);
+            CipherText ct = ESAPI.encryptor().encrypt(pt);
+            progressMark++;
+            byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
+            progressMark++;
+            String b64str = ESAPI.encoder().encodeForBase64(serializedCiphertext, false);
+            progressMark++;
+            String encryptedValue = (String)properties.setProperty(key, b64str);
+            progressMark++;
+            return encryptedValue;
+        } catch (Exception e) {
+            throw new EncryptionException("Property setting failure",
+                                          "Couldn't set encrypted property " + key +
+                                          errorMsgs[progressMark], e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Set<?> keySet() {
+        return properties.keySet();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void load(InputStream in) throws IOException {
+        properties.load(in);
+        logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void store(OutputStream out, String comments) throws IOException {
+        properties.store(out, comments);
+    }
+
+    /**
+     * Loads encrypted properties file based on the location passed in args then prompts the
+     * user to input key-value pairs.  When the user enters a null or blank key, the values
+     * are stored to the properties file.
+     *
+     * @param args
+     *            the location of the properties file to load and write to
+     *
+     * @throws Exception
+     *             Any exception thrown
+     * @deprecated Use {@code EncryptedPropertiesUtils} instead, which allows creating, reading,
+     *               and writing encrypted properties. {@code main} method will be removed in a
+     *               future release.
+     */
+    @Deprecated
+    public static void main(String[] args) throws Exception {
+        File f = new File(args[0]);
+        ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Loading encrypted properties from " + f.getAbsolutePath() );
+        if ( !f.exists() ) throw new IOException( "Properties file not found: " + f.getAbsolutePath() );
+        ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Encrypted properties found in " + f.getAbsolutePath() );
+        DefaultEncryptedProperties ep = new DefaultEncryptedProperties();
+
+        FileInputStream in = null;
+        FileOutputStream out = null;
+        try {
+            in = new FileInputStream(f);
+            out = new FileOutputStream(f);
+
+            ep.load(in);
+            BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
+            String key = null;
+            do {
+                System.out.print("Enter key: ");
+                key = br.readLine();
+                System.out.print("Enter value: ");
+                String value = br.readLine();
+                if (key != null && key.length() > 0 && value != null && value.length() > 0) {
+                    ep.setProperty(key, value);
+                }
+            } while (key != null && key.length() > 0);
+            ep.store(out, "Encrypted Properties File");
+        } finally {
+            // FindBugs and PMD both complain about these next lines, that they may
+            // ignore thrown exceptions. Really!!! That's the whole point.
+            try { if ( in != null ) in.close(); } catch( Exception e ) {}
+            try { if ( out != null ) out.close(); } catch( Exception e ) {}
+        }
+
+        Iterator<?> i = ep.keySet().iterator();
+        while (i.hasNext()) {
+            String k = (String) i.next();
+            String value = ep.getProperty(k);
+            System.out.println("   " + k + "=" + value);
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java b/src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java
index cb1d512d0..dee385ff1 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java
@@ -17,8 +17,8 @@
  * <p>
  * Usage:<br/>
  * <code>
- *    java org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils [--in file] [--out file] 
- *			[--in-encrypted true|false] [--verbose true|false]
+ *    java org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils [--in file] [--out file]
+ *            [--in-encrypted true|false] [--verbose true|false]
  * </code>
  * <p>
  * Command line parameters:<br/>
@@ -36,177 +36,177 @@
  */
 public class EncryptedPropertiesUtils {
 
-	/**
-	 * Loads encrypted or plaintext properties file based on the location passed in args
-	 * then prompts the user to input key-value pairs.  When the user enters a null or
-	 * blank key, the values are stored to the properties file.
-	 *
-	 * @throws Exception Any exception thrown
-	 */
-	public static void main(String[] args) throws Exception {
-
-		//command line options
-		String inFile = null;
-		String outFile = null;
-		boolean inFileEncrypted = true;
-		boolean verbose = false;
-
-		//parse command line params
-		for (int i = 0; i < args.length; i = i + 2) {
-			String paramType = args[i];
-
-			if ("--in".equals(paramType) && args.length >= i + 1) {
-				inFile = args[i + 1];
-
-			} else if ("--out".equals(paramType) && args.length >= i + 1) {
-				outFile = args[i + 1];
-
-			} else if ("--in-encrypted".equals(paramType) && args.length >= i + 1) {
-				inFileEncrypted = Boolean.valueOf(args[i + 1]);
-
-			} else if ("--verbose".equals(paramType) && args.length >= i + 1) {
-				verbose = Boolean.valueOf(args[i + 1]);
-			}
-
-		}
-
-		if (outFile == null) {
-			outFile = inFile; //if no output file is specified we will overwrite the input file
-		}
-		if (outFile == null) {
-			//no input or output file specified. Can't continue.
-			System.out.println("You must specify an input file or output file");
-			System.exit(1);
-		}
-
-		//load in existing properties from a file
-		Properties props = loadProperties(inFile, inFileEncrypted);
-
-		//read user input and add keys and values to the property file
-		BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
-		String key = null;
-		do {
-			System.out.print("Enter key: ");
-			key = br.readLine();
-
-			if (props.containsKey(key)) {
-				System.out.print("Key already exists. Replace? ");
-				String confirm = br.readLine();
-				if (!("y".equals(confirm) || "yes".equals(confirm))) {
-					continue;
-				}
-			}
-
-			System.out.print("Enter value: ");
-			String value = br.readLine();
-
-			addProperty(props, key, value);
-
-		} while (key != null && key.length() > 0);
-
-		//save output file
-		storeProperties(outFile, props,
-				"Encrypted Properties File generated by org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils");
-
-		System.out.println("Encrypted Properties file output to " + outFile);
-
-		if (verbose) {
-			for (Object oKey : props.keySet()) {
-				String sKey = (String) oKey;
-				String value = props.getProperty(sKey);
-				System.out.println("   " + sKey + "=" + value);
-			}
-		}
-
-	}
-
-	/**
-	 * Loads a Properties file from a filename. If the filename is unspecified
-	 * or the file could not be found, a new Properties is returned.
-	 *
-	 * @param inFile Filename to load Properties from.
-	 * @param inFileEncrypted If true, the input file is assumed to be already encrypted. Default true.
-	 * @return Either the loaded Properties object or a new one if the file could not be found.
-	 * @throws IOException
-	 */
-	public static Properties loadProperties(String inFile, Boolean inFileEncrypted) throws IOException {
-
-		if (inFileEncrypted == null) inFileEncrypted = true;
-
-		Properties props;
-
-		if (inFile != null) {
-
-			File f = new File(inFile);
-			if (!f.exists()) {
-				System.out.println("Input properties file not found. Creating new.");
-				props = new ReferenceEncryptedProperties();
-
-			} else {
-				String encrypted = inFileEncrypted ? "Encrypted" : "Plaintext";
-				System.out.println(encrypted + " properties found in " + f.getAbsolutePath());
-
-				Properties inProperties;
-				if (inFileEncrypted) {
-					inProperties = new ReferenceEncryptedProperties();
-				} else {
-					inProperties = new Properties();
-				}
-
-				InputStream in = null;
-				try {
-					in = new FileInputStream(f);
-					inProperties.load(in);
-				} finally {
-					try {
-						if (in != null) in.close(); //quietly close the InputStream
-					} catch (Exception e) {}
-				}
-
-				//Use the existing properties
-				props = new ReferenceEncryptedProperties(inProperties);
-			}
-		} else {
-			System.out.println("Input properties file not found. Creating new.");
-			props = new ReferenceEncryptedProperties();
-		}
-
-		return props;
-	}
-
-	/**
-	 * Stores a Properties object to a file.
-	 *
-	 * @param outFile Filename to store to
-	 * @param props Properties to store
-	 * @param message A message to add to the comments in the stored file
-	 * @throws Exception
-	 */
-	public static void storeProperties(String outFile, Properties props, String message) throws Exception {
-		OutputStream out = null;
-		try {
-			out = new FileOutputStream(new File(outFile));
-			props.store(out, message);
-		} finally {
-			try {
-				if (out != null) out.close();  //quietly close OutputStream
-			} catch (Exception e) {}
-		}
-	}
-
-	/**
-	 * Adds a new key-value property to the passed Properties object
-	 *
-	 * @param props The Properties object to add to
-	 * @param key The key to add
-	 * @param value The value to set
-	 * @return The previous value of the property, or null if it is newly added.
-	 */
-	public static Object addProperty(Properties props, String key, String value) {
-		if (props != null && key != null && key.length() > 0 && value != null && value.length() > 0) {
-			return props.setProperty(key, value);
-		}
-		return null;
-	}
-	
+    /**
+     * Loads encrypted or plaintext properties file based on the location passed in args
+     * then prompts the user to input key-value pairs.  When the user enters a null or
+     * blank key, the values are stored to the properties file.
+     *
+     * @throws Exception Any exception thrown
+     */
+    public static void main(String[] args) throws Exception {
+
+        //command line options
+        String inFile = null;
+        String outFile = null;
+        boolean inFileEncrypted = true;
+        boolean verbose = false;
+
+        //parse command line params
+        for (int i = 0; i < args.length; i = i + 2) {
+            String paramType = args[i];
+
+            if ("--in".equals(paramType) && args.length >= i + 1) {
+                inFile = args[i + 1];
+
+            } else if ("--out".equals(paramType) && args.length >= i + 1) {
+                outFile = args[i + 1];
+
+            } else if ("--in-encrypted".equals(paramType) && args.length >= i + 1) {
+                inFileEncrypted = Boolean.valueOf(args[i + 1]);
+
+            } else if ("--verbose".equals(paramType) && args.length >= i + 1) {
+                verbose = Boolean.valueOf(args[i + 1]);
+            }
+
+        }
+
+        if (outFile == null) {
+            outFile = inFile; //if no output file is specified we will overwrite the input file
+        }
+        if (outFile == null) {
+            //no input or output file specified. Can't continue.
+            System.out.println("You must specify an input file or output file");
+            System.exit(1);
+        }
+
+        //load in existing properties from a file
+        Properties props = loadProperties(inFile, inFileEncrypted);
+
+        //read user input and add keys and values to the property file
+        BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
+        String key = null;
+        do {
+            System.out.print("Enter key: ");
+            key = br.readLine();
+
+            if (props.containsKey(key)) {
+                System.out.print("Key already exists. Replace? ");
+                String confirm = br.readLine();
+                if (!("y".equals(confirm) || "yes".equals(confirm))) {
+                    continue;
+                }
+            }
+
+            System.out.print("Enter value: ");
+            String value = br.readLine();
+
+            addProperty(props, key, value);
+
+        } while (key != null && key.length() > 0);
+
+        //save output file
+        storeProperties(outFile, props,
+                "Encrypted Properties File generated by org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils");
+
+        System.out.println("Encrypted Properties file output to " + outFile);
+
+        if (verbose) {
+            for (Object oKey : props.keySet()) {
+                String sKey = (String) oKey;
+                String value = props.getProperty(sKey);
+                System.out.println("   " + sKey + "=" + value);
+            }
+        }
+
+    }
+
+    /**
+     * Loads a Properties file from a filename. If the filename is unspecified
+     * or the file could not be found, a new Properties is returned.
+     *
+     * @param inFile Filename to load Properties from.
+     * @param inFileEncrypted If true, the input file is assumed to be already encrypted. Default true.
+     * @return Either the loaded Properties object or a new one if the file could not be found.
+     * @throws IOException
+     */
+    public static Properties loadProperties(String inFile, Boolean inFileEncrypted) throws IOException {
+
+        if (inFileEncrypted == null) inFileEncrypted = true;
+
+        Properties props;
+
+        if (inFile != null) {
+
+            File f = new File(inFile);
+            if (!f.exists()) {
+                System.out.println("Input properties file not found. Creating new.");
+                props = new ReferenceEncryptedProperties();
+
+            } else {
+                String encrypted = inFileEncrypted ? "Encrypted" : "Plaintext";
+                System.out.println(encrypted + " properties found in " + f.getAbsolutePath());
+
+                Properties inProperties;
+                if (inFileEncrypted) {
+                    inProperties = new ReferenceEncryptedProperties();
+                } else {
+                    inProperties = new Properties();
+                }
+
+                InputStream in = null;
+                try {
+                    in = new FileInputStream(f);
+                    inProperties.load(in);
+                } finally {
+                    try {
+                        if (in != null) in.close(); //quietly close the InputStream
+                    } catch (Exception e) {}
+                }
+
+                //Use the existing properties
+                props = new ReferenceEncryptedProperties(inProperties);
+            }
+        } else {
+            System.out.println("Input properties file not found. Creating new.");
+            props = new ReferenceEncryptedProperties();
+        }
+
+        return props;
+    }
+
+    /**
+     * Stores a Properties object to a file.
+     *
+     * @param outFile Filename to store to
+     * @param props Properties to store
+     * @param message A message to add to the comments in the stored file
+     * @throws Exception
+     */
+    public static void storeProperties(String outFile, Properties props, String message) throws Exception {
+        OutputStream out = null;
+        try {
+            out = new FileOutputStream(new File(outFile));
+            props.store(out, message);
+        } finally {
+            try {
+                if (out != null) out.close();  //quietly close OutputStream
+            } catch (Exception e) {}
+        }
+    }
+
+    /**
+     * Adds a new key-value property to the passed Properties object
+     *
+     * @param props The Properties object to add to
+     * @param key The key to add
+     * @param value The value to set
+     * @return The previous value of the property, or null if it is newly added.
+     */
+    public static Object addProperty(Properties props, String key, String value) {
+        if (props != null && key != null && key.length() > 0 && value != null && value.length() > 0) {
+            return props.setProperty(key, value);
+        }
+        return null;
+    }
+
 }
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index a20c6122f..81ff5b0e5 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -1,1050 +1,1029 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.Map.Entry;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-// import javax.crypto.Mac;			// Uncomment if computeHMAC() is included.
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import javax.crypto.spec.IvParameterSpec;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Encryptor;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.codecs.Hex;
-import org.owasp.esapi.crypto.CipherSpec;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.CryptoHelper;
-import org.owasp.esapi.crypto.KeyDerivationFunction;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.crypto.SecurityProviderLoader;
-import org.owasp.esapi.errors.ConfigurationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
-
-/**
- * Reference implementation of the {@code Encryptor} interface. This implementation
- * layers on the JCE provided cryptographic package. Algorithms used are
- * configurable in the {@code ESAPI.properties} file. The main property
- * controlling the selection of this class is {@code ESAPI.Encryptor}. Most of
- * the other encryption related properties have property names that start with
- * the string "Encryptor.".
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @author Chris Schmidt (chrisisbeef .at. gmail.com)
- * @since June 1, 2007; some methods since ESAPI Java 2.0
- * @see org.owasp.esapi.Encryptor
- */
-public final class JavaEncryptor implements Encryptor {
-    private static volatile Encryptor singletonInstance;
-
-    // Note: This double-check pattern only works because singletonInstance
-    //       is declared to be volatile.  Usually this method is called
-    //       via ESAPI.encryptor() rather than directly.
-    public static Encryptor getInstance() throws EncryptionException {
-        if ( singletonInstance == null ) {
-            synchronized ( JavaEncryptor.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new JavaEncryptor();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    private static boolean initialized = false;
-    
-    // encryption
-    private static SecretKeySpec secretKeySpec = null; // DISCUSS: Why static? Implies one key?!?
-    private static String encryptAlgorithm = "AES";
-    private static String encoding = "UTF-8"; 
-    private static int encryptionKeyLength = 128;
-    
-    // digital signatures
-    private static PrivateKey privateKey = null;
-	private static PublicKey publicKey = null;
-	private static String signatureAlgorithm = "SHA1withDSA";
-    private static String randomAlgorithm = "SHA1PRNG";
-	private static int signatureKeyLength = 1024;
-	
-	// hashing
-	private static String hashAlgorithm = "SHA-512";
-	private static int hashIterations = 1024;
-	
-	// Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
-	//					  this class is first loaded. Is this a big limitation? Since there
-	//                    is no method to reset it, we may has well make it 'final' also.
-	private static Logger logger = ESAPI.getLogger("JavaEncryptor");
-	    // Used to print out warnings about deprecated methods.
-	private static int encryptCounter = 0;
-	private static int decryptCounter = 0;
-        // DISCUSS: OK to not have a property for this to set the frequency?
-        //          The desire is to persuade people to move away from these
-	    //          two deprecated encrypt(String) / decrypt(String) methods,
-        //          so perhaps the annoyance factor of not being able to
-        //          change it will help. For now, it is just hard-coded here.
-        //          We could be mean and just print a warning *every* time.
-	private static final int logEveryNthUse = 25;
-	
-    // *Only* use this string for user messages for EncryptionException when
-    // decryption fails. This is to prevent information leakage that may be
-    // valuable in various forms of ciphertext attacks, such as the
-	// Padded Oracle attack described by Rizzo and Duong.
-    private static final String DECRYPTION_FAILED =
-        "Decryption failed; see logs for details.";
-
-    // # of seconds that all failed decryption attempts will take. Used to
-    // help prevent side-channel timing attacks.
-    private static int N_SECS = 2;
-
-	// Load the preferred JCE provider if one has been specified.
-	static {
-	    try {
-            SecurityProviderLoader.loadESAPIPreferredJCEProvider();
-        } catch (NoSuchProviderException ex) {
-        	// Note that audit logging is done elsewhere in called method.
-            logger.fatal(Logger.SECURITY_FAILURE,
-                         "JavaEncryptor failed to load preferred JCE provider.", ex);
-            throw new ExceptionInInitializerError(ex);
-        }
-        setupAlgorithms();
-	}
-	
-    /**
-     * Generates a new strongly random secret key and salt that can be
-     * copy and pasted in the <b>ESAPI.properties</b> file.
-     * 
-     * @param args Set first argument to "-print" to display available algorithms on standard output.
-     * @throws java.lang.Exception	To cover a multitude of sins, mostly in configuring ESAPI.properties.
-     */
-    public static void main( String[] args ) throws Exception {
-		System.out.println( "Generating a new secret master key" );
-		
-		// print out available ciphers
-		if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
-			System.out.println( "AVAILABLE ALGORITHMS" );
-
-			Provider[] providers = Security.getProviders();
-			TreeMap<String, String> tm = new TreeMap<String, String>();
-			// DISCUSS: Note: We go through multiple providers, yet nowhere do I
-			//			see where we print out the PROVIDER NAME. Not all providers
-			//			will implement the same algorithms and some "partner" with
-			//			whom we are exchanging different cryptographic messages may
-			//			have _different_ providers in their java.security file. So
-			//			it would be useful to know the provider name where each
-			//			algorithm is implemented. Might be good to prepend the provider
-			//			name to the 'key' with something like "providerName: ". Thoughts?
-			for (int i = 0; i != providers.length; i++) {
-				// DISCUSS: Print security provider name here???
-					// Note: For some odd reason, Provider.keySet() returns
-					//		 Set<Object> of the property keys (which are Strings)
-					//		 contained in this provider, but Set<String> seems
-					//		 more appropriate. But that's why we need the cast below.
-	            System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
-				Iterator<Object> it = providers[i].keySet().iterator();
-				while (it.hasNext()) {
-					String key = (String)it.next();
-		            String value = providers[i].getProperty( key );
-		            tm.put(key, value);
-	                System.out.println("\t\t   " + key + " -> "+ value );
-				}
-			}
-
-			Set< Entry<String,String> > keyValueSet = tm.entrySet();
-			Iterator<Entry<String, String>> it = keyValueSet.iterator();
-			while( it.hasNext() ) {
-				Map.Entry<String,String> entry = it.next();
-				String key = entry.getKey();
-				String value = entry.getValue();
-	        	System.out.println( "   " + key + " -> "+ value );
-			}
-		} else {
-				// Used to print a similar line to use '-print' even when it was specified.
-			System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
-		}
-		
-        // setup algorithms -- Each of these have defaults if not set, although
-		//					   someone could set them to something invalid. If
-		//					   so a suitable exception will be thrown and displayed.
-        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-		encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-		randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
-
-		SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
-		SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
-        byte[] raw = secretKey.getEncoded();
-        byte[] salt = new byte[20];	// Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
-        random.nextBytes( salt );
-        String eol = System.getProperty("line.separator", "\n"); // So it works on Windows too.
-        System.out.println( eol + "Copy and paste these lines into your ESAPI.properties" + eol);
-        System.out.println( "#==============================================================");
-        System.out.println( "Encryptor.MasterKey=" + ESAPI.encoder().encodeForBase64(raw, false) );
-        System.out.println( "Encryptor.MasterSalt=" + ESAPI.encoder().encodeForBase64(salt, false) );
-        System.out.println( "#==============================================================" + eol);
-    }
-	
-    
-    /**
-     * Private CTOR for {@code JavaEncryptor}, called by {@code getInstance()}.
-     * @throws EncryptionException if can't construct this object for some reason.
-     * 					Original exception will be attached as the 'cause'.
-     */
-    private JavaEncryptor() throws EncryptionException {
-        byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
-        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
-
-        assert salt != null : "Can't obtain master salt, Encryptor.MasterSalt";
-        assert salt.length >= 16 : "Encryptor.MasterSalt must be at least 16 bytes. " +
-                                   "Length is: " + salt.length + " bytes.";
-        assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
-        assert skey.length >= 7 : "Encryptor.MasterKey must be at least 7 bytes. " +
-                                  "Length is: " + skey.length + " bytes.";
-        
-        // Set up secretKeySpec for use for symmetric encryption and decryption,
-        // and set up the public/private keys for asymmetric encryption /
-        // decryption.
-        // TODO: Note: If we dump ESAPI 1.4 crypto backward compatibility,
-        //       then we probably will ditch the Encryptor.EncryptionAlgorithm
-        //       property. If so, encryptAlgorithm should probably use
-        //       Encryptor.CipherTransformation and just pull off the cipher
-        //       algorithm name so we can use it here.
-        synchronized(JavaEncryptor.class) {
-            if ( ! initialized ) {
-                //
-                // For symmetric encryption
-                //
-                //      NOTE: FindBugs complains about this
-                //            (ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD) but
-                //            it should be OK since it is synchronized and only
-                //            done once. While we could separate this out and
-                //            handle in a static initializer, it just seems to
-                //            fit better here.
-                secretKeySpec = new SecretKeySpec(skey, encryptAlgorithm );
-                
-                //
-                // For asymmetric encryption (i.e., public/private key)
-                //
-                try {
-                    SecureRandom prng = SecureRandom.getInstance(randomAlgorithm);
-
-                    // Because hash() is not static (but it could be were in not
-                    // for the interface method specification in Encryptor), we
-                    // cannot do this initialization in a static method or static
-                    // initializer.
-                    byte[] seed = hash(new String(skey, encoding),new String(salt, encoding)).getBytes(encoding);
-                    prng.setSeed(seed);
-                    initKeyPair(prng);
-                } catch (Exception e) {
-                    throw new EncryptionException("Encryption failure", "Error creating Encryptor", e);
-                }             
-                
-                // Mark everything as initialized.
-                initialized = true;
-            }
-        }
-    }
-     
-
-
-	/**
-     * {@inheritDoc}
-     * 
-	 * Hashes the data with the supplied salt and the number of iterations specified in
-	 * the ESAPI SecurityConfiguration.
-	 */
-	public String hash(String plaintext, String salt) throws EncryptionException {
-		return hash( plaintext, salt, hashIterations );
-	}
-	
-	/**
-     * {@inheritDoc}
-     * 
-	 * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
-	 * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
-	 * in order to help strengthen weak passwords.
-	 */
-	public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
-		byte[] bytes = null;
-		try {
-			MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
-			digest.reset();
-			digest.update(ESAPI.securityConfiguration().getMasterSalt());
-			digest.update(salt.getBytes(encoding));
-			digest.update(plaintext.getBytes(encoding));
-
-			// rehash a number of times to help strengthen weak passwords
-			bytes = digest.digest();
-			for (int i = 0; i < iterations; i++) {
-				digest.reset();
-				bytes = digest.digest(bytes);
-			}
-			String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
-			return encoded;
-		} catch (NoSuchAlgorithmException e) {
-			throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	 public CipherText encrypt(PlainText plaintext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return encrypt(secretKeySpec, plaintext);
-	 }
-	 
-	 /**
-	  * {@inheritDoc}
-	  */
-	 public CipherText encrypt(SecretKey key, PlainText plain)
-	 			throws EncryptionException
-	 {
-		 if ( key == null ) {
-			 throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
-		 }
-		 if ( plain == null ) {
-			 throw new IllegalArgumentException("PlainText may arg not be null");
-		 }
-		 byte[] plaintext = plain.asBytes();
-		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
-
-		 boolean success = false;	// Used in 'finally' clause.
-		 String xform = null;
-		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
-
-		try {
-			 xform = ESAPI.securityConfiguration().getCipherTransformation();
-             String[] parts = xform.split("/");
-             assert parts.length == 3 : "Malformed cipher transformation: " + xform;
-             String cipherMode = parts[1];
-             
-             // This way we can prevent modes like OFB and CFB where the IV should never
-             // be repeated with the same encryption key (at least until we support
-             // Encryptor.ChooseIVMethod=specified and allow us to specify some mechanism
-             // to ensure the IV will never be repeated (such as a time stamp or other
-             // monotonically increasing function).
-             // DISCUSS: Should we include the permitted cipher modes in the exception msg?
-             if ( ! CryptoHelper.isAllowedCipherMode(cipherMode) ) {
-                 throw new EncryptionException("Encryption failure: invalid cipher mode ( " + cipherMode + ") for encryption",
-                             "Encryption failure: Cipher transformation " + xform + " specifies invalid " +
-                             "cipher mode " + cipherMode);
-             }
-             
-			 // Note - Cipher is not thread-safe so we create one locally
-			 //        Also, we need to change this eventually so other algorithms can
-			 //        be supported. Eventually, there will be an encrypt() method that
-			 //        takes a (new class) CryptoControls, as something like this:
-			 //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
-			 //        and this method will just call that one.
-			 Cipher encrypter = Cipher.getInstance(xform);
-			 String cipherAlg = encrypter.getAlgorithm();
-			 int keyLen = ESAPI.securityConfiguration().getEncryptionKeyLength();
-
-			 // DISCUSS: OK, what do we want to do here if keyLen != keySize? If use keyLen, encryption
-			 //		     could fail with an exception, but perhaps that's what we want. Or we may just be
-			 //			 OK with silently using keySize as long as keySize >= keyLen, which then interprets
-			 //			 ESAPI.EncryptionKeyLength as the *minimum* key size, but as long as we have something
-			 //			 stronger it's OK to use it. For now, I am just going to log warning if different, but use
-			 //			 keySize unless keySize is SMALLER than ESAPI.EncryptionKeyLength, in which case I'm going
-			 //			 to log an error.
-			 //
-			 //			 IMPORTANT NOTE:	When we generate key sizes for both DES and DESede the result of
-			 //								SecretKey.getEncoding().length includes the TRUE key size (i.e.,
-			 //								*with* the even parity bits) rather than the EFFECTIVE key size
-			 //								(which incidentally is what KeyGenerator.init() expects for DES
-			 //								and DESede; duh! Nothing like being consistent). This leads to
-			 //								the following dilemma:
-			 //
-			 //													EFFECTIVE Key Size		TRUE Key Size
-			 //													(KeyGenerator.init())	(SecretKey.getEncoding().length)
-			 //									========================================================================
-			 //									For DES:			56 bits					64 bits
-			 //									For DESede:			112 bits / 168 bits		192 bits (always)
-			 //
-			 //								We are trying to automatically determine the key size from SecretKey
-			 //								based on 8 * SecretKey.getEncoding().length, but as you can see, the
-			 //								2 key 3DES and the 3 key 3DES both use the same key size (192 bits)
-			 //								regardless of what is passed to KeyGenerator.init(). There are no advertised
-			 //								methods to get the key size specified by the init() method so I'm not sure how
-			 //								this is actually working internally. However, it does present a problem if we
-			 //								wish to communicate the 3DES key size to a recipient for later decryption as
-			 //								they would not be able to distinguish 2 key 3DES from 3 key 3DES.
-			 //
-			 //								The only workaround I know is to pass the explicit key size down. However, if
-			 //								we are going to do that, I'd propose passing in a CipherSpec object so we could
-			 //								tell what cipher transformation to use as well instead of just the key size. Then
-			 //								we would extract keySize from the CipherSpec object of from the SecretKey object.
-			 //
-			 if ( keySize != keyLen ) {
-				 // DISCUSS: Technically this is not a security "failure" per se, but not really a "success" either.
-				 logger.warning(Logger.SECURITY_FAILURE, "Encryption key length mismatch. ESAPI.EncryptionKeyLength is " +
-						 keyLen + " bits, but length of actual encryption key is " + keySize +
-				 		" bits.  Did you remember to regenerate your master key (if that is what you are using)???");
-			 }
-			 // DISCUSS: Reconsider these warnings. If thousands of encryptions are done in tight loop, no one needs
-			 //          more than 1 warning. Should we do something more intelligent here?
-			 if ( keySize < keyLen ) {
-				 // ESAPI.EncryptionKeyLength defaults to 128, but that means that we could not use DES (as weak as it
-				 // is), even for legacy code. Therefore, this has been changed to simple log a warning rather than
-				 //	throw the following exception.
-				 //				 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
-				 //						  "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits.");
-				 logger.warning(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN specified " +
-						 "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits with cipher algorithm " + cipherAlg);
-			 }
-			 if ( keySize < 112 ) {		// NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
-				 						// Note that 112 bits 'just happens' to be size of 2-key Triple DES!
-				 logger.warning(Logger.SECURITY_FAILURE, "Potentially unsecure encryption. Key size of " + keySize + "bits " +
-				                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
-				                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
-			 }
-			 // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
-			 // They should be the same. If they are different, things could fail. (E.g., DES and DESede
-			 // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
-			 // parity it could fail.)
-			 //
-			 String skeyAlg = key.getAlgorithm();
-			 if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
-				 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
-				 //			 either, but personally I'd prefer the squeaky wheel to the annoying throwing of
-				 //			 a ConfigurationException (which is a RuntimeException). Less likely to upset
-				 //			 the development community.
-				 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
-						 cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
-			 }
-
-			 byte[] ivBytes = null;
-			 CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);	// Could pass the ACTUAL (intended) key size
-			 
-             // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
-             // use the specified SecretKey as-is rather than computing a derived key from it. We also
-             // don't expect a separate MAC in the specified CipherText object so therefore don't try
-             // to validate it.
-             boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( cipherMode );
-             SecretKey encKey = null;
-			 if ( preferredCipherMode ) {
-			     encKey = key;
-			 } else {
-			     encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 				    key, keySize, "encryption");
-			 }
-			 
-			 if ( cipherSpec.requiresIV() ) {
-				 String ivType = ESAPI.securityConfiguration().getIVType();
-				 IvParameterSpec ivSpec = null;
-				 if ( ivType.equalsIgnoreCase("random") ) {
-					 ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
-				 } else if ( ivType.equalsIgnoreCase("fixed") ) {
-					 String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
-					 ivBytes = Hex.decode(fixedIVAsHex);
-					 /* FUTURE		 } else if ( ivType.equalsIgnoreCase("specified")) {
-					 		// FUTURE - TODO  - Create instance of specified class to use for IV generation and
-					 		//					 use it to create the ivBytes. (The intent is to make sure that
-					 		//				     1) IVs are never repeated for cipher modes like OFB and CFB, and
-					 		//					 2) to screen for weak IVs for the particular cipher algorithm.
-					 		//		In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
-					 		//		be repeated unless you are salting SecureRandom with same value each time. Anything
-					 		//		monotonically increasing should be suitable, like a counter, but need to remember
-					 		//		it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
-					 		//		it's not perfect it probably is good enough. Could even all (advanced) developers
-					 		//      to define their own class to create a unique IV to allow them some choice, but
-					 		//      definitely need to provide a safe, default implementation.
-					  */
-				 } else {
-					 // TODO: Update to add 'specified' once that is supported and added above.
-					 throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
-				 }
-				 ivSpec = new IvParameterSpec(ivBytes);
-				 cipherSpec.setIV(ivBytes);
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
-			 } else {
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
-			 byte[] raw = encrypter.doFinal(plaintext);
-                 // Convert to CipherText.
-             CipherText ciphertext = new CipherText(cipherSpec, raw);
-			 
-			 // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
-			 // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
-             // do this when we are not using such a cipher mode.
-			 if ( !preferredCipherMode ) {
-			     // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
-			     SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 							   key, keySize, "authenticity");
-			     ciphertext.computeAndStoreMAC(  authKey );
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
-			 success = true;	// W00t!!!
-			 return ciphertext;
-		} catch (InvalidKeyException ike) {
-			 throw new EncryptionException("Encryption failure: Invalid key exception.",
-					 "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
-					 ike.getMessage(), ike);
-		 } catch (ConfigurationException cex) {
-			 throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
-					 "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
-		 } catch (InvalidAlgorithmParameterException e) {
-			 throw new EncryptionException("Encryption failure (invalid IV)",
-					 "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
-		 } catch (IllegalBlockSizeException e) {
-			 throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
-					 "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
-		 } catch (BadPaddingException e) {
-			 throw new EncryptionException("Encryption failure",
-					 "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
-		 } catch (NoSuchAlgorithmException e) {
-			 throw new EncryptionException("Encryption failure (unavailable cipher requested)",
-					 "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } catch (NoSuchPaddingException e) {
-			 throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
-					 "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } finally {
-			 // Don't overwrite anything in the case of exceptions because they may wish to retry.
-			 if ( success && overwritePlaintext ) {
-				 plain.overwrite();		// Note: Same as overwriting 'plaintext' byte array.
-		}
-	}
-	 }
-
-	/**
-	* {@inheritDoc}
-	*/
-	public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return decrypt(secretKeySpec, ciphertext);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public PlainText decrypt(SecretKey key, CipherText ciphertext)
-	    throws EncryptionException, IllegalArgumentException
-	{
-	    long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
-	    if ( key == null ) {
-	        throw new IllegalArgumentException("SecretKey arg may not be null");
-	    }
-	    if ( ciphertext == null ) {
-	        throw new IllegalArgumentException("Ciphertext may arg not be null");
-	    }
-
-	    if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
-	        // This really should be an illegal argument exception, but it could
-	        // mean that a partner encrypted something using a cipher mode that
-	        // you do not accept, so it's a bit more complex than that. Also
-	        // throwing an IllegalArgumentException doesn't allow us to provide
-	        // the two separate error messages or automatically log it.
-	        throw new EncryptionException(DECRYPTION_FAILED,
-	                "Invalid cipher mode " + ciphertext.getCipherMode() +
-	        " not permitted for decryption or encryption operations.");
-	    }
-	    logger.debug(Logger.EVENT_SUCCESS,
-	            "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
-	            ciphertext);
-
-	    PlainText plaintext = null;
-	    boolean caughtException = false;
-	    int progressMark = 0;
-	    try {
-	        // First we validate the MAC.
-	        boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
-	        if ( !valid ) {
-	            try {
-	                // This is going to fail, but we want the same processing
-	                // to occur as much as possible so as to prevent timing
-	                // attacks. We _could_ just be satisfied by the additional
-	                // sleep in the 'finally' clause, but an attacker on the
-	                // same server who can run something like 'ps' can tell
-	                // CPU time versus when the process is sleeping. Hence we
-	                // try to make this as close as possible. Since we know
-	                // it is going to fail, we ignore the result and ignore
-	                // the (expected) exception.
-	                handleDecryption(key, ciphertext); // Ignore return (should fail).
-	            } catch(Exception ex) {
-	                ;   // Ignore
-	            }
-	            throw new EncryptionException(DECRYPTION_FAILED,
-	                    "Decryption failed because MAC invalid for " +
-	                    ciphertext);
-	        }
-	        progressMark++;
-	        // The decryption only counts if the MAC was valid.
-	        plaintext = handleDecryption(key, ciphertext);
-	        progressMark++;
-	    } catch(EncryptionException ex) {
-	        caughtException = true;
-	        String logMsg = null;
-	        switch( progressMark ) {
-	        case 1:
-	            logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
-	            break;
-	        case 2:
-	            logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
-	            break;
-	        default:
-	            logMsg = "Programming error: unexpected progress mark == " + progressMark;
-	        break;
-	        }
-	        logger.error(Logger.SECURITY_FAILURE, logMsg);
-	        throw ex;           // Re-throw
-	    }
-	    finally {
-	        if ( caughtException ) {
-	            // The rest of this code is to try to account for any minute differences
-	            // in the time it might take for the various reasons that decryption fails
-	            // in order to prevent any other possible timing attacks. Perhaps it is
-	            // going overboard. If nothing else, if N_SECS is large enough, it might
-	            // deter attempted repeated attacks by making them take much longer.
-	            long now = System.nanoTime();
-	            long elapsed = now - start;
-	            final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
-	            long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
-	            if ( elapsed < nSecs ) {
-	                // Want to sleep so total time taken is N seconds.
-	                long extraSleep = nSecs - elapsed;
-
-	                // 'extraSleep' is in nanoseconds. Need to convert to a millisec
-	                // part and nanosec part. Nanosec is 10**-9, millsec is
-	                // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
-	                // convert to from nanoseconds to milliseconds.
-	                long millis = extraSleep / 1000000L;
-	                long nanos  = (extraSleep - (millis * 1000000L));
-	                assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
-                            "Nanosecs out of bounds; nanos = " + nanos;
-	                try {
-	                    Thread.sleep(millis, (int)nanos);
-	                } catch(InterruptedException ex) {
-	                    ;   // Ignore
-	                }
-	            } // Else ... time already exceeds N_SECS sec, so do not sleep.
-	        }
-	    }
-	    return plaintext;
-	}
-
-    // Handle the actual decryption portion. At this point it is assumed that
-    // any MAC has already been validated. (But see "DISCUSS" issue, below.)
-    private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
-        throws EncryptionException
-    {
-        int keySize = 0;
-        try {
-            Cipher decrypter = Cipher.getInstance(ciphertext.getCipherTransformation());
-            keySize = key.getEncoded().length * 8;  // Convert to # bits
-
-            // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
-            // use the specified SecretKey as-is rather than computing a derived key from it. We also
-            // don't expect a separate MAC in the specified CipherText object so therefore don't try
-            // to validate it.
-            boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( ciphertext.getCipherMode() );
-            SecretKey encKey = null;
-            if ( preferredCipherMode ) {
-                encKey = key;
-            } else {
-                // TODO: PERFORMANCE: Calculate avg time this takes and consider caching for very short interval
-                //       (e.g., 2 to 5 sec tops). Otherwise doing lots of encryptions in a loop could take a LOT longer.
-                //       But remember Jon Bentley's "Rule #1 on performance: First make it right, then make it fast."
-            	//		 This would be a security trade-off as it would leave keys in memory a bit longer, so it
-            	//		 should probably be off by default and controlled via a property.
-            	//
-            	// TODO: Feed in some additional parms here to use as the 'context' for the
-            	//		 KeyDerivationFunction...especially the KDF version. We would have to
-            	//		 store that in the CipherText object. We *possibly* could make it
-            	//		 transient so it would not be serialized with the CipherText object,
-            	//		 otherwise we would have to implement readObject() and writeObject()
-            	//		 methods there to support backward compatibility. Anyhow the intent
-            	//		 is to prevent down grade attacks when we finally re-design and
-            	//		 re-implement the MAC. Think about this in version 2.1.1.
-                encKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                    key, keySize, "encryption");
-            }
-            if ( ciphertext.requiresIV() ) {
-                decrypter.init(Cipher.DECRYPT_MODE, encKey, new IvParameterSpec(ciphertext.getIV()));
-            } else {
-                decrypter.init(Cipher.DECRYPT_MODE, encKey);
-            }
-            byte[] output = decrypter.doFinal(ciphertext.getRawCipherText());
-            return new PlainText(output);
-
-        } catch (InvalidKeyException ike) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Must install JCE Unlimited Strength Jurisdiction Policy Files from Sun", ike);
-        } catch (NoSuchAlgorithmException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Invalid algorithm for available JCE providers - " +
-                    ciphertext.getCipherTransformation() + ": " + e.getMessage(), e);
-        } catch (NoSuchPaddingException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Invalid padding scheme (" +
-                    ciphertext.getPaddingScheme() + ") for cipher transformation " + ciphertext.getCipherTransformation() +
-                    ": " + e.getMessage(), e);
-        } catch (InvalidAlgorithmParameterException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
-        } catch (IllegalBlockSizeException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
-        } catch (BadPaddingException e) {
-            //DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
-            //So only way we could get a padding exception is if invalid padding were used originally by
-            //the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
-            //It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
-            //or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
-            //during a code inspection.
-            SecretKey authKey;
-            try {
-                authKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                     key, keySize, "authenticity");
-            } catch (Exception e1) {
-                throw new EncryptionException(DECRYPTION_FAILED,
-                        "Decryption problem -- failed to compute derived key for authenticity: " + e1.getMessage(), e1);
-            }
-            boolean success = ciphertext.validateMAC( authKey );
-            if ( success ) {
-                throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
-            } else {
-                throw new EncryptionException(DECRYPTION_FAILED,
-                        "Decryption problem: WARNING: Adversary may have tampered with " +
-                        "CipherText object orCipherText object mangled in transit: " + e.getMessage(), e);
-            }
-        }
-    }
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public String sign(String data) throws EncryptionException {
-		try {
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initSign(privateKey);
-			signer.update(data.getBytes(encoding));
-			byte[] bytes = signer.sign();
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-		} catch (Exception e) {
-			throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
-		}
-	}
-		
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySignature(String signature, String data) {
-		try {
-			byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initVerify(publicKey);
-			signer.update(data.getBytes(encoding));
-			return signer.verify(bytes);
-		} catch (Exception e) {
-		    // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
-		    // FindBugs complains about this and since it examines byte-code, there's no way to
-		    // shut it up.
-			new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
-			return false;
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-     *
-     * @param expiration
-     * @throws IntegrityException
-     */
-	public String seal(String data, long expiration) throws IntegrityException {
-	    if ( data == null ) {
-	        throw new IllegalArgumentException("Data to be sealed may not be null.");
-	    }
-	    
-		try {
-		    String b64data = null;
-            try {
-                b64data = ESAPI.encoder().encodeForBase64(data.getBytes("UTF-8"), false);
-            } catch (UnsupportedEncodingException e) {
-                ; // Ignore; should never happen since UTF-8 built into rt.jar
-            }
-			// mix in some random data so even identical data and timestamp produces different seals
-			String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
-			String plaintext = expiration + ":" + nonce + ":" + b64data;
-			// add integrity check; signature is already base64 encoded.
-			String sig = this.sign( plaintext );
-			CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
-			String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
-			return sealedData;
-		} catch( EncryptionException e ) {
-			throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public String unseal(String seal) throws EncryptionException {
-		PlainText plaintext = null;
-		try {
-		    byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
-		    CipherText cipherText = null;
-		    try {
-		        cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
-		    } catch( AssertionError e) {
-	            // Some of the tests in EncryptorTest.testVerifySeal() are examples of
-		        // this if assertions are enabled.
-		        throw new EncryptionException("Invalid seal",
-	                                          "Seal passed garbarge data resulting in AssertionError: " + e);
-	        }
-			plaintext = this.decrypt(cipherText);
-
-			String[] parts = plaintext.toString().split(":");
-			if (parts.length != 4) {
-				throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
-			}
-	
-			String timestring = parts[0];
-			long now = new Date().getTime();
-			long expiration = Long.parseLong(timestring);
-			if (now > expiration) {
-				throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
-			}
-			String nonce = parts[1];
-			String b64data = parts[2];
-			String sig = parts[3];
-			if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
-				throw new EncryptionException("Invalid seal", "Seal integrity check failed");
-			}	
-			return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
-		} catch (EncryptionException e) {
-			throw e;
-		} catch (Exception e) {
-			throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
-		}
-	}
-
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySeal( String seal ) {
-		try {
-			unseal( seal );
-			return true;
-		} catch( EncryptionException e ) {
-			return false;
-		}
-	}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public long getTimeStamp() {
-		return new Date().getTime();
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public long getRelativeTimeStamp( long offset ) {
-		return new Date().getTime() + offset;
-	}
-
-	// DISCUSS: Why experimental? Would have to be added to Encryptor interface
-	//			but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
-	//			of HMacSHA1 (see discussion below), 2) that the HMac key is the
-	//			same one used for encryption (also see comments), and 3) it caught
-	//			overly broad exceptions. Here it is with these specific areas
-	//			addressed, but no unit testing has been done at this point. -kww
-   /**
-    * Compute an HMAC for a String.  Experimental.
-    * @param input	The input for which to compute the HMac.
-    */
-/********************
-	public String computeHMAC( String input ) throws EncryptionException {
-		try {
-			Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
-												   //          SHA1 should really be avoided, but using
-												   //		   for HMAC-SHA1 is acceptable for now. Plan
-												   //		   to migrate to SHA-256 or NIST replacement for
-												   //		   SHA1 in not too distant future.
-			// DISCUSS: Also not recommended that the HMac key is the same as the one
-			//			used for encryption (namely, Encryptor.MasterKey). If anything it
-			//			would be better to use Encryptor.MasterSalt for the HMac key, or
-			//			perhaps a derived key based on the master salt. (One could use
-			//			KeyDerivationFunction.computeDerivedKey().)
-			//
-			byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
-			hmac.init( new SecretKeySpec(salt, "HMacSHA1") );	// Was:	hmac.init(secretKeySpec)	
-			byte[] inBytes;
-			try {
-				inBytes = input.getBytes("UTF-8");
-			} catch (UnsupportedEncodingException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
-				inBytes = input.getBytes();
-			}
-			byte[] bytes = hmac.doFinal( inBytes );
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-	    } catch (NoSuchAlgorithmException e) {
-	    	throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
-	    															"Problem computing HMAC for " + input, e );
-	    }
-	}
-********************/
-
-    /**
-     * Log a security warning every Nth time one of the deprecated encrypt or
-     * decrypt methods are called. ('N' is hard-coded to be 25 by default, but
-     * may be changed via the system property
-     * {@code ESAPI.Encryptor.warnEveryNthUse}.) In other words, we nag
-     * them until the give in and change it. ;-)
-     * 
-     * @param where The string "encrypt" or "decrypt", corresponding to the
-     *              method that is being logged.
-     * @param msg   The message to log.
-     */
-    private void logWarning(String where, String msg) {
-        int counter = 0;
-        if ( where.equals("encrypt") ) {
-            counter = encryptCounter++;
-            where = "JavaEncryptor.encrypt(): [count=" + counter +"]";
-        } else if ( where.equals("decrypt") ) {
-            counter = decryptCounter++;
-            where = "JavaEncryptor.decrypt(): [count=" + counter +"]";
-        } else {
-            where = "JavaEncryptor: Unknown method: ";
-        }
-        // We log the very first time (note the use of post-increment on the
-        // counters) and then every Nth time thereafter. Logging every single
-        // time is likely to be way too much logging.
-        if ( (counter % logEveryNthUse) == 0 ) {
-            logger.warning(Logger.SECURITY_FAILURE, where + msg);
-        }
-    }
-    
-    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {    	
-		String prfName = null;
-		if ( name == null ) {
-			prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		} else {
-			prfName = name;
-		}
-		KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
-		return prf;
-    }
-    
-    private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		return getPRF(prfName);
-    }
-    
-    // Private interface to call ESAPI's KDF to get key for encryption or authenticity.
-    private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_ALGORITHMS prf,
-    									SecretKey kdk, int keySize, String purpose)
-    	throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
-    {
-    	// These really should be turned into actual runtime checks and an
-    	// IllegalArgumentException should be thrown if they are violated.
-    	// But this should be OK since this is a private method. Also, this method will
-    	// be called quite often so assertions are a big win as they can be disabled or
-    	// enabled at will.
-    	assert prf != null : "Pseudo Random Function for KDF cannot be null";
-    	assert kdk != null : "Key derivation key cannot be null.";
-    	// We would choose a larger minimum key size, but we want to be
-    	// able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
-    	// we print warning.
-    	assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
-    	assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
-    	assert purpose != null : "Purpose cannot be null. Should be 'encryption' or 'authenticity'.";
-    	assert purpose.equals("encryption") || purpose.equals("authenticity") :
-    		"Purpose must be \"encryption\" or \"authenticity\".";
-
-    	KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
-    	if ( kdfVersion != 0 ) {
-    		kdf.setVersion(kdfVersion);
-    	}
-    	return kdf.computeDerivedKey(kdk, keySize, purpose);
-    }
-
-    // Get all the algorithms we will be using from ESAPI.properties.
-    private static void setupAlgorithms() {
-        // setup algorithms
-        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-        signatureAlgorithm = ESAPI.securityConfiguration().getDigitalSignatureAlgorithm();
-        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
-        hashAlgorithm = ESAPI.securityConfiguration().getHashAlgorithm();
-        hashIterations = ESAPI.securityConfiguration().getHashIterations();
-        encoding = ESAPI.securityConfiguration().getCharacterEncoding();
-        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-        signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
-    }
-    
-    // Set up signing key pair using the master password and salt. Called (once)
-    // from the JavaEncryptor CTOR.
-    private static void initKeyPair(SecureRandom prng) throws NoSuchAlgorithmException {
-        String sigAlg = signatureAlgorithm.toLowerCase();
-        if ( sigAlg.endsWith("withdsa") ) {
-            //
-            // Admittedly, this is a kludge. However for Sun JCE, even though
-            // "SHA1withDSA" is a valid signature algorithm name, if one calls
-            //      KeyPairGenerator kpg = KeyPairGenerator.getInstance("SHA1withDSA");
-            // that will throw a NoSuchAlgorithmException with an exception
-            // message of "SHA1withDSA KeyPairGenerator not available". Since
-            // SHA1withDSA and DSA keys should be identical, we use "DSA"
-            // in the case that SHA1withDSA or SHAwithDSA was specified. This is
-            // all just to make these 2 work as expected. Sigh. (Note:
-            // this was tested with JDK 1.6.0_21, but likely fails with earlier
-            // versions of the JDK as well.)
-            //
-            sigAlg = "DSA";
-        } else if ( sigAlg.endsWith("withrsa") ) {
-            // Ditto for RSA.
-            sigAlg = "RSA";
-        }
-        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(sigAlg);
-        keyGen.initialize(signatureKeyLength, prng);
-        KeyPair pair = keyGen.generateKeyPair();
-        privateKey = pair.getPrivate();
-        publicKey = pair.getPublic();
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.Signature;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.Map.Entry;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+// import javax.crypto.Mac;         // Uncomment if computeHMAC() is included.
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.IvParameterSpec;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Encryptor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.Hex;
+import org.owasp.esapi.crypto.CipherSpec;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.CryptoHelper;
+import org.owasp.esapi.crypto.KeyDerivationFunction;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.crypto.SecurityProviderLoader;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+
+/**
+ * Reference implementation of the {@code Encryptor} interface. This implementation
+ * layers on the JCE provided cryptographic package. Algorithms used are
+ * configurable in the {@code ESAPI.properties} file. The main property
+ * controlling the selection of this class is {@code ESAPI.Encryptor}. Most of
+ * the other encryption related properties have property names that start with
+ * the string "Encryptor.".
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com)
+ * @since June 1, 2007; some methods since ESAPI Java 2.0
+ * @see org.owasp.esapi.Encryptor
+ */
+public final class JavaEncryptor implements Encryptor {
+    private static volatile Encryptor singletonInstance;
+
+    // Note: This double-check pattern only works because singletonInstance
+    //       is declared to be volatile.  Usually this method is called
+    //       via ESAPI.encryptor() rather than directly.
+    public static Encryptor getInstance() throws EncryptionException {
+        if ( singletonInstance == null ) {
+            synchronized ( JavaEncryptor.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new JavaEncryptor();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    private static boolean initialized = false;
+
+    // encryption
+    private static SecretKeySpec secretKeySpec = null; // DISCUSS: Why static? Implies one key?!?
+    private static String encryptAlgorithm = "AES";
+    private static String encoding = "UTF-8";
+    private static int encryptionKeyLength = 128;
+
+    // digital signatures
+    private static PrivateKey privateKey = null;
+    private static PublicKey publicKey = null;
+    private static String signatureAlgorithm = "SHA256withDSA";
+    private static String randomAlgorithm = "SHA1PRNG";     // SHA1 is fine as a CSRNG.
+    private static int signatureKeyLength = 2048;
+
+    // hashing
+    private static String hashAlgorithm = "SHA-512";
+    private static int hashIterations = 1024;
+
+    // Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
+    //                    this class is first loaded. Is this a big limitation? Since there
+    //                    is no method to reset it, we may has well make it 'final' also.
+    private static Logger logger = ESAPI.getLogger("JavaEncryptor");
+        // Used to print out warnings about deprecated methods.
+    private static int encryptCounter = 0;
+    private static int decryptCounter = 0;
+        // DISCUSS: OK to not have a property for this to set the frequency?
+        //          The desire is to persuade people to move away from these
+        //          two deprecated encrypt(String) / decrypt(String) methods,
+        //          so perhaps the annoyance factor of not being able to
+        //          change it will help. For now, it is just hard-coded here.
+        //          We could be mean and just print a warning *every* time.
+    private static final int logEveryNthUse = 25;
+
+    // *Only* use this string for user messages for EncryptionException when
+    // decryption fails. This is to prevent information leakage that may be
+    // valuable in various forms of ciphertext attacks, such as the
+    // Padded Oracle attack described by Rizzo and Duong.
+    private static final String DECRYPTION_FAILED = "Decryption failed; see logs for details.";
+
+    // # of seconds that all failed decryption attempts will take. Used to
+    // help prevent side-channel timing attacks.
+    private static int N_SECS = 2;
+
+    // Load the preferred JCE provider if one has been specified.
+    static {
+        try {
+            SecurityProviderLoader.loadESAPIPreferredJCEProvider();
+        } catch (NoSuchProviderException ex) {
+            // Note that audit logging is done elsewhere in called method.
+            logger.fatal(Logger.SECURITY_FAILURE,
+                         "JavaEncryptor failed to load preferred JCE provider.", ex);
+            throw new ExceptionInInitializerError(ex);
+        }
+        setupAlgorithms();
+    }
+
+    /**
+     * Generates a new strongly random secret key and salt that can be
+     * copy and pasted in the <b>ESAPI.properties</b> file.
+     *
+     * @param args Set first argument to "-print" to display available algorithms on standard output.
+     * @throws java.lang.Exception  To cover a multitude of sins, mostly in configuring ESAPI.properties.
+     */
+    public static void main( String[] args ) throws Exception {
+        System.out.println( "Generating a new secret master key" );
+
+        // print out available ciphers
+        if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
+            System.out.println( "AVAILABLE ALGORITHMS" );
+
+            Provider[] providers = Security.getProviders();
+            TreeMap<String, String> tm = new TreeMap<String, String>();
+            // DISCUSS: Note: We go through multiple providers, yet nowhere do I
+            //          see where we print out the PROVIDER NAME. Not all providers
+            //          will implement the same algorithms and some "partner" with
+            //          whom we are exchanging different cryptographic messages may
+            //          have _different_ providers in their java.security file. So
+            //          it would be useful to know the provider name where each
+            //          algorithm is implemented. Might be good to prepend the provider
+            //          name to the 'key' with something like "providerName: ". Thoughts?
+            for (int i = 0; i != providers.length; i++) {
+                // DISCUSS: Print security provider name here???
+                // Note: For some odd reason, Provider.keySet() returns
+                //       Set<Object> of the property keys (which are Strings)
+                //       contained in this provider, but Set<String> seems
+                //       more appropriate. But that's why we need the cast below.
+                System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
+                Iterator<Object> it = providers[i].keySet().iterator();
+                while (it.hasNext()) {
+                    String key = (String)it.next();
+                    String value = providers[i].getProperty( key );
+                    tm.put(key, value);
+                    System.out.println("\t\t   " + key + " -> "+ value );
+                }
+            }
+
+            Set< Entry<String,String> > keyValueSet = tm.entrySet();
+            Iterator<Entry<String, String>> it = keyValueSet.iterator();
+            while( it.hasNext() ) {
+                Map.Entry<String,String> entry = it.next();
+                String key = entry.getKey();
+                String value = entry.getValue();
+                System.out.println( "   " + key + " -> "+ value );
+            }
+        } else {
+            // Used to print a similar line to use '-print' even when it was specified.
+            System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
+        }
+
+        // setup algorithms -- Each of these have defaults if not set, although
+        //                     someone could set them to something invalid. If
+        //                     so a suitable exception will be thrown and displayed.
+        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
+        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+
+        SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
+        SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
+        byte[] raw = secretKey.getEncoded();
+        byte[] salt = new byte[20]; // Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
+        random.nextBytes( salt );
+        String eol = System.getProperty("line.separator", "\n"); // So it works on Windows too.
+        System.out.println( eol + "Copy and paste these lines into your ESAPI.properties" + eol);
+        System.out.println( "#==============================================================");
+        System.out.println( "Encryptor.MasterKey=" + ESAPI.encoder().encodeForBase64(raw, false) );
+        System.out.println( "Encryptor.MasterSalt=" + ESAPI.encoder().encodeForBase64(salt, false) );
+        System.out.println( "#==============================================================" + eol);
+    }
+
+
+    /**
+     * Private CTOR for {@code JavaEncryptor}, called by {@code getInstance()}.
+     * @throws EncryptionException if can't construct this object for some reason.
+     *                  Original exception will be attached as the 'cause'.
+     */
+    private JavaEncryptor() throws EncryptionException {
+        byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
+
+        if ( salt == null ) {
+            throw new ConfigurationException("Can't obtain master salt, Encryptor.MasterSalt");
+        }
+
+        if ( salt.length < 16 ) {
+            throw new ConfigurationException("Encryptor.MasterSalt must be at least 16 bytes. " +
+                                             "Length is: " + salt.length + " bytes.");
+        }
+
+        if ( skey == null ) {
+            throw new ConfigurationException("Can't obtain master key, Encryptor.MasterKey");
+        }
+
+        if ( skey.length < 7 ) {
+            throw new ConfigurationException("Encryptor.MasterKey must be at least 7 bytes. " +
+                                             "Length is: " + skey.length + " bytes.");
+        }
+
+        // Set up secretKeySpec for use for symmetric encryption and decryption,
+        // and set up the public/private keys for asymmetric encryption /
+        // decryption.
+        // TODO: Note: Since we've dumped ESAPI 1.4 crypto backward compatibility,
+        //       then we probably can ditch the Encryptor.EncryptionAlgorithm
+        //       property. If so, encryptAlgorithm should probably use
+        //       Encryptor.CipherTransformation and just pull off the cipher
+        //       algorithm name so we can use it here. That just requires
+        //       advance notice and proper deprecation, which I'm not prepared
+        //       to do at this time.    -kevin wall
+        synchronized(JavaEncryptor.class) {
+            if ( ! initialized ) {
+                //
+                // For symmetric encryption
+                //
+                //      NOTE: FindBugs complains about this
+                //            (ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD) but
+                //            it should be OK since it is synchronized and only
+                //            done once. While we could separate this out and
+                //            handle in a static initializer, it just seems to
+                //            fit better here.
+                secretKeySpec = new SecretKeySpec(skey, encryptAlgorithm );
+
+                //
+                // For asymmetric encryption (i.e., public/private key)
+                //
+                try {
+                    SecureRandom prng = SecureRandom.getInstance(randomAlgorithm);
+
+                    // Because hash() is not static (but it could be were in not
+                    // for the interface method specification in Encryptor), we
+                    // cannot do this initialization in a static method or static
+                    // initializer.
+                    byte[] seed = hash(new String(skey, encoding),new String(salt, encoding)).getBytes(encoding);
+                    prng.setSeed(seed);
+                    initKeyPair(prng);
+                } catch (Exception e) {
+                    throw new EncryptionException("Encryption failure", "Error creating Encryptor", e);
+                }
+
+                // Mark everything as initialized.
+                initialized = true;
+            }
+        }
+    }
+
+
+
+    /**
+     * {@inheritDoc}
+     *
+     * Hashes the data with the supplied salt and the number of iterations specified in
+     * the ESAPI SecurityConfiguration.
+     */
+    public String hash(String plaintext, String salt) throws EncryptionException {
+        return hash( plaintext, salt, hashIterations );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
+     * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
+     * in order to help strengthen weak passwords.
+     */
+    public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
+        byte[] bytes = null;
+        try {
+            MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
+            digest.reset();
+            digest.update(ESAPI.securityConfiguration().getMasterSalt());
+            digest.update(salt.getBytes(encoding));
+            digest.update(plaintext.getBytes(encoding));
+
+            // rehash a number of times to help strengthen weak passwords
+            bytes = digest.digest();
+            for (int i = 0; i < iterations; i++) {
+                digest.reset();
+                bytes = digest.digest(bytes);
+            }
+            String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
+            return encoded;
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
+        } catch (UnsupportedEncodingException ex) {
+            throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+     public CipherText encrypt(PlainText plaintext) throws EncryptionException {
+         // Now more of a convenience function for using the master key.
+         return encrypt(secretKeySpec, plaintext);
+     }
+
+     /**
+      * {@inheritDoc}
+      */
+     public CipherText encrypt(SecretKey key, PlainText plain)
+                throws EncryptionException
+     {
+         if ( key == null ) {
+             throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
+         }
+         if ( plain == null ) {
+             throw new IllegalArgumentException("PlainText may arg not be null");
+         }
+         byte[] plaintext = plain.asBytes();
+         boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+
+         boolean success = false;   // Used in 'finally' clause.
+         String xform = null;
+         int keySize = key.getEncoded().length * 8; // Convert to # bits
+
+        try {
+             xform = ESAPI.securityConfiguration().getCipherTransformation();
+             String[] parts = xform.split("/");
+             if ( parts.length != 3 ) {
+                 throw new ConfigurationException("Malformed cipher transformation: " + xform +
+                                                  ". Should have format of cipher_alg/cipher_mode/padding_scheme.");
+             }
+             String cipherMode = parts[1];
+
+             // This way we can prevent modes like OFB and CFB where the IV should never
+             // be repeated with the same encryption key (at least until we support
+             // Encryptor.ChooseIVMethod=specified and allow us to specify some mechanism
+             // to ensure the IV will never be repeated (such as a time stamp or other
+             // monotonically increasing function).
+             // DISCUSS: Should we include the permitted cipher modes in the exception msg?
+             if ( ! CryptoHelper.isAllowedCipherMode(cipherMode) ) {
+                 throw new EncryptionException("Encryption failure: invalid cipher mode ( " + cipherMode + ") for encryption",
+                             "Encryption failure: Cipher transformation " + xform + " specifies invalid " +
+                             "cipher mode " + cipherMode);
+             }
+
+             // Note - Cipher is not thread-safe so we create one locally
+             //        Also, we need to change this eventually so other algorithms can
+             //        be supported. Eventually, there will be an encrypt() method that
+             //        takes a (new class) CryptoControls, as something like this:
+             //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
+             //        and this method will just call that one.
+             Cipher encrypter = Cipher.getInstance(xform);
+             String cipherAlg = encrypter.getAlgorithm();
+
+             int minKeyLen = 112;   // Use for hard-coded default to support 2TDEA
+             try {
+                minKeyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.MinEncryptionKeyLength");
+             } catch( Exception ex ) {
+                 logger.warning(Logger.EVENT_FAILURE,
+                         "Property 'Encryptor.MinEncryptionKeyLength' not properly set in ESAPI.properties file; using hard coded default of 112 for min key size for encryption.",
+                         ex);
+                 ;  // Do NOT rethrow.
+             }
+
+             if ( keySize < minKeyLen ) {
+                 // NOTE: This used to just log a warning. It now logs an error & throws an exception.
+                 //
+                 // ESAPI.EncryptionKeyLength defaults to 128. This means that someone wants to use ESAPI to
+                 // encrypt with something like 2-key TDES, they would have to set this to that property
+                 // to 112 bits.
+                 logger.error(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN MINIMUM allowed " +
+                         "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits with cipher algorithm " + cipherAlg);
+                 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
+                                                  "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits.");
+             }
+             if ( keySize < 112 ) {     // NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
+                                        // Note that 112 bits 'just happens' to be size of 2-key Triple DES! So for example, if they
+                                        // have configured ESAPI's Encryptor.EncryptionKeyLength to (say) 56 bits, we are going to
+                                        // nag them like their mother! :)
+                 logger.warning(Logger.SECURITY_FAILURE, "Potentially insecure encryption. Key size of " + keySize + "bits " +
+                                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
+                                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
+             }
+             // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
+             // They should be the same. If they are different, things could fail. (E.g., DES and DESede
+             // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
+             // parity it could fail.)
+             //
+             String skeyAlg = key.getAlgorithm();
+             if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
+                 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
+                 //          either, but personally I'd prefer the squeaky wheel to the annoying throwing of
+                 //          a ConfigurationException (which is a RuntimeException). Less likely to upset
+                 //          the development community.
+                 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
+                         cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
+             }
+
+             byte[] ivBytes = null;
+             CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);    // Could pass the ACTUAL (intended) key size
+
+             // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
+             // use the specified SecretKey as-is rather than computing a derived key from it. We also
+             // don't expect a separate MAC in the specified CipherText object so therefore don't try
+             // to validate it.
+             boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( cipherMode );
+             SecretKey encKey = null;
+             if ( preferredCipherMode ) {
+                 encKey = key;
+             } else {
+                 encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+                                            key, keySize, "encryption");
+             }
+
+             if ( cipherSpec.requiresIV() ) {
+                 String ivType = ESAPI.securityConfiguration().getIVType();
+                 IvParameterSpec ivSpec = null;
+                 if ( ivType.equalsIgnoreCase("random") ) {
+                     ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
+                 } else {
+                     // This really shouldn't happen here. Show catch it a few
+                     // lines above.
+                     throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random'.");
+                 }
+                 ivSpec = new IvParameterSpec(ivBytes);
+                 cipherSpec.setIV(ivBytes);
+                 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
+             } else {
+                 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
+             }
+             logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
+             byte[] raw = encrypter.doFinal(plaintext);
+                 // Convert to CipherText.
+             CipherText ciphertext = new CipherText(cipherSpec, raw);
+
+             // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
+             // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
+             // do this when we are not using such a cipher mode.
+             if ( !preferredCipherMode ) {
+                 // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
+                 SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+                                                       key, keySize, "authenticity");
+                 ciphertext.computeAndStoreMAC(  authKey );
+             }
+             logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
+             success = true;    // W00t!!!
+             return ciphertext;
+        } catch (InvalidKeyException ike) {
+             throw new EncryptionException("Encryption failure: Invalid key exception.",
+                     "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
+                     ike.getMessage(), ike);
+         } catch (ConfigurationException cex) {
+             throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
+                     "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
+         } catch (InvalidAlgorithmParameterException e) {
+             throw new EncryptionException("Encryption failure (invalid IV)",
+                     "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
+         } catch (IllegalBlockSizeException e) {
+             throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
+                     "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
+         } catch (BadPaddingException e) {
+             throw new EncryptionException("Encryption failure",
+                     "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
+         } catch (NoSuchAlgorithmException e) {
+             throw new EncryptionException("Encryption failure (unavailable cipher requested)",
+                     "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
+         } catch (NoSuchPaddingException e) {
+             throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
+                     "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
+         } finally {
+             // Don't overwrite anything in the case of exceptions because they may wish to retry.
+             if ( success && overwritePlaintext ) {
+                 plain.overwrite();     // Note: Same as overwriting 'plaintext' byte array.
+             }
+         }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
+         // Now more of a convenience function for using the master key.
+         return decrypt(secretKeySpec, ciphertext);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PlainText decrypt(SecretKey key, CipherText ciphertext)
+        throws EncryptionException, IllegalArgumentException
+    {
+        long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
+        if ( key == null ) {
+            throw new IllegalArgumentException("SecretKey arg may not be null");
+        }
+        if ( ciphertext == null ) {
+            throw new IllegalArgumentException("Ciphertext may arg not be null");
+        }
+
+        if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
+            // This really should be an illegal argument exception, but it could
+            // mean that a partner encrypted something using a cipher mode that
+            // you do not accept, so it's a bit more complex than that. Also
+            // throwing an IllegalArgumentException doesn't allow us to provide
+            // the two separate error messages or automatically log it.
+            throw new EncryptionException(DECRYPTION_FAILED,
+                    "Invalid cipher mode " + ciphertext.getCipherMode() +
+                    " not permitted for decryption or encryption operations.");
+        }
+        logger.debug(Logger.EVENT_SUCCESS,
+                "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
+                ciphertext);
+
+        PlainText plaintext = null;
+        boolean caughtException = false;
+        int progressMark = 0;
+        try {
+            // First we validate the MAC.
+            boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
+            if ( !valid ) {
+                try {
+                    // This is going to fail, but we want the same processing
+                    // to occur as much as possible so as to prevent timing
+                    // attacks. We _could_ just be satisfied by the additional
+                    // sleep in the 'finally' clause, but an attacker on the
+                    // same server who can run something like 'ps' can tell
+                    // CPU time versus when the process is sleeping. Hence we
+                    // try to make this as close as possible. Since we know
+                    // it is going to fail, we ignore the result and ignore
+                    // the (expected) exception.
+                    handleDecryption(key, ciphertext); // Ignore return (should fail).
+                } catch(Exception ex) {
+                    ;   // Ignore
+                }
+                throw new EncryptionException(DECRYPTION_FAILED,
+                        "Decryption failed because MAC invalid for " +
+                        ciphertext);
+            }
+            progressMark++;
+            // The decryption only counts if the MAC was valid.
+            plaintext = handleDecryption(key, ciphertext);
+            progressMark++;
+        } catch(EncryptionException ex) {
+            caughtException = true;
+            String logMsg = null;
+            switch( progressMark ) {
+            case 1:
+                logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
+                break;
+            case 2:
+                logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
+                break;
+            default:
+                logMsg = "Programming error: unexpected progress mark == " + progressMark;
+            break;
+            }
+            logger.error(Logger.SECURITY_FAILURE, logMsg);
+            throw ex;           // Re-throw
+        }
+        finally {
+            if ( caughtException ) {
+                // The rest of this code is to try to account for any minute differences
+                // in the time it might take for the various reasons that decryption fails
+                // in order to prevent any other possible timing attacks. Perhaps it is
+                // going overboard. If nothing else, if N_SECS is large enough, it might
+                // deter attempted repeated attacks by making them take much longer.
+                long now = System.nanoTime();
+                long elapsed = now - start;
+                final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
+                long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
+                if ( elapsed < nSecs ) {
+                    // Want to sleep so total time taken is N seconds.
+                    long extraSleep = nSecs - elapsed;
+
+                    // 'extraSleep' is in nanoseconds. Need to convert to a millisec
+                    // part and nanosec part. Nanosec is 10**-9, millsec is
+                    // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
+                    // convert to from nanoseconds to milliseconds.
+                    long millis = extraSleep / 1000000L;
+                    long nanos  = (extraSleep - (millis * 1000000L));
+
+                    // N_SECS is hard-coded so assertion should be okay here.
+                    assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
+                            "Nanosecs out of bounds; nanos = " + nanos;
+                    try {
+                        Thread.sleep(millis, (int)nanos);
+                    } catch(InterruptedException ex) {
+                        ;   // Ignore
+                    }
+                } // Else ... time already exceeds N_SECS sec, so do not sleep.
+            }
+        }
+        return plaintext;
+    }
+
+    // Handle the actual decryption portion. At this point it is assumed that
+    // any MAC has already been validated. (But see "DISCUSS" issue, below.)
+    private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
+        throws EncryptionException
+    {
+        int keySize = 0;
+        try {
+            Cipher decrypter = Cipher.getInstance(ciphertext.getCipherTransformation());
+            keySize = key.getEncoded().length * 8;  // Convert to # bits
+
+            // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
+            // use the specified SecretKey as-is rather than computing a derived key from it. We also
+            // don't expect a separate MAC in the specified CipherText object so therefore don't try
+            // to validate it.
+            boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( ciphertext.getCipherMode() );
+            SecretKey encKey = null;
+            if ( preferredCipherMode ) {
+                encKey = key;
+            } else {
+                // TODO: PERFORMANCE: Calculate avg time this takes and consider caching for very short interval
+                //       (e.g., 2 to 5 sec tops). Otherwise doing lots of encryptions in a loop could take a LOT longer.
+                //       But remember Jon Bentley's "Rule #1 on performance: First make it right, then make it fast."
+                //       This would be a security trade-off as it would leave keys in memory a bit longer, so it
+                //       should probably be off by default and controlled via a property.
+                //
+                // TODO: Feed in some additional parms here to use as the 'context' for the
+                //       KeyDerivationFunction...especially the KDF version. We would have to
+                //       store that in the CipherText object. We *possibly* could make it
+                //       transient so it would not be serialized with the CipherText object,
+                //       otherwise we would have to implement readObject() and writeObject()
+                //       methods there to support backward compatibility. Anyhow the intent
+                //       is to prevent down grade attacks when we finally re-design and
+                //       re-implement the MAC. Think about this in version 2.1.1.
+                encKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
+                                            key, keySize, "encryption");
+            }
+            if ( ciphertext.requiresIV() ) {
+                decrypter.init(Cipher.DECRYPT_MODE, encKey, new IvParameterSpec(ciphertext.getIV()));
+            } else {
+                decrypter.init(Cipher.DECRYPT_MODE, encKey);
+            }
+            byte[] output = decrypter.doFinal(ciphertext.getRawCipherText());
+            return new PlainText(output);
+
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Must install JCE Unlimited Strength Jurisdiction Policy Files from Sun", ike);
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Invalid algorithm for available JCE providers - " +
+                    ciphertext.getCipherTransformation() + ": " + e.getMessage(), e);
+        } catch (NoSuchPaddingException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Invalid padding scheme (" +
+                    ciphertext.getPaddingScheme() + ") for cipher transformation " + ciphertext.getCipherTransformation() +
+                    ": " + e.getMessage(), e);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
+        } catch (IllegalBlockSizeException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
+        } catch (BadPaddingException e) {
+            // DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
+            // So only way we could get a padding exception is if invalid padding were used originally by
+            // the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
+            // It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
+            // or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
+            // during a code inspection.
+            SecretKey authKey;
+            try {
+                authKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
+                                             key, keySize, "authenticity");
+            } catch (Exception e1) {
+                throw new EncryptionException(DECRYPTION_FAILED,
+                        "Decryption problem -- failed to compute derived key for authenticity: " + e1.getMessage(), e1);
+            }
+            boolean success = ciphertext.validateMAC( authKey );
+            if ( success ) {
+                throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
+            } else {
+                throw new EncryptionException(DECRYPTION_FAILED,
+                        "Decryption problem: WARNING: Adversary may have tampered with " +
+                        "CipherText object orCipherText object mangled in transit: " + e.getMessage(), e);
+            }
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public String sign(String data) throws EncryptionException {
+        try {
+            Signature signer = Signature.getInstance(signatureAlgorithm);
+            signer.initSign(privateKey);
+            signer.update(data.getBytes(encoding));
+            byte[] bytes = signer.sign();
+            return ESAPI.encoder().encodeForBase64(bytes, false);
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+        } catch (Exception e) {
+            throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public boolean verifySignature(String signature, String data) {
+        try {
+            byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
+            Signature signer = Signature.getInstance(signatureAlgorithm);
+            signer.initVerify(publicKey);
+            signer.update(data.getBytes(encoding));
+            return signer.verify(bytes);
+        } catch (Exception e) {
+            // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
+            // FindBugs complains about this and since it examines byte-code, there's no way to
+            // shut it up.
+            new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
+            return false;
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+     *
+     * @param expiration
+     * @throws IntegrityException
+     */
+    public String seal(String data, long expiration) throws IntegrityException {
+        if ( data == null ) {
+            throw new IllegalArgumentException("Data to be sealed may not be null.");
+        }
+
+        try {
+            String b64data = null;
+            try {
+                b64data = ESAPI.encoder().encodeForBase64(data.getBytes("UTF-8"), false);
+            } catch (UnsupportedEncodingException e) {
+                ; // Ignore; should never happen since UTF-8 built into rt.jar
+            }
+            // mix in some random data so even identical data and timestamp produces different seals
+            String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
+            String plaintext = expiration + ":" + nonce + ":" + b64data;
+            // add integrity check; signature is already base64 encoded.
+            String sig = this.sign( plaintext );
+            CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
+            String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
+            return sealedData;
+        } catch( EncryptionException e ) {
+            throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public String unseal(String seal) throws EncryptionException {
+        PlainText plaintext = null;
+        try {
+            byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
+            CipherText cipherText = null;
+            try {
+                cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
+            } catch( AssertionError e) {
+                // Some of the tests in EncryptorTest.testVerifySeal() are examples of
+                // this if assertions are enabled, but otherwise it should not
+                // normally happen.
+                throw new EncryptionException("Invalid seal",
+                                              "Seal passed garbarge data resulting in AssertionError: " + e);
+            }
+            plaintext = this.decrypt(cipherText);
+
+            String[] parts = plaintext.toString().split(":");
+            if (parts.length != 4) {
+                throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
+            }
+
+            String timestring = parts[0];
+            long now = new Date().getTime();
+            long expiration = Long.parseLong(timestring);
+            if (now > expiration) {
+                throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
+            }
+            String nonce = parts[1];
+            String b64data = parts[2];
+            String sig = parts[3];
+            if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
+                throw new EncryptionException("Invalid seal", "Seal integrity check failed");
+            }
+            return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
+        } catch (EncryptionException e) {
+            throw e;
+        } catch (Exception e) {
+            throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
+        }
+    }
+
+
+    /**
+    * {@inheritDoc}
+    */
+    public boolean verifySeal( String seal ) {
+        try {
+            unseal( seal );
+            return true;
+        } catch( EncryptionException e ) {
+            return false;
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public long getTimeStamp() {
+        return new Date().getTime();
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public long getRelativeTimeStamp( long offset ) {
+        return new Date().getTime() + offset;
+    }
+
+    // DISCUSS: Why experimental? Would have to be added to Encryptor interface
+    //          but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
+    //          of HMacSHA1 (see discussion below), 2) that the HMac key is the
+    //          same one used for encryption (also see comments), and 3) it caught
+    //          overly broad exceptions. Here it is with these specific areas
+    //          addressed, but no unit testing has been done at this point. -kww
+   /**
+    * Compute an HMAC for a String.  Experimental.
+    * @param input  The input for which to compute the HMac.
+    */
+/********************
+    public String computeHMAC( String input ) throws EncryptionException {
+        try {
+            Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
+                                                   //          SHA1 should really be avoided, but using
+                                                   //          for HMAC-SHA1 is acceptable for now. Plan
+                                                   //          to migrate to SHA-256 or NIST replacement for
+                                                   //          SHA1 in not too distant future.
+            // DISCUSS: Also not recommended that the HMac key is the same as the one
+            //          used for encryption (namely, Encryptor.MasterKey). If anything it
+            //          would be better to use Encryptor.MasterSalt for the HMac key, or
+            //          perhaps a derived key based on the master salt. (One could use
+            //          KeyDerivationFunction.computeDerivedKey().)
+            //
+            byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+            hmac.init( new SecretKeySpec(salt, "HMacSHA1") );   // Was: hmac.init(secretKeySpec)
+            byte[] inBytes;
+            try {
+                inBytes = input.getBytes("UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
+                inBytes = input.getBytes();
+            }
+            byte[] bytes = hmac.doFinal( inBytes );
+            return ESAPI.encoder().encodeForBase64(bytes, false);
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
+                                                                    "Problem computing HMAC for " + input, e );
+        }
+    }
+********************/
+
+    /**
+     * Log a security warning every Nth time one of the deprecated encrypt or
+     * decrypt methods are called. ('N' is hard-coded to be 25 by default, but
+     * may be changed via the system property
+     * {@code ESAPI.Encryptor.warnEveryNthUse}.) In other words, we nag
+     * them until the give in and change it. ;-)
+     *
+     * @param where The string "encrypt" or "decrypt", corresponding to the
+     *              method that is being logged.
+     * @param msg   The message to log.
+     */
+    private void logWarning(String where, String msg) {
+        int counter = 0;
+        if ( where.equals("encrypt") ) {
+            counter = encryptCounter++;
+            where = "JavaEncryptor.encrypt(): [count=" + counter +"]";
+        } else if ( where.equals("decrypt") ) {
+            counter = decryptCounter++;
+            where = "JavaEncryptor.decrypt(): [count=" + counter +"]";
+        } else {
+            where = "JavaEncryptor: Unknown method: ";
+        }
+        // We log the very first time (note the use of post-increment on the
+        // counters) and then every Nth time thereafter. Logging every single
+        // time is likely to be way too much logging.
+        if ( (counter % logEveryNthUse) == 0 ) {
+            logger.warning(Logger.SECURITY_FAILURE, where + msg);
+        }
+    }
+
+    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {
+        String prfName = null;
+        if ( name == null ) {
+            prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        } else {
+            prfName = name;
+        }
+        KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
+        return prf;
+    }
+
+    private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
+        String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        return getPRF(prfName);
+    }
+
+    // Private interface to call ESAPI's KDF to get key for encryption or authenticity.
+    private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_ALGORITHMS prf,
+                                        SecretKey kdk, int keySize, String purpose)
+        throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
+    {
+        // These really should be turned into actual runtime checks and an
+        // IllegalArgumentException should be thrown if they are violated.
+        // But this should be OK since this is a private method. Also, this method will
+        // be called quite often so assertions are a big win as they can be disabled or
+        // enabled at will.
+        assert prf != null : "Pseudo Random Function for KDF cannot be null";
+        assert kdk != null : "Key derivation key cannot be null.";
+        // We would choose a larger minimum key size, but we want to be
+        // able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
+        // we print warning.
+        assert keySize >= 56 : "Key has size of " + keySize + ", which is less than absolute minimum of 56-bits.";
+        assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
+
+        // However, this one we want as a runtime check because we don't have this check
+        // in KeyDerivationFunction.computeDerivedKey() as we want that method
+        // to be more general.
+        if ( !( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+            String exMsg = "Programming error in ESAPI?? 'purpose' for computeDerivedKey() must be \"encryption\" or \"authenticity\".";
+            throw new EncryptionException(exMsg, exMsg);
+        }
+
+        KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
+        if ( kdfVersion != 0 ) {
+            kdf.setVersion(kdfVersion);
+        }
+        return kdf.computeDerivedKey(kdk, keySize, purpose);
+    }
+
+    // Get all the algorithms we will be using from ESAPI.properties.
+    private static void setupAlgorithms() {
+        // setup algorithms
+        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
+        signatureAlgorithm = ESAPI.securityConfiguration().getDigitalSignatureAlgorithm();
+        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        hashAlgorithm = ESAPI.securityConfiguration().getHashAlgorithm();
+        hashIterations = ESAPI.securityConfiguration().getHashIterations();
+        encoding = ESAPI.securityConfiguration().getCharacterEncoding();
+        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+        signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
+    }
+
+    // Set up signing key pair using the master password and salt. Called (once)
+    // from the JavaEncryptor CTOR.
+    private static void initKeyPair(SecureRandom prng) throws NoSuchAlgorithmException {
+        String sigAlg = signatureAlgorithm.toLowerCase();
+        if ( sigAlg.endsWith("withdsa") ) {
+            //
+            // Admittedly, this is a kludge. However for Sun JCE, even though
+            // "SHA1withDSA" is a valid signature algorithm name, if one calls
+            //      KeyPairGenerator kpg = KeyPairGenerator.getInstance("SHA1withDSA");
+            // that will throw a NoSuchAlgorithmException with an exception
+            // message of "SHA1withDSA KeyPairGenerator not available". Since
+            // SHA1withDSA and DSA keys should be identical, we use "DSA"
+            // in the case that SHA1withDSA or SHAwithDSA was specified. This is
+            // all just to make these 2 work as expected. Sigh. (Note:
+            // this was tested with JDK 1.6.0_21, but likely fails with earlier
+            // versions of the JDK as well. Haven't experimented with later
+            // versions.)
+            //
+            sigAlg = "DSA";
+        } else if ( sigAlg.endsWith("withrsa") ) {
+            // Ditto for RSA.
+            sigAlg = "RSA";
+        }
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(sigAlg);
+        keyGen.initialize(signatureKeyLength, prng);
+        KeyPair pair = keyGen.generateKeyPair();
+        privateKey = pair.getPrivate();
+        publicKey = pair.getPublic();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java b/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
index cffc14963..1137a5fbc 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
@@ -55,239 +55,239 @@
  */
 public class ReferenceEncryptedProperties extends java.util.Properties implements EncryptedProperties {
 
-	/**
-	 * serverVersionUID; use format of YYYYMMDD.
-	 */
-	private static final long serialVersionUID = 20120718L;
-
-	/** The logger. */
-	private final Logger logger = ESAPI.getLogger(this.getClass());
-
-	private static final String[] GET_ERROR_MESSAGES = new String[]{
-		": failed decoding from base64",
-		": failed to deserialize properly",
-		": failed to decrypt properly"
-	};
-
-	private static final String[] SET_ERROR_MESSAGES = new String[]{
-		": failed to encrypt properly",
-		": failed to serialize correctly",
-		": failed to base64-encode properly",
-		": failed to set base64-encoded value as property. Illegal key name?"
-	};
-
-	/**
-	 * Instantiates a new encrypted properties.
-	 */
-	public ReferenceEncryptedProperties() {
-		super();
-	}
-
-	public ReferenceEncryptedProperties(Properties defaults) {
-		super();
-
-		for (Object oKey : defaults.keySet()) {
-			String key		= (oKey instanceof String) ? (String)oKey : oKey.toString();
-			String value	= defaults.getProperty(key);
-
-			this.setProperty(key, value);
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * @throws EncryptionRuntimeException Thrown if decryption fails.
-	 */
-	@Override
-	public synchronized String getProperty(String key) throws EncryptionRuntimeException {
-	    int progressMark = 0;
-	    try {
-	        String encryptedValue = super.getProperty(key);
-
-	        if(encryptedValue==null)
-	            return null;
-
-	        progressMark = 0;
-	        byte[] serializedCiphertext   = ESAPI.encoder().decodeFromBase64(encryptedValue);
-	        progressMark++;
-	        CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(serializedCiphertext);
-	        progressMark++;
-	        PlainText plaintext           = ESAPI.encryptor().decrypt(restoredCipherText);
-
-	        return plaintext.toString();
-		} catch (Exception e) {
-			throw new EncryptionRuntimeException("Property retrieval failure",
-					                             "Couldn't retrieve encrypted property for property " + key +
-												 GET_ERROR_MESSAGES[progressMark], e);
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * @throws EncryptionRuntimeException Thrown if decryption fails.
-	 */
-	@Override
-	public String getProperty(String key, String defaultValue) throws EncryptionRuntimeException {
-		String value = getProperty(key);
-
-		if (value == null) return defaultValue;
-
-		return value;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * @throws EncryptionRuntimeException Thrown if encryption fails.
-	 */
-	@Override
-	public synchronized String setProperty(String key, String value) throws EncryptionRuntimeException {
-	    int progressMark = 0;
-	    try {
-	        if ( key == null ) {
-	            throw new NullPointerException("Property name may not be null.");
-	        }
-	        if ( value == null ) {
-	            throw new NullPointerException("Property value may not be null.");
-	        }
-	        // NOTE: Not backward compatible w/ ESAPI 1.4.
-	        PlainText pt = new PlainText(value);
-	        CipherText ct = ESAPI.encryptor().encrypt(pt);
-	        progressMark++;
-	        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
-	        progressMark++;
-	        String b64str = ESAPI.encoder().encodeForBase64(serializedCiphertext, false);
-	        progressMark++;
-	        return (String)super.put(key, b64str);
-	    } catch (Exception e) {
-	        throw new EncryptionRuntimeException("Property setting failure",
-	                                      "Couldn't set encrypted property " + key +
-	                                      SET_ERROR_MESSAGES[progressMark], e);
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @throws IOException Thrown if input stream invalid or does not
-	 * 					   correspond to Java properties file format.
-	 */
-	@Override
-	public void load(InputStream in) throws IOException {
-		super.load(in);
-		logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * For JDK 1.5 compatibility, this method has been overridden convert the Reader
-	 * into an InputStream and call the superclass constructor.
-	 * 
-	 * @throws IOException Thrown if {@code Reader} input stream invalid or does not
-	 * 					   correspond to Java properties file format.
-	 */
-	public void load(Reader in) throws IOException {
-
-		if (in == null) return;
-
-		//read from the reader into a StringBuffer
-		char[] cbuf				= new char[65536];
-		BufferedReader buff		= new BufferedReader(in);
-		StringBuilder contents	= new StringBuilder();
-
-		int read_this_time = 0;
-		while (read_this_time != -1) {
-			read_this_time = buff.read(cbuf, 0, 65536);
-			if (read_this_time > 0) contents.append(cbuf, 0, read_this_time);
-		}
-
-		//create a new InputStream from the StringBuffer
-		InputStream is = new ByteArrayInputStream(contents.toString().getBytes());
-
-		super.load(is);
-		logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
-	}
-
-	/**
-	 * This method has been overridden to throw an {@code UnsupportedOperationException}
-	 */
-	@Override
-	public void list(PrintStream out) {
-		throw new UnsupportedOperationException("This method has been removed for security.");
-	}
-
-	/**
-	 * This method has been overridden to throw an {@code UnsupportedOperationException}
-	 */
-	@Override
-	public void list(PrintWriter out) {
-		throw new UnsupportedOperationException("This method has been removed for security.");
-	}
-
-	/**
-	 * This method has been overridden to throw an {@code UnsupportedOperationException}
-	 */
-	@SuppressWarnings({ "unchecked", "rawtypes" })
-	@Override
-	public Collection values() {
-		throw new UnsupportedOperationException("This method has been removed for security.");
-	}
-
-	/**
-	 * This method has been overridden to throw an {@code UnsupportedOperationException}
-	 */
-	@SuppressWarnings({ "unchecked", "rawtypes" })
-	@Override
-	public Set entrySet() {
-		throw new UnsupportedOperationException("This method has been removed for security.");
-	}
-
-	/**
-	 * This method has been overridden to throw an {@code UnsupportedOperationException}
-	 */
-	@SuppressWarnings({ "unchecked", "rawtypes" })
-	@Override
-	public Enumeration elements() {
-		throw new UnsupportedOperationException("This method has been removed for security.");
-	}
-
-	/**
-	 * This method has been overridden to only accept Strings for key and value, and to encrypt
-	 * those Strings before storing them. Outside classes should always use {@code setProperty}
-	 * to add values to the Properties map. If an outside class does erroneously call this method 
-	 * with non-String parameters an {@code IllegalArgumentException} will be thrown.
-	 *
-	 * @param key	A String key to add
-	 * @param value A String value to add
-	 * @return		The old value associated with the specified key, or {@code null}
-     *				if the key did not exist.
-	 */
-	@Override
-	public synchronized Object put(Object key, Object value) {
-		//if java.util.Properties is calling this method, just forward to the implementation in
-		//the superclass (java.util.Hashtable)
-		Throwable t = new Throwable();
-		for (StackTraceElement trace : t.getStackTrace()) {
-			if ("java.util.Properties".equals(trace.getClassName()) ) return super.put(key, value);
-		}
-
-		//otherwise, if both arguments are Strings, encrypt and store them
-		if (key instanceof String && value instanceof String) return setProperty((String)key, (String)value);
-
-		//other Object types are not allowed
-		throw new IllegalArgumentException("This method has been overridden to only accept Strings for key and value.");
-	}
-
-	/**
-	 * This method has been overridden to not print out the keys and values stored in this properties file.
-	 *
-	 * @return The minimal String representation of this class, as per java.lang.Object.
-	 */
-	@Override
-	public String toString() {
-		return getClass().getName() + "@" + Integer.toHexString(hashCode());
-	}
+    /**
+     * serverVersionUID; use format of YYYYMMDD.
+     */
+    private static final long serialVersionUID = 20120718L;
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger(this.getClass());
+
+    private static final String[] GET_ERROR_MESSAGES = new String[]{
+        ": failed decoding from base64",
+        ": failed to deserialize properly",
+        ": failed to decrypt properly"
+    };
+
+    private static final String[] SET_ERROR_MESSAGES = new String[]{
+        ": failed to encrypt properly",
+        ": failed to serialize correctly",
+        ": failed to base64-encode properly",
+        ": failed to set base64-encoded value as property. Illegal key name?"
+    };
+
+    /**
+     * Instantiates a new encrypted properties.
+     */
+    public ReferenceEncryptedProperties() {
+        super();
+    }
+
+    public ReferenceEncryptedProperties(Properties defaults) {
+        super();
+
+        for (Object oKey : defaults.keySet()) {
+            String key        = (oKey instanceof String) ? (String)oKey : oKey.toString();
+            String value    = defaults.getProperty(key);
+
+            this.setProperty(key, value);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws EncryptionRuntimeException Thrown if decryption fails.
+     */
+    @Override
+    public synchronized String getProperty(String key) throws EncryptionRuntimeException {
+        int progressMark = 0;
+        try {
+            String encryptedValue = super.getProperty(key);
+
+            if(encryptedValue==null)
+                return null;
+
+            progressMark = 0;
+            byte[] serializedCiphertext   = ESAPI.encoder().decodeFromBase64(encryptedValue);
+            progressMark++;
+            CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(serializedCiphertext);
+            progressMark++;
+            PlainText plaintext           = ESAPI.encryptor().decrypt(restoredCipherText);
+
+            return plaintext.toString();
+        } catch (Exception e) {
+            throw new EncryptionRuntimeException("Property retrieval failure",
+                                                 "Couldn't retrieve encrypted property for property " + key +
+                                                 GET_ERROR_MESSAGES[progressMark], e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws EncryptionRuntimeException Thrown if decryption fails.
+     */
+    @Override
+    public synchronized String getProperty(String key, String defaultValue) throws EncryptionRuntimeException {
+        String value = getProperty(key);
+
+        if (value == null) return defaultValue;
+
+        return value;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws EncryptionRuntimeException Thrown if encryption fails.
+     */
+    @Override
+    public synchronized String setProperty(String key, String value) throws EncryptionRuntimeException {
+        int progressMark = 0;
+        try {
+            if ( key == null ) {
+                throw new NullPointerException("Property name may not be null.");
+            }
+            if ( value == null ) {
+                throw new NullPointerException("Property value may not be null.");
+            }
+            // NOTE: Not backward compatible w/ ESAPI 1.4.
+            PlainText pt = new PlainText(value);
+            CipherText ct = ESAPI.encryptor().encrypt(pt);
+            progressMark++;
+            byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
+            progressMark++;
+            String b64str = ESAPI.encoder().encodeForBase64(serializedCiphertext, false);
+            progressMark++;
+            return (String)super.put(key, b64str);
+        } catch (Exception e) {
+            throw new EncryptionRuntimeException("Property setting failure",
+                                          "Couldn't set encrypted property " + key +
+                                          SET_ERROR_MESSAGES[progressMark], e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws IOException Thrown if input stream invalid or does not
+     *                        correspond to Java properties file format.
+     */
+    @Override
+    public void load(InputStream in) throws IOException {
+        super.load(in);
+        logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * For JDK 1.5 compatibility, this method has been overridden convert the Reader
+     * into an InputStream and call the superclass constructor.
+     *
+     * @throws IOException Thrown if {@code Reader} input stream invalid or does not
+     *                        correspond to Java properties file format.
+     */
+    public void load(Reader in) throws IOException {
+
+        if (in == null) return;
+
+        //read from the reader into a StringBuffer
+        char[] cbuf                = new char[65536];
+        BufferedReader buff        = new BufferedReader(in);
+        StringBuilder contents    = new StringBuilder();
+
+        int read_this_time = 0;
+        while (read_this_time != -1) {
+            read_this_time = buff.read(cbuf, 0, 65536);
+            if (read_this_time > 0) contents.append(cbuf, 0, read_this_time);
+        }
+
+        //create a new InputStream from the StringBuffer
+        InputStream is = new ByteArrayInputStream(contents.toString().getBytes());
+
+        super.load(is);
+        logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
+    }
+
+    /**
+     * This method has been overridden to throw an {@code UnsupportedOperationException}
+     */
+    @Override
+    public void list(PrintStream out) {
+        throw new UnsupportedOperationException("This method has been removed for security.");
+    }
+
+    /**
+     * This method has been overridden to throw an {@code UnsupportedOperationException}
+     */
+    @Override
+    public void list(PrintWriter out) {
+        throw new UnsupportedOperationException("This method has been removed for security.");
+    }
+
+    /**
+     * This method has been overridden to throw an {@code UnsupportedOperationException}
+     */
+    @SuppressWarnings({ "unchecked", "rawtypes" })
+    @Override
+    public Collection values() {
+        throw new UnsupportedOperationException("This method has been removed for security.");
+    }
+
+    /**
+     * This method has been overridden to throw an {@code UnsupportedOperationException}
+     */
+    @SuppressWarnings({ "unchecked", "rawtypes" })
+    @Override
+    public Set entrySet() {
+        throw new UnsupportedOperationException("This method has been removed for security.");
+    }
+
+    /**
+     * This method has been overridden to throw an {@code UnsupportedOperationException}
+     */
+    @SuppressWarnings({ "unchecked", "rawtypes" })
+    @Override
+    public Enumeration elements() {
+        throw new UnsupportedOperationException("This method has been removed for security.");
+    }
+
+    /**
+     * This method has been overridden to only accept Strings for key and value, and to encrypt
+     * those Strings before storing them. Outside classes should always use {@code setProperty}
+     * to add values to the Properties map. If an outside class does erroneously call this method
+     * with non-String parameters an {@code IllegalArgumentException} will be thrown.
+     *
+     * @param key    A String key to add
+     * @param value A String value to add
+     * @return        The old value associated with the specified key, or {@code null}
+     *                if the key did not exist.
+     */
+    @Override
+    public synchronized Object put(Object key, Object value) {
+        //if java.util.Properties is calling this method, just forward to the implementation in
+        //the superclass (java.util.Hashtable)
+        Throwable t = new Throwable();
+        for (StackTraceElement trace : t.getStackTrace()) {
+            if ("java.util.Properties".equals(trace.getClassName()) ) return super.put(key, value);
+        }
+
+        //otherwise, if both arguments are Strings, encrypt and store them
+        if (key instanceof String && value instanceof String) return setProperty((String)key, (String)value);
+
+        //other Object types are not allowed
+        throw new IllegalArgumentException("This method has been overridden to only accept Strings for key and value.");
+    }
+
+    /**
+     * This method has been overridden to not print out the keys and values stored in this properties file.
+     *
+     * @return The minimal String representation of this class, as per java.lang.Object.
+     */
+    @Override
+    public String toString() {
+        return getClass().getName() + "@" + Integer.toHexString(hashCode());
+    }
 
 }
diff --git a/src/main/java/org/owasp/esapi/reference/package.html b/src/main/java/org/owasp/esapi/reference/package.html
index 0e110cb91..e1fe0b048 100644
--- a/src/main/java/org/owasp/esapi/reference/package.html
+++ b/src/main/java/org/owasp/esapi/reference/package.html
@@ -5,11 +5,11 @@
 
 <body bgcolor="white">
 
-This package contains reference implementations of the ESAPI interfaces. These are intended to
-serve as examples of how your enterprise might implement these functions. The reference implementations
-are high quality and pass all of the ESAPI test cases. Many of the reference implementations are
-likely to be useful in your enterprise without change (Validator, Encoder, Encryptor, etc...).
-Implementing other classes (Authenticator, User, AccessController, Logger, etc...) will likely need to
+This package contains reference implementations of the ESAPI interfaces. These are intended to
+serve as examples of how your enterprise might implement these functions. The reference implementations
+are high quality and pass all of the ESAPI test cases. Many of the reference implementations are
+likely to be useful in your enterprise without change (Validator, Encoder, Encryptor, etc...).
+Implementing other classes (Authenticator, User, AccessController, Logger, etc...) will likely need to
 be customized for your enterprise, to integrate with your backend systems and policies.
 
 </body>
diff --git a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
index 1929ff02a..b9251198c 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
@@ -1,198 +1,202 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-
-import java.util.HashSet;
-import java.util.Set;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.ValidationRule;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * A ValidationRule performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public abstract class BaseValidationRule implements ValidationRule {
-
-	private String typeName = null;
-	protected boolean allowNull = false;
-	protected Encoder encoder = null;
-	
-	private BaseValidationRule() {
-		// prevent use of no-arg constructor
-	}
-	
-	public BaseValidationRule( String typeName ) {
-		this();
-		setEncoder( ESAPI.encoder() );
-		setTypeName( typeName );
-	}
-	
-	public BaseValidationRule( String typeName, Encoder encoder ) {
-		this();
-		setEncoder( encoder );
-		setTypeName( typeName );
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public void setAllowNull( boolean flag ) {
-		allowNull = flag;
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public String getTypeName() {
-		return typeName;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public final void setTypeName( String typeName ) {
-		this.typeName = typeName;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public final void setEncoder( Encoder encoder ) {
-		this.encoder = encoder;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public void assertValid( String context, String input ) throws ValidationException {
-		getValid( context, input, null );
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public Object getValid( String context, String input, ValidationErrorList errorList ) throws ValidationException {
-		Object valid = null;
-		try {
-			valid = getValid( context, input );
-		} catch (ValidationException e) {
-			errorList.addError(context, e);
-		}
-		return valid;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public Object getSafe( String context, String input ) {
-		Object valid = null;
-		try {
-			valid = getValid( context, input );
-		} catch ( ValidationException e ) {
-			return sanitize( context, input );
-		}
-		return valid;
-	}
-
-	/**
-	 * The method is similar to ValidationRuile.getSafe except that it returns a
-	 * harmless object that <b>may or may not have any similarity to the original
-	 * input (in some cases you may not care)</b>. In most cases this should be the
-	 * same as the getSafe method only instead of throwing an exception, return
-	 * some default value.
-	 * 
-	 * @param context
-	 * @param input
-	 * @return a parsed version of the input or a default value.
-	 */
-	protected abstract Object sanitize( String context, String input );
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public boolean isValid( String context, String input ) {
-		boolean valid = false;
-		try {
-			getValid( context, input );
-			valid = true;
-		} catch( Exception e ) {
-			valid = false;
-		}
-		
-		return valid;
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public String whitelist( String input, char[] whitelist) {
-		return whitelist(input, charArrayToSet(whitelist));
-	}
-	
-	/**
-	 * Removes characters that aren't in the whitelist from the input String.  
-	 * O(input.length) whitelist performance
-	 * @param input String to be sanitized
-	 * @param whitelist allowed characters
-	 * @return input stripped of all chars that aren't in the whitelist 
-	 */
-	public String whitelist( String input, Set<Character> whitelist) {
-		StringBuilder stripped = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			if (whitelist.contains(c)) {
-				stripped.append(c);
-			}
-		}
-		return stripped.toString();
-	}
-	
-	// CHECKME should be moved to some utility class (Would potentially be used by new EncoderConstants class)
-	// Is there a standard way to convert an array of primitives to a Collection
-	/**
-	 * Convert an array of characters to a {@code Set<Character>} (so duplicates
-	 * are removed).
-	 * @param array The character array.
-	 * @return A {@code Set<Character>} of the unique characters from {@code array}
-	 *         is returned.
-	 */
-	public static Set<Character> charArrayToSet(char[] array) {
-		Set<Character> toReturn = new HashSet<Character>(array.length);
-		for (char c : array) {
-			toReturn.add(c);
-		}
-		return toReturn;
-	}
-	
-	public boolean isAllowNull() {
-		return allowNull;
-	}
-
-	public Encoder getEncoder() {
-		return encoder;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * A ValidationRule performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public abstract class BaseValidationRule implements ValidationRule {
+
+    private String typeName = null;
+    protected boolean allowNull = false;
+    protected Encoder encoder = null;
+
+    private BaseValidationRule() {
+        // prevent use of no-arg constructor
+    }
+
+    public BaseValidationRule( String typeName ) {
+        this();
+        setEncoder( ESAPI.encoder() );
+        setTypeName( typeName );
+    }
+
+    public BaseValidationRule( String typeName, Encoder encoder ) {
+        this();
+        setEncoder( encoder );
+        setTypeName( typeName );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setAllowNull( boolean flag ) {
+        allowNull = flag;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getTypeName() {
+        return typeName;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public final void setTypeName( String typeName ) {
+        this.typeName = typeName;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public final void setEncoder( Encoder encoder ) {
+        this.encoder = encoder;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void assertValid( String context, String input ) throws ValidationException {
+        getValid( context, input );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Object getValid( String context, String input, ValidationErrorList errorList ) throws ValidationException {
+        Object valid = null;
+        try {
+            valid = getValid( context, input );
+        } catch (ValidationException e) {
+            if( errorList == null) {
+                throw e;
+            } else {
+                errorList.addError(context, e);
+            }
+        }
+        return valid;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Object getSafe( String context, String input ) {
+        Object valid = null;
+        try {
+            valid = getValid( context, input );
+        } catch ( ValidationException e ) {
+            return sanitize( context, input );
+        }
+        return valid;
+    }
+
+    /**
+     * The method is similar to ValidationRuile.getSafe except that it returns a
+     * harmless object that <b>may or may not have any similarity to the original
+     * input (in some cases you may not care)</b>. In most cases this should be the
+     * same as the getSafe method only instead of throwing an exception, return
+     * some default value.
+     *
+     * @param context
+     * @param input
+     * @return a parsed version of the input or a default value.
+     */
+    protected abstract Object sanitize( String context, String input );
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isValid( String context, String input ) {
+        boolean valid = false;
+        try {
+            getValid( context, input );
+            valid = true;
+        } catch( Exception e ) {
+            valid = false;
+        }
+
+        return valid;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String whitelist( String input, char[] whitelist) {
+        return whitelist(input, charArrayToSet(whitelist));
+    }
+
+    /**
+     * Removes characters that aren't in the whitelist from the input String.
+     * O(input.length) whitelist performance
+     * @param input String to be sanitized
+     * @param whitelist allowed characters
+     * @return input stripped of all chars that aren't in the whitelist
+     */
+    public String whitelist( String input, Set<Character> whitelist) {
+        StringBuilder stripped = new StringBuilder();
+        for (int i = 0; i < input.length(); i++) {
+            char c = input.charAt(i);
+            if (whitelist.contains(c)) {
+                stripped.append(c);
+            }
+        }
+        return stripped.toString();
+    }
+
+    // CHECKME should be moved to some utility class (Would potentially be used by new EncoderConstants class)
+    // Is there a standard way to convert an array of primitives to a Collection
+    /**
+     * Convert an array of characters to a {@code Set<Character>} (so duplicates
+     * are removed).
+     * @param array The character array.
+     * @return A {@code Set<Character>} of the unique characters from {@code array}
+     *         is returned.
+     */
+    public static Set<Character> charArrayToSet(char[] array) {
+        Set<Character> toReturn = new HashSet<Character>(array.length);
+        for (char c : array) {
+            toReturn.add(c);
+        }
+        return toReturn;
+    }
+
+    public boolean isAllowNull() {
+        return allowNull;
+    }
+
+    public Encoder getEncoder() {
+        return encoder;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java
index 86f7d4c52..1e82c0e9a 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java
@@ -1,165 +1,165 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.util.regex.Pattern;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * A validator performs syntax and possibly semantic validation of Credit Card
- * String from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class CreditCardValidationRule extends BaseValidationRule {
-	private int maxCardLength = 19;
-	
-	/**
-	 * Key used to pull out encoder in configuration.  Prefixed with "Validator."
-	 */
-	protected static final String CREDIT_CARD_VALIDATOR_KEY = "CreditCard";
-	
-	private StringValidationRule ccrule = null; 
-	
-	/**
-	 * Creates a CreditCardValidator using the rule found in security configuration
-	 * @param typeName a description of the type of card being validated
-	 * @param encoder
-	 */
-	public CreditCardValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-		ccrule = readDefaultCreditCardRule();
-	}
-	
-	public CreditCardValidationRule( String typeName, Encoder encoder, StringValidationRule validationRule ) {
-		super( typeName, encoder );
-		ccrule = validationRule;
-	}
-
-	private StringValidationRule readDefaultCreditCardRule() {
-		Pattern p = ESAPI.securityConfiguration().getValidationPattern( CREDIT_CARD_VALIDATOR_KEY );
-		StringValidationRule ccr = new StringValidationRule( "ccrule", encoder, p.pattern() );
-		ccr.setMaximumLength(getMaxCardLength());
-		ccr.setAllowNull( false );
-		return ccr;
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	public String getValid( String context, String input ) throws ValidationException {
-		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + ": Input credit card required", "Input credit card required: context=" + context + ", input=" + input, context );
-	    }
-	    
-	    String canonical = ccrule.getValid( context, input );
-
-		if( ! validCreditCardFormat(canonical)) {
-			throw new ValidationException( context + ": Invalid credit card input", "Invalid credit card input: context=" + context, context );
-		}
-		
-		return canonical;	    
-	}
-
-	/**
-	 * Performs additional validation on the card nummber.
-	 * This implementation performs Luhn algorithm checking
-	 * @param ccNum number to be validated
-	 * @return true if the ccNum passes the Luhn Algorithm
-	 */
-	protected boolean validCreditCardFormat(String ccNum) {
-		
-	    StringBuilder digitsOnly = new StringBuilder();
-		char c;
-		for (int i = 0; i < ccNum.length(); i++) {
-			c = ccNum.charAt(i);
-			if (Character.isDigit(c)) {
-				digitsOnly.append(c);
-			}
-		}
-	
-		int sum = 0;
-		int digit = 0;
-		int addend = 0;
-		boolean timesTwo = false;
-	
-		for (int i = digitsOnly.length() - 1; i >= 0; i--) {
-			// guaranteed to be an int
-			digit = Integer.valueOf(digitsOnly.substring(i, i + 1));
-			if (timesTwo) {
-				addend = digit * 2;
-				if (addend > 9) {
-					addend -= 9;
-				}
-			} else {
-				addend = digit;
-			}
-			sum += addend;
-			timesTwo = !timesTwo;
-		}
-
-		return sum % 10 == 0; 
-	
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public String sanitize( String context, String input ) {
-		return whitelist( input, EncoderConstants.CHAR_DIGITS );
-	}
-
-	/**
-	 * @param ccrule the ccrule to set
-	 */
-	public void setStringValidatorRule(StringValidationRule ccrule) {
-		this.ccrule = ccrule;
-	}
-
-	/**
-	 * @return the ccrule
-	 */
-	public StringValidationRule getStringValidatorRule() {
-		return ccrule;
-	}
-
-	/**
-	 * @param maxCardLength the maxCardLength to set
-	 */
-	public void setMaxCardLength(int maxCardLength) {
-		this.maxCardLength = maxCardLength;
-	}
-
-	/**
-	 * @return the maxCardLength
-	 */
-	public int getMaxCardLength() {
-		return maxCardLength;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.util.regex.Pattern;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * A validator performs syntax and possibly semantic validation of Credit Card
+ * String from an untrusted source.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class CreditCardValidationRule extends BaseValidationRule {
+    private int maxCardLength = 19;
+
+    /**
+     * Key used to pull out encoder in configuration.  Prefixed with "Validator."
+     */
+    protected static final String CREDIT_CARD_VALIDATOR_KEY = "CreditCard";
+
+    private StringValidationRule ccrule = null;
+
+    /**
+     * Creates a CreditCardValidator using the rule found in security configuration
+     * @param typeName a description of the type of card being validated
+     * @param encoder
+     */
+    public CreditCardValidationRule( String typeName, Encoder encoder ) {
+        super( typeName, encoder );
+        ccrule = readDefaultCreditCardRule();
+    }
+
+    public CreditCardValidationRule( String typeName, Encoder encoder, StringValidationRule validationRule ) {
+        super( typeName, encoder );
+        ccrule = validationRule;
+    }
+
+    private StringValidationRule readDefaultCreditCardRule() {
+        Pattern p = ESAPI.securityConfiguration().getValidationPattern( CREDIT_CARD_VALIDATOR_KEY );
+        StringValidationRule ccr = new StringValidationRule( "ccrule", encoder, p.pattern() );
+        ccr.setMaximumLength(getMaxCardLength());
+        ccr.setAllowNull( false );
+        return ccr;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getValid( String context, String input ) throws ValidationException {
+        // CHECKME should this allow empty Strings? "   " us IsBlank instead?
+        if ( StringUtilities.isEmpty(input) ) {
+            if (allowNull) {
+                return null;
+            }
+            throw new ValidationException( context + ": Input credit card required", "Input credit card required: context=" + context + ", input=" + input, context );
+        }
+
+        String canonical = ccrule.getValid( context, input );
+
+        if( ! validCreditCardFormat(canonical)) {
+            throw new ValidationException( context + ": Invalid credit card input", "Invalid credit card input: context=" + context, context );
+        }
+
+        return canonical;
+    }
+
+    /**
+     * Performs additional validation on the card nummber.
+     * This implementation performs Luhn algorithm checking
+     * @param ccNum number to be validated
+     * @return true if the ccNum passes the Luhn Algorithm
+     */
+    protected boolean validCreditCardFormat(String ccNum) {
+
+        StringBuilder digitsOnly = new StringBuilder();
+        char c;
+        for (int i = 0; i < ccNum.length(); i++) {
+            c = ccNum.charAt(i);
+            if (Character.isDigit(c)) {
+                digitsOnly.append(c);
+            }
+        }
+
+        int sum = 0;
+        int digit = 0;
+        int addend = 0;
+        boolean timesTwo = false;
+
+        for (int i = digitsOnly.length() - 1; i >= 0; i--) {
+            // guaranteed to be an int
+            digit = Integer.valueOf(digitsOnly.substring(i, i + 1));
+            if (timesTwo) {
+                addend = digit * 2;
+                if (addend > 9) {
+                    addend -= 9;
+                }
+            } else {
+                addend = digit;
+            }
+            sum += addend;
+            timesTwo = !timesTwo;
+        }
+
+        return sum % 10 == 0;
+
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String sanitize( String context, String input ) {
+        return whitelist( input, EncoderConstants.CHAR_DIGITS );
+    }
+
+    /**
+     * @param ccrule the ccrule to set
+     */
+    public void setStringValidatorRule(StringValidationRule ccrule) {
+        this.ccrule = ccrule;
+    }
+
+    /**
+     * @return the ccrule
+     */
+    public StringValidationRule getStringValidatorRule() {
+        return ccrule;
+    }
+
+    /**
+     * @param maxCardLength the maxCardLength to set
+     */
+    public void setMaxCardLength(int maxCardLength) {
+        this.maxCardLength = maxCardLength;
+    }
+
+    /**
+     * @return the maxCardLength
+     */
+    public int getMaxCardLength() {
+        return maxCardLength;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
index 7e66b207c..340800409 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
@@ -1,106 +1,123 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.text.DateFormat;
-import java.util.Date;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class DateValidationRule extends BaseValidationRule {
-	private DateFormat format = DateFormat.getDateInstance();
-	
-	public DateValidationRule( String typeName, Encoder encoder, DateFormat newFormat ) {
-		super( typeName, encoder );      
-		setDateFormat( newFormat );
-	}
-	
-    public final void setDateFormat( DateFormat newFormat ) {
-        if (newFormat == null) {
-			throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat");
-		}
-    	// CHECKME fail fast?
-/*		
-  		try {
-			newFormat.parse(new Date());
-		} catch (ParseException e) {
-			throw new IllegalArgumentException(e);
-		}
-*/
-        this.format = newFormat;
-        this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-	public Date getValid( String context, String input ) throws ValidationException {
-		return safelyParse(context, input);
-	}
-
-    /**
-     * {@inheritDoc}
-     * 
-     * Calls sanitize(String, String, DateFormat) with DateFormat.getInstance()
-     */
-	@Override
-	public Date sanitize( String context, String input )  {
-		Date date = new Date(0);
-		try {
-			date = safelyParse(context, input);
-		} catch (ValidationException e) {
-			// do nothing
-	    }
-		return date;
-	}
-	    
-	private Date safelyParse(String context, String input)
-			throws ValidationException {
-		// CHECKME should this allow empty Strings? "   " use IsBlank instead?
-		if (StringUtilities.isEmpty(input)) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException(context + ": Input date required",
-					"Input date required: context=" + context + ", input="
-							+ input, context);
-		}
-
-	    String canonical = encoder.canonicalize(input);
-
-		try {
-			return format.parse(canonical);
-		} catch (Exception e) {
-			throw new ValidationException(context
-					+ ": Invalid date must follow the "
-					+ format.getNumberFormat() + " format",
-					"Invalid date: context=" + context + ", format=" + format
-							+ ", input=" + input, e, context);
-		}
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.text.DateFormat;
+import java.util.Date;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class DateValidationRule extends BaseValidationRule {
+    private DateFormat format = DateFormat.getDateInstance();
+
+    public DateValidationRule( String typeName, Encoder encoder, DateFormat newFormat ) {
+        super( typeName, encoder );
+        setDateFormat( newFormat );
+    }
+
+    public final void setDateFormat( DateFormat newFormat ) {
+        if (newFormat == null) {
+            throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat");
+        }
+        // CHECKME fail fast?
+/*
+          try {
+            newFormat.parse(new Date());
+        } catch (ParseException e) {
+            throw new IllegalArgumentException(e);
+        }
+*/
+        this.format = newFormat;
+        this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Date getValid( String context, String input ) throws ValidationException {
+        return safelyParse(context, input, false);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Date sanitize( String context, String input )  {
+        return sanitize(context, input, null);
+    }
+
+    /**
+     * Same as sanitize(String, String) except it returns any ValidationException generated in the provided errorList.
+     *
+     *   @param errorList The error list to add any ValidationException to.
+     *   @return The valid sanitized Date, or Date(0) if the supplied input was not a valid date.
+     */
+    public Date sanitize( String context, String input, ValidationErrorList errorList )  {
+        Date date = new Date(0);
+        try {
+            date = safelyParse(context, input, true);
+        } catch (ValidationException e) {
+            if (errorList != null) {
+                errorList.addError(context, e);
+            }
+        }
+        return date;
+    }
+
+    private Date safelyParse(String context, String input, boolean sanitize)
+            throws ValidationException {
+        // CHECKME should this allow empty Strings? "   " use IsBlank instead?
+        if (StringUtilities.isEmpty(input)) {
+            if (allowNull) {
+                return null;
+            }
+            throw new ValidationException(context + ": Input date required",
+                    "Input date required: context=" + context + ", input="
+                            + input, context);
+        }
+
+         String canonical = encoder.canonicalize(input);
+            try {
+                Date rval = format.parse(canonical);
+                if (sanitize) {
+                    String cycled = format.format(rval);
+                    if (!cycled.equals(canonical)) {
+                        throw new Exception("Parameter date is not a clean translation between String and Date contexts.  Check input for additional characters");
+                    }
+                }
+                return rval;
+        } catch (Exception e) {
+            throw new ValidationException(context
+                    + ": Invalid date must follow the "
+                    + format.getNumberFormat() + " format",
+                    "Invalid date: context=" + context + ", format=" + format
+                            + ", input=" + input, e, context);
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index e08e2b0f5..87de340d5 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -1,129 +1,262 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-
-import org.owasp.esapi.errors.ConfigurationException;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.validator.html.AntiSamy;
-import org.owasp.validator.html.CleanResults;
-import org.owasp.validator.html.Policy;
-import org.owasp.validator.html.PolicyException;
-import org.owasp.validator.html.ScanException;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class HTMLValidationRule extends StringValidationRule {
-	
-	/** OWASP AntiSamy markup verification policy */
-	private static Policy antiSamyPolicy = null;
-	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" ); 
-	
-	static {
-        InputStream resourceStream = null;
-		try {
-			resourceStream = ESAPI.securityConfiguration().getResourceStream("antisamy-esapi.xml");
-		} catch (IOException e) {
-			throw new ConfigurationException("Couldn't find antisamy-esapi.xml", e);
-	            }
-        if (resourceStream != null) {
-        	try {
-				antiSamyPolicy = Policy.getInstance(resourceStream);
-			} catch (PolicyException e) {
-				throw new ConfigurationException("Couldn't parse antisamy policy", e);
-		        }
-			}
-		}
-
-	public HTMLValidationRule( String typeName ) {
-		super( typeName );
-	}
-	
-	public HTMLValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public HTMLValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
-		super( typeName, encoder, whitelistPattern );
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public String getValid( String context, String input ) throws ValidationException {
-		return invokeAntiSamy( context, input );
-	}
-		
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public String sanitize( String context, String input ) {
-		String safe = "";
-		try {
-			safe = invokeAntiSamy( context, input );
-		} catch( ValidationException e ) {
-			// just return safe
-		}
-		return safe;
-	}
-
-	private String invokeAntiSamy( String context, String input ) throws ValidationException {
-		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + " is required", "AntiSamy validation error: context=" + context + ", input=" + input, context );
-	    }
-	    
-		String canonical = super.getValid( context, input );
-
-		try {
-			AntiSamy as = new AntiSamy();
-			CleanResults test = as.scan(canonical, antiSamyPolicy);
-			
-			List<String> errors = test.getErrorMessages();
-			if ( !errors.isEmpty() ) {
-				LOGGER.info( Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errors );
-			}
-			
-			return test.getCleanHTML().trim();
-			
-		} catch (ScanException e) {
-			throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input: context=" + context + " error=" + e.getMessage(), e, context );
-		} catch (PolicyException e) {
-			throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " error=" + e.getMessage(), e, context );
-		}
-	}
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.List;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.PropNames.DefaultSearchPath;
+import static org.owasp.esapi.PropNames.VALIDATOR_HTML_VALIDATION_ACTION;
+import static org.owasp.esapi.PropNames.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE;
+
+import org.owasp.validator.html.AntiSamy;
+import org.owasp.validator.html.CleanResults;
+import org.owasp.validator.html.Policy;
+import org.owasp.validator.html.PolicyException;
+import org.owasp.validator.html.ScanException;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class HTMLValidationRule extends StringValidationRule {
+
+    /** OWASP AntiSamy markup verification policy */
+    private static Policy antiSamyPolicy = null;
+    private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" );
+    private static final String ANTISAMYPOLICY_FILENAME = "antisamy-esapi.xml";
+
+    /*package */ static InputStream getResourceStreamFromClassLoader(String contextDescription, ClassLoader classLoader, String fileName, List<String> searchPaths) {
+        InputStream result = null;
+
+        for (String searchPath: searchPaths) {
+            result = classLoader.getResourceAsStream(searchPath + fileName);
+
+            if (result != null) {
+                LOGGER.info(Logger.EVENT_SUCCESS, "SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" +
+                        searchPath + "' using " + contextDescription + "!");
+                    break;
+            }
+        }
+
+        return result;
+    }
+
+    /*package */ static InputStream getResourceStreamFromClasspath(String fileName) {
+        LOGGER.info(Logger.EVENT_FAILURE, "Loading " + fileName + " from classpaths");
+
+        InputStream resourceStream = null;
+
+        List<String> orderedSearchPaths = Arrays.asList(DefaultSearchPath.ROOT.value(),
+                DefaultSearchPath.RESOURCE_DIRECTORY.value(),
+                DefaultSearchPath.DOT_ESAPI.value(),
+                DefaultSearchPath.ESAPI.value(),
+                DefaultSearchPath.RESOURCES.value(),
+                DefaultSearchPath.SRC_MAIN_RESOURCES.value());
+
+        resourceStream = getResourceStreamFromClassLoader("current thread context class loader", Thread.currentThread().getContextClassLoader(), fileName, orderedSearchPaths);
+
+        //I'm lazy. Using ternary for shorthand "if null then do next thing"  Harder to read, sorry
+        resourceStream = resourceStream != null ? resourceStream : getResourceStreamFromClassLoader("system class loader", ClassLoader.getSystemClassLoader(), fileName, orderedSearchPaths);
+        resourceStream = resourceStream != null ? resourceStream : getResourceStreamFromClassLoader("class loader for DefaultSecurityConfiguration class", ESAPI.securityConfiguration().getClass().getClassLoader(), fileName, orderedSearchPaths);
+
+        return resourceStream;
+    }
+
+    /*package */ static Policy loadAntisamyPolicy(String antisamyPolicyFilename) throws IOException, PolicyException {
+        InputStream resourceStream = null;
+        SecurityConfiguration secCfg = ESAPI.securityConfiguration();
+
+        //Rather than catching the IOException from the resource stream, let's ask if the file exists to give this a best-case resolution.
+        //This helps with the IOException handling too.  If the file is there and we get an IOException from the SecurityConfiguration, then the file is there and something else is wrong (FAIL -- don't try the other path)
+        File file = secCfg.getResourceFile(antisamyPolicyFilename);
+
+        resourceStream = file == null ? getResourceStreamFromClasspath(antisamyPolicyFilename) : secCfg.getResourceStream(antisamyPolicyFilename);
+        return resourceStream == null ? null : Policy.getInstance(resourceStream);
+    }
+
+    /*package */ static String resolveAntisamyFilename() {
+        String antisamyPolicyFilename = ANTISAMYPOLICY_FILENAME;
+        try {
+            antisamyPolicyFilename = ESAPI.securityConfiguration().getStringProp( VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE );
+        } catch (ConfigurationException cex) {
+
+            LOGGER.info(Logger.EVENT_FAILURE, "ESAPI property " +
+                           VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE +
+                           " not set, using default value: " + ANTISAMYPOLICY_FILENAME);
+        }
+        return antisamyPolicyFilename;
+    }
+
+    /*package */ static void configureInstance() {
+        String antisamyPolicyFilename = resolveAntisamyFilename();
+
+        try {
+            antiSamyPolicy = loadAntisamyPolicy(antisamyPolicyFilename);
+        } catch (IOException ioe) {
+            //Thrown if file is found by SecurityConfiguration, but a stream cannot be generated.
+            throw new ConfigurationException("Failed to load file from SecurityConfiguration context: " + antisamyPolicyFilename, ioe);
+        } catch (PolicyException e) {
+            //Thrown if the resource stream was created, but the contents of the file are not compatible with antisamy expectations.
+            throw new ConfigurationException("Couldn't parse " + antisamyPolicyFilename, e);
+        }
+
+        if (antiSamyPolicy == null) {
+            throw new ConfigurationException("Couldn't find " + antisamyPolicyFilename);
+        }
+
+    }
+
+    static {
+        configureInstance();
+    }
+
+    public HTMLValidationRule( String typeName ) {
+        super( typeName );
+    }
+
+    public HTMLValidationRule( String typeName, Encoder encoder ) {
+        super( typeName, encoder );
+    }
+
+    public HTMLValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
+        super( typeName, encoder, whitelistPattern );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getValid( String context, String input ) throws ValidationException {
+        return invokeAntiSamy( context, input );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String sanitize( String context, String input ) {
+        String safe = "";
+        try {
+            safe = invokeAntiSamy( context, input );
+        } catch( ValidationException e ) {
+            // just return safe
+        }
+        return safe;
+    }
+
+    /**
+     * Check whether we want the legacy behavior ("clean") or the presumably intended
+     * behavior of "throw" for how to treat unsafe HTML input when AntiSamy is invoked.
+     * This admittedly is an UGLY hack to ensure that issue 509 and its corresponding
+     * fix in PR #510 does not break existing developer's existing code. Full
+     * details are described in GitHub issue 521.
+     *
+     * Checks new ESAPI property "Validator.HtmlValidationAction". A value of "clean"
+     * means to revert to legacy behavior. A value of "throw" means to use the new
+     * behavior as implemented in GitHub issue 509.
+     *
+     * @return false - If  "Validator.HtmlValidationAction" is set to "throw". Otherwise {@code true}.
+     * @since 2.2.1.0
+     */
+    private boolean legacyHtmlValidation() {
+        boolean legacy = true;          // Make legacy support the default behavior for backward compatibility.
+        String propValue = "clean";     // For legacy support.
+        try {
+            // DISCUSS:
+            // Hindsight: maybe we should have getBooleanProp(), getStringProp(),
+            // getIntProp() methods that take a default arg as well?
+            // At least for ESAPI 3.x.
+            propValue = ESAPI.securityConfiguration().getStringProp( VALIDATOR_HTML_VALIDATION_ACTION );
+            switch ( propValue.toLowerCase() ) {
+                case "throw":
+                    legacy = false;     // New, presumably correct behavior, as addressed by GitHub issue 509
+                    break;
+                case "clean":
+                    legacy = true;      // Give the caller that legacy behavior of sanitizing.
+                    break;
+                default:
+                    LOGGER.warning(Logger.EVENT_FAILURE, "ESAPI property " +
+                                   VALIDATOR_HTML_VALIDATION_ACTION +
+                                   " was set to \"" + propValue + "\".  Must be set to either \"clean\"" +
+                                   " (the default for legacy support) or \"throw\"; assuming \"clean\" for legacy behavior.");
+                    legacy = true;
+                    break;
+            }
+        } catch( ConfigurationException cex ) {
+            // OPEN ISSUE: Should we log this? I think so. Convince me otherwise. But maybe
+            //             we should only log it once or every Nth time??
+            LOGGER.warning(Logger.EVENT_FAILURE, "ESAPI property " +
+                           VALIDATOR_HTML_VALIDATION_ACTION +
+                           " must be set to either \"clean\" (the default for legacy support) or \"throw\"; assuming \"clean\"",
+                           cex);
+        }
+
+        return legacy;
+    }
+
+    private String invokeAntiSamy( String context, String input ) throws ValidationException {
+        // CHECKME should this allow empty Strings? "   " use IsBlank instead?
+        if ( StringUtilities.isEmpty(input) ) {
+            if (allowNull) {
+                return null;
+            }
+            throw new ValidationException( context + " is required", "AntiSamy validation error: context=" + context + ", input=" + input, context );
+        }
+
+        String canonical = super.getValid( context, input );
+
+        try {
+            AntiSamy as = new AntiSamy();
+            CleanResults test = as.scan(canonical, antiSamyPolicy);     // Uses AntiSamy.DOM scanner.
+
+            List<String> errors = test.getErrorMessages();
+            if ( !errors.isEmpty() ) {
+                if ( legacyHtmlValidation() ) {        // See GitHub issues 509 and 521
+                    LOGGER.info(Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errors );
+                } else {
+                    throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " errors=" + errors.toString());
+                }
+            }
+
+            return test.getCleanHTML().trim();
+
+        } catch (ScanException e) {
+            throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input: context=" + context + " error=" + e.getMessage(), e, context );
+        } catch (PolicyException e) {
+            throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " error=" + e.getMessage(), e, context );
+        }
+    }
+}
+
diff --git a/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java
index fe011cf46..3137781e3 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java
@@ -1,95 +1,95 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class IntegerValidationRule extends BaseValidationRule {
-	
-	private int minValue = Integer.MIN_VALUE;
-	private int maxValue = Integer.MAX_VALUE;
-	
-	public IntegerValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public IntegerValidationRule( String typeName, Encoder encoder, int minValue, int maxValue ) {
-		super( typeName, encoder );
-		this.minValue = minValue;
-		this.maxValue = maxValue;
-	}
-
-	public Integer getValid( String context, String input ) throws ValidationException {
-		return safelyParse(context, input);
-	}
-
-	private Integer safelyParse(String context, String input) throws ValidationException {
-		// do not allow empty Strings such as "   " - so trim to ensure 
-		// isEmpty catches "    "
-		if (input != null) input = input.trim();
-		
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
-	    }
-	    
-	    // canonicalize
-	    String canonical = encoder.canonicalize( input );
-
-		if (minValue > maxValue) {
-			throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
-		}
-		
-		// validate min and max
-		try {
-			int i = Integer.valueOf(canonical);
-			if (i < minValue) {
-				throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-			}
-			if (i > maxValue) {
-				throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-			}			
-			return i;
-		} catch (NumberFormatException e) {
-			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
-		}
-	}
-
-	@Override
-	public Integer sanitize( String context, String input ) {
-		Integer toReturn = Integer.valueOf( 0 );
-		try {
-			toReturn = safelyParse(context, input);
-		} catch (ValidationException e ) {
-			// do nothing
-		}
-		return toReturn;
-	}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class IntegerValidationRule extends BaseValidationRule {
+
+    private int minValue = Integer.MIN_VALUE;
+    private int maxValue = Integer.MAX_VALUE;
+
+    public IntegerValidationRule( String typeName, Encoder encoder ) {
+        super( typeName, encoder );
+    }
+
+    public IntegerValidationRule( String typeName, Encoder encoder, int minValue, int maxValue ) {
+        super( typeName, encoder );
+        this.minValue = minValue;
+        this.maxValue = maxValue;
+    }
+
+    public Integer getValid( String context, String input ) throws ValidationException {
+        return safelyParse(context, input);
+    }
+
+    private Integer safelyParse(String context, String input) throws ValidationException {
+        // do not allow empty Strings such as "   " - so trim to ensure
+        // isEmpty catches "    "
+        if (input != null) input = input.trim();
+
+        if ( StringUtilities.isEmpty(input) ) {
+            if (allowNull) {
+                return null;
+            }
+            throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
+        }
+
+        // canonicalize
+        String canonical = encoder.canonicalize( input );
+
+        if (minValue > maxValue) {
+            throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
+        }
+
+        // validate min and max
+        try {
+            int i = Integer.valueOf(canonical);
+            if (i < minValue) {
+                throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+            }
+            if (i > maxValue) {
+                throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+            }
+            return i;
+        } catch (NumberFormatException e) {
+            throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
+        }
+    }
+
+    @Override
+    public Integer sanitize( String context, String input ) {
+        Integer toReturn = Integer.valueOf( 0 );
+        try {
+            toReturn = safelyParse(context, input);
+        } catch (ValidationException e ) {
+            // do nothing
+        }
+        return toReturn;
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java
index d6cd8ff66..c19f2ab98 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java
@@ -1,146 +1,146 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.math.BigDecimal;
-
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class NumberValidationRule extends BaseValidationRule {
-	
-	private double minValue = Double.NEGATIVE_INFINITY;
-	private double maxValue = Double.POSITIVE_INFINITY;
-	
-	public NumberValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public NumberValidationRule( String typeName, Encoder encoder, double minValue, double maxValue ) {
-		super( typeName, encoder );
-		this.minValue = minValue;
-		this.maxValue = maxValue;
-	}
-
-    /**
-     * {@inheritDoc}
-     */
-	public Double getValid( String context, String input ) throws ValidationException {
-		return safelyParse(context, input);
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public Double sanitize( String context, String input ) {
-		Double toReturn = Double.valueOf(0);
-		try {
-			toReturn = safelyParse(context, input);
-		} catch (ValidationException e) {
-			// do nothing
-		}
-		return toReturn;
-	}
-	//
-	// These statics needed to detect double parsing DOS bug in Java
-	//
-	private static BigDecimal bigBad;
-	private static BigDecimal smallBad;
-
-	static {
-		
-		BigDecimal one = new BigDecimal(1);
-		BigDecimal two = new BigDecimal(2);
-		
-		BigDecimal tiny = one.divide(two.pow(1022));
-		
-		// 2^(-1022) ­ 2^(-1076)
-		bigBad = tiny.subtract(one.divide(two.pow(1076)));
-		//2^(-1022) ­ 2^(-1075)
-		smallBad = tiny.subtract(one.divide(two.pow(1075)));
-	}	
-
-	private Double safelyParse(String context, String input) throws ValidationException {
-
-		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
-	    }
-	    
-	    // canonicalize
-	    String canonical = encoder.canonicalize( input );
-
-	    //if MinValue is greater than maxValue then programmer is likely calling this wrong
-		if (minValue > maxValue) {
-			throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
-		}
-		
-		//convert to BigDecimal so we can safely parse dangerous numbers to 
-		//check if the number may DOS the double parser
-		BigDecimal bd;
-		try {
-			bd = new BigDecimal(canonical);
-		} catch (NumberFormatException e) {
-			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
-		}
-		
-		// Thanks to Brian Chess for this suggestion
-		// Check if string input is in the "dangerous" double parsing range
-		if (bd.compareTo(smallBad) >= 0 && bd.compareTo(bigBad) <= 0) {
-			// if you get here you know you're looking at a bad value. The final
-			// value for any double in this range is supposed to be the following safe #			
-			return new Double("2.2250738585072014E-308");
-		}
-		
-		// the number is safe to parseDouble
-		Double d;
-		// validate min and max
-		try {
-			d = Double.valueOf(Double.parseDouble( canonical ));
-		} catch (NumberFormatException e) {
-			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
-		}
-	
-		if (d.isInfinite()) {
-			throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is infinite: context=" + context + ", input=" + input, context );
-	}
-		if (d.isNaN()) {
-			throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is not a number: context=" + context + ", input=" + input, context );
-		}
-		if (d.doubleValue() < minValue) {
-			throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-		}
-		if (d.doubleValue() > maxValue) {
-			throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-		}			
-		return d;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.math.BigDecimal;
+
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class NumberValidationRule extends BaseValidationRule {
+
+    private double minValue = Double.NEGATIVE_INFINITY;
+    private double maxValue = Double.POSITIVE_INFINITY;
+
+    public NumberValidationRule( String typeName, Encoder encoder ) {
+        super( typeName, encoder );
+    }
+
+    public NumberValidationRule( String typeName, Encoder encoder, double minValue, double maxValue ) {
+        super( typeName, encoder );
+        this.minValue = minValue;
+        this.maxValue = maxValue;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Double getValid( String context, String input ) throws ValidationException {
+        return safelyParse(context, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Double sanitize( String context, String input ) {
+        Double toReturn = Double.valueOf(0);
+        try {
+            toReturn = safelyParse(context, input);
+        } catch (ValidationException e) {
+            // do nothing
+        }
+        return toReturn;
+    }
+    //
+    // These statics needed to detect double parsing DOS bug in Java
+    //
+    private static BigDecimal bigBad;
+    private static BigDecimal smallBad;
+
+    static {
+
+        BigDecimal one = new BigDecimal(1);
+        BigDecimal two = new BigDecimal(2);
+
+        BigDecimal tiny = one.divide(two.pow(1022));
+
+        // 2^(-1022) ­ 2^(-1076)
+        bigBad = tiny.subtract(one.divide(two.pow(1076)));
+        //2^(-1022) ­ 2^(-1075)
+        smallBad = tiny.subtract(one.divide(two.pow(1075)));
+    }
+
+    private Double safelyParse(String context, String input) throws ValidationException {
+
+        // CHECKME should this allow empty Strings? "   " us IsBlank instead?
+        if ( StringUtilities.isEmpty(input) ) {
+            if (allowNull) {
+                return null;
+            }
+            throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
+        }
+
+        // canonicalize
+        String canonical = encoder.canonicalize( input );
+
+        //if MinValue is greater than maxValue then programmer is likely calling this wrong
+        if (minValue > maxValue) {
+            throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
+        }
+
+        //convert to BigDecimal so we can safely parse dangerous numbers to
+        //check if the number may DOS the double parser
+        BigDecimal bd;
+        try {
+            bd = new BigDecimal(canonical);
+        } catch (NumberFormatException e) {
+            throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
+        }
+
+        // Thanks to Brian Chess for this suggestion
+        // Check if string input is in the "dangerous" double parsing range
+        if (bd.compareTo(smallBad) >= 0 && bd.compareTo(bigBad) <= 0) {
+            // if you get here you know you're looking at a bad value. The final
+            // value for any double in this range is supposed to be the following safe #
+            return new Double("2.2250738585072014E-308");
+        }
+
+        // the number is safe to parseDouble
+        Double d;
+        // validate min and max
+        try {
+            d = Double.valueOf(Double.parseDouble( canonical ));
+        } catch (NumberFormatException e) {
+            throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
+        }
+
+        if (d.isInfinite()) {
+            throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is infinite: context=" + context + ", input=" + input, context );
+    }
+        if (d.isNaN()) {
+            throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is not a number: context=" + context + ", input=" + input, context );
+        }
+        if (d.doubleValue() < minValue) {
+            throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+        }
+        if (d.doubleValue() > maxValue) {
+            throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+        }
+        return d;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
index 9024ac525..740db8c7d 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
@@ -1,324 +1,302 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.util.NullSafe;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- * 
- * http://en.wikipedia.org/wiki/Whitelist
- */
-public class StringValidationRule extends BaseValidationRule {
-
-	protected List<Pattern> whitelistPatterns = new ArrayList<Pattern>();
-	protected List<Pattern> blacklistPatterns = new ArrayList<Pattern>();
-	protected int minLength = 0;
-	protected int maxLength = Integer.MAX_VALUE;
-	protected boolean validateInputAndCanonical = true;
-
-	public StringValidationRule( String typeName ) {
-		super( typeName );
-	}
-
-	public StringValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public StringValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
-		super( typeName, encoder );
-		addWhitelistPattern( whitelistPattern );
-	}
-
-	/**
-	 * @throws IllegalArgumentException if pattern is null
-	 */
-	public void addWhitelistPattern( String pattern ) {
-		if (pattern == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		try {
-			whitelistPatterns.add( Pattern.compile( pattern ) );
-		} catch( PatternSyntaxException e ) {
-			throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
-		}
-	}
-
-	/**
-	 * @throws IllegalArgumentException if p is null
-	 */
-	public void addWhitelistPattern( Pattern p ) {
-		if (p == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		whitelistPatterns.add( p );
-	}
-
-	/**
-	 * @throws IllegalArgumentException if pattern is null
-	 */
-	public void addBlacklistPattern( String pattern ) {
-		if (pattern == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		try {
-			blacklistPatterns.add( Pattern.compile( pattern ) );
-		} catch( PatternSyntaxException e ) {
-			throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
-		}
-	}
-
-	/**
-	 * @throws IllegalArgumentException if p is null
-	 */
-	public void addBlacklistPattern( Pattern p ) {
-		if (p == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		blacklistPatterns.add( p );
-	}
-
-	public void setMinimumLength( int length ) {
-		minLength = length;
-	}
-
-
-	public void setMaximumLength( int length ) {
-		maxLength = length;
-	}
-
-	/**
-	 * Set the flag which determines whether the in input itself is
-	 * checked as well as the canonical form of the input.
-	 * @param flag The value to set
-	 */
-	public void setValidateInputAndCanonical(boolean flag)
-	{
-		validateInputAndCanonical = flag;
-	}
-
-	/**
-	 * checks input against whitelists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkWhitelist(String context, String input, String orig) throws ValidationException
-	{
-		// check whitelist patterns
-		for (Pattern p : whitelistPatterns) {
-			if ( !p.matcher(input).matches() ) {
-				throw new ValidationException( context + ": Invalid input. Please conform to regex " + p.pattern() + ( maxLength == Integer.MAX_VALUE ? "" : " with a maximum length of " + maxLength ), "Invalid input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
-			}
-		}
-
-		return input;
-	}
-
-	/**
-	 * checks input against whitelists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkWhitelist(String context, String input) throws ValidationException
-	{
-		return checkWhitelist(context, input, input);
-	}
-
-	/**
-	 * checks input against blacklists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkBlacklist(String context, String input, String orig) throws ValidationException
-	{
-		// check blacklist patterns
-		for (Pattern p : blacklistPatterns) {
-			if ( p.matcher(input).matches() ) {
-				throw new ValidationException( context + ": Invalid input. Dangerous input matching " + p.pattern() + " detected.", "Dangerous input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
-			}
-		}
-
-		return input;
-	}
-
-	/**
-	 * checks input against blacklists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkBlacklist(String context, String input) throws ValidationException
-	{
-		return checkBlacklist(context, input, input);
-	}
-
-	/**
-	 * checks input lengths
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkLength(String context, String input, String orig) throws ValidationException
-	{
-		if (input.length() < minLength) {
-			throw new ValidationException( context + ": Invalid input. The minimum length of " + minLength + " characters was not met.", "Input does not meet the minimum length of " + minLength + " by " + (minLength - input.length()) + " characters: context=" + context + ", type=" + getTypeName() + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
-		}
-
-		if (input.length() > maxLength) {
-			throw new ValidationException( context + ": Invalid input. The maximum length of " + maxLength + " characters was exceeded.", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length()-maxLength) + " characters: context=" + context + ", type=" + getTypeName() + ", orig=" + orig +", input=" + input, context );
-		}
-
-		return input;
-	}
-
-	/**
-	 * checks input lengths
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkLength(String context, String input) throws ValidationException
-	{
-		return checkLength(context, input, input);
-	}
-
-	/**
-	 * checks input emptiness
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkEmpty(String context, String input, String orig) throws ValidationException
-	{
-		if(!StringUtilities.isEmpty(input))
-			return input;
-		if(allowNull)
-			return null;
-		throw new ValidationException( context + ": Input required.", "Input required: context=" + context + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
-	}
-
-	/**
-	 * checks input emptiness
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkEmpty(String context, String input) throws ValidationException
-	{
-		return checkEmpty(context, input, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValid( String context, String input ) throws ValidationException
-	{
-		String data = null;
-
-		// checks on input itself
-
-		// check for empty/null
-		if(checkEmpty(context, input) == null)
-			return null;
-
-		if (validateInputAndCanonical)
-		{
-			//first validate pre-canonicalized data
-			
-			// check length
-			checkLength(context, input);
-
-			// check whitelist patterns
-			checkWhitelist(context, input);
-
-			// check blacklist patterns
-			checkBlacklist(context, input);
-			
-			// canonicalize
-			data = encoder.canonicalize( input );
-			
-		} else {
-			
-			//skip canonicalization
-			data = input;			
-		}
-
-		// check for empty/null
-		if(checkEmpty(context, data, input) == null)
-			return null;
-
-		// check length
-		checkLength(context, data, input);
-
-		// check whitelist patterns
-		checkWhitelist(context, data, input);
-
-		// check blacklist patterns
-		checkBlacklist(context, data, input);
-
-		// validation passed
-		return data;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-		public String sanitize( String context, String input ) {
-			return whitelist( input, EncoderConstants.CHAR_ALPHANUMERICS );
-		}
-
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.util.NullSafe;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ *
+ * http://en.wikipedia.org/wiki/Whitelist
+ */
+public class StringValidationRule extends BaseValidationRule {
+    private static final Logger LOGGER = ESAPI.getLogger(StringValidationRule.class);
+    protected List<Pattern> whitelistPatterns = new ArrayList<Pattern>();
+    protected List<Pattern> blacklistPatterns = new ArrayList<Pattern>();
+    protected int minLength = 0;
+    protected int maxLength = Integer.MAX_VALUE;
+    private boolean canonicalizeInput = true;
+
+    public StringValidationRule( String typeName ) {
+        super( typeName );
+    }
+
+    public StringValidationRule( String typeName, Encoder encoder ) {
+        super( typeName, encoder );
+    }
+
+    public StringValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
+        super( typeName, encoder );
+        addWhitelistPattern( whitelistPattern );
+    }
+
+    /**
+     * @throws IllegalArgumentException if pattern is null
+     */
+    public void addWhitelistPattern( String pattern ) {
+        if (pattern == null) {
+            throw new IllegalArgumentException("Pattern cannot be null");
+        }
+        try {
+            whitelistPatterns.add( Pattern.compile( pattern ) );
+        } catch( PatternSyntaxException e ) {
+            throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
+        }
+    }
+
+    /**
+     * @throws IllegalArgumentException if p is null
+     */
+    public void addWhitelistPattern( Pattern p ) {
+        if (p == null) {
+            throw new IllegalArgumentException("Pattern cannot be null");
+        }
+        whitelistPatterns.add( p );
+    }
+
+    /**
+     * @throws IllegalArgumentException if pattern is null
+     */
+    public void addBlacklistPattern( String pattern ) {
+        if (pattern == null) {
+            throw new IllegalArgumentException("Pattern cannot be null");
+        }
+        try {
+            blacklistPatterns.add( Pattern.compile( pattern ) );
+        } catch( PatternSyntaxException e ) {
+            throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
+        }
+    }
+
+    /**
+     * @throws IllegalArgumentException if p is null
+     */
+    public void addBlacklistPattern( Pattern p ) {
+        if (p == null) {
+            throw new IllegalArgumentException("Pattern cannot be null");
+        }
+        blacklistPatterns.add( p );
+    }
+
+    public void setMinimumLength( int length ) {
+        minLength = length;
+    }
+
+
+    public void setMaximumLength( int length ) {
+        maxLength = length;
+    }
+
+    public void setCanonicalize(boolean canonicalize) {
+        this.canonicalizeInput = canonicalize;
+    }
+
+    /**
+     * checks input against whitelists.
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @param orig A origional input to include in exception
+     *    messages. This is not included if it is the same as
+     *    input.
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkWhitelist(String context, String input, String orig) throws ValidationException
+    {
+        // check whitelist patterns
+        for (Pattern p : whitelistPatterns) {
+            if ( !p.matcher(input).matches() ) {
+                throw new ValidationException( context + ": Invalid input. Please conform to regex " + p.pattern() + ( maxLength == Integer.MAX_VALUE ? "" : " with a maximum length of " + maxLength ), "Invalid input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
+            }
+        }
+
+        return input;
+    }
+
+    /**
+     * checks input against whitelists.
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkWhitelist(String context, String input) throws ValidationException
+    {
+        return checkWhitelist(context, input, input);
+    }
+
+    /**
+     * checks input against blacklists.
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @param orig A origional input to include in exception
+     *    messages. This is not included if it is the same as
+     *    input.
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkBlacklist(String context, String input, String orig) throws ValidationException
+    {
+        // check blacklist patterns
+        for (Pattern p : blacklistPatterns) {
+            if ( p.matcher(input).matches() ) {
+                throw new ValidationException( context + ": Invalid input. Dangerous input matching " + p.pattern() + " detected.", "Dangerous input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
+            }
+        }
+
+        return input;
+    }
+
+    /**
+     * checks input against blacklists.
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkBlacklist(String context, String input) throws ValidationException
+    {
+        return checkBlacklist(context, input, input);
+    }
+
+    /**
+     * checks input lengths
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @param orig A origional input to include in exception
+     *    messages. This is not included if it is the same as
+     *    input.
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkLength(String context, String input, String orig) throws ValidationException
+    {
+        if (input.length() < minLength) {
+            throw new ValidationException( context + ": Invalid input. The minimum length of " + minLength + " characters was not met.", "Input does not meet the minimum length of " + minLength + " by " + (minLength - input.length()) + " characters: context=" + context + ", type=" + getTypeName() + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
+        }
+
+        if (input.length() > maxLength) {
+            throw new ValidationException( context + ": Invalid input. The maximum length of " + maxLength + " characters was exceeded.", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length()-maxLength) + " characters: context=" + context + ", type=" + getTypeName() + ", orig=" + orig +", input=" + input, context );
+        }
+
+        return input;
+    }
+
+    /**
+     * checks input lengths
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkLength(String context, String input) throws ValidationException
+    {
+        return checkLength(context, input, input);
+    }
+
+    /**
+     * checks input emptiness
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @param orig A origional input to include in exception
+     *    messages. This is not included if it is the same as
+     *    input.
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkEmpty(String context, String input, String orig) throws ValidationException
+    {
+        if(!StringUtilities.isEmpty(input))
+            return input;
+        if(allowNull)
+            return null;
+        throw new ValidationException( context + ": Input required.", "Input required: context=" + context + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
+    }
+
+    /**
+     * checks input emptiness
+     * @param context The context to include in exception messages
+     * @param input the input to check
+     * @return input upon a successful check
+     * @throws ValidationException if the check fails.
+     */
+    private String checkEmpty(String context, String input) throws ValidationException
+    {
+        return checkEmpty(context, input, input);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getValid( String context, String input ) throws ValidationException
+    {
+        String data = null;
+
+        // check for empty/null
+        if(checkEmpty(context, input) == null)
+            return null;
+
+        // check length
+        checkLength(context, input);
+
+        // canonicalize
+        if (canonicalizeInput) {
+            data = encoder.canonicalize(input);
+        } else {
+            String message = String.format("Input validation excludes canonicalization.  Context: %s   Input: %s", context, input);
+            LOGGER.warning(Logger.SECURITY_AUDIT, message);
+            data = input;
+        }
+
+        // check whitelist patterns
+        checkWhitelist(context, data, input);
+
+        // check blacklist patterns
+        checkBlacklist(context, data, input);
+
+        // validation passed
+        return data;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+        public String sanitize( String context, String input ) {
+            return whitelist( input, EncoderConstants.CHAR_ALPHANUMERICS );
+        }
+
+
+}
+
diff --git a/src/main/java/org/owasp/esapi/reference/validation/package.html b/src/main/java/org/owasp/esapi/reference/validation/package.html
index 050397abf..271bb16ea 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/package.html
+++ b/src/main/java/org/owasp/esapi/reference/validation/package.html
@@ -1,11 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains data format-specific validation rule functions.
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains data format-specific validation rule functions.
+
+</body>
+</html>
diff --git a/src/main/java/org/owasp/esapi/tags/BaseEncodeTag.java b/src/main/java/org/owasp/esapi/tags/BaseEncodeTag.java
index c40a04fb4..e52b7402b 100644
--- a/src/main/java/org/owasp/esapi/tags/BaseEncodeTag.java
+++ b/src/main/java/org/owasp/esapi/tags/BaseEncodeTag.java
@@ -28,43 +28,43 @@
 /** Abstract base class for tags that just encode their bodies with Encoder methods. */
 public abstract class BaseEncodeTag extends BodyTagSupport
 {
-	private static final long serialVersionUID = 1L;
+    private static final long serialVersionUID = 1L;
 
-	/**
-	 * Encode tag's content.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder provided as a convinence.
-	 * @return content encoded by the subclass's implementation.
-	 */
-	protected abstract String encode(String content, Encoder enc) throws JspTagException;
+    /**
+     * Encode tag's content.
+     * @param content The tag's content as a String
+     * @param enc Encoder provided as a convinence.
+     * @return content encoded by the subclass's implementation.
+     */
+    protected abstract String encode(String content, Encoder enc) throws JspTagException;
 
-	/**
-	 * After tag body parsing handler. This provides the necessary
-	 * plubming to allow subclasses to just concern themselves with
-	 * encoding a single string.
-	 * @return {@link javax.servlet.jsp.tagext.Tag#SKIP_BODY}
-	 * @throws JspTagException if writing to the bodyContent's
-	 * enclosing writer throws an IOException.
-	 */
-	public int doAfterBody() throws JspTagException
-	{
-		String content;
-		JspWriter out;
+    /**
+     * After tag body parsing handler. This provides the necessary
+     * plubming to allow subclasses to just concern themselves with
+     * encoding a single string.
+     * @return {@link javax.servlet.jsp.tagext.Tag#SKIP_BODY}
+     * @throws JspTagException if writing to the bodyContent's
+     * enclosing writer throws an IOException.
+     */
+    public int doAfterBody() throws JspTagException
+    {
+        String content;
+        JspWriter out;
 
-		content = bodyContent.getString();
-		out = bodyContent.getEnclosingWriter();
+        content = bodyContent.getString();
+        out = bodyContent.getEnclosingWriter();
 
-		content = encode(content, ESAPI.encoder());
-		try
-		{
-			out.print(content);
-		}
-		catch (IOException e)
-		{
-			throw new JspTagException("Error writing to body's enclosing JspWriter",e);
-		}
+        content = encode(content, ESAPI.encoder());
+        try
+        {
+            out.print(content);
+        }
+        catch (IOException e)
+        {
+            throw new JspTagException("Error writing to body's enclosing JspWriter",e);
+        }
 
-		bodyContent.clearBody();
-		return SKIP_BODY;
-	}
+        bodyContent.clearBody();
+        return SKIP_BODY;
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/tags/ELEncodeFunctions.java b/src/main/java/org/owasp/esapi/tags/ELEncodeFunctions.java
index 5b74e1e83..b8a2228f4 100644
--- a/src/main/java/org/owasp/esapi/tags/ELEncodeFunctions.java
+++ b/src/main/java/org/owasp/esapi/tags/ELEncodeFunctions.java
@@ -11,162 +11,162 @@
  */
 public class ELEncodeFunctions
 {
-	private static final String DEFAULT_ENCODING = "UTF-8";
-
-	/**
-	 * Private constructor as this class shouldn't need to be
-	 * instantiated.
-	 */
-	private ELEncodeFunctions()
-	{
-	}
-
-	/**
-	 * Base64 encode a string. UTF-8 is used to encode the string and no line wrapping is performed.
-	 * @param str The string to encode.
-	 * @return The base64 encoded String.
-	 * @see Encoder#encodeForBase64(byte[],boolean)
-	 * @throws UnsupportedEncodingException if UTF-8 is an unsupported character set. This should not happen as UTF-8 is required to be supported by the JVM spec.
-	 */
-	public static String encodeForBase64(String str) throws UnsupportedEncodingException
-	{
-		return encodeForBase64Charset(DEFAULT_ENCODING, str);
-	}
-
-	/**
-	 * Base64 encode a string with line wrapping. UTF-8 is used to encode the string and lines are wrapped at 64 characters..
-	 * @param str The string to encode.
-	 * @return The base64 encoded String.
-	 * @see Encoder#encodeForBase64(byte[],boolean)
-	 * @throws UnsupportedEncodingException if UTF-8 is an unsupported character set. This should not happen as UTF-8 is required to be supported by the JVM spec.
-	 */
-	public static String encodeForBase64Wrap(String str) throws UnsupportedEncodingException
-	{
-		return encodeForBase64CharsetWrap(DEFAULT_ENCODING, str);
-	}
-
-	/**
-	 * Base64 encode a string after converting to bytes using the specified character set. No line wrapping is performed.
-	 * @param charset The character set used to convert str to bytes.
-	 * @param str The string to encode.
-	 * @return The base64 encoded String.
-	 * @see Encoder#encodeForBase64(byte[],boolean)
-	 * @throws UnsupportedEncodingException if charset is an unsupported character set.
-	 */
-	public static String encodeForBase64Charset(String charset, String str) throws UnsupportedEncodingException
-	{
-		return ESAPI.encoder().encodeForBase64(str.getBytes(charset), false);
-	}
-
-	/**
-	 * Base64 encode a string after converting to bytes using the specified character set and wrapping lines. Lines are wrapped at 64 characters.
-	 * @param charset The character set used to convert str to bytes.
-	 * @param str The string to encode.
-	 * @return The base64 encoded String.
-	 * @see Encoder#encodeForBase64(byte[],boolean)
-	 * @throws UnsupportedEncodingException if charset is an unsupported character set.
-	 */
-	public static String encodeForBase64CharsetWrap(String charset, String str) throws UnsupportedEncodingException
-	{
-		return ESAPI.encoder().encodeForBase64(str.getBytes(charset), true);
-	}
-
-	/**
-	 * Encode string for use in CSS.
-	 * @param str The string to encode.
-	 * @return str encoded for use in CSS.
-	 * @see Encoder#encodeForCSS(String)
-	 */
-	public static String encodeForCSS(String str)
-	{
-		return ESAPI.encoder().encodeForCSS(str);
-	}
-
-	/**
-	 * Encode string for use in HTML.
-	 * @param str The string to encode.
-	 * @return str encoded for use in HTML.
-	 * @see Encoder#encodeForHTML(String)
-	 */
-	public static String encodeForHTML(String str)
-	{
-		return ESAPI.encoder().encodeForHTML(str);
-	}
-
-	/**
-	 * Encode string for use in a HTML attribute.
-	 * @param str The string to encode.
-	 * @return str encoded for use in HTML attribute.
-	 * @see Encoder#encodeForHTMLAttribute(String)
-	 */
-	public static String encodeForHTMLAttribute(String str)
-	{
-		return ESAPI.encoder().encodeForHTMLAttribute(str);
-	}
-
-	/**
-	 * Encode string for use in JavaScript.
-	 * @param str The string to encode.
-	 * @return str encoded for use in JavaScript.
-	 * @see Encoder#encodeForJavaScript(String)
-	 */
-	public static String encodeForJavaScript(String str)
-	{
-		return ESAPI.encoder().encodeForJavaScript(str);
-	}
-
-	/**
-	 * Encode string for use in a URL.
-	 * @param str The string to encode.
-	 * @return str encoded for use in a URL.
-	 * @see Encoder#encodeForURL(String)
-	 */
-	public static String encodeForURL(String str) throws EncodingException
-	{
-		return ESAPI.encoder().encodeForURL(str);
-	}
-
-	/**
-	 * Encode string for use in VBScript.
-	 * @param str The string to encode.
-	 * @return str encoded for use in VBScript.
-	 * @see Encoder#encodeForVBScript(String)
-	 */
-	public static String encodeForVBScript(String str)
-	{
-		return ESAPI.encoder().encodeForVBScript(str);
-	}
-
-	/**
-	 * Encode string for use in XML.
-	 * @param str The string to encode.
-	 * @return str encoded for use in XML.
-	 * @see Encoder#encodeForXML(String)
-	 */
-	public static String encodeForXML(String str)
-	{
-		return ESAPI.encoder().encodeForXML(str);
-	}
-
-	/**
-	 * Encode string for use in a XML attribute.
-	 * @param str The string to encode.
-	 * @return str encoded for use in XML attribute.
-	 * @see Encoder#encodeForXMLAttribute(String)
-	 */
-	public static String encodeForXMLAttribute(String str)
-	{
-		return ESAPI.encoder().encodeForXMLAttribute(str);
-	}
-
-	/**
-	 * Encode string for use in XPath.
-	 * @param str The string to encode.
-	 * @return str encoded for use in XPath.
-	 * @see Encoder#encodeForXPath(String)
-	 */
-	public static String encodeForXPath(String str)
-	{
-		return ESAPI.encoder().encodeForXPath(str);
-	}
+    private static final String DEFAULT_ENCODING = "UTF-8";
+
+    /**
+     * Private constructor as this class shouldn't need to be
+     * instantiated.
+     */
+    private ELEncodeFunctions()
+    {
+    }
+
+    /**
+     * Base64 encode a string. UTF-8 is used to encode the string and no line wrapping is performed.
+     * @param str The string to encode.
+     * @return The base64 encoded String.
+     * @see Encoder#encodeForBase64(byte[],boolean)
+     * @throws UnsupportedEncodingException if UTF-8 is an unsupported character set. This should not happen as UTF-8 is required to be supported by the JVM spec.
+     */
+    public static String encodeForBase64(String str) throws UnsupportedEncodingException
+    {
+        return encodeForBase64Charset(DEFAULT_ENCODING, str);
+    }
+
+    /**
+     * Base64 encode a string with line wrapping. UTF-8 is used to encode the string and lines are wrapped at 64 characters..
+     * @param str The string to encode.
+     * @return The base64 encoded String.
+     * @see Encoder#encodeForBase64(byte[],boolean)
+     * @throws UnsupportedEncodingException if UTF-8 is an unsupported character set. This should not happen as UTF-8 is required to be supported by the JVM spec.
+     */
+    public static String encodeForBase64Wrap(String str) throws UnsupportedEncodingException
+    {
+        return encodeForBase64CharsetWrap(DEFAULT_ENCODING, str);
+    }
+
+    /**
+     * Base64 encode a string after converting to bytes using the specified character set. No line wrapping is performed.
+     * @param charset The character set used to convert str to bytes.
+     * @param str The string to encode.
+     * @return The base64 encoded String.
+     * @see Encoder#encodeForBase64(byte[],boolean)
+     * @throws UnsupportedEncodingException if charset is an unsupported character set.
+     */
+    public static String encodeForBase64Charset(String charset, String str) throws UnsupportedEncodingException
+    {
+        return ESAPI.encoder().encodeForBase64(str.getBytes(charset), false);
+    }
+
+    /**
+     * Base64 encode a string after converting to bytes using the specified character set and wrapping lines. Lines are wrapped at 64 characters.
+     * @param charset The character set used to convert str to bytes.
+     * @param str The string to encode.
+     * @return The base64 encoded String.
+     * @see Encoder#encodeForBase64(byte[],boolean)
+     * @throws UnsupportedEncodingException if charset is an unsupported character set.
+     */
+    public static String encodeForBase64CharsetWrap(String charset, String str) throws UnsupportedEncodingException
+    {
+        return ESAPI.encoder().encodeForBase64(str.getBytes(charset), true);
+    }
+
+    /**
+     * Encode string for use in CSS.
+     * @param str The string to encode.
+     * @return str encoded for use in CSS.
+     * @see Encoder#encodeForCSS(String)
+     */
+    public static String encodeForCSS(String str)
+    {
+        return ESAPI.encoder().encodeForCSS(str);
+    }
+
+    /**
+     * Encode string for use in HTML.
+     * @param str The string to encode.
+     * @return str encoded for use in HTML.
+     * @see Encoder#encodeForHTML(String)
+     */
+    public static String encodeForHTML(String str)
+    {
+        return ESAPI.encoder().encodeForHTML(str);
+    }
+
+    /**
+     * Encode string for use in a HTML attribute.
+     * @param str The string to encode.
+     * @return str encoded for use in HTML attribute.
+     * @see Encoder#encodeForHTMLAttribute(String)
+     */
+    public static String encodeForHTMLAttribute(String str)
+    {
+        return ESAPI.encoder().encodeForHTMLAttribute(str);
+    }
+
+    /**
+     * Encode string for use in JavaScript.
+     * @param str The string to encode.
+     * @return str encoded for use in JavaScript.
+     * @see Encoder#encodeForJavaScript(String)
+     */
+    public static String encodeForJavaScript(String str)
+    {
+        return ESAPI.encoder().encodeForJavaScript(str);
+    }
+
+    /**
+     * Encode string for use in a URL.
+     * @param str The string to encode.
+     * @return str encoded for use in a URL.
+     * @see Encoder#encodeForURL(String)
+     */
+    public static String encodeForURL(String str) throws EncodingException
+    {
+        return ESAPI.encoder().encodeForURL(str);
+    }
+
+    /**
+     * Encode string for use in VBScript.
+     * @param str The string to encode.
+     * @return str encoded for use in VBScript.
+     * @see Encoder#encodeForVBScript(String)
+     */
+    public static String encodeForVBScript(String str)
+    {
+        return ESAPI.encoder().encodeForVBScript(str);
+    }
+
+    /**
+     * Encode string for use in XML.
+     * @param str The string to encode.
+     * @return str encoded for use in XML.
+     * @see Encoder#encodeForXML(String)
+     */
+    public static String encodeForXML(String str)
+    {
+        return ESAPI.encoder().encodeForXML(str);
+    }
+
+    /**
+     * Encode string for use in a XML attribute.
+     * @param str The string to encode.
+     * @return str encoded for use in XML attribute.
+     * @see Encoder#encodeForXMLAttribute(String)
+     */
+    public static String encodeForXMLAttribute(String str)
+    {
+        return ESAPI.encoder().encodeForXMLAttribute(str);
+    }
+
+    /**
+     * Encode string for use in XPath.
+     * @param str The string to encode.
+     * @return str encoded for use in XPath.
+     * @see Encoder#encodeForXPath(String)
+     */
+    public static String encodeForXPath(String str)
+    {
+        return ESAPI.encoder().encodeForXPath(str);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForBase64Tag.java b/src/main/java/org/owasp/esapi/tags/EncodeForBase64Tag.java
index dbde61af9..a9300ffa4 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForBase64Tag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForBase64Tag.java
@@ -7,76 +7,76 @@
 import org.owasp.esapi.Encoder;
 
 /**
- * JSP tag that encode's it's body using Base64.
+ * JSP tag that encodes its body using Base64.
  */
 public class EncodeForBase64Tag extends BaseEncodeTag
 {
-	private static final long serialVersionUID = 3L;
-	/** @serial Flag determining line wrapping */
-	private boolean wrap = false;
-	/**
-	  * @serial Charset to use when converting content from a String
-	  * to byte[].
-	  */
-	private String encoding = "UTF-8";
+    private static final long serialVersionUID = 3L;
+    /** @serial Flag determining line wrapping */
+    private boolean wrap = false;
+    /**
+      * @serial Charset to use when converting content from a String
+      * to byte[].
+      */
+    private String encoding = "UTF-8";
 
-	/**
-	 * Encode tag's content using Base64.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForBase64(byte[], boolean)}
-	 * @return content encoded in Base64
-	 */
-	protected String encode(String content, Encoder enc) throws JspTagException
-	{
-		try
-		{
-			return enc.encodeForBase64(content.getBytes(encoding), wrap);
-		}
-		catch(UnsupportedEncodingException e)
-		{
-			throw new JspTagException("Unsupported encoding " + enc,e);
-		}
-	}
+    /**
+     * Encode tag's content using Base64.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForBase64(byte[], boolean)}
+     * @return content encoded in Base64
+     */
+    protected String encode(String content, Encoder enc) throws JspTagException
+    {
+        try
+        {
+            return enc.encodeForBase64(content.getBytes(encoding), wrap);
+        }
+        catch(UnsupportedEncodingException e)
+        {
+            throw new JspTagException("Unsupported encoding " + enc,e);
+        }
+    }
 
-	/**
-	 * Set the encoding used to convert the content to bytes for
-	 * encoding. This defaults to UTF-8 if not specified.
-	 * @param encoding The encoding passed to {@link String#getBytes(String)}.
-	 */
-	public void setEncoding(String encoding)
-	{
-		this.encoding=encoding;
-	}
+    /**
+     * Set the encoding used to convert the content to bytes for
+     * encoding. This defaults to UTF-8 if not specified.
+     * @param encoding The encoding passed to {@link String#getBytes(String)}.
+     */
+    public void setEncoding(String encoding)
+    {
+        this.encoding=encoding;
+    }
 
-	/**
-	 * Get the encoding used to convert the content to bytes for
-	 * encoding.
-	 * @return encoding The encoding passed to
-	 * {@link String#getBytes(String)}.
-	 */
-	public String getEncoding()
-	{
-		return encoding;
-	}
+    /**
+     * Get the encoding used to convert the content to bytes for
+     * encoding.
+     * @return encoding The encoding passed to
+     * {@link String#getBytes(String)}.
+     */
+    public String getEncoding()
+    {
+        return encoding;
+    }
 
-	/**
-	 * Set whether line wrapping at 64 characters is performed. This
-	 * defaults to false.
-	 * @param wrap flag determining wrapping.
-	 */
-	public void setWrap(boolean wrap)
-	{
-		this.wrap=wrap;
-	}
+    /**
+     * Set whether line wrapping at 64 characters is performed. This
+     * defaults to false.
+     * @param wrap flag determining wrapping.
+     */
+    public void setWrap(boolean wrap)
+    {
+        this.wrap=wrap;
+    }
 
-	/**
-	 * Get whether line wrapping at 64 characters is performed. This
-	 * defaults to false.
-	 * @return value of flag determining wrapping.
-	 */
-	public boolean getWrap()
-	{
-		return wrap;
-	}
+    /**
+     * Get whether line wrapping at 64 characters is performed. This
+     * defaults to false.
+     * @return value of flag determining wrapping.
+     */
+    public boolean getWrap()
+    {
+        return wrap;
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForCSSTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForCSSTag.java
index c4bfebd8e..b2e6452cb 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForCSSTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForCSSTag.java
@@ -3,21 +3,21 @@
 import org.owasp.esapi.Encoder;
 
 /**
- * JSP tag that encode's it's body for use in CSS.
+ * JSP tag that encodes its body for use in CSS.
  */
 public class EncodeForCSSTag extends BaseEncodeTag
 {
-	private static final long serialVersionUID = 3L;
+    private static final long serialVersionUID = 3L;
 
-	/**
-	 * Encode tag's content for usage in CSS.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForCSS(String)}
-	 * @return content encoded for usage in CSS
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForCSS(content);
-	}
+    /**
+     * Encode tag's content for usage in CSS.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForCSS(String)}
+     * @return content encoded for usage in CSS
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForCSS(content);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java
index e407e02c0..969bb0015 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java
@@ -1,39 +1,39 @@
-/*
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in a HTML attribute.
- */
-public class EncodeForHTMLAttributeTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage as a HTML attribute.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForHTMLAttribute(String)}
-	 * @return content encoded for usage as a HTML attribute
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForHTMLAttribute(content);
-	}
-}
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encodes its body for use in a HTML attribute.
+ */
+public class EncodeForHTMLAttributeTag extends BaseEncodeTag
+{
+    private static final long serialVersionUID = 3L;
+
+    /**
+     * Encode tag's content for usage as a HTML attribute.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForHTMLAttribute(String)}
+     * @return content encoded for usage as a HTML attribute
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForHTMLAttribute(content);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java
index d161c986a..d9584dffa 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java
@@ -1,39 +1,39 @@
-/*
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in HTML.
- */
-public class EncodeForHTMLTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage in HTML.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForHTML(String)}
-	 * @return content encoded for usage in HTML
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForHTML(content);
-	}
-}
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encodes its body for use in HTML.
+ */
+public class EncodeForHTMLTag extends BaseEncodeTag
+{
+    private static final long serialVersionUID = 3L;
+
+    /**
+     * Encode tag's content for usage in HTML.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForHTML(String)}
+     * @return content encoded for usage in HTML
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForHTML(content);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java
index 08997d777..b8d3c5483 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java
@@ -1,23 +1,23 @@
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in JavaScript.
- */
-public class EncodeForJavaScriptTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage in JavaScript
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForJavaScript(String)}
-	 * @return content encoded for usage in JavaScript
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForJavaScript(content);
-	}
-}
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encodes its body for use in JavaScript.
+ */
+public class EncodeForJavaScriptTag extends BaseEncodeTag
+{
+    private static final long serialVersionUID = 3L;
+
+    /**
+     * Encode tag's content for usage in JavaScript
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForJavaScript(String)}
+     * @return content encoded for usage in JavaScript
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForJavaScript(content);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForURLTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForURLTag.java
index d159676e1..ab9a6734c 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForURLTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForURLTag.java
@@ -6,29 +6,29 @@
 import org.owasp.esapi.errors.EncodingException;
 
 /**
- * JSP tag that encode's it's body for use in a URL.
+ * JSP tag that encodes its body for use in a URL.
  */
 public class EncodeForURLTag extends BaseEncodeTag
 {
-	private static final long serialVersionUID = 3L;
+    private static final long serialVersionUID = 3L;
 
-	/**
-	 * Encode tag's content for usage in a URL.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForURL(String)}
-	 * @return content encoded for usage in a URL
-	 * @throws EncodingException if {@link Encoder#encodeForURL(String)} does.
-	 */
-	protected String encode(String content, Encoder enc) throws JspTagException
-	{
-		try
-		{
-			return enc.encodeForURL(content);
-		}
-		catch(EncodingException e)
-		{
-			throw new JspTagException("Unable to encode to URL encoding", e);
-		}
-	}
+    /**
+     * Encode tag's content for usage in a URL.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForURL(String)}
+     * @return content encoded for usage in a URL
+     * @throws EncodingException if {@link Encoder#encodeForURL(String)} does.
+     */
+    protected String encode(String content, Encoder enc) throws JspTagException
+    {
+        try
+        {
+            return enc.encodeForURL(content);
+        }
+        catch(EncodingException e)
+        {
+            throw new JspTagException("Unable to encode to URL encoding", e);
+        }
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java
index d6b07fa7a..033ef06f9 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java
@@ -1,39 +1,39 @@
-/*
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in VBScript.
- */
-public class EncodeForVBScriptTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage in VBScript.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForVBScript(String)}
-	 * @return content encoded for usage in VBScript
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForVBScript(content);
-	}
-}
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encodes its body for use in VBScript.
+ */
+public class EncodeForVBScriptTag extends BaseEncodeTag
+{
+    private static final long serialVersionUID = 3L;
+
+    /**
+     * Encode tag's content for usage in VBScript.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForVBScript(String)}
+     * @return content encoded for usage in VBScript
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForVBScript(content);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForXMLAttributeTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForXMLAttributeTag.java
index c14746719..7b2a1264c 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForXMLAttributeTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForXMLAttributeTag.java
@@ -3,21 +3,21 @@
 import org.owasp.esapi.Encoder;
 
 /**
- * JSP tag that encode's it's body for use in a XML attribute.
+ * JSP tag that encodes its body for use in a XML attribute.
  */
 public class EncodeForXMLAttributeTag extends BaseEncodeTag
 {
-	private static final long serialVersionUID = 3L;
+    private static final long serialVersionUID = 3L;
 
-	/**
-	 * Encode tag's content for usage as a XML attribute.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForXMLAttribute(String)}
-	 * @return content encoded for usage as a XML attribute
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForXMLAttribute(content);
-	}
+    /**
+     * Encode tag's content for usage as a XML attribute.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForXMLAttribute(String)}
+     * @return content encoded for usage as a XML attribute
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForXMLAttribute(content);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForXMLTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForXMLTag.java
index f86cfe1ab..f06ad3710 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForXMLTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForXMLTag.java
@@ -3,21 +3,21 @@
 import org.owasp.esapi.Encoder;
 
 /**
- * JSP tag that encode's it's body for use in XML.
+ * JSP tag that encodes its body for use in XML.
  */
 public class EncodeForXMLTag extends BaseEncodeTag
 {
-	private static final long serialVersionUID = 3L;
+    private static final long serialVersionUID = 3L;
 
-	/**
-	 * Encode tag's content for usage in XML.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForXML(String)}
-	 * @return content encoded for usage in XML
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForXML(content);
-	}
+    /**
+     * Encode tag's content for usage in XML.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForXML(String)}
+     * @return content encoded for usage in XML
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForXML(content);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForXPathTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForXPathTag.java
index 064b19149..0a36c32c0 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForXPathTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForXPathTag.java
@@ -3,21 +3,21 @@
 import org.owasp.esapi.Encoder;
 
 /**
- * JSP tag that encode's it's body for use in XPath.
+ * JSP tag that encodes its body for use in XPath.
  */
 public class EncodeForXPathTag extends BaseEncodeTag
 {
-	private static final long serialVersionUID = 3L;
+    private static final long serialVersionUID = 3L;
 
-	/**
-	 * Encode tag's content for usage in XPath.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForXPath(String)}
-	 * @return content encoded for usage in XPath
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForXPath(content);
-	}
+    /**
+     * Encode tag's content for usage in XPath.
+     * @param content The tag's content as a String
+     * @param enc Encoder used to call
+     *     {@link Encoder#encodeForXPath(String)}
+     * @return content encoded for usage in XPath
+     */
+    protected String encode(String content, Encoder enc)
+    {
+        return enc.encodeForXPath(content);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java b/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java
index 09d19c700..abb82c018 100644
--- a/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java
+++ b/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java
@@ -1,6 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
@@ -77,14 +77,19 @@ public static byte[] fromLong(long input) {
 
     /**
      * Converts a given byte array to an {@code short}. Bytes are expected in
-     * network byte
-     * order.
+     * network byte order.
      *
-     * @param input A network byte-ordered representation of an {@code short}.
+     * @param input A network byte-ordered representation of an {@code short},
+     *              so exactly 2 bytes are expected.
      * @return The {@code short} value represented by the input array.
      */
     public static short toShort(byte[] input) {
-        assert input.length == 2 : "toShort(): Byte array length must be 2.";
+        if ( input == null ) {
+            throw new IllegalArgumentException("input: parameter may not be null.");
+        }
+        if ( input.length != 2 ) {
+            throw new IllegalArgumentException("input: Byte array length must be 2.");
+        }
         short output = 0;
         output = (short)(((input[0] & 0xff) << 8) | (input[1] & 0xff));
         return output;
@@ -95,10 +100,16 @@ public static short toShort(byte[] input) {
      * network byte order.
      *
      * @param input A network byte-ordered representation of an {@code int}.
+     *              Must be exactly 4 bytes.
      * @return The {@code int} value represented by the input array.
      */
     public static int toInt(byte[] input) {
-        assert input.length == 4 : "toInt(): Byte array length must be 4.";
+        if ( input == null ) {
+            throw new IllegalArgumentException("input: parameter may not be null.");
+        }
+        if ( input.length != 4 ) {
+            throw new IllegalArgumentException("input: Byte array length must be 4.");
+        }
         int output = 0;
         output = ((input[0] & 0xff) << 24) | ((input[1] & 0xff) << 16) |
                  ((input[2] & 0xff) << 8) | (input[3] & 0xff);
@@ -110,10 +121,16 @@ public static int toInt(byte[] input) {
      * network byte
      *
      * @param input A network byte-ordered representation of a {@code long}.
+     *              Must be exactly 8 bytes.
      * @return The {@code long} value represented by the input array
      */
     public static long toLong(byte[] input) {
-        assert input.length == 8 : "toLong(): Byte array length must be 8.";
+        if ( input == null ) {
+            throw new IllegalArgumentException("input: parameter may not be null.");
+        }
+        if ( input.length != 8 ) {
+            throw new IllegalArgumentException("input: Byte array length must be 8.");
+        }
         long output = 0;
         output  = ((long)(input[0] & 0xff) << 56);
         output |= ((long)(input[1] & 0xff) << 48);
@@ -125,4 +142,4 @@ public static long toLong(byte[] input) {
         output |= (input[7] & 0xff);
         return output;
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/owasp/esapi/util/CollectionsUtil.java b/src/main/java/org/owasp/esapi/util/CollectionsUtil.java
index 933da06b8..a4284030e 100644
--- a/src/main/java/org/owasp/esapi/util/CollectionsUtil.java
+++ b/src/main/java/org/owasp/esapi/util/CollectionsUtil.java
@@ -1,115 +1,115 @@
-/**
- * 
- */
-package org.owasp.esapi.util;
-
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * @author Neil Matatall (neil.matatall .at. gmail.com)
- * 
- * Are these necessary?  Are there any libraries or java.lang classes to take
- * care of the conversions?
- * 
- * FIXME: we can convert to using this, but it requires that the array be of Character, not char
- *      new HashSet(Arrays.asList(array))
- * 
- */
-public class CollectionsUtil
-{
-	private static final char[] EMPTY_CHAR_ARRAY = new char[0];
-
-	/**
-	 * Converts an array of chars to a Set of Characters. 
-	 * @param array the contents of the new Set
-	 * @return a Set containing the elements in the array
-	 */
-	public static Set<Character> arrayToSet(char...array)
-	{
-		Set<Character> toReturn;
-
-		if(array == null)
-			return new HashSet<Character>();
-		toReturn = new HashSet<Character>(array.length);
-		for (char c : array) {
-			toReturn.add(c);
-		}
-		return toReturn;
-	}
-
-	/**
-	 * Convert a char array to a unmodifiable Set.
-	 * @param array the contents of the new Set
-	 * @return a unmodifiable Set containing the elements in the
-	 * array.
-	 */
-	public static Set<Character> arrayToUnmodifiableSet(char...array)
-	{
-		if(array == null)
-			return Collections.emptySet();
-		if(array.length == 1)
-			return Collections.singleton(array[0]);
-		return Collections.unmodifiableSet(arrayToSet(array));
-	}
-
-	/**
-	 * Convert a String to a char array
-	 * @param str The string to convert
-	 * @return character array containing the characters in str. An
-	 * 	empty array is returned if str is null.
-	 */
-	public static char[] strToChars(String str)
-	{
-		int len;
-		char[] ret;
-
-		if(str == null)
-			return EMPTY_CHAR_ARRAY;
-		len = str.length();
-		ret = new char[len];
-		str.getChars(0,len,ret,0);
-		return ret;
-	}
-
-	/**
-	 * Convert a String to a set of characters.
-	 * @param str The string to convert
-	 * @return A set containing the characters in str. A empty set
-	 * 	is returned if str is null.
-	 */
-	public static Set<Character> strToSet(String str)
-	{
-		Set<Character> set;
-
-		if(str == null)
-			return new HashSet<Character>();
-		set = new HashSet<Character>(str.length());
-		for(int i=0;i<str.length();i++)
-			set.add(str.charAt(i));
-		return set;
-	}
-
-	/**
-	 * Convert a String to a unmodifiable set of characters.
-	 * @param str The string to convert
-	 * @return A set containing the characters in str. A empty set
-	 * 	is returned if str is null.
-	 */
-	public static Set<Character> strToUnmodifiableSet(String str)
-	{
-		if(str == null)
-			return Collections.emptySet();
-		if(str.length() == 1)
-			return Collections.singleton(str.charAt(0));
-		return Collections.unmodifiableSet(strToSet(str));
-	}
-
-	/**
-	 * Private constructor to prevent instantiation.
-	 */
-	private CollectionsUtil()
-	{
-	}
-}
+/**
+ *
+ */
+package org.owasp.esapi.util;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author Neil Matatall (neil.matatall .at. gmail.com)
+ *
+ * Are these necessary?  Are there any libraries or java.lang classes to take
+ * care of the conversions?
+ *
+ * FIXME: we can convert to using this, but it requires that the array be of Character, not char
+ *      new HashSet(Arrays.asList(array))
+ *
+ */
+public class CollectionsUtil
+{
+    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
+
+    /**
+     * Converts an array of chars to a Set of Characters.
+     * @param array the contents of the new Set
+     * @return a Set containing the elements in the array
+     */
+    public static Set<Character> arrayToSet(char...array)
+    {
+        Set<Character> toReturn;
+
+        if(array == null)
+            return new HashSet<Character>();
+        toReturn = new HashSet<Character>(array.length);
+        for (char c : array) {
+            toReturn.add(c);
+        }
+        return toReturn;
+    }
+
+    /**
+     * Convert a char array to an unmodifiable Set.
+     * @param array the contents of the new Set
+     * @return an unmodifiable Set containing the elements in the
+     * array.
+     */
+    public static Set<Character> arrayToUnmodifiableSet(char...array)
+    {
+        if(array == null)
+            return Collections.emptySet();
+        if(array.length == 1)
+            return Collections.singleton(array[0]);
+        return Collections.unmodifiableSet(arrayToSet(array));
+    }
+
+    /**
+     * Convert a String to a char array
+     * @param str The string to convert
+     * @return character array containing the characters in str. An
+     *     empty array is returned if str is null.
+     */
+    public static char[] strToChars(String str)
+    {
+        int len;
+        char[] ret;
+
+        if(str == null)
+            return EMPTY_CHAR_ARRAY;
+        len = str.length();
+        ret = new char[len];
+        str.getChars(0,len,ret,0);
+        return ret;
+    }
+
+    /**
+     * Convert a String to a set of characters.
+     * @param str The string to convert
+     * @return A set containing the characters in str. An empty set
+     *     is returned if str is null.
+     */
+    public static Set<Character> strToSet(String str)
+    {
+        Set<Character> set;
+
+        if(str == null)
+            return new HashSet<Character>();
+        set = new HashSet<Character>(str.length());
+        for(int i=0;i<str.length();i++)
+            set.add(str.charAt(i));
+        return set;
+    }
+
+    /**
+     * Convert a String to an unmodifiable set of characters.
+     * @param str The string to convert
+     * @return A set containing the characters in str. An empty set
+     *     is returned if str is null.
+     */
+    public static Set<Character> strToUnmodifiableSet(String str)
+    {
+        if(str == null)
+            return Collections.emptySet();
+        if(str.length() == 1)
+            return Collections.singleton(str.charAt(0));
+        return Collections.unmodifiableSet(strToSet(str));
+    }
+
+    /**
+     * Private constructor to prevent instantiation.
+     */
+    private CollectionsUtil()
+    {
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java b/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java
index bb0e21b56..ee9de4286 100644
--- a/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java
+++ b/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java
@@ -1,49 +1,49 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Pawan Singh (pawan.singh@owasp.org) <a href="www.owasp.org">OWASP</a>
- * @created 2009
- */
-package org.owasp.esapi.util;
-
-import java.text.MessageFormat;
-import java.util.Locale;
-import java.util.ResourceBundle;
-
-import org.owasp.esapi.ESAPI;
-
-/**
- * @author Pawan Singh (pawan.singh@owasp.org)
- *
- */
-public class DefaultMessageUtil {
-
-    private final String DEFAULT_LOCALE_LANG = "en";
-    private final String DEFAULT_LOCALE_LOC = "US";
-    
-    private ResourceBundle messages = null;
-    
-    public void initialize() {
-    	try {
-                messages = ResourceBundle.getBundle("ESAPI", ESAPI.authenticator().getCurrentUser().getLocale());
-        } catch (Exception e) {
-                messages = ResourceBundle.getBundle("ESAPI", new Locale(DEFAULT_LOCALE_LANG,DEFAULT_LOCALE_LOC));
-        }
-    }
-
-
-	public String getMessage(String msgKey, Object[] arguments) {
-		
-		initialize();
-		return MessageFormat.format( messages.getString(msgKey), arguments );
-	}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Pawan Singh (pawan.singh@owasp.org) <a href="www.owasp.org">OWASP</a>
+ * @created 2009
+ */
+package org.owasp.esapi.util;
+
+import java.text.MessageFormat;
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+import org.owasp.esapi.ESAPI;
+
+/**
+ * @author Pawan Singh (pawan.singh@owasp.org)
+ *
+ */
+public class DefaultMessageUtil {
+
+    private final String DEFAULT_LOCALE_LANG = "en";
+    private final String DEFAULT_LOCALE_LOC = "US";
+
+    private ResourceBundle messages = null;
+
+    public void initialize() {
+        try {
+                messages = ResourceBundle.getBundle("ESAPI", ESAPI.authenticator().getCurrentUser().getLocale());
+        } catch (Exception e) {
+                messages = ResourceBundle.getBundle("ESAPI", new Locale(DEFAULT_LOCALE_LANG,DEFAULT_LOCALE_LOC));
+        }
+    }
+
+
+    public String getMessage(String msgKey, Object[] arguments) {
+
+        initialize();
+        return MessageFormat.format( messages.getString(msgKey), arguments );
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/util/NullSafe.java b/src/main/java/org/owasp/esapi/util/NullSafe.java
index 062c0fa67..a0bee5f55 100644
--- a/src/main/java/org/owasp/esapi/util/NullSafe.java
+++ b/src/main/java/org/owasp/esapi/util/NullSafe.java
@@ -2,51 +2,51 @@
 
 public class NullSafe
 {
-	/**
-	 * Class should not be instantiated.
-	 */
-	private NullSafe()
-	{
-	}
+    /**
+     * Class should not be instantiated.
+     */
+    private NullSafe()
+    {
+    }
 
-	/**
-	 * {@link Object#equals(Object)} that safely handles nulls.
-	 * @param a First object
-	 * @param b Second object
-	 * @return true if a == b or a.equals(b). false otherwise.
-	 */
-	public static boolean equals(Object a, Object b)
-	{
-		if(a==b)	// short cut same object
-			return true;
-		if(a == null)
-			return (b == null);
-		if(b == null)
-			return false;
-		return a.equals(b);
-	}
+    /**
+     * {@link Object#equals(Object)} that safely handles nulls.
+     * @param a First object
+     * @param b Second object
+     * @return true if a == b or a.equals(b). false otherwise.
+     */
+    public static boolean equals(Object a, Object b)
+    {
+        if(a==b)    // short cut same object
+            return true;
+        if(a == null)
+            return (b == null);
+        if(b == null)
+            return false;
+        return a.equals(b);
+    }
 
-	/**
-	 * {@link Object#hashCode()} of an object.
-	 * @param o Object to get a hashCode for.
-	 * @return 0 if o is null. Otherwise o.hashCode().
-	 */
-	public static int hashCode(Object o)
-	{
-		if(o == null)
-			return 0;
-		return o.hashCode();
-	}
+    /**
+     * {@link Object#hashCode()} of an object.
+     * @param o Object to get a hashCode for.
+     * @return 0 if o is null. Otherwise o.hashCode().
+     */
+    public static int hashCode(Object o)
+    {
+        if(o == null)
+            return 0;
+        return o.hashCode();
+    }
 
-	/**
-	 * {@link Object#toString()} of an object.
-	 * @param o Object to get a String for.
-	 * @return "(null)" o is null. Otherwise o.toString().
-	 */
-	public static String toString(Object o)
-	{
-		if(o == null)
-			return "(null)";
-		return o.toString();
-	}
+    /**
+     * {@link Object#toString()} of an object.
+     * @param o Object to get a String for.
+     * @return "(null)" o is null. Otherwise o.toString().
+     */
+    public static String toString(Object o)
+    {
+        if(o == null)
+            return "(null)";
+        return o.toString();
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/util/ObjFactory.java b/src/main/java/org/owasp/esapi/util/ObjFactory.java
index fce6afe48..3faa6a847 100644
--- a/src/main/java/org/owasp/esapi/util/ObjFactory.java
+++ b/src/main/java/org/owasp/esapi/util/ObjFactory.java
@@ -1,6 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
@@ -13,10 +13,11 @@
 
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A generic object factory to create an object of class T. T must be a concrete
- * class that has a no-argument public constructor or a implementor of the Singleton pattern
+ * class that has a no-argument public constructor or an implementor of the Singleton pattern
  * that has a no-arg static getInstance method. If the class being created has a getInstance
  * method, it will be used as a singleton and newInstance() will never be called on the
  * class no matter how many times it comes through this factory.
@@ -24,17 +25,17 @@
  * <p>
  * Typical use is something like:
  * <pre>
- * 		import com.example.interfaces.DrinkingEstablishment;
- * 		import com.example.interfaces.Beer;
- * 		...
- * 		// Typically these would be populated from some Java properties file
- * 		String barName = "com.example.foo.Bar";
- * 		String beerBrand = "com.example.brewery.Guiness";
- * 		...
- * 		DrinkingEstablishment bar = ObjFactory.make(barName, "DrinkingEstablishment");
- * 		Beer beer = ObjFactory.make(beerBrand, "Beer");
- *		bar.drink(beer);	// Drink a Guiness beer at the foo Bar. :)
- *		...
+ *         import com.example.interfaces.DrinkingEstablishment;
+ *         import com.example.interfaces.Beer;
+ *         ...
+ *         // Typically these would be populated from some Java properties file
+ *         String barName = "com.example.foo.Bar";
+ *         String beerBrand = "com.example.brewery.Guinness";
+ *         ...
+ *         DrinkingEstablishment bar = ObjFactory.make(barName, "DrinkingEstablishment");
+ *         Beer beer = ObjFactory.make(beerBrand, "Beer");
+ *        bar.drink(beer);    // Drink a Guinness beer at the foo Bar. :)
+ *        ...
  * </pre>
  * </p><p>
  *  Copyright (c) 2009 - The OWASP Foundation
@@ -44,45 +45,44 @@
  */
 public class ObjFactory {
 
-	/**
-	 * Create an object based on the <code>className</code> parameter.
-	 * 
-	 * @param className	The name of the class to construct. Should be a fully qualified name and
-	 * 					generally the same as type <code>T</code>
-	 * @param typeName	A type name used in error messages / exceptions.
-	 * @return	An object of type <code>className</code>, which is cast to type <code>T</code>.
-	 * @throws	ConfigurationException thrown if class name not found in class path, or does not
-	 * 			have a public, no-argument constructor, or is not a concrete class, or if it is
-	 * 			not a sub-type of <code>T</code> (or <code>T</code> itself). Usually this is
-	 * 			caused by a misconfiguration of the class names specified in the ESAPI.properties
-	 * 			file. Also thrown if the CTOR of the specified <code>className</code> throws
-	 * 			an <code>Exception</code> of some type.
-	 */
-	@SuppressWarnings({ "unchecked" })	// Added because of Eclipse warnings, but ClassCastException IS caught.
-	public static <T> T make(String className, String typeName) throws ConfigurationException {
-		Object obj = null;
-		String errMsg = null;
-		try {
-			if (null == className || "".equals(className) ) {
-				throw new IllegalArgumentException("Classname cannot be null or empty.");
-			}
-			if (null == typeName || "".equals(typeName) ) {
-				// No big deal...just use "[unknown?]" for this as it's only for an err msg.
-				typeName = "[unknown?]";	// CHECKME: Any better suggestions?
-			}
-			
-			Class<?> theClass = Class.forName(className);
+    private static final int CACHE_INITIAL_CAPACITY = 32;
+    private static final float CACHE_LOAD_FACTOR = 0.75F;
+    private static final ConcurrentHashMap<String,Class<?>> CLASSES_CACHE = new ConcurrentHashMap<>(CACHE_INITIAL_CAPACITY, CACHE_LOAD_FACTOR);
+    private static final ConcurrentHashMap<String,MethodWrappedInfo> METHODS_CACHE = new ConcurrentHashMap<>(CACHE_INITIAL_CAPACITY, CACHE_LOAD_FACTOR);
+    private static boolean cacheEnabled = true;
+
+    /**
+     * Create an object based on the <code>className</code> parameter.
+     *
+     * @param className    The name of the class to construct. Should be a fully qualified name and
+     *                     generally the same as type <code>T</code>
+     * @param typeName    A type name used in error messages / exceptions.
+     * @return    An object of type <code>className</code>, which is cast to type <code>T</code>.
+     * @throws    ConfigurationException thrown if class name not found in class path, or does not
+     *             have a public, no-argument constructor, or is not a concrete class, or if it is
+     *             not a sub-type of <code>T</code> (or <code>T</code> itself). Usually this is
+     *             caused by a misconfiguration of the class names specified in the ESAPI.properties
+     *             file. Also thrown if the CTOR of the specified <code>className</code> throws
+     *             an <code>Exception</code> of some type.
+     */
+    @SuppressWarnings({ "unchecked" })    // Added because of Eclipse warnings, but ClassCastException IS caught.
+    public static <T> T make(String className, String typeName) throws ConfigurationException {
+        Object obj = null;
+        String errMsg = null;
+        try {
+            if (null == className || "".equals(className) ) {
+                throw new IllegalArgumentException("Classname cannot be null or empty.");
+            }
+            if (null == typeName || "".equals(typeName) ) {
+                // No big deal...just use "[unknown?]" for this as it's only for an err msg.
+                typeName = "[unknown?]";    // CHECKME: Any better suggestions?
+            }
+
+            Class<?> theClass = loadClassByStringName(className);
 
             try {
-                Method singleton = theClass.getMethod( "getInstance" );
-
-                // If the implementation class contains a getInstance method that is not static, this is an invalid
-                // object configuration and a ConfigurationException will be thrown.
-                if ( !Modifier.isStatic( singleton.getModifiers() ) )
-                {
-                    throw new ConfigurationException( "Class [" + className + "] contains a non-static getInstance method." );
-                }
-                
+                Method singleton = findSingletonCreateMethod(className, theClass);
+
                 obj = singleton.invoke( null );
             } catch (NoSuchMethodException e) {
                 // This is a no-error exception, if this is caught we will continue on assuming the implementation was
@@ -92,47 +92,148 @@ public static <T> T make(String className, String typeName) throws Configuration
                 // The class is meant to be singleton, however, the SecurityManager restricts us from calling the
                 // getInstance method on the class, thus this is a configuration issue and a ConfigurationException
                 // is thrown
-                throw new ConfigurationException( "The SecurityManager has restricted the object factory from getting a reference to the singleton implementation" +
+                throw new ConfigurationException( "The SecurityManager has restricted the object factory from getting a reference to the singleton implementation " +
                         "of the class [" + className + "]", e );
             }
 
-			return (T)obj;		// Eclipse warning here if @SupressWarnings omitted.
-			
+            return (T)obj;        // Eclipse warning here if @SupressWarnings omitted.
+
             // Issue 66 - Removed System.out calls as we are throwing an exception in each of these cases
             // anyhow.
-		} catch( IllegalArgumentException ex ) {
-			errMsg = ex.toString() + " " + typeName + " type name cannot be null or empty.";
-			throw new ConfigurationException(errMsg, ex);
-		}catch ( ClassNotFoundException ex ) {
-			errMsg = ex.toString() + " " + typeName + " class (" + className + ") must be in class path.";
-			throw new ConfigurationException(errMsg, ex);
-		} catch( InstantiationException ex ) {
-			errMsg = ex.toString() + " " + typeName + " class (" + className + ") must be concrete.";
-			throw new ConfigurationException(errMsg, ex);
-		} catch( IllegalAccessException ex ) {
-			errMsg = ex.toString() + " " + typeName + " class (" + className + ") must have a public, no-arg constructor.";
-			throw new ConfigurationException(errMsg, ex);
-		} catch( ClassCastException ex ) {
-			errMsg = ex.toString() + " " + typeName + " class (" + className + ") must be a subtype of T in ObjFactory<T>";
-			throw new ConfigurationException(errMsg, ex);
-		} catch( Exception ex ) {
-			// Because we are using reflection, we want to catch any checked or unchecked Exceptions and
-			// re-throw them in a way we can handle them. Because using reflection to construct the object,
-			// we can't have the compiler notify us of uncaught exceptions. For example, JavaEncryptor()
-			// CTOR can throw [well, now it can] an EncryptionException if something goes wrong. That case
-			// is taken care of here.
-			//
-			// CHECKME: Should we first catch RuntimeExceptions so we just let unchecked Exceptions go through
-			//		    unaltered???
-			//
-			errMsg = ex.toString() + " " + typeName + " class (" + className + ") CTOR threw exception.";
-			throw new ConfigurationException(errMsg, ex);
-		}
-		// DISCUSS: Should we also catch ExceptionInInitializerError here? See Google Issue #61 comments.
-	}
-	
-	/**
-	 * Not instantiable
-	 */
-	private ObjFactory() { }
+        } catch( IllegalArgumentException ex ) {
+            errMsg = ex.toString() + " " + typeName + " type name cannot be null or empty.";
+            throw new ConfigurationException(errMsg, ex);
+        }catch ( ClassNotFoundException ex ) {
+            errMsg = ex.toString() + " " + typeName + " class (" + className + ") must be in class path.";
+            throw new ConfigurationException(errMsg, ex);
+        } catch( InstantiationException ex ) {
+            errMsg = ex.toString() + " " + typeName + " class (" + className + ") must be concrete.";
+            throw new ConfigurationException(errMsg, ex);
+        } catch( IllegalAccessException ex ) {
+            errMsg = ex.toString() + " " + typeName + " class (" + className + ") must have a public, no-arg constructor.";
+            throw new ConfigurationException(errMsg, ex);
+        } catch( ClassCastException ex ) {
+            errMsg = ex.toString() + " " + typeName + " class (" + className + ") must be a subtype of T in ObjFactory<T>";
+            throw new ConfigurationException(errMsg, ex);
+        } catch( Exception ex ) {
+            // Because we are using reflection, we want to catch any checked or unchecked Exceptions and
+            // re-throw them in a way we can handle them. Because using reflection to construct the object,
+            // we can't have the compiler notify us of uncaught exceptions. For example, JavaEncryptor()
+            // CTOR can throw [well, now it can] an EncryptionException if something goes wrong. That case
+            // is taken care of here.
+            //
+            // CHECKME: Should we first catch RuntimeExceptions so we just let unchecked Exceptions go through
+            //            unaltered???
+            //
+            errMsg = ex.toString() + " " + typeName + " class (" + className + ") CTOR threw exception.";
+            throw new ConfigurationException(errMsg, ex);
+        }
+        // DISCUSS: Should we also catch ExceptionInInitializerError here? See Google Issue #61 comments.
+    }
+
+    /**
+     * Control whether cache for classes and method names should be enabled or disabled. Initial state is enabled.
+     * Ordinally, you are not expected to want to / have to call this method.  It's major purpose is a "just-in-case"
+     * something goes wrong is some weird context where multiple ESAPI jars are loaded into a give application and something
+     * goes wrong, etc. A secondary purpose is it allows us to easily disable the cache so we can measure its time savings.
+     *
+     * @param enable    true - enable cache; false - disable cache
+     */
+    public static void setCache(boolean enable) {
+        cacheEnabled = enable;
+    }
+
+    /**
+     * Load the class in cache, or load by the classloader and cache it
+     *
+     * @param className The name of the class to construct. Should be a fully qualified name
+     * @return The target class
+     * @throws ClassNotFoundException Failed to load class by the className
+     */
+    private static Class<?> loadClassByStringName(String className) throws ClassNotFoundException {
+        Class<?> clazz;
+        if (cacheEnabled && CLASSES_CACHE.containsKey(className)) {
+            clazz = CLASSES_CACHE.get(className);
+        } else {
+            clazz = Class.forName(className);
+            if ( cacheEnabled ) CLASSES_CACHE.putIfAbsent(className, clazz);
+        }
+        return clazz;
+    }
+
+    /**
+     * Find the method to create a singleton object
+     *
+     * @param className The name of the class to construct. Should be a fully qualified name
+     * @param theClass The class loaded in prior
+     * @return The method to create a singleton object
+     * @throws NoSuchMethodException Failed to find the target method
+     */
+    private static Method findSingletonCreateMethod(String className, Class<?> theClass) throws NoSuchMethodException {
+        MethodWrappedInfo singleton = loadMethodByStringName(className,theClass);
+
+        // If the implementation class contains a getInstance method that is not static, this is an invalid
+        // object configuration and a ConfigurationException will be thrown.
+        if (!singleton.isStaticMethod()) {
+            throw singleton.getNonStaticEx();
+        }
+        return singleton.getMethod();
+    }
+
+    /**
+     *
+     * @param className The name of the class to construct. Should be a fully qualified name
+     * @param theClass The class loaded in prior
+     * @return Wrapped data, contains the method object and the method is static method or not
+     * @throws NoSuchMethodException Failed to find the target method
+     */
+    private static MethodWrappedInfo loadMethodByStringName(String className, Class<?> theClass) throws NoSuchMethodException {
+        String methodName = className + "getInstance";
+        MethodWrappedInfo methodInfo;
+        if (cacheEnabled && METHODS_CACHE.containsKey(methodName)) {
+            methodInfo = METHODS_CACHE.get(methodName);
+        } else {
+            Method method = theClass.getMethod("getInstance");
+            boolean staticMethod = Modifier.isStatic(method.getModifiers());
+            ConfigurationException nonStaticEx = staticMethod ? null :
+                    new ConfigurationException("Class [" + className + "] contains a non-static getInstance method.");
+            methodInfo = new MethodWrappedInfo(method, staticMethod, nonStaticEx);
+            if ( cacheEnabled ) METHODS_CACHE.putIfAbsent(methodName, methodInfo);
+        }
+        return methodInfo;
+    }
+
+    /**
+     * Not instantiable
+     */
+    private ObjFactory() { }
+
+    /**
+     * Wrapped data, contains the method object and the method is static method or not.<br>
+     * The goal to store the boolean value in field staticMethod is reduce the check times: check once, use many times.<br>
+     * The goal to store the exception in field nonStaticException is reduce the cost of new Exception(): create once, use many times.
+     */
+    private static class MethodWrappedInfo {
+        private Method method;
+        private boolean staticMethod;
+        private ConfigurationException nonStaticEx;
+
+        MethodWrappedInfo(Method method, boolean staticMethod, ConfigurationException nonStaticEx) {
+            this.method = method;
+            this.staticMethod = staticMethod;
+            this.nonStaticEx = nonStaticEx;
+        }
+
+        Method getMethod() {
+            return method;
+        }
+
+        boolean isStaticMethod() {
+            return staticMethod;
+        }
+
+        ConfigurationException getNonStaticEx() {
+            return nonStaticEx;
+        }
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
index 9ea04fd7b..8368e222a 100644
--- a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
+++ b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
@@ -1,40 +1,42 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import nu.xom.ValidityException;
-
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-
-/**
- * The Exception to be thrown when there is an error parsing a policy file.
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.configuration.ConfigurationParser
- *
- */
-public class ConfigurationException extends EnterpriseSecurityException {
-
-	public ConfigurationException(String userMsg, String logMsg) {
-		super(userMsg,logMsg);
-	}
-
-	public ConfigurationException(String userMsg, String logMsg,
-			Throwable t) {
-		super(userMsg,logMsg,t);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import nu.xom.ValidityException;
+
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+
+/**
+ * The Exception to be thrown when there is an error parsing a policy file.
+ *
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.configuration.ConfigurationParser
+ *
+ */
+public class ConfigurationException extends EnterpriseSecurityException {
+
+    protected static final long serialVersionUID = 1L;
+
+    public ConfigurationException(String userMsg, String logMsg) {
+        super(userMsg,logMsg);
+    }
+
+    public ConfigurationException(String userMsg, String logMsg,
+            Throwable t) {
+        super(userMsg,logMsg,t);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java b/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
index 4563c0d57..c1e7734f6 100644
--- a/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
+++ b/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
@@ -1,466 +1,503 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.File;
-
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.util.List;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.log4j.xml.DOMConfigurator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.BlockAction;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.RedirectAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.configuration.ConfigurationParser;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-import org.owasp.esapi.waf.rules.Rule;
-
-/**
- * This is the main class for the ESAPI Web Application Firewall (WAF). It is a standard J2EE servlet filter
- * that, in different methods, invokes the reading of the configuration file and handles the runtime processing
- * and enforcing of the developer-specified rules.
- * 
- * Ideally the filter should be configured to catch all requests (/*) in web.xml. If there are URL segments that
- * need to be extremely fast and don't require any protection, the pattern may be modified with extreme caution.
- *  
- * @author Arshan Dabirsiaghi
- *
- */
-public class ESAPIWebApplicationFirewallFilter implements Filter {
-
-	private AppGuardianConfiguration appGuardConfig;
-
-	private static final String CONFIGURATION_FILE_PARAM = "configuration";
-	private static final String LOGGING_FILE_PARAM = "log_settings";
-	private static final String POLLING_TIME_PARAM = "polling_time";
-	
-	private static final int DEFAULT_POLLING_TIME = 30000;
-	
-	private String configurationFilename = null;
-
-    private long pollingTime;
-	
-	private long lastConfigReadTime;
-	
-	//private static final String FAUX_SESSION_COOKIE = "FAUXSC";
-	//private static final String SESSION_COOKIE_CANARY = "org.owasp.esapi.waf.canary";
-
-	private FilterConfig fc;
-	
-	private final Logger logger = ESAPI.getLogger(ESAPIWebApplicationFirewallFilter.class);
-
-	/**
-	 * This function is used in testing to dynamically alter the configuration.
-	 * @param policyFilePath The path to the policy file
-	 * @param webRootDir The root directory of the web application.
-     * @throws FileNotFoundException if the policy file cannot be located
-	 */
-	public void setConfiguration( String policyFilePath, String webRootDir ) throws FileNotFoundException {
-		try {
-			appGuardConfig = ConfigurationParser.readConfigurationFile(new FileInputStream(new File(policyFilePath)), webRootDir);
-			lastConfigReadTime = System.currentTimeMillis();
-			configurationFilename = policyFilePath;
-		} catch (ConfigurationException e ) {
-            // TODO: It would be ideal if this method through the ConfigurationException rather than catching it and
-            // writing the error to the console.
-			e.printStackTrace();
-		}
-	}
-	
-	public AppGuardianConfiguration getConfiguration() {
-		return appGuardConfig;
-	}
-	
-	
-	/**
-	 * 
-	 * This function is invoked at application startup and when the configuration file
-	 * polling period has elapsed and a change in the configuration file has been detected.
-	 * 
-	 * It's main purpose is to read the configuration file and establish the configuration
-	 * object model for use at runtime during the <code>doFilter()</code> method. 
-	 */
-	public void init(FilterConfig fc) throws ServletException {
-
-		/*
-		 * This variable is saved so that we can retrieve it later to re-invoke this function.
-		 */
-		this.fc = fc;
-		
-		logger.debug(Logger.EVENT_SUCCESS, ">> Initializing WAF" );
-		/*
-		 * Pull logging file.
-		 */
-
-        // Demoted scope to a local since this is the only place it is referenced
-        String logSettingsFilename = fc.getInitParameter(LOGGING_FILE_PARAM);
-
-		String realLogSettingsFilename = fc.getServletContext().getRealPath(logSettingsFilename);
-		
-		if ( realLogSettingsFilename == null || (! new File(realLogSettingsFilename).exists()) ) {
-			throw new ServletException("[ESAPI WAF] Could not find log file at resolved path: " + realLogSettingsFilename);
-		}
-
-		/*
-		 * Pull main configuration file.
-		 */
-
-		configurationFilename = fc.getInitParameter(CONFIGURATION_FILE_PARAM);
-
-		configurationFilename = fc.getServletContext().getRealPath(configurationFilename);
-		
-		if ( configurationFilename == null || ! new File(configurationFilename).exists() ) {
-			throw new ServletException("[ESAPI WAF] Could not find configuration file at resolved path: " + configurationFilename);
-		}
-
-		/*
-		 * Find out polling time from a parameter. If none is provided, use
-		 * the default (10 seconds).
-		 */
-		
-		String sPollingTime = fc.getInitParameter(POLLING_TIME_PARAM);
-		
-		if ( sPollingTime != null ) {
-			pollingTime = Long.parseLong(sPollingTime);
-		} else {
-			pollingTime = DEFAULT_POLLING_TIME;
-		}
-		
-		/*
-		 * Open up configuration file and populate the AppGuardian configuration object.
-		 */
-
-		try {
-
-			String webRootDir = fc.getServletContext().getRealPath("/");
-			appGuardConfig = ConfigurationParser.readConfigurationFile(new FileInputStream(configurationFilename),webRootDir);
-
-			DOMConfigurator.configure(realLogSettingsFilename);
-
-			lastConfigReadTime = System.currentTimeMillis();
-			
-		} catch (FileNotFoundException e) {
-			throw new ServletException(e);
-		} catch (ConfigurationException e) {
-			throw new ServletException(e);
-		}
-
-	}
-
-
-	/**
-	 * This is the where the main interception and rule-checking logic of the WAF resides.
-	 */
-	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
-			FilterChain chain) throws IOException, ServletException {
-
-		/*
-		 * Check to see if polling time has elapsed. If it has, that means
-		 * we should check to see if the config file has been changed. If
-		 * it has, then re-read it.
-		 *
-		 * // TODO: Any reason this logic shouldn't be moved into a polling thread class?
-		 */
-		
-		if ( (System.currentTimeMillis() - lastConfigReadTime) > pollingTime ) {
-			File f = new File(configurationFilename);
-			long lastModified = f.lastModified();
-			if ( lastModified > lastConfigReadTime ) {
-				/*
-				 * The file has been altered since it was
-				 * read in the last time. Must re-read it.
-				 */
-				logger.debug(Logger.EVENT_SUCCESS, ">> Re-reading WAF policy");
-				init(fc);
-			}
-		}
-		
-		logger.debug(Logger.EVENT_SUCCESS, ">>In WAF doFilter");
-
-		HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
-		HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
-
-		InterceptingHTTPServletRequest request = null;
-		InterceptingHTTPServletResponse response = null;
-
-		/*
-		 * First thing to do is create the InterceptingHTTPServletResponse, since
-		 * we'll need that possibly before the InterceptingHTTPServletRequest.
-		 *
-		 * The normal HttpRequest-type objects will suffice us until we get to
-		 * stage 2.
-		 *
-		 * 1st argument = the response to base the instance on
-		 * 2nd argument = should we bother intercepting the egress response?
-		 * 3rd argument = cookie rules because thats where they mostly get acted on
-		 */
-		
-		if ( 	appGuardConfig.getCookieRules().size() + 
-				appGuardConfig.getBeforeResponseRules().size() > 0) {
-			response = new InterceptingHTTPServletResponse(httpResponse, true, appGuardConfig.getCookieRules());
-		}
-		
-		/*
-		 * Stage 1: Rules that do not need the request body.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Starting stage 1" );
-
-		List<Rule> rules = this.appGuardConfig.getBeforeBodyRules();
-
-		for(int i=0;i<rules.size();i++) {
-
-			Rule rule = rules.get(i);
-			logger.debug(Logger.EVENT_SUCCESS,  "  Applying BEFORE rule:  " + rule.getClass().getName() );
-			
-			/*
-			 * The rules execute in check(). The check() method will also log. All we have
-			 * to do is decide what other actions to take.
-			 */
-			Action action = rule.check(httpRequest, response, httpResponse);
-
-			if ( action.isActionNecessary() ) {
-
-				if ( action instanceof BlockAction ) {
-					if ( response != null ) {
-						response.setStatus(appGuardConfig.getDefaultResponseCode());
-					} else {
-						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-					}
-					return;
-
-				} else if ( action instanceof RedirectAction ) {
-					sendRedirect(response, httpResponse, ((RedirectAction)action).getRedirectURL()); 
-					return;
-
-				} else if ( action instanceof DefaultAction ) {
-
-					switch ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
-						case AppGuardianConfiguration.BLOCK:
-							if ( response != null ) {
-								response.setStatus(appGuardConfig.getDefaultResponseCode());
-							} else {
-								httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-							}
-							return;
-							
-						case AppGuardianConfiguration.REDIRECT:
-							sendRedirect(response, httpResponse);
-							return;
-					}
-				}
-			}
-		}
-
-		/*
-		 * Create the InterceptingHTTPServletRequest.
-		 */
-		
-		try {
-			request = new InterceptingHTTPServletRequest((HttpServletRequest)servletRequest);
-		} catch (FileUploadException fue) {
-			logger.error(Logger.EVENT_SUCCESS,  "Error Wrapping Request", fue );
-		}
-
-		/*
-		 * Stage 2: After the body has been read, but before the the application has gotten it.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 2" );
-
-		rules = this.appGuardConfig.getAfterBodyRules();
-
-		for(int i=0;i<rules.size();i++) {
-
-			Rule rule = rules.get(i);
-			logger.debug(Logger.EVENT_SUCCESS,  "  Applying BEFORE CHAIN rule:  " + rule.getClass().getName() );
-
-			/*
-			 * The rules execute in check(). The check() method will take care of logging. 
-			 * All we have to do is decide what other actions to take.
-			 */
-			Action action = rule.check(request, response, httpResponse);
-
-			if ( action.isActionNecessary() ) {
-
-				if ( action instanceof BlockAction ) {
-					if ( response != null ) {
-						response.setStatus(appGuardConfig.getDefaultResponseCode());
-					} else {
-						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-					}
-					return;
-
-				} else if ( action instanceof RedirectAction ) {
-					sendRedirect(response, httpResponse, ((RedirectAction)action).getRedirectURL());
-					return;
-
-				} else if ( action instanceof DefaultAction ) {
-
-					switch ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
-						case AppGuardianConfiguration.BLOCK:
-							if ( response != null ) {
-								response.setStatus(appGuardConfig.getDefaultResponseCode());
-							} else {
-								httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-							}
-							return;
-
-						case AppGuardianConfiguration.REDIRECT:
-							sendRedirect(response, httpResponse);
-							return;
-					}
-				}
-			}
-		}
-
-		/*
-		 * In between stages 2 and 3 is the application's processing of the input.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Calling the FilterChain: " + chain );
-		chain.doFilter(request, response != null ? response : httpResponse);
-
-		/*
-		 * Stage 3: Before the response has been sent back to the user.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 3" );
-
-		rules = this.appGuardConfig.getBeforeResponseRules();
-
-		for(int i=0;i<rules.size();i++) {
-
-			Rule rule = rules.get(i);
-			logger.debug(Logger.EVENT_SUCCESS,  "  Applying AFTER CHAIN rule:  " + rule.getClass().getName() );
-
-			/*
-			 * The rules execute in check(). The check() method will also log. All we have
-			 * to do is decide what other actions to take.
-			 */
-			Action action = rule.check(request, response, httpResponse);
-
-			if ( action.isActionNecessary() ) {
-
-				if ( action instanceof BlockAction ) {
-					if ( response != null ) {
-						response.setStatus(appGuardConfig.getDefaultResponseCode());
-					} else {
-						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-					}
-					return;
-
-				} else if ( action instanceof RedirectAction ) {
-					sendRedirect(response, httpResponse, ((RedirectAction)action).getRedirectURL());
-					return;
-
-				} else if ( action instanceof DefaultAction ) {
-
-					switch ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
-						case AppGuardianConfiguration.BLOCK:
-							if ( response != null ) {
-								response.setStatus(appGuardConfig.getDefaultResponseCode());
-							} else {
-								httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-							}
-							return;
-
-						case AppGuardianConfiguration.REDIRECT:
-							sendRedirect(response, httpResponse);
-							return;
-					}
-				}
-			}
-		}
-
-		/*
-		 * Now that we've run our last set of rules we can allow the response to go through if
-		 * we were intercepting.
-		 */
-		
-		if ( response != null ) {
-			logger.debug(Logger.EVENT_SUCCESS, ">>> committing reponse" );
-			response.commit();
-		}
-	}
-
-	/*
-	 * Utility method to send HTTP redirects that automatically determines which response class to use.
-	 */
-	private void sendRedirect(InterceptingHTTPServletResponse response,
-			HttpServletResponse httpResponse, String redirectURL) throws IOException {
-		
-		if ( response != null ) { // if we've been buffering everything we clean it all out before sending back.
-			response.reset();
-			response.resetBuffer();
-			response.sendRedirect(redirectURL);
-			response.commit();
-		} else {
-			httpResponse.sendRedirect(redirectURL);
-		}
-		
-	}
-
-	public void destroy() {
-		/*
-		 * Any cleanup necessary?
-		 */
-	}
-
-	
-	private void sendRedirect(InterceptingHTTPServletResponse response, HttpServletResponse httpResponse) throws IOException {
-        /* [chrisisbeef] - commented out as this is not currently used. Minor performance tweak.
-		String finalJavaScript = AppGuardianConfiguration.JAVASCRIPT_REDIRECT;
-		finalJavaScript = finalJavaScript.replaceAll(AppGuardianConfiguration.JAVASCRIPT_TARGET_TOKEN, appGuardConfig.getDefaultErrorPage());
-        */
-
-		if ( response != null ) {
-			response.reset();
-			response.resetBuffer();
-			/*
-			response.setStatus(appGuardConfig.getDefaultResponseCode());
-			response.getOutputStream().write(finalJavaScript.getBytes());
-			*/
-			response.sendRedirect(appGuardConfig.getDefaultErrorPage());
-			
-		} else {
-			if ( ! httpResponse.isCommitted() ) {
-				httpResponse.sendRedirect(appGuardConfig.getDefaultErrorPage());
-			} else {
-				/*
-				 * Can't send redirect because response is already committed. I'm not sure 
-				 * how this could happen, but I didn't want to cause IOExceptions in case
-				 * if it ever does. 
-				 */
-			}
-			
-		}
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.BlockAction;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.RedirectAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.configuration.ConfigurationParser;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+import org.owasp.esapi.waf.rules.Rule;
+
+/**
+ * This is the main class for the ESAPI Web Application Firewall (WAF). It is a
+ * standard J2EE servlet filter that, in different methods, invokes the reading
+ * of the configuration file and handles the runtime processing and enforcing of
+ * the developer-specified rules.
+ *
+ * Ideally the filter should be configured to catch all requests (/*) in
+ * web.xml. If there are URL segments that need to be extremely fast and don't
+ * require any protection, the pattern may be modified with extreme caution.
+ *
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class ESAPIWebApplicationFirewallFilter implements Filter {
+
+	private AppGuardianConfiguration appGuardConfig;
+
+	private static final String CONFIGURATION_FILE_PARAM = "configuration";
+	private static final String LOGGING_FILE_PARAM = "log_settings";
+	private static final String POLLING_TIME_PARAM = "polling_time";
+
+	private static final int DEFAULT_POLLING_TIME = 30000;
+
+	private String configurationFilename = null;
+
+	private long pollingTime;
+
+	private long lastConfigReadTime;
+
+	// private static final String FAUX_SESSION_COOKIE = "FAUXSC";
+	// private static final String SESSION_COOKIE_CANARY =
+	// "org.owasp.esapi.waf.canary";
+
+	private FilterConfig fc;
+
+	private final Logger logger = ESAPI.getLogger(ESAPIWebApplicationFirewallFilter.class);
+
+	/**
+	 * This function is used in testing to dynamically alter the configuration.
+	 *
+	 * @param policyFilePath
+	 *            The path to the policy file
+	 * @param webRootDir
+	 *            The root directory of the web application.
+	 * @throws FileNotFoundException
+	 *             if the policy file cannot be located
+	 */
+	public void setConfiguration(String policyFilePath, String webRootDir) throws FileNotFoundException {
+
+		FileInputStream inputStream = null;
+
+		try {
+			inputStream = new FileInputStream(new File(policyFilePath));
+			appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);
+			lastConfigReadTime = System.currentTimeMillis();
+			configurationFilename = policyFilePath;
+		} catch (ConfigurationException e) {
+			// TODO: It would be ideal if this method threw the
+			// ConfigurationException rather than catching it and
+			// writing the error to the console.
+			e.printStackTrace();
+		} finally {
+			if (inputStream != null) {
+				try {
+					inputStream.close();
+				} catch (IOException e) {
+					e.printStackTrace();
+				}
+			}
+		}
+	}
+
+	public AppGuardianConfiguration getConfiguration() {
+		return appGuardConfig;
+	}
+
+	/**
+	 *
+	 * This function is invoked at application startup and when the
+	 * configuration file polling period has elapsed and a change in the
+	 * configuration file has been detected.
+	 *
+	 * It's main purpose is to read the configuration file and establish the
+	 * configuration object model for use at runtime during the
+	 * <code>doFilter()</code> method.
+	 */
+	public void init(FilterConfig fc) throws ServletException {
+
+		/*
+		 * This variable is saved so that we can retrieve it later to re-invoke
+		 * this function.
+		 */
+		this.fc = fc;
+
+		logger.debug(Logger.EVENT_SUCCESS, ">> Initializing ESAPI WAF");
+		/*
+		 * Pull logging file. -- We now ignore this arg, but will log something
+         * letting users know we are ignoring it, because many of them never
+         * seem to read the release notes. And this is probably better than
+         * throwing an exception.
+		 */
+        String logSettingsFilename = fc.getInitParameter(LOGGING_FILE_PARAM);
+        if ( logSettingsFilename != null ) {
+            logger.warning(Logger.EVENT_FAILURE, ">> Since ESAPI 2.5.0.0, ESAPI WAF ignoring parameter '" +
+                    LOGGING_FILE_PARAM + "; for further details, see " +
+                    "https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.0.0-release-notes.txt");
+
+        }
+
+		/*
+		 * Pull main configuration file.
+		 */
+
+		configurationFilename = fc.getInitParameter(CONFIGURATION_FILE_PARAM);
+
+		configurationFilename = fc.getServletContext().getRealPath(configurationFilename);
+
+		if (configurationFilename == null || !new File(configurationFilename).exists()) {
+			throw new ServletException(
+					"[ESAPI WAF] Could not find configuration file at resolved path: " + configurationFilename);
+		}
+
+		/*
+		 * Find out polling time from a parameter. If none is provided, use the
+		 * default (10 seconds).
+		 */
+
+		String sPollingTime = fc.getInitParameter(POLLING_TIME_PARAM);
+
+		if (sPollingTime != null) {
+			pollingTime = Long.parseLong(sPollingTime);
+		} else {
+			pollingTime = DEFAULT_POLLING_TIME;
+		}
+
+		/*
+		 * Open up configuration file and populate the AppGuardian configuration
+		 * object.
+		 */
+
+		FileInputStream inputStream = null;
+
+		try {
+			String webRootDir = fc.getServletContext().getRealPath("/");
+			inputStream = new FileInputStream(configurationFilename);
+			appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);
+			lastConfigReadTime = System.currentTimeMillis();
+		} catch (FileNotFoundException e) {
+			throw new ServletException(e);
+		} catch (ConfigurationException e) {
+			throw new ServletException(e);
+		} finally {
+			if (inputStream != null) {
+				try {
+					inputStream.close();
+				} catch (IOException e) {
+					e.printStackTrace();
+				}
+			}
+		}
+	}
+
+	/**
+	 * This is the where the main interception and rule-checking logic of the
+	 * WAF resides.
+	 */
+	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
+			throws IOException, ServletException {
+
+		/*
+		 * Check to see if polling time has elapsed. If it has, that means we
+		 * should check to see if the config file has been changed. If it has,
+		 * then re-read it.
+		 *
+		 * // TODO: Any reason this logic shouldn't be moved into a polling
+		 * thread class?
+		 */
+
+		if ((System.currentTimeMillis() - lastConfigReadTime) > pollingTime) {
+			File f = new File(configurationFilename);
+			long lastModified = f.lastModified();
+			if (lastModified > lastConfigReadTime) {
+				/*
+				 * The file has been altered since it was read in the last time.
+				 * Must re-read it.
+				 */
+				logger.debug(Logger.EVENT_SUCCESS, ">> Re-reading WAF policy");
+				init(fc);
+			}
+		}
+
+		logger.debug(Logger.EVENT_SUCCESS, ">>In WAF doFilter");
+
+		HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
+		HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
+
+		InterceptingHTTPServletRequest request = null;
+		InterceptingHTTPServletResponse response = null;
+
+		/*
+		 * First thing to do is create the InterceptingHTTPServletResponse,
+		 * since we'll need that possibly before the
+		 * InterceptingHTTPServletRequest.
+		 *
+		 * The normal HttpRequest-type objects will suffice us until we get to
+		 * stage 2.
+		 *
+		 * 1st argument = the response to base the instance on 2nd argument =
+		 * should we bother intercepting the egress response? 3rd argument =
+		 * cookie rules because thats where they mostly get acted on
+		 */
+
+		if (appGuardConfig.getCookieRules().size() + appGuardConfig.getBeforeResponseRules().size() > 0) {
+			response = new InterceptingHTTPServletResponse(httpResponse, true, appGuardConfig.getCookieRules());
+		}
+
+		/*
+		 * Stage 1: Rules that do not need the request body.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Starting stage 1");
+
+		List<Rule> rules = this.appGuardConfig.getBeforeBodyRules();
+
+		for (int i = 0; i < rules.size(); i++) {
+
+			Rule rule = rules.get(i);
+			logger.debug(Logger.EVENT_SUCCESS, "  Applying BEFORE rule:  " + rule.getClass().getName());
+
+			/*
+			 * The rules execute in check(). The check() method will also log.
+			 * All we have to do is decide what other actions to take.
+			 */
+			Action action = rule.check(httpRequest, response, httpResponse);
+
+			if (action.isActionNecessary()) {
+
+				if (action instanceof BlockAction) {
+					if (response != null) {
+						response.setStatus(appGuardConfig.getDefaultResponseCode());
+					} else {
+						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+					}
+					return;
+
+				} else if (action instanceof RedirectAction) {
+					sendRedirect(response, httpResponse, ((RedirectAction) action).getRedirectURL());
+					return;
+
+				} else if (action instanceof DefaultAction) {
+
+					switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
+					case AppGuardianConfiguration.BLOCK:
+						if (response != null) {
+							response.setStatus(appGuardConfig.getDefaultResponseCode());
+						} else {
+							httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+						}
+						return;
+
+					case AppGuardianConfiguration.REDIRECT:
+						sendRedirect(response, httpResponse);
+						return;
+					}
+				}
+			}
+		}
+
+		/*
+		 * Create the InterceptingHTTPServletRequest.
+		 */
+
+		try {
+			request = new InterceptingHTTPServletRequest((HttpServletRequest) servletRequest);
+		} catch (FileUploadException fue) {
+			logger.error(Logger.EVENT_SUCCESS, "Error Wrapping Request", fue);
+		}
+
+		/*
+		 * Stage 2: After the body has been read, but before the the application
+		 * has gotten it.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 2");
+
+		rules = this.appGuardConfig.getAfterBodyRules();
+
+		for (int i = 0; i < rules.size(); i++) {
+
+			Rule rule = rules.get(i);
+			logger.debug(Logger.EVENT_SUCCESS, "  Applying BEFORE CHAIN rule:  " + rule.getClass().getName());
+
+			/*
+			 * The rules execute in check(). The check() method will take care
+			 * of logging. All we have to do is decide what other actions to
+			 * take.
+			 */
+			Action action = rule.check(request, response, httpResponse);
+
+			if (action.isActionNecessary()) {
+
+				if (action instanceof BlockAction) {
+					if (response != null) {
+						response.setStatus(appGuardConfig.getDefaultResponseCode());
+					} else {
+						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+					}
+					return;
+
+				} else if (action instanceof RedirectAction) {
+					sendRedirect(response, httpResponse, ((RedirectAction) action).getRedirectURL());
+					return;
+
+				} else if (action instanceof DefaultAction) {
+
+					switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
+					case AppGuardianConfiguration.BLOCK:
+						if (response != null) {
+							response.setStatus(appGuardConfig.getDefaultResponseCode());
+						} else {
+							httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+						}
+						return;
+
+					case AppGuardianConfiguration.REDIRECT:
+						sendRedirect(response, httpResponse);
+						return;
+					}
+				}
+			}
+		}
+
+		/*
+		 * In between stages 2 and 3 is the application's processing of the
+		 * input.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Calling the FilterChain: " + chain);
+		chain.doFilter(request, response != null ? response : httpResponse);
+
+		/*
+		 * Stage 3: Before the response has been sent back to the user.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 3");
+
+		rules = this.appGuardConfig.getBeforeResponseRules();
+
+		for (int i = 0; i < rules.size(); i++) {
+
+			Rule rule = rules.get(i);
+			logger.debug(Logger.EVENT_SUCCESS, "  Applying AFTER CHAIN rule:  " + rule.getClass().getName());
+
+			/*
+			 * The rules execute in check(). The check() method will also log.
+			 * All we have to do is decide what other actions to take.
+			 */
+			Action action = rule.check(request, response, httpResponse);
+
+			if (action.isActionNecessary()) {
+
+				if (action instanceof BlockAction) {
+					if (response != null) {
+						response.setStatus(appGuardConfig.getDefaultResponseCode());
+					} else {
+						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+					}
+					return;
+
+				} else if (action instanceof RedirectAction) {
+					sendRedirect(response, httpResponse, ((RedirectAction) action).getRedirectURL());
+					return;
+
+				} else if (action instanceof DefaultAction) {
+
+					switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
+					case AppGuardianConfiguration.BLOCK:
+						if (response != null) {
+							response.setStatus(appGuardConfig.getDefaultResponseCode());
+						} else {
+							httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+						}
+						return;
+
+					case AppGuardianConfiguration.REDIRECT:
+						sendRedirect(response, httpResponse);
+						return;
+					}
+				}
+			}
+		}
+
+		/*
+		 * Now that we've run our last set of rules we can allow the response to
+		 * go through if we were intercepting.
+		 */
+
+		if (response != null) {
+			logger.debug(Logger.EVENT_SUCCESS, ">>> committing reponse");
+			response.commit();
+		}
+	}
+
+	/*
+	 * Utility method to send HTTP redirects that automatically determines which
+	 * response class to use.
+	 */
+	private void sendRedirect(InterceptingHTTPServletResponse response, HttpServletResponse httpResponse,
+			String redirectURL) throws IOException {
+
+		if (response != null) { // if we've been buffering everything we clean
+								// it all out before sending back.
+			response.reset();
+			response.resetBuffer();
+			response.sendRedirect(redirectURL);
+			response.commit();
+		} else {
+			httpResponse.sendRedirect(redirectURL);
+		}
+
+	}
+
+	public void destroy() {
+		/*
+		 * Any cleanup necessary?
+		 */
+	}
+
+	private void sendRedirect(InterceptingHTTPServletResponse response, HttpServletResponse httpResponse)
+			throws IOException {
+		/*
+		 * [chrisisbeef] - commented out as this is not currently used. Minor
+		 * performance tweak. String finalJavaScript =
+		 * AppGuardianConfiguration.JAVASCRIPT_REDIRECT; finalJavaScript =
+		 * finalJavaScript.replaceAll(AppGuardianConfiguration.
+		 * JAVASCRIPT_TARGET_TOKEN, appGuardConfig.getDefaultErrorPage());
+		 */
+
+		if (response != null) {
+			response.reset();
+			response.resetBuffer();
+			/*
+			 * response.setStatus(appGuardConfig.getDefaultResponseCode());
+			 * response.getOutputStream().write(finalJavaScript.getBytes());
+			 */
+			response.sendRedirect(appGuardConfig.getDefaultErrorPage());
+
+		} else {
+			if (!httpResponse.isCommitted()) {
+				httpResponse.sendRedirect(appGuardConfig.getDefaultErrorPage());
+			} else {
+				/*
+				 * Can't send redirect because response is already committed.
+				 * I'm not sure how this could happen, but I didn't want to
+				 * cause IOExceptions in case if it ever does.
+				 */
+			}
+
+		}
+	}
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/actions/Action.java b/src/main/java/org/owasp/esapi/waf/actions/Action.java
index 87c3905ee..46db8e350 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/Action.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/Action.java
@@ -1,45 +1,45 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The base class indicating what is to be done after a rule executes.
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.rules.Rule
- */
-public abstract class Action {
-
-	protected boolean failed = true;
-	protected boolean actionNecessary = true;
-
-	public void setFailed(boolean didFail) {
-		failed = didFail;
-	}
-
-	public boolean failedRule() {
-		return failed;
-	}
-
-	public boolean isActionNecessary() {
-		return actionNecessary;
-	}
-
-	public void setActionNecessary(boolean b) {
-		this.actionNecessary = b;
-
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The base class indicating what is to be done after a rule executes.
+ *
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.rules.Rule
+ */
+public abstract class Action {
+
+    protected boolean failed = true;
+    protected boolean actionNecessary = true;
+
+    public void setFailed(boolean didFail) {
+        failed = didFail;
+    }
+
+    public boolean failedRule() {
+        return failed;
+    }
+
+    public boolean isActionNecessary() {
+        return actionNecessary;
+    }
+
+    public void setActionNecessary(boolean b) {
+        this.actionNecessary = b;
+
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java b/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java
index f2ce570e3..a9cf60fc8 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java
@@ -1,35 +1,35 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates the request processing should be halted and that a blank response
- * should be returned.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class BlockAction extends Action {
-
-	public boolean failedRule() {
-		return true;
-	}
-
-
-	public boolean isActionNecessary() {
-		return true;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates the request processing should be halted and that a blank response
+ * should be returned.
+ *
+ * @author Arshan Dabirsiaghi
+ */
+public class BlockAction extends Action {
+
+    public boolean failedRule() {
+        return true;
+    }
+
+
+    public boolean isActionNecessary() {
+        return true;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java b/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java
index c09156492..7aad503fa 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java
@@ -1,34 +1,34 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates the default action as indicated by the policy file
- * should be executed.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class DefaultAction extends Action {
-
-	public boolean failedRule() {
-		return true;
-	}
-
-	public boolean isActionNecessary() {
-		return true;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates the default action as indicated by the policy file
+ * should be executed.
+ *
+ * @author Arshan Dabirsiaghi
+ */
+public class DefaultAction extends Action {
+
+    public boolean failedRule() {
+        return true;
+    }
+
+    public boolean isActionNecessary() {
+        return true;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java
index 25dd05334..70d5970f2 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java
@@ -1,34 +1,34 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates that no further action is necessary.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class DoNothingAction extends Action {
-
-	public boolean failedRule() {
-		return this.failed;
-	}
-
-
-	public boolean isActionNecessary() {
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates that no further action is necessary.
+ *
+ * @author Arshan Dabirsiaghi
+ */
+public class DoNothingAction extends Action {
+
+    public boolean failedRule() {
+        return this.failed;
+    }
+
+
+    public boolean isActionNecessary() {
+        return false;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java b/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java
index 86875109d..b16fa4e64 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java
@@ -1,39 +1,39 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates the user should be redirected to another location.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class RedirectAction extends Action {
-
-	private String url = null;
-
-	/*
-	 * Setting this overrides the default value read in the config file.
-	 */
-	public void setRedirectURL(String s) {
-		this.url = s;
-	}
-
-	public String getRedirectURL() {
-		return this.url;
-	}
-
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates the user should be redirected to another location.
+ *
+ * @author Arshan Dabirsiaghi
+ */
+public class RedirectAction extends Action {
+
+    private String url = null;
+
+    /*
+     * Setting this overrides the default value read in the config file.
+     */
+    public void setRedirectURL(String s) {
+        this.url = s;
+    }
+
+    public String getRedirectURL() {
+        return this.url;
+    }
+
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/actions/package.html b/src/main/java/org/owasp/esapi/waf/actions/package.html
index 94adcc808..4fee1e14a 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/package.html
+++ b/src/main/java/org/owasp/esapi/waf/actions/package.html
@@ -1,11 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains the Action objects that are executed after a Rule subclass executes. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains the Action objects that are executed after a Rule subclass executes.
+
+</body>
+</html>
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
index 94ec57b11..25eb24847 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
@@ -1,227 +1,176 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.configuration;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.apache.log4j.Level;
-import org.owasp.esapi.waf.rules.Rule;
-
-/**
- * This class is the object model of the policy file. Also holds a number of constants
- * used throughout the WAF.
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class AppGuardianConfiguration {
-
-	/*
-	 * Fail modes (BLOCK blocks and logs the request, DONT_BLOCK simply logs)
-	 */
-	public static final int LOG = 0;
-	public static final int REDIRECT = 1;
-	public static final int BLOCK = 2;
-
-	/*
-	 * The operators.
-	 */
-	public static final int OPERATOR_EQ = 0;
-	public static final int OPERATOR_CONTAINS = 1;
-	public static final int OPERATOR_IN_LIST = 2;
-	public static final int OPERATOR_EXISTS = 3;
-
-	/*
-	 * We have static copies of the log settings so that the Rule objects
-	 * can access them, because they don't have access to the instance of
-	 * the configuration object.
-	 */
-	public static Level LOG_LEVEL = Level.INFO;	
-	public static String LOG_DIRECTORY = "/WEB-INF/logs";
-
-	/*
-	 * Logging settings.
-	 */
-	private Level logLevel = Level.INFO;
-	private String logDirectory = "/WEB-INF/logs";
-
-	/*
-	 * Default settings.
-	 */
-	public static int DEFAULT_FAIL_ACTION = LOG;
-
-	// TODO: use UTF-8
-	public static String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";
-	public static String DEFAULT_CONTENT_TYPE = "text/html; charset=" + DEFAULT_CHARACTER_ENCODING;
-
-	/*
-	 * The JavaScript to redirect users to the default error page. Have
-	 * to use this because response.sendRedirect() can't have an arbitrary
-	 * response code and that is a requirement.
-	 */
-	public static final String JAVASCRIPT_TARGET_TOKEN = "##1##";
-	public static final String JAVASCRIPT_REDIRECT = "<html><body><script>document.location='" + JAVASCRIPT_TARGET_TOKEN + "';</script></body></html>";
-
-	/*
-	 * The aliases declared in the beginning of the config file.
-	 */
-	private HashMap<String,Object> aliases;
-
-	/*
-	 * Fail response settings.
-	 */
-	private String defaultErrorPage;
-	private int defaultResponseCode;
-
-	private boolean forceHttpOnlyFlagToSession = false;
-	private boolean forceSecureFlagToSession = false;
-
-	private String sessionCookieName;
-	
-	public String getSessionCookieName() {
-		return sessionCookieName;
-	}
-
-	public void setSessionCookieName(String sessionCookieName) {
-		this.sessionCookieName = sessionCookieName;
-	}
-
-	/*
-	 * The object-level rules encapsulated by the stage in which they are executed.
-	 */
-	private List<Rule> beforeBodyRules;
-	private List<Rule> afterBodyRules;
-	private List<Rule> beforeResponseRules;
-	private List<Rule> cookieRules;
-
-	public AppGuardianConfiguration() {
-		beforeBodyRules = new ArrayList<Rule>();
-		afterBodyRules = new ArrayList<Rule>();
-		beforeResponseRules = new ArrayList<Rule>();
-		cookieRules = new ArrayList<Rule>();
-
-		aliases = new HashMap<String,Object>();
-	}
-
-	/*
-	 * The following methods are all deprecated because
-	 * we use ESAPI logging structures now.
-	 */
-	@Deprecated
-	public Level getLogLevel() {
-		return logLevel;
-	}
-	
-	@Deprecated
-	public void setLogLevel(Level level) {
-		LOG_LEVEL = level;
-		this.logLevel = level;
-	}
-	
-	@Deprecated
-	public void setLogDirectory(String dir) {
-		LOG_DIRECTORY = dir;
-		this.logDirectory = dir;
-	}
-	
-	@Deprecated
-	public String getLogDirectory() {
-		return logDirectory;
-	}
-	
-	public String getDefaultErrorPage() {
-		return defaultErrorPage;
-	}
-
-	public void setDefaultErrorPage(String defaultErrorPage) {
-		this.defaultErrorPage = defaultErrorPage;
-	}
-
-	public int getDefaultResponseCode() {
-		return defaultResponseCode;
-	}
-
-	public void setDefaultResponseCode(int defaultResponseCode) {
-		this.defaultResponseCode = defaultResponseCode;
-	}
-
-	public void addAlias(String key, Object obj) {
-		aliases.put(key, obj);
-	}
-
-	public List<Rule> getBeforeBodyRules() {
-		return beforeBodyRules;
-	}
-
-	public List<Rule> getAfterBodyRules() {
-		return afterBodyRules;
-	}
-
-	public List<Rule> getBeforeResponseRules() {
-		return beforeResponseRules;
-	}
-
-	public List<Rule> getCookieRules() {
-		return cookieRules;
-	}
-
-	public void addBeforeBodyRule(Rule r) {
-		beforeBodyRules.add(r);
-	}
-
-	public void addAfterBodyRule(Rule r) {
-		afterBodyRules.add(r);
-	}
-
-	public void addBeforeResponseRule(Rule r) {
-		beforeResponseRules.add(r);
-	}
-
-	public void addCookieRule(Rule r) {
-		cookieRules.add(r);
-	}
-
-	public void setApplyHTTPOnlyFlagToSessionCookie(boolean shouldApply) {
-		forceHttpOnlyFlagToSession = shouldApply;
-	}
-
-	public void setApplySecureFlagToSessionCookie(boolean shouldApply) {
-		forceSecureFlagToSession = shouldApply;
-	}
-	
-	public boolean isUsingHttpOnlyFlagOnSessionCookie() {
-		return forceHttpOnlyFlagToSession;
-	}
-
-	public boolean isUsingSecureFlagOnSessionCookie() {
-		return forceSecureFlagToSession;
-	}
-	
-	public String toString() {
-		StringBuilder sb = new StringBuilder( "WAF Configuration\n" );
-		sb.append( "Before body rules:\n" );
-		for ( Rule rule : beforeBodyRules ) sb.append( "  " + rule.toString() + "\n" );
-		sb.append( "After body rules:\n" );
-		for ( Rule rule : afterBodyRules ) sb.append( "  " + rule.toString() + "\n" );
-		sb.append( "Before response rules:\n" );
-		for ( Rule rule : beforeResponseRules ) sb.append( "  " + rule.toString() + "\n" );
-		sb.append( "Cookie rules:\n" );
-		for ( Rule rule : cookieRules ) sb.append( "  " + rule.toString() + "\n" );
-		return sb.toString();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.configuration;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.owasp.esapi.waf.rules.Rule;
+
+/**
+ * This class is the object model of the policy file. Also holds a number of constants
+ * used throughout the WAF.
+ *
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AppGuardianConfiguration {
+
+    /*
+     * Fail modes (BLOCK blocks and logs the request, DONT_BLOCK simply logs)
+     */
+    public static final int LOG = 0;
+    public static final int REDIRECT = 1;
+    public static final int BLOCK = 2;
+
+    /*
+     * The operators.
+     */
+    public static final int OPERATOR_EQ = 0;
+    public static final int OPERATOR_CONTAINS = 1;
+    public static final int OPERATOR_IN_LIST = 2;
+    public static final int OPERATOR_EXISTS = 3;
+
+
+    /*
+     * Default settings.
+     */
+    public static int DEFAULT_FAIL_ACTION = LOG;
+
+    // TODO: use UTF-8
+    public static String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";
+    public static String DEFAULT_CONTENT_TYPE = "text/html; charset=" + DEFAULT_CHARACTER_ENCODING;
+
+    /*
+     * The JavaScript to redirect users to the default error page. Have
+     * to use this because response.sendRedirect() can't have an arbitrary
+     * response code and that is a requirement.
+     */
+    public static final String JAVASCRIPT_TARGET_TOKEN = "##1##";
+    public static final String JAVASCRIPT_REDIRECT = "<html><body><script>document.location='" + JAVASCRIPT_TARGET_TOKEN + "';</script></body></html>";
+
+    /*
+     * Fail response settings.
+     */
+    private String defaultErrorPage;
+    private int defaultResponseCode;
+
+    private boolean forceHttpOnlyFlagToSession = false;
+    private boolean forceSecureFlagToSession = false;
+
+    private String sessionCookieName;
+
+    public String getSessionCookieName() {
+        return sessionCookieName;
+    }
+
+    public void setSessionCookieName(String sessionCookieName) {
+        this.sessionCookieName = sessionCookieName;
+    }
+
+    /*
+     * The object-level rules encapsulated by the stage in which they are executed.
+     */
+    private List<Rule> beforeBodyRules;
+    private List<Rule> afterBodyRules;
+    private List<Rule> beforeResponseRules;
+    private List<Rule> cookieRules;
+
+    public AppGuardianConfiguration() {
+        beforeBodyRules = new ArrayList<Rule>();
+        afterBodyRules = new ArrayList<Rule>();
+        beforeResponseRules = new ArrayList<Rule>();
+        cookieRules = new ArrayList<Rule>();
+    }
+
+    public String getDefaultErrorPage() {
+        return defaultErrorPage;
+    }
+
+    public void setDefaultErrorPage(String defaultErrorPage) {
+        this.defaultErrorPage = defaultErrorPage;
+    }
+
+    public int getDefaultResponseCode() {
+        return defaultResponseCode;
+    }
+
+    public void setDefaultResponseCode(int defaultResponseCode) {
+        this.defaultResponseCode = defaultResponseCode;
+    }
+
+
+    public List<Rule> getBeforeBodyRules() {
+        return beforeBodyRules;
+    }
+
+    public List<Rule> getAfterBodyRules() {
+        return afterBodyRules;
+    }
+
+    public List<Rule> getBeforeResponseRules() {
+        return beforeResponseRules;
+    }
+
+    public List<Rule> getCookieRules() {
+        return cookieRules;
+    }
+
+    public void addBeforeBodyRule(Rule r) {
+        beforeBodyRules.add(r);
+    }
+
+    public void addAfterBodyRule(Rule r) {
+        afterBodyRules.add(r);
+    }
+
+    public void addBeforeResponseRule(Rule r) {
+        beforeResponseRules.add(r);
+    }
+
+    public void addCookieRule(Rule r) {
+        cookieRules.add(r);
+    }
+
+    public void setApplyHTTPOnlyFlagToSessionCookie(boolean shouldApply) {
+        forceHttpOnlyFlagToSession = shouldApply;
+    }
+
+    public void setApplySecureFlagToSessionCookie(boolean shouldApply) {
+        forceSecureFlagToSession = shouldApply;
+    }
+
+    public boolean isUsingHttpOnlyFlagOnSessionCookie() {
+        return forceHttpOnlyFlagToSession;
+    }
+
+    public boolean isUsingSecureFlagOnSessionCookie() {
+        return forceSecureFlagToSession;
+    }
+
+    public String toString() {
+        StringBuilder sb = new StringBuilder( "WAF Configuration\n" );
+        sb.append( "Before body rules:\n" );
+        for ( Rule rule : beforeBodyRules ) sb.append( "  " + rule.toString() + "\n" );
+        sb.append( "After body rules:\n" );
+        for ( Rule rule : afterBodyRules ) sb.append( "  " + rule.toString() + "\n" );
+        sb.append( "Before response rules:\n" );
+        for ( Rule rule : beforeResponseRules ) sb.append( "  " + rule.toString() + "\n" );
+        sb.append( "Cookie rules:\n" );
+        for ( Rule rule : cookieRules ) sb.append( "  " + rule.toString() + "\n" );
+        return sb.toString();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index 2366fcdf5..b5474c460 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -1,627 +1,596 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.configuration;
-
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import nu.xom.Builder;
-import nu.xom.Document;
-import nu.xom.Element;
-import nu.xom.Elements;
-import nu.xom.ParsingException;
-import nu.xom.ValidityException;
-
-import org.apache.log4j.Level;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.waf.ConfigurationException;
-import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
-import org.owasp.esapi.waf.rules.AddHeaderRule;
-import org.owasp.esapi.waf.rules.AddSecureFlagRule;
-import org.owasp.esapi.waf.rules.AuthenticatedRule;
-import org.owasp.esapi.waf.rules.BeanShellRule;
-import org.owasp.esapi.waf.rules.DetectOutboundContentRule;
-import org.owasp.esapi.waf.rules.EnforceHTTPSRule;
-import org.owasp.esapi.waf.rules.HTTPMethodRule;
-import org.owasp.esapi.waf.rules.IPRule;
-import org.owasp.esapi.waf.rules.MustMatchRule;
-import org.owasp.esapi.waf.rules.PathExtensionRule;
-import org.owasp.esapi.waf.rules.ReplaceContentRule;
-import org.owasp.esapi.waf.rules.RestrictContentTypeRule;
-import org.owasp.esapi.waf.rules.RestrictUserAgentRule;
-import org.owasp.esapi.waf.rules.SimpleVirtualPatchRule;
-
-import bsh.EvalError;
-
-/**
- * 
- * The class used to turn a policy file's contents into an object model. 
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- */
-public class ConfigurationParser {
-
-	private static final String REGEX = "regex";
-	private static final String DEFAULT_PATH_APPLY_ALL = ".*";
-	private static final int DEFAULT_RESPONSE_CODE = 403;
-	private static final String DEFAULT_SESSION_COOKIE;
-	
-	static {
-		String sessionIdName = null;
-		try {
-			sessionIdName = ESAPI.securityConfiguration().getHttpSessionIdName();
-		} catch (Throwable t) {
-			sessionIdName = "JSESSIONID";	// If all else fails...
-		}
-		DEFAULT_SESSION_COOKIE = sessionIdName;
-	}
-	
-	private static final String[] STAGES = {
-		"before-request-body",
-		"after-request-body",
-		"before-response"
-	};
-	
-	public static AppGuardianConfiguration readConfigurationFile(InputStream stream, String webRootDir) throws ConfigurationException {
-
-		AppGuardianConfiguration config = new AppGuardianConfiguration();
-
-		Builder parser = new Builder();
-		Document doc;
-		Element root;
-
-		try {
-
-			doc = parser.build(stream);
-			root = doc.getRootElement();
-
-			Element aliasesRoot = root.getFirstChildElement("aliases");
-			Element settingsRoot = root.getFirstChildElement("settings");
-			Element authNRoot = root.getFirstChildElement("authentication-rules");
-			Element authZRoot = root.getFirstChildElement("authorization-rules");
-			Element urlRoot = root.getFirstChildElement("url-rules");
-			Element headerRoot = root.getFirstChildElement("header-rules");
-			Element customRulesRoot = root.getFirstChildElement("custom-rules");;
-			Element virtualPatchesRoot = root.getFirstChildElement("virtual-patches");
-			Element outboundRoot = root.getFirstChildElement("outbound-rules");
-			Element beanShellRoot = root.getFirstChildElement("bean-shell-rules");
-			
-			
-			/**
-			 * Parse the 'aliases' section.
-			 */
-			if ( aliasesRoot != null ) {
-				Elements aliases = aliasesRoot.getChildElements("alias");
-	
-				for(int i=0;i<aliases.size();i++) {
-					Element e = aliases.get(i);
-					String name = e.getAttributeValue("name");
-					String type = e.getAttributeValue("type");
-					String value = e.getValue();
-					if ( REGEX.equals(type) ) {
-						config.addAlias(name, Pattern.compile(value));
-					} else {
-						config.addAlias(name, value);
-					}
-				}
-			}
-			
-			/**
-			 * Parse the 'settings' section.
-			 */
-			if ( settingsRoot == null ) {
-				throw new ConfigurationException("", "The <settings> section is required");
-			} else if ( settingsRoot != null ) {
-				
-				
-				try {
-					String sessionCookieName = settingsRoot.getFirstChildElement("session-cookie-name").getValue();
-					if ( ! "".equals(sessionCookieName) ) {
-						config.setSessionCookieName(sessionCookieName);
-					}
-				} catch (NullPointerException npe) {
-					config.setSessionCookieName(DEFAULT_SESSION_COOKIE);
-				}
-
-				String mode = settingsRoot.getFirstChildElement("mode").getValue();
-				
-				if ( "block".equals(mode.toLowerCase() ) ) {
-					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.BLOCK;
-				} else if ( "redirect".equals(mode.toLowerCase() ) ){
-					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.REDIRECT;
-				} else {
-					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.LOG;
-				}
-	
-				Element errorHandlingRoot = settingsRoot.getFirstChildElement("error-handling");
-	
-				config.setDefaultErrorPage( errorHandlingRoot.getFirstChildElement("default-redirect-page").getValue() );
-	
-				try {
-					config.setDefaultResponseCode( Integer.parseInt(errorHandlingRoot.getFirstChildElement("block-status").getValue()) );
-				} catch (Exception e) {
-					config.setDefaultResponseCode( DEFAULT_RESPONSE_CODE );
-				}
-			}
-			
-			/*
-			 * The WAF separate logging is going to be merged in the 2.0
-			 * release, so this is deprecated.
-			 */
-			Element loggingRoot = settingsRoot.getFirstChildElement("logging");
-			if ( loggingRoot != null ) {
-				config.setLogDirectory(loggingRoot.getFirstChildElement("log-directory").getValue());
-				config.setLogLevel(Level.toLevel(loggingRoot.getFirstChildElement("log-level").getValue()));
-			}
-			
-			/**
-			 * Parse the 'authentication-rules' section if they have one.
-			 */
-			if ( authNRoot != null ) {
-				String key = authNRoot.getAttributeValue("key");
-				String path = authNRoot.getAttributeValue("path");
-				String id = authNRoot.getAttributeValue("id");
-
-				if ( path != null && key != null ) {
-					config.addBeforeBodyRule(new AuthenticatedRule(id,key,Pattern.compile(path),getExceptionsFromElement(authNRoot)));
-				} else if ( key != null ) {
-					config.addBeforeBodyRule(new AuthenticatedRule(id,key,null,getExceptionsFromElement(authNRoot)));
-				} else {
-					throw new ConfigurationException("","The <authentication-rules> rule requires a 'key' attribute");
-				}
-			}
-
-			/**
-			 * Parse 'authorization-rules' section if they have one.
-			 */
-
-			if ( authZRoot != null ) {
-
-				Elements restrictNodes = authZRoot.getChildElements("restrict-source-ip");
-
-				for(int i=0;i<restrictNodes.size();i++) {
-
-					Element restrictNodeRoot = restrictNodes.get(i);
-					String id = restrictNodeRoot.getAttributeValue("id");
-					Pattern ips = Pattern.compile(restrictNodeRoot.getAttributeValue("ip-regex"));
-					String ipHeader = restrictNodeRoot.getAttributeValue("ip-header");
-					if ( REGEX.equalsIgnoreCase(restrictNodeRoot.getAttributeValue("type")) ) {
-						config.addBeforeBodyRule( new IPRule(id, ips, Pattern.compile(restrictNodeRoot.getValue()),ipHeader));
-					} else {
-						config.addBeforeBodyRule( new IPRule(id, ips, restrictNodeRoot.getValue()) );
-					}
-
-				}
-
-				Elements mustMatchNodes = authZRoot.getChildElements("must-match");
-
-				for(int i=0;i<mustMatchNodes.size();i++) {
-
-					Element e = mustMatchNodes.get(i);
-					Pattern path = Pattern.compile(e.getAttributeValue("path"));
-					String variable = e.getAttributeValue("variable");
-					String value = e.getAttributeValue("value");
-					String operator = e.getAttributeValue("operator");
-					String id = e.getAttributeValue("id");
-					int op = AppGuardianConfiguration.OPERATOR_EQ;
-
-					if ( "exists".equalsIgnoreCase(operator)) {
-						op = AppGuardianConfiguration.OPERATOR_EXISTS;
-					} else if ( "inList".equalsIgnoreCase(operator)) {
-						op = AppGuardianConfiguration.OPERATOR_IN_LIST;
-					} else if ( "contains".equalsIgnoreCase(operator)) {
-						op = AppGuardianConfiguration.OPERATOR_CONTAINS;
-					}
-
-					config.addAfterBodyRule( new MustMatchRule(id, path,variable,op,value) );
-				}
-
-			}
-
-			/**
-			 * Parse the 'url-rules' section if they have one.
-			 */
-			if ( urlRoot != null ) {
-
-				Elements restrictExtensionNodes = urlRoot.getChildElements("restrict-extension");
-				Elements restrictMethodNodes = urlRoot.getChildElements("restrict-method");
-				Elements enforceHttpsNodes = urlRoot.getChildElements("enforce-https");
-
-				/*
-				 * Read in rules that allow an app to restrict by extension.
-				 * E.g., you may want to explicitly only allow:
-				 *  .jsp, .jpg, .gif, .css, .js, etc.
-				 *
-				 * You may also want to instead explicitly deny:
-				 * .bak, .log, .txt, etc.
-				 */
-
-				for (int i=0;i<restrictExtensionNodes.size();i++) {
-
-					Element e = restrictExtensionNodes.get(i);
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					String id = e.getAttributeValue("id");
-
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-extension rules can't have both 'allow' and 'deny'" );
-					}
-
-					if ( allow != null ) {
-
-						config.addBeforeBodyRule( new PathExtensionRule(id,Pattern.compile( ".*\\" + allow + "$"),null) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new PathExtensionRule(id, null,Pattern.compile( ".*\\" + deny + "$")) );
-
-					} else {
-						throw new ConfigurationException("", "restrict extension rule should have either a 'deny' or 'allow' attribute");
-					}
-				}
-
-				/*
-				 * Read in rules that allow the site to control
-				 * which HTTP methods are allowed to reach the
-				 * app.
-				 *
-				 * 99% of the time, you'll only need POST and
-				 * GET.
-				 */
-				for (int i=0;i<restrictMethodNodes.size();i++) {
-
-					Element e = restrictMethodNodes.get(i);
-
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					String path = e.getAttributeValue("path");
-					String id = e.getAttributeValue("id");
-
-					if ( path == null ) {
-						path = DEFAULT_PATH_APPLY_ALL;
-					}
-
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-method rule should not have both 'allow' and 'deny' values");
-					}
-
-					if ( allow != null ) {
-
-						config.addBeforeBodyRule( new HTTPMethodRule(id, Pattern.compile(allow), null, Pattern.compile(path)) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new HTTPMethodRule(id, null, Pattern.compile(deny), Pattern.compile(path)) );
-
-					} else {
-						throw new ConfigurationException("", "restrict-method rule should have either an 'allow' or 'deny' value");
-					}
-				}
-
-				for (int i=0;i<enforceHttpsNodes.size();i++) {
-
-					Element e = (Element)enforceHttpsNodes.get(i);
-					String path = e.getAttributeValue("path");
-					String action = e.getAttributeValue("action");
-					String id = e.getAttributeValue("id");
-					List<Object> exceptions = getExceptionsFromElement(e);
-
-					config.addBeforeBodyRule( new EnforceHTTPSRule(id, Pattern.compile(path), exceptions, action) );
-				}
-
-			}
-
-			if ( headerRoot != null ) {
-
-				Elements restrictContentTypes = headerRoot.getChildElements("restrict-content-type");
-				Elements restrictUserAgents = headerRoot.getChildElements("restrict-user-agent");
-
-				for(int i=0;i<restrictContentTypes.size();i++) {
-
-					Element e = restrictContentTypes.get(i);
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					String id = e.getAttributeValue("id");
-
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-content-type rule should not have both 'allow' and 'deny' values");
-					}
-
-					if ( allow != null ) {
-
-						config.addBeforeBodyRule( new RestrictContentTypeRule(id, Pattern.compile(allow), null) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new RestrictContentTypeRule(id, null, Pattern.compile(deny)) );
-
-					} else {
-						throw new ConfigurationException("", "restrict-content-type rule should have either an 'allow' or 'deny' value");
-					}
-				}
-
-				for(int i=0;i<restrictUserAgents.size();i++) {
-					Element e = restrictUserAgents.get(i);
-					String id = e.getAttributeValue("id");
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-user-agent rule should not have both 'allow' and 'deny' values");
-					}
-
-					if ( allow != null ) {
-						
-						config.addBeforeBodyRule( new RestrictUserAgentRule(id, Pattern.compile(allow), null) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new RestrictUserAgentRule(id, null, Pattern.compile(deny)) );
-
-					} else {
-						throw new ConfigurationException("", "restrict-user-agent rule should have either an 'allow' or 'deny' value");
-					}
-				}
-
-			}
-
-			if ( virtualPatchesRoot != null ) {
-				Elements virtualPatchNodes = virtualPatchesRoot.getChildElements("virtual-patch");
-				for(int i=0;i<virtualPatchNodes.size();i++) {
-					Element e = virtualPatchNodes.get(i);
-					String id = e.getAttributeValue("id");
-					String path = e.getAttributeValue("path");
-					String variable = e.getAttributeValue("variable");
-					String pattern = e.getAttributeValue("pattern");
-					String message = e.getAttributeValue("message");
-
-					config.addAfterBodyRule( new SimpleVirtualPatchRule(id, Pattern.compile(path), variable, Pattern.compile(pattern), message) );
-				}
-			}
-
-			// Haven't implemented this yet. Not sure what we want those rules to look like.
-			/*
-			if ( customRulesRoot != null ) {
-				Elements rules = customRulesRoot.getChildElements("rule");
-				
-				 // Parse the complex rules.
-				 
-			}
-			*/
-			
-			if ( outboundRoot != null ) {
-
-				/*
-				 * Parse the <add-header> rules. This could be used to add:
-				 * - X-I-DONT-WANT-TO-BE-FRAMED
-				 * - Caching prevention headers
-				 * - Custom application headers
-				 */
-
-				Elements addHeaderNodes = outboundRoot.getChildElements("add-header");
-
-				for(int i=0;i<addHeaderNodes.size();i++) {
-					Element e = addHeaderNodes.get(i);
-					String name = e.getAttributeValue("name");
-					String value = e.getAttributeValue("value");
-					String path = e.getAttributeValue("path");
-					String id = e.getAttributeValue("id");
-
-					if ( path == null ) {
-						path = DEFAULT_PATH_APPLY_ALL;
-					}
-
-					AddHeaderRule ahr = new AddHeaderRule(id, name, value, Pattern.compile(path), getExceptionsFromElement(e));
-					config.addBeforeResponseRule(ahr);
-
-				}
-
-				/*
-				 * Parse the <add-http-only-flag> rules that allow
-				 * us to add the HTTPOnly flag to cookies, both
-				 * custom and app server.
-				 */
-				Elements addHTTPOnlyFlagNodes = outboundRoot.getChildElements("add-http-only-flag");
-
-				for(int i=0;i<addHTTPOnlyFlagNodes.size();i++) {
-					Element e = addHTTPOnlyFlagNodes.get(i);
-
-					Elements cookiePatterns = e.getChildElements("cookie");
-					String id = e.getAttributeValue("id");
-					ArrayList<Pattern> patterns = new ArrayList<Pattern>();
-
-					for(int j=0;j<cookiePatterns.size();j++) {
-						Element cookie = cookiePatterns.get(j);
-						patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
-					}
-
-					AddHTTPOnlyFlagRule ahfr = new AddHTTPOnlyFlagRule(id, patterns);
-					config.addCookieRule(ahfr);
-
-					if ( ahfr.doesCookieMatch(config.getSessionCookieName()) ) {
-						config.setApplyHTTPOnlyFlagToSessionCookie(true);
-					}
-				}
-
-				/*
-				 * Parse the <add-secure-flag> rules that allow
-				 * us to add the secure flag to cookies, both
-				 * custom and app server.
-				 */
-				Elements addSecureFlagNodes = outboundRoot.getChildElements("add-secure-flag");
-
-				for(int i=0;i<addSecureFlagNodes.size();i++) {
-					Element e = addSecureFlagNodes.get(i);
-					String id = e.getAttributeValue("id");
-					Elements cookiePatterns = e.getChildElements("cookie");
-					ArrayList<Pattern> patterns = new ArrayList<Pattern>();
-
-					for(int j=0;j<cookiePatterns.size();j++) {
-						Element cookie = cookiePatterns.get(j);
-						patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
-					}
-
-					AddSecureFlagRule asfr = new AddSecureFlagRule(id, patterns);
-					config.addCookieRule(asfr);
-
-					if ( asfr.doesCookieMatch(config.getSessionCookieName()) ) {
-						config.setApplySecureFlagToSessionCookie(true);
-					}
-
-				}
-
-				/*
-				 * Parse dynamic-insertion nodes that allow us to dynamically
-				 * insert stuff into responses.
-				 */
-				Elements dynamicInsertionNodes = outboundRoot.getChildElements("dynamic-insertion");
-
-				for(int i=0;i<dynamicInsertionNodes.size();i++) {
-
-					Element e = dynamicInsertionNodes.get(i);
-					String pattern = e.getAttributeValue("pattern");
-					String id = e.getAttributeValue("id");
-					String contentType = e.getAttributeValue("content-type");
-					String urlPaths = e.getAttributeValue("path");
-					Element replacement = e.getFirstChildElement("replacement");
-
-					ReplaceContentRule rcr = new ReplaceContentRule(
-							id, 
-							Pattern.compile(pattern,Pattern.DOTALL), 
-							replacement.getValue(),
-							contentType != null ? Pattern.compile(contentType) : null,
-							urlPaths != null ? Pattern.compile(urlPaths) : null);
-					
-					config.addBeforeResponseRule(rcr);
-
-				}
-
-				/*
-				 * Parse detect-content nodes that allow us to simply detect data
-				 * leaving in responses.
-				 */
-				Elements detectContentNodes = outboundRoot.getChildElements("detect-content");
-
-				for(int i=0;i<detectContentNodes.size();i++) {
-
-					Element e = detectContentNodes.get(i);
-					String token = e.getAttributeValue("pattern");
-					String contentType = e.getAttributeValue("content-type");
-					String id = e.getAttributeValue("id");
-					String path = e.getAttributeValue("path");
-
-					if ( token == null ) {
-						throw new ConfigurationException("", "<detect-content> rules must contain a 'pattern' attribute");
-					} else if ( contentType == null ) {
-						throw new ConfigurationException("", "<detect-content> rules must contain a 'content-type' attribute");
-					}
-
-					DetectOutboundContentRule docr = new DetectOutboundContentRule(
-							id, 
-							Pattern.compile(contentType),
-							Pattern.compile(token,Pattern.DOTALL),
-							path != null ? Pattern.compile(path) : null);
-					
-					config.addBeforeResponseRule(docr);
-
-				}
-
-			}
-			
-			/**
-			 * Parse the 'bean-shell-rules' section.
-			 */
-			
-			if ( beanShellRoot != null ) {
-			
-				Elements beanShellRules = beanShellRoot.getChildElements("bean-shell-script");
-				
-				for (int i=0;i<beanShellRules.size(); i++) {
-
-					Element e = beanShellRules.get(i);
-					
-					String id = e.getAttributeValue("id");
-					String fileName = e.getAttributeValue("file");
-					String stage = e.getAttributeValue("stage"); //
-					String path = e.getAttributeValue("path");
-					
-					if ( id == null ) {
-						throw new ConfigurationException("", "bean shell rules all require a unique 'id' attribute");
-					}
-					
-					if ( fileName == null ) {
-						throw new ConfigurationException("", "bean shell rules all require a unique 'file' attribute that has the location of the .bsh script" );
-					}
-					
-					try {
-						
-						BeanShellRule bsr = new BeanShellRule(
-								webRootDir + fileName, 
-								id,
-								path != null ? Pattern.compile(path) : null);
-						
-						if ( STAGES[0].equals(stage) ) {
-							config.addBeforeBodyRule(bsr);
-						} else if ( STAGES[1].equals(stage)) {
-							config.addAfterBodyRule(bsr);
-						} else if ( STAGES[2].equals(stage)) {
-							config.addBeforeResponseRule(bsr);
-						} else {
-							throw new ConfigurationException("", "bean shell rules all require a 'stage' attribute when the rule should be fired (valid values are " + STAGES[0] + ", " + STAGES[1] + ", or " + STAGES[2] + ")" );
-						}
-												
-					} catch (FileNotFoundException fnfe) {
-						throw new ConfigurationException ("", "bean shell rule '" + id + "' had a source file that could not be found (" + fileName + "), web directory = " + webRootDir );
-					} catch (EvalError ee) {
-						throw new ConfigurationException ("", "bean shell rule '" + id + "' contained an error (" + ee.getErrorText() + "): " + ee.getScriptStackTrace());
-					}
-					
-				}
-			}
-
-		} catch (ValidityException e) {
-			throw new ConfigurationException("", "Problem validating WAF XML file", e);
-		} catch (ParsingException e) {
-			throw new ConfigurationException("", "Problem parsing WAF XML file", e);
-		} catch (IOException e) {
-			throw new ConfigurationException("", "I/O problem reading WAF XML file", e);
-		}
-
-		return config;
-
-	}
-
-	private static List<Object> getExceptionsFromElement(Element root) {
-		Elements exceptions = root.getChildElements("path-exception");
-		ArrayList<Object> exceptionList = new ArrayList<Object>();
-
-		for(int i=0;i<exceptions.size();i++) {
-			Element e = exceptions.get(i);
-			if ( REGEX.equalsIgnoreCase(e.getAttributeValue("type"))) {
-				exceptionList.add( Pattern.compile(e.getValue()) );
-			} else {
-				exceptionList.add( e.getValue() );
-			}
-		}
-		return exceptionList;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.configuration;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import nu.xom.Builder;
+import nu.xom.Document;
+import nu.xom.Element;
+import nu.xom.Elements;
+import nu.xom.ParsingException;
+import nu.xom.ValidityException;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.waf.ConfigurationException;
+import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
+import org.owasp.esapi.waf.rules.AddHeaderRule;
+import org.owasp.esapi.waf.rules.AddSecureFlagRule;
+import org.owasp.esapi.waf.rules.AuthenticatedRule;
+import org.owasp.esapi.waf.rules.BeanShellRule;
+import org.owasp.esapi.waf.rules.DetectOutboundContentRule;
+import org.owasp.esapi.waf.rules.EnforceHTTPSRule;
+import org.owasp.esapi.waf.rules.HTTPMethodRule;
+import org.owasp.esapi.waf.rules.IPRule;
+import org.owasp.esapi.waf.rules.MustMatchRule;
+import org.owasp.esapi.waf.rules.PathExtensionRule;
+import org.owasp.esapi.waf.rules.ReplaceContentRule;
+import org.owasp.esapi.waf.rules.RestrictContentTypeRule;
+import org.owasp.esapi.waf.rules.RestrictUserAgentRule;
+import org.owasp.esapi.waf.rules.SimpleVirtualPatchRule;
+
+import bsh.EvalError;
+
+/**
+ *
+ * The class used to turn a policy file's contents into an object model.
+ *
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.configuration.AppGuardianConfiguration
+ */
+public class ConfigurationParser {
+
+    private static final String REGEX = "regex";
+    private static final String DEFAULT_PATH_APPLY_ALL = ".*";
+    private static final int DEFAULT_RESPONSE_CODE = 403;
+    private static final String DEFAULT_SESSION_COOKIE;
+
+    static {
+        String sessionIdName = null;
+        try {
+            sessionIdName = ESAPI.securityConfiguration().getHttpSessionIdName();
+        } catch (Throwable t) {
+            sessionIdName = "JSESSIONID";    // If all else fails...
+        }
+        DEFAULT_SESSION_COOKIE = sessionIdName;
+    }
+
+    private static final String[] STAGES = {
+        "before-request-body",
+        "after-request-body",
+        "before-response"
+    };
+
+    public static AppGuardianConfiguration readConfigurationFile(InputStream stream, String webRootDir) throws ConfigurationException {
+
+        AppGuardianConfiguration config = new AppGuardianConfiguration();
+
+        Builder parser = new Builder();
+        Document doc;
+        Element root;
+
+        try {
+
+            doc = parser.build(stream);
+            root = doc.getRootElement();
+
+            Element settingsRoot = root.getFirstChildElement("settings");
+            Element authNRoot = root.getFirstChildElement("authentication-rules");
+            Element authZRoot = root.getFirstChildElement("authorization-rules");
+            Element urlRoot = root.getFirstChildElement("url-rules");
+            Element headerRoot = root.getFirstChildElement("header-rules");
+            Element customRulesRoot = root.getFirstChildElement("custom-rules");;
+            Element virtualPatchesRoot = root.getFirstChildElement("virtual-patches");
+            Element outboundRoot = root.getFirstChildElement("outbound-rules");
+            Element beanShellRoot = root.getFirstChildElement("bean-shell-rules");
+
+
+            /**
+             * Parse the 'settings' section.
+             */
+            if ( settingsRoot == null ) {
+                throw new ConfigurationException("", "The <settings> section is required");
+            } else if ( settingsRoot != null ) {
+
+
+                try {
+                    String sessionCookieName = settingsRoot.getFirstChildElement("session-cookie-name").getValue();
+                    if ( ! "".equals(sessionCookieName) ) {
+                        config.setSessionCookieName(sessionCookieName);
+                    }
+                } catch (NullPointerException npe) {
+                    config.setSessionCookieName(DEFAULT_SESSION_COOKIE);
+                }
+
+                String mode = settingsRoot.getFirstChildElement("mode").getValue();
+
+                if ( "block".equals(mode.toLowerCase() ) ) {
+                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.BLOCK;
+                } else if ( "redirect".equals(mode.toLowerCase() ) ){
+                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.REDIRECT;
+                } else {
+                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.LOG;
+                }
+
+                Element errorHandlingRoot = settingsRoot.getFirstChildElement("error-handling");
+
+                config.setDefaultErrorPage( errorHandlingRoot.getFirstChildElement("default-redirect-page").getValue() );
+
+                try {
+                    config.setDefaultResponseCode( Integer.parseInt(errorHandlingRoot.getFirstChildElement("block-status").getValue()) );
+                } catch (Exception e) {
+                    config.setDefaultResponseCode( DEFAULT_RESPONSE_CODE );
+                }
+            }
+
+            /**
+             * Parse the 'authentication-rules' section if they have one.
+             */
+            if ( authNRoot != null ) {
+                String key = authNRoot.getAttributeValue("key");
+                String path = authNRoot.getAttributeValue("path");
+                String id = authNRoot.getAttributeValue("id");
+
+                if ( path != null && key != null ) {
+                    config.addBeforeBodyRule(new AuthenticatedRule(id,key,Pattern.compile(path),getExceptionsFromElement(authNRoot)));
+                } else if ( key != null ) {
+                    config.addBeforeBodyRule(new AuthenticatedRule(id,key,null,getExceptionsFromElement(authNRoot)));
+                } else {
+                    throw new ConfigurationException("","The <authentication-rules> rule requires a 'key' attribute");
+                }
+            }
+
+            /**
+             * Parse 'authorization-rules' section if they have one.
+             */
+
+            if ( authZRoot != null ) {
+
+                Elements restrictNodes = authZRoot.getChildElements("restrict-source-ip");
+
+                for(int i=0;i<restrictNodes.size();i++) {
+
+                    Element restrictNodeRoot = restrictNodes.get(i);
+                    String id = restrictNodeRoot.getAttributeValue("id");
+                    Pattern ips = Pattern.compile(restrictNodeRoot.getAttributeValue("ip-regex"));
+                    String ipHeader = restrictNodeRoot.getAttributeValue("ip-header");
+                    if ( REGEX.equalsIgnoreCase(restrictNodeRoot.getAttributeValue("type")) ) {
+                        config.addBeforeBodyRule( new IPRule(id, ips, Pattern.compile(restrictNodeRoot.getValue()),ipHeader));
+                    } else {
+                        config.addBeforeBodyRule( new IPRule(id, ips, restrictNodeRoot.getValue()) );
+                    }
+
+                }
+
+                Elements mustMatchNodes = authZRoot.getChildElements("must-match");
+
+                for(int i=0;i<mustMatchNodes.size();i++) {
+
+                    Element e = mustMatchNodes.get(i);
+                    Pattern path = Pattern.compile(e.getAttributeValue("path"));
+                    String variable = e.getAttributeValue("variable");
+                    String value = e.getAttributeValue("value");
+                    String operator = e.getAttributeValue("operator");
+                    String id = e.getAttributeValue("id");
+                    int op = AppGuardianConfiguration.OPERATOR_EQ;
+
+                    if ( "exists".equalsIgnoreCase(operator)) {
+                        op = AppGuardianConfiguration.OPERATOR_EXISTS;
+                    } else if ( "inList".equalsIgnoreCase(operator)) {
+                        op = AppGuardianConfiguration.OPERATOR_IN_LIST;
+                    } else if ( "contains".equalsIgnoreCase(operator)) {
+                        op = AppGuardianConfiguration.OPERATOR_CONTAINS;
+                    }
+
+                    config.addAfterBodyRule( new MustMatchRule(id, path,variable,op,value) );
+                }
+
+            }
+
+            /**
+             * Parse the 'url-rules' section if they have one.
+             */
+            if ( urlRoot != null ) {
+
+                Elements restrictExtensionNodes = urlRoot.getChildElements("restrict-extension");
+                Elements restrictMethodNodes = urlRoot.getChildElements("restrict-method");
+                Elements enforceHttpsNodes = urlRoot.getChildElements("enforce-https");
+
+                /*
+                 * Read in rules that allow an app to restrict by extension.
+                 * E.g., you may want to explicitly only allow:
+                 *  .jsp, .jpg, .gif, .css, .js, etc.
+                 *
+                 * You may also want to instead explicitly deny:
+                 * .bak, .log, .txt, etc.
+                 */
+
+                for (int i=0;i<restrictExtensionNodes.size();i++) {
+
+                    Element e = restrictExtensionNodes.get(i);
+                    String allow = e.getAttributeValue("allow");
+                    String deny = e.getAttributeValue("deny");
+                    String id = e.getAttributeValue("id");
+
+                    if ( allow != null && deny != null ) {
+                        throw new ConfigurationException("", "restrict-extension rules can't have both 'allow' and 'deny'" );
+                    }
+
+                    if ( allow != null ) {
+
+                        config.addBeforeBodyRule( new PathExtensionRule(id,Pattern.compile( ".*\\" + allow + "$"),null) );
+
+                    } else if ( deny != null ) {
+
+                        config.addBeforeBodyRule( new PathExtensionRule(id, null,Pattern.compile( ".*\\" + deny + "$")) );
+
+                    } else {
+                        throw new ConfigurationException("", "restrict extension rule should have either a 'deny' or 'allow' attribute");
+                    }
+                }
+
+                /*
+                 * Read in rules that allow the site to control
+                 * which HTTP methods are allowed to reach the
+                 * app.
+                 *
+                 * 99% of the time, you'll only need POST and
+                 * GET.
+                 */
+                for (int i=0;i<restrictMethodNodes.size();i++) {
+
+                    Element e = restrictMethodNodes.get(i);
+
+                    String allow = e.getAttributeValue("allow");
+                    String deny = e.getAttributeValue("deny");
+                    String path = e.getAttributeValue("path");
+                    String id = e.getAttributeValue("id");
+
+                    if ( path == null ) {
+                        path = DEFAULT_PATH_APPLY_ALL;
+                    }
+
+                    if ( allow != null && deny != null ) {
+                        throw new ConfigurationException("", "restrict-method rule should not have both 'allow' and 'deny' values");
+                    }
+
+                    if ( allow != null ) {
+
+                        config.addBeforeBodyRule( new HTTPMethodRule(id, Pattern.compile(allow), null, Pattern.compile(path)) );
+
+                    } else if ( deny != null ) {
+
+                        config.addBeforeBodyRule( new HTTPMethodRule(id, null, Pattern.compile(deny), Pattern.compile(path)) );
+
+                    } else {
+                        throw new ConfigurationException("", "restrict-method rule should have either an 'allow' or 'deny' value");
+                    }
+                }
+
+                for (int i=0;i<enforceHttpsNodes.size();i++) {
+
+                    Element e = enforceHttpsNodes.get(i);
+                    String path = e.getAttributeValue("path");
+                    String action = e.getAttributeValue("action");
+                    String id = e.getAttributeValue("id");
+                    List<Object> exceptions = getExceptionsFromElement(e);
+
+                    config.addBeforeBodyRule( new EnforceHTTPSRule(id, Pattern.compile(path), exceptions, action) );
+                }
+
+            }
+
+            if ( headerRoot != null ) {
+
+                Elements restrictContentTypes = headerRoot.getChildElements("restrict-content-type");
+                Elements restrictUserAgents = headerRoot.getChildElements("restrict-user-agent");
+
+                for(int i=0;i<restrictContentTypes.size();i++) {
+
+                    Element e = restrictContentTypes.get(i);
+                    String allow = e.getAttributeValue("allow");
+                    String deny = e.getAttributeValue("deny");
+                    String id = e.getAttributeValue("id");
+
+                    if ( allow != null && deny != null ) {
+                        throw new ConfigurationException("", "restrict-content-type rule should not have both 'allow' and 'deny' values");
+                    }
+
+                    if ( allow != null ) {
+
+                        config.addBeforeBodyRule( new RestrictContentTypeRule(id, Pattern.compile(allow), null) );
+
+                    } else if ( deny != null ) {
+
+                        config.addBeforeBodyRule( new RestrictContentTypeRule(id, null, Pattern.compile(deny)) );
+
+                    } else {
+                        throw new ConfigurationException("", "restrict-content-type rule should have either an 'allow' or 'deny' value");
+                    }
+                }
+
+                for(int i=0;i<restrictUserAgents.size();i++) {
+                    Element e = restrictUserAgents.get(i);
+                    String id = e.getAttributeValue("id");
+                    String allow = e.getAttributeValue("allow");
+                    String deny = e.getAttributeValue("deny");
+                    if ( allow != null && deny != null ) {
+                        throw new ConfigurationException("", "restrict-user-agent rule should not have both 'allow' and 'deny' values");
+                    }
+
+                    if ( allow != null ) {
+
+                        config.addBeforeBodyRule( new RestrictUserAgentRule(id, Pattern.compile(allow), null) );
+
+                    } else if ( deny != null ) {
+
+                        config.addBeforeBodyRule( new RestrictUserAgentRule(id, null, Pattern.compile(deny)) );
+
+                    } else {
+                        throw new ConfigurationException("", "restrict-user-agent rule should have either an 'allow' or 'deny' value");
+                    }
+                }
+
+            }
+
+            if ( virtualPatchesRoot != null ) {
+                Elements virtualPatchNodes = virtualPatchesRoot.getChildElements("virtual-patch");
+                for(int i=0;i<virtualPatchNodes.size();i++) {
+                    Element e = virtualPatchNodes.get(i);
+                    String id = e.getAttributeValue("id");
+                    String path = e.getAttributeValue("path");
+                    String variable = e.getAttributeValue("variable");
+                    String pattern = e.getAttributeValue("pattern");
+                    String message = e.getAttributeValue("message");
+
+                    config.addAfterBodyRule( new SimpleVirtualPatchRule(id, Pattern.compile(path), variable, Pattern.compile(pattern), message) );
+                }
+            }
+
+            // Haven't implemented this yet. Not sure what we want those rules to look like.
+            /*
+            if ( customRulesRoot != null ) {
+                Elements rules = customRulesRoot.getChildElements("rule");
+
+                 // Parse the complex rules.
+
+            }
+            */
+
+            if ( outboundRoot != null ) {
+
+                /*
+                 * Parse the <add-header> rules. This could be used to add:
+                 * - X-I-DONT-WANT-TO-BE-FRAMED
+                 * - Caching prevention headers
+                 * - Custom application headers
+                 */
+
+                Elements addHeaderNodes = outboundRoot.getChildElements("add-header");
+
+                for(int i=0;i<addHeaderNodes.size();i++) {
+                    Element e = addHeaderNodes.get(i);
+                    String name = e.getAttributeValue("name");
+                    String value = e.getAttributeValue("value");
+                    String path = e.getAttributeValue("path");
+                    String id = e.getAttributeValue("id");
+
+                    if ( path == null ) {
+                        path = DEFAULT_PATH_APPLY_ALL;
+                    }
+
+                    AddHeaderRule ahr = new AddHeaderRule(id, name, value, Pattern.compile(path), getExceptionsFromElement(e));
+                    config.addBeforeResponseRule(ahr);
+
+                }
+
+                /*
+                 * Parse the <add-http-only-flag> rules that allow
+                 * us to add the HTTPOnly flag to cookies, both
+                 * custom and app server.
+                 */
+                Elements addHTTPOnlyFlagNodes = outboundRoot.getChildElements("add-http-only-flag");
+
+                for(int i=0;i<addHTTPOnlyFlagNodes.size();i++) {
+                    Element e = addHTTPOnlyFlagNodes.get(i);
+
+                    Elements cookiePatterns = e.getChildElements("cookie");
+                    String id = e.getAttributeValue("id");
+                    ArrayList<Pattern> patterns = new ArrayList<Pattern>();
+
+                    for(int j=0;j<cookiePatterns.size();j++) {
+                        Element cookie = cookiePatterns.get(j);
+                        patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
+                    }
+
+                    AddHTTPOnlyFlagRule ahfr = new AddHTTPOnlyFlagRule(id, patterns);
+                    config.addCookieRule(ahfr);
+
+                    if ( ahfr.doesCookieMatch(config.getSessionCookieName()) ) {
+                        config.setApplyHTTPOnlyFlagToSessionCookie(true);
+                    }
+                }
+
+                /*
+                 * Parse the <add-secure-flag> rules that allow
+                 * us to add the secure flag to cookies, both
+                 * custom and app server.
+                 */
+                Elements addSecureFlagNodes = outboundRoot.getChildElements("add-secure-flag");
+
+                for(int i=0;i<addSecureFlagNodes.size();i++) {
+                    Element e = addSecureFlagNodes.get(i);
+                    String id = e.getAttributeValue("id");
+                    Elements cookiePatterns = e.getChildElements("cookie");
+                    ArrayList<Pattern> patterns = new ArrayList<Pattern>();
+
+                    for(int j=0;j<cookiePatterns.size();j++) {
+                        Element cookie = cookiePatterns.get(j);
+                        patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
+                    }
+
+                    AddSecureFlagRule asfr = new AddSecureFlagRule(id, patterns);
+                    config.addCookieRule(asfr);
+
+                    if ( asfr.doesCookieMatch(config.getSessionCookieName()) ) {
+                        config.setApplySecureFlagToSessionCookie(true);
+                    }
+
+                }
+
+                /*
+                 * Parse dynamic-insertion nodes that allow us to dynamically
+                 * insert stuff into responses.
+                 */
+                Elements dynamicInsertionNodes = outboundRoot.getChildElements("dynamic-insertion");
+
+                for(int i=0;i<dynamicInsertionNodes.size();i++) {
+
+                    Element e = dynamicInsertionNodes.get(i);
+                    String pattern = e.getAttributeValue("pattern");
+                    String id = e.getAttributeValue("id");
+                    String contentType = e.getAttributeValue("content-type");
+                    String urlPaths = e.getAttributeValue("path");
+                    Element replacement = e.getFirstChildElement("replacement");
+
+                    ReplaceContentRule rcr = new ReplaceContentRule(
+                            id,
+                            Pattern.compile(pattern,Pattern.DOTALL),
+                            replacement.getValue(),
+                            contentType != null ? Pattern.compile(contentType) : null,
+                            urlPaths != null ? Pattern.compile(urlPaths) : null);
+
+                    config.addBeforeResponseRule(rcr);
+
+                }
+
+                /*
+                 * Parse detect-content nodes that allow us to simply detect data
+                 * leaving in responses.
+                 */
+                Elements detectContentNodes = outboundRoot.getChildElements("detect-content");
+
+                for(int i=0;i<detectContentNodes.size();i++) {
+
+                    Element e = detectContentNodes.get(i);
+                    String token = e.getAttributeValue("pattern");
+                    String contentType = e.getAttributeValue("content-type");
+                    String id = e.getAttributeValue("id");
+                    String path = e.getAttributeValue("path");
+
+                    if ( token == null ) {
+                        throw new ConfigurationException("", "<detect-content> rules must contain a 'pattern' attribute");
+                    } else if ( contentType == null ) {
+                        throw new ConfigurationException("", "<detect-content> rules must contain a 'content-type' attribute");
+                    }
+
+                    DetectOutboundContentRule docr = new DetectOutboundContentRule(
+                            id,
+                            Pattern.compile(contentType),
+                            Pattern.compile(token,Pattern.DOTALL),
+                            path != null ? Pattern.compile(path) : null);
+
+                    config.addBeforeResponseRule(docr);
+
+                }
+
+            }
+
+            /**
+             * Parse the 'bean-shell-rules' section.
+             */
+
+            if ( beanShellRoot != null ) {
+
+                Elements beanShellRules = beanShellRoot.getChildElements("bean-shell-script");
+
+                for (int i=0;i<beanShellRules.size(); i++) {
+
+                    Element e = beanShellRules.get(i);
+
+                    String id = e.getAttributeValue("id");
+                    String fileName = e.getAttributeValue("file");
+                    String stage = e.getAttributeValue("stage"); //
+                    String path = e.getAttributeValue("path");
+
+                    if ( id == null ) {
+                        throw new ConfigurationException("", "bean shell rules all require a unique 'id' attribute");
+                    }
+
+                    if ( fileName == null ) {
+                        throw new ConfigurationException("", "bean shell rules all require a unique 'file' attribute that has the location of the .bsh script" );
+                    }
+
+                    try {
+
+                        BeanShellRule bsr = new BeanShellRule(
+                                webRootDir + fileName,
+                                id,
+                                path != null ? Pattern.compile(path) : null);
+
+                        if ( STAGES[0].equals(stage) ) {
+                            config.addBeforeBodyRule(bsr);
+                        } else if ( STAGES[1].equals(stage)) {
+                            config.addAfterBodyRule(bsr);
+                        } else if ( STAGES[2].equals(stage)) {
+                            config.addBeforeResponseRule(bsr);
+                        } else {
+                            throw new ConfigurationException("", "bean shell rules all require a 'stage' attribute when the rule should be fired (valid values are " + STAGES[0] + ", " + STAGES[1] + ", or " + STAGES[2] + ")" );
+                        }
+
+                    } catch (FileNotFoundException fnfe) {
+                        throw new ConfigurationException ("", "bean shell rule '" + id + "' had a source file that could not be found (" + fileName + "), web directory = " + webRootDir );
+                    } catch (EvalError ee) {
+                        throw new ConfigurationException ("", "bean shell rule '" + id + "' contained an error (" + ee.getErrorText() + "): " + ee.getScriptStackTrace());
+                    }
+
+                }
+            }
+
+        } catch (ValidityException e) {
+            throw new ConfigurationException("", "Problem validating WAF XML file", e);
+        } catch (ParsingException e) {
+            throw new ConfigurationException("", "Problem parsing WAF XML file", e);
+        } catch (IOException e) {
+            throw new ConfigurationException("", "I/O problem reading WAF XML file", e);
+        }
+
+        return config;
+
+    }
+
+    private static List<Object> getExceptionsFromElement(Element root) {
+        Elements exceptions = root.getChildElements("path-exception");
+        ArrayList<Object> exceptionList = new ArrayList<Object>();
+
+        for(int i=0;i<exceptions.size();i++) {
+            Element e = exceptions.get(i);
+            if ( REGEX.equalsIgnoreCase(e.getAttributeValue("type"))) {
+                exceptionList.add( Pattern.compile(e.getValue()) );
+            } else {
+                exceptionList.add( e.getValue() );
+            }
+        }
+        return exceptionList;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/package.html b/src/main/java/org/owasp/esapi/waf/configuration/package.html
index ea68242bf..bca8693b3 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/package.html
+++ b/src/main/java/org/owasp/esapi/waf/configuration/package.html
@@ -1,12 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains the both the configuration object model and the 
-utility class to create that object model from an existing policy file. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains the both the configuration object model and the
+utility class to create that object model from an existing policy file.
+
+</body>
+</html>
diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java
index 6766f74e4..8c4c2b09f 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java
@@ -1,189 +1,209 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.RandomAccessFile;
-import java.util.Enumeration;
-import java.util.Vector;
-
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-
-import org.apache.commons.fileupload.FileItemIterator;
-import org.apache.commons.fileupload.FileItemStream;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.fileupload.util.Streams;
-
-/**
- * The wrapper for the HttpServletRequest object which will be passed to the application
- * being protected by the WAF. It contains logic for parsing multipart parameters out of
- * the request and provided downstream application logic a way of accessing it like it 
- * hasn't been touched.
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class InterceptingHTTPServletRequest extends HttpServletRequestWrapper {
-
-	private Vector<Parameter> allParameters;
-	private Vector<String> allParameterNames;
-	private static int CHUNKED_BUFFER_SIZE = 1024;
-	
-	private boolean isMultipart = false;
-	private RandomAccessFile requestBody;
-	private RAFInputStream is;
-	
-	public ServletInputStream getInputStream() throws IOException {
-		
-		if ( isMultipart ) {
-			return is;	
-		} else {
-			return super.getInputStream();
-		}
-        
-    }
-	
-	public BufferedReader getReader() throws IOException {
-        String enc = getCharacterEncoding();
-        if(enc == null) enc = "UTF-8";
-        return new BufferedReader(new InputStreamReader(getInputStream(), enc));
-    }
-	
-	public InterceptingHTTPServletRequest(HttpServletRequest request) throws FileUploadException, IOException {
-
-		super(request);
-
-		allParameters = new Vector<Parameter>();
-		allParameterNames = new Vector<String>();
-
-
-		/*
-		 * Get all the regular parameters.
-		 */
-
-		Enumeration e = request.getParameterNames();
-
-		while(e.hasMoreElements()) {
-			String param = (String)e.nextElement();
-			allParameters.add(new Parameter(param,request.getParameter(param),false));
-			allParameterNames.add(param);
-		}
-
-
-		/*
-		 * Get all the multipart fields.
-		 */
-
-		isMultipart = ServletFileUpload.isMultipartContent(request);
-
-		if ( isMultipart ) {
-
-			requestBody = new RandomAccessFile( File.createTempFile("oew","mpc"), "rw");
-	    	
-	    	byte buffer[] = new byte[CHUNKED_BUFFER_SIZE];
-
-	    	long size = 0;
-	    	int len = 0;
-
-	    	while ( len != -1 && size <= Integer.MAX_VALUE) {
-	    		len = request.getInputStream().read(buffer, 0, CHUNKED_BUFFER_SIZE);
-	    		if ( len != -1 ) {
-	    			size += len;
-	    			requestBody.write(buffer,0,len);	
-	    		}
-	    	}
-			
-	    	is = new RAFInputStream(requestBody);
-	    	
-			ServletFileUpload sfu = new ServletFileUpload();
-			FileItemIterator iter = sfu.getItemIterator(this);
-
-			while(iter.hasNext()) {
-				FileItemStream item = iter.next();
-				String name = item.getFieldName();
-				InputStream stream = item.openStream();
-
-				/*
-				 * If this is a regular form field, add it to our
-				 * parameter collection.
-				 */
-
-				if (item.isFormField()) {
-
-					String value = Streams.asString(stream);
-
-					allParameters.add(new Parameter(name,value,true));
-			    	allParameterNames.add(name);
-
-			    } else {
-			    	/*
-			    	 * This is a multipart content that is not a
-			    	 * regular form field. Nothing to do here.
-			    	 */
-			    	
-			    }
-
-			}
-			
-			requestBody.seek(0);
-			
-		}
-
-	}
-
-	public String getDictionaryParameter(String s) {
-
-		for(int i=0;i<allParameters.size();i++) {
-			Parameter p = allParameters.get(i);
-			if ( p.getName().equals(s) ) {
-				return p.getValue();
-			}
-		}
-		
-		return null;
-	}
-
-	public Enumeration getDictionaryParameterNames() {
-		return allParameterNames.elements();
-	}
-	
-	
-	private class RAFInputStream extends ServletInputStream {
-		
-		RandomAccessFile raf;
-		
-		public RAFInputStream(RandomAccessFile raf) throws IOException {
-			this.raf = raf;
-			this.raf.seek(0);
-		}
-
-		public int read() throws IOException {
-			return raf.read();
-		}
-		
-		public synchronized void reset() throws IOException {
-			raf.seek(0);
-		}
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.RandomAccessFile;
+import java.util.Enumeration;
+import java.util.Vector;
+
+import javax.servlet.ReadListener;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import org.apache.commons.fileupload.FileItemIterator;
+import org.apache.commons.fileupload.FileItemStream;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.fileupload.util.Streams;
+
+/**
+ * The wrapper for the HttpServletRequest object which will be passed to the application
+ * being protected by the WAF. It contains logic for parsing multipart parameters out of
+ * the request and provided downstream application logic a way of accessing it like it
+ * hasn't been touched.
+ *
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class InterceptingHTTPServletRequest extends HttpServletRequestWrapper {
+
+    private Vector<Parameter> allParameters;
+    private Vector<String> allParameterNames;
+    private static int CHUNKED_BUFFER_SIZE = 1024;
+
+    private boolean isMultipart = false;
+    private RandomAccessFile requestBody;
+    private RAFInputStream is;
+
+    public ServletInputStream getInputStream() throws IOException {
+
+        if ( isMultipart ) {
+            return is;
+        } else {
+            return super.getInputStream();
+        }
+
+    }
+
+    public BufferedReader getReader() throws IOException {
+        String enc = getCharacterEncoding();
+        if(enc == null) enc = "UTF-8";
+        return new BufferedReader(new InputStreamReader(getInputStream(), enc));
+    }
+
+    public InterceptingHTTPServletRequest(HttpServletRequest request) throws FileUploadException, IOException {
+
+        super(request);
+
+        allParameters = new Vector<Parameter>();
+        allParameterNames = new Vector<String>();
+
+
+        /*
+         * Get all the regular parameters.
+         */
+
+        Enumeration e = request.getParameterNames();
+
+        while(e.hasMoreElements()) {
+            String param = (String)e.nextElement();
+            allParameters.add(new Parameter(param,request.getParameter(param),false));
+            allParameterNames.add(param);
+        }
+
+
+        /*
+         * Get all the multipart fields.
+         */
+
+        isMultipart = ServletFileUpload.isMultipartContent(request);
+
+        if ( isMultipart ) {
+
+            requestBody = new RandomAccessFile( File.createTempFile("oew","mpc"), "rw");
+
+            byte buffer[] = new byte[CHUNKED_BUFFER_SIZE];
+
+            long size = 0;
+            int len = 0;
+
+            while ( len != -1 && size <= Integer.MAX_VALUE) {
+                len = request.getInputStream().read(buffer, 0, CHUNKED_BUFFER_SIZE);
+                if ( len != -1 ) {
+                    size += len;
+                    requestBody.write(buffer,0,len);
+                }
+            }
+
+            is = new RAFInputStream(requestBody);
+
+            ServletFileUpload sfu = new ServletFileUpload();
+            FileItemIterator iter = sfu.getItemIterator(this);
+
+            while(iter.hasNext()) {
+                FileItemStream item = iter.next();
+                String name = item.getFieldName();
+                InputStream stream = item.openStream();
+
+                /*
+                 * If this is a regular form field, add it to our
+                 * parameter collection.
+                 */
+
+                if (item.isFormField()) {
+
+                    String value = Streams.asString(stream);
+
+                    allParameters.add(new Parameter(name,value,true));
+                    allParameterNames.add(name);
+
+                } else {
+                    /*
+                     * This is a multipart content that is not a
+                     * regular form field. Nothing to do here.
+                     */
+
+                }
+
+            }
+
+            requestBody.seek(0);
+
+        }
+
+    }
+
+    public String getDictionaryParameter(String s) {
+
+        for(int i=0;i<allParameters.size();i++) {
+            Parameter p = allParameters.get(i);
+            if ( p.getName().equals(s) ) {
+                return p.getValue();
+            }
+        }
+
+        return null;
+    }
+
+    public Enumeration getDictionaryParameterNames() {
+        return allParameterNames.elements();
+    }
+
+
+    private class RAFInputStream extends ServletInputStream {
+
+        RandomAccessFile raf;
+        boolean isDone = false;
+
+        public RAFInputStream(RandomAccessFile raf) throws IOException {
+            this.raf = raf;
+            this.raf.seek(0);
+        }
+
+        public int read() throws IOException {
+            int rval = raf.read();
+            isDone = rval == -1;
+            return rval;
+        }
+
+        public synchronized void reset() throws IOException {
+            raf.seek(0);
+            isDone=false;
+        }
+
+        @Override
+        public boolean isFinished() {
+            return isDone;
+        }
+
+        @Override
+        public boolean isReady() {
+            return false;
+        }
+
+        @Override
+        public void setReadListener(ReadListener readListener) {
+            //NO-OP.  Unused in this scope
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java
index 2cd41a38f..37bf402ca 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java
@@ -1,186 +1,186 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
-import org.owasp.esapi.waf.rules.AddSecureFlagRule;
-import org.owasp.esapi.waf.rules.Rule;
-
-/**
- * The wrapper for the HttpServletResponse object which will be passed to the application
- * being protected by the WAF. It contains logic for the response building API in order
- * to allow the WAF rules regarding responses to work. Much of the work is delegated to
- * other classes, especially InterceptingServletOutputStream
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class InterceptingHTTPServletResponse extends HttpServletResponseWrapper {
-
-	private InterceptingPrintWriter ipw;
-	private InterceptingServletOutputStream isos;
-	private String contentType;
-
-	private List<AddSecureFlagRule> addSecureFlagRules = null;
-	private List<AddHTTPOnlyFlagRule> addHTTPOnlyFlagRules = null;
-	private boolean alreadyCalledWriter = false;
-	private boolean alreadyCalledOutputStream = false;
-
-	public InterceptingHTTPServletResponse(HttpServletResponse response, boolean buffering, List<Rule> cookieRules) throws IOException {
-
-		super(response);
-		
-		this.contentType = response.getContentType();
-		
-		this.isos = new InterceptingServletOutputStream(response.getOutputStream(), buffering);
-		this.ipw = new InterceptingPrintWriter(new PrintWriter(isos));
-
-		addSecureFlagRules = new ArrayList<AddSecureFlagRule>();
-		addHTTPOnlyFlagRules = new ArrayList<AddHTTPOnlyFlagRule>();
-
-		for(int i=0;i<cookieRules.size();i++) {
-			Rule r = cookieRules.get(i);
-			if ( r instanceof AddSecureFlagRule ) {
-				addSecureFlagRules.add((AddSecureFlagRule)r);
-			} else if ( r instanceof AddHTTPOnlyFlagRule ) {
-				addHTTPOnlyFlagRules.add((AddHTTPOnlyFlagRule)r);
-			}
-		}
-	}
-
-	public boolean isUsingWriter() {
-		return alreadyCalledWriter;
-	}
-
-	public InterceptingServletOutputStream getInterceptingServletOutputStream() {
-		return isos;
-	}
-
-	public ServletOutputStream getOutputStream() throws IllegalStateException, IOException {
-		if ( alreadyCalledWriter == true ) {
-			throw new IllegalStateException();
-		}
-
-		alreadyCalledOutputStream = true;
-
-		return isos;
-    }
-
-	public PrintWriter getWriter() throws IOException {
-		if ( alreadyCalledOutputStream == true ) {
-			throw new IllegalStateException();
-		}
-		alreadyCalledWriter = true;
-
-		return ipw;
-	}
-
-    public String getContentType() {
-        return contentType;
-    }
-
-    public void setContentType(String s) {
-    	contentType = s;
-    }
-
-    public void flush() {
-    	ipw.flush();
-    }
-
-    public void commit() throws IOException {
-
-    	if ( alreadyCalledWriter ) {
-    		ipw.flush();
-    	}
-
-    	isos.commit();
-    }
-
-    public void addCookie(Cookie cookie) {
-    	addCookie(cookie, cookie.getMaxAge()<=0);
-    }
-    
-	public void addCookie(Cookie cookie, boolean isSession) {
-
-		boolean addSecureFlag = cookie.getSecure();
-		boolean addHTTPOnlyFlag = false;
-
-		if ( ! cookie.getSecure() && addSecureFlagRules != null ) {
-			for(int i=0;i<addSecureFlagRules.size();i++) {
-				AddSecureFlagRule asfr = addSecureFlagRules.get(i);
-				if ( asfr.doesCookieMatch(cookie.getName())) {
-					addSecureFlag = true;
-				}
-			}
-		}
-
-		if ( addHTTPOnlyFlagRules != null ) {
-			for(int i=0;i<addHTTPOnlyFlagRules.size();i++) {
-				AddHTTPOnlyFlagRule ashr = addHTTPOnlyFlagRules.get(i);
-				if ( ashr.doesCookieMatch(cookie.getName())) {
-					addHTTPOnlyFlag = true;
-				}
-			}
-		}
-
-		String cookieValue = createCookieHeader(cookie.getName(),cookie.getValue(),
-												cookie.getMaxAge(),cookie.getDomain(),
-												cookie.getPath(), addSecureFlag,
-												addHTTPOnlyFlag, isSession);
-		addHeader("Set-Cookie", cookieValue);
-
-
-	}
-
-	private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure, boolean httpOnly, boolean isTemporary) {
-        // create the special cookie header instead of creating a Java cookie
-        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
-        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
-        String header = name + "=" + value;
-
-        if ( ! isTemporary ) {
-        	header += "; Max-Age=" + maxAge;
-        }
-
-        if (domain != null) {
-            header += "; Domain=" + domain;
-        }
-        if (path != null) {
-            header += "; Path=" + path;
-        }
-
-        if ( secure ) {
-        	header += "; Secure";
-        }
-
-        if (httpOnly) {
-        	header += "; HttpOnly";
-        }
-
-        return header;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
+import org.owasp.esapi.waf.rules.AddSecureFlagRule;
+import org.owasp.esapi.waf.rules.Rule;
+
+/**
+ * The wrapper for the HttpServletResponse object which will be passed to the application
+ * being protected by the WAF. It contains logic for the response building API in order
+ * to allow the WAF rules regarding responses to work. Much of the work is delegated to
+ * other classes, especially InterceptingServletOutputStream
+ *
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class InterceptingHTTPServletResponse extends HttpServletResponseWrapper {
+
+    private InterceptingPrintWriter ipw;
+    private InterceptingServletOutputStream isos;
+    private String contentType;
+
+    private List<AddSecureFlagRule> addSecureFlagRules = null;
+    private List<AddHTTPOnlyFlagRule> addHTTPOnlyFlagRules = null;
+    private boolean alreadyCalledWriter = false;
+    private boolean alreadyCalledOutputStream = false;
+
+    public InterceptingHTTPServletResponse(HttpServletResponse response, boolean buffering, List<Rule> cookieRules) throws IOException {
+
+        super(response);
+
+        this.contentType = response.getContentType();
+
+        this.isos = new InterceptingServletOutputStream(response.getOutputStream(), buffering);
+        this.ipw = new InterceptingPrintWriter(new PrintWriter(isos));
+
+        addSecureFlagRules = new ArrayList<AddSecureFlagRule>();
+        addHTTPOnlyFlagRules = new ArrayList<AddHTTPOnlyFlagRule>();
+
+        for(int i=0;i<cookieRules.size();i++) {
+            Rule r = cookieRules.get(i);
+            if ( r instanceof AddSecureFlagRule ) {
+                addSecureFlagRules.add((AddSecureFlagRule)r);
+            } else if ( r instanceof AddHTTPOnlyFlagRule ) {
+                addHTTPOnlyFlagRules.add((AddHTTPOnlyFlagRule)r);
+            }
+        }
+    }
+
+    public boolean isUsingWriter() {
+        return alreadyCalledWriter;
+    }
+
+    public InterceptingServletOutputStream getInterceptingServletOutputStream() {
+        return isos;
+    }
+
+    public ServletOutputStream getOutputStream() throws IllegalStateException, IOException {
+        if ( alreadyCalledWriter == true ) {
+            throw new IllegalStateException();
+        }
+
+        alreadyCalledOutputStream = true;
+
+        return isos;
+    }
+
+    public PrintWriter getWriter() throws IOException {
+        if ( alreadyCalledOutputStream == true ) {
+            throw new IllegalStateException();
+        }
+        alreadyCalledWriter = true;
+
+        return ipw;
+    }
+
+    public String getContentType() {
+        return contentType;
+    }
+
+    public void setContentType(String s) {
+        contentType = s;
+    }
+
+    public void flush() {
+        ipw.flush();
+    }
+
+    public void commit() throws IOException {
+
+        if ( alreadyCalledWriter ) {
+            ipw.flush();
+        }
+
+        isos.commit();
+    }
+
+    public void addCookie(Cookie cookie) {
+        addCookie(cookie, cookie.getMaxAge()<=0);
+    }
+
+    public void addCookie(Cookie cookie, boolean isSession) {
+
+        boolean addSecureFlag = cookie.getSecure();
+        boolean addHTTPOnlyFlag = false;
+
+        if ( ! cookie.getSecure() && addSecureFlagRules != null ) {
+            for(int i=0;i<addSecureFlagRules.size();i++) {
+                AddSecureFlagRule asfr = addSecureFlagRules.get(i);
+                if ( asfr.doesCookieMatch(cookie.getName())) {
+                    addSecureFlag = true;
+                }
+            }
+        }
+
+        if ( addHTTPOnlyFlagRules != null ) {
+            for(int i=0;i<addHTTPOnlyFlagRules.size();i++) {
+                AddHTTPOnlyFlagRule ashr = addHTTPOnlyFlagRules.get(i);
+                if ( ashr.doesCookieMatch(cookie.getName())) {
+                    addHTTPOnlyFlag = true;
+                }
+            }
+        }
+
+        String cookieValue = createCookieHeader(cookie.getName(),cookie.getValue(),
+                                                cookie.getMaxAge(),cookie.getDomain(),
+                                                cookie.getPath(), addSecureFlag,
+                                                addHTTPOnlyFlag, isSession);
+        addHeader("Set-Cookie", cookieValue);
+
+
+    }
+
+    private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure, boolean httpOnly, boolean isTemporary) {
+        // create the special cookie header instead of creating a Java cookie
+        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
+        String header = name + "=" + value;
+
+        if ( ! isTemporary ) {
+            header += "; Max-Age=" + maxAge;
+        }
+
+        if (domain != null) {
+            header += "; Domain=" + domain;
+        }
+        if (path != null) {
+            header += "; Path=" + path;
+        }
+
+        if ( secure ) {
+            header += "; Secure";
+        }
+
+        if (httpOnly) {
+            header += "; HttpOnly";
+        }
+
+        return header;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java
index d73b8bfd5..57200e7a4 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java
@@ -1,182 +1,182 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.PrintWriter;
-import java.io.Writer;
-import java.util.Locale;
-
-/**
- * The PrintWriter needed to buffer outbound data generated by the application
- * being protected by the WAF. Currently no logic is needed here right now due
- * to the WAF things have been architected in the main file, 
- * InterceptingHTTPServletResponse.
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- */
-public class InterceptingPrintWriter extends PrintWriter {
-
-	public InterceptingPrintWriter(Writer out) {
-		super(out);
-	}
-
-	public PrintWriter append(char c) {
-		return super.append(c);
-	}
-
-	public PrintWriter append(CharSequence csq, int start, int end) {
-		return super.append(csq, start, end);
-	}
-
-	public PrintWriter append(CharSequence csq) {
-		return super.append(csq);
-	}
-
-	public boolean checkError() {
-		return super.checkError();
-	}
-
-// Java 1.6 only
-//	protected void clearError() {
-//		super.clearError();
-//	}
-
-	public void close() {
-		super.close();
-	}
-
-	public void flush() {
-		super.flush();
-	}
-
-	public PrintWriter format(Locale l, String format, Object... args) {
-		return super.format(l, format, args);
-	}
-
-	public PrintWriter format(String format, Object... args) {
-		return super.format(format, args);
-	}
-
-	public void print(boolean b) {
-		super.print(b);
-	}
-
-	public void print(char c) {
-		super.print(c);
-	}
-
-	public void print(char[] s) {
-		super.print(s);
-	}
-
-	public void print(double d) {
-		super.print(d);
-	}
-
-	public void print(float f) {
-		super.print(f);
-	}
-
-	public void print(int i) {
-		super.print(i);
-	}
-
-	public void print(long l) {
-		super.print(l);
-	}
-
-	public void print(Object obj) {
-		super.print(obj);
-	}
-
-	public void print(String s) {
-		super.print(s);
-	}
-
-	public PrintWriter printf(Locale l, String format, Object... args) {
-		return super.printf(l, format, args);
-	}
-
-	public PrintWriter printf(String format, Object... args) {
-		return super.printf(format, args);
-	}
-
-	public void println() {
-		super.println();
-	}
-
-	public void println(boolean x) {
-		super.println(x);
-	}
-
-	public void println(char x) {
-		super.println(x);
-	}
-
-	public void println(char[] x) {
-		super.println(x);
-	}
-
-	public void println(double x) {
-		super.println(x);
-	}
-
-	public void println(float x) {
-		super.println(x);
-	}
-
-	public void println(int x) {
-		super.println(x);
-	}
-
-	public void println(long x) {
-		super.println(x);
-	}
-
-	public void println(Object x) {
-		super.println(x);
-	}
-
-	public void println(String x) {
-		super.println(x);
-	}
-
-	protected void setError() {
-		super.setError();
-	}
-
-	public void write(char[] buf, int off, int len) {
-		super.write(buf, off, len);
-	}
-
-	public void write(char[] buf) {
-		super.write(buf);
-	}
-
-	public void write(int c) {
-		super.write(c);
-	}
-
-	public void write(String s, int off, int len) {
-		super.write(s, off, len);
-	}
-
-	public void write(String s) {
-		super.write(s);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.PrintWriter;
+import java.io.Writer;
+import java.util.Locale;
+
+/**
+ * The PrintWriter needed to buffer outbound data generated by the application
+ * being protected by the WAF. Currently no logic is needed here right now due
+ * to the WAF things have been architected in the main file,
+ * InterceptingHTTPServletResponse.
+ *
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
+ */
+public class InterceptingPrintWriter extends PrintWriter {
+
+    public InterceptingPrintWriter(Writer out) {
+        super(out);
+    }
+
+    public PrintWriter append(char c) {
+        return super.append(c);
+    }
+
+    public PrintWriter append(CharSequence csq, int start, int end) {
+        return super.append(csq, start, end);
+    }
+
+    public PrintWriter append(CharSequence csq) {
+        return super.append(csq);
+    }
+
+    public boolean checkError() {
+        return super.checkError();
+    }
+
+// Java 1.6 only
+//    protected void clearError() {
+//        super.clearError();
+//    }
+
+    public void close() {
+        super.close();
+    }
+
+    public void flush() {
+        super.flush();
+    }
+
+    public PrintWriter format(Locale l, String format, Object... args) {
+        return super.format(l, format, args);
+    }
+
+    public PrintWriter format(String format, Object... args) {
+        return super.format(format, args);
+    }
+
+    public void print(boolean b) {
+        super.print(b);
+    }
+
+    public void print(char c) {
+        super.print(c);
+    }
+
+    public void print(char[] s) {
+        super.print(s);
+    }
+
+    public void print(double d) {
+        super.print(d);
+    }
+
+    public void print(float f) {
+        super.print(f);
+    }
+
+    public void print(int i) {
+        super.print(i);
+    }
+
+    public void print(long l) {
+        super.print(l);
+    }
+
+    public void print(Object obj) {
+        super.print(obj);
+    }
+
+    public void print(String s) {
+        super.print(s);
+    }
+
+    public PrintWriter printf(Locale l, String format, Object... args) {
+        return super.printf(l, format, args);
+    }
+
+    public PrintWriter printf(String format, Object... args) {
+        return super.printf(format, args);
+    }
+
+    public void println() {
+        super.println();
+    }
+
+    public void println(boolean x) {
+        super.println(x);
+    }
+
+    public void println(char x) {
+        super.println(x);
+    }
+
+    public void println(char[] x) {
+        super.println(x);
+    }
+
+    public void println(double x) {
+        super.println(x);
+    }
+
+    public void println(float x) {
+        super.println(x);
+    }
+
+    public void println(int x) {
+        super.println(x);
+    }
+
+    public void println(long x) {
+        super.println(x);
+    }
+
+    public void println(Object x) {
+        super.println(x);
+    }
+
+    public void println(String x) {
+        super.println(x);
+    }
+
+    protected void setError() {
+        super.setError();
+    }
+
+    public void write(char[] buf, int off, int len) {
+        super.write(buf, off, len);
+    }
+
+    public void write(char[] buf) {
+        super.write(buf);
+    }
+
+    public void write(int c) {
+        super.write(c);
+    }
+
+    public void write(String s, int off, int len) {
+        super.write(s, off, len);
+    }
+
+    public void write(String s) {
+        super.write(s);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
index 9c42a4fe8..47fd19fe9 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
@@ -1,161 +1,175 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.RandomAccessFile;
-
-import javax.servlet.ServletOutputStream;
-
-/**
- * This class was inspired by ModSecurity for Java by Ivan Ristic. We hook
- * the response stream and queue up all outbound data so that we can apply
- * egress rules. For efficiency, we decide off the bat if we need to buffer
- * responses to accomplish any of the rules in the policy file.
- *
- * If not, we just forward everything through, otherwise we write data to our
- * byte stream that we will eventually forward en totale to the user agent.
- * 
- * @author Arshan Dabirsiaghi
- */
-
-public class InterceptingServletOutputStream extends ServletOutputStream {
-
-	private static final int FLUSH_BLOCK_SIZE = 1024;
-	private ServletOutputStream os;
-	private boolean buffering;
-	private boolean committed;
-	private boolean closed;
-	
-	private RandomAccessFile out;
-	
-	public InterceptingServletOutputStream(ServletOutputStream os, boolean buffered) throws FileNotFoundException, IOException {
-		super();
-		this.os = os;
-		this.buffering = buffered;
-		this.committed = false;
-		this.closed = false;
-		
-		/*
-		 * Creating a RandomAccessFile to keep track of output generated. I made
-		 * the prefix and suffix small for less processing. The "oew" is intended
-		 * to stand for "OWASP ESAPI WAF" and the "hop" for HTTP output.
-		 */
-		this.out = new RandomAccessFile ( File.createTempFile("oew", ".hop"), "rw" ); 
-	}
-
-	public void reset() throws IOException {
-		out.setLength(0L);
-	}
-
-	public byte[] getResponseBytes() throws IOException {
-		
-		byte[] buffer = new byte[(int) out.length()];
-		out.seek(0);
-		out.read(buffer, 0, (int)out.length());
-		out.seek(out.length());
-		return buffer;
-		
-	}
-
-	public void setResponseBytes(byte[] responseBytes) throws IOException {
-		
-		if ( ! buffering && out.length() > 0 ) {
-			throw new IOException("Already committed response because not currently buffering");
-		}
-
-		out.setLength(0L);
-		out.write(responseBytes);
-	}
-
-	public void write(int i) throws IOException {
-		if (!buffering) {
-			os.write(i);
-		}
-		out.write(i);
-	}
-
-	public void write(byte[] b) throws IOException {
-        if (!buffering) {
-        	os.write(b, 0, b.length);
-        }
-        out.write(b, 0, b.length);
-    }
-
-	public void write(byte[] b, int off, int len) throws IOException {
-        if (!buffering) {
-        	os.write(b, off, len);
-        }
-        out.write(b, off, len);
-    }
-
-	public void flush() throws IOException {
-		
-		if (buffering) {
-		
-			synchronized(out) {
-
-				out.seek(0);
-				
-				byte[] buff = new byte[FLUSH_BLOCK_SIZE];
-				
-				for(int i=0;i<out.length();) {
-					
-					long currentPos = out.getFilePointer();
-					long totalSize = out.length();
-					int amountToWrite = FLUSH_BLOCK_SIZE;
-					
-					if ( (totalSize - currentPos) < FLUSH_BLOCK_SIZE ) {
-						amountToWrite = (int) (totalSize - currentPos);
-					}
-			
-					out.read(buff, 0, (int)amountToWrite);
-					
-					os.write(buff,0,amountToWrite);
-					
-					i+=amountToWrite;
-					
-				}
-				
-				out.setLength(0);
-				
-			}
-		}
-
-	}
-
-	public void commit() throws IOException {
-		
-		if (!buffering) { // || committed || closed
-        	return;
-        } else {
-        	flush();
-        }
-		committed = true;
-    }
-
-    public void close() throws IOException {
-    	
-        if (!buffering)  {
-        	os.close();
-        }
-        closed = true;
-
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
+
+/**
+ * This class was inspired by ModSecurity for Java by Ivan Ristic. We hook
+ * the response stream and queue up all outbound data so that we can apply
+ * egress rules. For efficiency, we decide off the bat if we need to buffer
+ * responses to accomplish any of the rules in the policy file.
+ *
+ * If not, we just forward everything through, otherwise we write data to our
+ * byte stream that we will eventually forward en totale to the user agent.
+ *
+ * @author Arshan Dabirsiaghi
+ */
+
+public class InterceptingServletOutputStream extends ServletOutputStream {
+
+    private static final int FLUSH_BLOCK_SIZE = 1024;
+    private ServletOutputStream os;
+    private boolean buffering;
+    private boolean committed;
+    private boolean closed;
+
+    private RandomAccessFile out;
+
+    public InterceptingServletOutputStream(ServletOutputStream os, boolean buffered) throws FileNotFoundException, IOException {
+        super();
+        this.os = os;
+        this.buffering = buffered;
+        this.committed = false;
+        this.closed = false;
+
+        /*
+         * Creating a RandomAccessFile to keep track of output generated. I made
+         * the prefix and suffix small for less processing. The "oew" is intended
+         * to stand for "OWASP ESAPI WAF" and the "hop" for HTTP output.
+         */
+        File tempFile= File.createTempFile("oew", ".hop");
+        this.out = new RandomAccessFile (tempFile, "rw" );
+        tempFile.deleteOnExit();
+
+    }
+
+    public void reset() throws IOException {
+        out.setLength(0L);
+    }
+
+    public byte[] getResponseBytes() throws IOException {
+
+        byte[] buffer = new byte[(int) out.length()];
+        out.seek(0);
+        out.read(buffer, 0, (int)out.length());
+        out.seek(out.length());
+        return buffer;
+
+    }
+
+    public void setResponseBytes(byte[] responseBytes) throws IOException {
+
+        if ( ! buffering && out.length() > 0 ) {
+            throw new IOException("Already committed response because not currently buffering");
+        }
+
+        out.setLength(0L);
+        out.write(responseBytes);
+    }
+
+    public void write(int i) throws IOException {
+        if (!buffering) {
+            os.write(i);
+        }
+        out.write(i);
+    }
+
+    public void write(byte[] b) throws IOException {
+        if (!buffering) {
+            os.write(b, 0, b.length);
+        }
+        out.write(b, 0, b.length);
+    }
+
+    public void write(byte[] b, int off, int len) throws IOException {
+        if (!buffering) {
+            os.write(b, off, len);
+        }
+        out.write(b, off, len);
+    }
+
+    public void flush() throws IOException {
+
+        if (buffering) {
+
+            synchronized(out) {
+
+                out.seek(0);
+
+                byte[] buff = new byte[FLUSH_BLOCK_SIZE];
+
+                for(int i=0;i<out.length();) {
+
+                    long currentPos = out.getFilePointer();
+                    long totalSize = out.length();
+                    int amountToWrite = FLUSH_BLOCK_SIZE;
+
+                    if ( (totalSize - currentPos) < FLUSH_BLOCK_SIZE ) {
+                        amountToWrite = (int) (totalSize - currentPos);
+                    }
+
+                    out.read(buff, 0, amountToWrite);
+
+                    os.write(buff,0,amountToWrite);
+
+                    i+=amountToWrite;
+
+                }
+
+                out.setLength(0);
+
+            }
+        }
+
+    }
+
+    public void commit() throws IOException {
+
+        if (!buffering) { // || committed || closed
+            return;
+        } else {
+            flush();
+        }
+        committed = true;
+    }
+
+    public void close() throws IOException {
+
+        if (!buffering)  {
+            os.close();
+        }
+        closed = true;
+
+    }
+
+    @Override
+    public boolean isReady() {
+        return os.isReady();
+    }
+
+    @Override
+    public void setWriteListener(WriteListener writeListener) {
+        os.setWriteListener(writeListener);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/internal/Parameter.java b/src/main/java/org/owasp/esapi/waf/internal/Parameter.java
index 81d16a161..0f142992a 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/Parameter.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/Parameter.java
@@ -1,49 +1,49 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-/**
- * A simple object to represent a name=value HTTP parameter.
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class Parameter {
-
-	private String name;
-	private String value;
-	private boolean fromMultipart;
-
-	public Parameter(String name, String value, boolean fromMultipart) {
-		this.name = name;
-		this.value = value;
-		this.fromMultipart = fromMultipart;
-	}
-
-	public String getName() {
-		return name;
-	}
-	public void setName(String name) {
-		this.name = name;
-	}
-	public String getValue() {
-		return value;
-	}
-	public void setValue(String value) {
-		this.value = value;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+/**
+ * A simple object to represent a name=value HTTP parameter.
+ *
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class Parameter {
+
+    private String name;
+    private String value;
+    private boolean fromMultipart;
+
+    public Parameter(String name, String value, boolean fromMultipart) {
+        this.name = name;
+        this.value = value;
+        this.fromMultipart = fromMultipart;
+    }
+
+    public String getName() {
+        return name;
+    }
+    public void setName(String name) {
+        this.name = name;
+    }
+    public String getValue() {
+        return value;
+    }
+    public void setValue(String value) {
+        this.value = value;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/internal/package.html b/src/main/java/org/owasp/esapi/waf/internal/package.html
index 3b535518f..92d808c9f 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/package.html
+++ b/src/main/java/org/owasp/esapi/waf/internal/package.html
@@ -1,12 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains all HTTP-related classes used internally by the WAF for the implementation
-of its rules. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains all HTTP-related classes used internally by the WAF for the implementation
+of its rules.
+
+</body>
+</html>
diff --git a/src/main/java/org/owasp/esapi/waf/package.html b/src/main/java/org/owasp/esapi/waf/package.html
index bf23005ed..186c820f8 100644
--- a/src/main/java/org/owasp/esapi/waf/package.html
+++ b/src/main/java/org/owasp/esapi/waf/package.html
@@ -1,14 +1,14 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains the ESAPI Web Application Firewall (WAF). It is an optional feature of ESAPI
-that can be used with or without ESAPI's other security controls in place. It's purpose is to provide
-fast virtual patching capabilities against known vulnerabilities or the enforcement of existing
-security policies where possible.
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains the ESAPI Web Application Firewall (WAF). It is an optional feature of ESAPI
+that can be used with or without ESAPI's other security controls in place. It's purpose is to provide
+fast virtual patching capabilities against known vulnerabilities or the enforcement of existing
+security policies where possible.
+
+</body>
+</html>
diff --git a/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java b/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java
index 6a382fa81..21395cb5e 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;add-http-only-flag&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AddHTTPOnlyFlagRule extends Rule {
-
-	private List<Pattern> name;
-
-	public AddHTTPOnlyFlagRule(String id, List<Pattern> name) {
-		setId(id);
-		this.name = name;
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		DoNothingAction action = new DoNothingAction();
-
-		return action;
-	}
-
-	public boolean doesCookieMatch(String cookieName) {
-
-		for(int i=0;i<name.size();i++) {
-			Pattern p = name.get(i);
-			if ( p.matcher(cookieName).matches() ) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;add-http-only-flag&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AddHTTPOnlyFlagRule extends Rule {
+
+    private List<Pattern> name;
+
+    public AddHTTPOnlyFlagRule(String id, List<Pattern> name) {
+        setId(id);
+        this.name = name;
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        DoNothingAction action = new DoNothingAction();
+
+        return action;
+    }
+
+    public boolean doesCookieMatch(String cookieName) {
+
+        for(int i=0;i<name.size();i++) {
+            Pattern p = name.get(i);
+            if ( p.matcher(cookieName).matches() ) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java b/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java
index d235b5977..68bb05e7d 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java
@@ -1,92 +1,92 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;add-header&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AddHeaderRule extends Rule {
-
-	private String header;
-	private String value;
-	private Pattern path;
-	private List<Object> exceptions;
-
-	public AddHeaderRule(String id, String header, String value, Pattern path, List<Object> exceptions) {
-		setId(id);
-		this.header = header;
-		this.value = value;
-		this.path = path;
-		this.exceptions = exceptions;
-	}
-
-	public Action check(
-			HttpServletRequest request, 
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		DoNothingAction action = new DoNothingAction();
-
-		if ( path.matcher(request.getRequestURI()).matches() ) {
-
-			for(int i=0;i<exceptions.size();i++) {
-
-				Object o = exceptions.get(i);
-
-				if ( o instanceof String ) {
-					if ( request.getRequestURI().equals((String)o)) {
-						action.setFailed(false);
-						action.setActionNecessary(false);
-						return action;
-					}
-				} else if ( o instanceof Pattern ) {
-					if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
-						action.setFailed(false);
-						action.setActionNecessary(false);
-						return action;					
-					}
-				}
-
-			}
-
-
-			action.setFailed(true);
-			action.setActionNecessary(false);
-
-			if ( response != null ) {
-				response.setHeader(header, value);
-			} else {
-				httpResponse.setHeader(header, value);
-			}
-
-		}
-
-		return action;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;add-header&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AddHeaderRule extends Rule {
+
+    private String header;
+    private String value;
+    private Pattern path;
+    private List<Object> exceptions;
+
+    public AddHeaderRule(String id, String header, String value, Pattern path, List<Object> exceptions) {
+        setId(id);
+        this.header = header;
+        this.value = value;
+        this.path = path;
+        this.exceptions = exceptions;
+    }
+
+    public Action check(
+            HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        DoNothingAction action = new DoNothingAction();
+
+        if ( path.matcher(request.getRequestURI()).matches() ) {
+
+            for(int i=0;i<exceptions.size();i++) {
+
+                Object o = exceptions.get(i);
+
+                if ( o instanceof String ) {
+                    if ( request.getRequestURI().equals((String)o)) {
+                        action.setFailed(false);
+                        action.setActionNecessary(false);
+                        return action;
+                    }
+                } else if ( o instanceof Pattern ) {
+                    if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
+                        action.setFailed(false);
+                        action.setActionNecessary(false);
+                        return action;
+                    }
+                }
+
+            }
+
+
+            action.setFailed(true);
+            action.setActionNecessary(false);
+
+            if ( response != null ) {
+                response.setHeader(header, value);
+            } else {
+                httpResponse.setHeader(header, value);
+            }
+
+        }
+
+        return action;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java b/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java
index 6dabe53a0..515840196 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;add-secure-flag&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AddSecureFlagRule extends Rule {
-
-	private List<Pattern> name;
-
-	public AddSecureFlagRule(String id, List<Pattern> name) {
-		this.name = name;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-		
-		DoNothingAction action = new DoNothingAction();
-
-		return action;
-	}
-
-	public boolean doesCookieMatch(String cookieName) {
-
-		for(int i=0;i<name.size();i++) {
-			Pattern p = name.get(i);
-			if ( p.matcher(cookieName).matches() ) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;add-secure-flag&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AddSecureFlagRule extends Rule {
+
+    private List<Pattern> name;
+
+    public AddSecureFlagRule(String id, List<Pattern> name) {
+        this.name = name;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        DoNothingAction action = new DoNothingAction();
+
+        return action;
+    }
+
+    public boolean doesCookieMatch(String cookieName) {
+
+        for(int i=0;i<name.size();i++) {
+            Pattern p = name.get(i);
+            if ( p.matcher(cookieName).matches() ) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java b/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java
index 747a0f680..d232b7e6d 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java
@@ -1,92 +1,92 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;authentication-rules&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AuthenticatedRule extends Rule {
-
-	private String sessionAttribute;
-	private Pattern path;
-	private List<Object> exceptions;
-
-	public AuthenticatedRule(String id, String sessionAttribute, Pattern path, List<Object> exceptions) {
-		this.sessionAttribute = sessionAttribute;
-		this.path = path;
-		this.exceptions = exceptions;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		HttpSession session = request.getSession();
-		String uri = request.getRequestURI();
-
-		if ( path != null && ! path.matcher(uri).matches() ) {
-			return new DoNothingAction();
-		}
-
-		if ( session != null && session.getAttribute(sessionAttribute) != null ) {
-
-			return new DoNothingAction();
-
-		} else { /* check if it's one of the exceptions */
-
-			Iterator<Object> it = exceptions.iterator();
-
-			while(it.hasNext()) {
-				Object o = it.next();
-				if ( o instanceof Pattern ) {
-
-					Pattern p = (Pattern)o;
-					if ( p.matcher(uri).matches() ) {
-						return new DoNothingAction();
-					}
-
-				} else if ( o instanceof String ) {
-
-					if ( uri.equals((String)o)) {
-						return new DoNothingAction();
-					}
-
-				}
-			}
-		}
-
-		log(request, "User requested unauthenticated access to URI '" + request.getRequestURI() + "' [querystring="+request.getQueryString()+"]");
-
-		return new DefaultAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;authentication-rules&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AuthenticatedRule extends Rule {
+
+    private String sessionAttribute;
+    private Pattern path;
+    private List<Object> exceptions;
+
+    public AuthenticatedRule(String id, String sessionAttribute, Pattern path, List<Object> exceptions) {
+        this.sessionAttribute = sessionAttribute;
+        this.path = path;
+        this.exceptions = exceptions;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        HttpSession session = request.getSession();
+        String uri = request.getRequestURI();
+
+        if ( path != null && ! path.matcher(uri).matches() ) {
+            return new DoNothingAction();
+        }
+
+        if ( session != null && session.getAttribute(sessionAttribute) != null ) {
+
+            return new DoNothingAction();
+
+        } else { /* check if it's one of the exceptions */
+
+            Iterator<Object> it = exceptions.iterator();
+
+            while(it.hasNext()) {
+                Object o = it.next();
+                if ( o instanceof Pattern ) {
+
+                    Pattern p = (Pattern)o;
+                    if ( p.matcher(uri).matches() ) {
+                        return new DoNothingAction();
+                    }
+
+                } else if ( o instanceof String ) {
+
+                    if ( uri.equals((String)o)) {
+                        return new DoNothingAction();
+                    }
+
+                }
+            }
+        }
+
+        log(request, "User requested unauthenticated access to URI '" + request.getRequestURI() + "' [querystring="+request.getQueryString()+"]");
+
+        return new DefaultAction();
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java b/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
index f54589f65..7d0310796 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
@@ -1,116 +1,119 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-import bsh.EvalError;
-import bsh.Interpreter;
-
-/**
- * This is the Rule subclass executed for &lt;bean-shell-script&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class BeanShellRule extends Rule {
-
-	private Interpreter i;
-	private String script;
-	private Pattern path;
-	
-	public BeanShellRule(String fileLocation, String id, Pattern path) throws IOException, EvalError { 
-		i = new Interpreter();
-		i.set("logger", logger);
-		this.script = getFileContents( ESAPI.securityConfiguration().getResourceFile(fileLocation));
-		this.id = id;
-		this.path = path;
-	}
-	
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * Early fail: if the URL doesn't match one we're interested in.
-		 */
-		
-		if ( path != null && ! path.matcher(request.getRequestURI()).matches() ) {
-			return new DoNothingAction();
-		}
-		
-		/*
-		 * Run the beanshell that we've already parsed
-		 * and pre-compiled. Populate the "request"
-		 * and "response" objects so the script has
-		 * access to the same variables we do here.
-		 */
-		
-		try {
-		
-			Action a = null;
-			
-			i.set("action", a);
-			i.set("request", request);
-			
-			if ( response != null ) {
-				i.set("response", response);	
-			} else {
-				i.set("response", httpResponse);
-			}
-
-			i.set("session", request.getSession());
-			i.eval(script);
-
-			a = (Action)i.get("action");
-	
-			if ( a != null ) {
-				return a;
-			}
-			
-		} catch (EvalError e) {
-			log(request,"Error running custom beanshell rule (" + id + ") - " + e.getMessage());
-		}
-	
-		return new DoNothingAction();
-	}
-	
-	private String getFileContents(File f) throws IOException {
-		
-		FileReader fr = new FileReader(f);
-		StringBuffer sb = new StringBuffer();
-		String line;
-		BufferedReader br = new BufferedReader(fr);
-		
-		while( (line=br.readLine()) != null ) {
-			sb.append(line + System.getProperty("line.separator"));
-		}
-		
-		return sb.toString();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+import bsh.EvalError;
+import bsh.Interpreter;
+
+/**
+ * This is the Rule subclass executed for &lt;bean-shell-script&gt; rules.
+ *
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class BeanShellRule extends Rule {
+
+    private Interpreter i;
+    private String script;
+    private Pattern path;
+
+    public BeanShellRule(String fileLocation, String id, Pattern path) throws IOException, EvalError {
+        i = new Interpreter();
+        i.set("logger", logger);
+        this.script = getFileContents(ESAPI.securityConfiguration().getResourceFile(fileLocation));
+        this.id = id;
+        this.path = path;
+    }
+
+    public Action check(HttpServletRequest request, InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        /*
+         * Early fail: if the URL doesn't match one we're interested in.
+         */
+
+        if (path != null && !path.matcher(request.getRequestURI()).matches()) {
+            return new DoNothingAction();
+        }
+
+        /*
+         * Run the beanshell that we've already parsed and pre-compiled.
+         * Populate the "request" and "response" objects so the script has
+         * access to the same variables we do here.
+         */
+
+        try {
+
+            Action a = null;
+
+            i.set("action", a);
+            i.set("request", request);
+
+            if (response != null) {
+                i.set("response", response);
+            } else {
+                i.set("response", httpResponse);
+            }
+
+            i.set("session", request.getSession());
+            i.eval(script);
+
+            a = (Action) i.get("action");
+
+            if (a != null) {
+                return a;
+            }
+
+        } catch (EvalError e) {
+            log(request, "Error running custom beanshell rule (" + id + ") - " + e.getMessage());
+        }
+
+        return new DoNothingAction();
+    }
+
+    private String getFileContents(File f) throws IOException {
+        StringBuffer sb = new StringBuffer();
+        BufferedReader br = null;
+
+        try {
+            br = new BufferedReader(new FileReader(f));
+            String line;
+            while ((line = br.readLine()) != null) {
+                sb.append(line + System.getProperty("line.separator"));
+            }
+
+        } finally {
+            if (br != null) {
+                br.close();
+            }
+        }
+        return sb.toString();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java b/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java
index 96fe3c110..92931fb80 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java
@@ -1,116 +1,116 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;detect-content&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class DetectOutboundContentRule extends Rule {
-
-	private Pattern contentType;
-	private Pattern pattern;
-	private Pattern uri;
-	
-	public DetectOutboundContentRule(String id, Pattern contentType, Pattern pattern, Pattern uri) {
-		this.contentType = contentType;
-		this.pattern = pattern;
-		this.uri = uri;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * Early fail: if URI doesn't match.
-		 */
-		if ( uri != null && ! uri.matcher(request.getRequestURI()).matches() ) {
-			return new DoNothingAction(); 
-		}
-
-		/*
-		 * Early fail: if the content type is one we'd like to search for output patterns.
-		 */
-
-		String inboundContentType;
-		String charEnc;
-		
-		if ( response != null ) {
-			if ( response.getContentType() == null ) {
-				response.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
-			}
-			inboundContentType = response.getContentType();
-			charEnc = response.getCharacterEncoding();
-			
-		} else {
-			if ( httpResponse.getContentType() == null ) {
-				httpResponse.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
-			}
-			inboundContentType = httpResponse.getContentType();
-			charEnc = httpResponse.getCharacterEncoding();
-		}
-	
-		if ( contentType.matcher(inboundContentType).matches() ) {
-			/*
-			 * Depending on the encoding, search through the bytes
-			 * for the pattern.
-			 */
-			try {
-
-				byte[] bytes = null;
-				
-				try {
-					bytes = response.getInterceptingServletOutputStream().getResponseBytes();
-				} catch (IOException ioe) {
-					log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
-					return new DoNothingAction(); // yes this is a fail open!
-				}
-
-				String s = new String(bytes,charEnc);
-
-				if ( pattern.matcher(s).matches() ) {
-
-					log(request,"Content pattern '" + pattern.pattern() + "' was found in response to URL: '" + request.getRequestURL() + "'");
-					return new DefaultAction();
-
-				}
-
-			} catch (UnsupportedEncodingException uee) {
-				log(request,"Content pattern '" + pattern.pattern() + "' could not be found due to encoding error: " + uee.getMessage());
-			}
-		}
-
-		return new DoNothingAction();
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;detect-content&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class DetectOutboundContentRule extends Rule {
+
+    private Pattern contentType;
+    private Pattern pattern;
+    private Pattern uri;
+
+    public DetectOutboundContentRule(String id, Pattern contentType, Pattern pattern, Pattern uri) {
+        this.contentType = contentType;
+        this.pattern = pattern;
+        this.uri = uri;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        /*
+         * Early fail: if URI doesn't match.
+         */
+        if ( uri != null && ! uri.matcher(request.getRequestURI()).matches() ) {
+            return new DoNothingAction();
+        }
+
+        /*
+         * Early fail: if the content type is one we'd like to search for output patterns.
+         */
+
+        String inboundContentType;
+        String charEnc;
+
+        if ( response != null ) {
+            if ( response.getContentType() == null ) {
+                response.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
+            }
+            inboundContentType = response.getContentType();
+            charEnc = response.getCharacterEncoding();
+
+        } else {
+            if ( httpResponse.getContentType() == null ) {
+                httpResponse.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
+            }
+            inboundContentType = httpResponse.getContentType();
+            charEnc = httpResponse.getCharacterEncoding();
+        }
+
+        if ( contentType.matcher(inboundContentType).matches() ) {
+            /*
+             * Depending on the encoding, search through the bytes
+             * for the pattern.
+             */
+            try {
+
+                byte[] bytes = null;
+
+                try {
+                    bytes = response.getInterceptingServletOutputStream().getResponseBytes();
+                } catch (IOException ioe) {
+                    log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
+                    return new DoNothingAction(); // yes this is a fail open!
+                }
+
+                String s = new String(bytes,charEnc);
+
+                if ( pattern.matcher(s).matches() ) {
+
+                    log(request,"Content pattern '" + pattern.pattern() + "' was found in response to URL: '" + request.getRequestURL() + "'");
+                    return new DefaultAction();
+
+                }
+
+            } catch (UnsupportedEncodingException uee) {
+                log(request,"Content pattern '" + pattern.pattern() + "' could not be found due to encoding error: " + uee.getMessage());
+            }
+        }
+
+        return new DoNothingAction();
+
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java b/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java
index 9da25bdda..bd31562c3 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java
@@ -1,95 +1,95 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.actions.RedirectAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;enforce-https&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class EnforceHTTPSRule extends Rule {
-
-	private Pattern path;
-	private List<Object> exceptions;
-	private String action;
-
-	/*
-	 * action = [ redirect | block ] [=default (redirect will redirect to error page]
-	 */
-
-	public EnforceHTTPSRule(String id, Pattern path, List<Object> exceptions, String action) {
-		this.path = path;
-		this.exceptions = exceptions;
-		this.action = action;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		if ( ! request.isSecure() ) {
-
-			if ( path.matcher(request.getRequestURI()).matches() ) {
-
-				Iterator<Object> it = exceptions.iterator();
-
-				while(it.hasNext()){
-
-					Object o = it.next();
-
-					if ( o instanceof String ) {
-						if ( ((String)o).equalsIgnoreCase(request.getRequestURI()) ) {
-							return new DoNothingAction();
-						}
-					} else if ( o instanceof Pattern ) {
-						if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
-							return new DoNothingAction();
-						}
-					}
-
-				}
-
-				log(request,"Insecure request to resource detected in URL: '" + request.getRequestURL() + "'");
-
-				if ( "redirect".equals(action) ) {
-					RedirectAction ra = new RedirectAction();
-					ra.setRedirectURL(request.getRequestURL().toString().replaceFirst("http", "https"));
-					return ra;
-				}
-
-				return new DefaultAction();
-
-			}
-		}
-
-		return new DoNothingAction();
-
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.actions.RedirectAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;enforce-https&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class EnforceHTTPSRule extends Rule {
+
+    private Pattern path;
+    private List<Object> exceptions;
+    private String action;
+
+    /*
+     * action = [ redirect | block ] [=default (redirect will redirect to error page]
+     */
+
+    public EnforceHTTPSRule(String id, Pattern path, List<Object> exceptions, String action) {
+        this.path = path;
+        this.exceptions = exceptions;
+        this.action = action;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        if ( ! request.isSecure() ) {
+
+            if ( path.matcher(request.getRequestURI()).matches() ) {
+
+                Iterator<Object> it = exceptions.iterator();
+
+                while(it.hasNext()){
+
+                    Object o = it.next();
+
+                    if ( o instanceof String ) {
+                        if ( ((String)o).equalsIgnoreCase(request.getRequestURI()) ) {
+                            return new DoNothingAction();
+                        }
+                    } else if ( o instanceof Pattern ) {
+                        if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
+                            return new DoNothingAction();
+                        }
+                    }
+
+                }
+
+                log(request,"Insecure request to resource detected in URL: '" + request.getRequestURL() + "'");
+
+                if ( "redirect".equals(action) ) {
+                    RedirectAction ra = new RedirectAction();
+                    ra.setRedirectURL(request.getRequestURL().toString().replaceFirst("http", "https"));
+                    return ra;
+                }
+
+                return new DefaultAction();
+
+            }
+        }
+
+        return new DoNothingAction();
+
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java b/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java
index 1c5355094..66edec401 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Enumeration;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;general-attack-signature&gt; rules, which 
- * are not currently implemented.
- * @author Arshan Dabirsiaghi
- *
- */
-public class GeneralAttackSignatureRule extends Rule {
-
-	private Pattern signature;
-
-	public GeneralAttackSignatureRule(String id, Pattern signature) {
-		this.signature = signature;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest req,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
-		Enumeration e = request.getParameterNames();
-
-		while(e.hasMoreElements()) {
-			String param = (String)e.nextElement();
-			if ( signature.matcher(request.getDictionaryParameter(param)).matches() ) {
-				log(request,"General attack signature detected in parameter '" + param + "' value '" + request.getDictionaryParameter(param) + "'");
-				return new DefaultAction();
-			}
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Enumeration;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;general-attack-signature&gt; rules, which
+ * are not currently implemented.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class GeneralAttackSignatureRule extends Rule {
+
+    private Pattern signature;
+
+    public GeneralAttackSignatureRule(String id, Pattern signature) {
+        this.signature = signature;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest req,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
+        Enumeration e = request.getParameterNames();
+
+        while(e.hasMoreElements()) {
+            String param = (String)e.nextElement();
+            if ( signature.matcher(request.getDictionaryParameter(param)).matches() ) {
+                log(request,"General attack signature detected in parameter '" + param + "' value '" + request.getDictionaryParameter(param) + "'");
+                return new DefaultAction();
+            }
+        }
+
+        return new DoNothingAction();
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java b/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java
index 5aa132fdf..1c8e8e1dd 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java
@@ -1,78 +1,78 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;restrict-method&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class HTTPMethodRule extends Rule {
-
-	private Pattern allowedMethods;
-	private Pattern deniedMethods;
-	private Pattern path;
-
-	public HTTPMethodRule(String id, Pattern allowedMethods, Pattern deniedMethods, Pattern path) {
-		this.allowedMethods = allowedMethods;
-		this.deniedMethods = deniedMethods;
-		this.path = path;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * If no path is specified, apply rule globally.
-		 */
-		String uri = request.getRequestURI();
-		String method = request.getMethod();
-
-		if ( path == null || path.matcher(uri).matches() ) {
-			/*
-			 *	Order allow, deny.
-			 */
-
-			if ( allowedMethods != null && allowedMethods.matcher(method).matches() ) {
-				return new DoNothingAction();
-			} else if ( allowedMethods != null ) {
-				log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
-				return new DefaultAction();
-			}
-
-			if ( deniedMethods != null && deniedMethods.matcher(method).matches() ) {
-				log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
-				return new DefaultAction();
-			}
-
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;restrict-method&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class HTTPMethodRule extends Rule {
+
+    private Pattern allowedMethods;
+    private Pattern deniedMethods;
+    private Pattern path;
+
+    public HTTPMethodRule(String id, Pattern allowedMethods, Pattern deniedMethods, Pattern path) {
+        this.allowedMethods = allowedMethods;
+        this.deniedMethods = deniedMethods;
+        this.path = path;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        /*
+         * If no path is specified, apply rule globally.
+         */
+        String uri = request.getRequestURI();
+        String method = request.getMethod();
+
+        if ( path == null || path.matcher(uri).matches() ) {
+            /*
+             *    Order allow, deny.
+             */
+
+            if ( allowedMethods != null && allowedMethods.matcher(method).matches() ) {
+                return new DoNothingAction();
+            } else if ( allowedMethods != null ) {
+                log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
+                return new DefaultAction();
+            }
+
+            if ( deniedMethods != null && deniedMethods.matcher(method).matches() ) {
+                log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
+                return new DefaultAction();
+            }
+
+        }
+
+        return new DoNothingAction();
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/IPRule.java b/src/main/java/org/owasp/esapi/waf/rules/IPRule.java
index e6a15c81f..eaa534ebe 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/IPRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/IPRule.java
@@ -1,79 +1,79 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;detect-source-ip&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class IPRule extends Rule {
-
-	private Pattern allowedIP;
-	private String exactPath;
-	private Pattern path;
-	private boolean useExactPath = false;
-	private String ipHeader;
-
-	public IPRule(String id, Pattern allowedIP, Pattern path, String ipHeader) {
-		this.allowedIP = allowedIP;
-		this.path = path;
-		this.useExactPath = false;
-		this.ipHeader = ipHeader;
-		setId(id);
-	}
-
-	public IPRule(String id, Pattern allowedIP, String exactPath) {
-		this.path = null;
-		this.exactPath = exactPath;
-		this.useExactPath = true;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		String uri = request.getRequestURI();
-
-		if ( (!useExactPath && path.matcher(uri).matches()) ||
-			 ( useExactPath && exactPath.equals(uri)) ) {
-			
-			String sourceIP = request.getRemoteAddr() + "";
-			
-			if ( ipHeader != null ) {
-				sourceIP = request.getHeader(ipHeader);
-			}
-			
-			if ( ! allowedIP.matcher(sourceIP).matches() ) {
-				log(request, "IP not allowed to access URI '" + uri + "'");
-				return new DefaultAction();
-			}
-		}
-
-		return new DoNothingAction();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;detect-source-ip&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class IPRule extends Rule {
+
+    private Pattern allowedIP;
+    private String exactPath;
+    private Pattern path;
+    private boolean useExactPath = false;
+    private String ipHeader;
+
+    public IPRule(String id, Pattern allowedIP, Pattern path, String ipHeader) {
+        this.allowedIP = allowedIP;
+        this.path = path;
+        this.useExactPath = false;
+        this.ipHeader = ipHeader;
+        setId(id);
+    }
+
+    public IPRule(String id, Pattern allowedIP, String exactPath) {
+        this.path = null;
+        this.exactPath = exactPath;
+        this.useExactPath = true;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        String uri = request.getRequestURI();
+
+        if ( (!useExactPath && path.matcher(uri).matches()) ||
+             ( useExactPath && exactPath.equals(uri)) ) {
+
+            String sourceIP = request.getRemoteAddr() + "";
+
+            if ( ipHeader != null ) {
+                sourceIP = request.getHeader(ipHeader);
+            }
+
+            if ( ! allowedIP.matcher(sourceIP).matches() ) {
+                log(request, "IP not allowed to access URI '" + uri + "'");
+                return new DefaultAction();
+            }
+        }
+
+        return new DoNothingAction();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java b/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java
index 44e09cd11..9b0c42ff5 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java
@@ -1,336 +1,336 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Map;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;must-match&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class MustMatchRule extends Rule {
-
-	private static final String REQUEST_PARAMETERS = "request.parameters.";
-	private static final String REQUEST_HEADERS = "request.headers.";
-	private static final String REQUEST_URI = "request.uri";
-	private static final String REQUEST_URL = "request.url";
-	private static final String SESSION_ATTRIBUTES = "session.";
-
-	private Pattern path;
-	private String variable;
-	private int operator;
-	private String value;
-
-	public MustMatchRule(String id, Pattern path, String variable, int operator, String value) {
-		this.path = path;
-		this.variable = variable;
-		this.operator = operator;
-		this.value = value;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest req,
-			InterceptingHTTPServletResponse response,
-			HttpServletResponse httpResponse) {
-
-		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
-
-		String uri = request.getRequestURI();
-		if ( ! path.matcher(uri).matches() ) {
-
-			return new DoNothingAction();
-
-		} else {
-
-			String target = null;
-
-			/*
-			 * First check if we're going to be dealing with request parameters
-			 */
-			if ( variable.startsWith( REQUEST_PARAMETERS ) ) {
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
-
-					target = variable.substring(REQUEST_PARAMETERS.length());
-
-					if ( request.getParameter(target) != null ) {
-						return new DoNothingAction();
-					}
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
-
-					/*
-					 * This doesn't make sense. The variable to test is a request parameter
-					 * but the rule is looking for a List. Let the control fall through
-					 * to the bottom where we'll return false.
-					 */
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-
-					/**
-					 * Working with request parameters. If we detect
-					 * simple regex characters, we treat it as a regex.
-					 * Otherwise we treat it as a single parameter.
-					 */
-					target = variable.substring(REQUEST_PARAMETERS.length());
-
-					if ( target.contains("*") || target.contains("?") ) {
-
-						target = target.replaceAll("*", ".*");
-						Pattern p = Pattern.compile(target);
-
-						Enumeration e = request.getParameterNames();
-
-						while(e.hasMoreElements()) {
-							String param = (String)e.nextElement();
-
-							if ( p.matcher(param).matches() ) {
-								String s = request.getParameter(param);
-								if ( ! RuleUtil.testValue(s, value, operator) ) {
-									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "' parameter='"+param+"'");
-									return new DefaultAction();
-								}
-							}
-						}
-
-					} else {
-
-						String s = request.getParameter(target);
-
-						if ( ! RuleUtil.testValue(s, value, operator) ) {
-							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', parameter='"+target+"'");
-							return new DefaultAction();
-						}
-
-					}
-				}
-
-			} else if ( variable.startsWith( REQUEST_HEADERS ) ) {
-
-				/**
-				 * Do the same for request headers.
-				 */
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
-
-					target = variable.substring(REQUEST_HEADERS.length());
-
-					if ( request.getHeader(target) != null ) {
-						return new DoNothingAction();
-					}
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
-
-					/*
-					 * This doesn't make sense. The variable to test is a request header
-					 * but the rule is looking for a List. Let the control fall through
-					 * to the bottom where we'll return false.
-					 */
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-
-					target = variable.substring(REQUEST_HEADERS.length());
-
-					if ( target.contains("*") || target.contains("?") ) {
-
-						target = target.replaceAll("*", ".*");
-						Pattern p = Pattern.compile(target);
-
-						Enumeration e = request.getHeaderNames();
-
-						while(e.hasMoreElements()) {
-							String header = (String)e.nextElement();
-							if ( p.matcher(header).matches() ) {
-								String s = request.getHeader(header);
-								if ( ! RuleUtil.testValue(s, value, operator) ) {
-									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+header+"'");
-									return new DefaultAction();
-								}
-							}
-						}
-
-						return new DoNothingAction();
-
-					} else {
-
-						String s = request.getHeader(target);
-
-						if ( s == null || ! RuleUtil.testValue(s, value, operator) ) {
-							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+target+"'");
-							return new DefaultAction();
-						}
-
-						return new DoNothingAction();
-
-					}
-
-				}
-
-			} else if ( variable.startsWith(SESSION_ATTRIBUTES) ) {
-
-				/**
-				 * Do the same for session attributes. Can't possibly match
-				 * ANY rule if there is no session object.
-				 */
-				if ( request.getSession(false) == null ) {
-					return new DefaultAction();
-				}
-
-				target = variable.substring(SESSION_ATTRIBUTES.length()+1);
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
-
-					/*
-					 * Want to check if the List/Enumeration/whatever stored
-					 * in "target" contains the value in "value".
-					 */
-
-					Object o = request.getSession(false).getAttribute(target);
-
-					if ( o instanceof Collection ) {
-						if ( RuleUtil.isInList((Collection)o, value) ) {
-							return new DoNothingAction();
-						} else {
-							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Collection attribute '" + target + "']");
-							return new DefaultAction();
-						}
-					} else if ( o instanceof Map ) {
-						if ( RuleUtil.isInList((Map)o, value) ) {
-							return new DoNothingAction();
-						} else {
-							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Map attribute '" + target + "']");
-							return new DefaultAction();
-						}
-					} else if ( o instanceof Enumeration ) {
-						if ( RuleUtil.isInList((Enumeration)o, value) ) {
-							return new DoNothingAction();
-						} else {
-							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Enumeration attribute '" + target + "']");
-							return new DefaultAction();
-						}
-					}
-
-					/*
-					 * The attribute was not a common list-type of Java object s
-					 * let the control fall through to the bottom where it will
-					 * fail.
-					 */
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS) {
-
-					Object o = request.getSession(false).getAttribute(target);
-
-					if ( o != null ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "MustMatch rule failed - couldn't find required session attribute='" + target + "'");
-						return new DefaultAction();
-					}
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-
-					if ( target.contains("*") || target.contains("?") ) {
-
-						target = target.replaceAll("\\*", ".*");
-						Pattern p = Pattern.compile(target);
-
-						Enumeration e = request.getSession(false).getAttributeNames();
-
-						while(e.hasMoreElements()) {
-
-							String attr = (String)e.nextElement();
-
-							if (p.matcher(attr).matches() ) {
-
-								Object o = request.getSession(false).getAttribute(attr);
-
-								if ( ! RuleUtil.testValue((String)o, value, operator) ) {
-									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + attr + "', attribute value='"+(String)o+"'");
-									return new DefaultAction();
-								} else {
-									return new DoNothingAction();
-								}
-							}
-						}
-
-					} else {
-
-						Object o = request.getSession(false).getAttribute(target);
-
-						if ( ! RuleUtil.testValue((String)o, value, operator) ) {
-							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + target + "', attribute value='"+(String)o+"'");
-							return new DefaultAction();
-						} else {
-							return new DoNothingAction();
-						}
-
-					}
-
-				}
-
-			} else if ( variable.equals( REQUEST_URI ) ) {
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-					if ( RuleUtil.testValue(request.getRequestURI(), value, operator) ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "MustMatch rule on request URI failed (operator="+operator+"), requestURI='" + request.getRequestURI() + "', value='" + value+ "'");
-						return new DefaultAction();
-					}
-				}
-
-				/*
-				 * Any other operator doesn't make sense.
-				 */
-
-			} else if ( variable.equals( REQUEST_URL ) ) {
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-					if ( RuleUtil.testValue(request.getRequestURL().toString(), value, operator) ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "MustMatch rule on request URL failed (operator="+operator+"), requestURL='" + request.getRequestURL() + "', value='" + value+ "'");
-						return new DefaultAction();
-					}
-				}
-
-				/*
-				 * Any other operator doesn't make sense.
-				 */
-			}
-
-		}
-
-		log(request, "MustMatch rule failed close on URL '" + request.getRequestURL() + "'");
-		return new DefaultAction();
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;must-match&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class MustMatchRule extends Rule {
+
+    private static final String REQUEST_PARAMETERS = "request.parameters.";
+    private static final String REQUEST_HEADERS = "request.headers.";
+    private static final String REQUEST_URI = "request.uri";
+    private static final String REQUEST_URL = "request.url";
+    private static final String SESSION_ATTRIBUTES = "session.";
+
+    private Pattern path;
+    private String variable;
+    private int operator;
+    private String value;
+
+    public MustMatchRule(String id, Pattern path, String variable, int operator, String value) {
+        this.path = path;
+        this.variable = variable;
+        this.operator = operator;
+        this.value = value;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest req,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
+
+        String uri = request.getRequestURI();
+        if ( ! path.matcher(uri).matches() ) {
+
+            return new DoNothingAction();
+
+        } else {
+
+            String target = null;
+
+            /*
+             * First check if we're going to be dealing with request parameters
+             */
+            if ( variable.startsWith( REQUEST_PARAMETERS ) ) {
+
+                if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
+
+                    target = variable.substring(REQUEST_PARAMETERS.length());
+
+                    if ( request.getParameter(target) != null ) {
+                        return new DoNothingAction();
+                    }
+
+                } else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
+
+                    /*
+                     * This doesn't make sense. The variable to test is a request parameter
+                     * but the rule is looking for a List. Let the control fall through
+                     * to the bottom where we'll return false.
+                     */
+
+                } else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+
+                    /**
+                     * Working with request parameters. If we detect
+                     * simple regex characters, we treat it as a regex.
+                     * Otherwise we treat it as a single parameter.
+                     */
+                    target = variable.substring(REQUEST_PARAMETERS.length());
+
+                    if ( target.contains("*") || target.contains("?") ) {
+
+                        target = target.replaceAll("*", ".*");
+                        Pattern p = Pattern.compile(target);
+
+                        Enumeration e = request.getParameterNames();
+
+                        while(e.hasMoreElements()) {
+                            String param = (String)e.nextElement();
+
+                            if ( p.matcher(param).matches() ) {
+                                String s = request.getParameter(param);
+                                if ( ! RuleUtil.testValue(s, value, operator) ) {
+                                    log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "' parameter='"+param+"'");
+                                    return new DefaultAction();
+                                }
+                            }
+                        }
+
+                    } else {
+
+                        String s = request.getParameter(target);
+
+                        if ( ! RuleUtil.testValue(s, value, operator) ) {
+                            log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', parameter='"+target+"'");
+                            return new DefaultAction();
+                        }
+
+                    }
+                }
+
+            } else if ( variable.startsWith( REQUEST_HEADERS ) ) {
+
+                /**
+                 * Do the same for request headers.
+                 */
+
+                if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
+
+                    target = variable.substring(REQUEST_HEADERS.length());
+
+                    if ( request.getHeader(target) != null ) {
+                        return new DoNothingAction();
+                    }
+
+                } else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
+
+                    /*
+                     * This doesn't make sense. The variable to test is a request header
+                     * but the rule is looking for a List. Let the control fall through
+                     * to the bottom where we'll return false.
+                     */
+
+                } else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+
+                    target = variable.substring(REQUEST_HEADERS.length());
+
+                    if ( target.contains("*") || target.contains("?") ) {
+
+                        target = target.replaceAll("*", ".*");
+                        Pattern p = Pattern.compile(target);
+
+                        Enumeration e = request.getHeaderNames();
+
+                        while(e.hasMoreElements()) {
+                            String header = (String)e.nextElement();
+                            if ( p.matcher(header).matches() ) {
+                                String s = request.getHeader(header);
+                                if ( ! RuleUtil.testValue(s, value, operator) ) {
+                                    log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+header+"'");
+                                    return new DefaultAction();
+                                }
+                            }
+                        }
+
+                        return new DoNothingAction();
+
+                    } else {
+
+                        String s = request.getHeader(target);
+
+                        if ( s == null || ! RuleUtil.testValue(s, value, operator) ) {
+                            log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+target+"'");
+                            return new DefaultAction();
+                        }
+
+                        return new DoNothingAction();
+
+                    }
+
+                }
+
+            } else if ( variable.startsWith(SESSION_ATTRIBUTES) ) {
+
+                /**
+                 * Do the same for session attributes. Can't possibly match
+                 * ANY rule if there is no session object.
+                 */
+                if ( request.getSession(false) == null ) {
+                    return new DefaultAction();
+                }
+
+                target = variable.substring(SESSION_ATTRIBUTES.length()+1);
+
+                if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
+
+                    /*
+                     * Want to check if the List/Enumeration/whatever stored
+                     * in "target" contains the value in "value".
+                     */
+
+                    Object o = request.getSession(false).getAttribute(target);
+
+                    if ( o instanceof Collection ) {
+                        if ( RuleUtil.isInList((Collection)o, value) ) {
+                            return new DoNothingAction();
+                        } else {
+                            log(request, "MustMatch rule failed - looking for value='" + value + "', in session Collection attribute '" + target + "']");
+                            return new DefaultAction();
+                        }
+                    } else if ( o instanceof Map ) {
+                        if ( RuleUtil.isInList((Map)o, value) ) {
+                            return new DoNothingAction();
+                        } else {
+                            log(request, "MustMatch rule failed - looking for value='" + value + "', in session Map attribute '" + target + "']");
+                            return new DefaultAction();
+                        }
+                    } else if ( o instanceof Enumeration ) {
+                        if ( RuleUtil.isInList((Enumeration)o, value) ) {
+                            return new DoNothingAction();
+                        } else {
+                            log(request, "MustMatch rule failed - looking for value='" + value + "', in session Enumeration attribute '" + target + "']");
+                            return new DefaultAction();
+                        }
+                    }
+
+                    /*
+                     * The attribute was not a common list-type of Java object s
+                     * let the control fall through to the bottom where it will
+                     * fail.
+                     */
+
+                } else if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS) {
+
+                    Object o = request.getSession(false).getAttribute(target);
+
+                    if ( o != null ) {
+                        return new DoNothingAction();
+                    } else {
+                        log(request, "MustMatch rule failed - couldn't find required session attribute='" + target + "'");
+                        return new DefaultAction();
+                    }
+
+                } else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+
+                    if ( target.contains("*") || target.contains("?") ) {
+
+                        target = target.replaceAll("\\*", ".*");
+                        Pattern p = Pattern.compile(target);
+
+                        Enumeration e = request.getSession(false).getAttributeNames();
+
+                        while(e.hasMoreElements()) {
+
+                            String attr = (String)e.nextElement();
+
+                            if (p.matcher(attr).matches() ) {
+
+                                Object o = request.getSession(false).getAttribute(attr);
+
+                                if ( ! RuleUtil.testValue((String)o, value, operator) ) {
+                                    log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + attr + "', attribute value='"+(String)o+"'");
+                                    return new DefaultAction();
+                                } else {
+                                    return new DoNothingAction();
+                                }
+                            }
+                        }
+
+                    } else {
+
+                        Object o = request.getSession(false).getAttribute(target);
+
+                        if ( ! RuleUtil.testValue((String)o, value, operator) ) {
+                            log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + target + "', attribute value='"+(String)o+"'");
+                            return new DefaultAction();
+                        } else {
+                            return new DoNothingAction();
+                        }
+
+                    }
+
+                }
+
+            } else if ( variable.equals( REQUEST_URI ) ) {
+
+                if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+                    if ( RuleUtil.testValue(request.getRequestURI(), value, operator) ) {
+                        return new DoNothingAction();
+                    } else {
+                        log(request, "MustMatch rule on request URI failed (operator="+operator+"), requestURI='" + request.getRequestURI() + "', value='" + value+ "'");
+                        return new DefaultAction();
+                    }
+                }
+
+                /*
+                 * Any other operator doesn't make sense.
+                 */
+
+            } else if ( variable.equals( REQUEST_URL ) ) {
+
+                if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+                    if ( RuleUtil.testValue(request.getRequestURL().toString(), value, operator) ) {
+                        return new DoNothingAction();
+                    } else {
+                        log(request, "MustMatch rule on request URL failed (operator="+operator+"), requestURL='" + request.getRequestURL() + "', value='" + value+ "'");
+                        return new DefaultAction();
+                    }
+                }
+
+                /*
+                 * Any other operator doesn't make sense.
+                 */
+            }
+
+        }
+
+        log(request, "MustMatch rule failed close on URL '" + request.getRequestURL() + "'");
+        return new DefaultAction();
+
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java b/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java
index f27fc4fd9..c059ca811 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java
@@ -1,60 +1,60 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;restrict-extension&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class PathExtensionRule extends Rule {
-
-	private Pattern allow;
-	private Pattern deny;
-
-	public PathExtensionRule (String id, Pattern allow, Pattern deny) {
-		this.allow = allow;
-		this.deny = deny;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		if ( allow != null && allow.matcher(request.getRequestURI()).matches() ) {
-			return new DoNothingAction();
-		} else if ( deny != null && deny.matcher(request.getRequestURI()).matches() ) {
-
-			log(request, "Disallowed extension pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "'");
-
-			return new DefaultAction();
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;restrict-extension&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class PathExtensionRule extends Rule {
+
+    private Pattern allow;
+    private Pattern deny;
+
+    public PathExtensionRule (String id, Pattern allow, Pattern deny) {
+        this.allow = allow;
+        this.deny = deny;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        if ( allow != null && allow.matcher(request.getRequestURI()).matches() ) {
+            return new DoNothingAction();
+        } else if ( deny != null && deny.matcher(request.getRequestURI()).matches() ) {
+
+            log(request, "Disallowed extension pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "'");
+
+            return new DefaultAction();
+        }
+
+        return new DoNothingAction();
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java b/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java
index f8c996a6c..b36062bcf 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java
@@ -1,113 +1,113 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class ReplaceContentRule extends Rule {
-
-	private Pattern pattern;
-	private String replacement;
-	private Pattern contentType;
-	private Pattern path;
-	
-	public ReplaceContentRule(String id, Pattern pattern, String replacement, Pattern contentType, Pattern path) {
-		this.pattern = pattern;
-		this.replacement = replacement;
-		this.path = path;
-		this.contentType = contentType;
-		setId(id);
-	}
-
-	/*
-	 * Use regular expressions with capturing parentheses to perform replacement.
-	 */
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * First early fail: if the URI doesn't match the paths we're interested in.
-		 */
-		String uri = request.getRequestURI();
-		if ( path != null && ! path.matcher(uri).matches() ) {
-			return new DoNothingAction();
-		}
-		
-		/*
-		 * Second early fail: if the content type is one we'd like to search for output patterns.
-		 */
-
-		if ( contentType != null ) {
-			if ( response.getContentType() != null && ! contentType.matcher(response.getContentType()).matches() ) {
-				return new DoNothingAction();
-			}
-		}
-
-		byte[] bytes = null;
-
-		try {
-			bytes = response.getInterceptingServletOutputStream().getResponseBytes();
-		} catch (IOException ioe) {
-			log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
-			return new DoNothingAction(); // yes this is a fail open!
-		}
-
-		
-		try {
-
-			String s = new String(bytes,response.getCharacterEncoding());
-
-			Matcher m = pattern.matcher(s);
-			String canary = m.replaceAll(replacement);
-			
-			try {
-				
-				if ( ! s.equals(canary) ) {
-					response.getInterceptingServletOutputStream().setResponseBytes(canary.getBytes(response.getCharacterEncoding()));
-					logger.debug(Logger.SECURITY_SUCCESS, "Successfully replaced pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "'");
-				}
-				
-			} catch (IOException ioe) {
-				logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + ioe.getMessage() + "]");
-			}
-
-		} catch(UnsupportedEncodingException uee) {
-			logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + uee.getMessage() + "]");
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class ReplaceContentRule extends Rule {
+
+    private Pattern pattern;
+    private String replacement;
+    private Pattern contentType;
+    private Pattern path;
+
+    public ReplaceContentRule(String id, Pattern pattern, String replacement, Pattern contentType, Pattern path) {
+        this.pattern = pattern;
+        this.replacement = replacement;
+        this.path = path;
+        this.contentType = contentType;
+        setId(id);
+    }
+
+    /*
+     * Use regular expressions with capturing parentheses to perform replacement.
+     */
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        /*
+         * First early fail: if the URI doesn't match the paths we're interested in.
+         */
+        String uri = request.getRequestURI();
+        if ( path != null && ! path.matcher(uri).matches() ) {
+            return new DoNothingAction();
+        }
+
+        /*
+         * Second early fail: if the content type is one we'd like to search for output patterns.
+         */
+
+        if ( contentType != null ) {
+            if ( response.getContentType() != null && ! contentType.matcher(response.getContentType()).matches() ) {
+                return new DoNothingAction();
+            }
+        }
+
+        byte[] bytes = null;
+
+        try {
+            bytes = response.getInterceptingServletOutputStream().getResponseBytes();
+        } catch (IOException ioe) {
+            log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
+            return new DoNothingAction(); // yes this is a fail open!
+        }
+
+
+        try {
+
+            String s = new String(bytes,response.getCharacterEncoding());
+
+            Matcher m = pattern.matcher(s);
+            String canary = m.replaceAll(replacement);
+
+            try {
+
+                if ( ! s.equals(canary) ) {
+                    response.getInterceptingServletOutputStream().setResponseBytes(canary.getBytes(response.getCharacterEncoding()));
+                    logger.debug(Logger.SECURITY_SUCCESS, "Successfully replaced pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "'");
+                }
+
+            } catch (IOException ioe) {
+                logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + ioe.getMessage() + "]");
+            }
+
+        } catch(UnsupportedEncodingException uee) {
+            logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + uee.getMessage() + "]");
+        }
+
+        return new DoNothingAction();
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java b/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java
index d4544696b..43ea63aaf 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java
@@ -1,70 +1,70 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class RestrictContentTypeRule extends Rule {
-
-	private Pattern allow;
-	private Pattern deny;
-
-	public RestrictContentTypeRule(String id, Pattern allow, Pattern deny) {
-		this.allow = allow;
-		this.deny = deny;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/* can't check content type if it's not available */
-		if ( request.getContentType() == null ) {
-			return new DoNothingAction();
-		}
-
-		if ( allow != null ) {
-			if ( allow.matcher(request.getContentType()).matches() ) {
-				return new DoNothingAction();
-			}
-			log(request, "Disallowed content type based on allow pattern '" + allow.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() +"')");
-		} else if ( deny != null ) {
-			if ( ! deny.matcher(request.getContentType()).matches() ) {
-				return new DoNothingAction();
-			}
-			log(request, "Disallowed content type based on deny pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() + ")'");
-		}
-
-
-		return new DefaultAction();
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class RestrictContentTypeRule extends Rule {
+
+    private Pattern allow;
+    private Pattern deny;
+
+    public RestrictContentTypeRule(String id, Pattern allow, Pattern deny) {
+        this.allow = allow;
+        this.deny = deny;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        /* can't check content type if it's not available */
+        if ( request.getContentType() == null ) {
+            return new DoNothingAction();
+        }
+
+        if ( allow != null ) {
+            if ( allow.matcher(request.getContentType()).matches() ) {
+                return new DoNothingAction();
+            }
+            log(request, "Disallowed content type based on allow pattern '" + allow.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() +"')");
+        } else if ( deny != null ) {
+            if ( ! deny.matcher(request.getContentType()).matches() ) {
+                return new DoNothingAction();
+            }
+            log(request, "Disallowed content type based on deny pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() + ")'");
+        }
+
+
+        return new DefaultAction();
+
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java b/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java
index 33dfc17aa..ae31b1965 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java
@@ -1,80 +1,80 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.BlockAction;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;restrict-user-agent&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class RestrictUserAgentRule extends Rule {
-
-	private static final String USER_AGENT_HEADER = "User-Agent";
-
-	private Pattern allow;
-	private Pattern deny;
-
-	public RestrictUserAgentRule(String id, Pattern allow, Pattern deny) {
-		this.allow = allow;
-		this.deny = deny;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse) {
-		
-		String userAgent = request.getHeader( USER_AGENT_HEADER );
-		
-		if ( userAgent == null ) userAgent="";
-		
-		if ( allow != null ) {
-			if ( allow.matcher(userAgent).matches() ) {
-				return new DoNothingAction();
-			}
-		} else if ( deny != null ) {
-			if ( ! deny.matcher(userAgent).matches() ) {
-				return new DoNothingAction();
-			}
-		}
-
-		log(request, "Disallowed user agent pattern '" + deny.pattern() + "' found in user agent '" + request.getHeader(USER_AGENT_HEADER) + "'");
-	
-		/*
-		 * If we don't force this to "block", the user will be in an infinite loop, possibly
-		 * eating our bandwidth, and in the case of a dread false positive, really piss them
-		 * off.
-		 * 
-		 * Better to just reject.
-		 */
-		if ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION == AppGuardianConfiguration.REDIRECT ) {
-			return new BlockAction();
-		}
-
-		return new DefaultAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.BlockAction;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;restrict-user-agent&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class RestrictUserAgentRule extends Rule {
+
+    private static final String USER_AGENT_HEADER = "User-Agent";
+
+    private Pattern allow;
+    private Pattern deny;
+
+    public RestrictUserAgentRule(String id, Pattern allow, Pattern deny) {
+        this.allow = allow;
+        this.deny = deny;
+        setId(id);
+    }
+
+    public Action check(HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse) {
+
+        String userAgent = request.getHeader( USER_AGENT_HEADER );
+
+        if ( userAgent == null ) userAgent="";
+
+        if ( allow != null ) {
+            if ( allow.matcher(userAgent).matches() ) {
+                return new DoNothingAction();
+            }
+        } else if ( deny != null ) {
+            if ( ! deny.matcher(userAgent).matches() ) {
+                return new DoNothingAction();
+            }
+        }
+
+        log(request, "Disallowed user agent pattern '" + deny.pattern() + "' found in user agent '" + request.getHeader(USER_AGENT_HEADER) + "'");
+
+        /*
+         * If we don't force this to "block", the user will be in an infinite loop, possibly
+         * eating our bandwidth, and in the case of a dread false positive, really piss them
+         * off.
+         *
+         * Better to just reject.
+         */
+        if ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION == AppGuardianConfiguration.REDIRECT ) {
+            return new BlockAction();
+        }
+
+        return new DefaultAction();
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/Rule.java b/src/main/java/org/owasp/esapi/waf/rules/Rule.java
index fe57c494e..26adc95b9 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/Rule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/Rule.java
@@ -1,55 +1,55 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import javax.servlet.http.HttpServletRequest;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the base class for the WAF rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public abstract class Rule {
-
-	protected String id = "(no rule ID)";
-	protected static Logger logger = ESAPI.getLogger(Rule.class);
-
-	public abstract Action check( HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse );
-
-	public void log( HttpServletRequest request, String message ) {
-		logger.warning(Logger.SECURITY_FAILURE,"[IP=" + request.getRemoteAddr() +
-				",Rule=" + this.getClass().getSimpleName() + ",ID="+id+"] " + message);
-	}
-
-	protected void setId(String id) {
-		if ( id == null || "".equals(id) )
-			return;
-
-		this.id = id;
-	}
-
-	public String toString() {
-		return "Rule:" + this.getClass().getName();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import javax.servlet.http.HttpServletRequest;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the base class for the WAF rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public abstract class Rule {
+
+    protected String id = "(no rule ID)";
+    protected static Logger logger = ESAPI.getLogger(Rule.class);
+
+    public abstract Action check( HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse );
+
+    public void log( HttpServletRequest request, String message ) {
+        logger.warning(Logger.SECURITY_FAILURE,"[IP=" + request.getRemoteAddr() +
+                ",Rule=" + this.getClass().getSimpleName() + ",ID="+id+"] " + message);
+    }
+
+    protected void setId(String id) {
+        if ( id == null || "".equals(id) )
+            return;
+
+        this.id = id;
+    }
+
+    public String toString() {
+        return "Rule:" + this.getClass().getName();
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java b/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
index 45201014f..3b22edbe7 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
@@ -1,151 +1,151 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.Map;
-
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-
-/**
- * This is a small utility class for use by Rule subclasses.
- * @author Arshan Dabirsiaghi
- *
- */
-public class RuleUtil {
-
-	public static boolean isInList(Map m, String s) {
-
-		Iterator it = m.keySet().iterator();
-
-		while( it.hasNext() ) {
-			String key = (String)it.next();
-			if ( key.equals(s) ) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	public static boolean isInList(Collection c, String s) {
-
-		Iterator it = c.iterator();
-
-		while(it.hasNext()) {
-
-			Object o = it.next();
-
-			if ( o instanceof String ) {
-
-				if ( s.equals((String)o)) {
-					return true;
-				}
-
-			} else if ( o instanceof Integer ) {
-
-				try {
-					if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Long ) {
-
-				try {
-					if ( Long.parseLong(s) == ((Long)o).longValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Double ) {
-
-				try {
-					if ( Double.parseDouble(s) == ((Double)o).doubleValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-			}
-
-		}
-
-		return false;
-	}
-
-	/*
-	 * Enumeration
-	 */
-	public static boolean isInList(Enumeration en, String s) {
-
-		for(; en.hasMoreElements();) {
-
-			Object o = en.nextElement();
-
-			if ( o instanceof String ) {
-
-				if ( s.equals((String)o)) {
-					return true;
-				}
-
-			} else if ( o instanceof Integer ) {
-
-				try {
-					if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Long ) {
-
-				try {
-					if ( Long.parseLong(s) == ((Long)o).longValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Double ) {
-
-				try {
-					if ( Double.parseDouble(s) == ((Double)o).doubleValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-			}
-
-		}
-
-		return false;
-	}
-
-	public static boolean testValue(String s, String test, int operator) {
-
-		switch(operator) {
-			case AppGuardianConfiguration.OPERATOR_EQ:
-
-				return test.equals(s);
-
-			case AppGuardianConfiguration.OPERATOR_CONTAINS:
-
-				return test.contains(s);
-
-		}
-
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Map;
+
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+
+/**
+ * This is a small utility class for use by Rule subclasses.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class RuleUtil {
+
+    public static boolean isInList(Map m, String s) {
+
+        Iterator it = m.keySet().iterator();
+
+        while( it.hasNext() ) {
+            String key = (String)it.next();
+            if ( key.equals(s) ) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public static boolean isInList(Collection c, String s) {
+
+        Iterator it = c.iterator();
+
+        while(it.hasNext()) {
+
+            Object o = it.next();
+
+            if ( o instanceof String ) {
+
+                if ( s.equals((String)o)) {
+                    return true;
+                }
+
+            } else if ( o instanceof Integer ) {
+
+                try {
+                    if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
+                        return true;
+                    }
+                } catch (Exception e) {}
+
+            } else if ( o instanceof Long ) {
+
+                try {
+                    if ( Long.parseLong(s) == ((Long)o).longValue() ) {
+                        return true;
+                    }
+                } catch (Exception e) {}
+
+            } else if ( o instanceof Double ) {
+
+                try {
+                    if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
+                        return true;
+                    }
+                } catch (Exception e) {}
+            }
+
+        }
+
+        return false;
+    }
+
+    /*
+     * Enumeration
+     */
+    public static boolean isInList(Enumeration en, String s) {
+
+        for(; en.hasMoreElements();) {
+
+            Object o = en.nextElement();
+
+            if ( o instanceof String ) {
+
+                if ( s.equals((String)o)) {
+                    return true;
+                }
+
+            } else if ( o instanceof Integer ) {
+
+                try {
+                    if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
+                        return true;
+                    }
+                } catch (Exception e) {}
+
+            } else if ( o instanceof Long ) {
+
+                try {
+                    if ( Long.parseLong(s) == ((Long)o).longValue() ) {
+                        return true;
+                    }
+                } catch (Exception e) {}
+
+            } else if ( o instanceof Double ) {
+
+                try {
+                    if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
+                        return true;
+                    }
+                } catch (Exception e) {}
+            }
+
+        }
+
+        return false;
+    }
+
+    public static boolean testValue(String s, String test, int operator) {
+
+        switch(operator) {
+            case AppGuardianConfiguration.OPERATOR_EQ:
+
+                return test.equals(s);
+
+            case AppGuardianConfiguration.OPERATOR_CONTAINS:
+
+                return test.contains(s);
+
+        }
+
+        return false;
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java b/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
index f7886cf3a..44c8e181b 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
@@ -1,139 +1,139 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Enumeration;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;virtual-patch&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class SimpleVirtualPatchRule extends Rule {
-
-	private static final String REQUEST_PARAMETERS = "request.parameters.";
-	private static final String REQUEST_HEADERS = "request.headers.";
-
-	private Pattern path;
-	private String variable;
-	private Pattern valid;
-	private String message;
-
-	public SimpleVirtualPatchRule(String id, Pattern path, String variable, Pattern valid, String message) {
-		setId(id);
-		this.path = path;
-		this.variable = variable;
-		this.valid = valid;
-		this.message = message;
-	}
-
-	public Action check(HttpServletRequest req,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
-
-		String uri = request.getRequestURI();
-		if ( ! path.matcher(uri).matches() ) {
-
-			return new DoNothingAction();
-
-		} else {
-
-			/*
-			 * Decide which parameters/headers to act on.
-			 */
-			String target = null;
-			Enumeration en = null;
-			boolean parameter = true;
-
-			if ( variable.startsWith(REQUEST_PARAMETERS)) {
-
-				target = variable.substring(REQUEST_PARAMETERS.length());
-				en = request.getParameterNames();
-
-			} else if ( variable.startsWith(REQUEST_HEADERS) ) {
-
-				parameter = false;
-				target = variable.substring(REQUEST_HEADERS.length());
-				en = request.getHeaderNames();
-
-			} else {
-				log(request, "Patch failed (improperly configured variable '" + variable + "')");
-				return new DefaultAction();
-			}
-
-			/*
-			 * If it contains a regex character, it's a regex. Loop through elements and grab any matches.
-			 */
-			if ( target.contains("*") || target.contains("?") ) {
-
-				target = target.replaceAll("\\*", ".*");
-				Pattern p = Pattern.compile(target);
-				while (en.hasMoreElements() ) {
-					String s = (String)en.nextElement();
-					String value = null;
-					if ( p.matcher(s).matches() ) {
-						if ( parameter ) {
-							value = request.getDictionaryParameter(s);
-						} else {
-							value = request.getHeader(s);
-						}
-						if ( value != null && ! valid.matcher(value).matches() ) {
-							log(request, "Virtual patch tripped on variable '" + variable + "' (specifically '" + s + "'). User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
-							return new DefaultAction();
-						}
-					}
-				}
-				
-				return new DoNothingAction();
-
-			} else {
-
-				if ( parameter ) {
-					String value = request.getDictionaryParameter(target);
-					if ( value == null || valid.matcher(value).matches() ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "Virtual patch tripped on parameter '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
-						return new DefaultAction();
-					}
-				} else {
-					String value = request.getHeader(target);
-					if ( value == null || valid.matcher(value).matches() ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "Virtual patch tripped on header '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
-						return new DefaultAction();
-					}
-				}
-			}
-
-		}
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Enumeration;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;virtual-patch&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class SimpleVirtualPatchRule extends Rule {
+
+    private static final String REQUEST_PARAMETERS = "request.parameters.";
+    private static final String REQUEST_HEADERS = "request.headers.";
+
+    private Pattern path;
+    private String variable;
+    private Pattern valid;
+    private String message;
+
+    public SimpleVirtualPatchRule(String id, Pattern path, String variable, Pattern valid, String message) {
+        setId(id);
+        this.path = path;
+        this.variable = variable;
+        this.valid = valid;
+        this.message = message;
+    }
+
+    public Action check(HttpServletRequest req,
+            InterceptingHTTPServletResponse response,
+            HttpServletResponse httpResponse) {
+
+        InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
+
+        String uri = request.getRequestURI();
+        if ( ! path.matcher(uri).matches() ) {
+
+            return new DoNothingAction();
+
+        } else {
+
+            /*
+             * Decide which parameters/headers to act on.
+             */
+            String target = null;
+            Enumeration en = null;
+            boolean parameter = true;
+
+            if ( variable.startsWith(REQUEST_PARAMETERS)) {
+
+                target = variable.substring(REQUEST_PARAMETERS.length());
+                en = request.getParameterNames();
+
+            } else if ( variable.startsWith(REQUEST_HEADERS) ) {
+
+                parameter = false;
+                target = variable.substring(REQUEST_HEADERS.length());
+                en = request.getHeaderNames();
+
+            } else {
+                log(request, "Patch failed (improperly configured variable '" + variable + "')");
+                return new DefaultAction();
+            }
+
+            /*
+             * If it contains a regex character, it's a regex. Loop through elements and grab any matches.
+             */
+            if ( target.contains("*") || target.contains("?") ) {
+
+                target = target.replaceAll("\\*", ".*");
+                Pattern p = Pattern.compile(target);
+                while (en.hasMoreElements() ) {
+                    String s = (String)en.nextElement();
+                    String value = null;
+                    if ( p.matcher(s).matches() ) {
+                        if ( parameter ) {
+                            value = request.getDictionaryParameter(s);
+                        } else {
+                            value = request.getHeader(s);
+                        }
+                        if ( value != null && ! valid.matcher(value).matches() ) {
+                            log(request, "Virtual patch tripped on variable '" + variable + "' (specifically '" + s + "'). User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
+                            return new DefaultAction();
+                        }
+                    }
+                }
+
+                return new DoNothingAction();
+
+            } else {
+
+                if ( parameter ) {
+                    String value = request.getDictionaryParameter(target);
+                    if ( value == null || valid.matcher(value).matches() ) {
+                        return new DoNothingAction();
+                    } else {
+                        log(request, "Virtual patch tripped on parameter '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
+                        return new DefaultAction();
+                    }
+                } else {
+                    String value = request.getHeader(target);
+                    if ( value == null || valid.matcher(value).matches() ) {
+                        return new DoNothingAction();
+                    } else {
+                        log(request, "Virtual patch tripped on header '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
+                        return new DefaultAction();
+                    }
+                }
+            }
+
+        }
+
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/waf/rules/package.html b/src/main/java/org/owasp/esapi/waf/rules/package.html
index 133148e47..bf418c05b 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/package.html
+++ b/src/main/java/org/owasp/esapi/waf/rules/package.html
@@ -1,12 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains all of the Rule subclasses that correspond to policy file entries. Each 
-class contains the logic for enforcing its rule. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains all of the Rule subclasses that correspond to policy file entries. Each
+class contains the logic for enforcing its rule.
+
+</body>
+</html>
diff --git a/src/main/resources/ESAPI-properties.xsd b/src/main/resources/ESAPI-properties.xsd
new file mode 100644
index 000000000..152411b7c
--- /dev/null
+++ b/src/main/resources/ESAPI-properties.xsd
@@ -0,0 +1,17 @@
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="properties">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="property" maxOccurs="10000" minOccurs="0">
+                    <xs:complexType>
+                        <xs:simpleContent>
+                            <xs:extension base="xs:string">
+                                <xs:attribute type="xs:string" name="name" use="optional"/>
+                            </xs:extension>
+                        </xs:simpleContent>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
diff --git a/configuration/META-INF/esapi.tld b/src/main/resources/META-INF/esapi.tld
similarity index 98%
rename from configuration/META-INF/esapi.tld
rename to src/main/resources/META-INF/esapi.tld
index 596acb9c8..1a730f420 100644
--- a/configuration/META-INF/esapi.tld
+++ b/src/main/resources/META-INF/esapi.tld
@@ -7,7 +7,7 @@
   ~ Enterprise Security API (ESAPI) project. For details, please see
   ~ <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
   ~
-  ~ Copyright (c) 2007 - The OWASP Foundation
+  ~ Copyright (c) 2007-2024 - The OWASP Foundation
   ~
   ~ The ESAPI is published by OWASP under the BSD license. You should read and accept the
   ~ LICENSE before you use, modify, and/or redistribute this software.
@@ -22,7 +22,7 @@
 	xsi:schemaLocation="
 		http://java.sun.com/xml/ns/j2ee
 		http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
-	version="2.0">
+	version="2.x">
 	<description>
 		OWASP Enterprise Security API (ESAPI) provides
 		a JSP Tag Library that supplies easy access to
@@ -30,6 +30,8 @@
 		functions. These can be used to properly escape user
 		supplied data at display time so that it cannot be used
 		in injection attacks like Cross Site Scripting (XSS).
+        This tag library applies to all of ESAPI 2.x versions. Its
+        interface hasn't changed since 2.0.
 	</description>
 	<display-name>OWASP ESAPI</display-name>
 	<tlib-version>2.0</tlib-version>
diff --git a/src/site/resources/images/owasp.png b/src/site/resources/images/owasp.png
new file mode 100644
index 000000000..90fb9d2ce
Binary files /dev/null and b/src/site/resources/images/owasp.png differ
diff --git a/src/site/site.xml b/src/site/site.xml
new file mode 100644
index 000000000..692d5b637
--- /dev/null
+++ b/src/site/site.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project name="${project.name}" xmlns="https://maven.apache.org/DECORATION/1.8.0"
+    xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="https://maven.apache.org/DECORATION/1.8.0 https://maven.apache.org/xsd/decoration-1.8.0.xsd">
+    <bannerLeft>
+        <src>/images/owasp.png</src>
+        <href>https://owasp.org/www-project-enterprise-security-api/</href>
+    </bannerLeft>
+    <skin>
+        <groupId>org.apache.maven.skins</groupId>
+        <artifactId>maven-fluido-skin</artifactId>
+        <version>${version.fluido}</version>
+    </skin>
+    <custom>
+        <fluidoSkin>
+            <topBarEnabled>false</topBarEnabled>
+            <sideBarEnabled>true</sideBarEnabled>
+        </fluidoSkin>
+    </custom>
+    <body>
+        <links>
+            <item name="OWASP ESAPI" href="https://owasp.org/www-project-enterprise-security-api/" />
+        </links>
+        <menu ref="reports" />
+    </body>
+</project>
+
diff --git a/src/test/java/org/owasp/esapi/ESAPIContractAPITest.java b/src/test/java/org/owasp/esapi/ESAPIContractAPITest.java
new file mode 100644
index 000000000..059eb00aa
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/ESAPIContractAPITest.java
@@ -0,0 +1,52 @@
+package org.owasp.esapi;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.internal.verification.VerificationModeFactory;
+import org.owasp.esapi.util.ObjFactory;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ObjFactory.class})
+public class ESAPIContractAPITest {
+
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+
+    @Mock
+    private Validator mockValidator;
+
+    @Before
+    public void configureStaticContexts() throws Exception {
+        PowerMockito.mockStatic(ObjFactory.class);
+        PowerMockito.when(ObjFactory.class, "make", ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration")).thenReturn(mockSecConfig);
+        PowerMockito.when(ObjFactory.class, "make", ArgumentMatchers.eq("MOCK_TEST_VALIDATOR"), ArgumentMatchers.eq("Validator")).thenReturn(mockValidator);
+
+        PowerMockito.when(mockSecConfig.getValidationImplementation()).thenReturn("MOCK_TEST_VALIDATOR");
+    }
+
+    @Test
+    public void testValidatorFromConfiguration() {
+        Validator validator = ESAPI.validator();
+        Assert.assertEquals("ESAPI Configuration should return Validator as specified by the SecurityConfiguration", mockValidator, validator);
+
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.eq("MOCK_TEST_VALIDATOR"), ArgumentMatchers.eq("Validator"));
+
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getValidationImplementation();
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/ESAPIVerifyAllowedMethods.java b/src/test/java/org/owasp/esapi/ESAPIVerifyAllowedMethods.java
new file mode 100644
index 000000000..751a95d52
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/ESAPIVerifyAllowedMethods.java
@@ -0,0 +1,68 @@
+package org.owasp.esapi;
+
+import org.bouncycastle.crypto.modes.CBCModeCipher;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.owasp.esapi.errors.ConfigurationException;
+
+
+public class ESAPIVerifyAllowedMethods {
+
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyNulParamThrows() {
+		ESAPI.isMethodExplicityEnabled(null);
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyNoWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("");
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyOnlyWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("   ");
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyOnlyTabWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("\t");
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyOnlyNewlineWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("\n");
+	}
+	
+	
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyNonEsapiPackageParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("com.myPackage.myScope.method");
+	}
+	@Test 
+	public void verifyUnknownMethodFailsEnableCheck() {
+		Assert.assertFalse(ESAPI.isMethodExplicityEnabled("org.owasp.esapi.reference.DefaultEncoder.encodeForSQ"));
+	}
+	
+	@Test 
+	public void verifyDefinedRestrictionIsCaught() {
+		Assert.assertTrue(ESAPI.isMethodExplicityEnabled("org.owasp.esapi.reference.DefaultEncoder.encodeForSQL"));
+	}
+	
+	@Test 
+	public void testMissingPropertyReturnsFalse() {
+		try {
+		SecurityConfiguration mockConfig = Mockito.mock(SecurityConfiguration.class);
+		Mockito.when(mockConfig.getStringProp("ESAPI.dangerouslyAllowUnsafeMethods.methodNames")).thenThrow(ConfigurationException.class);
+		ESAPI.override(mockConfig);
+		
+		Assert.assertFalse(ESAPI.isMethodExplicityEnabled("org.owasp.esapi.thisValueDoesNotMatter"));
+		Mockito.verify(mockConfig, Mockito.times(1)).getStringProp("ESAPI.dangerouslyAllowUnsafeMethods.methodNames");
+		} finally {
+			ESAPI.override(null);
+		}
+		
+	}
+	
+}
diff --git a/src/test/java/org/owasp/esapi/PreparedStringTest.java b/src/test/java/org/owasp/esapi/PreparedStringTest.java
index b288c1325..c3ddf8ece 100644
--- a/src/test/java/org/owasp/esapi/PreparedStringTest.java
+++ b/src/test/java/org/owasp/esapi/PreparedStringTest.java
@@ -17,6 +17,7 @@
 package org.owasp.esapi;
 
 import junit.framework.TestCase;
+
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
 
diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
index eb9c0c9f9..1d5a521b8 100644
--- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
+++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi;
 
+import org.owasp.esapi.errors.ConfigurationException;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -7,7 +9,7 @@
 import java.util.regex.Pattern;
 
 /**
- * Simple wrapper implementation of {@link SecurityConfiguration}. 
+ * Simple wrapper implementation of {@link SecurityConfiguration}.
  * This allows for easy subclassing and property fixups for unit tests.
  *
  * Note that there are some compilers have issues with Override
@@ -17,575 +19,560 @@
  */
 public class SecurityConfigurationWrapper implements SecurityConfiguration
 {
-	private SecurityConfiguration wrapped;
-
-	/**
-	 * Constructor wrapping the given configuration.
-	 * @param wrapped The configuration to wrap.
-	 */
-	public SecurityConfigurationWrapper(SecurityConfiguration wrapped)
-	{
-		this.wrapped = wrapped;
-	}
-
-	/**
-	 * Access the wrapped configuration.
-	 * @return The wrapped configuration.
-	 */
-	public SecurityConfiguration getWrappedSecurityConfiguration()
-	{
-		return wrapped;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getApplicationName()
-	{
-		return wrapped.getApplicationName();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getLogImplementation()
-	{
-		return wrapped.getLogImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getAuthenticationImplementation()
-	{
-		return wrapped.getAuthenticationImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getEncoderImplementation()
-	{
-		return wrapped.getEncoderImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getAccessControlImplementation()
-	{
-		return wrapped.getAccessControlImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getIntrusionDetectionImplementation()
-	{
-		return wrapped.getIntrusionDetectionImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getRandomizerImplementation()
-	{
-		return wrapped.getRandomizerImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getEncryptionImplementation()
-	{
-		return wrapped.getEncryptionImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getValidationImplementation()
-	{
-		return wrapped.getValidationImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public Pattern getValidationPattern( String typeName )
-	{
-		return wrapped.getValidationPattern(typeName);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getExecutorImplementation()
-	{
-		return wrapped.getExecutorImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getHTTPUtilitiesImplementation()
-	{
-		return wrapped.getHTTPUtilitiesImplementation();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public byte[] getMasterKey()
-	{
-		return wrapped.getMasterKey();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public File getUploadDirectory()
-	{
-		return wrapped.getUploadDirectory();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public File getUploadTempDirectory()
-	{
-		return wrapped.getUploadTempDirectory();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getEncryptionKeyLength()
-	{
-		return wrapped.getEncryptionKeyLength();
-	}
-    
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public byte[] getMasterSalt()
-	{
-		return wrapped.getMasterSalt();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public List getAllowedExecutables()
-	{
-		return wrapped.getAllowedExecutables();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public List getAllowedFileExtensions()
-	{
-		return wrapped.getAllowedFileExtensions();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getAllowedFileUploadSize()
-	{
-		return wrapped.getAllowedFileUploadSize();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getPasswordParameterName()
-	{
-		return wrapped.getPasswordParameterName();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getUsernameParameterName()
-	{
-		return wrapped.getUsernameParameterName();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getEncryptionAlgorithm()
-	{
-		return wrapped.getEncryptionAlgorithm();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getCipherTransformation()
-	{
-		return wrapped.getCipherTransformation();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String setCipherTransformation(String cipherXform)
-	{
-		return wrapped.setCipherTransformation(cipherXform);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean useMACforCipherText()
-	{
-		return wrapped.useMACforCipherText();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean overwritePlainText()
-	{
-		return wrapped.overwritePlainText();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getIVType()
-	{
-		return wrapped.getIVType();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getFixedIV()
-	{
-		return wrapped.getFixedIV();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getHashAlgorithm()
-	{
-		return wrapped.getHashAlgorithm();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getHashIterations()
-	{
-		return wrapped.getHashIterations();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getCharacterEncoding()
-	{
-		return wrapped.getCharacterEncoding();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getAllowMultipleEncoding()
-	{
-		return wrapped.getAllowMultipleEncoding();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getAllowMixedEncoding()
-	{
-		return wrapped.getAllowMixedEncoding();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public List getDefaultCanonicalizationCodecs()
-	{
-		return wrapped.getDefaultCanonicalizationCodecs();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getDigitalSignatureAlgorithm()
-	{
-		return wrapped.getDigitalSignatureAlgorithm();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getDigitalSignatureKeyLength()
-	{
-		return wrapped.getDigitalSignatureKeyLength();
-	}
-		   
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getRandomAlgorithm()
-	{
-		return wrapped.getRandomAlgorithm();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getAllowedLoginAttempts()
-	{
-		return wrapped.getAllowedLoginAttempts();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getMaxOldPasswordHashes()
-	{
-		return wrapped.getMaxOldPasswordHashes();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public Threshold getQuota(String eventName)
-	{
-		return wrapped.getQuota(eventName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public File getResourceFile( String filename )
-	{
-		return wrapped.getResourceFile(filename);
-	}
-    
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getForceHttpOnlySession() 
-	{
-		return wrapped.getForceHttpOnlySession();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getForceSecureSession() 
-	{
-		return wrapped.getForceSecureSession();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getForceHttpOnlyCookies()
-	{
-		return wrapped.getForceHttpOnlyCookies();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getForceSecureCookies()
-	{
-		return wrapped.getForceSecureCookies();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getMaxHttpHeaderSize() {
+    private SecurityConfiguration wrapped;
+
+    /**
+     * Constructor wrapping the given configuration.
+     * @param wrapped The configuration to wrap.
+     */
+    public SecurityConfigurationWrapper(SecurityConfiguration wrapped)
+    {
+        this.wrapped = wrapped;
+    }
+
+    /**
+     * Access the wrapped configuration.
+     * @return The wrapped configuration.
+     */
+    public SecurityConfiguration getWrappedSecurityConfiguration()
+    {
+        return wrapped;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getApplicationName()
+    {
+        return wrapped.getApplicationName();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getLogImplementation()
+    {
+        return wrapped.getLogImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getAuthenticationImplementation()
+    {
+        return wrapped.getAuthenticationImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getEncoderImplementation()
+    {
+        return wrapped.getEncoderImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getAccessControlImplementation()
+    {
+        return wrapped.getAccessControlImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getIntrusionDetectionImplementation()
+    {
+        return wrapped.getIntrusionDetectionImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getRandomizerImplementation()
+    {
+        return wrapped.getRandomizerImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getEncryptionImplementation()
+    {
+        return wrapped.getEncryptionImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getValidationImplementation()
+    {
+        return wrapped.getValidationImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public Pattern getValidationPattern( String typeName )
+    {
+        return wrapped.getValidationPattern(typeName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getExecutorImplementation()
+    {
+        return wrapped.getExecutorImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getHTTPUtilitiesImplementation()
+    {
+        return wrapped.getHTTPUtilitiesImplementation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public byte[] getMasterKey()
+    {
+        return wrapped.getMasterKey();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public File getUploadDirectory()
+    {
+        return wrapped.getUploadDirectory();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public File getUploadTempDirectory()
+    {
+        return wrapped.getUploadTempDirectory();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getEncryptionKeyLength()
+    {
+        return wrapped.getEncryptionKeyLength();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public byte[] getMasterSalt()
+    {
+        return wrapped.getMasterSalt();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public List getAllowedExecutables()
+    {
+        return wrapped.getAllowedExecutables();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public List getAllowedFileExtensions()
+    {
+        return wrapped.getAllowedFileExtensions();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getAllowedFileUploadSize()
+    {
+        return wrapped.getAllowedFileUploadSize();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getPasswordParameterName()
+    {
+        return wrapped.getPasswordParameterName();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getUsernameParameterName()
+    {
+        return wrapped.getUsernameParameterName();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getEncryptionAlgorithm()
+    {
+        return wrapped.getEncryptionAlgorithm();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getCipherTransformation()
+    {
+        return wrapped.getCipherTransformation();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String setCipherTransformation(String cipherXform)
+    {
+        return wrapped.setCipherTransformation(cipherXform);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean useMACforCipherText()
+    {
+        return wrapped.useMACforCipherText();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean overwritePlainText()
+    {
+        return wrapped.overwritePlainText();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getIVType()
+    {
+        return wrapped.getIVType();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getHashAlgorithm()
+    {
+        return wrapped.getHashAlgorithm();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getHashIterations()
+    {
+        return wrapped.getHashIterations();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getCharacterEncoding()
+    {
+        return wrapped.getCharacterEncoding();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getAllowMultipleEncoding()
+    {
+        return wrapped.getAllowMultipleEncoding();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getAllowMixedEncoding()
+    {
+        return wrapped.getAllowMixedEncoding();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public List getDefaultCanonicalizationCodecs()
+    {
+        return wrapped.getDefaultCanonicalizationCodecs();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getDigitalSignatureAlgorithm()
+    {
+        return wrapped.getDigitalSignatureAlgorithm();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getDigitalSignatureKeyLength()
+    {
+        return wrapped.getDigitalSignatureKeyLength();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getRandomAlgorithm()
+    {
+        return wrapped.getRandomAlgorithm();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getAllowedLoginAttempts()
+    {
+        return wrapped.getAllowedLoginAttempts();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getMaxOldPasswordHashes()
+    {
+        return wrapped.getMaxOldPasswordHashes();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public Threshold getQuota(String eventName)
+    {
+        return wrapped.getQuota(eventName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public File getResourceFile( String filename )
+    {
+        return wrapped.getResourceFile(filename);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getForceHttpOnlySession()
+    {
+        return wrapped.getForceHttpOnlySession();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getForceSecureSession()
+    {
+        return wrapped.getForceSecureSession();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getForceHttpOnlyCookies()
+    {
+        return wrapped.getForceHttpOnlyCookies();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getForceSecureCookies()
+    {
+        return wrapped.getForceSecureCookies();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getMaxHttpHeaderSize() {
         return wrapped.getMaxHttpHeaderSize();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public InputStream getResourceStream( String filename ) throws IOException
-	{
-		return wrapped.getResourceStream(filename);
-	}
-
-    	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public void setResourceDirectory(String dir)
-	{
-		wrapped.setResourceDirectory(dir);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getResponseContentType()
-	{
-		return wrapped.getResponseContentType();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getHttpSessionIdName() {
-		return wrapped.getHttpSessionIdName();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public long getRememberTokenDuration()
-	{
-		return wrapped.getRememberTokenDuration();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getSessionIdleTimeoutLength()
-	{
-		return wrapped.getSessionIdleTimeoutLength();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getSessionAbsoluteTimeoutLength()
-	{
-		return wrapped.getSessionAbsoluteTimeoutLength();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getLogEncodingRequired()
-	{
-		return wrapped.getLogEncodingRequired();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getLogApplicationName()
-	{
-		return wrapped.getLogApplicationName();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getLogServerIP()
-	{
-		return wrapped.getLogServerIP();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getLogLevel()
-	{
-		return wrapped.getLogLevel();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getLogFileName()
-	{
-		return wrapped.getLogFileName();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getMaxLogFileSize()
-	{
-	 	return wrapped.getMaxLogFileSize();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public File getWorkingDirectory()
-	{
-		return wrapped.getWorkingDirectory();
-	}
-
-	/**
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public InputStream getResourceStream( String filename ) throws IOException
+    {
+        return wrapped.getResourceStream(filename);
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public void setResourceDirectory(String dir)
+    {
+        wrapped.setResourceDirectory(dir);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getResponseContentType()
+    {
+        return wrapped.getResponseContentType();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getHttpSessionIdName() {
+        return wrapped.getHttpSessionIdName();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public long getRememberTokenDuration()
+    {
+        return wrapped.getRememberTokenDuration();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getSessionIdleTimeoutLength()
+    {
+        return wrapped.getSessionIdleTimeoutLength();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public int getSessionAbsoluteTimeoutLength()
+    {
+        return wrapped.getSessionAbsoluteTimeoutLength();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getLogEncodingRequired()
+    {
+        return wrapped.getLogEncodingRequired();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getLogApplicationName()
+    {
+        return wrapped.getLogApplicationName();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getLogServerIP()
+    {
+        return wrapped.getLogServerIP();
+    }
+
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        return wrapped.getIntProp(propertyName);
+    }
+
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        return wrapped.getByteArrayProp(propertyName);
+    }
+
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        return wrapped.getBooleanProp(propertyName);
+    }
+
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        return wrapped.getStringProp(propertyName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public File getWorkingDirectory()
+    {
+        return wrapped.getWorkingDirectory();
+    }
+
+    /**
      * {@inheritDoc}
      */
     // @Override
@@ -608,26 +595,26 @@ public String getPreferredJCEProvider() {
         return wrapped.getPreferredJCEProvider();
     }
 
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public boolean getDisableIntrusionDetection() {
-		return wrapped.getDisableIntrusionDetection();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getKDFPseudoRandomFunction() {
-		return wrapped.getKDFPseudoRandomFunction();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean getLenientDatesAccepted() {
-		return wrapped.getLenientDatesAccepted();
-	}
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public boolean getDisableIntrusionDetection() {
+        return wrapped.getDisableIntrusionDetection();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    // @Override
+    public String getKDFPseudoRandomFunction() {
+        return wrapped.getKDFPseudoRandomFunction();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean getLenientDatesAccepted() {
+        return wrapped.getLenientDatesAccepted();
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/StringUtilitiesTest.java b/src/test/java/org/owasp/esapi/StringUtilitiesTest.java
index 967b63263..c7f29d27a 100644
--- a/src/test/java/org/owasp/esapi/StringUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/StringUtilitiesTest.java
@@ -9,74 +9,74 @@
 
 public class StringUtilitiesTest extends TestCase {
 
-	/**
+    /**
      * Run all the test cases in this suite.
      * This is to allow running from {@code org.owasp.esapi.AllTests}.
-     * 
-	 * @return the test
-	 */
+     *
+     * @return the test
+     */
     public static Test suite() {
         TestSuite suite = new TestSuite(StringUtilitiesTest.class);
         return suite;
     }
-    
+
     /** Test the getLevenshteinDistance() method. */
     public void testGetLevenshteinDistance() {
-    	String src    = "GUMBO";
-    	String target = "GAMBOL";
-    	assertTrue( 2 == StringUtilities.getLevenshteinDistance(src, target) );
-    	assertTrue( 2 == StringUtilities.getLevenshteinDistance(target, src) );
-    	assertTrue( 0 == StringUtilities.getLevenshteinDistance(src, src) );
-    	assertTrue( 5 == StringUtilities.getLevenshteinDistance(src, "") );
-    	assertTrue( 6 == StringUtilities.getLevenshteinDistance("", target) );
+        String src    = "GUMBO";
+        String target = "GAMBOL";
+        assertTrue( 2 == StringUtilities.getLevenshteinDistance(src, target) );
+        assertTrue( 2 == StringUtilities.getLevenshteinDistance(target, src) );
+        assertTrue( 0 == StringUtilities.getLevenshteinDistance(src, src) );
+        assertTrue( 5 == StringUtilities.getLevenshteinDistance(src, "") );
+        assertTrue( 6 == StringUtilities.getLevenshteinDistance("", target) );
 
-    	try {
-    		@SuppressWarnings("unused")
-			int ldist = StringUtilities.getLevenshteinDistance(null, "abc");
-    	} catch ( IllegalArgumentException ex ) {
-    		assertTrue( ex.getClass().getName().equals( IllegalArgumentException.class.getName() ));
-    	}
+        try {
+            @SuppressWarnings("unused")
+            int ldist = StringUtilities.getLevenshteinDistance(null, "abc");
+        } catch ( IllegalArgumentException ex ) {
+            assertTrue( ex.getClass().getName().equals( IllegalArgumentException.class.getName() ));
+        }
 
-    	try {
-    		@SuppressWarnings("unused")
-			int ldist = StringUtilities.getLevenshteinDistance("abc", null);
-    	} catch ( IllegalArgumentException ex ) {
-    		assertTrue( ex.getClass().getName().equals( IllegalArgumentException.class.getName() ));
-    	}
+        try {
+            @SuppressWarnings("unused")
+            int ldist = StringUtilities.getLevenshteinDistance("abc", null);
+        } catch ( IllegalArgumentException ex ) {
+            assertTrue( ex.getClass().getName().equals( IllegalArgumentException.class.getName() ));
+        }
     }
 
     /** Test the union() method. */
     public void testUnion() {
-		char[] a1 = { 'a', 'b', 'c' };
-		char[] a2 = { 'c', 'd', 'e' };
-		char[] union = StringUtilities.union(a1, a2);
-		assertTrue( Arrays.equals( union, new char[] {'a','b','c','d','e' } ) );
+        char[] a1 = { 'a', 'b', 'c' };
+        char[] a2 = { 'c', 'd', 'e' };
+        char[] union = StringUtilities.union(a1, a2);
+        assertTrue( Arrays.equals( union, new char[] {'a','b','c','d','e' } ) );
     }
-    
+
     /** Test the contains() method. */
     public void contains() {
-		StringBuilder sb = new StringBuilder( "abc" );
-		assertTrue( StringUtilities.contains(sb, 'b') );
-		assertFalse( StringUtilities.contains(sb, 'x') );
+        StringBuilder sb = new StringBuilder( "abc" );
+        assertTrue( StringUtilities.contains(sb, 'b') );
+        assertFalse( StringUtilities.contains(sb, 'x') );
     }
 
     /** Test the notNullOrEmpty() method. */
     public void testNotNullOrEmpty() {
-    	String str = "A string";
-    	assertTrue( StringUtilities.notNullOrEmpty(str, false) );
-    	assertTrue( StringUtilities.notNullOrEmpty(str, true) );
-    	str = "   A  string  ";
-       	assertTrue( StringUtilities.notNullOrEmpty(str, false) );
-    	assertTrue( StringUtilities.notNullOrEmpty(str, true) );
-    	str = "   ";
-       	assertTrue( StringUtilities.notNullOrEmpty(str, false) );
-    	assertFalse( StringUtilities.notNullOrEmpty(str, true) );
-    	str = "";
-       	assertFalse( StringUtilities.notNullOrEmpty(str, false) );
-    	assertFalse( StringUtilities.notNullOrEmpty(str, true) );
-    	str = null;
-       	assertFalse( StringUtilities.notNullOrEmpty(str, false) );
-    	assertFalse( StringUtilities.notNullOrEmpty(str, true) );
+        String str = "A string";
+        assertTrue( StringUtilities.notNullOrEmpty(str, false) );
+        assertTrue( StringUtilities.notNullOrEmpty(str, true) );
+        str = "   A  string  ";
+           assertTrue( StringUtilities.notNullOrEmpty(str, false) );
+        assertTrue( StringUtilities.notNullOrEmpty(str, true) );
+        str = "   ";
+           assertTrue( StringUtilities.notNullOrEmpty(str, false) );
+        assertFalse( StringUtilities.notNullOrEmpty(str, true) );
+        str = "";
+           assertFalse( StringUtilities.notNullOrEmpty(str, false) );
+        assertFalse( StringUtilities.notNullOrEmpty(str, true) );
+        str = null;
+           assertFalse( StringUtilities.notNullOrEmpty(str, false) );
+        assertFalse( StringUtilities.notNullOrEmpty(str, true) );
     }
 
     public void testReplaceNull() {
diff --git a/src/test/java/org/owasp/esapi/UserTest.java b/src/test/java/org/owasp/esapi/UserTest.java
index ab31d4808..109a6251a 100644
--- a/src/test/java/org/owasp/esapi/UserTest.java
+++ b/src/test/java/org/owasp/esapi/UserTest.java
@@ -1,106 +1,106 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class UserTest extends TestCase {
-
-	public UserTest(String testName) {
-		super(testName);
-	}
-
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	public static Test suite() {
-		TestSuite suite = new TestSuite(UserTest.class);
-		return suite;
-	}
-	
-	public void testAllMethods() throws Exception {
-		// create a user to test Anonymous
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		
-			// Probably could skip the assignment here, but maybe someone had
-			// future plans to use this. So will just suppress warning for now.
-		@SuppressWarnings("unused")
-		User user = instance.createUser(accountName, password, password);
-		
-		// test the rest of the Anonymous user
-		try { User.ANONYMOUS.addRole(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.addRoles(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.changePassword(null, null, null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.disable(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.enable(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountId(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getCSRFToken(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getExpirationTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getFailedLoginCount(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLastFailedLoginTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLastLoginTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLastPasswordChangeTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getRoles(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getScreenName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.addSession(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.removeSession(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.incrementFailedLoginCount(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isAnonymous(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isEnabled(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isExpired(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isInRole(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isLocked(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isLoggedIn(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isSessionAbsoluteTimeout(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isSessionTimeout(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.lock(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.loginWithPassword(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.logout(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.removeRole(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.resetCSRFToken(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setAccountName(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setExpirationTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setRoles(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setScreenName(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.unlock(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.verifyPassword(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastFailedLoginTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastLoginTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastHostAddress(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastPasswordChangeTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getEventMap(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLocale(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLocale(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
-	}
-}
-
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class UserTest extends TestCase {
+
+    public UserTest(String testName) {
+        super(testName);
+    }
+
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    public static Test suite() {
+        TestSuite suite = new TestSuite(UserTest.class);
+        return suite;
+    }
+
+    public void testAllMethods() throws Exception {
+        // create a user to test Anonymous
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Authenticator instance = ESAPI.authenticator();
+        String password = instance.generateStrongPassword();
+
+            // Probably could skip the assignment here, but maybe someone had
+            // future plans to use this. So will just suppress warning for now.
+        @SuppressWarnings("unused")
+        User user = instance.createUser(accountName, password, password);
+
+        // test the rest of the Anonymous user
+        try { User.ANONYMOUS.addRole(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.addRoles(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.changePassword(null, null, null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.disable(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.enable(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getAccountId(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getName(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getCSRFToken(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getExpirationTime(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getFailedLoginCount(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getLastFailedLoginTime(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getLastLoginTime(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getLastPasswordChangeTime(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getRoles(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getScreenName(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.addSession(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.removeSession(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.incrementFailedLoginCount(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isAnonymous(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isEnabled(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isExpired(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isInRole(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isLocked(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isLoggedIn(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isSessionAbsoluteTimeout(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.isSessionTimeout(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.lock(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.loginWithPassword(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.logout(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.removeRole(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.resetCSRFToken(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setAccountName(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setExpirationTime(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setRoles(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setScreenName(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.unlock(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.verifyPassword(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setLastFailedLoginTime(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setLastLoginTime(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setLastHostAddress(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setLastPasswordChangeTime(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getEventMap(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getLocale(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.setLocale(null); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
+        try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
+    }
+}
+
+
diff --git a/src/test/java/org/owasp/esapi/ValidationErrorListTest.java b/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
index 2880cd73c..42762d7f3 100644
--- a/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
+++ b/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
@@ -1,140 +1,90 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationErrorListTest extends TestCase {
-
-	/**
-	 * Instantiates a new executor test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public ValidationErrorListTest(String testName) {
-		super(testName);
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(ValidationErrorListTest.class);
-		return suite;
-	}
-	
-	public void testAddError() throws Exception {
-		System.out.println("testAddError");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context", vex );
-		try {
-			vel.addError(null, vex );
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			vel.addError("context1", null );
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			vel.addError("context", vex );  // add the same context again
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-	}
-
-	public void testErrors() throws Exception {
-		System.out.println("testErrors");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.errors().get(0) == vex );
-	}
-
-	public void testGetError() throws Exception {
-		System.out.println("testGetError");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.getError( "context" ) == vex );
-		assertTrue( vel.getError( "ridiculous" ) == null );
-	}
-
-	public void testIsEmpty() throws Exception {
-		System.out.println("testIsEmpty");
-		ValidationErrorList vel = new ValidationErrorList();
-		assertTrue( vel.isEmpty() );
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertFalse( vel.isEmpty() );
-	}
-
-	public void testSize() throws Exception {
-		System.out.println("testSize");
-		ValidationErrorList vel = new ValidationErrorList();
-		assertTrue( vel.size() == 0 );
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.size() == 1 );
-	}
-
-	private ValidationException createValidationException() {
-		ValidationException vex = null;
-		try {
-			vex = new ValidationException("User message", "Log Message");
-		} catch( IntrusionException e ) {
-			// expected occasionally
-		}
-		return vex;
-	}
-	
-}
-
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationErrorListTest {
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
+
+    ValidationErrorList vel = new ValidationErrorList();
+    ValidationException vex = new ValidationException(testName.getMethodName(), testName.getMethodName());
+    @Test
+    public void testAddErrorNullContextThrows() {
+        exEx.expect(RuntimeException.class);
+        exEx.expectMessage("Context cannot be null");
+        vel.addError(null, vex);
+    }
+
+    @Test
+    public void testAddErrorNullExceptionThrows() {
+        exEx.expect(RuntimeException.class);
+        exEx.expectMessage("ValidationException cannot be null");
+        vel.addError(testName.getMethodName(), null);
+    }
+    public void testAddErrorDuplicateContextThrows() {
+        exEx.expect(RuntimeException.class);
+        exEx.expectMessage("already exists, must be unique");
+        vel.addError(testName.getMethodName(), vex);
+        vel.addError(testName.getMethodName(), vex);
+    }
+
+    @Test
+    public void testErrors() throws Exception {
+        vel.addError("context",  vex );
+        assertTrue("Validation Errors List should contain the added ValidationException Reference",vel.errors().contains( vex) );
+    }
+
+    @Test
+    public void testGetError() throws Exception {
+        vel.addError("context",  vex );
+        assertTrue( vel.getError( "context" ) == vex );
+        assertNull( vel.getError( "ridiculous" ) );
+    }
+
+    @Test
+    public void testIsEmpty() throws Exception {
+        assertTrue( vel.isEmpty() );
+        vel.addError("context",  vex );
+        assertFalse( vel.isEmpty() );
+    }
+
+    @Test
+    public void testSize() throws Exception {
+        assertEquals(0, vel.size() );
+        vel.addError("context",  vex );
+        assertEquals(1, vel.size());
+    }
+
+}
+
+
diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
new file mode 100644
index 000000000..f4f1b7b46
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
@@ -0,0 +1,629 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+
+
+/**
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public class AbstractCodecTest extends TestCase {
+
+    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
+    private static final Character LESS_THAN = Character.valueOf('<');
+    private static final Character SINGLE_QUOTE = Character.valueOf('\'');
+    private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
+    private PercentCodec percentCodec = new PercentCodec();
+    private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
+    private VBScriptCodec vbScriptCodec = new VBScriptCodec();
+    private CSSCodec cssCodec = new CSSCodec();
+    private MySQLCodec mySQLCodecANSI = new MySQLCodec( MySQLCodec.ANSI_MODE );
+    private MySQLCodec mySQLCodecStandard = new MySQLCodec( MySQLCodec.MYSQL_MODE );
+    private OracleCodec oracleCodec = new OracleCodec();
+    private UnixCodec unixCodec = new UnixCodec();
+    private WindowsCodec windowsCodec = new WindowsCodec();
+
+    /**
+     * Instantiates a new access reference map test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public AbstractCodecTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(AbstractCodecTest.class);
+        return suite;
+    }
+
+    public void testHtmlEncode()
+    {
+            assertEquals( "test", htmlCodec.encode( EMPTY_CHAR_ARRAY, "test") );
+    }
+
+    public void testPercentEncode()
+    {
+            assertEquals( "%3C", percentCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+    }
+
+
+    public void testJavaScriptEncode()
+    {
+            assertEquals( "\\x3C", javaScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+    }
+
+    public void testVBScriptEncode()
+    {
+            assertEquals( "chrw(60)", vbScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+    }
+
+    public void testCSSEncode()
+    {
+            assertEquals( "\\3c ", cssCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+    }
+
+    public void testCSSInvalidCodepointDecode()
+    {
+        assertEquals("\uFFFDg", cssCodec.decode("\\abcdefg") );
+    }
+
+    public void testMySQLANSCIEncode()
+    {
+            assertEquals( "\'\'", mySQLCodecANSI.encode(EMPTY_CHAR_ARRAY, "\'") );
+    }
+
+    public void testMySQLStandardEncode()
+    {
+            assertEquals( "\\<", mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, "<") );
+    }
+
+    public void testOracleEncode()
+    {
+            assertEquals( "\'\'", oracleCodec.encode(EMPTY_CHAR_ARRAY, "\'") );
+    }
+
+    public void testUnixEncode()
+    {
+            assertEquals( "\\<", unixCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+    }
+
+    public void testWindowsEncode()
+    {
+            assertEquals( "^<", windowsCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+    }
+
+
+    public void testHtmlEncodeChar()
+    {
+
+            assertEquals( "&lt;", htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, (int) LESS_THAN) );
+    }
+
+    public void testHtmlEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "&#x100;";
+        String result;
+        //The new default for HTMLEntityCodec is ints/Integers.  Use Character/char at your own risk!
+        //Characters destroy non-BMP codepoints.  This Codec is now supposed surpass that.
+        result = htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, (int) in);
+        // this should be escaped
+        assertFalse(inStr.equals(result));
+        // UTF-8 encoded and then percent escaped
+        assertEquals(expected, result);
+    }
+
+    public void testHtmlEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "&#x100;";
+        String result;
+
+            result = htmlCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+        // UTF-8 encoded and then percent escaped
+            assertEquals(expected, result);
+    }
+
+    public void testPercentEncodeChar()
+    {
+            assertEquals( "%3C", percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+    }
+
+    public void testPercentEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "%C4%80";
+        String result;
+
+            result = percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+        // UTF-8 encoded and then percent escaped
+            assertEquals(expected, result);
+    }
+
+    public void testPercentEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "%C4%80";
+        String result;
+
+            result = percentCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+        // UTF-8 encoded and then percent escaped
+            assertEquals(expected, result);
+    }
+
+    public void testJavaScriptEncodeChar()
+    {
+            assertEquals( "\\x3C", javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+    }
+
+    public void testJavaScriptEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\u0100";
+        String result;
+
+            result = javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testJavaScriptEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\u0100";
+        String result;
+
+            result = javaScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testVBScriptEncodeChar()
+    {
+            assertEquals( "chrw(60)", vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+    }
+
+    public void testVBScriptEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        // FIXME I don't know vb...
+        // String expected = "\\u0100";
+        String result;
+
+            result = vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            //assertEquals(expected,result);
+    }
+
+    public void testVBScriptEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        // FIXME I don't know vb...
+        // String expected = "chrw(0x100)";
+        String result;
+
+            result = vbScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            // assertEquals(expected,result);
+    }
+
+    public void testCSSEncodeChar()
+    {
+            assertEquals( "\\3c ", cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+    }
+
+    public void testCSSEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\100 ";
+        String result;
+
+            result = cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testCSSEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\100 ";
+        String result;
+
+            result = cssCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testMySQLANSIEncodeChar()
+    {
+            assertEquals( "\'\'", mySQLCodecANSI.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE));
+    }
+
+    public void testMySQLStandardEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\" + in;
+        String result;
+
+            result = mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testMySQLStandardEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\" + in;
+        String result;
+
+            result = mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testMySQLStandardEncodeChar()
+    {
+            assertEquals( "\\<", mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+    }
+
+    public void testOracleEncodeChar()
+    {
+            assertEquals( "\'\'", oracleCodec.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE) );
+    }
+
+    public void testUnixEncodeChar()
+    {
+            assertEquals( "\\<", unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+    }
+
+    public void testUnixEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\" + in;
+        String result;
+
+            result = unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testUnixEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "\\" + in;
+        String result;
+
+            result = unixCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testWindowsEncodeChar()
+    {
+            assertEquals( "^<", windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+    }
+
+    public void testWindowsEncodeChar0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "^" + in;
+        String result;
+
+            result = windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testWindowsEncodeStr0x100()
+    {
+        Character in = 0x100;
+        String inStr = Character.toString(in);
+        String expected = "^" + in;
+        String result;
+
+            result = windowsCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+        // this should be escaped
+            assertFalse(inStr.equals(result));
+            assertEquals(expected,result);
+    }
+
+    public void testHtmlDecodeDecimalEntities()
+    {
+            assertEquals( "test!", htmlCodec.decode("&#116;&#101;&#115;&#116;!") );
+    }
+
+    public void testHtmlDecodeHexEntitites()
+    {
+            assertEquals( "test!", htmlCodec.decode("&#x74;&#x65;&#x73;&#x74;!") );
+    }
+
+    public void testHtmlDecodeInvalidAttribute()
+    {
+            assertEquals( "&jeff;", htmlCodec.decode("&jeff;") );
+    }
+
+    public void testHtmlDecodeAmp()
+    {
+        assertEquals("&", htmlCodec.decode("&amp;"));
+        assertEquals("&X", htmlCodec.decode("&amp;X"));
+        assertEquals("&", htmlCodec.decode("&amp"));
+        assertEquals("&X", htmlCodec.decode("&ampX"));
+    }
+
+    public void testHtmlDecodeLt()
+    {
+        assertEquals("<", htmlCodec.decode("&lt;"));
+        assertEquals("<X", htmlCodec.decode("&lt;X"));
+        assertEquals("<", htmlCodec.decode("&lt"));
+        assertEquals("<X", htmlCodec.decode("&ltX"));
+    }
+
+    public void testHtmlDecodeSup1()
+    {
+        assertEquals("\u00B9", htmlCodec.decode("&sup1;"));
+        assertEquals("\u00B9X", htmlCodec.decode("&sup1;X"));
+        assertEquals("\u00B9", htmlCodec.decode("&sup1"));
+        assertEquals("\u00B9X", htmlCodec.decode("&sup1X"));
+    }
+
+    public void testHtmlDecodeSup2()
+    {
+        assertEquals("\u00B2", htmlCodec.decode("&sup2;"));
+        assertEquals("\u00B2X", htmlCodec.decode("&sup2;X"));
+        assertEquals("\u00B2", htmlCodec.decode("&sup2"));
+        assertEquals("\u00B2X", htmlCodec.decode("&sup2X"));
+    }
+
+    public void testHtmlDecodeSup3()
+    {
+        assertEquals("\u00B3", htmlCodec.decode("&sup3;"));
+        assertEquals("\u00B3X", htmlCodec.decode("&sup3;X"));
+        assertEquals("\u00B3", htmlCodec.decode("&sup3"));
+        assertEquals("\u00B3X", htmlCodec.decode("&sup3X"));
+    }
+
+    public void testHtmlDecodeSup()
+    {
+        assertEquals("\u2283", htmlCodec.decode("&sup;"));
+        assertEquals("\u2283X", htmlCodec.decode("&sup;X"));
+        assertEquals("\u2283", htmlCodec.decode("&sup"));
+        assertEquals("\u2283X", htmlCodec.decode("&supX"));
+    }
+
+    public void testHtmlDecodeSupe()
+    {
+        assertEquals("\u2287", htmlCodec.decode("&supe;"));
+        assertEquals("\u2287X", htmlCodec.decode("&supe;X"));
+        assertEquals("\u2287", htmlCodec.decode("&supe"));
+        assertEquals("\u2287X", htmlCodec.decode("&supeX"));
+    }
+
+    public void testHtmlDecodePi()
+    {
+        assertEquals("\u03C0", htmlCodec.decode("&pi;"));
+        assertEquals("\u03C0X", htmlCodec.decode("&pi;X"));
+        assertEquals("\u03C0", htmlCodec.decode("&pi"));
+        assertEquals("\u03C0X", htmlCodec.decode("&piX"));
+    }
+
+    public void testHtmlDecodePiv()
+    {
+        assertEquals("\u03D6", htmlCodec.decode("&piv;"));
+        assertEquals("\u03D6X", htmlCodec.decode("&piv;X"));
+        assertEquals("\u03D6", htmlCodec.decode("&piv"));
+        assertEquals("\u03D6X", htmlCodec.decode("&pivX"));
+    }
+
+    public void testHtmlDecodeTheta()
+    {
+        assertEquals("\u03B8", htmlCodec.decode("&theta;"));
+        assertEquals("\u03B8X", htmlCodec.decode("&theta;X"));
+        assertEquals("\u03B8", htmlCodec.decode("&theta"));
+        assertEquals("\u03B8X", htmlCodec.decode("&thetaX"));
+    }
+
+    public void testHtmlDecodeThetasym()
+    {
+        assertEquals("\u03D1", htmlCodec.decode("&thetasym;"));
+        assertEquals("\u03D1X", htmlCodec.decode("&thetasym;X"));
+        assertEquals("\u03D1", htmlCodec.decode("&thetasym"));
+        assertEquals("\u03D1X", htmlCodec.decode("&thetasymX"));
+    }
+
+    public void testPercentDecode()
+    {
+            assertEquals( "<", percentCodec.decode("%3c") );
+    }
+
+    public void testJavaScriptDecodeBackSlashHex()
+    {
+            assertEquals( "<", javaScriptCodec.decode("\\x3c") );
+    }
+
+    public void testVBScriptDecode()
+    {
+            assertEquals( "<", vbScriptCodec.decode("\"<") );
+    }
+
+    public void testCSSDecode()
+    {
+            assertEquals("<", cssCodec.decode("\\<") );
+    }
+
+    public void testCSSDecodeHexNoSpace()
+    {
+            assertEquals("Axyz", cssCodec.decode("\\41xyz") );
+    }
+
+    public void testCSSDecodeZeroHexNoSpace()
+    {
+            assertEquals("Aabc", cssCodec.decode("\\000041abc") );
+    }
+
+    public void testCSSDecodeHexSpace()
+    {
+            assertEquals("Aabc", cssCodec.decode("\\41 abc") );
+    }
+
+    public void testCSSDecodeNL()
+    {
+            assertEquals("abcxyz", cssCodec.decode("abc\\\nxyz") );
+    }
+
+    public void testCSSDecodeCRNL()
+    {
+            assertEquals("abcxyz", cssCodec.decode("abc\\\r\nxyz") );
+    }
+
+    public void testMySQLANSIDecode()
+    {
+            assertEquals( "\'", mySQLCodecANSI.decode("\'\'") );
+    }
+
+    public void testMySQLStandardDecode()
+    {
+            assertEquals( "<", mySQLCodecStandard.decode("\\<") );
+    }
+
+    public void testOracleDecode()
+    {
+            assertEquals( "\'", oracleCodec.decode("\'\'") );
+    }
+
+    public void testUnixDecode()
+    {
+            assertEquals( "<", unixCodec.decode("\\<") );
+    }
+
+        public void testWindowsDecode()
+    {
+            assertEquals( "<", windowsCodec.decode("^<") );
+    }
+
+    public void testHtmlDecodeCharLessThan()
+    {
+        Integer value = htmlCodec.decodeCharacter(new PushBackSequenceImpl("&lt;"));
+        assertEquals(new Integer(60), value);
+        StringBuilder sb = new StringBuilder().appendCodePoint(value);
+        assertEquals( LESS_THAN.toString(), sb.toString());
+    }
+
+    public void testPercentDecodeChar()
+    {
+            assertEquals( LESS_THAN, percentCodec.decodeCharacter(new PushbackString("%3c") ));
+    }
+
+        public void testJavaScriptDecodeCharBackSlashHex()
+    {
+            assertEquals( LESS_THAN, javaScriptCodec.decodeCharacter(new PushbackString("\\x3c") ));
+    }
+
+    public void testVBScriptDecodeChar()
+    {
+            assertEquals( LESS_THAN, vbScriptCodec.decodeCharacter(new PushbackString("\"<") ));
+    }
+
+    public void testCSSDecodeCharBackSlashHex()
+    {
+            assertEquals( LESS_THAN, cssCodec.decodeCharacter(new PushbackString("\\3c") ));
+    }
+
+    public void testMySQLANSIDecodCharQuoteQuote()
+    {
+            assertEquals( SINGLE_QUOTE, mySQLCodecANSI.decodeCharacter(new PushbackString("\'\'") ));
+    }
+
+        public void testMySQLStandardDecodeCharBackSlashLessThan()
+    {
+            assertEquals( LESS_THAN, mySQLCodecStandard.decodeCharacter(new PushbackString("\\<") ));
+    }
+
+    public void testOracleDecodeCharBackSlashLessThan()
+    {
+            assertEquals( SINGLE_QUOTE, oracleCodec.decodeCharacter(new PushbackString("\'\'") ));
+    }
+
+        public void testUnixDecodeCharBackSlashLessThan()
+    {
+            assertEquals( LESS_THAN, unixCodec.decodeCharacter(new PushbackString("\\<") ));
+    }
+
+        public void testWindowsDecodeCharCarrotLessThan()
+    {
+            assertEquals( LESS_THAN, windowsCodec.decodeCharacter(new PushbackString("^<") ));
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java b/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java
new file mode 100644
index 000000000..ea04aaf7e
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java
@@ -0,0 +1,33 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class CSSCodecTest {
+    private static final char[] IMMUNE_STUB = new char[0];
+    /** Unit In Test*/
+    private CSSCodec uit = new CSSCodec();
+
+    @Test
+    public void testCSSTripletLeadString() {
+        assertEquals("rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "rgb(255,255,255)!"));
+        assertEquals("rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "rgb(25%,25%,25%)!"));
+    }
+    @Test
+    public void testCSSTripletTailString() {
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)!"));
+        assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)!"));
+    }
+    @Test
+    public void testCSSTripletStringPart() {
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)!"));
+        assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)!"));
+    }
+    @Test
+    public void testCSSTripletStringMultiPart() {
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)! $field=rgb(255,255,255)!"));
+        assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)! $field=rgb(25%,25%,25%)!"));
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)! $field=rgb(25%,25%,25%)!"));
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java b/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java
new file mode 100644
index 000000000..ef7d9a00a
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java
@@ -0,0 +1,138 @@
+package org.owasp.esapi.codecs;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.codecs.*;
+
+/**
+ * Parameterized test to verify that the Immunity parameter for a codec
+ * encode/decode event works as expected on a series of special characters.
+ *
+ * @author jeremiah.j.stacey@gmail.com
+ * @since 2.1.0.1
+ *
+ */
+@RunWith(Parameterized.class)
+public class CodecImmunityTest {
+    /** character arrays used as immunity lists from Default Encoder.*/
+    private final static char[] IMMUNE_HTML = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_HTMLATTR = { ',', '.', '-', '_' };
+    private final static char[] IMMUNE_CSS = {};
+    private final static char[] IMMUNE_JAVASCRIPT = { ',', '.', '_' };
+    private final static char[] IMMUNE_VBSCRIPT = { ',', '.', '_' };
+    private final static char[] IMMUNE_XML = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_SQL = { ' ' };
+    private final static char[] IMMUNE_OS = { '-' };
+    private final static char[] IMMUNE_XMLATTR = { ',', '.', '-', '_' };
+    private final static char[] IMMUNE_XPATH = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_PERCENT = { '%' };
+    // These are inline in the encode methods, but same principle.
+    // private final static char[] IMMUNE_LDAP = { '\\', '*', '(', ')', '\0' };
+    // private final static char[] IMMUNE_DN = { '\\', ',', '+', '"', '<', '>', ';' };
+
+
+    @Parameters(name = "{0}")
+    public static Collection<Object[]> getParams() {
+        Collection<AbstractCodec> knownCodecs = new ArrayList<AbstractCodec>();
+        knownCodecs.add(new CSSCodec());
+        knownCodecs.add(new DB2Codec());
+        knownCodecs.add(new HTMLEntityCodec());
+        knownCodecs.add(new JavaScriptCodec());
+        knownCodecs.add(new MySQLCodec(0)); //Standard
+        knownCodecs.add(new MySQLCodec(1)); //ANSI
+        knownCodecs.add(new OracleCodec());
+        knownCodecs.add(new PercentCodec());
+        knownCodecs.add(new UnixCodec());
+        knownCodecs.add(new VBScriptCodec());
+        knownCodecs.add(new WindowsCodec());
+        knownCodecs.add(new XMLEntityCodec());
+
+        // TODO:  Add more strings here!!
+        List<String> sampleStrings = Arrays.asList("%De");
+
+        Collection<Object[]> params = new ArrayList<Object[]>();
+        for (Codec codec : knownCodecs) {
+            for (String sample : sampleStrings) {
+                params.add(new Object[]{codec.getClass().getSimpleName() + " " + sample, codec, sample});
+            }
+        }
+
+        // Add Tests for codecs against the configured ImmunityLists within the Default Encoder.
+        params.addAll(buildImmunitiyValidation(new HTMLEntityCodec(), IMMUNE_HTML, "IMMUNE_HTML"));
+        params.addAll(buildImmunitiyValidation(new HTMLEntityCodec(), IMMUNE_XPATH, "IMMUNE_XPATH"));
+        params.addAll(buildImmunitiyValidation(new HTMLEntityCodec(), IMMUNE_HTMLATTR, "IMMUNE_HTMLATTR"));
+        params.addAll(buildImmunitiyValidation(new CSSCodec(), IMMUNE_CSS, "IMMUNE_CSS"));
+        //params.addAll(buildImmunitiyValidation(new DB2Codec(), IMMUNE_HTML, ""));
+        params.addAll(buildImmunitiyValidation(new JavaScriptCodec(), IMMUNE_JAVASCRIPT, "IMMUNE_JAVASCRIPT"));
+        params.addAll(buildImmunitiyValidation(new MySQLCodec(0), IMMUNE_SQL, "IMMUNE_SQL"));
+        params.addAll(buildImmunitiyValidation(new MySQLCodec(1), IMMUNE_SQL, "IMMUNE_SQL"));
+        params.addAll(buildImmunitiyValidation(new OracleCodec(), IMMUNE_HTML, "IMMUNE_HTML"));
+            // No standard Immunity char array defined for PercentEncoder, but for
+            // GitHub issues #306 and $350, we use '%'.
+        params.addAll(buildImmunitiyValidation(new PercentCodec(), IMMUNE_PERCENT, "IMMUNE_PERCENT"));
+        params.addAll(buildImmunitiyValidation(new UnixCodec(), IMMUNE_OS, "IMMUNE_OS"));
+        params.addAll(buildImmunitiyValidation(new VBScriptCodec(), IMMUNE_VBSCRIPT, "IMMUNE_VBSCRIPT"));
+        params.addAll(buildImmunitiyValidation(new WindowsCodec(), IMMUNE_OS, "IMMUNE_OS"));
+        params.addAll(buildImmunitiyValidation(new XMLEntityCodec(), IMMUNE_XML, "IMMUNE_XML"));
+        params.addAll(buildImmunitiyValidation(new XMLEntityCodec(), IMMUNE_XMLATTR, "IMMUNE_XMLATTR"));
+
+        params.addAll(fullCharacterCodecValidation(knownCodecs));
+
+        return params;
+    }
+
+    private static Collection<Object[]> buildImmunitiyValidation(Codec codec, char[] immunities, String descriptor) {
+        Collection<Object[]> params = new ArrayList<Object[]>();
+        for (char c : immunities) {
+            params.add(new Object[]{codec.getClass().getSimpleName() + " " + descriptor + " ("+ c + ")", codec, String.valueOf(c)});
+        }
+        return params;
+    }
+
+    private static Collection<Object[]> fullCharacterCodecValidation(Collection<AbstractCodec> codecs) {
+        char[] holyCowTesting = StringUtilities.union(EncoderConstants.CHAR_ALPHANUMERICS, EncoderConstants.CHAR_SPECIALS);
+        Collection<Object[]> params = new ArrayList<Object[]>();
+        for (Codec codec: codecs) {
+            params.addAll(buildImmunitiyValidation(codec, holyCowTesting, "Full_ALPHA_AND_SPECIALS"));
+        }
+
+        return params;
+    }
+
+    private final Codec codec;
+    private final String string;
+    private final char[] immunityList;
+
+    public CodecImmunityTest(String ignored, Codec codec, String toTest) {
+        this.codec = codec;
+        this.string = toTest;
+        /**
+         * The Immunity character array is every character in the String we're testing.
+         *
+         */
+        this.immunityList = toTest.toCharArray();
+    }
+
+    @Test
+    public void testImmuneEncode() {
+        String encoded = codec.encode(immunityList, string);
+        Assert.assertEquals(string, encoded);
+    }
+    /*
+    @Test
+    public void testImmuneDecode() {
+        String decoded = codec.decode(string);
+        Assert.assertEquals(string, decoded);
+    }
+*/
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/CodecTest.java b/src/test/java/org/owasp/esapi/codecs/CodecTest.java
deleted file mode 100644
index 9aaa760b8..000000000
--- a/src/test/java/org/owasp/esapi/codecs/CodecTest.java
+++ /dev/null
@@ -1,624 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-
-
-/**
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public class CodecTest extends TestCase {
-
-    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
-    private static final Character LESS_THAN = Character.valueOf('<');
-    private static final Character SINGLE_QUOTE = Character.valueOf('\'');
-    private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
-    private PercentCodec percentCodec = new PercentCodec();
-    private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
-    private VBScriptCodec vbScriptCodec = new VBScriptCodec();
-    private CSSCodec cssCodec = new CSSCodec();
-    private MySQLCodec mySQLCodecANSI = new MySQLCodec( MySQLCodec.ANSI_MODE );
-    private MySQLCodec mySQLCodecStandard = new MySQLCodec( MySQLCodec.MYSQL_MODE );
-    private OracleCodec oracleCodec = new OracleCodec();
-    private UnixCodec unixCodec = new UnixCodec();
-    private WindowsCodec windowsCodec = new WindowsCodec();
-
-    /**
-     * Instantiates a new access reference map test.
-     * 
-     * @param testName
-     *            the test name
-     */
-    public CodecTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        // none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-        // none
-    }
-
-    /**
-     * Suite.
-     * 
-     * @return the test
-     */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(CodecTest.class);
-        return suite;
-    }
-
-	public void testHtmlEncode()
-	{
-        	assertEquals( "test", htmlCodec.encode( EMPTY_CHAR_ARRAY, "test") );
-	}
-
-	public void testPercentEncode()
-	{
-        	assertEquals( "%3C", percentCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-
-	public void testJavaScriptEncode()
-	{
-        	assertEquals( "\\x3C", javaScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testVBScriptEncode()
-	{
-        	assertEquals( "chrw(60)", vbScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testCSSEncode()
-	{
-        	assertEquals( "\\3c ", cssCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testCSSInvalidCodepointDecode()
-	{
-		assertEquals("\uFFFDg", cssCodec.decode("\\abcdefg") );
-	}
-
-	public void testMySQLANSCIEncode()
-	{
-        	assertEquals( "\'\'", mySQLCodecANSI.encode(EMPTY_CHAR_ARRAY, "\'") );
-	}
-
-	public void testMySQLStandardEncode()
-	{
-        	assertEquals( "\\<", mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testOracleEncode()
-	{
-        	assertEquals( "\'\'", oracleCodec.encode(EMPTY_CHAR_ARRAY, "\'") );
-	}
-
-	public void testUnixEncode()
-	{
-        	assertEquals( "\\<", unixCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testWindowsEncode()
-	{
-        	assertEquals( "^<", windowsCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	
-	public void testHtmlEncodeChar()
-	{
-        	assertEquals( "&lt;", htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testHtmlEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "&#x100;";
-		String result;
-
-        	result = htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testHtmlEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "&#x100;";
-		String result;
-
-        	result = htmlCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testPercentEncodeChar()
-	{
-        	assertEquals( "%3C", percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testPercentEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "%C4%80";
-		String result;
-
-        	result = percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testPercentEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "%C4%80";
-		String result;
-
-        	result = percentCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testJavaScriptEncodeChar()
-	{
-        	assertEquals( "\\x3C", javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testJavaScriptEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\u0100";
-		String result;
-
-        	result = javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testJavaScriptEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\u0100";
-		String result;
-
-        	result = javaScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-        
-	public void testVBScriptEncodeChar()
-	{
-        	assertEquals( "chrw(60)", vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testVBScriptEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		// FIXME I don't know vb...
-		// String expected = "\\u0100";
-		String result;
-
-        	result = vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	//assertEquals(expected,result);
-	}
-
-	public void testVBScriptEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		// FIXME I don't know vb...
-		// String expected = "chrw(0x100)";
-		String result;
-
-        	result = vbScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	// assertEquals(expected,result);
-	}
-
-	public void testCSSEncodeChar()
-	{
-        	assertEquals( "\\3c ", cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testCSSEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\100 ";
-		String result;
-
-        	result = cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testCSSEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\100 ";
-		String result;
-
-        	result = cssCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testMySQLANSIEncodeChar()
-	{
-        	assertEquals( "\'\'", mySQLCodecANSI.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE));
-	}
-
-	public void testMySQLStandardEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testMySQLStandardEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testMySQLStandardEncodeChar()
-	{
-        	assertEquals( "\\<", mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testOracleEncodeChar()
-	{
-        	assertEquals( "\'\'", oracleCodec.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE) );
-	}
-
-	public void testUnixEncodeChar()
-	{
-        	assertEquals( "\\<", unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testUnixEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testUnixEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = unixCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testWindowsEncodeChar()
-	{
-        	assertEquals( "^<", windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testWindowsEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "^" + in;
-		String result;
-
-        	result = windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testWindowsEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "^" + in;
-		String result;
-
-        	result = windowsCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-	
-	public void testHtmlDecodeDecimalEntities()
-	{
-        	assertEquals( "test!", htmlCodec.decode("&#116;&#101;&#115;&#116;!") );
-	}
-
-	public void testHtmlDecodeHexEntitites()
-	{
-        	assertEquals( "test!", htmlCodec.decode("&#x74;&#x65;&#x73;&#x74;!") );
-	}
-
-	public void testHtmlDecodeInvalidAttribute()
-	{
-        	assertEquals( "&jeff;", htmlCodec.decode("&jeff;") );
-	}
-
-	public void testHtmlDecodeAmp()
-	{
-		assertEquals("&", htmlCodec.decode("&amp;"));
-		assertEquals("&X", htmlCodec.decode("&amp;X"));
-		assertEquals("&", htmlCodec.decode("&amp"));
-		assertEquals("&X", htmlCodec.decode("&ampX"));
-	}
-
-	public void testHtmlDecodeLt()
-	{
-		assertEquals("<", htmlCodec.decode("&lt;"));
-		assertEquals("<X", htmlCodec.decode("&lt;X"));
-		assertEquals("<", htmlCodec.decode("&lt"));
-		assertEquals("<X", htmlCodec.decode("&ltX"));
-	}
-
-	public void testHtmlDecodeSup1()
-	{
-		assertEquals("\u00B9", htmlCodec.decode("&sup1;"));
-		assertEquals("\u00B9X", htmlCodec.decode("&sup1;X"));
-		assertEquals("\u00B9", htmlCodec.decode("&sup1"));
-		assertEquals("\u00B9X", htmlCodec.decode("&sup1X"));
-	}
-
-	public void testHtmlDecodeSup2()
-	{
-		assertEquals("\u00B2", htmlCodec.decode("&sup2;"));
-		assertEquals("\u00B2X", htmlCodec.decode("&sup2;X"));
-		assertEquals("\u00B2", htmlCodec.decode("&sup2"));
-		assertEquals("\u00B2X", htmlCodec.decode("&sup2X"));
-	}
-
-	public void testHtmlDecodeSup3()
-	{
-		assertEquals("\u00B3", htmlCodec.decode("&sup3;"));
-		assertEquals("\u00B3X", htmlCodec.decode("&sup3;X"));
-		assertEquals("\u00B3", htmlCodec.decode("&sup3"));
-		assertEquals("\u00B3X", htmlCodec.decode("&sup3X"));
-	}
-
-	public void testHtmlDecodeSup()
-	{
-		assertEquals("\u2283", htmlCodec.decode("&sup;"));
-		assertEquals("\u2283X", htmlCodec.decode("&sup;X"));
-		assertEquals("\u2283", htmlCodec.decode("&sup"));
-		assertEquals("\u2283X", htmlCodec.decode("&supX"));
-	}
-
-	public void testHtmlDecodeSupe()
-	{
-		assertEquals("\u2287", htmlCodec.decode("&supe;"));
-		assertEquals("\u2287X", htmlCodec.decode("&supe;X"));
-		assertEquals("\u2287", htmlCodec.decode("&supe"));
-		assertEquals("\u2287X", htmlCodec.decode("&supeX"));
-	}
-
-	public void testHtmlDecodePi()
-	{
-		assertEquals("\u03C0", htmlCodec.decode("&pi;"));
-		assertEquals("\u03C0X", htmlCodec.decode("&pi;X"));
-		assertEquals("\u03C0", htmlCodec.decode("&pi"));
-		assertEquals("\u03C0X", htmlCodec.decode("&piX"));
-	}
-
-	public void testHtmlDecodePiv()
-	{
-		assertEquals("\u03D6", htmlCodec.decode("&piv;"));
-		assertEquals("\u03D6X", htmlCodec.decode("&piv;X"));
-		assertEquals("\u03D6", htmlCodec.decode("&piv"));
-		assertEquals("\u03D6X", htmlCodec.decode("&pivX"));
-	}
-
-	public void testHtmlDecodeTheta()
-	{
-		assertEquals("\u03B8", htmlCodec.decode("&theta;"));
-		assertEquals("\u03B8X", htmlCodec.decode("&theta;X"));
-		assertEquals("\u03B8", htmlCodec.decode("&theta"));
-		assertEquals("\u03B8X", htmlCodec.decode("&thetaX"));
-	}
-
-	public void testHtmlDecodeThetasym()
-	{
-		assertEquals("\u03D1", htmlCodec.decode("&thetasym;"));
-		assertEquals("\u03D1X", htmlCodec.decode("&thetasym;X"));
-		assertEquals("\u03D1", htmlCodec.decode("&thetasym"));
-		assertEquals("\u03D1X", htmlCodec.decode("&thetasymX"));
-	}
-
-	public void testPercentDecode()
-	{
-        	assertEquals( "<", percentCodec.decode("%3c") );
-	}
-
-	public void testJavaScriptDecodeBackSlashHex()
-	{
-        	assertEquals( "<", javaScriptCodec.decode("\\x3c") );
-	}
-        
-	public void testVBScriptDecode()
-	{
-        	assertEquals( "<", vbScriptCodec.decode("\"<") );
-	}
-
-	public void testCSSDecode()
-	{
-        	assertEquals("<", cssCodec.decode("\\<") );
-	}
-
-	public void testCSSDecodeHexNoSpace()
-	{
-        	assertEquals("Axyz", cssCodec.decode("\\41xyz") );
-	}
-
-	public void testCSSDecodeZeroHexNoSpace()
-	{
-        	assertEquals("Aabc", cssCodec.decode("\\000041abc") );
-	}
-
-	public void testCSSDecodeHexSpace()
-	{
-        	assertEquals("Aabc", cssCodec.decode("\\41 abc") );
-	}
-
-	public void testCSSDecodeNL()
-	{
-        	assertEquals("abcxyz", cssCodec.decode("abc\\\nxyz") );
-	}
-
-	public void testCSSDecodeCRNL()
-	{
-        	assertEquals("abcxyz", cssCodec.decode("abc\\\r\nxyz") );
-	}
-
-	public void testMySQLANSIDecode()
-	{
-        	assertEquals( "\'", mySQLCodecANSI.decode("\'\'") );
-	}
-
-	public void testMySQLStandardDecode()
-	{
-        	assertEquals( "<", mySQLCodecStandard.decode("\\<") );
-	}
-
-	public void testOracleDecode()
-	{
-        	assertEquals( "\'", oracleCodec.decode("\'\'") );
-	}
-
-	public void testUnixDecode()
-	{
-        	assertEquals( "<", unixCodec.decode("\\<") );
-	}
-
-        public void testWindowsDecode()
-	{
-        	assertEquals( "<", windowsCodec.decode("^<") );
-	}
-	
-	public void testHtmlDecodeCharLessThan()
-	{
-        	assertEquals( LESS_THAN, htmlCodec.decodeCharacter(new PushbackString("&lt;")) );
-	}
-
-	public void testPercentDecodeChar()
-	{
-        	assertEquals( LESS_THAN, percentCodec.decodeCharacter(new PushbackString("%3c") ));
-	}
-
-        public void testJavaScriptDecodeCharBackSlashHex()
-	{
-        	assertEquals( LESS_THAN, javaScriptCodec.decodeCharacter(new PushbackString("\\x3c") ));
-	}
-        
-	public void testVBScriptDecodeChar()
-	{
-        	assertEquals( LESS_THAN, vbScriptCodec.decodeCharacter(new PushbackString("\"<") ));
-	}
-
-	public void testCSSDecodeCharBackSlashHex()
-	{
-        	assertEquals( LESS_THAN, cssCodec.decodeCharacter(new PushbackString("\\3c") ));
-	}
-
-	public void testMySQLANSIDecodCharQuoteQuote()
-	{
-        	assertEquals( SINGLE_QUOTE, mySQLCodecANSI.decodeCharacter(new PushbackString("\'\'") ));
-	}
-
-        public void testMySQLStandardDecodeCharBackSlashLessThan()
-	{
-        	assertEquals( LESS_THAN, mySQLCodecStandard.decodeCharacter(new PushbackString("\\<") ));
-	}
-
-	public void testOracleDecodeCharBackSlashLessThan()
-	{
-        	assertEquals( SINGLE_QUOTE, oracleCodec.decodeCharacter(new PushbackString("\'\'") ));
-	}
-
-        public void testUnixDecodeCharBackSlashLessThan()
-	{
-        	assertEquals( LESS_THAN, unixCodec.decodeCharacter(new PushbackString("\\<") ));
-	}
-
-        public void testWindowsDecodeCharCarrotLessThan()
-	{
-        	assertEquals( LESS_THAN, windowsCodec.decodeCharacter(new PushbackString("^<") ));
-	}
-}
diff --git a/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
new file mode 100644
index 000000000..869871c1c
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
@@ -0,0 +1,52 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Ignore;
+import org.junit.Test;
+
+public class HTMLEntityCodecTest {
+    Codec<Integer> codec = new HTMLEntityCodec();
+
+    @Test
+    public void testEntityDecoding(){
+        assertEquals("<", codec.decode("&lt;"));
+        assertEquals( "<", codec.decode("&LT"));
+        assertEquals( "<", codec.decode("&lt;"));
+        assertEquals( "<", codec.decode("&LT;"));
+    }
+
+    @Test
+    public void test32BitCJK(){
+        String s = "𡘾𦴩𥻂";
+        String expected = "&#x2163e;&#x26d29;&#x25ec2;";
+        String bad = "&#xd845;&#xde3e;&#xd85b;&#xdd29;&#xd857;&#xdec2;";
+        assertEquals(false, expected.equals(bad));
+        assertEquals(expected, codec.encode(new char[0], s));
+    }
+
+    @Test
+    public void test32BitCJKMixedWithBmp(){
+        String s = "𡘾𦴩<𥻂";
+        String expected = "&#x2163e;&#x26d29;&lt;&#x25ec2;";
+        String bad = "&#xd845;&#xde3e;&#xd85b;&#xdd29;&#xd857;&#xdec2;";
+        assertEquals(false, expected.equals(bad));
+        assertEquals(expected, codec.encode(new char[0], s));
+    }
+
+    @Test
+    public void testDecodeforChars(){
+        String s = "!@$%()=+{}[]";
+        String expected = "!@$%()=+{}[]";
+        assertEquals(expected, codec.decode(s));
+    }
+
+    @Test
+    public void testMixedBmpAndNonBmp(){
+        String nonBMP = new String(new int[]{0x2f804}, 0, 1);
+        String bmp = "<a";
+        String expected = "&lt;a&#x2f804;";
+        String input = bmp + nonBMP;
+        assertEquals(expected, codec.encode(new char[0], input));
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/HashTrieTest.java b/src/test/java/org/owasp/esapi/codecs/HashTrieTest.java
index b2db910d4..9b35a0479 100644
--- a/src/test/java/org/owasp/esapi/codecs/HashTrieTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/HashTrieTest.java
@@ -13,201 +13,201 @@
 
 public class HashTrieTest extends TestCase
 {
-	private static final Class<HashTrieTest> CLASS = HashTrieTest.class;
-
-	public HashTrieTest(String testName)
-	{
-		super(testName);
-	}
-
-	public void testSingleInsertLookup()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-
-		trie.put("true", Boolean.TRUE);
-		assertEquals(Boolean.TRUE, trie.get("true"));
-		assertNull(trie.get("not there"));
-		assertNull(trie.get("tru"));
-		assertNull(trie.get("trueX"));
-		assertEquals("true".length(), trie.getMaxKeyLength());
-	}
-
-	public void testEmpty()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-		assertNull(trie.get("true"));
-		assertNull(trie.get("false"));
-		assertNull(trie.get(""));
-		assertTrue(trie.getMaxKeyLength()<0);
-	}
-
-	public void testTwoInsertLookup()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-
-		trie.put("true", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-		assertEquals(Boolean.TRUE, trie.get("true"));
-		assertEquals(Boolean.FALSE, trie.get("false"));
-		assertEquals("false".length(),trie.getMaxKeyLength());
-	}
-
-	public void testMatchingPrefix()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-
-		trie.put("pretrue", Boolean.TRUE);
-		trie.put("prefalse", Boolean.FALSE);
-		assertEquals(Boolean.TRUE, trie.get("pretrue"));
-		assertEquals(Boolean.FALSE, trie.get("prefalse"));
-	}
-
-	public void testPrefixIsValidKey()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-
-		trie.put("pre", Boolean.TRUE);
-		trie.put("prefalse", Boolean.FALSE);
-		assertEquals(Boolean.TRUE, trie.get("pre"));
-		assertEquals(Boolean.FALSE, trie.get("prefalse"));
-	}
-
-	public void testDuplicateAdd()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-
-		assertNull(trie.put("dup", Boolean.TRUE));
-		assertTrue(trie.put("dup", Boolean.FALSE));
-		assertFalse(trie.get("dup"));
-	}
-
-	public void testTwoInsertLongestLookup()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-		Entry<CharSequence,Boolean> entry;
-
-		trie.put("true", Boolean.TRUE);
-		trie.put("true idea", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-
-		assertNotNull((entry = trie.getLongestMatch("true")));
-		assertEquals("true", entry.getKey());
-		assertTrue(entry.getValue());
-
-		assertNotNull((entry = trie.getLongestMatch("false")));
-		assertEquals("false", entry.getKey());
-		assertFalse(entry.getValue());
-
-		assertNotNull((entry = trie.getLongestMatch("truer")));
-		assertEquals("true", entry.getKey());
-		assertTrue(entry.getValue());
-
-		assertNotNull((entry = trie.getLongestMatch("true to form")));
-		assertEquals("true", entry.getKey());
-		assertTrue(entry.getValue());
-
-		assertNotNull((entry = trie.getLongestMatch("false result")));
-		assertEquals("false", entry.getKey());
-		assertFalse(entry.getValue());
-
-		assertNull(trie.getLongestMatch("not there"));
-		assertNull(trie.getLongestMatch("tru"));
-		assertNull(trie.getLongestMatch("fals"));
-	}
-
-	public void testContainsKey()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-
-		trie.put("true", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-		assertTrue(trie.containsKey("true"));
-		assertTrue(trie.containsKey("false"));
-		assertFalse(trie.containsKey("not there"));
-	}
-
-	public void testContainsValue()
-	{
-		HashTrie<Integer> trie = new HashTrie<Integer>();
-
-		trie.put("one", 1);
-		trie.put("two", 2);
-		assertTrue(trie.containsValue(1));
-		assertTrue(trie.containsValue(2));
-		assertFalse(trie.containsValue(3));
-	}
-
-	public void testKeySet()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-		HashSet<CharSequence> expected = new HashSet<CharSequence>(2);
-
-		expected.add("true");
-		expected.add("false");
-		trie.put("true", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-		assertEquals(expected,trie.keySet());
-	}
-
-	public void testValues()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-		ArrayList<Boolean> actual;
-		ArrayList<Boolean> expected = new ArrayList<Boolean>(2);
-
-		expected.add(Boolean.TRUE);
-		expected.add(Boolean.FALSE);
-		trie.put("true", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-		actual = new ArrayList<Boolean>(trie.values());
-		Collections.sort(actual);
-		Collections.sort(expected);
-		assertEquals(expected,actual);
-	}
-
-	public void testEntrySet()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-		HashMap<CharSequence,Boolean> equivMap = new HashMap<CharSequence,Boolean>(2);
-
-		equivMap.put("true",Boolean.TRUE);
-		equivMap.put("false",Boolean.FALSE);
-		trie.put("true", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-		assertEquals(equivMap.entrySet(),trie.entrySet());
-	}
-
-	public void testEquals()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-		HashMap<CharSequence,Boolean> equivMap = new HashMap<CharSequence,Boolean>(2);
-
-		equivMap.put("true",Boolean.TRUE);
-		equivMap.put("false",Boolean.FALSE);
-		trie.put("true", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-		assertTrue(trie.equals(equivMap));
-	}
-
-	public void testHashCode()
-	{
-		HashTrie<Boolean> trie = new HashTrie<Boolean>();
-		HashMap<CharSequence,Boolean> equivMap = new HashMap<CharSequence,Boolean>(2);
-
-		equivMap.put("true",Boolean.TRUE);
-		equivMap.put("false",Boolean.FALSE);
-		trie.put("true", Boolean.TRUE);
-		trie.put("false", Boolean.FALSE);
-		assertEquals(equivMap.hashCode(),trie.hashCode());
-	}
-
-	/**
-	 * Create a test suite with just this test.
-	 * @return A test swuite with just this test.
-	 */
-	public static Test suite()
-	{
-		TestSuite suite = new TestSuite(CLASS);
-		return suite;
-	}
+    private static final Class<HashTrieTest> CLASS = HashTrieTest.class;
+
+    public HashTrieTest(String testName)
+    {
+        super(testName);
+    }
+
+    public void testSingleInsertLookup()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+
+        trie.put("true", Boolean.TRUE);
+        assertEquals(Boolean.TRUE, trie.get("true"));
+        assertNull(trie.get("not there"));
+        assertNull(trie.get("tru"));
+        assertNull(trie.get("trueX"));
+        assertEquals("true".length(), trie.getMaxKeyLength());
+    }
+
+    public void testEmpty()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+        assertNull(trie.get("true"));
+        assertNull(trie.get("false"));
+        assertNull(trie.get(""));
+        assertTrue(trie.getMaxKeyLength()<0);
+    }
+
+    public void testTwoInsertLookup()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+
+        trie.put("true", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+        assertEquals(Boolean.TRUE, trie.get("true"));
+        assertEquals(Boolean.FALSE, trie.get("false"));
+        assertEquals("false".length(),trie.getMaxKeyLength());
+    }
+
+    public void testMatchingPrefix()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+
+        trie.put("pretrue", Boolean.TRUE);
+        trie.put("prefalse", Boolean.FALSE);
+        assertEquals(Boolean.TRUE, trie.get("pretrue"));
+        assertEquals(Boolean.FALSE, trie.get("prefalse"));
+    }
+
+    public void testPrefixIsValidKey()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+
+        trie.put("pre", Boolean.TRUE);
+        trie.put("prefalse", Boolean.FALSE);
+        assertEquals(Boolean.TRUE, trie.get("pre"));
+        assertEquals(Boolean.FALSE, trie.get("prefalse"));
+    }
+
+    public void testDuplicateAdd()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+
+        assertNull(trie.put("dup", Boolean.TRUE));
+        assertTrue(trie.put("dup", Boolean.FALSE));
+        assertFalse(trie.get("dup"));
+    }
+
+    public void testTwoInsertLongestLookup()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+        Entry<CharSequence,Boolean> entry;
+
+        trie.put("true", Boolean.TRUE);
+        trie.put("true idea", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+
+        assertNotNull((entry = trie.getLongestMatch("true")));
+        assertEquals("true", entry.getKey());
+        assertTrue(entry.getValue());
+
+        assertNotNull((entry = trie.getLongestMatch("false")));
+        assertEquals("false", entry.getKey());
+        assertFalse(entry.getValue());
+
+        assertNotNull((entry = trie.getLongestMatch("truer")));
+        assertEquals("true", entry.getKey());
+        assertTrue(entry.getValue());
+
+        assertNotNull((entry = trie.getLongestMatch("true to form")));
+        assertEquals("true", entry.getKey());
+        assertTrue(entry.getValue());
+
+        assertNotNull((entry = trie.getLongestMatch("false result")));
+        assertEquals("false", entry.getKey());
+        assertFalse(entry.getValue());
+
+        assertNull(trie.getLongestMatch("not there"));
+        assertNull(trie.getLongestMatch("tru"));
+        assertNull(trie.getLongestMatch("fals"));
+    }
+
+    public void testContainsKey()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+
+        trie.put("true", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+        assertTrue(trie.containsKey("true"));
+        assertTrue(trie.containsKey("false"));
+        assertFalse(trie.containsKey("not there"));
+    }
+
+    public void testContainsValue()
+    {
+        HashTrie<Integer> trie = new HashTrie<Integer>();
+
+        trie.put("one", 1);
+        trie.put("two", 2);
+        assertTrue(trie.containsValue(1));
+        assertTrue(trie.containsValue(2));
+        assertFalse(trie.containsValue(3));
+    }
+
+    public void testKeySet()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+        HashSet<CharSequence> expected = new HashSet<CharSequence>(2);
+
+        expected.add("true");
+        expected.add("false");
+        trie.put("true", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+        assertEquals(expected,trie.keySet());
+    }
+
+    public void testValues()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+        ArrayList<Boolean> actual;
+        ArrayList<Boolean> expected = new ArrayList<Boolean>(2);
+
+        expected.add(Boolean.TRUE);
+        expected.add(Boolean.FALSE);
+        trie.put("true", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+        actual = new ArrayList<Boolean>(trie.values());
+        Collections.sort(actual);
+        Collections.sort(expected);
+        assertEquals(expected,actual);
+    }
+
+    public void testEntrySet()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+        HashMap<CharSequence,Boolean> equivMap = new HashMap<CharSequence,Boolean>(2);
+
+        equivMap.put("true",Boolean.TRUE);
+        equivMap.put("false",Boolean.FALSE);
+        trie.put("true", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+        assertEquals(equivMap.entrySet(),trie.entrySet());
+    }
+
+    public void testEquals()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+        HashMap<CharSequence,Boolean> equivMap = new HashMap<CharSequence,Boolean>(2);
+
+        equivMap.put("true",Boolean.TRUE);
+        equivMap.put("false",Boolean.FALSE);
+        trie.put("true", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+        assertTrue(trie.equals(equivMap));
+    }
+
+    public void testHashCode()
+    {
+        HashTrie<Boolean> trie = new HashTrie<Boolean>();
+        HashMap<CharSequence,Boolean> equivMap = new HashMap<CharSequence,Boolean>(2);
+
+        equivMap.put("true",Boolean.TRUE);
+        equivMap.put("false",Boolean.FALSE);
+        trie.put("true", Boolean.TRUE);
+        trie.put("false", Boolean.FALSE);
+        assertEquals(equivMap.hashCode(),trie.hashCode());
+    }
+
+    /**
+     * Create a test suite with just this test.
+     * @return A test swuite with just this test.
+     */
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite(CLASS);
+        return suite;
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/codecs/MySQLCodecTest.java b/src/test/java/org/owasp/esapi/codecs/MySQLCodecTest.java
new file mode 100644
index 000000000..f6cca0645
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/MySQLCodecTest.java
@@ -0,0 +1,366 @@
+package org.owasp.esapi.codecs;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.hamcrest.Matcher;
+import org.hamcrest.core.IsEqual;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ErrorCollector;
+import org.junit.rules.ExpectedException;
+import org.mockito.Mockito;
+import org.owasp.esapi.codecs.MySQLCodec.Mode;
+import org.powermock.reflect.Whitebox;
+/**
+ * Tests to show {@link MySQLCodec} with {@link Mode#ANSI}
+ * comply with the OWASP Escaping recommendations
+ *
+ * https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping
+ *
+ */
+public class MySQLCodecTest {
+    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
+    private static  Map<Character, String> ANSI_ESCAPES;
+    private static  Map<Character, String> STANDARD_ESCAPES;
+
+    private static final InclusiveRangePair NUMBER_CHAR_RANGE = new InclusiveRangePair(48,57);
+    private static final InclusiveRangePair UPPER_CHAR_RANGE = new InclusiveRangePair(65,90);
+    private static final InclusiveRangePair LOWER_CHAR_RANGE = new InclusiveRangePair(97,122);
+
+    private MySQLCodec uitAnsi = new MySQLCodec(Mode.ANSI);
+    private MySQLCodec uitMySqlStandard = new MySQLCodec(Mode.STANDARD);
+
+
+    @Rule
+    public ErrorCollector errorCollector = new ErrorCollector();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+
+    @BeforeClass
+    public static void createCodecEscapeMaps () {
+        Map<Character, String> escapesStd = new HashMap<>();
+        escapesStd.put( (char)0x00,  "\\0");
+        escapesStd.put( (char)0x08,  "\\b");
+        escapesStd.put( (char)0x09,  "\\t");
+        escapesStd.put( (char)0x0a,  "\\n");
+        escapesStd.put( (char)0x0d,  "\\r");
+        escapesStd.put( (char)0x1a,  "\\Z");
+        escapesStd.put( (char)0x22,  "\\\"");
+        escapesStd.put( (char)0x25,  "\\%");
+        escapesStd.put( (char)0x27,  "\\'");
+        escapesStd.put( (char)0x5c,  "\\\\");
+        escapesStd.put( (char)0x5f,  "\\_");
+
+        Map<Character, String> escapesAnsi = new HashMap<>();
+        escapesAnsi.put( '\'',  "\'\'");
+
+        STANDARD_ESCAPES = escapesStd;
+        ANSI_ESCAPES = escapesAnsi;
+    }
+
+    /**
+     * ANSI
+     * Test showing that for characters up to 256, the only encoded value is the single tick.
+     *
+     * when the single tick is encoded, it is updated to be double tick.  All other characters remain unchanged.
+     */
+    @Test
+    public void testAnsiEncodeTo256() {
+        for (int ref = 0 ; ref < 256; ref ++) {
+            char refChar = (char) ref;
+            boolean shouldEscape = ANSI_ESCAPES.containsKey(refChar);
+
+
+            String charAsString = "" + refChar;
+            String expected = charAsString;
+            String encodeMsg = String.format("%s (%s) should not be altered when Encoded through the ANSI MySQLCodec", charAsString, ref);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when DECODED through the ANSI MySQLCodec", charAsString, ref, expected);
+            if (shouldEscape) {
+                expected = ANSI_ESCAPES.get(refChar);
+                encodeMsg = String.format("%s (%s) should have been escaped when Encoded through the ANSI MySQLCodec", charAsString, ref);
+            }
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitAnsi.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitAnsi.decode(expected), decodeExpect);
+        }
+    }
+    @Test
+    public void testAnsiEncodeWithImmuneSet() {
+        //The only value that is encoded is single tick. The immunity list does not impact normal capability in ANSI mode
+        char[] immuneChars = new char[] {15, 91,150, 255};
+
+        for (char refChar : immuneChars) {
+            int ref = refChar;
+            String charAsString = "" + refChar;
+            String expected =  charAsString;
+            String encodeMsg = String.format("%s (%s) should not be escaped when in the immunity list provided to Encoded through the ANSI MySQLCodec", charAsString, refChar);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the ANSI MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitAnsi.encode(immuneChars, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitAnsi.decode(expected), decodeExpect);
+        }
+    }
+    /** Upper case letters should not be mutated by the implementation.*/
+    @Test
+    public void testStandardEncodeUpperCaseRange() {
+        performStandardNonEscapeTest(UPPER_CHAR_RANGE);
+    }
+    /** Lower case letters should not be mutated by the implementation.*/
+    @Test
+    public void testStandardEncodeLowerCaseRange() {
+        performStandardNonEscapeTest(LOWER_CHAR_RANGE);
+    }
+    /** Numbers should not be mutated by the implementation.*/
+    @Test
+    public void testStandardEncodeNumbersRange() {
+        performStandardNonEscapeTest(NUMBER_CHAR_RANGE);
+    }
+
+    /**
+     * Helper function for iterating a defined range of values and asserting encoded references are not mutated.
+     * @param range {@link InclusiveRangePair} reference to verify
+     */
+    private void performStandardNonEscapeTest(InclusiveRangePair range) {
+        for (int ref = range.getLowerLimit() ; ref <= range.getUpperLimit(); ref ++) {
+            char refChar = (char) ref;
+            String charAsString = "" + refChar;
+            String expected = charAsString;
+            String encodeMsg = String.format("%s (%s) should not be changed when Encoded through the Standard MySQLCodec", charAsString, ref);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);
+        }
+    }
+
+    /**
+     * Tests that any value under 256 that is not a number, upper case letter, lower case letter, or a special-encoding object is prefixed by a backslash when encoded
+     * by a STANDARD MySQLCodec implementation
+     */
+    @Test
+    public void testStandardEncodeNonAlphaNumeric() {
+        for (int ref = 0; ref < 256 ; ref ++) {
+            char refChar = (char) ref;
+            if (NUMBER_CHAR_RANGE.contains(ref) || LOWER_CHAR_RANGE.contains(ref) || UPPER_CHAR_RANGE.contains(ref) || STANDARD_ESCAPES.keySet().contains(refChar)) {
+                continue;
+            }
+            String charAsString = "" + refChar;
+            String expected = "\\" + charAsString;
+            String encodeMsg = String.format("%s (%s) should have been escaped when Encoded through the Standard MySQLCodec", charAsString, refChar);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);
+
+        }
+    }
+
+    @Test
+    public void testStandardEncodeWithImmuneSet() {
+        //These values normally fall under the encodeNonAlphaNumeric test content.
+        char[] immuneChars = new char[] {15, 91,150, 255};
+
+        for (char refChar : immuneChars) {
+            int ref = refChar;
+            String charAsString = "" + refChar;
+          //Typically, we should expect the encode to be the original value prefixed by two backslashes.
+            String expected =  charAsString;
+            String encodeMsg = String.format("%s (%s) should not be escaped when in the immunity list provided to Encoded through the Standard MySQLCodec", charAsString, refChar);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(immuneChars, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);
+        }
+    }
+    /**
+     * Asserts that predefined specialty escape sequences are provided when encoded.
+     */
+    @Test
+    public void testStandardEncodeEscapeSet() {
+        for (Character refChar : STANDARD_ESCAPES.keySet()) {
+            String charAsString = "" + refChar;
+            String expected = STANDARD_ESCAPES.get(refChar);
+            String encodeMsg = String.format("%s (%s) should have been escaped when Encoded through the Standard MySQLCodec", charAsString, (int) refChar.charValue());
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, (int) refChar.charValue(), expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);
+        }
+    }
+
+    /**
+     * If the first element in the {@link PushbackSequence} is null, then null is expected.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNullFirstElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn(null);
+
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(1)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+
+    }
+
+    /**
+     * If the first character is a single tick, and the second character is null, null is expected
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNullSecondElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\'').thenReturn(null);
+
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+
+    }
+
+    /**
+     * If the first character is a single tick and the second character is NOT a single tick (escaped tick), then null is expected.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNonTickSecondElmentReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\'').thenReturn('A');
+
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+
+    }
+    /**
+     * If two single ticks are read in sequence, a single tick is expected.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceReturnsSingleTick() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\'').thenReturn('\'');
+
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertEquals('\'', decChar.charValue());
+
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(0)).reset();
+
+    }
+
+    /**
+     * If the first character is not a single tick, null is returned.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNonTickFirstElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('A');
+
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(1)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+
+    }
+
+    /**
+     * If the first character is null, null is expected
+     */
+    @Test
+    public void testStandardDecodePushbackSequenceNullFirstElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn(null);
+
+        Character decChar = uitMySqlStandard.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(1)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+
+    }
+    /**
+     * If the first character is a backslash, and the second character is null, null is expected
+     */
+    @Test
+    public void testStandardDecodePushbackSequenceNullSecondElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\\').thenReturn(null);
+
+        Character decChar = uitMySqlStandard.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+
+    }
+
+    @Test
+    public void testCreateAnsiByInt() {
+        MySQLCodec codec = new MySQLCodec(MySQLCodec.ANSI_MODE);
+        Object configMode = Whitebox.getInternalState(codec, "mode");
+        Assert.assertEquals(Mode.ANSI, configMode);
+    }
+
+    @Test
+    public void testCreateStandardByInt() {
+        MySQLCodec codec = new MySQLCodec(MySQLCodec.MYSQL_MODE);
+        Object configMode = Whitebox.getInternalState(codec, "mode");
+        Assert.assertEquals(Mode.STANDARD, configMode);
+    }
+
+    @Test
+    public void testCreateUnsupportedModeByInt() {
+        exEx.expect(IllegalArgumentException.class);
+        String message = String.format("No Mode for %s. Valid references are MySQLStandard: %s or ANSI: %s", Integer.MIN_VALUE, MySQLCodec.MYSQL_MODE, MySQLCodec.ANSI_MODE);
+        exEx.expectMessage(message);
+        new MySQLCodec(Integer.MIN_VALUE);
+
+    }
+    private static class InclusiveRangePair {
+        private final int upperInclusive;
+        private final int lowerInclusive;
+
+        public InclusiveRangePair (int minValueAllowed,int maxValueAllowed) {
+            upperInclusive = maxValueAllowed;
+            lowerInclusive = minValueAllowed;
+        }
+
+        public boolean contains (int value) {
+            return value >= lowerInclusive && value <= upperInclusive;
+        }
+
+        public int getUpperLimit() {
+            return upperInclusive;
+        }
+
+        public int getLowerLimit() {
+            return lowerInclusive;
+        }
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecTest.java
new file mode 100644
index 000000000..5cc9f261b
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/PercentCodecTest.java
@@ -0,0 +1,16 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class PercentCodecTest {
+
+    @Test
+    public void testPercentDecode(){
+        Codec codec = new PercentCodec();
+
+        String expected = " ";
+        assertEquals(expected, codec.decode("%20"));
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/PushBackStringTest.java b/src/test/java/org/owasp/esapi/codecs/PushBackStringTest.java
new file mode 100644
index 000000000..1f7ad61fd
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/PushBackStringTest.java
@@ -0,0 +1,41 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class PushBackStringTest {
+
+    @Test
+    public void testPushbackString() {
+        PushbackSequence<Character> pbs = new PushbackString("012345");
+
+        pbs.mark();
+        assertEquals(0, pbs.index());
+        Character first = pbs.next();
+
+        System.out.println("0x" + Integer.toHexString(first));
+
+        assertEquals("0", new StringBuilder().appendCodePoint(first).toString());
+    }
+
+    @Test
+    public void testPushbackSequence() {
+        AbstractPushbackSequence<Integer> pbs = new PushBackSequenceImpl("&#49;2345");
+
+        pbs.mark();
+        assertEquals(0, pbs.index());
+        Integer first = pbs.next();
+
+        System.out.println("0x" + Integer.toHexString(first));
+
+        assertEquals("&", new StringBuilder().appendCodePoint(first).toString());
+
+        Integer second = pbs.next();
+
+        if(second == '#'){
+            System.out.printf("[%d]:[%d]\n", second, (int) '#');
+
+        }
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/XMLEntityCodecTest.java b/src/test/java/org/owasp/esapi/codecs/XMLEntityCodecTest.java
index 10424c67c..801d33f3d 100644
--- a/src/test/java/org/owasp/esapi/codecs/XMLEntityCodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/XMLEntityCodecTest.java
@@ -1,15 +1,15 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2009 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  */
 package org.owasp.esapi.codecs;
 
@@ -25,229 +25,229 @@
 
 public class XMLEntityCodecTest extends TestCase
 {
-	private static final char[] EMPTY_CHAR_ARRAY = new char[0];
-	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-	private static final String UNENCODED_STR = ALPHA_NUMERIC_STR + " \t";
-	private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
-	private XMLEntityCodec codec = null;
-
-	protected void setUp()
-	{
-		codec = new XMLEntityCodec();
-	}
-
-	protected void tearDown()
-	{
-		codec = null;
-	}
-
-	public void testEncodeUnencoded()
-	{
-		StringBuilder sb = new StringBuilder("AB_YZ");
-		String str;
-
-		for(char ch : UNENCODED_SET)
-		{
-			sb.setCharAt(2,ch);
-			str = sb.toString();
-			assertEquals(str, codec.encode(EMPTY_CHAR_ARRAY, str));
-		}
-	}
-
-	public void testEncodeOthers()
-	{
-		StringBuilder inSb = new StringBuilder("AB_YZ");
-		StringBuilder outSb = new StringBuilder("AB&#x");
-		String in;
-		String expected;
-		String result;
-		int outSbBaseLen = outSb.length();
-		String out;
-
-		for(int c=Character.MIN_VALUE;c<=Character.MAX_VALUE;c++)
-		{
-			char ch = (char)c;
-			if(UNENCODED_SET.contains(ch))
-				continue;
-			inSb.setCharAt(2,ch);
-			in = inSb.toString();
-			outSb.append(Integer.toHexString(c));
-			outSb.append(";YZ");
-			expected = outSb.toString();
-			result = codec.encode(EMPTY_CHAR_ARRAY,in);
-			assertEquals(expected, result);
-			outSb.setLength(outSbBaseLen);
-		}
-	}
-
-	public void testDecodeUnencoded()
-	{
-		StringBuilder sb = new StringBuilder("AB_YZ");
-		String str;
-
-		for(char ch : UNENCODED_SET)
-		{
-			sb.setCharAt(2,ch);
-			str = sb.toString();
-			assertEquals(str, codec.decode(str));
-		}
-	}
-
-	public void testDecodeHex()
-	{
-		StringBuilder expectedSb = new StringBuilder("AB_YZ");
-		StringBuilder inSb = new StringBuilder("AB&#x");
-		String in;
-		String expected;
-		String result;
-		int inSbBaseLen = inSb.length();
-
-		for(int c=Character.MIN_VALUE;c<=Character.MAX_VALUE;c++)
-		{
-			char ch = (char)c;
-			expectedSb.setCharAt(2,ch);
-			expected = expectedSb.toString();
-			inSb.append(Integer.toHexString(c));
-			inSb.append(";YZ");
-			in = inSb.toString();
-			result = codec.decode(in);
-			assertEquals(expected, result);
-			inSb.setLength(inSbBaseLen);
-		}
-	}
-
-	public void testDecodeDec()
-	{
-		StringBuilder expectedSb = new StringBuilder("AB_YZ");
-		StringBuilder inSb = new StringBuilder("AB&#");
-		String in;
-		String expected;
-		String result;
-		int inSbBaseLen = inSb.length();
-
-		for(int c=Character.MIN_VALUE;c<=Character.MAX_VALUE;c++)
-		{
-			char ch = (char)c;
-			expectedSb.setCharAt(2,ch);
-			expected = expectedSb.toString();
-			inSb.append(Integer.toString(c));
-			inSb.append(";YZ");
-			in = inSb.toString();
-			result = codec.decode(in);
-			assertEquals(expected, result);
-			inSb.setLength(inSbBaseLen);
-		}
-	}
-
-	public void testDecodeLt()
-	{
-		String in = "AB&lt;YZ";
-		String expected = "AB<YZ";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeGt()
-	{
-		String in = "AB&gt;YZ";
-		String expected = "AB>YZ";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeAmp()
-	{
-		String in = "AB&amp;YZ";
-		String expected = "AB&YZ";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeApos()
-	{
-		String in = "AB&apos;YZ";
-		String expected = "AB'YZ";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeQuot()
-	{
-		String in = "AB&quot;YZ";
-		String expected = "AB\"YZ";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedTail()
-	{
-		String in = "AB&quot;";
-		String expected = "AB\"";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedHead()
-	{
-		String in = "&quot;YZ";
-		String expected = "\"YZ";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedLone()
-	{
-		String in = "&quot;";
-		String expected = "\"";
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedNoSemiColonTail()
-	{
-		String in = "AB&quot";
-		String expected = in;
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedNoSemiColonHead()
-	{
-		String in = "&quotYZ";
-		String expected = in;
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedNoSemiColonLone()
-	{
-		String in = "&quot";
-		String expected = in;
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedInvalidTail()
-	{
-		String in = "AB&pound;";
-		String expected = in;
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedInvalidHead()
-	{
-		String in = "&pound;YZ";
-		String expected = in;
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
-
-	public void testDecodeNamedInvalidLone()
-	{
-		String in = "&pound;";
-		String expected = in;
-		String result = codec.decode(in);
-		assertEquals(expected,result);
-	}
+    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
+    private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+    private static final String UNENCODED_STR = ALPHA_NUMERIC_STR + " \t";
+    private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
+    private XMLEntityCodec codec = null;
+
+    protected void setUp()
+    {
+        codec = new XMLEntityCodec();
+    }
+
+    protected void tearDown()
+    {
+        codec = null;
+    }
+
+    public void testEncodeUnencoded()
+    {
+        StringBuilder sb = new StringBuilder("AB_YZ");
+        String str;
+
+        for(char ch : UNENCODED_SET)
+        {
+            sb.setCharAt(2,ch);
+            str = sb.toString();
+            assertEquals(str, codec.encode(EMPTY_CHAR_ARRAY, str));
+        }
+    }
+
+    public void testEncodeOthers()
+    {
+        StringBuilder inSb = new StringBuilder("AB_YZ");
+        StringBuilder outSb = new StringBuilder("AB&#x");
+        String in;
+        String expected;
+        String result;
+        int outSbBaseLen = outSb.length();
+        String out;
+
+        for(int c=Character.MIN_VALUE;c<=Character.MAX_VALUE;c++)
+        {
+            char ch = (char)c;
+            if(UNENCODED_SET.contains(ch))
+                continue;
+            inSb.setCharAt(2,ch);
+            in = inSb.toString();
+            outSb.append(Integer.toHexString(c));
+            outSb.append(";YZ");
+            expected = outSb.toString();
+            result = codec.encode(EMPTY_CHAR_ARRAY,in);
+            assertEquals(expected, result);
+            outSb.setLength(outSbBaseLen);
+        }
+    }
+
+    public void testDecodeUnencoded()
+    {
+        StringBuilder sb = new StringBuilder("AB_YZ");
+        String str;
+
+        for(char ch : UNENCODED_SET)
+        {
+            sb.setCharAt(2,ch);
+            str = sb.toString();
+            assertEquals(str, codec.decode(str));
+        }
+    }
+
+    public void testDecodeHex()
+    {
+        StringBuilder expectedSb = new StringBuilder("AB_YZ");
+        StringBuilder inSb = new StringBuilder("AB&#x");
+        String in;
+        String expected;
+        String result;
+        int inSbBaseLen = inSb.length();
+
+        for(int c=Character.MIN_VALUE;c<=Character.MAX_VALUE;c++)
+        {
+            char ch = (char)c;
+            expectedSb.setCharAt(2,ch);
+            expected = expectedSb.toString();
+            inSb.append(Integer.toHexString(c));
+            inSb.append(";YZ");
+            in = inSb.toString();
+            result = codec.decode(in);
+            assertEquals(expected, result);
+            inSb.setLength(inSbBaseLen);
+        }
+    }
+
+    public void testDecodeDec()
+    {
+        StringBuilder expectedSb = new StringBuilder("AB_YZ");
+        StringBuilder inSb = new StringBuilder("AB&#");
+        String in;
+        String expected;
+        String result;
+        int inSbBaseLen = inSb.length();
+
+        for(int c=Character.MIN_VALUE;c<=Character.MAX_VALUE;c++)
+        {
+            char ch = (char)c;
+            expectedSb.setCharAt(2,ch);
+            expected = expectedSb.toString();
+            inSb.append(Integer.toString(c));
+            inSb.append(";YZ");
+            in = inSb.toString();
+            result = codec.decode(in);
+            assertEquals(expected, result);
+            inSb.setLength(inSbBaseLen);
+        }
+    }
+
+    public void testDecodeLt()
+    {
+        String in = "AB&lt;YZ";
+        String expected = "AB<YZ";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeGt()
+    {
+        String in = "AB&gt;YZ";
+        String expected = "AB>YZ";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeAmp()
+    {
+        String in = "AB&amp;YZ";
+        String expected = "AB&YZ";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeApos()
+    {
+        String in = "AB&apos;YZ";
+        String expected = "AB'YZ";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeQuot()
+    {
+        String in = "AB&quot;YZ";
+        String expected = "AB\"YZ";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedTail()
+    {
+        String in = "AB&quot;";
+        String expected = "AB\"";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedHead()
+    {
+        String in = "&quot;YZ";
+        String expected = "\"YZ";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedLone()
+    {
+        String in = "&quot;";
+        String expected = "\"";
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedNoSemiColonTail()
+    {
+        String in = "AB&quot";
+        String expected = in;
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedNoSemiColonHead()
+    {
+        String in = "&quotYZ";
+        String expected = in;
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedNoSemiColonLone()
+    {
+        String in = "&quot";
+        String expected = in;
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedInvalidTail()
+    {
+        String in = "AB&pound;";
+        String expected = in;
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedInvalidHead()
+    {
+        String in = "&pound;YZ";
+        String expected = in;
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
+
+    public void testDecodeNamedInvalidLone()
+    {
+        String in = "&pound;";
+        String expected = in;
+        String result = codec.decode(in);
+        assertEquals(expected,result);
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
new file mode 100644
index 000000000..6e77f5a6d
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
@@ -0,0 +1,103 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
+package org.owasp.esapi.codecs.abstraction;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.Arrays;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.PushbackString;
+
+
+/**
+ * Abstract parameterized test case meant to assist with verifying Character api of a Codec implementation.
+ * <br/>
+ * Sub-classes are expected to provide instances of {@link CodecCharacterTestTuple} to this instance.
+ * <br/>
+ * For better test naming output specify {@link CodecCharacterTestTuple#description} and use <code> @Parameters (name="{0}")</code>,
+ * where '0' is the index that the CodecCharacterTestTuple reference appears in the constructor.
+ */
+@RunWith(Parameterized.class)
+public abstract class AbstractCodecCharacterTest {
+
+    /** Test Data Tuple.*/
+    protected static class CodecCharacterTestTuple {
+        /** Codec reference to be tested.*/
+        public Codec codec;
+        /** Set of characters that should be considered 'immune' from decoding processes.*/
+        public char[] encodeImmune;
+        /** A String representing a single encoded character.*/
+        public String input;
+        /** The single character that input represents.*/
+        public Character decodedValue;
+        /** Optional field to override the toString value of this tuple. */
+        public String description;
+
+        /**Default public constructor.*/
+        public CodecCharacterTestTuple() { /* No Op*/ }
+        /** {@inheritDoc}*/
+        @Override
+        public String toString() {
+            return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
+        }
+    }
+
+
+    protected final Codec codec;
+    protected final String input;
+    protected final char[] encodeImmune;
+    protected final Character decodedValue;
+
+    public AbstractCodecCharacterTest(CodecCharacterTestTuple tuple) {
+        this.codec = tuple.codec;
+        this.input = tuple.input;
+        this.decodedValue = tuple.decodedValue;
+        this.encodeImmune = tuple.encodeImmune;
+    }
+
+    /** Checks that the input value matches the result of the codec encoding the decoded value.  */
+    @Test
+    public void testEncodeCharacter() {
+        assertEquals(input, codec.encodeCharacter(encodeImmune, decodedValue));
+    }
+
+    /** Checks encoding the character as a String.
+     * <br/>
+     * If the decoded value is in the immunity list, the the decoded value should be returned from the encode call.
+     * Otherwise, input is expected as the return.
+     */
+    @Test
+    public void testEncode() {
+        String expected = Arrays.asList(encodeImmune).contains(decodedValue) ? decodedValue.toString() : input;
+        assertEquals(expected, codec.encode(encodeImmune, decodedValue.toString()));
+    }
+
+    /**  Checks that decoding the input value yields the decodedValue.*/
+    @Test
+    public void testDecode() {
+         assertEquals(decodedValue.toString(), codec.decode(input));
+    }
+
+    /** Checks that the encoded input String is correctly decoded to the single decodedValue character reference.*/
+    @Test
+    public void testDecodePushbackSequence() {
+        assertEquals(decodedValue, codec.decodeCharacter(new PushbackString(input)));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
new file mode 100644
index 000000000..b3a8b9a95
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
@@ -0,0 +1,82 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
+package org.owasp.esapi.codecs.abstraction;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.owasp.esapi.codecs.Codec;
+
+
+/**
+ * Abstract parameterized test case meant to assist with verifying String api of a Codec implementation.
+ * <br/>
+ * Sub-classes are expected to provide instances of {@link CodecStringTestTuple} to this instance.
+ * <br/>
+ * For better test naming output specify {@link CodecStringTestTuple#description} and use <code> @Parameters (name="{0}")</code>,
+ * where '0' is the index that the CodecStringTestTuple reference appears in the constructor.
+ */
+@RunWith(Parameterized.class)
+public abstract class AbstractCodecStringTest {
+
+    protected static class CodecStringTestTuple {
+        /** Codec reference to be tested.*/
+        public Codec codec;
+        /** Set of characters that should be considered 'immune' from decoding processes.*/
+        public char[] encodeImmune;
+        /** A String representing a contextually encoded String.*/
+        public String input;
+        /** The decoded representation of the input value.*/
+        public String decodedValue;
+        /** Optional field to override the toString value of this tuple. */
+        public String description;
+
+        /**Default public constructor.*/
+        public CodecStringTestTuple() { /* No Op*/ }
+
+        /** {@inheritDoc}*/
+        @Override
+        public String toString() {
+            return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
+        }
+    }
+    private final Codec codec;
+    private final String input;
+    private final char[] encodeImmune;
+    private final String decodedValue;
+
+    public AbstractCodecStringTest(CodecStringTestTuple tuple) {
+        this.codec = tuple.codec;
+        this.input = tuple.input;
+        this.decodedValue = tuple.decodedValue;
+        this.encodeImmune = tuple.encodeImmune;
+    }
+
+
+    /** Checks that when the input is decoded using the specified codec, that the return matches the expected decoded value.*/
+    @Test
+    public void testDecode() {
+        assertEquals(decodedValue, codec.decode(input));
+    }
+
+    /** Checks that when the decoded value is encoded (using immunity), that the return matches the provided input.*/
+    @Test
+    public void testEncode() {
+        assertEquals(input, codec.encode(encodeImmune, decodedValue));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
new file mode 100644
index 000000000..f80f771c0
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
@@ -0,0 +1,108 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
+package org.owasp.esapi.codecs.percent;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.junit.Test;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.codecs.PercentCodec;
+import org.owasp.esapi.codecs.PushbackString;
+import org.owasp.esapi.codecs.abstraction.AbstractCodecCharacterTest;
+
+/**
+ *  Codec validation focused on the PercentCodec Character-based api.
+ *
+ */
+public class PercentCodecCharacterTest extends AbstractCodecCharacterTest {
+    @Parameters(name = "{0}")
+    public static Collection<Object[]> buildTests() {
+        Collection<Object[]> tests = new ArrayList<>();
+        Collection<CodecCharacterTestTuple> tuples = new ArrayList<>();
+
+        tuples.add(newTuple("%3C", Character.valueOf('<')));
+
+        tuples.add(newTuple("%00", Character.MIN_VALUE));
+        tuples.add(newTuple("%3D", '='));
+        tuples.add(newTuple("%26", '&'));
+
+        for (char c : PERCENT_CODEC_IMMUNE) {
+            tuples.add(newTuple(Character.toString(c), c));
+        }
+
+        for (CodecCharacterTestTuple tuple : tuples) {
+            tests.add(new Object[] { tuple });
+        }
+
+        return tests;
+    }
+
+    private static CodecCharacterTestTuple newTuple(String encodedInput, Character decoded) {
+        CodecCharacterTestTuple tuple = new CodecCharacterTestTuple();
+        tuple.codec = new PercentCodec();
+        tuple.encodeImmune = PERCENT_CODEC_IMMUNE;
+        tuple.decodedValue = decoded;
+        tuple.input = encodedInput;
+
+        return tuple;
+    }
+
+    public PercentCodecCharacterTest(CodecCharacterTestTuple tuple) {
+        super(tuple);
+    }
+
+    @Override
+    @Test
+    public void testDecodePushbackSequence() {
+        // check duplicated from PushbackSequence handling in PercentCodec.
+        boolean inputIsEncoded = input.startsWith("%");
+
+        if (inputIsEncoded) {
+            assertInputIsDecodedToValue();
+        } else {
+            assertInputIsDecodedToNull();
+        }
+    }
+
+    /**
+     * tests that when Input is decoded through a PushbackString that the decodedValue reference is returned and that
+     * the PushbackString index has incremented.
+     */
+    @SuppressWarnings("unchecked")
+    private void assertInputIsDecodedToValue() {
+        PushbackString pbs = new PushbackString(input);
+        int startIndex = pbs.index();
+        assertEquals(decodedValue, codec.decodeCharacter(pbs));
+        assertTrue(startIndex < pbs.index());
+    }
+
+    /**
+     * tests that when Input is decoded through a PushbackString that null is returned and that the PushbackString index
+     * remains unchanged.
+     */
+    @SuppressWarnings("unchecked")
+    private void assertInputIsDecodedToNull() {
+        PushbackString pbs = new PushbackString(input);
+        int startIndex = pbs.index();
+        assertEquals(null, codec.decodeCharacter(pbs));
+        assertEquals(startIndex, pbs.index());
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
new file mode 100644
index 000000000..215070837
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
@@ -0,0 +1,56 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
+package org.owasp.esapi.codecs.percent;
+
+import static org.junit.Assert.assertEquals;
+import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
+
+import org.junit.Test;
+import org.owasp.esapi.codecs.PercentCodec;
+/**
+ * This test class holds the proof of known deficiencies, inconsistencies, or bugs with the PercentCodec implementation.
+ * <br/>
+ * The intent is that when that functionality is corrected, these tests should break. That should hopefully encourage
+ * the author to move the test to an appropriate Test file and update the functionality to a working expectation.
+ */
+public class PercentCodecKnownIssuesTest {
+
+    private PercentCodec codec = new PercentCodec();
+
+    /**
+     * PercentCodec has not been fully implemented for codepoint support, which handles UTF16 characters (based on my current understanding).
+     * As such, the encoding/decoding of UTF16 will not function as desired through the codec implementation.
+     * <br/>
+     * When the functionality is corrected this test will break. At that point UTF16 tests should be added to {@link PercentCodecStringTest} and {@link PercentCodecCharacterTest}.
+     */
+    @Test
+    public void failsUTF16Conversions() {
+        //This should be 195
+        int incorrectDecodeExpect = 196;
+
+        char[] encodeImmune = PERCENT_CODEC_IMMUNE;
+        String decodedValue = ""+(char) 0x100;
+        String input = "%C4%80";
+
+        String actualDecodeChar = codec.decode(input);
+        int actualChar = (int)actualDecodeChar.charAt(0);
+
+        assertEquals(incorrectDecodeExpect, actualChar);
+
+        //This works as expected.
+        assertEquals(input, codec.encode(encodeImmune, decodedValue));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
new file mode 100644
index 000000000..57277b1d2
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
@@ -0,0 +1,95 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
+package org.owasp.esapi.codecs.percent;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.codecs.PercentCodec;
+import org.owasp.esapi.codecs.abstraction.AbstractCodecStringTest;
+
+/**
+ *  Codec validation focused on the PercentCodec String-based api.
+ *
+ */
+public class PercentCodecStringTest extends AbstractCodecStringTest {
+    public static final char[] PERCENT_CODEC_IMMUNE;
+
+    static {
+        /*
+         * The percent codec contains a unique immune character set which include letters and numbers that will not be transformed.
+         *
+         * It is being replicated here to allow the test to reasonably expect the correct state back.
+         */
+        List<Character> immune = new ArrayList<>();
+        // 65 - 90 (capital letters in ASCII) 97 - 122 lower case 48 - 57 digits
+        //numbers
+        for (int index = 48 ; index < 58; index ++) {
+            immune.add((char)index);
+        }
+        //letters
+        for (int index = 65 ; index < 91; index ++) {
+            Character capsChar = (char)index;
+            immune.add(capsChar);
+            immune.add(Character.toLowerCase(capsChar));
+        }
+
+        PERCENT_CODEC_IMMUNE = new char[immune.size()];
+        for (int index = 0; index < immune.size(); index++) {
+            PERCENT_CODEC_IMMUNE[index] = immune.get(index).charValue();
+        }
+    }
+
+    @Parameters(name = "{0}")
+    public static Collection<Object[]> buildTests() {
+        Collection<Object[]> tests = new ArrayList<>();
+        List<CodecStringTestTuple> tuples = new ArrayList<>();
+
+        tuples.add(newTuple("%3C", "<"));
+        tuples.add(newTuple("%00", Character.MIN_VALUE));
+        tuples.add(newTuple("%3D", '='));
+        tuples.add(newTuple("%26", '&'));
+
+        for (char c : PERCENT_CODEC_IMMUNE) {
+            tuples.add(newTuple(Character.toString(c), c));
+        }
+
+        for (CodecStringTestTuple tuple : tuples) {
+            tests.add(new Object[] { tuple });
+        }
+
+        return tests;
+    }
+
+    private static CodecStringTestTuple newTuple(String input, Object decoded) {
+        CodecStringTestTuple tuple = new CodecStringTestTuple();
+        tuple.codec = new PercentCodec();
+        tuple.encodeImmune = PERCENT_CODEC_IMMUNE;
+        tuple.decodedValue = decoded.toString();
+        tuple.input = input;
+
+        return tuple;
+    }
+
+    /**
+     * @param tuple
+     */
+    public PercentCodecStringTest(CodecStringTestTuple tuple) {
+        super(tuple);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java b/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java
new file mode 100644
index 000000000..59701c58f
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java
@@ -0,0 +1,79 @@
+package org.owasp.esapi.codecs.ref;
+
+import java.util.regex.Pattern;
+
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class EncodingPatternPreservationTest {
+
+    @Test
+    public void testReplaceAndRestore() {
+        Pattern numberRegex = Pattern.compile("(ABC)");
+        EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+        String origStr = "12 ABC 34 DEF 56 G 7";
+        String replacedStr = epp.captureAndReplaceMatches(origStr);
+
+        assertEquals("12 EncodingPatternPreservation 34 DEF 56 G 7", replacedStr);
+
+        String restored = epp.restoreOriginalContent(replacedStr);
+        assertEquals(origStr, restored);
+    }
+
+    @Test
+    public void testReplaceMultipleAndRestore() {
+        Pattern numberRegex = Pattern.compile("(ABC)");
+        EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+        String origStr = "12 ABC 34 ABC 56 G 7 ABC8";
+        String replacedStr = epp.captureAndReplaceMatches(origStr);
+
+        assertEquals("12 EncodingPatternPreservation 34 EncodingPatternPreservation 56 G 7 EncodingPatternPreservation8", replacedStr);
+
+        String restored = epp.restoreOriginalContent(replacedStr);
+        assertEquals(origStr, restored);
+    }
+
+    @Test
+    public void testSetMarker() {
+        Pattern numberRegex = Pattern.compile("(ABC)");
+        EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+        epp.setReplacementMarker(EncodingPatternPreservationTest.class.getSimpleName());
+
+        String origStr = "12 ABC 34 DEF 56 G 7";
+        String replacedStr = epp.captureAndReplaceMatches(origStr);
+
+        assertEquals("12 EncodingPatternPreservationTest 34 DEF 56 G 7", replacedStr);
+
+        String restored = epp.restoreOriginalContent(replacedStr);
+        assertEquals(origStr, restored);
+    }
+
+    @Test (expected = IllegalStateException.class)
+    public void testSetMarkerExceptionNoReset() {
+        Pattern numberRegex = Pattern.compile("(ABC)");
+        EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+        String origStr = "12 ABC 34 DEF 56 G 7";
+        epp.captureAndReplaceMatches(origStr);
+        //This allows the + case to be illustrated
+        epp.reset();
+
+        //And the exception case.
+        epp.captureAndReplaceMatches(origStr);
+        epp.setReplacementMarker(EncodingPatternPreservationTest.class.getSimpleName());
+    }
+
+    @Test (expected = IllegalStateException.class)
+    public void testReplaceExceptionNoReset() {
+        Pattern numberRegex = Pattern.compile("(ABC)");
+        EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+        String origStr = "12 ABC 34 DEF 56 G 7";
+        epp.captureAndReplaceMatches(origStr);
+        //This allows the + case to be illustrated
+        epp.reset();
+
+        //And the exception case.
+        epp.captureAndReplaceMatches(origStr);
+        epp.captureAndReplaceMatches(origStr);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
new file mode 100644
index 000000000..507f33ce1
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
@@ -0,0 +1,441 @@
+package org.owasp.esapi.configuration;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNotNull;
+import static junit.framework.Assert.assertNotSame;
+import static junit.framework.Assert.fail;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+public class EsapiPropertyManagerTest {
+
+    private static String propFilename1;
+    private static String propFilename2;
+    private static String xmlFilename1;
+    private static String xmlFilename2;
+    private static final String noSuchFile = "/invalidDir/noSubDir/nosuchFile.xml";
+
+    private EsapiPropertyManager testPropertyManager;
+    private static String DEVTEAM_CFG = "";
+    private static String OPSTEAM_CFG = "";
+
+    @BeforeClass
+    public static void captureEsapiConfigurations() {
+        DEVTEAM_CFG = System.getProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(),"");
+        OPSTEAM_CFG = System.getProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(),"");
+    }
+
+    @AfterClass
+    public static void restoreEsapiConfigurations() {
+         System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), DEVTEAM_CFG);
+         System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), OPSTEAM_CFG);
+    }
+
+
+    @Before
+    public void init() {
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), "");
+        propFilename1 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        propFilename2 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test-2.properties";
+        xmlFilename1 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.xml";
+        xmlFilename2 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test-2.xml";
+
+    }
+
+    @Test
+    public void testPropertyManagerInitialized() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // then
+        assertNotNull(testPropertyManager.loaders);
+        assertNotSame(0, testPropertyManager.loaders.size());
+    }
+
+    @Test
+    public void testStringPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        String propertyKey = "string_property";
+        String expectedPropertyValue = "test_string_property";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedPropertyValue, propertyValue);
+    }
+
+    @Test
+    public void testStringPropertyLoadedFromFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property_2";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testStringPropertyLoadedFromPropFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property_2";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testStringPropertyLoadedFromXmlFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property_2";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+
+    @Test(expected = ConfigurationException.class)
+    public void testStringPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        String propertyKey = "non.existing.property";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        testPropertyManager.getStringProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testIntPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        String propertyKey = "int_property";
+        int expectedPropertyValue = 5;
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedPropertyValue, propertyValue);
+    }
+
+    @Test
+    public void testIntPropertyLoadedFromFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "int_property";
+        int expectedValue = 52;
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testIntPropertyLoadedFromPropFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+        String propertyKey = "int_property";
+        int expectedValue = 52;    // value from ESAPI-test-2.properties file
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testIntPropertyLoadedFromXmlFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "int_property";
+        int expectedValue = 52;
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+
+    @Test(expected = ConfigurationException.class)
+    public void testIntPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        String propertyKey = "non.existing.property";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        testPropertyManager.getIntProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testBooleanPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        String propertyKey = "boolean_property";
+        boolean expectedPropertyValue = true;
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey);
+
+        // then
+        assertEquals(expectedPropertyValue, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testBooleanPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        String propertyKey = "non.existing.property";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        testPropertyManager.getBooleanProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testByteArrayPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testByteArrayPropertyLoadedFromFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property_2");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testByteArrayPropertyLoadedFromPropFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property_2");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testByteArrayPropertyLoadedFromXmlFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property_2");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testByteArrayPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        String propertyKey = "non.existing.property";
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then expect exception
+    }
+
+
+    @Test
+    public void testExpectFileNotFoundException() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), noSuchFile);
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            if ( e instanceof FileNotFoundException ) {
+                return;
+            } else {
+                fail("testExpectFileNotFoundException(): Was expecting FileNotFoundException for IOException. Exception:" + e);
+            }
+        }
+
+        fail("Did not throw expected IOException for property file " + noSuchFile);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
new file mode 100644
index 000000000..080644642
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
@@ -0,0 +1,359 @@
+package org.owasp.esapi.configuration;
+
+
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.File;
+import java.io.IOException;
+
+import static junit.framework.Assert.*;
+
+public class StandardEsapiPropertyLoaderTest {
+
+    private static String filename;
+    private static int priority;
+
+    private StandardEsapiPropertyLoader testPropertyLoader;
+
+    private static String DEVTEAM_CFG = "";
+    private static String OPSTEAM_CFG = "";
+
+    @BeforeClass
+    public static void captureEsapiConfigurations() {
+        DEVTEAM_CFG = System.getProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(),"");
+        OPSTEAM_CFG = System.getProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(),"");
+    }
+
+    @AfterClass
+    public static void restoreEsapiConfigurations() {
+         System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), DEVTEAM_CFG);
+         System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), OPSTEAM_CFG);
+    }
+
+
+    @Before
+    public void init() {
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), "");
+        filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        priority = 1;
+    }
+
+    @Test
+    public void testPropertiesLoaded() {
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+
+        // then
+        assertFalse(testPropertyLoader.properties.isEmpty());
+    }
+
+    @Test
+    public void testPriority() {
+        // given
+        int expectedValue = 1;
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.priority();
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testLoadersAreEqual() {
+        // given
+        int expectedValue = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithHigherPriority() {
+        // given
+        int expectedValue = -1;
+        int higherPriority = 2;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithLowerPriority() {
+        // given
+        int expectedValue = 1;
+        int lowerPriority = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetIntProp() {
+        // given
+        String propertyKey = "int_property";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int propertyValue = testPropertyLoader.getIntProp(propertyKey);
+
+        // then
+        assertEquals(5, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIntPropertyNotFound() throws ConfigurationException {
+        // given
+        String propertyKey = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getIntProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectIntPropertyType() {
+        // given
+        String key = "invalid_int_property";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getIntProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetStringProp() {
+        // given
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        String propertyValue = testPropertyLoader.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testStringPropertyNotFound() throws ConfigurationException {
+        // given
+        String propertyKey = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getStringProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetBooleanProp() {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        int priority = 1;
+        String propertyKey = "boolean_property";
+        boolean expectedValue = true;
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        boolean value = testPropertyLoader.getBooleanProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanYesProperty() {
+        // given
+        String key = "boolean_yes_property";
+        boolean expectedValue = true;
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanNoProperty() {
+        // given
+        String key = "boolean_no_property";
+        boolean expectedValue = false;
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testBooleanPropertyNotFound() throws ConfigurationException {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        int priority = 1;
+        String propertyKey = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getBooleanProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectBooleanPropertyType() throws ConfigurationException {
+        // given
+        String key = "invalid_boolean_property";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getBooleanProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetByteArrayProp() {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        int priority = 1;
+        String propertyKey = "string_property";
+
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        byte[] value = testPropertyLoader.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testByteArrayPropertyNotFound() throws ConfigurationException {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";        int priority = 1;
+        String propertyKey = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+
+        testPropertyLoader.getByteArrayProp(propertyKey);
+
+        // then expect exception
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
new file mode 100644
index 000000000..6aecec533
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
@@ -0,0 +1,364 @@
+package org.owasp.esapi.configuration;
+
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.File;
+import java.io.IOException;
+
+import static junit.framework.Assert.*;
+
+public class XmlEsapiPropertyLoaderTest {
+
+    private static String filename;
+    private static int priority;
+
+    private XmlEsapiPropertyLoader testPropertyLoader;
+
+    private static String DEVTEAM_CFG = "";
+    private static String OPSTEAM_CFG = "";
+
+    @BeforeClass
+    public static void captureEsapiConfigurations() {
+        DEVTEAM_CFG = System.getProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(),"");
+        OPSTEAM_CFG = System.getProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(),"");
+    }
+
+    @AfterClass
+    public static void restoreEsapiConfigurations() {
+         System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), DEVTEAM_CFG);
+         System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), OPSTEAM_CFG);
+    }
+
+    @Before
+    public void init() {
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), "");
+        filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.xml";
+        priority = 1;
+    }
+
+    @Test
+    public void testPropertiesLoaded() {
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+
+        // then
+        assertFalse(testPropertyLoader.properties.isEmpty());
+    }
+
+    @Test
+    public void testInvalidPropertyFile() {
+        // given - the file exists, but does not conform to the schema.
+        String invalidFilename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test-invalid-content.xml";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(invalidFilename, priority);
+        } catch ( IOException iex ) {
+            // iex.printStackTrace(System.err);
+            fail("Caught unexpected IOException; exception was: " + iex);
+        } catch ( ConfigurationException cex) {
+            return;
+        }
+
+        fail("Failed to catch expected ConfigurationException for invalid property file name: " + invalidFilename);
+    }
+
+    @Test
+    public void testPriority() {
+        // given
+        int expectedValue = 1;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.priority();
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testLoadersAreEqual() {
+        // given
+        int expectedValue = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithHigherPriority() {
+        // given
+        int expectedValue = -1;
+        int higherPriority = 2;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithLowerPriority() {
+        // given
+        int expectedValue = 1;
+        int lowerPriority = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetIntProp() {
+        // given
+        String key = "int_property";
+        int expectedValue = 5;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        int value = testPropertyLoader.getIntProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIntPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getIntProp(key);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectIntPropertyType() {
+        // given
+        String key = "invalid_int_property";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getIntProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetStringProp() {
+        // given
+        String key = "string_property";
+        String expectedValue = "test_string_property";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        String value = testPropertyLoader.getStringProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testStringPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getStringProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetBooleanProp() {
+        // given
+        String key = "boolean_property";
+        boolean expectedValue = true;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanYesProperty() {
+        // given
+        String key = "boolean_yes_property";
+        boolean expectedValue = true;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanNoProperty() {
+        // given
+        String key = "boolean_no_property";
+        boolean expectedValue = false;
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testBooleanPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getBooleanProp(key);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectBooleanPropertyType() throws ConfigurationException {
+        // given
+        String key = "invalid_boolean_property";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getBooleanProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetByteArrayProp() {
+        // given
+        String key = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        byte[] value = testPropertyLoader.getByteArrayProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testByteArrayPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+        testPropertyLoader.getByteArrayProp(key);
+
+        // then expect exception
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
index b842aaec6..54c69a520 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
@@ -22,191 +22,189 @@
 /** JUnit test to test CipherSpec class. */
 public class CipherSpecTest extends TestCase {
 
-	private Cipher dfltAESCipher = null;
-	private Cipher dfltECBCipher = null;	// will be "AES/ECB/NoPadding";
-	private Cipher dfltOtherCipher = null;
-	private CipherSpec cipherSpec = null;
-	private byte[] myIV = null;
-
-	@Before public void setUp() throws Exception {
-			// This will throw ConfigurationException if IV type is not set to
-			// 'fixed', which it's not. (We have it set to 'random'.)
-		// myIV = Hex.decode( ESAPI.securityConfiguration().getFixedIV() );
-		myIV = Hex.decode( "0x000102030405060708090a0b0c0d0e0f" );
-
-		dfltAESCipher   = Cipher.getInstance("AES");
-		dfltECBCipher   = Cipher.getInstance("AES/ECB/NoPadding");
-		dfltOtherCipher = Cipher.getInstance("Blowfish/OFB8/PKCS5Padding");
-
-		assertTrue( dfltAESCipher != null );
-		assertTrue( dfltECBCipher != null );
-		assertTrue( dfltOtherCipher != null );
-
-		cipherSpec = new CipherSpec(dfltOtherCipher);
-		assertTrue( cipherSpec != null );
-	}
-
-	@After public void tearDown() throws Exception {
-    	// none
-	}
-	
-	/** Test CipherSpec(String cipherXform, int keySize, int blockSize, final byte[] iv) */
-	@Test public void testCipherSpecStringIntIntByteArray() {
-		
-		cipherSpec = new CipherSpec( "AES/CBC/NoPadding",  128,  8, myIV);
-		assertTrue( cipherSpec != null );
-		cipherSpec = null;
-		boolean caughtException = false;
-		try {
-				// Invalid cipher xform -- empty
-			cipherSpec = new CipherSpec( "",  128,  8, myIV);
-		} catch( Throwable t ) {
-			caughtException = true;
-		}
-		assertTrue( caughtException && (cipherSpec == null) );
-		caughtException = false;
-		try {
-				// Invalid cipher xform -- missing padding scheme
-			cipherSpec = new CipherSpec("AES/CBC", 128, 8, myIV);
-		} catch( Throwable t ) {
-		    caughtException = true;
-		}
+    private Cipher dfltAESCipher = null;
+    private Cipher dfltECBCipher = null;    // will be "AES/ECB/NoPadding";
+    private Cipher dfltOtherCipher = null;
+    private CipherSpec cipherSpec = null;
+    private byte[] myIV = null;
+
+    @Before public void setUp() throws Exception {
+        myIV = Hex.decode( "0x000102030405060708090a0b0c0d0e0f" ); // Any IV to test w/ will do.
+
+        dfltAESCipher   = Cipher.getInstance("AES");
+        dfltECBCipher   = Cipher.getInstance("AES/ECB/NoPadding");
+        dfltOtherCipher = Cipher.getInstance("Blowfish/OFB8/PKCS5Padding");
+
+        assertTrue( dfltAESCipher != null );
+        assertTrue( dfltECBCipher != null );
+        assertTrue( dfltOtherCipher != null );
+
+        cipherSpec = new CipherSpec(dfltOtherCipher);
+        assertTrue( cipherSpec != null );
+    }
+
+    @After public void tearDown() throws Exception {
+        // none
+    }
+
+    /** Test CipherSpec(String cipherXform, int keySize, int blockSize, final byte[] iv) */
+    @Test public void testCipherSpecStringIntIntByteArray() {
+
+        cipherSpec = new CipherSpec( "AES/CBC/NoPadding",  128,  8, myIV);
+        assertTrue( cipherSpec != null );
+        cipherSpec = null;
+        boolean caughtException = false;
+        try {
+                // Invalid cipher xform -- empty
+            cipherSpec = new CipherSpec( "",  128,  8, myIV);
+        } catch( Throwable t ) {
+            caughtException = true;
+        }
+        assertTrue( caughtException && (cipherSpec == null) );
+        caughtException = false;
+        try {
+                // Invalid cipher xform -- missing padding scheme
+            cipherSpec = new CipherSpec("AES/CBC", 128, 8, myIV);
+        } catch( Throwable t ) {
+            caughtException = true;
+        }
         assertTrue( caughtException && (cipherSpec == null) );
-	}
-
-	/** CipherSpec(final Cipher cipher, int keySize) */
-	@Test public void testCipherSpecCipherInt() {
-    	cipherSpec = new CipherSpec(dfltOtherCipher, 112);
-    	assertTrue( cipherSpec != null );
-    	assertTrue( cipherSpec.getCipherAlgorithm().equals("Blowfish"));
-    	assertTrue( cipherSpec.getCipherMode().equals("OFB8"));
-    	
-    	cipherSpec = new CipherSpec(dfltAESCipher, 256);
-    	assertTrue( cipherSpec != null );
-    	assertTrue( cipherSpec.getCipherAlgorithm().equals("AES"));
-    	assertTrue( cipherSpec.getCipherMode().equals("ECB") );
-    	assertTrue( cipherSpec.getPaddingScheme().equals("NoPadding") );
-    	// System.out.println("testCipherSpecInt(): " + cipherSpec);
-	}
-
-	/** Test CipherSpec(final byte[] iv) */
-	@Test public void testCipherSpecByteArray() {
-		assertTrue( myIV != null );
-		assertTrue( myIV.length > 0 );
-		cipherSpec = new CipherSpec(myIV);
-		assertTrue( cipherSpec.getKeySize() == 
-						ESAPI.securityConfiguration().getEncryptionKeyLength() );
-		assertTrue( cipherSpec.getCipherTransformation().equals(
-						ESAPI.securityConfiguration().getCipherTransformation() ) );
-	}
-
-	/** Test CipherSpec() */
-	@Test public void testCipherSpec() {
-		cipherSpec = new CipherSpec( dfltECBCipher );
-		assertTrue( cipherSpec.getCipherTransformation().equals("AES/ECB/NoPadding") );
-		assertTrue( cipherSpec.getIV() == null );
-	
-		cipherSpec = new CipherSpec(dfltOtherCipher);
-		assertTrue( cipherSpec.getCipherMode().equals("OFB8") );
-	}
-
-	/** Test setCipherTransformation(String cipherXform) */
-	@Test public void testSetCipherTransformation() {
-		cipherSpec = new CipherSpec();
-		cipherSpec.setCipherTransformation("AlgName/Mode/Padding");
-		cipherSpec.getCipherAlgorithm().equals("AlgName/Mode/Padding");
-		
-		try {
-				// Don't use null here as compiling JUnit tests disables assertion
-				// checking so we get a NullPointerException here instead.
-			cipherSpec.setCipherTransformation(""); // Throws IllegalArgumentException
-		} catch (IllegalArgumentException e) {
-			assertTrue(true);	// Doesn't work w/ @Test(expected=IllegalArgumentException.class)
-		}
-	}
-
-	/** Test getCipherTransformation() */
-	@Test public void testGetCipherTransformation() {
-		assertTrue( (new CipherSpec()).getCipherTransformation().equals("AES/CBC/PKCS5Padding") );
-	}
-
-	/** Test setKeySize() */
-	@Test public void testSetKeySize() {
-		assertTrue( (new CipherSpec()).setKeySize(56).getKeySize() == 56 );
-	}
-
-	/** Test getKeySize() */
-	@Test public void testGetKeySize() {
-		assertTrue( (new CipherSpec()).getKeySize() ==
-			ESAPI.securityConfiguration().getEncryptionKeyLength() );
-	}
-
-	/** Test setBlockSize() */
-	@Test public void testSetBlockSize() {
-		try {
-			cipherSpec.setBlockSize(0); // Throws AssertionError
-		} catch (AssertionError e) {
-			assertTrue(true);	// Doesn't work w/ @Test(expected=AssertionError.class)
-		}
-		try {
-			cipherSpec.setBlockSize(-1); // Throws AssertionError
-		} catch (AssertionError e) {
-			assertTrue(true);	// Doesn't work w/ @Test(expected=AssertionError.class)
-		}
-		assertTrue( cipherSpec.setBlockSize(4).getBlockSize() == 4 );
-	}
-
-	/** Test getBlockSize() */
-	@Test public void testGetBlockSize() {
-		assertTrue( cipherSpec.getBlockSize() == 8 );
-	}
-
-	/** Test getCipherAlgorithm() */
-	@Test public void testGetCipherAlgorithm() {
-		assertTrue( cipherSpec.getCipherAlgorithm().equals("Blowfish") );
-	}
-
-	/** Test getCipherMode */
-	@Test public void testGetCipherMode() {
-		assertTrue( cipherSpec.getCipherMode().equals("OFB8") );
-	}
-
-	/** Test getPaddingScheme() */
-	@Test public void testGetPaddingScheme() {
-		assertTrue( cipherSpec.getPaddingScheme().equals("PKCS5Padding") );
-	}
-
-	/** Test setIV() */
-	@Test public void testSetIV() {
-		try {
-			// Test that ECB mode allows a null IV
-			cipherSpec = new CipherSpec(dfltECBCipher);
-			cipherSpec.setIV(null);
-			assertTrue(true);
-		} catch ( AssertionError e) {
-			assertFalse("Test failed; unexpected exception", false);
-		}
-		try {
-			// Test that CBC mode does allows a null IV
-			cipherSpec = new CipherSpec(dfltAESCipher);
-			cipherSpec.setIV(null);
-			assertFalse("Test failed; Expected exception not thrown", false);
-		} catch ( AssertionError e) {
-			assertTrue(true);
-		}
-	}
-
-	/** Test requiresIV() */
-	@Test public void testRequiresIV() {
-		assertTrue( (new CipherSpec(dfltECBCipher)).requiresIV() == false );
-		cipherSpec = new CipherSpec(dfltAESCipher);
-		assertTrue( cipherSpec.getCipherMode().equals("ECB") );
-		assertTrue( cipherSpec.requiresIV() == false );
-		assertTrue( new CipherSpec(dfltOtherCipher).requiresIV() );
-	}
-	
-	/** Test serialization */
-	@Test public void testSerialization() {
+    }
+
+    /** CipherSpec(final Cipher cipher, int keySize) */
+    @Test public void testCipherSpecCipherInt() {
+        cipherSpec = new CipherSpec(dfltOtherCipher, 112);
+        assertTrue( cipherSpec != null );
+        assertTrue( cipherSpec.getCipherAlgorithm().equals("Blowfish"));
+        assertTrue( cipherSpec.getCipherMode().equals("OFB8"));
+
+        cipherSpec = new CipherSpec(dfltAESCipher, 256);
+        assertTrue( cipherSpec != null );
+        assertTrue( cipherSpec.getCipherAlgorithm().equals("AES"));
+        assertTrue( cipherSpec.getCipherMode().equals("ECB") );
+        assertTrue( cipherSpec.getPaddingScheme().equals("NoPadding") );
+        // System.out.println("testCipherSpecInt(): " + cipherSpec);
+    }
+
+    /** Test CipherSpec(final byte[] iv) */
+    @Test public void testCipherSpecByteArray() {
+        assertTrue( myIV != null );
+        assertTrue( myIV.length > 0 );
+        cipherSpec = new CipherSpec(myIV);
+        assertTrue( cipherSpec.getKeySize() ==
+                        ESAPI.securityConfiguration().getEncryptionKeyLength() );
+        assertTrue( cipherSpec.getCipherTransformation().equals(
+                        ESAPI.securityConfiguration().getCipherTransformation() ) );
+    }
+
+    /** Test CipherSpec() */
+    @Test public void testCipherSpec() {
+        cipherSpec = new CipherSpec( dfltECBCipher );
+        assertTrue( cipherSpec.getCipherTransformation().equals("AES/ECB/NoPadding") );
+        assertTrue( cipherSpec.getIV() == null );
+
+        cipherSpec = new CipherSpec(dfltOtherCipher);
+        assertTrue( cipherSpec.getCipherMode().equals("OFB8") );
+    }
+
+    /** Test setCipherTransformation(String cipherXform) */
+    @Test public void testSetCipherTransformation() {
+        cipherSpec = new CipherSpec();
+        cipherSpec.setCipherTransformation("AlgName/Mode/Padding");
+        cipherSpec.getCipherAlgorithm().equals("AlgName/Mode/Padding");
+
+        try {
+                // Don't use null here as compiling JUnit tests disables assertion
+                // checking so we get a NullPointerException here instead.
+            cipherSpec.setCipherTransformation(""); // Throws IllegalArgumentException
+        } catch (IllegalArgumentException e) {
+            assertTrue(true);    // Doesn't work w/ @Test(expected=IllegalArgumentException.class)
+        }
+    }
+
+    /** Test getCipherTransformation() */
+    @Test public void testGetCipherTransformation() {
+        assertTrue( (new CipherSpec()).getCipherTransformation().equals("AES/CBC/PKCS5Padding") );
+    }
+
+    /** Test setKeySize() */
+    @Test public void testSetKeySize() {
+        assertTrue( (new CipherSpec()).setKeySize(56).getKeySize() == 56 );
+    }
+
+    /** Test getKeySize() */
+    @Test public void testGetKeySize() {
+        assertTrue( (new CipherSpec()).getKeySize() ==
+            ESAPI.securityConfiguration().getEncryptionKeyLength() );
+    }
+
+    /** Test setBlockSize() */
+    @Test public void testSetBlockSize() {
+        try {
+            cipherSpec.setBlockSize(0); // Throws IllegalArgumentException
+        } catch (IllegalArgumentException e) {
+            assertTrue(true);
+        }
+        try {
+            cipherSpec.setBlockSize(-1); // Throws IllegalArgumentException
+        } catch (IllegalArgumentException e) {
+            assertTrue(true);
+        }
+        assertTrue( cipherSpec.setBlockSize(4).getBlockSize() == 4 );
+    }
+
+    /** Test getBlockSize() */
+    @Test public void testGetBlockSize() {
+        assertTrue( cipherSpec.getBlockSize() == 8 );
+    }
+
+    /** Test getCipherAlgorithm() */
+    @Test public void testGetCipherAlgorithm() {
+        assertTrue( cipherSpec.getCipherAlgorithm().equals("Blowfish") );
+    }
+
+    /** Test getCipherMode */
+    @Test public void testGetCipherMode() {
+        assertTrue( cipherSpec.getCipherMode().equals("OFB8") );
+    }
+
+    /** Test getPaddingScheme() */
+    @Test public void testGetPaddingScheme() {
+        assertTrue( cipherSpec.getPaddingScheme().equals("PKCS5Padding") );
+    }
+
+    /** Test setIV() */
+    @Test public void testSetIV() {
+        try {
+            // Test that ECB mode allows a null IV
+            cipherSpec = new CipherSpec(dfltECBCipher);
+            assertTrue( cipherSpec.getCipherMode().equals("ECB") );
+            cipherSpec.setIV(null);
+            assertTrue(true);
+        } catch ( IllegalArgumentException e) {
+            assertFalse("Test failed; unexpected exception", false);
+        }
+        try {
+            // Test that CBC mode does allows a null IV
+            cipherSpec = new CipherSpec(dfltAESCipher);
+            cipherSpec.setIV(null);
+            assertFalse("Test failed; Expected exception not thrown", false);
+        } catch ( IllegalArgumentException e) {
+            assertTrue(true);
+        }
+    }
+
+    /** Test requiresIV() */
+    @Test public void testRequiresIV() {
+        assertTrue( (new CipherSpec(dfltECBCipher)).requiresIV() == false );
+        cipherSpec = new CipherSpec(dfltAESCipher);
+        assertTrue( cipherSpec.getCipherMode().equals("ECB") );
+        assertTrue( cipherSpec.requiresIV() == false );
+        assertTrue( new CipherSpec(dfltOtherCipher).requiresIV() );
+    }
+
+    /** Test serialization */
+    @Test public void testSerialization() {
         String filename = "cipherspec.ser";
         File serializedFile = new File(filename);
         boolean success = false;
@@ -219,7 +217,7 @@ public class CipherSpecTest extends TestCase {
             //       Guess what? We don't care!!!
             serializedFile.delete();
 
-            
+
             cipherSpec = new CipherSpec( "AES/CBC/NoPadding",  128,  8, myIV);
             FileOutputStream fos = new FileOutputStream(filename);
             ObjectOutputStream out = new ObjectOutputStream(fos);
@@ -236,8 +234,8 @@ public class CipherSpecTest extends TestCase {
             // check that cipherSpec and restoredCipherSpec are equal. Just
             // compare them via their string representations.
             assertEquals("Serialized restored CipherSpec differs from saved CipherSpec",
-            			 cipherSpec.toString(), restoredCipherSpec.toString() );
-            
+                         cipherSpec.toString(), restoredCipherSpec.toString() );
+
             success = true;
         } catch(IOException ex) {
             ex.printStackTrace(System.err);
@@ -259,8 +257,8 @@ public class CipherSpecTest extends TestCase {
                 }
             }
         }
-	}
-	
+    }
+
     /**
      * Run all the test cases in this suite.
      * This is to allow running from {@code org.owasp.esapi.AllTests}.
@@ -270,4 +268,4 @@ public static junit.framework.Test suite() {
 
         return suite;
     }
-}
\ No newline at end of file
+}
diff --git a/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java b/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java
index 9f86b9fb7..fcf5be73e 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java
@@ -18,7 +18,7 @@ public class CipherTextSerializerTest {
     private Cipher encryptor = null;
     private IvParameterSpec ivSpec = null;  // Note: FindBugs reports false positive
                                             // about this being unread field. See
-    										// testAsSerializedByteArray().
+                                            // testAsSerializedByteArray().
 
     @BeforeClass
     public static void setUpBeforeClass() throws Exception {
@@ -38,12 +38,12 @@ public void setUp() throws Exception {
 
     @After
     public void tearDown() throws Exception {
-    	System.out.flush();
+        System.out.flush();
     }
 
     @Test
     public final void testAsSerializedByteArray() {
-    	System.out.println("CipherTextSerializerTest.testAsSerializedByteArray() ...");
+        System.out.println("CipherTextSerializerTest.testAsSerializedByteArray() ...");
         CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
         cipherSpec.setIV(ivSpec.getIV());
         SecretKey key;
@@ -68,7 +68,7 @@ public final void testAsSerializedByteArray() {
     @Test
     public final void testAsCipherText() {
         try {
-        	System.out.println("CipherTextSerializerTest.testAsCipherText() ...");
+            System.out.println("CipherTextSerializerTest.testAsCipherText() ...");
             CipherText ct = ESAPI.encryptor().encrypt( new PlainText("Hello") );
             CipherTextSerializer cts = new CipherTextSerializer( ct );
             CipherText result = cts.asCipherText();
diff --git a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
index 18c7fb505..5e8b036a1 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
@@ -1,249 +1,215 @@
 package org.owasp.esapi.crypto;
 
 import static org.junit.Assert.*;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
+
+import java.io.*;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
+
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 
-import junit.framework.Assert;
-import junit.framework.JUnit4TestAdapter;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
+import org.junit.*;
+import org.junit.rules.TemporaryFolder;
 import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.crypto.CipherSpec;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.CryptoHelper;
 import org.owasp.esapi.errors.EncryptionException;
 import org.owasp.esapi.reference.crypto.CryptoPolicy;
 
+import junit.framework.Assert;
+import junit.framework.JUnit4TestAdapter;
+
 public class CipherTextTest {
 
-    private static final boolean POST_CLEANUP = true;
-    
-	private CipherSpec cipherSpec_ = null;
+    private CipherSpec cipherSpec_ = null;
     private Cipher encryptor = null;
     private Cipher decryptor = null;
     private IvParameterSpec ivSpec = null;
-	
-    @BeforeClass public static void preCleanup() {
-    	try {
-            // These two calls have side-effects that cause FindBugs to complain.
-    		removeFile("ciphertext.ser");
-    		removeFile("ciphertext-portable.ser");
-    		// Do NOT remove this file...
-    		//		src/test/resource/ESAPI2.0-ciphertext-portable.ser
-    	} catch(Exception ex) {
-    		;	// Do nothing
-    	}
-    }
-    
-	@Before
-	public void setUp() throws Exception {
+    @Rule
+    public TemporaryFolder tempFolder = new TemporaryFolder();
+
+
+    @Before
+    public void setUp() throws Exception {
         encryptor = Cipher.getInstance("AES/CBC/PKCS5Padding");
         decryptor = Cipher.getInstance("AES/CBC/PKCS5Padding");
         byte[] ivBytes = null;
         ivBytes = ESAPI.randomizer().getRandomBytes(encryptor.getBlockSize());
         ivSpec = new IvParameterSpec(ivBytes);
-	}
-
-	@After
-	public void tearDown() throws Exception {
-	}
-	
-	@AfterClass public static void postCleanup() {
-	    if ( POST_CLEANUP ) {
-	            // These two calls have side-effects that cause FindBugs to complain.
-	        removeFile("ciphertext.ser");
-	        removeFile("ciphertext-portable.ser");
-	    }
-	}
-
-	/** Test the default CTOR */
-	@Test
-	public final void testCipherText() {
-		CipherText ct =  new CipherText();
-
-		cipherSpec_ = new CipherSpec();
-		assertTrue( ct.getCipherTransformation().equals( cipherSpec_.getCipherTransformation()));
-		assertTrue( ct.getBlockSize() == cipherSpec_.getBlockSize() );
-	}
-
-	@Test
-	public final void testCipherTextCipherSpec() {
-		cipherSpec_ = new CipherSpec("DESede/OFB8/NoPadding", 112);
-		CipherText ct = new CipherText( cipherSpec_ );
-		assertTrue( ct.getRawCipherText() == null );
-		assertTrue( ct.getCipherAlgorithm().equals("DESede") );
-		assertTrue( ct.getKeySize() == cipherSpec_.getKeySize() );
-	}
-
-	@Test
-	public final void testCipherTextCipherSpecByteArray()
-	{
-		try {
-			CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
-			cipherSpec.setIV(ivSpec.getIV());
-			SecretKey key =
-				CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
-			encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
-			byte[] raw = encryptor.doFinal("Hello".getBytes("UTF8"));
-			CipherText ct = new CipherText(cipherSpec, raw);
-			assertTrue( ct != null );
-			byte[] ctRaw = ct.getRawCipherText();
-			assertTrue( ctRaw != null );
-			assertArrayEquals(raw, ctRaw);
-			assertTrue( ct.getCipherTransformation().equals(cipherSpec.getCipherTransformation()) );;
-			assertTrue( ct.getCipherAlgorithm().equals(cipherSpec.getCipherAlgorithm()) );
-			assertTrue( ct.getPaddingScheme().equals(cipherSpec.getPaddingScheme()) );
-			assertTrue( ct.getBlockSize() == cipherSpec.getBlockSize() );
-			assertTrue( ct.getKeySize() == cipherSpec.getKeySize() );
-			byte[] ctIV = ct.getIV();
-			byte[] csIV = cipherSpec.getIV();
-			assertArrayEquals(ctIV, csIV);
-		} catch( Exception ex) {
-			// As far as test coverage goes, we really don't want this to be covered.
-			fail("Caught unexpected exception: " + ex.getClass().getName() +
-					    "; exception message was: " + ex.getMessage());
-		}
-	}
-
-
-	@Test
-	public final void testDecryptionUsingCipherText() {
-		try {
-			CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
-			cipherSpec.setIV(ivSpec.getIV());
-			assertTrue( cipherSpec.getIV() != null );
-			assertTrue( cipherSpec.getIV().length > 0 );
-			SecretKey key =
-				CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
-			encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
-			byte[] ctraw = encryptor.doFinal("Hello".getBytes("UTF8"));
-			CipherText ct = new CipherText(cipherSpec, ctraw);
-			assertTrue( ct.getCipherMode().equals("CBC") );
-			assertTrue( ct.requiresIV() ); // CBC mode requires an IV.
-			String b64ctraw = ct.getBase64EncodedRawCipherText();
-			assertTrue( b64ctraw != null);
-			assertArrayEquals( ESAPI.encoder().decodeFromBase64(b64ctraw), ctraw );
-			decryptor.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ct.getIV()));
-			byte[] ptraw = decryptor.doFinal(ESAPI.encoder().decodeFromBase64(b64ctraw));
-			assertTrue( ptraw != null );
-			assertTrue( ptraw.length > 0 );
-			String plaintext = new String( ptraw, "UTF-8");
-			assertTrue( plaintext.equals("Hello") );
-			assertArrayEquals( ct.getRawCipherText(), ctraw );
-			
-			byte[] ivAndRaw = ESAPI.encoder().decodeFromBase64( ct.getEncodedIVCipherText() );
-			assertTrue( ivAndRaw.length > ctraw.length );
-			assertTrue( ct.getBlockSize() == ( ivAndRaw.length - ctraw.length ) );
-		} catch( Exception ex) {
-		    // Note: FindBugs reports a false positive here...
-		    //    REC_CATCH_EXCEPTION: Exception is caught when Exception is not thrown
-		    // but exceptions really can be thrown. This probably is because FindBugs
-		    // examines the byte-code rather than the source code. However "fixing" this
-		    // so that it doesn't complain will make the test much more complicated as there
-		    // are about 3 or 4 different exception types.
-		    //
-		    // On a completely different note, as far as test coverage metrics goes,
-			// we really don't care if this is covered or nit as it is not our intent
-		    // to be causing exceptions here.
-			ex.printStackTrace(System.err);
-			fail("Caught unexpected exception: " + ex.getClass().getName() +
-					"; exception message was: " + ex.getMessage());
-		}
-	}
-
-	@Test
-	public final void testMIC() {
-		try {
-			CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
-			cipherSpec.setIV(ivSpec.getIV());
-			SecretKey key =
-				CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
-			encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
-			byte[] ctraw = encryptor.doFinal("Hello".getBytes("UTF8"));
-			CipherText ct = new CipherText(cipherSpec, ctraw);
-			assertTrue( ct.getIV() != null && ct.getIV().length > 0 );
-			SecretKey authKey = CryptoHelper.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
-			ct.computeAndStoreMAC( authKey ); 
-			try {
-				ct.setIVandCiphertext(ivSpec.getIV(), ctraw);	// Expected to log & throw.
-			} catch( Exception ex ) {
-				assertTrue( ex instanceof EncryptionException );
-			}
-			try {
-				ct.setCiphertext(ctraw);	// Expected to log and throw message about
-											// not being able to store raw ciphertext.
-			} catch( Exception ex ) {
-				assertTrue( ex instanceof EncryptionException );
-			}
-			decryptor.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec( ct.getIV() ) );
-			byte[] ptraw = decryptor.doFinal( ct.getRawCipherText() );
-			assertTrue( ptraw != null && ptraw.length > 0 );
-			ct.validateMAC( authKey );
-		} catch( Exception ex) {
-			// As far as test coverage goes, we really don't want this to be covered.
-			ex.printStackTrace(System.err);
-			fail("Caught unexpected exception: " + ex.getClass().getName() +
-					"; exception message was: " + ex.getMessage());
-		}
-	}
-
-	/** Test <i>portable</i> serialization. */
-	@Test public final void testPortableSerialization() {
-	    System.out.println("CipherTextTest.testPortableSerialization()starting...");
-	    String filename = "ciphertext-portable.ser";
-	    File serializedFile = new File(filename);
-	    serializedFile.delete();    // Delete any old serialized file.
-
-	    int keySize = 128;
-	    if ( CryptoPolicy.isUnlimitedStrengthCryptoAvailable() ) {
-	        keySize = 256;
-	    }
-	    CipherSpec cipherSpec = new CipherSpec(encryptor, keySize);
-	    cipherSpec.setIV(ivSpec.getIV());
-	    SecretKey key;
-	    try {
-	        key = CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), keySize);
-
-	        encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
-	        byte[] raw = encryptor.doFinal("This is my secret message!!!".getBytes("UTF8"));
-	        CipherText ciphertext = new CipherText(cipherSpec, raw);
-	        	// TODO: Replace this w/ call to KeyDerivationFunction as this is
-	        	//		 deprecated! Shame on me!
-	        SecretKey authKey = CryptoHelper.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
-	        ciphertext.computeAndStoreMAC( authKey );
+    }
+
+    /** Test the default CTOR */
+    @Test
+    public final void testCipherText() {
+        CipherText ct =  new CipherText();
+
+        cipherSpec_ = new CipherSpec();
+        assertTrue( ct.getCipherTransformation().equals( cipherSpec_.getCipherTransformation()));
+        assertTrue( ct.getBlockSize() == cipherSpec_.getBlockSize() );
+    }
+
+    @Test
+    public final void testCipherTextCipherSpec() {
+        cipherSpec_ = new CipherSpec("DESede/OFB8/NoPadding", 112);
+        CipherText ct = new CipherText( cipherSpec_ );
+        assertTrue( ct.getRawCipherText() == null );
+        assertTrue( ct.getCipherAlgorithm().equals("DESede") );
+        assertTrue( ct.getKeySize() == cipherSpec_.getKeySize() );
+    }
+
+    @Test
+    public final void testCipherTextCipherSpecByteArray()
+    {
+        try {
+            CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
+            cipherSpec.setIV(ivSpec.getIV());
+            SecretKey key =
+                CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
+            encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
+            byte[] raw = encryptor.doFinal("Hello".getBytes("UTF8"));
+            CipherText ct = new CipherText(cipherSpec, raw);
+            assertTrue( ct != null );
+            byte[] ctRaw = ct.getRawCipherText();
+            assertTrue( ctRaw != null );
+            assertArrayEquals(raw, ctRaw);
+            assertTrue( ct.getCipherTransformation().equals(cipherSpec.getCipherTransformation()) );;
+            assertTrue( ct.getCipherAlgorithm().equals(cipherSpec.getCipherAlgorithm()) );
+            assertTrue( ct.getPaddingScheme().equals(cipherSpec.getPaddingScheme()) );
+            assertTrue( ct.getBlockSize() == cipherSpec.getBlockSize() );
+            assertTrue( ct.getKeySize() == cipherSpec.getKeySize() );
+            byte[] ctIV = ct.getIV();
+            byte[] csIV = cipherSpec.getIV();
+            assertArrayEquals(ctIV, csIV);
+        } catch( Exception ex) {
+            // As far as test coverage goes, we really don't want this to be covered.
+            fail("Caught unexpected exception: " + ex.getClass().getName() +
+                        "; exception message was: " + ex.getMessage());
+        }
+    }
+
+
+    @Test
+    public final void testDecryptionUsingCipherText() {
+        try {
+            CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
+            cipherSpec.setIV(ivSpec.getIV());
+            assertTrue( cipherSpec.getIV() != null );
+            assertTrue( cipherSpec.getIV().length > 0 );
+            SecretKey key =
+                CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
+            encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
+            byte[] ctraw = encryptor.doFinal("Hello".getBytes("UTF8"));
+            CipherText ct = new CipherText(cipherSpec, ctraw);
+            assertTrue( ct.getCipherMode().equals("CBC") );
+            assertTrue( ct.requiresIV() ); // CBC mode requires an IV.
+            String b64ctraw = ct.getBase64EncodedRawCipherText();
+            assertTrue( b64ctraw != null);
+            assertArrayEquals( ESAPI.encoder().decodeFromBase64(b64ctraw), ctraw );
+            decryptor.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ct.getIV()));
+            byte[] ptraw = decryptor.doFinal(ESAPI.encoder().decodeFromBase64(b64ctraw));
+            assertTrue( ptraw != null );
+            assertTrue( ptraw.length > 0 );
+            String plaintext = new String( ptraw, "UTF-8");
+            assertTrue( plaintext.equals("Hello") );
+            assertArrayEquals( ct.getRawCipherText(), ctraw );
+
+            byte[] ivAndRaw = ESAPI.encoder().decodeFromBase64( ct.getEncodedIVCipherText() );
+            assertTrue( ivAndRaw.length > ctraw.length );
+            assertTrue( ct.getBlockSize() == ( ivAndRaw.length - ctraw.length ) );
+        } catch( Exception ex) {
+            // Note: FindBugs reports a false positive here...
+            //    REC_CATCH_EXCEPTION: Exception is caught when Exception is not thrown
+            // but exceptions really can be thrown. This probably is because FindBugs
+            // examines the byte-code rather than the source code. However "fixing" this
+            // so that it doesn't complain will make the test much more complicated as there
+            // are about 3 or 4 different exception types.
+            //
+            // On a completely different note, as far as test coverage metrics goes,
+            // we really don't care if this is covered or nit as it is not our intent
+            // to be causing exceptions here.
+            ex.printStackTrace(System.err);
+            fail("Caught unexpected exception: " + ex.getClass().getName() +
+                    "; exception message was: " + ex.getMessage());
+        }
+    }
+
+    @Test
+    public final void testMIC() {
+        try {
+            CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
+            cipherSpec.setIV(ivSpec.getIV());
+            SecretKey key =
+                CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
+            encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
+            byte[] ctraw = encryptor.doFinal("Hello".getBytes("UTF8"));
+            CipherText ct = new CipherText(cipherSpec, ctraw);
+            assertTrue( ct.getIV() != null && ct.getIV().length > 0 );
+            SecretKey authKey = CryptoHelper.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
+            ct.computeAndStoreMAC( authKey );
+            try {
+                ct.setIVandCiphertext(ivSpec.getIV(), ctraw);    // Expected to log & throw.
+            } catch( Exception ex ) {
+                assertTrue( ex instanceof EncryptionException );
+            }
+            try {
+                ct.setCiphertext(ctraw);    // Expected to log and throw message about
+                                            // not being able to store raw ciphertext.
+            } catch( Exception ex ) {
+                assertTrue( ex instanceof EncryptionException );
+            }
+            decryptor.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec( ct.getIV() ) );
+            byte[] ptraw = decryptor.doFinal( ct.getRawCipherText() );
+            assertTrue( ptraw != null && ptraw.length > 0 );
+            ct.validateMAC( authKey );
+        } catch( Exception ex) {
+            // As far as test coverage goes, we really don't want this to be covered.
+            ex.printStackTrace(System.err);
+            fail("Caught unexpected exception: " + ex.getClass().getName() +
+                    "; exception message was: " + ex.getMessage());
+        }
+    }
+
+    /** Test <i>portable</i> serialization. */
+    @Test public final void testPortableSerialization() throws Exception{
+        System.out.println("CipherTextTest.testPortableSerialization()starting...");
+        String filename = "ciphertext-portable.ser";
+        File serializedFile = tempFolder.newFile(filename);
+
+
+        int keySize = 128;
+        if ( CryptoPolicy.isUnlimitedStrengthCryptoAvailable() ) {
+            keySize = 256;
+        }
+        CipherSpec cipherSpec = new CipherSpec(encryptor, keySize);
+        cipherSpec.setIV(ivSpec.getIV());
+        SecretKey key;
+        try {
+            key = CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), keySize);
+
+            encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
+            byte[] raw = encryptor.doFinal("This is my secret message!!!".getBytes("UTF8"));
+            CipherText ciphertext = new CipherText(cipherSpec, raw);
+            KeyDerivationFunction kdf = new KeyDerivationFunction( KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1 );
+            SecretKey authKey = kdf.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
+            ciphertext.computeAndStoreMAC( authKey );
 //          System.err.println("Original ciphertext being serialized: " + ciphertext);
-	        byte[] serializedBytes = ciphertext.asPortableSerializedByteArray();
-	        
-	        FileOutputStream fos = new FileOutputStream(serializedFile);
+            byte[] serializedBytes = ciphertext.asPortableSerializedByteArray();
+
+            FileOutputStream fos = new FileOutputStream(serializedFile);
             fos.write(serializedBytes);
                 // Note: FindBugs complains that this test may fail to close
                 // the fos output stream. We don't really care.
             fos.close();
-            
+
             // NOTE: FindBugs complains about this (OS_OPEN_STREAM). It apparently
             //       is too lame to know that 'fis.read()' is a serious side-effect.
             FileInputStream fis = new FileInputStream(serializedFile);
             int avail = fis.available();
             byte[] bytes = new byte[avail];
             fis.read(bytes, 0, avail);
-            
+
             // Sleep one second to prove that the timestamp on the original
             // CipherText object is the one that we use and not just the
             // current time. Only after that, do we restore the serialized bytes.
@@ -251,12 +217,12 @@ public final void testMIC() {
                 Thread.sleep(1000);
             } catch (InterruptedException e) {
                 ;    // Ignore
-            }       
+            }
             CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(bytes);
 //          System.err.println("Restored ciphertext: " + restoredCipherText);
             assertTrue( ciphertext.equals(restoredCipherText));
-	    } catch (EncryptionException e) {
-	        Assert.fail("Caught EncryptionException: " + e);
+        } catch (EncryptionException e) {
+            Assert.fail("Caught EncryptionException: " + e);
         } catch (FileNotFoundException e) {
             Assert.fail("Caught FileNotFoundException: " + e);
         } catch (IOException e) {
@@ -267,17 +233,17 @@ public final void testMIC() {
             // FindBugs complains that we are ignoring this return value. We really don't care.
             serializedFile.delete();
         }
-	}
-	
-	/** Test <i>portable</i> serialization for backward compatibility with ESAPI 2.0. */
-	@Test public final void testPortableSerializationBackwardCompatibility() {
-	    System.out.println("testPortableSerializationBackwardCompatibility()starting...");
-	    String filename = "src/test/resources/ESAPI2.0-ciphertext-portable.ser";  // Do NOT remove
-	    File serializedFile = new File(filename);
-
-	    try {
-	    	// String expectedMsg = "This is my secret message!!!";
-            
+    }
+
+    /** Test <i>portable</i> serialization for backward compatibility with ESAPI 2.0. */
+    @Test public final void testPortableSerializationBackwardCompatibility() {
+        System.out.println("testPortableSerializationBackwardCompatibility()starting...");
+        String filename = "src/test/resources/ESAPI2.0-ciphertext-portable.ser";  // Do NOT remove
+        File serializedFile = new File(filename);
+
+        try {
+            // String expectedMsg = "This is my secret message!!!";
+
             // NOTE: FindBugs complains about this (OS_OPEN_STREAM). It apparently
             //       is too lame to know that 'fis.read()' is a serious side-effect.
             FileInputStream fis = new FileInputStream(serializedFile);
@@ -289,8 +255,8 @@ public final void testMIC() {
             CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(bytes);
             assertTrue( restoredCipherText != null );
             int retrievedKdfVersion = restoredCipherText.getKDFVersion();
-	    } catch (EncryptionException e) {
-	        Assert.fail("Caught EncryptionException: " + e);
+        } catch (EncryptionException e) {
+            Assert.fail("Caught EncryptionException: " + e);
         } catch (FileNotFoundException e) {
             Assert.fail("Caught FileNotFoundException: " + e);
         } catch (IOException e) {
@@ -298,32 +264,32 @@ public final void testMIC() {
         } catch (Exception e) {
             Assert.fail("Caught Exception: " + e);
         } finally {
-        	; // Do NOT delete the file.
+            ; // Do NOT delete the file.
         }
-	}
-	
-	/** Test Java serialization. */
-	@Test public final void testJavaSerialization() {
+    }
+
+    /** Test Java serialization. */
+    @Test public final void testJavaSerialization() {
         String filename = "ciphertext.ser";
-        File serializedFile = new File(filename);
+
         try {
-            serializedFile.delete();	// Delete any old serialized file.
-            
+            File serializedFile = tempFolder.newFile(filename);
+
             CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
-			cipherSpec.setIV(ivSpec.getIV());
-			SecretKey key =
-				CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
-			encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
-			byte[] raw = encryptor.doFinal("This is my secret message!!!".getBytes("UTF8"));
-			CipherText ciphertext = new CipherText(cipherSpec, raw);
-
-            FileOutputStream fos = new FileOutputStream(filename);
+            cipherSpec.setIV(ivSpec.getIV());
+            SecretKey key =
+                CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
+            encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
+            byte[] raw = encryptor.doFinal("This is my secret message!!!".getBytes("UTF8"));
+            CipherText ciphertext = new CipherText(cipherSpec, raw);
+
+            FileOutputStream fos = new FileOutputStream(serializedFile);
             ObjectOutputStream out = new ObjectOutputStream(fos);
             out.writeObject(ciphertext);
             out.close();
             fos.close();
 
-            FileInputStream fis = new FileInputStream(filename);
+            FileInputStream fis = new FileInputStream(serializedFile);
             ObjectInputStream in = new ObjectInputStream(fis);
             CipherText restoredCipherText = (CipherText)in.readObject();
             in.close();
@@ -333,13 +299,13 @@ public final void testMIC() {
             // multiple checks. (Hmmm... maybe overriding equals() and hashCode()
             // is in order???)
             assertEquals("1: Serialized restored CipherText differs from saved CipherText",
-            			 ciphertext.toString(), restoredCipherText.toString());
+                         ciphertext.toString(), restoredCipherText.toString());
             assertArrayEquals("2: Serialized restored CipherText differs from saved CipherText",
-            			 ciphertext.getIV(), restoredCipherText.getIV());
+                         ciphertext.getIV(), restoredCipherText.getIV());
             assertEquals("3: Serialized restored CipherText differs from saved CipherText",
-            			 ciphertext.getBase64EncodedRawCipherText(),
-            			 restoredCipherText.getBase64EncodedRawCipherText());
-            
+                         ciphertext.getBase64EncodedRawCipherText(),
+                         restoredCipherText.getBase64EncodedRawCipherText());
+
         } catch(IOException ex) {
             ex.printStackTrace(System.err);
             fail("testJavaSerialization(): Unexpected IOException: " + ex);
@@ -347,44 +313,29 @@ public final void testMIC() {
             ex.printStackTrace(System.err);
             fail("testJavaSerialization(): Unexpected ClassNotFoundException: " + ex);
         } catch (EncryptionException ex) {
-			ex.printStackTrace(System.err);
-			fail("testJavaSerialization(): Unexpected EncryptionException: " + ex);
-		} catch (IllegalBlockSizeException ex) {
-			ex.printStackTrace(System.err);
-			fail("testJavaSerialization(): Unexpected IllegalBlockSizeException: " + ex);
-		} catch (BadPaddingException ex) {
-			ex.printStackTrace(System.err);
-			fail("testJavaSerialization(): Unexpected BadPaddingException: " + ex);
-		} catch (InvalidKeyException ex) {
-			ex.printStackTrace(System.err);
-			fail("testJavaSerialization(): Unexpected InvalidKeyException: " + ex);
-		} catch (InvalidAlgorithmParameterException ex) {
-			ex.printStackTrace(System.err);
-			fail("testJavaSerialization(): Unexpected InvalidAlgorithmParameterException: " + ex);
-		}  finally {
-		    // FindBugs complains that we are ignoring this return value. We really don't care.
-            serializedFile.delete();
+            ex.printStackTrace(System.err);
+            fail("testJavaSerialization(): Unexpected EncryptionException: " + ex);
+        } catch (IllegalBlockSizeException ex) {
+            ex.printStackTrace(System.err);
+            fail("testJavaSerialization(): Unexpected IllegalBlockSizeException: " + ex);
+        } catch (BadPaddingException ex) {
+            ex.printStackTrace(System.err);
+            fail("testJavaSerialization(): Unexpected BadPaddingException: " + ex);
+        } catch (InvalidKeyException ex) {
+            ex.printStackTrace(System.err);
+            fail("testJavaSerialization(): Unexpected InvalidKeyException: " + ex);
+        } catch (InvalidAlgorithmParameterException ex) {
+            ex.printStackTrace(System.err);
+            fail("testJavaSerialization(): Unexpected InvalidAlgorithmParameterException: " + ex);
         }
-	}
-	
-	/**
-	 * Run all the test cases in this suite.
-	 * This is to allow running from {@code org.owasp.esapi.AllTests} which
-	 * uses a JUnit 3 test runner.
-	 */
-	public static junit.framework.Test suite() {
-		return new JUnit4TestAdapter(CipherTextTest.class);
-	}
-	
-	private static void removeFile(String fname) {
-    	try {
-    		if ( fname != null ) {
-    			File f = new File(fname);
-    			// Findbugs complains about ignoring this return value. Too bad.
-    			f.delete();
-    		}
-    	} catch(Exception ex) {
-    		;	// Do nothing
-    	}
-	}
+    }
+
+    /**
+     * Run all the test cases in this suite.
+     * This is to allow running from {@code org.owasp.esapi.AllTests} which
+     * uses a JUnit 3 test runner.
+     */
+    public static junit.framework.Test suite() {
+        return new JUnit4TestAdapter(CipherTextTest.class);
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
index 678b0acf8..b315867f5 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
@@ -91,7 +91,7 @@ public final void testArrayCompare() {
          * Unfortunately, can't rely no the nanosecond timer because as the
          * Javadoc for System.nanoTime() states, " No guarantees are made
          * about how frequently values change", so this is not very reliable.
-         * 
+         *
          * However, on can uncomment the code and observe that elapsed times
          * are generally less than 10 millionth of a second. I suppose if we
          * declared a large enough epsilon, we could make it work, but it is
@@ -99,7 +99,7 @@ public final void testArrayCompare() {
          * itself that it always goes through all the bits of the byte array
          * if it compares any bits at all.
          */
-        
+
 //        long start, stop, diff;
 
 //        start = System.nanoTime();
@@ -131,7 +131,13 @@ public final void testArrayCompare() {
 //        stop = System.nanoTime();
 //        diff = stop - start;
 //        System.out.println("diff: " + diff + " nanosec");
-        
+
+//        start = System.nanoTime();
+        assertFalse(CryptoHelper.arrayCompare(null, ba1));
+//        stop = System.nanoTime();
+//        diff = stop - start;
+//        System.out.println("diff: " + diff + " nanosec");
+
         ba2 = ba1;
 //        start = System.nanoTime();
         assertTrue(CryptoHelper.arrayCompare(ba1, ba2));
@@ -142,28 +148,28 @@ public final void testArrayCompare() {
 
     @Test
     public final void testIsValidKDFVersion() {
-    	assertTrue( CryptoHelper.isValidKDFVersion(20110203, false, false));
-    	assertTrue( CryptoHelper.isValidKDFVersion(20130830, false, false));
-    	assertTrue( CryptoHelper.isValidKDFVersion(33330303, false, false));
-    	assertTrue( CryptoHelper.isValidKDFVersion(99991231, false, false));
-
-    	assertFalse( CryptoHelper.isValidKDFVersion(0, false, false));
-    	assertFalse( CryptoHelper.isValidKDFVersion(99991232, false, false));
-    	assertFalse( CryptoHelper.isValidKDFVersion(20110202, false, false));
-
-    	assertTrue( CryptoHelper.isValidKDFVersion(20110203, true, false));
-    	assertTrue( CryptoHelper.isValidKDFVersion(KeyDerivationFunction.kdfVersion, true, false));
-    	assertFalse( CryptoHelper.isValidKDFVersion(KeyDerivationFunction.kdfVersion + 1, true, false));
-
-    	try {
-        	CryptoHelper.isValidKDFVersion(77777777, true, true);
-        	fail("Failed to CryptoHelper.isValidKDFVersion() failed to throw IllegalArgumentException.");
-    	}
-    	catch (Exception e) {
-    		assertTrue( e instanceof IllegalArgumentException);
-    	}
+        assertTrue( CryptoHelper.isValidKDFVersion(20110203, false, false));
+        assertTrue( CryptoHelper.isValidKDFVersion(20130830, false, false));
+        assertTrue( CryptoHelper.isValidKDFVersion(33330303, false, false));
+        assertTrue( CryptoHelper.isValidKDFVersion(99991231, false, false));
+
+        assertFalse( CryptoHelper.isValidKDFVersion(0, false, false));
+        assertFalse( CryptoHelper.isValidKDFVersion(99991232, false, false));
+        assertFalse( CryptoHelper.isValidKDFVersion(20110202, false, false));
+
+        assertTrue( CryptoHelper.isValidKDFVersion(20110203, true, false));
+        assertTrue( CryptoHelper.isValidKDFVersion(KeyDerivationFunction.kdfVersion, true, false));
+        assertFalse( CryptoHelper.isValidKDFVersion(KeyDerivationFunction.kdfVersion + 1, true, false));
+
+        try {
+            CryptoHelper.isValidKDFVersion(77777777, true, true);
+            fail("Failed to CryptoHelper.isValidKDFVersion() failed to throw IllegalArgumentException.");
+        }
+        catch (Exception e) {
+            assertTrue( e instanceof IllegalArgumentException);
+        }
     }
-    
+
     private void fillByteArray(byte[] ba, byte b) {
         for (int i = 0; i < ba.length; i++) {
             ba[i] = b;
@@ -186,4 +192,4 @@ private boolean checkByteArray(byte[] ba, byte b) {
     public static junit.framework.Test suite() {
         return new JUnit4TestAdapter(CryptoHelperTest.class);
     }
-}
\ No newline at end of file
+}
diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
index f81986550..250cdd457 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
@@ -15,7 +15,7 @@
 import org.owasp.esapi.errors.ValidationException;
 
 public class CryptoTokenTest {
-    
+
     private SecretKey skey1 = null;
     private SecretKey skey2 = null;
 
@@ -58,7 +58,7 @@ private void CTORtest(CryptoToken ctok, SecretKey sk) {
         assertEquals( ctok.getUserAccountName(), CryptoToken.ANONYMOUS_USER);
         assertFalse( ctok.isExpired() );
         long expTime1 = ctok.getExpiration();
-        
+
         CryptoToken ctok2 = null;
         try {
             if ( sk == null ) {
@@ -135,7 +135,7 @@ public final void testExpiration() {
 
         assertTrue( ctok.isExpired() );
         assertTrue( ctok2.isExpired() );
-        
+
         try {
             ctok2.updateToken(2);
         } catch (EncryptionException e) {
@@ -183,13 +183,11 @@ public final void testSetUserAccountName() {
         try {
             ctok.setUserAccountName(null);    // Can't be null
                 // Should get one of these, depending on whether or not assertions are enabled.
-            fail("Failed to throw expected AssertionError or NullPointerException");
-        } catch (ValidationException e) {
-            fail("Wrong type of exception thrown (ValidationException): " + e);
-        } catch (NullPointerException e) {
-            ;   // Success
-        } catch (AssertionError e) {
+            fail("Failed to throw expected IllegalArgumentException");
+        } catch (IllegalArgumentException e) {
             ;   // Success
+        } catch (Exception e) {
+            fail("Wrong type of exception thrown: " + e);
         }
         try {
             ctok.setUserAccountName("1773g4l");    // Can't start w/ numeric
@@ -203,7 +201,7 @@ public final void testSetUserAccountName() {
         } catch (ValidationException e) {
             ;   // Success
         }
-        
+
     }
 
     @Test
@@ -247,7 +245,7 @@ public final void testSetExpirationDate() {
             ;   // Success
         } catch (Exception e) {
             fail("Caught unexpected exception: " + e);
-        }   
+        }
     }
 
 
@@ -264,7 +262,7 @@ public final void testSetAndGetAttribute() {
         } catch (Exception e) {
             fail("Caught unexpected exception: " + e);
         }
-        
+
         // Test case where attr name does not match regex "[A-Za-z0-9_.-]+".
         // Expect ValidationException.
         try {
@@ -275,7 +273,7 @@ public final void testSetAndGetAttribute() {
         } catch (Exception e) {
             fail("Caught unexpected exception: " + e);
         }
-        
+
         // Test case where attr VALUE is not. Expect ValidationException.
         try {
             ctok.setAttribute("myAttr", null);
@@ -290,34 +288,42 @@ public final void testSetAndGetAttribute() {
         // where attribute values contains each of the values that will
         // be quoted, namely:   '\', '=', and ';'
         try {
+            String[] attrValues = { "\\", ";", "=", "foo=", "bar\\=", "foobar=\"" };
             String complexValue = "kwwall;1291183520293;abc=x=yx;xyz=;efg=a;a;;bbb=quotes\\tuff";
-            
-            ctok.setAttribute("..--__", ""); // Ugly, but legal attr name; empty is legal value.
-            ctok.setAttribute("attr1", "\\");
-            ctok.setAttribute("attr2", ";");
-            ctok.setAttribute("attr3", "=");
+
             ctok.setAttribute("complexAttr", complexValue);
+            ctok.setAttribute("..--__", ""); // Ugly weird but legal attr name; empty is legal value.
+
+            for ( int i = 0; i < attrValues.length; i++ ) {
+                String attrName = "attr" + i;
+                String attrVal  = attrValues[i];
+
+                ctok.setAttribute( attrName, attrVal );
+            }
+
             String tokenVal = ctok.getToken();
             assertNotNull("tokenVal should not be null", tokenVal);
-            
+
             CryptoToken ctok2 = new CryptoToken(tokenVal);
+
             String weirdAttr = ctok2.getAttribute("..--__");
             assertTrue("Expecting empty string for value of weird attr, but got: " + weirdAttr,
                        weirdAttr.equals(""));
 
-            String attr1 = ctok2.getAttribute("attr1");
-            assertTrue("attr1 has unexpected value of " + attr1, attr1.equals("\\") );
-
-            String attr2 = ctok2.getAttribute("attr2");
-            assertTrue("attr2 has unexpected value of " + attr2, attr2.equals(";") );
-
-            String attr3 = ctok2.getAttribute("attr3");
-            assertTrue("attr3 has unexpected value of " + attr3, attr3.equals("=") );
-
             String complexAttr = ctok2.getAttribute("complexAttr");
             assertNotNull(complexAttr);
             assertTrue("complexAttr has unexpected value of " + complexAttr, complexAttr.equals(complexValue) );
 
+            for ( int i = 0; i < attrValues.length; i++ ) {
+                String attrName  = "attr" + i;
+                String attrVal   = attrValues[i];
+                String retrieved = ctok2.getAttribute( attrName );
+                String assertMsg = "Exptected attribute '" + attrName + "' to have value of '" + attrVal + "', but had value of '" + retrieved;
+
+                assertTrue( assertMsg, attrVal.equals( attrVal ) );
+                ctok.setAttribute( attrName, attrVal );
+            }
+
         } catch (ValidationException e) {
             fail("Caught unexpected ValidationException: " + e);
         } catch (Exception e) {
@@ -331,7 +337,7 @@ public final void testSetAndGetAttribute() {
     // public Map<String, String> getAttributes()
     @Test
     public final void testAddandGetAttributes() {
-        CryptoToken ctok = new CryptoToken();       
+        CryptoToken ctok = new CryptoToken();
         Map<String, String> origAttrs = null;
 
         try {
@@ -342,7 +348,7 @@ public final void testAddandGetAttributes() {
             String val = ctok.getAttribute("attr2");
             assertTrue("Attribute map not cloned; crypto token attr changed!",
                        val.equals("value2") );  // Confirm original attr2 did not change
-            
+
             origAttrs.put("attr3", "value3");
             origAttrs.put("attr4", "value4");
             ctok.addAttributes(origAttrs);
@@ -355,11 +361,11 @@ public final void testAddandGetAttributes() {
         } catch (EncryptionException e) {
             fail("Caught unexpected EncryptionException: " + e);
         }
-        
+
         Map<String, String> extractedAttrs = ctok.getAttributes();
         assertTrue("Expected extracted attrs to be equal to original attrs",
                    origAttrs.equals(extractedAttrs));
-                
+
         origAttrs.put("/illegalAttrName/", "someValue");
         try {
             ctok.addAttributes(origAttrs);
@@ -370,7 +376,7 @@ public final void testAddandGetAttributes() {
             e.printStackTrace(System.err);
             fail("Caught unexpected exception: " + e);
         }
-        
+
         origAttrs.clear();
         CryptoToken ctok2 = null;
         try {
@@ -379,7 +385,7 @@ public final void testAddandGetAttributes() {
         } catch (EncryptionException e) {
             fail("Unexpected EncryptionException");
         }
-        
+
         try {
             ctok2.addAttributes(origAttrs);     // Add (empty) attribute map
         } catch (ValidationException e) {
@@ -393,7 +399,9 @@ public final void testAddandGetAttributes() {
     private static void nap(int n) {
         try {
             System.out.println("Sleeping " + n + " seconds...");
-            Thread.sleep( n * 1000 );
+            // adds additional time to make sure we sleep more than n seconds
+            int additionalTimeToSleep = 100;
+            Thread.sleep( n * 1000 + additionalTimeToSleep );
         } catch (InterruptedException e) {
             ;   // Ignore
         }
diff --git a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
index e54ad33f8..a93ce6cfb 100644
--- a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
@@ -1,231 +1,232 @@
-/*
- * OWASP Enterprise Security API (ESAPI) - Google issue # 306.
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2013 - The OWASP Foundation
- * ESAPI is published by OWASP under the new BSD license. You should read
- * and accept the LICENSE before you use, modify, and/or redistribute this
- * software.
- * 
- * Full credit for this JUnit to illustrate what is now Google Issue # 306
- * goes to Philippe Arteau <philippe.arteau@gmail.com>. Originally
- * published 2013/08/21 to ESAPI-DEV mailing list. Shows that both
- * ESAPI 2.0 and 2.0.1 is vulnerable. Minor tweaks by Kevin W. Wall.
- *
- * Original class name: SignatureByPassTest.
- * 
- * NOTE: If this test fails, your version of ESAPI is vulnerable (or you have
- * 		 it configured not to require a MAC which you should NOT do).
- */
-
-package org.owasp.esapi.crypto;
-
-import org.apache.commons.codec.binary.Hex;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.util.ByteConversionUtil;
-
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import java.io.ByteArrayOutputStream;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Field;
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.InvalidKeySpecException;
-import java.util.Date;
-
-import static org.junit.Assert.*;
-import org.junit.Before;
-import org.junit.Test;
-
-
-public class ESAPICryptoMACByPassTest {
-
-    @Before
-    public void setUp() throws NoSuchAlgorithmException, InvalidKeySpecException {
-    	; // Do any prerequisite setup here.
-    }
-
-    @Test
-    public void testMacBypass() throws EncryptionException, NoSuchFieldException, IllegalAccessException {
-
-        byte[] bkey = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xA,0x0B,0x0C,0x0D,0x0E,0x0F}; //Truly random key. ;-)
-        SecretKey sk = new SecretKeySpec(bkey,"AES");
-
-        //Encryption with MAC
-        String originalMessage = "Cryptography!?!?";
-        System.out.printf("Encrypting the message '%s'\n", originalMessage);
-        	// Until there is a better way to do this. But this is much easier
-        	// than having to set up a custom ESAPI.properties file just for
-        	// this test.
-        	//
-        	// NOTE: Philippe Arteau's original exploit used "AES/OFB/NoPadding"
-            //       so that one could see that the effect of the decryption would
-        	//		 be "Craptography!?!?". However, if you wish to do that, then
-        	//		 you must also change the ESAPI.properties file used by ESAPI
-        	//		 JUnit tests sp that "OFB" is accepted as an allowed cipher
-        	//		 mode. The easiest way to do that (if you are still not convinced)
-        	//		 is to add "OFB" mode to Encryptor.cipher_modes.additional_allowed;
-        	//		 e.g.,  Encryptor.cipher_modes.additional_allowed=CBC,OFB
-        	//
-        String origCipherXform =
-        	ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/NoPadding");
-        CipherText ct = ESAPI.encryptor().encrypt(sk,new PlainText(originalMessage));
-
-        //Serialize the ciphertext in order to send it over the wire..
-        byte[] serializedCt = ct.asPortableSerializedByteArray();
-
-        //Malicious modification
-        byte[] modifiedCt = tamperCipherText(serializedCt);
-
-        //Decrypt
-        CipherText modifierCtObj = CipherText.fromPortableSerializedBytes(modifiedCt);
-        try {
-        	ESAPI.securityConfiguration().setCipherTransformation(origCipherXform);
-        		// This decryption should fail by throwing an EncryptionException
-        		// if ESAPI crypto is NOT vulnerable and you never get to the
-        		// subsequent lines in the try block.
-            PlainText pt = ESAPI.encryptor().decrypt(sk,modifierCtObj);
-            System.out.printf("Decrypting to '%s' (probably will look like garbage!)\n", new String(pt.asBytes()));
-            System.out.println("This ESAPI version vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
-            fail("This ESAPI version is vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
-        } catch(EncryptionException eex) {
-        	String errMsg = eex.getMessage();
-        		// See private String DECRYPTION_FAILED in JavaEncryptor.
-        	String expectedError = "Decryption failed; see logs for details.";
-        	assertTrue( errMsg.equals(expectedError) );
-        	System.out.println("testMacByPass(): Attempted decryption after MAC tampering failed.");
-            System.out.println("Fix of issue # 306 successful. Crypto MAC by-pass test failed; exception was: [" + eex + "]");
-        }
-    }
-
-    /**
-     * The modification of the ciphertext is done in a separate method to show that only the generate CipherText object is use.
-     * @param serializeCt
-     */
-    private byte[] tamperCipherText(byte[] serializeCt) throws EncryptionException, NoSuchFieldException, IllegalAccessException {
-        CipherText ct = CipherText.fromPortableSerializedBytes(serializeCt);
-
-        //Ciphertext metadata
-        //System.out.println(ct.toString());
-
-        byte[] cipherTextMod = ct.getRawCipherText();
-
-        System.out.printf("Original ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
-
-        cipherTextMod[2] ^= 'y' ^ 'a'; //Alter the 3rd character
-
-        System.out.printf("Modify ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
-
-        //MAC ... what MAC ?
-        Field f2 = ct.getClass().getDeclaredField("separate_mac_");
-        f2.setAccessible(true);
-        f2.set(ct,null); //mac byte array set to null
-
-        //Changing CT
-        Field f3 = ct.getClass().getDeclaredField("raw_ciphertext_");
-        f3.setAccessible(true);
-        f3.set(ct,cipherTextMod);
-
-        //return ct.asPortableSerializedByteArray(); //Will complain about missing mac
-        //return new CipherTextSerializer(ct).asSerializedByteArray(); //NPE on mac.length
-        return serialize(ct); //Modify version of CipherTextSerializer.asSerializedByteArray()
-    }
-
-    /////////////////////////////////////////////////////////////////////
-    // The following code is a modified version of CipherTextSerializer
-    /////////////////////////////////////////////////////////////////////
-
-    private byte[] serialize(CipherText cipherText_) {
-        int kdfInfo = cipherText_.getKDFInfo();
-
-        long timestamp = cipherText_.getEncryptionTimestamp();
-        String cipherXform = cipherText_.getCipherTransformation();
-
-        short keySize = (short) cipherText_.getKeySize();
-
-        short blockSize = (short)cipherText_.getBlockSize();
-        byte[] iv = cipherText_.getIV();
-
-        short ivLen = (short)iv.length;
-        byte[] rawCiphertext = cipherText_.getRawCipherText();
-        int ciphertextLen = rawCiphertext.length;
-
-        byte[] mac = cipherText_.getSeparateMAC();
-
-        short macLen = 0;//(short)mac.length; //<-------------- The only modification to the serialization
-
-        return computeSerialization(kdfInfo, timestamp, cipherXform, keySize, blockSize, ivLen, iv, ciphertextLen, rawCiphertext, macLen, mac);
-    }
-
-    private byte[] computeSerialization(int kdfInfo, long timestamp, String cipherXform, short keySize, short blockSize, short ivLen, byte[] iv, int ciphertextLen, byte[] rawCiphertext, short macLen, byte[] mac)
-    {
-        debug("computeSerialization: kdfInfo = " + kdfInfo);
-        debug("computeSerialization: timestamp = " + new Date(timestamp));
-        debug("computeSerialization: cipherXform = " + cipherXform);
-        debug("computeSerialization: keySize = " + keySize);
-        debug("computeSerialization: blockSize = " + blockSize);
-        debug("computeSerialization: ivLen = " + ivLen);
-        debug("computeSerialization: ciphertextLen = " + ciphertextLen);
-        debug("computeSerialization: macLen = " + macLen);
-
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        writeInt(baos, kdfInfo);
-        writeLong(baos, timestamp);
-        String[] parts = cipherXform.split("/");
-        assert (parts.length == 3) : "Malformed cipher transformation";
-        writeString(baos, cipherXform);
-        writeShort(baos, keySize);
-        writeShort(baos, blockSize);
-        writeShort(baos, ivLen);
-        if (ivLen > 0) baos.write(iv, 0, iv.length);
-        writeInt(baos, ciphertextLen);
-        baos.write(rawCiphertext, 0, rawCiphertext.length);
-        writeShort(baos, macLen);
-        if (macLen > 0) baos.write(mac, 0, mac.length);
-        return baos.toByteArray();
-    }
-
-    private static void debug(String msg) {
-        // System.err.println(msg);
-    }
-
-    private void writeShort(ByteArrayOutputStream baos, short s) {
-        byte[] shortAsByteArray = ByteConversionUtil.fromShort(s);
-        assert (shortAsByteArray.length == 2);
-        baos.write(shortAsByteArray, 0, 2);
-    }
-
-    private void writeInt(ByteArrayOutputStream baos, int i) {
-        byte[] intAsByteArray = ByteConversionUtil.fromInt(i);
-        baos.write(intAsByteArray, 0, 4);
-    }
-
-    private void writeLong(ByteArrayOutputStream baos, long l) {
-        byte[] longAsByteArray = ByteConversionUtil.fromLong(l);
-        assert (longAsByteArray.length == 8);
-        baos.write(longAsByteArray, 0, 8);
-    }
-
-    private void writeString(ByteArrayOutputStream baos, String str)
-    {
-        try
-        {
-            assert ((str != null) && (str.length() > 0));
-            byte[] bytes = str.getBytes("UTF8");
-            assert (bytes.length < 32767) : "writeString: String exceeds max length";
-            writeShort(baos, (short)bytes.length);
-            baos.write(bytes, 0, bytes.length);
-        }
-        catch (UnsupportedEncodingException e)
-        {
-            System.err.println("writeString: " + e.getMessage());
-        }
-    }
-
-}
\ No newline at end of file
+/*
+ * OWASP Enterprise Security API (ESAPI) - Google issue # 306.
+ * (i.e., GitHub issue 312).
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2013 - The OWASP Foundation
+ * ESAPI is published by OWASP under the new BSD license. You should read
+ * and accept the LICENSE before you use, modify, and/or redistribute this
+ * software.
+ *
+ * Full credit for this JUnit to illustrate what is now Google Issue # 306
+ * goes to Philippe Arteau <philippe.arteau@gmail.com>. Originally
+ * published 2013/08/21 to ESAPI-DEV mailing list. Shows that both
+ * ESAPI 2.0 and 2.0.1 is vulnerable. Minor tweaks by Kevin W. Wall.
+ *
+ * Original class name: SignatureByPassTest.
+ *
+ * NOTE: If this test fails, your version of ESAPI is vulnerable (or you have
+ *          it configured not to require a MAC which you should NOT do).
+ */
+
+package org.owasp.esapi.crypto;
+
+import org.apache.commons.codec.binary.Hex;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.util.ByteConversionUtil;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.ByteArrayOutputStream;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.Date;
+
+import static org.junit.Assert.*;
+import org.junit.Before;
+import org.junit.Test;
+
+
+public class ESAPICryptoMACByPassTest {
+
+    @Before
+    public void setUp() throws NoSuchAlgorithmException, InvalidKeySpecException {
+        ; // Do any prerequisite setup here.
+    }
+
+    @Test
+    public void testMacBypass() throws EncryptionException, NoSuchFieldException, IllegalAccessException {
+
+        byte[] bkey = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xA,0x0B,0x0C,0x0D,0x0E,0x0F}; //Truly random key. ;-)
+        SecretKey sk = new SecretKeySpec(bkey,"AES");
+
+        //Encryption with MAC
+        String originalMessage = "Cryptography!?!?";
+        System.out.printf("Encrypting the message '%s'\n", originalMessage);
+            // Until there is a better way to do this. But this is much easier
+            // than having to set up a custom ESAPI.properties file just for
+            // this test.
+            //
+            // NOTE: Philippe Arteau's original exploit used "AES/OFB/NoPadding"
+            //       so that one could see that the effect of the decryption would
+            //         be "Craptography!?!?". However, if you wish to do that, then
+            //         you must also change the ESAPI.properties file used by ESAPI
+            //         JUnit tests sp that "OFB" is accepted as an allowed cipher
+            //         mode. The easiest way to do that (if you are still not convinced)
+            //         is to add "OFB" mode to Encryptor.cipher_modes.additional_allowed;
+            //         e.g.,  Encryptor.cipher_modes.additional_allowed=CBC,OFB
+            //
+        String origCipherXform =
+            ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/NoPadding");
+        CipherText ct = ESAPI.encryptor().encrypt(sk,new PlainText(originalMessage));
+
+        //Serialize the ciphertext in order to send it over the wire..
+        byte[] serializedCt = ct.asPortableSerializedByteArray();
+
+        //Malicious modification
+        byte[] modifiedCt = tamperCipherText(serializedCt);
+
+        //Decrypt
+        CipherText modifierCtObj = CipherText.fromPortableSerializedBytes(modifiedCt);
+        try {
+            ESAPI.securityConfiguration().setCipherTransformation(origCipherXform);
+                // This decryption should fail by throwing an EncryptionException
+                // if ESAPI crypto is NOT vulnerable and you never get to the
+                // subsequent lines in the try block.
+            PlainText pt = ESAPI.encryptor().decrypt(sk,modifierCtObj);
+            System.out.printf("Decrypting to '%s' (probably will look like garbage!)\n", new String(pt.asBytes()));
+            System.out.println("This ESAPI version vulnerable to MAC by-pass described in GitHub issue # 312! Upgrade to latest version.");
+            fail("This ESAPI version is vulnerable to MAC by-pass described in GitHub issue # 312! Upgrade to latest version.");
+        } catch(EncryptionException eex) {
+            String errMsg = eex.getMessage();
+                // See private String DECRYPTION_FAILED in JavaEncryptor.
+            String expectedError = "Decryption failed; see logs for details.";
+            assertTrue( errMsg.equals(expectedError) );
+            System.out.println("testMacByPass(): Attempted decryption after MAC tampering failed.");
+            System.out.println("Fix of issue # 306 successful. Crypto MAC by-pass test failed; exception was: [" + eex + "]");
+        }
+    }
+
+    /**
+     * The modification of the ciphertext is done in a separate method to show that only the generate CipherText object is use.
+     * @param serializeCt
+     */
+    private byte[] tamperCipherText(byte[] serializeCt) throws EncryptionException, NoSuchFieldException, IllegalAccessException {
+        CipherText ct = CipherText.fromPortableSerializedBytes(serializeCt);
+
+        //Ciphertext metadata
+        //System.out.println(ct.toString());
+
+        byte[] cipherTextMod = ct.getRawCipherText();
+
+        System.out.printf("Original ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
+
+        cipherTextMod[2] ^= 'y' ^ 'a'; //Alter the 3rd character
+
+        System.out.printf("Modify ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
+
+        //MAC ... what MAC ?
+        Field f2 = ct.getClass().getDeclaredField("separate_mac_");
+        f2.setAccessible(true);
+        f2.set(ct,null); //mac byte array set to null
+
+        //Changing CT
+        Field f3 = ct.getClass().getDeclaredField("raw_ciphertext_");
+        f3.setAccessible(true);
+        f3.set(ct,cipherTextMod);
+
+        //return ct.asPortableSerializedByteArray(); //Will complain about missing mac
+        //return new CipherTextSerializer(ct).asSerializedByteArray(); //NPE on mac.length
+        return serialize(ct); //Modify version of CipherTextSerializer.asSerializedByteArray()
+    }
+
+    /////////////////////////////////////////////////////////////////////
+    // The following code is a modified version of CipherTextSerializer
+    /////////////////////////////////////////////////////////////////////
+
+    private byte[] serialize(CipherText cipherText_) {
+        int kdfInfo = cipherText_.getKDFInfo();
+
+        long timestamp = cipherText_.getEncryptionTimestamp();
+        String cipherXform = cipherText_.getCipherTransformation();
+
+        short keySize = (short) cipherText_.getKeySize();
+
+        short blockSize = (short)cipherText_.getBlockSize();
+        byte[] iv = cipherText_.getIV();
+
+        short ivLen = (short)iv.length;
+        byte[] rawCiphertext = cipherText_.getRawCipherText();
+        int ciphertextLen = rawCiphertext.length;
+
+        byte[] mac = cipherText_.getSeparateMAC();
+
+        short macLen = 0;//(short)mac.length; //<-------------- The only modification to the serialization
+
+        return computeSerialization(kdfInfo, timestamp, cipherXform, keySize, blockSize, ivLen, iv, ciphertextLen, rawCiphertext, macLen, mac);
+    }
+
+    private byte[] computeSerialization(int kdfInfo, long timestamp, String cipherXform, short keySize, short blockSize, short ivLen, byte[] iv, int ciphertextLen, byte[] rawCiphertext, short macLen, byte[] mac)
+    {
+        debug("computeSerialization: kdfInfo = " + kdfInfo);
+        debug("computeSerialization: timestamp = " + new Date(timestamp));
+        debug("computeSerialization: cipherXform = " + cipherXform);
+        debug("computeSerialization: keySize = " + keySize);
+        debug("computeSerialization: blockSize = " + blockSize);
+        debug("computeSerialization: ivLen = " + ivLen);
+        debug("computeSerialization: ciphertextLen = " + ciphertextLen);
+        debug("computeSerialization: macLen = " + macLen);
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        writeInt(baos, kdfInfo);
+        writeLong(baos, timestamp);
+        String[] parts = cipherXform.split("/");
+        assert (parts.length == 3) : "Malformed cipher transformation";
+        writeString(baos, cipherXform);
+        writeShort(baos, keySize);
+        writeShort(baos, blockSize);
+        writeShort(baos, ivLen);
+        if (ivLen > 0) baos.write(iv, 0, iv.length);
+        writeInt(baos, ciphertextLen);
+        baos.write(rawCiphertext, 0, rawCiphertext.length);
+        writeShort(baos, macLen);
+        if (macLen > 0) baos.write(mac, 0, mac.length);
+        return baos.toByteArray();
+    }
+
+    private static void debug(String msg) {
+        // System.err.println(msg);
+    }
+
+    private void writeShort(ByteArrayOutputStream baos, short s) {
+        byte[] shortAsByteArray = ByteConversionUtil.fromShort(s);
+        assert (shortAsByteArray.length == 2);
+        baos.write(shortAsByteArray, 0, 2);
+    }
+
+    private void writeInt(ByteArrayOutputStream baos, int i) {
+        byte[] intAsByteArray = ByteConversionUtil.fromInt(i);
+        baos.write(intAsByteArray, 0, 4);
+    }
+
+    private void writeLong(ByteArrayOutputStream baos, long l) {
+        byte[] longAsByteArray = ByteConversionUtil.fromLong(l);
+        assert (longAsByteArray.length == 8);
+        baos.write(longAsByteArray, 0, 8);
+    }
+
+    private void writeString(ByteArrayOutputStream baos, String str)
+    {
+        try
+        {
+            assert ((str != null) && (str.length() > 0));
+            byte[] bytes = str.getBytes("UTF8");
+            assert (bytes.length < 32767) : "writeString: String exceeds max length";
+            writeShort(baos, (short)bytes.length);
+            baos.write(bytes, 0, bytes.length);
+        }
+        catch (UnsupportedEncodingException e)
+        {
+            System.err.println("writeString: " + e.getMessage());
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/crypto/KeyDerivationFunctionTest.java b/src/test/java/org/owasp/esapi/crypto/KeyDerivationFunctionTest.java
new file mode 100644
index 000000000..3fdf7c8f4
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/crypto/KeyDerivationFunctionTest.java
@@ -0,0 +1,209 @@
+package org.owasp.esapi.crypto;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+
+import static org.junit.Assert.*;
+import org.junit.BeforeClass;
+import org.junit.Before;
+import org.junit.Test;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.owasp.esapi.crypto.KeyDerivationFunction;
+import org.owasp.esapi.crypto.CryptoHelper;
+import org.owasp.esapi.errors.EncryptionException;
+
+public class KeyDerivationFunctionTest {
+
+    private static SecretKey desKey;
+    private static SecretKey tdes2key;
+    private static SecretKey tdes3key;
+    private static SecretKey aes128key;
+    private static SecretKey aes192key;
+    private static SecretKey aes256key;
+    private static SecretKey shortKey;
+
+    private KeyDerivationFunction kdfSha1;
+    private KeyDerivationFunction kdfSha256;
+
+    @BeforeClass
+    public static void setupStatic() {
+        try {
+            desKey    = CryptoHelper.generateSecretKey("DES", 56);
+            tdes2key  = CryptoHelper.generateSecretKey("DESede", 112);
+            tdes3key  = CryptoHelper.generateSecretKey("DESede", 168);
+            aes128key = CryptoHelper.generateSecretKey("AES", 128);
+            aes128key = CryptoHelper.generateSecretKey("AES", 128);
+            aes192key = CryptoHelper.generateSecretKey("AES", 192);
+            aes256key = CryptoHelper.generateSecretKey("AES", 256);
+
+            shortKey  = new SecretKeySpec(desKey.getEncoded(), 0, 5, "Blowfish");   // 40-bits. Blowfish has var key size
+        } catch (EncryptionException e) {
+            fail("Caught unexpected EncryptionException while generating keys; msg was "
+                    + e.getMessage());
+        }
+    }
+
+    @Before
+    public void setup() {
+        kdfSha1     = new KeyDerivationFunction( KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1 );
+        kdfSha256   = new KeyDerivationFunction( KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA256 );
+    }
+
+    @Test(expected = EncryptionException.class)
+    public void testKeyTooShort() throws EncryptionException {
+        // System.out.println("testKeyTooShort");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( shortKey, 128, "encryption" );
+            fail("testKeyTooShort: Expected IllegalArgumentException to be thrown.");
+        } catch ( NoSuchAlgorithmException | InvalidKeyException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testKeySizeTooShort() {
+        // System.out.println("testKeySizeTooShort");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 40, "encryption" );   // Min size is 56 bits
+            fail("testKeySizeTooShort: Expected IllegalArgumentException to be thrown.");
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullKey() {
+        // System.out.println("testNullKey");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( null, 56, "encryption" );        // Null key disallowed
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testKeySizeNotEvenNumberOfBytes() {
+        // System.out.println("testKeySizeNotEvenNumberOfBytes");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 60, "encryption" );   // 60 % 8 == 4
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testPurposeNull() {
+        // System.out.println("testPurposeNull");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 128, null );   // purpose is null
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testPurposeEmpty() {
+        // System.out.println("testPurposeEmpty");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 128, "" );   // purpose is empty string
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test
+    public void testSunnyDay() {
+        // System.out.println("testSunnyDay");
+        try {
+            SecretKey key1 = kdfSha1.computeDerivedKey( aes128key, 128, "encryption" );
+            assertTrue(key1 != null);
+            assertTrue( key1.getEncoded().length == 128 / 8 );
+
+            SecretKey key2 = kdfSha1.computeDerivedKey( aes128key, 128, "authenticity" );
+            assertTrue(key2 != null);
+            assertTrue( key2.getEncoded().length == 128 / 8 );
+
+            SecretKey key1b = kdfSha1.computeDerivedKey( aes128key, 128, "encryption" );
+
+            assertTrue( java.security.MessageDigest.isEqual( key1.getEncoded(), key1b.getEncoded() ) );
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key2.getEncoded() ) );
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test
+    public void testSunnyDay2() {       // Two sunny day tests in a row!? This inevitably will fail if run in Columbus, OH.
+        // System.out.println("testSunnyDay2");
+        try {
+            SecretKey key1 = kdfSha256.computeDerivedKey( aes256key, 192, "Why am I here?" );
+            assertTrue(key1 != null);
+            assertTrue( key1.getEncoded().length == 192 / 8 );
+
+            // Be honest. You thought I was goint to say "42", didn't you?
+            SecretKey key2 = kdfSha256.computeDerivedKey( aes256key, 192, "No doubt, to annoy people." );
+            assertTrue(key2 != null);
+            assertTrue( key2.getEncoded().length == 192 / 8 );
+
+                // Should be different because different purpose given for each.
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key2.getEncoded() ) );
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test
+    public void testSetContext() {
+        // System.out.println("testSetContext");
+        try {
+            SecretKey key1 = kdfSha256.computeDerivedKey( aes128key, 128, "encryption" );
+            assertTrue(key1 != null);
+            assertTrue( key1.getEncoded().length == 128 / 8 );
+
+            SecretKey key2 = kdfSha1.computeDerivedKey( aes128key, 128, "encryption" );
+
+                // Should be false because one uses HmacSHA256 and the other uses HmacSHA1
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key2.getEncoded() ) );
+
+            kdfSha256.setContext( "plugh xyzzy" );  // Change context. Originally it is empty string.
+            SecretKey key1b = kdfSha256.computeDerivedKey( aes128key, 128, "encryption" );
+            assertTrue(key1b != null);
+            assertTrue( key1b.getEncoded().length == 128 / 8 );
+
+                // Should be false because different contexts used.
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key1b.getEncoded() ) );
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testSetContextToNull() {
+        // System.out.println("testSetContextToNull");
+        try {
+            SecretKey key1 = kdfSha256.computeDerivedKey( aes128key, 128, "encryption" );
+            kdfSha256.setContext( null );   // Throws IllegalArgumentExeption
+
+            fail("testSetContextToNull: Expected IllegalArgumentException to be thrown.");
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    /**
+     * Run all the test cases in this suite. This is to allow running from
+     * {@code org.owasp.esapi.AllTests} which uses a JUnit 3 test runner.
+     */
+    public static junit.framework.Test suite() {
+        // System.out.println("In suite()");
+        return new JUnit4TestAdapter(KeyDerivationFunctionTest.class);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java b/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java
index b7e1af076..3f65b2647 100644
--- a/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java
@@ -10,124 +10,115 @@
 import org.owasp.esapi.crypto.PlainText;
 
 public class PlainTextTest {
-	
-	private String unicodeStr = "A\u00ea\u00f1\u00fcC";	// I.e., "AêñüC"
-	private String altString  = "AêñüC";				// Same as above.
-	
-	/* NOTE: This test will not work on Windows unless executed under
-	 * Eclipse and the file is stored / treated as a UTF-8 encoded file
-	 * rather than the Windows native OS encoding of Windows-1252 (aka,
-	 * CP-1252). Therefore this test case has a check to not run the test
-	 * unless
-	 *     unicodeStr.equals(altString)
-	 * is true. If not the test is skipped and a message is printed to stderr.
-	 * Jim Manico made an attempt to address this (see private email to
-	 * kevin.w.wall@gmail.com on 11/26/2009, subject "Re: [OWASP-ESAPI] Unit
-	 * Tests Status") to correct this problem by setting some SVN attribute
-	 * to standardize all source files to UTF-8, but not all Subversion clients
-	 * are either honoring this or perhaps Windows just overrides this. Either
-	 * way, this test (which used to be an assertTrue() expression) was
-	 * introduced to account for this.
-	 */
-	@Test
-	public final void testUnicodeString() {
-	    // These 2 strings are *meant* to be equal. If they are not, please
-	    // do *NOT* change the test. It's a Windows thing. Sorry. Change your
-	    // OS instead. ;-)
-	    if ( ! unicodeStr.equals(altString) ) {
-	        System.err.println("Skipping JUnit test case " +
-	                           "PlainTextTest.testUnicodeString() on OS " +
-	                           System.getProperty("os.name") );
-	        return;
-	    }
-		try {
-			byte[] utf8Bytes = unicodeStr.getBytes("UTF-8");
-			PlainText pt1 = new PlainText(unicodeStr);
-			PlainText pt2 = new PlainText(altString);
-			
-			assertTrue( pt1.equals(pt1) );   // Equals self
-			assertFalse( pt1.equals(null) );
-			assertTrue( pt1.equals(pt2) );
-			assertFalse( pt1.equals( unicodeStr ) );
-			assertTrue( pt1.length() == utf8Bytes.length );
-			assertTrue( Arrays.equals(utf8Bytes, pt1.asBytes()) );			
-			assertTrue( pt1.hashCode() == unicodeStr.hashCode() );
-			
-		} catch (UnsupportedEncodingException e) {
-			fail("No UTF-8 byte encoding: " + e);
-			e.printStackTrace(System.err);
-		}
-	}
-	
-	@Test
-	public final void testNullCase() {
-	    int counter = 0;
-	    try {
+
+    private String unicodeStr = "A\u00ea\u00f1\u00fcC";    // I.e., "AêñüC"
+    private String altString  = "AêñüC";                // Same as above.
+
+    /* NOTE: This test will not work on Windows unless executed under
+     * Eclipse and the file is stored / treated as a UTF-8 encoded file
+     * rather than the Windows native OS encoding of Windows-1252 (aka,
+     * CP-1252). Therefore this test case has a check to not run the test
+     * unless
+     *     unicodeStr.equals(altString)
+     * is true. If not the test is skipped and a message is printed to stderr.
+     * Jim Manico made an attempt to address this (see private email to
+     * kevin.w.wall@gmail.com on 11/26/2009, subject "Re: [OWASP-ESAPI] Unit
+     * Tests Status") to correct this problem by setting some SVN attribute
+     * to standardize all source files to UTF-8, but not all Subversion clients
+     * are either honoring this or perhaps Windows just overrides this. Either
+     * way, this test (which used to be an assertTrue() expression) was
+     * introduced to account for this.
+     */
+    @Test
+    public final void testUnicodeString() {
+        // These 2 strings are *meant* to be equal. If they are not, please
+        // do *NOT* change the test. It's a Windows thing. Sorry. Change your
+        // OS instead. ;-)
+        if ( ! unicodeStr.equals(altString) ) {
+            System.err.println("Skipping JUnit test case " +
+                               "PlainTextTest.testUnicodeString() on OS " +
+                               System.getProperty("os.name") );
+            return;
+        }
+        try {
+            byte[] utf8Bytes = unicodeStr.getBytes("UTF-8");
+            PlainText pt1 = new PlainText(unicodeStr);
+            PlainText pt2 = new PlainText(altString);
+
+            assertTrue( pt1.equals(pt1) );   // Equals self
+            assertFalse( pt1.equals(null) );
+            assertTrue( pt1.equals(pt2) );
+            assertFalse( pt1.equals( unicodeStr ) );
+            assertTrue( pt1.length() == utf8Bytes.length );
+            assertTrue( Arrays.equals(utf8Bytes, pt1.asBytes()) );
+            assertTrue( pt1.hashCode() == unicodeStr.hashCode() );
+
+        } catch (UnsupportedEncodingException e) {
+            fail("No UTF-8 byte encoding: " + e);
+            e.printStackTrace(System.err);
+        }
+    }
+
+    @Test
+    public final void testNullCase() {
+        int counter = 0;
+        try {
             byte[] bytes = null;
             PlainText pt = new PlainText(bytes);
-            assertTrue( pt != null );   // Should never get to here.
-            fail("testNullCase(): Expected NullPointerException or AssertionError");
-        } catch (NullPointerException e) {
-            // Will get this case if assertions are not enabled for PlainText.
-            // System.err.println("Caught NullPointerException; exception was: " + e);
-            // e.printStackTrace(System.err);
-            counter++;
-        } catch (AssertionError e) {
-            // Will get this case if assertions *are* enabled for PlainText.
-            // System.err.println("Caught AssertionError; exception was: " + e);
-            // e.printStackTrace(System.err);
-            counter++;
-        } finally {
-            assertTrue( counter > 0 );
+            fail("testNullCase(): Expected IllegalArgumentException");
+        } catch (IllegalArgumentException e) {
+            ;   // Success
+        } catch (Exception e) {
+            fail("testNullCase(): Caught unexpected exception: " + e);
         }
-	}
+    }
 
-	@Test
-	public final void testEmptyString() {
-		PlainText mt  = new PlainText("");
-		assertTrue( mt.length() == 0 );
-		byte[] ba = mt.asBytes();
-		assertTrue( ba != null && ba.length == 0 );
-	}
+    @Test
+    public final void testEmptyString() {
+        PlainText mt  = new PlainText("");
+        assertTrue( mt.length() == 0 );
+        byte[] ba = mt.asBytes();
+        assertTrue( ba != null && ba.length == 0 );
+    }
 
-	@Test
-	public final void testOverwrite() {
-		try {
-			byte[] origBytes = unicodeStr.getBytes("UTF-8");
-			PlainText pt = new PlainText(origBytes);
-			assertTrue( pt.toString().equals(unicodeStr) );
-			assertTrue( Arrays.equals(origBytes, pt.asBytes()) );			
-			assertTrue( pt.hashCode() == unicodeStr.hashCode() );
-			
-			int origLen = origBytes.length;
+    @Test
+    public final void testOverwrite() {
+        try {
+            byte[] origBytes = unicodeStr.getBytes("UTF-8");
+            PlainText pt = new PlainText(origBytes);
+            assertTrue( pt.toString().equals(unicodeStr) );
+            assertTrue( Arrays.equals(origBytes, pt.asBytes()) );
+            assertTrue( pt.hashCode() == unicodeStr.hashCode() );
 
-			pt.overwrite();
-	        byte[] overwrittenBytes = pt.asBytes();
-			assertTrue( overwrittenBytes != null );
-			assertFalse( Arrays.equals( origBytes, overwrittenBytes ) );
+            int origLen = origBytes.length;
 
-			// Ensure that ALL the bytes overwritten with '*'.
-			int afterLen = overwrittenBytes.length;
-			assertTrue( origLen == afterLen );
-			int sum = 0;
-			for( int i = 0; i < afterLen; i++ ) {
-			    if ( overwrittenBytes[i] == '*' ) {
-			        sum++;
-			    }
-			}
-			assertTrue( afterLen == sum );
-		} catch (UnsupportedEncodingException e) {
-			fail("No UTF-8 byte encoding: " + e);
-			e.printStackTrace(System.err);
-		}
-	}
+            pt.overwrite();
+            byte[] overwrittenBytes = pt.asBytes();
+            assertTrue( overwrittenBytes != null );
+            assertFalse( Arrays.equals( origBytes, overwrittenBytes ) );
+
+            // Ensure that ALL the bytes overwritten with '*'.
+            int afterLen = overwrittenBytes.length;
+            assertTrue( origLen == afterLen );
+            int sum = 0;
+            for( int i = 0; i < afterLen; i++ ) {
+                if ( overwrittenBytes[i] == '*' ) {
+                    sum++;
+                }
+            }
+            assertTrue( afterLen == sum );
+        } catch (UnsupportedEncodingException e) {
+            fail("No UTF-8 byte encoding: " + e);
+            e.printStackTrace(System.err);
+        }
+    }
 
-	/**
-	 * Run all the test cases in this suite.
-	 * This is to allow running from {@code org.owasp.esapi.AllTests} which
-	 * uses a JUnit 3 test runner.
-	 */
-	public static junit.framework.Test suite() {
-		return new JUnit4TestAdapter(PlainTextTest.class);
-	}
+    /**
+     * Run all the test cases in this suite.
+     * This is to allow running from {@code org.owasp.esapi.AllTests} which
+     * uses a JUnit 3 test runner.
+     */
+    public static junit.framework.Test suite() {
+        return new JUnit4TestAdapter(PlainTextTest.class);
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
index cba2da0ae..441b07bd9 100644
--- a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
@@ -32,7 +32,7 @@
 public class SecurityProviderLoaderTest {
 
     private static boolean HAS_BOUNCY_CASTLE = false;
-    
+
     @BeforeClass
     public static void setUpBeforeClass() {
         try {
@@ -76,7 +76,7 @@ public final void testLoadESAPIPreferredJCEProvider() {
                  preferredProvider + "; exception was: " + e);
         }
     }
-    
+
     @Test(expected=NoSuchProviderException.class)
     public final void testNoSuchProviderException() throws NoSuchProviderException {
         SecurityProviderLoader.insertProviderAt("DrBobsSecretSnakeOilElixirCryptoJCE", 5);
@@ -86,7 +86,7 @@ public final void testNoSuchProviderException() throws NoSuchProviderException {
     public final void testBogusProviderWithFQCN() throws NoSuchProviderException {
         SecurityProviderLoader.insertProviderAt("com.snakeoil.DrBobsSecretSnakeOilElixirCryptoJCE", 5);
     }
-    
+
     @Test
     public final void testWithBouncyCastle() {
         if ( ! HAS_BOUNCY_CASTLE ) {
@@ -101,7 +101,7 @@ public final void testWithBouncyCastle() {
         } catch (NoSuchProviderException e) {
             fail("Caught NoSuchProviderException trying to load Bouncy Castle; exception was: " + e);
         }
-        
+
         // First encrypt w/ preferred cipher transformation (AES/CBC/PKCS5Padding).
         try {
             PlainText clearMsg = new PlainText("This is top secret! We are all out of towels!");
@@ -114,7 +114,7 @@ public final void testWithBouncyCastle() {
             fail("Encryption w/ Bouncy Castle failed with EncryptionException for preferred " +
                  "cipher transformation; exception was: " + e);
         }
-        
+
         // Next, try a "combined mode" cipher mode available in Bouncy Castle.
         String origCipherXform = null;
         try {
@@ -128,7 +128,7 @@ public final void testWithBouncyCastle() {
             // validate this, so we look at the String representation of this CipherText
             // object and pick it out of there.
             String str = ct.toString();
-            assertTrue( str.matches(".*, MAC is absent;.*") );
+            assertTrue( str.matches(".*; MAC is absent;.*") );
         } catch (EncryptionException e) {
             fail("Encryption w/ Bouncy Castle failed with EncryptionException for preferred " +
                  "cipher transformation; exception was: " + e);
diff --git a/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java b/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java
index f981a0c18..a5a6de707 100644
--- a/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java
+++ b/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java
@@ -1,157 +1,157 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationAccountsException;
-import org.owasp.esapi.errors.AuthenticationCredentialsException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.AuthenticationHostException;
-import org.owasp.esapi.errors.AuthenticationLoginException;
-import org.owasp.esapi.errors.AvailabilityException;
-import org.owasp.esapi.errors.CertificateException;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.ExecutorException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationAvailabilityException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.errors.ValidationUploadException;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * The Class AccessReferenceMapTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EnterpriseSecurityExceptionTest extends TestCase {
-    
-    /**
-	 * Instantiates a new access reference map test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public EnterpriseSecurityExceptionTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(EnterpriseSecurityExceptionTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 */
-    public void testExceptions() {
-        System.out.println("exceptions");
-        EnterpriseSecurityException e = null;
-        e = new EnterpriseSecurityException();
-        e = new EnterpriseSecurityException("m1","m2");
-        e = new EnterpriseSecurityException("m1","m2",new Throwable());
-        assertEquals( e.getUserMessage(), "m1" );
-        assertEquals( e.getLogMessage(), "m2" );
-        e = new AccessControlException();
-        e = new AccessControlException("m1","m2");
-        e = new AccessControlException("m1","m2",new Throwable());
-        e = new AuthenticationException();
-        e = new AuthenticationException("m1","m2");
-        e = new AuthenticationException("m1","m2",new Throwable());
-        e = new AvailabilityException();
-        e = new AvailabilityException("m1","m2");
-        e = new AvailabilityException("m1","m2",new Throwable());
-        e = new CertificateException();
-        e = new CertificateException("m1","m2");
-        e = new CertificateException("m1","m2",new Throwable());
-        e = new EncodingException();
-        e = new EncodingException("m1","m2");
-        e = new EncodingException("m1","m2",new Throwable());
-        e = new EncryptionException();
-        e = new EncryptionException("m1","m2");
-        e = new EncryptionException("m1","m2",new Throwable());
-        e = new ExecutorException();
-        e = new ExecutorException("m1","m2");
-        e = new ExecutorException("m1","m2",new Throwable());
-        e = new ValidationException();
-        e = new ValidationException("m1","m2");
-        e = new ValidationException("m1","m2",new Throwable());
-        e = new ValidationException("m1","m2","context");
-        e = new ValidationException("m1","m2",new Throwable(),"context");
-         
-        e = new IntegrityException();
-        e = new IntegrityException("m1","m2");
-        e = new IntegrityException("m1","m2",new Throwable());
-        e = new AuthenticationHostException();
-        e = new AuthenticationHostException("m1","m2");
-        e = new AuthenticationHostException("m1","m2",new Throwable());
-
-        e = new AuthenticationAccountsException();
-        e = new AuthenticationAccountsException("m1","m2");
-        e = new AuthenticationAccountsException("m1","m2",new Throwable());
-        e = new AuthenticationCredentialsException();
-        e = new AuthenticationCredentialsException("m1","m2");
-        e = new AuthenticationCredentialsException("m1","m2",new Throwable());
-        e = new AuthenticationLoginException();
-        e = new AuthenticationLoginException("m1","m2");
-        e = new AuthenticationLoginException("m1","m2",new Throwable());
-        e = new ValidationAvailabilityException();
-        e = new ValidationAvailabilityException("m1","m2");
-        e = new ValidationAvailabilityException("m1","m2",new Throwable());
-        e = new ValidationUploadException();
-        e = new ValidationUploadException("m1","m2");
-        e = new ValidationUploadException("m1","m2",new Throwable());
-
-        ValidationException ve = new ValidationException();
-        ve.setContext("test");
-        assertEquals( "test", ve.getContext() );
-
-        IntrusionException ex = new IntrusionException( "test", "test details");
-        ex = new IntrusionException("m1","m2");
-        ex = new IntrusionException("m1","m2", new Throwable());
-        assertEquals( ex.getUserMessage(), "m1" );
-        assertEquals( ex.getLogMessage(), "m2" );
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationAccountsException;
+import org.owasp.esapi.errors.AuthenticationCredentialsException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.AuthenticationHostException;
+import org.owasp.esapi.errors.AuthenticationLoginException;
+import org.owasp.esapi.errors.AvailabilityException;
+import org.owasp.esapi.errors.CertificateException;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.ExecutorException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationAvailabilityException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.errors.ValidationUploadException;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * The Class AccessReferenceMapTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EnterpriseSecurityExceptionTest extends TestCase {
+
+    /**
+     * Instantiates a new access reference map test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public EnterpriseSecurityExceptionTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(EnterpriseSecurityExceptionTest.class);
+        return suite;
+    }
+
+
+    /**
+     * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+     *
+     */
+    public void testExceptions() {
+        System.out.println("exceptions");
+        EnterpriseSecurityException e = null;
+        e = new EnterpriseSecurityException();
+        e = new EnterpriseSecurityException("m1","m2");
+        e = new EnterpriseSecurityException("m1","m2",new Throwable());
+        assertEquals( e.getUserMessage(), "m1" );
+        assertEquals( e.getLogMessage(), "m2" );
+        e = new AccessControlException();
+        e = new AccessControlException("m1","m2");
+        e = new AccessControlException("m1","m2",new Throwable());
+        e = new AuthenticationException();
+        e = new AuthenticationException("m1","m2");
+        e = new AuthenticationException("m1","m2",new Throwable());
+        e = new AvailabilityException();
+        e = new AvailabilityException("m1","m2");
+        e = new AvailabilityException("m1","m2",new Throwable());
+        e = new CertificateException();
+        e = new CertificateException("m1","m2");
+        e = new CertificateException("m1","m2",new Throwable());
+        e = new EncodingException();
+        e = new EncodingException("m1","m2");
+        e = new EncodingException("m1","m2",new Throwable());
+        e = new EncryptionException();
+        e = new EncryptionException("m1","m2");
+        e = new EncryptionException("m1","m2",new Throwable());
+        e = new ExecutorException();
+        e = new ExecutorException("m1","m2");
+        e = new ExecutorException("m1","m2",new Throwable());
+        e = new ValidationException();
+        e = new ValidationException("m1","m2");
+        e = new ValidationException("m1","m2",new Throwable());
+        e = new ValidationException("m1","m2","context");
+        e = new ValidationException("m1","m2",new Throwable(),"context");
+
+        e = new IntegrityException();
+        e = new IntegrityException("m1","m2");
+        e = new IntegrityException("m1","m2",new Throwable());
+        e = new AuthenticationHostException();
+        e = new AuthenticationHostException("m1","m2");
+        e = new AuthenticationHostException("m1","m2",new Throwable());
+
+        e = new AuthenticationAccountsException();
+        e = new AuthenticationAccountsException("m1","m2");
+        e = new AuthenticationAccountsException("m1","m2",new Throwable());
+        e = new AuthenticationCredentialsException();
+        e = new AuthenticationCredentialsException("m1","m2");
+        e = new AuthenticationCredentialsException("m1","m2",new Throwable());
+        e = new AuthenticationLoginException();
+        e = new AuthenticationLoginException("m1","m2");
+        e = new AuthenticationLoginException("m1","m2",new Throwable());
+        e = new ValidationAvailabilityException();
+        e = new ValidationAvailabilityException("m1","m2");
+        e = new ValidationAvailabilityException("m1","m2",new Throwable());
+        e = new ValidationUploadException();
+        e = new ValidationUploadException("m1","m2");
+        e = new ValidationUploadException("m1","m2",new Throwable());
+
+        ValidationException ve = new ValidationException();
+        ve.setContext("test");
+        assertEquals( "test", ve.getContext() );
+
+        IntrusionException ex = new IntrusionException( "test", "test details");
+        ex = new IntrusionException("m1","m2");
+        ex = new IntrusionException("m1","m2", new Throwable());
+        assertEquals( ex.getUserMessage(), "m1" );
+        assertEquals( ex.getLogMessage(), "m2" );
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java b/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java
index a14b80149..369e3f881 100644
--- a/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java
+++ b/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java
@@ -1,106 +1,106 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.FilterConfig;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockFilterConfig;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class ClickjackFilterTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ClickjackFilterTest extends TestCase {
-    
-    /**
-	 * @param testName
-	 *            the test name
-	 */
-    public ClickjackFilterTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(ClickjackFilterTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-     * @throws Exception
-     */
-    public void testFilter() throws Exception {
-        System.out.println("ClickjackFilter");
-
-        Map map = new HashMap();
-    	FilterConfig mfc = new MockFilterConfig( map );
-    	ClickjackFilter filter = new ClickjackFilter();        
-    	filter.init( mfc );
-   	    MockHttpServletRequest request = new MockHttpServletRequest();
-		
-		// the mock filter chain writes the requested URI to the response body
-		MockFilterChain chain = new MockFilterChain();
-
-        URL url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "\nTest request: " + url );
-        request = new MockHttpServletRequest( url );
-    	MockHttpServletResponse response = new MockHttpServletResponse();
-    	try {
-        	filter.doFilter(request, response, chain);
-        } catch( Exception e ) {
-        	e.printStackTrace();
-        	fail();
-        }
-        String header = response.getHeader( "X-FRAME-OPTIONS");
-        System.out.println(">>>" + header );
-        assertEquals( "DENY", header );
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockFilterConfig;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * The Class ClickjackFilterTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ClickjackFilterTest extends TestCase {
+
+    /**
+     * @param testName
+     *            the test name
+     */
+    public ClickjackFilterTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(ClickjackFilterTest.class);
+        return suite;
+    }
+
+
+    /**
+     * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+     * @throws Exception
+     */
+    public void testFilter() throws Exception {
+        System.out.println("ClickjackFilter");
+
+        Map map = new HashMap();
+        FilterConfig mfc = new MockFilterConfig( map );
+        ClickjackFilter filter = new ClickjackFilter();
+        filter.init( mfc );
+           MockHttpServletRequest request = new MockHttpServletRequest();
+
+        // the mock filter chain writes the requested URI to the response body
+        MockFilterChain chain = new MockFilterChain();
+
+        URL url = new URL( "http://www.example.com/index.jsp" );
+        System.out.println( "\nTest request: " + url );
+        request = new MockHttpServletRequest( url );
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        try {
+            filter.doFilter(request, response, chain);
+        } catch( Exception e ) {
+            e.printStackTrace();
+            fail();
+        }
+        String header = response.getHeader( "X-FRAME-OPTIONS");
+        System.out.println(">>>" + header );
+        assertEquals( "DENY", header );
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
index 2864d6b38..11e45b651 100644
--- a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
@@ -1,203 +1,140 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-
-/**
- * The Class SafeRequestTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class SafeRequestTest extends TestCase {
-
-	/**
-	 * Instantiates a new access controller test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 * @throws Exception
-	 */
-	public SafeRequestTest(String testName) throws Exception {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * @throws Exception
-	 */
-	protected void setUp() throws Exception {
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * @throws Exception
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(SafeRequestTest.class);
-		return suite;
-	}
-
-	/**
-	 *
-	 */
-	public void testGetRequestParameters() {
-		System.out.println( "getRequestParameters");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter( "one","1" );
-		request.addParameter( "two","2" );
-		request.addParameter( "one","3" );
-		request.addParameter( "one","4" );
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest( request );
-		String[] params = safeRequest.getParameterValues("one");
-		String out = "";
-		for (int i = 0; i < params.length; i++ ) out += params[i];
-		assertEquals( "134", out );
-	}
-
-	public void testGetQueryStringNull()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString(null);
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertNull(wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringNonNull()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=b");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=b",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringNUL()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=\u0000");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringPercent()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%62");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=b",wrappedReq.getQueryString());
-	}
-	
-	public void testGetQueryStringPercentNUL()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%00");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("",wrappedReq.getQueryString());
-	}
-
-	/* these tests need to be enabled&changed based on the decisions
-	 * made regarding issue 125. Currently they fail.
-	public void testGetQueryStringPercentEquals()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%3d");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%3d",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringPercentAmpersand()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%26b");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%26b",wrappedReq.getQueryString());
-	}
-	*/
-
-	// Test to ensure null-value contract defined by ServletRequest.getParameterNames(String) is met.
-	public void testGetParameterValuesReturnsNullWhenParameterDoesNotExistInRequest() {
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.clearParameters();
- 
-		final String paramName = "nonExistentParameter";
-		assertNull(request.getParameterValues(paramName));
-
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-		assertNull("Expecting null value to be returned for non-existent parameter.", safeRequest.getParameterValues(paramName));
-	}
-
-	public void testGetParameterValuesReturnsCorrectValueWhenParameterExistsInRequest() {
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.clearParameters();
-
-		final String paramName = "existentParameter";
-		final String paramValue = "foobar";
-		request.addParameter(paramName, paramValue);
-		assertTrue(request.getParameterValues(paramName)[0].equals(paramValue));
-
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-		final String actualParamValue = safeRequest.getParameterValues(paramName)[0];
-		assertEquals(paramValue, actualParamValue);
-	}
-
-	public void testGetParameterValuesReturnsCorrectValuesWhenParameterExistsMultipleTimesInRequest() {
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.clearParameters();
-
-		final String paramName = "existentParameter";
-		final String paramValue_0 = "foobar";
-		final String paramValue_1 = "barfoo";
-		request.addParameter(paramName, paramValue_0);
-		request.addParameter(paramName, paramValue_1);
-		assertTrue(request.getParameterValues(paramName)[0].equals(paramValue_0));
-		assertTrue(request.getParameterValues(paramName)[1].equals(paramValue_1));
-
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-		final String[] actualParamValues = safeRequest.getParameterValues(paramName);
-		assertEquals(paramValue_0, actualParamValues[0]);
-		assertEquals(paramValue_1, actualParamValues[1]);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+
+/**
+ * The Class SafeRequestTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class SafeRequestTest extends TestCase {
+
+    /**
+     * Instantiates a new access controller test.
+     *
+     * @param testName
+     *            the test name
+     * @throws Exception
+     */
+    public SafeRequestTest(String testName) throws Exception {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(SafeRequestTest.class);
+        return suite;
+    }
+
+    /**
+     *
+     */
+    public void testGetRequestParameters() {
+        System.out.println( "getRequestParameters");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter( "one","1" );
+        request.addParameter( "two","2" );
+        request.addParameter( "one","3" );
+        request.addParameter( "one","4" );
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest( request );
+        String[] params = safeRequest.getParameterValues("one");
+        String out = "";
+        for (int i = 0; i < params.length; i++ ) out += params[i];
+        assertEquals( "134", out );
+    }
+
+    public void testGetQueryStringNull()
+    {
+        MockHttpServletRequest req = new MockHttpServletRequest();
+        SecurityWrapperRequest wrappedReq;
+
+        req.setQueryString(null);
+        wrappedReq = new SecurityWrapperRequest(req);
+        assertNull(wrappedReq.getQueryString());
+    }
+
+    // Test to ensure null-value contract defined by ServletRequest.getParameterNames(String) is met.
+    public void testGetParameterValuesReturnsNullWhenParameterDoesNotExistInRequest() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.clearParameters();
+
+        final String paramName = "nonExistentParameter";
+        assertNull(request.getParameterValues(paramName));
+
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        assertNull("Expecting null value to be returned for non-existent parameter.", safeRequest.getParameterValues(paramName));
+    }
+
+    public void testGetParameterValuesReturnsCorrectValueWhenParameterExistsInRequest() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.clearParameters();
+
+        final String paramName = "existentParameter";
+        final String paramValue = "foobar";
+        request.addParameter(paramName, paramValue);
+        assertTrue(request.getParameterValues(paramName)[0].equals(paramValue));
+
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        final String actualParamValue = safeRequest.getParameterValues(paramName)[0];
+        assertEquals(paramValue, actualParamValue);
+    }
+
+    public void testGetParameterValuesReturnsCorrectValuesWhenParameterExistsMultipleTimesInRequest() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.clearParameters();
+
+        final String paramName = "existentParameter";
+        final String paramValue_0 = "foobar";
+        final String paramValue_1 = "barfoo";
+        request.addParameter(paramName, paramValue_0);
+        request.addParameter(paramName, paramValue_1);
+        assertTrue(request.getParameterValues(paramName)[0].equals(paramValue_0));
+        assertTrue(request.getParameterValues(paramName)[1].equals(paramValue_1));
+
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        final String[] actualParamValues = safeRequest.getParameterValues(paramName);
+        assertEquals(paramValue_0, actualParamValues[0]);
+        assertEquals(paramValue_1, actualParamValues[1]);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
new file mode 100644
index 000000000..40c9d36da
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -0,0 +1,667 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
+package org.owasp.esapi.filters;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.owasp.esapi.PropNames.DISABLE_INTRUSION_DETECTION;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+/**
+ * Unit tests for {@link SecurityWrapperRequest}.
+ * <br/>
+ * This test uses static context mocking! This can affect certain behaviors if it is executed in a JVM container with
+ * other tests depending on the same static reference - Which is going to be everything.
+ * <br/>
+ * This may affect some test environments, mostly IDE's. It is not expected that this impacts the Maven build, as
+ * surefire plugin isolates JVM's for tests during that phase.
+ */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(ESAPI.class)
+public class SecurityWrapperRequestTest {
+    protected static final String ESAPI_VALIDATOR_GETTER_METHOD_NAME = "validator";
+    protected static final String ESAPI_GET_LOGGER_METHOD_NAME = "getLogger";
+    protected static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
+    protected static final String SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME = "HttpUtilities.URILENGTH";
+    protected static final String SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME = "HttpUtilities.httpQueryParamValueLength";
+    private static final String SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME = "HttpUtilities.MaxHeaderNameSize";
+    private static final String SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME = "HttpUtilities.MaxHeaderValueSize";
+
+    protected static final int SECURITY_CONFIGURATION_TEST_LENGTH = 255;
+
+    private static final String QUERY_STRING_CANONCALIZE_TYPE_KEY = "HTTPQueryString";
+    private static final String PARAMETER_STRING_CANONCALIZE_TYPE_KEY = "HTTPParameterValue";
+    private static final String COOKIE_NAME_TYPE_KEY = "HTTPCookieName";
+    private static final String COOKIE_VALUE_TYPE_KEY = "HTTPCookieValue";
+    private static final String COOKIE_DOMAIN_TYPE_KEY = "HTTPHeaderValue";
+    private static final String COOKIE_PATH_TYPE_KEY = "HTTPHeaderValue";
+
+    @Rule
+    public TestName testName = new TestName();
+
+    @Mock
+    private HttpServletRequest mockRequest;
+    @Mock
+    private Validator mockValidator;
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+    @Mock
+    private Logger mockLogger;
+
+    private String testQueryValue;
+    private String testParameterName;
+    private String testParameterValue;
+    private String testValueCanonical;
+    private String testValidatorType;
+    private int testMaximumLength;
+
+    @Before
+    public void setup() throws Exception {
+        PowerMockito.mockStatic(ESAPI.class);
+        PowerMockito.when(ESAPI.class, ESAPI_VALIDATOR_GETTER_METHOD_NAME).thenReturn(mockValidator);
+        PowerMockito.when(ESAPI.class, ESAPI_GET_LOGGER_METHOD_NAME, "SecurityWrapperRequest").thenReturn(mockLogger);
+        PowerMockito.when(ESAPI.class, ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
+        //Is intrusion detection disabled?  A:  Yes, it is off.
+        //This logic is confusing:  True, the value is False...
+        Mockito.when( mockSecConfig.getBooleanProp( DISABLE_INTRUSION_DETECTION ) ).thenReturn(true);
+
+        testQueryValue = testName.getMethodName() + "_query_value";
+
+        testParameterName = testName.getMethodName() + "_parameter_name";
+        testParameterValue = testName.getMethodName() + "_parameter_value";
+        testValueCanonical = testName.getMethodName() + "_value_canonical";
+        testValidatorType = testName.getMethodName() + "_validator_type";
+        testMaximumLength = testName.getMethodName().length();
+    }
+
+    /**
+     * Workflow test for happy-path getQueryString. Asserts delegation calls and parameters to delegate
+     * behaviors.
+     */
+    @Test
+    public void testGetQueryString() throws Exception {
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME)).thenReturn(
+            SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(testQueryValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getQueryString();
+        assertEquals(testValueCanonical, rval);
+
+        validatorTester.verify(testQueryValue, QUERY_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getQueryString();
+    }
+
+    /**
+     * Test for getQueryString when validation throws an Exception.
+     * <br/>
+     * Asserts delegation calls and parameters to delegate behaviors.
+     */
+    @Test
+    public void testGetQueryStringCanonicalizeException() throws Exception {
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME)).thenReturn(
+            SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(testQueryValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getQueryString();
+
+        assertTrue("SecurityWrapperRequest should return an empty String when an exception occurs in validation", rval
+            .isEmpty());
+
+        validatorTester.verify(testQueryValue, QUERY_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getQueryString();
+    }
+    @Test
+    public void testGetParameterString() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName);
+        assertEquals(testValueCanonical, rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBoolean() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false);
+        assertEquals(testValueCanonical, rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, false);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanInt() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength);
+        assertEquals(testValueCanonical, rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanIntString() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength, testValidatorType);
+        assertEquals(testValueCanonical, rval);
+
+        validatorTester.verify(testParameterValue, testValidatorType, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+
+    @Test
+    public void testGetParameterStringNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, false);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanIntNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanIntStringNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength, testValidatorType);
+        assertNull(rval);
+        validatorTester.verify(testParameterValue, testValidatorType, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+
+
+    @Test
+    public void testGetParameterStringBooleanNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, false);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanIntNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, testMaximumLength, false);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanIntStringNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength, testValidatorType);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, testValidatorType, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetCookie() throws Exception {
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+        ck1.setMaxAge(999);
+        ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+        ck1.setPath(testName.getMethodName() + "-URI");
+
+        Cookie[] stubCookies = new Cookie[] {ck1};
+        PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getDomain()),eq(COOKIE_DOMAIN_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getDomain());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getPath()), eq(COOKIE_PATH_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getPath());
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        Cookie[] cookies = request.getCookies();
+        assertNotEquals(stubCookies, cookies);
+        assertEquals(1, cookies.length);
+        Cookie resultCookie = cookies[0];
+        assertNotEquals(ck1, resultCookie);
+        assertEquals(ck1.getName(), resultCookie.getName());
+        assertEquals(ck1.getValue(), resultCookie.getValue());
+        assertEquals(ck1.getDomain(), resultCookie.getDomain());
+        assertEquals(ck1.getPath(), resultCookie.getPath());
+        assertEquals(ck1.getMaxAge(), resultCookie.getMaxAge());
+
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    }
+
+    @Test
+    public void testGetCookieNullDomainPath() throws Exception {
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+        ck1.setMaxAge(999);
+        //Domain and Path are left null
+
+        Cookie[] stubCookies = new Cookie[] {ck1};
+        PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        Cookie[] cookies = request.getCookies();
+        assertNotEquals(stubCookies, cookies);
+        assertEquals(1, cookies.length);
+        Cookie resultCookie1 = cookies[0];
+
+        assertNotEquals(ck1, resultCookie1);
+        assertEquals(ck1.getName(), resultCookie1.getName());
+        assertEquals(ck1.getValue(), resultCookie1.getValue());
+        assertEquals(ck1.getDomain(), resultCookie1.getDomain());
+        assertEquals(ck1.getPath(), resultCookie1.getPath());
+        assertEquals(ck1.getMaxAge(), resultCookie1.getMaxAge());
+
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    }
+
+    @Test
+    public void testGetCookieNullRequestCookies() {
+                  PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+          PowerMockito.when(mockRequest.getCookies()).thenReturn(null);
+          SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+          Cookie[] cookies = request.getCookies();
+          assertEquals(0, cookies.length);
+    }
+
+    @Test
+    public void testGetCookieSkipOnBadName() throws Exception {
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+
+        Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+        ck1.setMaxAge(999);
+        ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+        ck1.setPath(testName.getMethodName() + "-URI");
+
+        Cookie[] stubCookies = new Cookie[] {ck1};
+        PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenAnswer(exceptionAnswer);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        Cookie[] cookies = request.getCookies();
+        assertNotEquals(stubCookies, cookies);
+        assertEquals(0, cookies.length);
+
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+
+        //I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
+
+    @Test
+    public void testGetCookieSkipOnBadValue() throws Exception {
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+
+        Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+        ck1.setMaxAge(999);
+        ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+        ck1.setPath(testName.getMethodName() + "-URI");
+
+        Cookie[] stubCookies = new Cookie[] {ck1};
+        PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getName());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenAnswer(exceptionAnswer);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        Cookie[] cookies = request.getCookies();
+        assertNotEquals(stubCookies, cookies);
+        assertEquals(0, cookies.length);
+
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+
+        //I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
+
+    @Test
+    public void testGetCookieSkipOnBadDomain() throws Exception {
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+
+        Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+        ck1.setMaxAge(999);
+        ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+        ck1.setPath(testName.getMethodName() + "-URI");
+
+        Cookie[] stubCookies = new Cookie[] {ck1};
+        PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+       PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+       PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getDomain()),eq(COOKIE_DOMAIN_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenAnswer(exceptionAnswer);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        Cookie[] cookies = request.getCookies();
+        assertNotEquals(stubCookies, cookies);
+        assertEquals(0, cookies.length);
+
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+
+        //I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
+
+
+    @Test
+    public void testGetCookieSkipOnBadPath() throws Exception {
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+
+        Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+        ck1.setMaxAge(999);
+        ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+        ck1.setPath(testName.getMethodName() + "-URI");
+
+        Cookie[] stubCookies = new Cookie[] {ck1};
+        PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getDomain()),eq(COOKIE_DOMAIN_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getDomain());
+        PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getPath()), eq(COOKIE_PATH_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenAnswer(exceptionAnswer);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        Cookie[] cookies = request.getCookies();
+        assertNotEquals(stubCookies, cookies);
+        assertEquals(0, cookies.length);
+
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+
+        //I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
+
+    /**
+     * Utility test class meant to encapsulate common interactions for preparing and
+     * verifying the Validator interactions common to multiple tests.
+     *
+     */
+    private class ValidatorTestContainer {
+        private ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
+        private ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
+        private ArgumentCaptor<Integer> lengthCapture = ArgumentCaptor.forClass(Integer.class);
+        private ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
+        private Validator validator;
+
+
+        public ValidatorTestContainer(Validator validatorRef) {
+            this.validator = validatorRef;
+        }
+        public Answer<String> throwException() {
+            return new Answer<String>() {
+                @Override
+                public String answer(InvocationOnMock invocation) throws Throwable {
+                    throw new ValidationException("Thrown from test Scope", "Test Exception is intentional.");
+                }
+            };
+        }
+
+        public Answer<String> returnResult(final String result) {
+            return new Answer<String>() {
+                @Override
+                public String answer(InvocationOnMock invocation) throws Throwable {
+                    return result;
+                }
+            };
+        }
+        public void getValidInputReturns(String response) throws Exception {
+            setupFor(returnResult(response));
+        }
+
+        public void getValidInputThrows() throws Exception {
+            setupFor(throwException());
+        }
+
+        public void setupFor(Answer<String> answer) throws Exception {
+            String context = anyString();
+            String input = inputCapture.capture();
+            String type = typeCapture.capture();
+            Integer length = lengthCapture.capture();
+            Boolean allowNull = allowNullCapture.capture();
+
+            PowerMockito.when(validator.getValidInput(context, input, type, length, allowNull)).thenAnswer(answer);
+        }
+
+        public void verify(String input, String type, int maxLen, boolean allowNull) throws Exception {
+            String actualInput = inputCapture.getValue();
+            String actualType = typeCapture.getValue();
+            int actualLength = lengthCapture.getValue().intValue();
+            boolean actualAllowNull = allowNullCapture.getValue().booleanValue();
+
+            assertEquals(input, actualInput);
+            assertEquals(type, actualType);
+            assertTrue(maxLen == actualLength);
+            assertEquals(allowNull, actualAllowNull);
+
+            Mockito.verify(validator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(input), ArgumentMatchers.eq(type), ArgumentMatchers.eq(maxLen), ArgumentMatchers.eq(allowNull));
+        }
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
new file mode 100644
index 000000000..f7b74c6f1
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -0,0 +1,809 @@
+package org.owasp.esapi.filters;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.owasp.esapi.PropNames.DISABLE_INTRUSION_DETECTION;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.util.TestUtils;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+//@PrepareForTest({SecurityWrapperResponse.class})
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(ESAPI.class)
+@PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.dom.*"})
+public class SecurityWrapperResponseTest {
+    private static final String HEADER_NAME_CONTEXT = "HTTPHeaderName";
+    private static final String HEADER_VALUE_CONTEXT = "HTTPHeaderValue";
+    private static final String SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR = "HttpUtilities.MaxHeaderNameSize";
+    private static final String SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR = "HttpUtilities.MaxHeaderValueSize";
+
+
+    @Rule
+    public TestName testName = new TestName();
+
+    @Mock
+    private HttpServletResponse mockResponse;
+    @Mock
+    private Validator mockValidator;
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+    @Mock
+    private Logger mockLogger;
+
+    private String goodHeaderName;
+    private String goodHeaderValue;
+
+    @Before
+    public void setup() throws Exception {
+        //preconfig will impact other tests unless isolated.  Still don't want to duplicate it though.
+        if (testName.getMethodName().startsWith("testSetHeader") ||
+                testName.getMethodName().startsWith("testAddHeader")) {
+            PowerMockito.mockStatic(ESAPI.class);
+            PowerMockito.when(ESAPI.class, SecurityWrapperRequestTest.ESAPI_VALIDATOR_GETTER_METHOD_NAME).thenReturn(mockValidator);
+            PowerMockito.when(ESAPI.class, SecurityWrapperRequestTest.ESAPI_GET_LOGGER_METHOD_NAME, "SecurityWrapperResponse").thenReturn(mockLogger);
+            PowerMockito.when(ESAPI.class, SecurityWrapperRequestTest.ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
+            //Is intrusion detection disabled?  A:  Yes, it is off.
+            //This logic is confusing:  True, the value is False...
+            Mockito.when( mockSecConfig.getBooleanProp( DISABLE_INTRUSION_DETECTION ) ).thenReturn(true);
+
+            goodHeaderName = testName.getMethodName() + "_goodHeaderName";
+            goodHeaderValue = testName.getMethodName() + "_goodHeaderValue";
+        }
+    }
+
+    @Test
+    public void testSetHeaderHappyPath() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName), ArgumentMatchers.eq(HEADER_NAME_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue), ArgumentMatchers.eq(HEADER_VALUE_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(1)).setHeader(validateNameResponse, validateValueResponse);
+        verify(mockLogger,times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class), anyString(), ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderNameNull() throws Exception {
+        String validateNameResponse = null;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderNameEmpty() throws Exception {
+        String validateNameResponse = "     ";
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderNameThrowsValidationException() throws Exception {
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to set invalid header NAME denied: HTTPHeaderName:"+ goodHeaderName),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderValueNull() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = null;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderValueEmpty() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = "     ";
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderValueThrowsValidationException() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to set invalid header VALUE denied: HTTPHeaderName:"+ goodHeaderName),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderHappyPath() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName), ArgumentMatchers.eq(HEADER_NAME_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue), ArgumentMatchers.eq(HEADER_VALUE_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(1)).addHeader(validateNameResponse, validateValueResponse);
+        verify(mockLogger,times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class), anyString(), ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderNameNull() throws Exception {
+        String validateNameResponse = null;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderNameEmpty() throws Exception {
+        String validateNameResponse = "     ";
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderNameThrowsValidationException() throws Exception {
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to add invalid header NAME denied: HTTPHeaderName:"+ goodHeaderName ),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderValueNull() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = null;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderValueEmpty() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = "     ";
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderValueThrowsValidationException() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to add invalid header VALUE denied: HTTPHeaderName:"+ goodHeaderName),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddRefererHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addReferer("http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft%2CLaunched");
+        verify(servResp, times(1)).addHeader("referer", "");
+    }
+
+    @Test
+    public void testAddDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.addDateHeader("Foo", currentTime);
+        verify(servResp, times(1)).addDateHeader("Foo", currentTime);
+    }
+
+    @Test
+    public void testSetDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.setDateHeader("Foo", currentTime);
+        verify(servResp, times(1)).setDateHeader("Foo", currentTime);
+    }
+
+    @Test
+    public void testSetInvalidDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.setDateHeader("<scr", currentTime);
+        verify(servResp, times(0)).setDateHeader("<scr", currentTime);
+    }
+
+    @Test
+    public void testSetInvalidHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.setHeader("foo", "<script>alert</script>");
+        verify(servResp, times(0)).setHeader("foo", "<script>alert</script>");
+    }
+
+    @Test
+    public void testInvalidDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.addDateHeader("Foo\\r\\n", currentTime);
+        verify(servResp, times(0)).addDateHeader("Foo", currentTime);
+    }
+
+    @Test
+    public void testAddHeaderInvalidValueLength(){
+        //refactor this to use a spy.
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).addHeader("Foo", TestUtils.generateStringOfLength(4097));
+        resp.addHeader("Foo", TestUtils.generateStringOfLength(4097));
+        verify(servResp, times(0)).addHeader("Foo", "bar");
+    }
+
+    @Test
+    public void testAddHeaderInvalidKeyLength(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addHeader(TestUtils.generateStringOfLength(257), "bar");
+        verify(servResp, times(0)).addHeader("Foo", "bar");
+    }
+
+    @Test
+    public void testAddIntHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addIntHeader("aaaa", 4);
+        verify(servResp, times(1)).addIntHeader("aaaa", 4);
+    }
+
+    @Test
+    public void testAddInvalidIntHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
+        verify(servResp, times(0)).addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
+    }
+
+    @Test
+    public void testContainsHeader(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp = spy(resp);
+        resp.addIntHeader("aaaa", Integer.MIN_VALUE);
+        verify(servResp, times(1)).addIntHeader("aaaa", Integer.MIN_VALUE);
+        assertEquals(true, servResp.containsHeader("aaaa"));
+    }
+
+    @Test
+    public void testAddValidCookie(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+        cookie.setMaxAge(5000);
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+        spyResp.addCookie(cookie);
+
+        /*
+         * We're indirectly testing our class.  Since it ultimately
+         * delegates to HttpServletResponse.addHeader, we're actually
+         * validating that our test method constructs a header with the
+         * expected properties.  This implicitly tests the
+         * createCookieHeader method as well.
+         */
+        verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Max-Age=5000; Secure; HttpOnly");
+    }
+
+    @Test
+    public void testAddValidCookieWithDomain(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+        cookie.setDomain("evil.com");
+        cookie.setMaxAge(-1);
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+        spyResp.addCookie(cookie);
+        verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Secure; HttpOnly");
+    }
+
+    @Test
+    public void testAddValidCookieWithPath(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+        cookie.setDomain("evil.com");
+        cookie.setPath("/foo/bar");
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+        spyResp.addCookie(cookie);
+        verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Path=/foo/bar; Secure; HttpOnly");
+    }
+
+    @Test
+    public void testAddInValidCookie(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(5000));
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+
+        spyResp.addCookie(cookie);
+        verify(servResp, times(0)).addHeader("Set-Cookie", "Foo=" + TestUtils.generateStringOfLength(5000) + "; Secure; HttpOnly");
+    }
+
+    @Test
+    public void testSendError() throws Exception{
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).sendError(200);
+        spyResp.sendError(200);
+
+        verify(servResp, times(1)).sendError(200, "HTTP error code: 200");;
+    }
+
+    @Test
+    public void testSendStatus() throws Exception{
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).setStatus(200);;
+        spyResp.setStatus(200);
+
+        verify(servResp, times(1)).setStatus(200);;
+    }
+
+    @Test
+    public void testSendStatusWithString() throws Exception{
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).setStatus(200, "foo");;
+        spyResp.setStatus(200, "foo");
+
+        verify(servResp, times(1)).sendError(200, "foo");;
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/http/MockFilterChain.java b/src/test/java/org/owasp/esapi/http/MockFilterChain.java
index 7bd05cab0..c00927e35 100644
--- a/src/test/java/org/owasp/esapi/http/MockFilterChain.java
+++ b/src/test/java/org/owasp/esapi/http/MockFilterChain.java
@@ -1,46 +1,46 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- *
- * @author jwilliams
- */
-public class MockFilterChain implements FilterChain {
-    /**
-     *
-     * @param request
-     * @param response
-     * @throws java.io.IOException
-     * @throws javax.servlet.ServletException
-     */
-    public void doFilter( ServletRequest request, ServletResponse response ) throws IOException, ServletException {
-    	System.out.println( "CHAIN received " + request.getClass().getName() + " and is issuing " + response.getClass().getName() );
-       	response.getOutputStream().println( "   This is the body of a response for " +  ((HttpServletRequest)request).getRequestURI() );
-           	((HttpServletResponse)response).addCookie( new Cookie( "name", "value" ) );
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class MockFilterChain implements FilterChain {
+    /**
+     *
+     * @param request
+     * @param response
+     * @throws java.io.IOException
+     * @throws javax.servlet.ServletException
+     */
+    public void doFilter( ServletRequest request, ServletResponse response ) throws IOException, ServletException {
+        System.out.println( "CHAIN received " + request.getClass().getName() + " and is issuing " + response.getClass().getName() );
+           response.getOutputStream().println( "   This is the body of a response for " +  ((HttpServletRequest)request).getRequestURI() );
+               ((HttpServletResponse)response).addCookie( new Cookie( "name", "value" ) );
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/http/MockFilterConfig.java b/src/test/java/org/owasp/esapi/http/MockFilterConfig.java
index 6d5a3bf0f..7f350f977 100644
--- a/src/test/java/org/owasp/esapi/http/MockFilterConfig.java
+++ b/src/test/java/org/owasp/esapi/http/MockFilterConfig.java
@@ -1,66 +1,66 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Map;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-
-/**
- * A filter configuration object used by a servlet container
- * to pass information to a filter during initialization.
- */
-public class MockFilterConfig implements FilterConfig {
-	private Map map;
-
-	public MockFilterConfig( Map map ) {
-		this.map = map;
-	}
-	
-    public String getFilterName() {
-    	return "mock";
-    }
-
-    /**
-     * Returns a reference to the {@link ServletContext} in which the caller
-     * is executing.
-     */
-    public ServletContext getServletContext() {
-    	return new MockServletContext();
-    }
-
-    /**
-     * Returns a <code>String</code> containing the value of the
-     * named initialization parameter, or <code>null</code> if
-     * the parameter does not exist.
-     */
-    public String getInitParameter(String name) {
-    	return (String)map.get( name );
-    }
-
-    /**
-     * Returns the names of the filter's initialization parameters
-     * as an <code>Enumeration</code> of <code>String</code> objects,
-     * or an empty <code>Enumeration</code> if the filter has
-     * no initialization parameters.
-     */
-    public Enumeration getInitParameterNames() {
-    	return Collections.enumeration( map.keySet() );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+
+/**
+ * A filter configuration object used by a servlet container
+ * to pass information to a filter during initialization.
+ */
+public class MockFilterConfig implements FilterConfig {
+    private Map map;
+
+    public MockFilterConfig( Map map ) {
+        this.map = map;
+    }
+
+    public String getFilterName() {
+        return "mock";
+    }
+
+    /**
+     * Returns a reference to the {@link ServletContext} in which the caller
+     * is executing.
+     */
+    public ServletContext getServletContext() {
+        return new MockServletContext();
+    }
+
+    /**
+     * Returns a <code>String</code> containing the value of the
+     * named initialization parameter, or <code>null</code> if
+     * the parameter does not exist.
+     */
+    public String getInitParameter(String name) {
+        return (String)map.get( name );
+    }
+
+    /**
+     * Returns the names of the filter's initialization parameters
+     * as an <code>Enumeration</code> of <code>String</code> objects,
+     * or an empty <code>Enumeration</code> if the filter has
+     * no initialization parameters.
+     */
+    public Enumeration getInitParameterNames() {
+        return Collections.enumeration( map.keySet() );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
index 87cb92f96..d64b00598 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
@@ -1,782 +1,756 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URL;
-import java.security.Principal;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Arrays;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-/**
- * The Class MockHttpServletRequest.
- * 
- * @author jwilliams
- */
-public class MockHttpServletRequest implements HttpServletRequest
-{
-	private static final String HDR_CONTENT_TYPE = "Content-Type";
-	private static final String[] EMPTY_STRING_ARRAY = new String[0];
-
-	/** The requestDispatcher */
-	private RequestDispatcher requestDispatcher = new MockRequestDispatcher();
-
-	/** The session. */
-	private MockHttpSession session = null;
-
-	/** The cookies. */
-	private ArrayList cookies = new ArrayList();
-
-	/** The parameters. */
-	private Map<String,String[]> parameters = new HashMap<String,String[]>();
-
-	/** The headers. */
-	private Map<String,List<String>> headers = new HashMap<String,List<String>>();
-
-	private byte[] body;
-
-	private String scheme = "https";
-
-	private String remoteHost = "64.14.103.52";
-
-	private String serverHost = "64.14.103.52";
-
-	private String uri = "/test";
-
-	private String url = "https://www.example.com" + uri;
-
-	private String queryString = "pid=1&qid=test";
-
-	private String method = "POST";
-
-	private Map<String,Object> attrs = new HashMap<String,Object>();
-
-	/**
-	 *
-	 */
-	public MockHttpServletRequest() {
-	}
-
-	/**
-	 *
-	 * @param uri
-	 * @param body
-	 */
-	public MockHttpServletRequest(String uri, byte[] body) {
-		this.body = body;
-		this.uri = uri;
-	}
-
-	public MockHttpServletRequest( URL url ) {
-		scheme = url.getProtocol();
-		serverHost = url.getHost();
-		uri = url.getPath();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getAuthType() {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getContextPath() {
-		return null;
-	}
-
-	/**
-	 * Adds the parameter.
-	 * 
-	 * @param name the name
-	 * @param value the value
-	 */
-	public void addParameter(String name, String value) {
-		String[] old = parameters.get(name);
-		if ( old == null ) {
-			old = new String[0];
-		}
-		String[] updated = new String[old.length + 1];
-		for ( int i = 0; i < old.length; i++ ) updated[i] = old[i];
-		updated[old.length] = value;
-		parameters.put(name, updated);
-	}
-
-	/**
-	 * removeParameter removes the parameter name from the parameters map if it exists
-	 *  
-	 * @param name
-	 * 			parameter name to be removed
-	 */
-	public void removeParameter( String name ) {
-		parameters.remove( name );
-	}
-
-	/**
-	 * Adds the header.
-	 * 
-	 * @param name the name
-	 * @param value the value
-	 */
-	public void addHeader(String name, String value)
-	{
-		List<String> values;
-
-		if((values = headers.get(name))==null)
-		{
-			values = new ArrayList<String>();
-			headers.put(name, values);
-		}
-		values.add(value);
-	}
-
-	/**
-	 * Set a header replacing any previous value(s).
-	 * @param name the header name
-	 * @param value the header value
-	 */
-	public void setHeader(String name, String value)
-	{
-		List<String> values = new ArrayList<String>();
-
-		values.add(value);
-		headers.put(name,values);
-	}
-
-	/**
-	 * Sets the cookies.
-	 * 
-	 * @param list the new cookies
-	 */
-	public void setCookies(ArrayList list) {
-		cookies = list;
-	}
-
-	/**
-	 *
-	 * @param name
-	 * @param value
-	 */
-	public void setCookie(String name, String value ) {
-		Cookie c = new Cookie( name, value );
-		cookies.add( c );
-	}
-
-	public boolean clearCookie(String name) {
-		return cookies.remove(name);
-	}
-
-	/**
-	 * @return 
-	 *
-	 */
-	public void clearCookies() {
-		cookies.clear();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Cookie[] getCookies() {
-		if ( cookies.isEmpty() ) return null;
-		return (Cookie[]) cookies.toArray(new Cookie[0]);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @return
-	 */
-	public long getDateHeader(String name) {
-		try {
-			Date date = SimpleDateFormat.getDateTimeInstance().parse( getParameter( name ) );
-			return date.getTime(); // TODO needs to be HTTP format
-		} catch( ParseException e ) {
-			return 0;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @return
-	 */
-	public String getHeader(String name) {
-		List<String> values;
-
-		if((values = headers.get(name))==null)
-			return null;
-		if(values.size() == 0)
-			return null;
-		return values.get(0);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return Enumeration of header names as strings
-	 */
-	public Enumeration getHeaderNames()
-	{
-		return Collections.enumeration(headers.keySet());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public Enumeration getHeaders(String name) {
-		Vector v = new Vector();
-		v.add( getHeader( name ) );
-		return v.elements();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @return
-	 */
-	public int getIntHeader(String name) {
-
-		return 0;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getMethod() {
-		return method;
-	}
-
-	/**
-	 *
-	 * @param value
-	 */
-	public void setMethod( String value ) {
-		method = value;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getPathInfo() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getPathTranslated() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getQueryString() {
-		return queryString;
-	}
-
-	/**
-	 * Set the query string to return.
-	 * @param str The query string to return.
-	 */
-	public void setQueryString(String str)
-	{
-		this.queryString = str;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRemoteUser() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRequestURI() {
-		return uri;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public StringBuffer getRequestURL() {
-		return new StringBuffer( getScheme() + "://" + this.getServerName() + getRequestURI() + "?" + getQueryString() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRequestedSessionId() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getServletPath() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public HttpSession getSession() {
-		if (session != null) {
-			return getSession(false);
-		}
-		return getSession(true);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param create 
-	 * @return
-	 */
-	public HttpSession getSession(boolean create) {
-		if (session == null && create) {
-			session = new MockHttpSession();
-		} else if (session != null && session.getInvalidated()) {
-			session = new MockHttpSession();
-		}
-		return session;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Principal getUserPrincipal() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isRequestedSessionIdFromCookie() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isRequestedSessionIdFromURL() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public boolean isRequestedSessionIdFromUrl() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isRequestedSessionIdValid() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param role 
-	 * @return
-	 */
-	public boolean isUserInRole(String role) {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public Object getAttribute(String name) {
-		return attrs.get(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Enumeration getAttributeNames() {
-		return Collections.enumeration(attrs.keySet());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getCharacterEncoding() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getContentLength() {
-		return body.length;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getContentType() {
-		return getHeader(HDR_CONTENT_TYPE);
-	}
-
-	/**
-	 *
-	 * @param value
-	 */
-	public void setContentType( String value ) {
-		setHeader(HDR_CONTENT_TYPE, value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 * @throws IOException
-	 */
-	public ServletInputStream getInputStream() throws IOException {
-		return new MockServletInputStream(body);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getLocalAddr() {
-		return "10.1.43.6";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getLocalName() {
-		return "www.domain.com";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getLocalPort() {
-		return 80;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Locale getLocale() {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Enumeration getLocales() {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public String getParameter(String name) {
-		String[] values = parameters.get(name);
-		if ( values == null ) return null;
-		return values[0];
-	}
-
-	public void clearParameter(String name) {
-		parameters.remove( name );
-	}
-
-	public void clearParameters() {
-		parameters.clear();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Map getParameterMap() {
-		return parameters;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Enumeration getParameterNames() {
-		return Collections.enumeration(parameters.keySet());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public String[] getParameterValues(String name) {
-		return parameters.get(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getProtocol() {
-		return "HTTP/1.1";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return 
-	 * @throws IOException
-	 */
-	public BufferedReader getReader() throws IOException {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param path
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public String getRealPath(String path) {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRemoteAddr() {
-		return remoteHost;
-	}
-
-	public void setRemoteAddr(String remoteHost) {
-		this.remoteHost = remoteHost;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRemoteHost() {
-		return remoteHost;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getRemotePort() {
-
-		return 0;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param path
-	 * @return
-	 */
-	public RequestDispatcher getRequestDispatcher(String path) {
-		return requestDispatcher;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getScheme() {
-		return scheme;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getServerName() {
-		return serverHost;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getServerPort() {
-
-		return 80;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isSecure() {
-		return scheme.equals( "https" );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 */
-	public void removeAttribute(String name) {
-		attrs.remove(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @param o
-	 */
-	public void setAttribute(String name, Object o) {
-		attrs.put(name,o);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param env
-	 * @throws UnsupportedEncodingException
-	 */
-	public void setCharacterEncoding(String env) throws UnsupportedEncodingException {
-
-	}
-
-	/**
-	 *
-	 * @param uri
-	 * @throws java.io.UnsupportedEncodingException
-	 */
-	public void setRequestURI(String uri) throws UnsupportedEncodingException {
-		this.uri = uri;
-	}
-
-	/**
-	 *
-	 * @param url
-	 * @throws java.io.UnsupportedEncodingException
-	 */
-	public void setRequestURL(String url) throws UnsupportedEncodingException {
-		// get the scheme
-		int p = url.indexOf( ":" );
-		this.scheme = url.substring( 0, p );
-
-		// get the queryString
-		int q = url.indexOf( "?" );
-		if ( q != -1 )
-		{
-			queryString = url.substring( q+1 );
-			url = url.substring( 0, q );
-		}
-		else
-			queryString = null;
-		this.url = url;
-	}
-
-	public void setScheme( String scheme ) {
-		this.scheme = scheme;
-	}
-
-	public void dump()
-	{
-		String[] names;
-
-		System.out.println();
-		System.out.println( "  " + this.getMethod() + " " + this.getRequestURL() );
-
-		names = headers.keySet().toArray(EMPTY_STRING_ARRAY);
-		Arrays.sort(names);	// make debugging a bit easier...
-		for (String name : names)
-			for(String value : headers.get(name))
-				System.out.println( "  " + name + ": " + value);
-		names = parameters.keySet().toArray(EMPTY_STRING_ARRAY);
-		Arrays.sort(names);
-		for (String name : names) {
-			for(String value : parameters.get(name))
-				System.out.println( "  " + name + "=" + value);
-		}
-		System.out.println( "\n" );
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URL;
+import java.security.Principal;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Vector;
+import javax.servlet.AsyncContext;
+import javax.servlet.DispatcherType;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpUpgradeHandler;
+import javax.servlet.http.Part;
+
+/**
+ * The Class MockHttpServletRequest.
+ *
+ * @author jwilliams
+ */
+public class MockHttpServletRequest implements HttpServletRequest
+{
+    private static final String HDR_CONTENT_TYPE = "Content-Type";
+    private static final String[] EMPTY_STRING_ARRAY = new String[0];
+
+    /** The requestDispatcher */
+    private RequestDispatcher requestDispatcher = new MockRequestDispatcher();
+
+    /** The session. */
+    private MockHttpSession session = null;
+
+    /** The cookies. */
+    private ArrayList<Cookie> cookies = new ArrayList<Cookie>();
+
+    /** The parameters. */
+    private Map<String,String[]> parameters = new HashMap<String,String[]>();
+
+    /** The headers. */
+    private Map<String,List<String>> headers = new HashMap<String,List<String>>();
+
+    private byte[] body;
+
+    private String scheme = "https";
+
+    private String remoteHost = "64.14.103.52";
+
+    private String serverHost = "64.14.103.52";
+
+    private String uri = "/test";
+
+    private String queryString = "pid=1&qid=test";
+
+    private String method = "POST";
+
+    private Map<String,Object> attrs = new HashMap<String,Object>();
+
+    public MockHttpServletRequest() {
+    }
+
+    public MockHttpServletRequest(String uri, byte[] body) {
+        this.body = body;
+        this.uri = uri;
+    }
+
+    public MockHttpServletRequest( URL url ) {
+        scheme = url.getProtocol();
+        serverHost = url.getHost();
+        uri = url.getPath();
+    }
+
+    public String getAuthType() {
+        return null;
+    }
+
+    public String getContextPath() {
+        return null;
+    }
+
+    /**
+     * Adds the parameter.
+     *
+     * @param name the name
+     * @param value the value
+     */
+    public void addParameter(String name, String value) {
+        String[] old = parameters.get(name);
+        if ( old == null ) {
+            old = new String[0];
+        }
+        String[] updated = new String[old.length + 1];
+        for ( int i = 0; i < old.length; i++ ) updated[i] = old[i];
+        updated[old.length] = value;
+        parameters.put(name, updated);
+    }
+
+    /**
+     * removeParameter removes the parameter name from the parameters map if it exists
+     *
+     * @param name
+     *             parameter name to be removed
+     */
+    public void removeParameter( String name ) {
+        parameters.remove( name );
+    }
+
+    /**
+     * Adds the header.
+     *
+     * @param name the name
+     * @param value the value
+     */
+    public void addHeader(String name, String value)
+    {
+        List<String> values;
+
+        if((values = headers.get(name))==null)
+        {
+            values = new ArrayList<String>();
+            headers.put(name, values);
+        }
+        values.add(value);
+    }
+
+    /**
+     * Set a header replacing any previous value(s).
+     * @param name the header name
+     * @param value the header value
+     */
+    public void setHeader(String name, String value)
+    {
+        List<String> values = new ArrayList<String>();
+
+        values.add(value);
+        headers.put(name,values);
+    }
+
+    /**
+     * Sets the cookies.
+     *
+     * @param list the new cookies
+     */
+    public void setCookies(ArrayList<Cookie> list) {
+        cookies = list;
+    }
+
+    public void setCookie(String name, String value ) {
+        Cookie c = new Cookie( name, value );
+        cookies.add( c );
+    }
+
+    public boolean clearCookie(String name) {
+        return cookies.remove(name);
+    }
+
+    public void clearCookies() {
+        cookies.clear();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Cookie[] getCookies() {
+        if ( cookies.isEmpty() ) return null;
+        return cookies.toArray(new Cookie[0]);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public long getDateHeader(String name) {
+        try {
+            Date date = SimpleDateFormat.getDateTimeInstance().parse( getParameter( name ) );
+            return date.getTime(); // TODO needs to be HTTP format
+        } catch( ParseException e ) {
+            return 0;
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * @param name
+     * @return The requested header value.
+     */
+    public String getHeader(String name) {
+        List<String> values;
+
+        if((values = headers.get(name))==null)
+            return null;
+        if(values.size() == 0)
+            return null;
+        return values.get(0);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @return Enumeration of header names as strings
+     */
+    public Enumeration<String> getHeaderNames()
+    {
+        return Collections.enumeration(headers.keySet());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Enumeration<String> getHeaders(String name) {
+        Vector<String> v = new Vector<String>();
+        v.add( getHeader( name ) );
+        return v.elements();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getIntHeader(String name) {
+
+        return 0;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getMethod() {
+        return method;
+    }
+
+    public void setMethod( String value ) {
+        method = value;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getPathInfo() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getPathTranslated() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getQueryString() {
+        return queryString;
+    }
+
+    /**
+     * Set the query string to return.
+     * @param str The query string to return.
+     */
+    public void setQueryString(String str)
+    {
+        this.queryString = str;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRemoteUser() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRequestURI() {
+        return uri;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public StringBuffer getRequestURL() {
+        return new StringBuffer( getScheme() + "://" + this.getServerName() + getRequestURI() + "?" + getQueryString() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRequestedSessionId() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getServletPath() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public HttpSession getSession() {
+        if (session != null) {
+            return getSession(false);
+        }
+        return getSession(true);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public HttpSession getSession(boolean create) {
+        if (session == null && create) {
+            session = new MockHttpSession();
+        } else if (session != null && session.getInvalidated()) {
+            session = new MockHttpSession();
+        }
+        return session;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Principal getUserPrincipal() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isRequestedSessionIdFromCookie() {
+
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isRequestedSessionIdFromURL() {
+
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+    @Deprecated
+    public boolean isRequestedSessionIdFromUrl() {
+
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isRequestedSessionIdValid() {
+
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isUserInRole(String role) {
+
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Object getAttribute(String name) {
+        return attrs.get(name);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Enumeration<String> getAttributeNames() {
+        return Collections.enumeration(attrs.keySet());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCharacterEncoding() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getContentLength() {
+        return body.length;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getContentType() {
+        return getHeader(HDR_CONTENT_TYPE);
+    }
+
+    public void setContentType( String value ) {
+        setHeader(HDR_CONTENT_TYPE, value);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public ServletInputStream getInputStream() throws IOException {
+        return new MockServletInputStream(body);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getLocalAddr() {
+        return "10.1.43.6";
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getLocalName() {
+        return "www.domain.com";
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getLocalPort() {
+        return 80;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Locale getLocale() {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Enumeration<Locale> getLocales() {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getParameter(String name) {
+        String[] values = parameters.get(name);
+        if ( values == null ) return null;
+        return values[0];
+    }
+
+    public void clearParameter(String name) {
+        parameters.remove( name );
+    }
+
+    public void clearParameters() {
+        parameters.clear();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Map<String, String[]> getParameterMap() {
+        return parameters;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Enumeration<String> getParameterNames() {
+        return Collections.enumeration(parameters.keySet());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String[] getParameterValues(String name) {
+        return parameters.get(name);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getProtocol() {
+        return "HTTP/1.1";
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public BufferedReader getReader() throws IOException {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+    @Deprecated
+    public String getRealPath(String path) {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRemoteAddr() {
+        return remoteHost;
+    }
+
+    public void setRemoteAddr(String remoteHost) {
+        this.remoteHost = remoteHost;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getRemoteHost() {
+        return remoteHost;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getRemotePort() {
+
+        return 0;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public RequestDispatcher getRequestDispatcher(String path) {
+        return requestDispatcher;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getScheme() {
+        return scheme;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getServerName() {
+        return serverHost;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getServerPort() {
+        return 80;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isSecure() {
+        return scheme.equals( "https" );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void removeAttribute(String name) {
+        attrs.remove(name);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setAttribute(String name, Object o) {
+        attrs.put(name,o);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setCharacterEncoding(String env) throws UnsupportedEncodingException {
+
+    }
+
+    public void setRequestURI(String uri) throws UnsupportedEncodingException {
+        this.uri = uri;
+    }
+
+    public void setRequestURL(String url) throws UnsupportedEncodingException {
+        // get the scheme
+        int p = url.indexOf( ":" );
+        this.scheme = url.substring( 0, p );
+
+        // get the queryString
+        int q = url.indexOf( "?" );
+        if ( q != -1 )
+        {
+            queryString = url.substring( q+1 );
+            url = url.substring( 0, q );
+        }
+        else
+            queryString = null;
+    }
+
+    public void setScheme( String scheme ) {
+        this.scheme = scheme;
+    }
+
+    public void dump()
+    {
+        String[] names;
+
+        System.out.println();
+        System.out.println( "  " + this.getMethod() + " " + this.getRequestURL() );
+
+        names = headers.keySet().toArray(EMPTY_STRING_ARRAY);
+        Arrays.sort(names);    // make debugging a bit easier...
+        for (String name : names)
+            for(String value : headers.get(name))
+                System.out.println( "  " + name + ": " + value);
+        names = parameters.keySet().toArray(EMPTY_STRING_ARRAY);
+        Arrays.sort(names);
+        for (String name : names) {
+            for(String value : parameters.get(name))
+                System.out.println( "  " + name + "=" + value);
+        }
+        System.out.println( "\n" );
+    }
+
+    @Override
+    public boolean authenticate(HttpServletResponse hsr) throws IOException, ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void login(String string, String string1) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void logout() throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Collection<Part> getParts() throws IOException, ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Part getPart(String string) throws IOException, ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletContext getServletContext() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public AsyncContext startAsync() throws IllegalStateException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public AsyncContext startAsync(ServletRequest sr, ServletResponse sr1) throws IllegalStateException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public boolean isAsyncStarted() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public boolean isAsyncSupported() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public AsyncContext getAsyncContext() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public DispatcherType getDispatcherType() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public long getContentLengthLong() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public String changeSessionId() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException, ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
index 43b4a7e7d..fadfe13f6 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
@@ -1,463 +1,389 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Locale;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-
-/**
- * The Class MockHttpServletResponse.
- * 
- * @author jwilliams
- */
-public class MockHttpServletResponse implements HttpServletResponse {
-
-	/** The cookies. */
-	List cookies = new ArrayList();
-
-	/** The header names. */
-	List headerNames = new ArrayList();
-
-	/** The header values. */
-	List headerValues = new ArrayList();
-
-	/** The status. */
-	int status = 200;
-
-	StringBuffer body = new StringBuffer();
-
-	String contentType = "text/html; charset=ISO-8895-1";
-
-	public String getBody() {
-		return body.toString();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param cookie
-	 */
-	public void addCookie(Cookie cookie) {
-		cookies.add(cookie);
-	}
-
-	/**
-	 * Gets the cookies.
-	 * 
-	 * @return the cookies
-	 */
-	public List getCookies() {
-		return cookies;
-	}
-
-	/**
-	 * 
-	 * @param name
-	 * @return
-	 */
-	public Cookie getCookie(String name) {
-		Iterator i = cookies.iterator();
-		while (i.hasNext()) {
-			Cookie c = (Cookie) i.next();
-			if (c.getName().equals(name)) {
-				return c;
-			}
-		}
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param date
-	 */
-	public void addDateHeader(String name, long date) {
-		headerNames.add(name);
-		headerValues.add("" + date);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void addHeader(String name, String value) {
-		headerNames.add(name);
-		headerValues.add(value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void addIntHeader(String name, int value) {
-		headerNames.add(name);
-		headerValues.add("" + value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @return
-	 */
-	public boolean containsHeader(String name) {
-		return headerNames.contains(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	/**
-	 * Gets the header.
-	 * 
-	 * @param name
-	 *            the name
-	 * 
-	 * @return the header
-	 */
-	public String getHeader(String name) {
-		int index = headerNames.indexOf(name);
-		if (index != -1) {
-			return (String) headerValues.get(index);
-		}
-		return null;
-	}
-
-	/**
-	 * Gets the header names.
-	 * 
-	 * @return the header names
-	 */
-	public List getHeaderNames() {
-		return headerNames;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 */
-	public String encodeRedirectURL(String url) {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public String encodeRedirectUrl(String url) {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 */
-	public String encodeURL(String url) {
-		String enc = url;
-		try { enc = ESAPI.encoder().encodeForURL(url);
-		} catch( Exception e ) {}
-		return enc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public String encodeUrl(String url) {
-		return encodeURL( url );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @throws IOException
-	 */
-	public void sendError(int sc) throws IOException {
-		status = sc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @param msg
-	 * @throws IOException
-	 */
-	public void sendError(int sc, String msg) throws IOException {
-		status = sc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param location
-	 * @throws IOException
-	 */
-	public void sendRedirect(String location) throws IOException {
-		status = HttpServletResponse.SC_MOVED_PERMANENTLY;
-		body = new StringBuffer( "Redirect to " + location );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param date
-	 */
-	public void setDateHeader(String name, long date) {
-		headerNames.add(name);
-		headerValues.add("" + date);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void setHeader(String name, String value) {
-		headerNames.add(name);
-		headerValues.add(value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void setIntHeader(String name, int value) {
-		headerNames.add(name);
-		headerValues.add("" + value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 */
-	public void setStatus(int sc) {
-		status = sc;
-	}
-
-	/**
-	 * Gets the status.
-	 * 
-	 * @return the status
-	 */
-	public int getStatus() {
-		return status;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @param sm
-	 * @deprecated
-	 */
-	@Deprecated
-	public void setStatus(int sc, String sm) {
-		status = sc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @throws IOException
-	 */
-	public void flushBuffer() throws IOException {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public int getBufferSize() {
-		return body.length();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public String getCharacterEncoding() {
-		return "UTF-8";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public String getContentType() {
-		return contentType;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public Locale getLocale() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 * @throws IOException
-	 */
-	public ServletOutputStream getOutputStream() throws IOException {
-		return new ServletOutputStream() {
-			public void write(int b) throws IOException {
-				body.append((char)b);
-			}
-		};
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 * @throws IOException
-	 */
-	public PrintWriter getWriter() throws IOException {
-		return new PrintWriter( getOutputStream(), true );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public boolean isCommitted() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void reset() {
-		body = new StringBuffer();
-		cookies = new ArrayList();
-		headerNames = new ArrayList();
-		headerValues = new ArrayList();
-		status = 200;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void resetBuffer() {
-		body = new StringBuffer();
-	}
-
-	public void setBody( String value ) {
-		body = new StringBuffer( value );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param size
-	 */
-	public void setBufferSize(int size) {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param charset
-	 */
-	public void setCharacterEncoding(String charset) {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param len
-	 */
-	public void setContentLength(int len) {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param type
-	 */
-	public void setContentType(String type) {
-		contentType = type;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param loc
-	 */
-	public void setLocale(Locale loc) {
-
-	}
-
-	/*
-	 * Dump the response in a semi-readable format close to a real HTTP response on the wire
-	 */
-	public void dump() {
-        System.out.println();
-		System.out.println( "  " + this.getStatus() + " " );
-        for ( Object name : getHeaderNames() ) System.out.println( "  " + name + "=" + getHeader( (String)name ) );
-        System.out.println( "  BODY: " + this.getBody() );
-        System.out.println();
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+
+/**
+ * The Class MockHttpServletResponse.
+ *
+ * @author jwilliams
+ */
+public class MockHttpServletResponse implements HttpServletResponse {
+
+    /** The cookies. */
+    List<Cookie> cookies = new ArrayList<Cookie>();
+
+    /** The header names. */
+    List<String> headerNames = new ArrayList<String>();
+
+    /** The header values. */
+    List<String> headerValues = new ArrayList<String>();
+
+    /** The status. */
+    int status = 200;
+
+    StringBuffer body = new StringBuffer();
+
+    String contentType = "text/html; charset=ISO-8895-1";
+
+    public String getBody() {
+        return body.toString();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addCookie(Cookie cookie) {
+        cookies.add(cookie);
+    }
+
+    public List<Cookie> getCookies() {
+        return cookies;
+    }
+
+    public Cookie getCookie(String name) {
+        Iterator<Cookie> i = cookies.iterator();
+        while (i.hasNext()) {
+            Cookie c = i.next();
+            if (c.getName().equals(name)) {
+                return c;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addDateHeader(String name, long date) {
+        headerNames.add(name);
+        headerValues.add("" + date);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addHeader(String name, String value) {
+        headerNames.add(name);
+        headerValues.add(value);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addIntHeader(String name, int value) {
+        headerNames.add(name);
+        headerValues.add("" + value);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean containsHeader(String name) {
+        return headerNames.contains(name);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getHeader(String name) {
+        int index = headerNames.indexOf(name);
+        if (index != -1) {
+            return headerValues.get(index);
+        }
+        return null;
+    }
+
+    /**
+     * Gets the header names.
+     *
+     * @return the header names
+     */
+    public List<String> getHeaderNames() {
+        return headerNames;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeRedirectURL(String url) {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+    @Deprecated
+    public String encodeRedirectUrl(String url) {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String encodeURL(String url) {
+        String enc = url;
+        try { enc = ESAPI.encoder().encodeForURL(url);
+        } catch( Exception e ) {}
+        return enc;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+    @Deprecated
+    public String encodeUrl(String url) {
+        return encodeURL( url );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void sendError(int sc) throws IOException {
+        status = sc;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void sendError(int sc, String msg) throws IOException {
+        status = sc;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void sendRedirect(String location) throws IOException {
+        status = HttpServletResponse.SC_MOVED_PERMANENTLY;
+        body = new StringBuffer( "Redirect to " + location );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setDateHeader(String name, long date) {
+        headerNames.add(name);
+        headerValues.add("" + date);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setHeader(String name, String value) {
+        headerNames.add(name);
+        headerValues.add(value);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setIntHeader(String name, int value) {
+        headerNames.add(name);
+        headerValues.add("" + value);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setStatus(int sc) {
+        status = sc;
+    }
+
+    /**
+     * Gets the status.
+     *
+     * @return the status
+     */
+    public int getStatus() {
+        return status;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+    @Deprecated
+    public void setStatus(int sc, String sm) {
+        status = sc;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void flushBuffer() throws IOException {
+
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getBufferSize() {
+        return body.length();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getCharacterEncoding() {
+        return "UTF-8";
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getContentType() {
+        return contentType;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Locale getLocale() {
+
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public ServletOutputStream getOutputStream() throws IOException {
+        return new ServletOutputStream() {
+            public void write(int b) throws IOException {
+                body.append((char)b);
+            }
+
+            @Override
+            public boolean isReady() {
+                return false;
+            }
+
+            @Override
+            public void setWriteListener(WriteListener writeListener) {
+                //NO-OP
+            }
+        };
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PrintWriter getWriter() throws IOException {
+        return new PrintWriter( getOutputStream(), true );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isCommitted() {
+
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void reset() {
+        body = new StringBuffer();
+        cookies = new ArrayList<Cookie>();
+        headerNames = new ArrayList<String>();
+        headerValues = new ArrayList<String>();
+        status = 200;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void resetBuffer() {
+        body = new StringBuffer();
+    }
+
+    public void setBody( String value ) {
+        body = new StringBuffer( value );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setBufferSize(int size) {
+
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setCharacterEncoding(String charset) {
+
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setContentLength(int len) {
+
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setContentType(String type) {
+        contentType = type;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setLocale(Locale loc) {
+
+    }
+
+    /*
+     * Dump the response in a semi-readable format close to a real HTTP response on the wire
+     */
+    public void dump() {
+        System.out.println();
+        System.out.println( "  " + this.getStatus() + " " );
+        for ( Object name : getHeaderNames() ) System.out.println( "  " + name + "=" + getHeader( (String)name ) );
+        System.out.println( "  BODY: " + this.getBody() );
+        System.out.println();
+    }
+
+    @Override
+    public Collection<String> getHeaders(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void setContentLengthLong(long len) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpSession.java b/src/test/java/org/owasp/esapi/http/MockHttpSession.java
index baaccf295..ef716fee2 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpSession.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpSession.java
@@ -1,267 +1,231 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpSession;
-
-/**
- * The Class MockHttpSession.
- * 
- * @author jwilliams
- */
-public class MockHttpSession implements HttpSession {
-
-	/** The invalidated. */
-	boolean invalidated = false;
-	
-	/** The creation time. */
-	private long creationTime=new Date().getTime();
-	
-	/** The accessed time. */
-	private long accessedTime=new Date().getTime();
-	
-	/** The count. */
-	private static int count = 1;
-	
-	/** The sessionid. */
-	private int sessionid=count++;
-	
-	/** The attributes. */
-	private Map attributes = new HashMap();
-	
-	/**
-	 * Instantiates a new test http session.
-	 */
-	public MockHttpSession() {
-		// to replace synthetic accessor method
-	}
-	
-	/**
-	 * Instantiates a new test http session.
-	 * 
-	 * @param creationTime
-	 *            the creation time
-	 * @param accessedTime
-	 *            the accessed time
-	 */
-	public MockHttpSession( long creationTime, long accessedTime ) {
-		this.creationTime = creationTime;
-		this.accessedTime = accessedTime;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @return
-     */
-	public Object getAttribute(String string) {
-		return attributes.get( string );
-	}
-
-    /**
-     * {@inheritDoc}
-     * 
-     * @return
-     */
-	public Enumeration getAttributeNames() {
-		Vector v = new Vector( attributes.keySet() );
-		return v.elements();
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public long getCreationTime() {
-		return creationTime;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public String getId() {
-		return ""+sessionid;
-	}
-
-	/**
-	 * Gets the invalidated.
-	 * 
-	 * @return the invalidated
-	 */
-	public boolean getInvalidated() {
-		return invalidated;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public long getLastAccessedTime() {
-		return accessedTime;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public int getMaxInactiveInterval() {
-		return 0;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public ServletContext getServletContext() {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return null
-     * @deprecated
-     */
-        @Deprecated
-	// need the full class here as for whatever stupid reason you can't
-	// seem to @SuppressWarnings{'deprecation'} on the import... *sigh*
-	public javax.servlet.http.HttpSessionContext getSessionContext() {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @return
-     * @deprecated
-     */
-     	@Deprecated
-	public Object getValue(String string) {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     * @deprecated
-     */
-     	@Deprecated
-	public String[] getValueNames() {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public void invalidate() {
-		invalidated = true;
-	}
-    
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public boolean isNew() {
-		return true;
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @param object
-     * @deprecated
-     */
-     	@Deprecated
-	public void putValue(String string, Object object) {
-		setAttribute( string, object );
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     */
-	public void removeAttribute(String string) {
-		attributes.remove( string );
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @deprecated
-     */
-     	@Deprecated
-	public void removeValue(String string) {
-		removeAttribute( string );
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @param object
-     */
-	public void setAttribute(String string, Object object) {
-		attributes.put(string, object);
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param i
-     */
-	public void setMaxInactiveInterval(int i) {
-		// stub
-	}
-	
-    /**
-     *
-     * @param time
-     */
-    public void setAccessedTime( long time ) {
-		this.accessedTime = time;
-	}
-
-	
-    /**
-     *
-     * @param time
-     */
-    public void setCreationTime( long time ) {
-		this.creationTime = time;
-	}
-
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpSession;
+
+/**
+ * The Class MockHttpSession.
+ *
+ * @author jwilliams
+ */
+public class MockHttpSession implements HttpSession {
+
+    /** The invalidated. */
+    boolean invalidated = false;
+
+    /** The creation time. */
+    private long creationTime=new Date().getTime();
+
+    /** The accessed time. */
+    private long accessedTime=new Date().getTime();
+
+    /** The count. */
+    private static int count = 1;
+
+    /** The sessionid. */
+    private int sessionid=count++;
+
+    /** The attributes. */
+    private Map<String, Object> attributes = new HashMap<String, Object>();
+
+    /**
+     * Instantiates a new test HTTP session.
+     */
+    public MockHttpSession() {
+        // to replace synthetic accessor method
+    }
+
+    /**
+     * Instantiates a new test http session.
+     *
+     * @param creationTime
+     *            the creation time
+     * @param accessedTime
+     *            the accessed time
+     */
+    public MockHttpSession( long creationTime, long accessedTime ) {
+        this.creationTime = creationTime;
+        this.accessedTime = accessedTime;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Object getAttribute(String string) {
+        return attributes.get( string );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Enumeration<String> getAttributeNames() {
+        Vector<String> v = new Vector<String>( attributes.keySet() );
+        return v.elements();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public long getCreationTime() {
+        return creationTime;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getId() {
+        return ""+sessionid;
+    }
+
+    /**
+     * Gets the invalidated.
+     *
+     * @return the invalidated
+     */
+    public boolean getInvalidated() {
+        return invalidated;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public long getLastAccessedTime() {
+        return accessedTime;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public int getMaxInactiveInterval() {
+        return 0;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public ServletContext getServletContext() {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+        @Deprecated
+    // need the full class here as for whatever stupid reason you can't
+    // seem to @SuppressWarnings{'deprecation'} on the import... *sigh*
+    public javax.servlet.http.HttpSessionContext getSessionContext() {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+         @Deprecated
+    public Object getValue(String string) {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+         @Deprecated
+    public String[] getValueNames() {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void invalidate() {
+        invalidated = true;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isNew() {
+        return true;
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+         @Deprecated
+    public void putValue(String string, Object object) {
+        setAttribute( string, object );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void removeAttribute(String string) {
+        attributes.remove( string );
+    }
+
+    /**
+     * {@inheritDoc}
+     * @deprecated
+     */
+         @Deprecated
+    public void removeValue(String string) {
+        removeAttribute( string );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setAttribute(String string, Object object) {
+        attributes.put(string, object);
+    }
+
+    /**
+     * {@inheritDoc}
+=     */
+    public void setMaxInactiveInterval(int i) {
+        // stub
+    }
+
+    /**
+     *
+     * @param time
+     */
+    public void setAccessedTime( long time ) {
+        this.accessedTime = time;
+    }
+
+
+    /**
+     *
+     * @param time
+     */
+    public void setCreationTime( long time ) {
+        this.creationTime = time;
+    }
+
+}
+
diff --git a/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java b/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java
index 3cec7a156..d0117ce8d 100644
--- a/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java
+++ b/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java
@@ -1,54 +1,54 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.IOException;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-/**
- *
- * @author jwilliams
- */
-public class MockRequestDispatcher implements RequestDispatcher {
-
-    /**
-     *
-     * @param request
-     * @param response
-     * @throws javax.servlet.ServletException
-     * @throws java.io.IOException
-     */
-    public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException {
-    	System.out.println( "Forwarding" );
-    }
-    
-    /**
-     *
-     * @param request
-     * @param response
-     * @throws javax.servlet.ServletException
-     * @throws java.io.IOException
-     */
-    public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException {
-    	System.out.println( "Including" );
-    }
-}
-
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.IOException;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class MockRequestDispatcher implements RequestDispatcher {
+
+    /**
+     *
+     * @param request
+     * @param response
+     * @throws javax.servlet.ServletException
+     * @throws java.io.IOException
+     */
+    public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException {
+        System.out.println( "Forwarding" );
+    }
+
+    /**
+     *
+     * @param request
+     * @param response
+     * @throws javax.servlet.ServletException
+     * @throws java.io.IOException
+     */
+    public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException {
+        System.out.println( "Including" );
+    }
+}
+
+
diff --git a/src/test/java/org/owasp/esapi/http/MockServletContext.java b/src/test/java/org/owasp/esapi/http/MockServletContext.java
index b577ab2bb..062577090 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletContext.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletContext.java
@@ -1,554 +1,701 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Enumeration;
-import java.util.Set;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.Servlet;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-/**
- * Defines a set of methods that a servlet uses to communicate with its
- * servlet container, for example, to get the MIME type of a file, dispatch
- * requests, or write to a log file.
- *
- * <p>There is one context per "web application" per Java Virtual Machine.  (A
- * "web application" is a collection of servlets and content installed under a
- * specific subset of the server's URL namespace such as <code>/catalog</code>
- * and possibly installed via a <code>.war</code> file.)
- *
- * <p>In the case of a web
- * application marked "distributed" in its deployment descriptor, there will
- * be one context instance for each virtual machine.  In this situation, the
- * context cannot be used as a location to share global information (because
- * the information won't be truly global).  Use an external resource like
- * a database instead.
- *
- * <p>The <code>ServletContext</code> object is contained within
- * the {@link ServletConfig} object, which the Web server provides the
- * servlet when the servlet is initialized.
- *
- * @see Servlet#getServletConfig
- * @see ServletConfig#getServletContext
- *
- * @version $Rev: 46019 $ $Date: 2004-09-14 04:56:06 -0500 (Tue, 14 Sep 2004) $
- */
-public class MockServletContext implements ServletContext {
-    @Override
-    public String getContextPath() {
-        return "/";
-    }
-
-    /**
-     * Returns a <code>ServletContext</code> object that
-     * corresponds to a specified URL on the server.
-     *
-     * <p>This method allows servlets to gain
-     * access to the context for various parts of the server, and as
-     * needed obtain {@link RequestDispatcher} objects from the context.
-     * The given path must be begin with "/", is interpreted relative
-     * to the server's document root and is matched against the context roots of
-     * other web applications hosted on this container.
-     *
-     * <p>In a security conscious environment, the servlet container may
-     * return <code>null</code> for a given URL.
-     *
-     * @param uripath a <code>String</code> specifying the context path of
-     * another web application in the container.
-     * @return the <code>ServletContext</code> object that
-     * corresponds to the named URL, or null if either none exists or the
-     * container wishes to restrict this access.
-     *
-     * @see RequestDispatcher
-     */
-    public ServletContext getContext(String uripath) {
-    	return null;
-    }
-
-    /**
-     * Returns the major version of the Java Servlet API that this
-     * servlet container supports. All implementations that comply
-     * with Version 2.4 must have this method
-     * return the integer 2.
-     *
-     * @return 2
-     */
-    public int getMajorVersion() {
-    	return 2;
-    }
-
-    /**
-     * Returns the minor version of the Servlet API that this
-     * servlet container supports. All implementations that comply
-     * with Version 2.4 must have this method
-     * return the integer 4.
-     */
-    public int getMinorVersion() {
-    	return 4;
-    }
-
-    /**
-     * Returns the MIME type of the specified file, or <code>null</code> if
-     * the MIME type is not known. The MIME type is determined
-     * by the configuration of the servlet container, and may be specified
-     * in a web application deployment descriptor. Common MIME
-     * types are <code>"text/html"</code> and <code>"image/gif"</code>.
-     *
-     * @param file a <code>String</code> specifying the name
-     * of a file
-     *
-     * @return a <code>String</code> specifying the file's MIME type
-     */
-    public String getMimeType(String file) {
-    	return "text/html";
-    }
-
-    /**
-     * Returns a directory-like listing of all the paths to resources within
-     * the web application whose longest sub-path matches the supplied path
-     * argument. Paths indicating subdirectory paths end with a '/'. The
-     * returned paths are all relative to the root of the web application and
-     * have a leading '/'. For example, for a web application containing<br>
-     * <br>
-     * /welcome.html<br>
-     * /catalog/index.html<br>
-     * /catalog/products.html<br>
-     * /catalog/offers/books.html<br>
-     * /catalog/offers/music.html<br>
-     * /customer/login.jsp<br>
-     * /WEB-INF/web.xml<br>
-     * /WEB-INF/classes/com.acme.OrderServlet.class,<br><br>
-     *
-     * getResourcePaths("/") returns {"/welcome.html", "/catalog/", "/customer/", "/WEB-INF/"}<br>
-     * getResourcePaths("/catalog/") returns {"/catalog/index.html", "/catalog/products.html", "/catalog/offers/"}.<br>
-     *
-     * @param path the partial path used to match the resources,
-     *  which must start with a /
-     * @return a Set containing the directory listing, or null if there are no
-     * resources in the web application whose path begins with the supplied path.
-     *
-     * @since Servlet 2.3
-     */
-    public Set getResourcePaths(String path) {
-    	return null;
-    }
-
-    /**
-     * Returns a URL to the resource that is mapped to a specified
-     * path. The path must begin with a "/" and is interpreted
-     * as relative to the current context root.
-     *
-     * <p>This method allows the servlet container to make a resource
-     * available to servlets from any source. Resources
-     * can be located on a local or remote
-     * file system, in a database, or in a <code>.war</code> file.
-     *
-     * <p>The servlet container must implement the URL handlers
-     * and <code>URLConnection</code> objects that are necessary
-     * to access the resource.
-     *
-     * <p>This method returns <code>null</code>
-     * if no resource is mapped to the pathname.
-     *
-     * <p>Some containers may allow writing to the URL returned by
-     * this method using the methods of the URL class.
-     *
-     * <p>The resource content is returned directly, so be aware that
-     * requesting a <code>.jsp</code> page returns the JSP source code.
-     * Use a <code>RequestDispatcher</code> instead to include results of
-     * an execution.
-     *
-     * <p>This method has a different purpose than
-     * <code>java.lang.Class.getResource</code>,
-     * which looks up resources based on a class loader. This
-     * method does not use class loaders.
-     *
-     * @param path a <code>String</code> specifying the path to the resource
-     *
-     * @return the resource located at the named path, or <code>null</code>
-     * if there is no resource at that path
-     *
-     * @exception MalformedURLException if the pathname is not given in
-     * the correct form
-     */
-    public URL getResource(String path) throws MalformedURLException {
-    	return null;
-    }
-
-    /**
-     * Returns the resource located at the named path as
-     * an <code>InputStream</code> object.
-     *
-     * <p>The data in the <code>InputStream</code> can be
-     * of any type or length. The path must be specified according
-     * to the rules given in <code>getResource</code>.
-     * This method returns <code>null</code> if no resource exists at
-     * the specified path.
-     *
-     * <p>Meta-information such as content length and content type
-     * that is available via <code>getResource</code>
-     * method is lost when using this method.
-     *
-     * <p>The servlet container must implement the URL handlers
-     * and <code>URLConnection</code> objects necessary to access
-     * the resource.
-     *
-     * <p>This method is different from
-     * <code>java.lang.Class.getResourceAsStream</code>,
-     * which uses a class loader. This method allows servlet containers
-     * to make a resource available
-     * to a servlet from any location, without using a class loader.
-     *
-     * @param path a <code>String</code> specifying the path
-     * to the resource
-     *
-     * @return the <code>InputStream</code> returned to the
-     * servlet, or <code>null</code> if no resource exists at the
-     * specified path
-     */
-    public InputStream getResourceAsStream(String path) {
-    	return null;
-    }
-
-    /**
-     * Returns a {@link RequestDispatcher} object that acts
-     * as a wrapper for the resource located at the given path.
-     * A <code>RequestDispatcher</code> object can be used to forward
-     * a request to the resource or to include the resource in a response.
-     * The resource can be dynamic or static.
-     *
-     * <p>The pathname must begin with a "/" and is interpreted as relative
-     * to the current context root.  Use <code>getContext</code> to obtain
-     * a <code>RequestDispatcher</code> for resources in foreign contexts.
-     * This method returns <code>null</code> if the <code>ServletContext</code>
-     * cannot return a <code>RequestDispatcher</code>.
-     *
-     * @param path a <code>String</code> specifying the pathname
-     * to the resource
-     *
-     * @return a <code>RequestDispatcher</code> object that acts as a wrapper
-     * for the resource at the specified path, or <code>null</code> if the
-     * <code>ServletContext</code> cannot return a <code>RequestDispatcher</code>
-     *
-     * @see RequestDispatcher
-     * @see ServletContext#getContext
-     */
-    public RequestDispatcher getRequestDispatcher(String path) {
-    	return null;
-    }
-
-    /**
-     * Returns a {@link RequestDispatcher} object that acts
-     * as a wrapper for the named servlet.
-     *
-     * <p>Servlets (and JSP pages also) may be given names via server
-     * administration or via a web application deployment descriptor.
-     * A servlet instance can determine its name using
-     * {@link ServletConfig#getServletName}.
-     *
-     * <p>This method returns <code>null</code> if the
-     * <code>ServletContext</code>
-     * cannot return a <code>RequestDispatcher</code> for any reason.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of a servlet to wrap
-     *
-     * @return a <code>RequestDispatcher</code> object
-     * that acts as a wrapper for the named servlet,
-     * or <code>null</code> if the <code>ServletContext</code>
-     * cannot return a <code>RequestDispatcher</code>
-     *
-     * @see RequestDispatcher
-     * @see ServletContext#getContext
-     * @see ServletConfig#getServletName
-     */
-    public RequestDispatcher getNamedDispatcher(String name) {
-    	return null;
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.1, with no direct replacement.
-     *
-     * <p>This method was originally defined to retrieve a servlet
-     * from a <code>ServletContext</code>. In this version, this method
-     * always returns <code>null</code> and remains only to preserve
-     * binary compatibility. This method will be permanently removed
-     * in a future version of the Java Servlet API.
-     *
-     * <p>In lieu of this method, servlets can share information using the
-     * <code>ServletContext</code> class and can perform shared business logic
-     * by invoking methods on common non-servlet classes.
-     */
-    public Servlet getServlet(String name) throws ServletException {
-    	return null;
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.0, with no replacement.
-     *
-     * <p>This method was originally defined to return an <code>Enumeration</code>
-     * of all the servlets known to this servlet context. In this
-     * version, this method always returns an empty enumeration and
-     * remains only to preserve binary compatibility. This method
-     * will be permanently removed in a future version of the Java
-     * Servlet API.
-     */
-    public Enumeration getServlets() {
-    	return null;
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.1, with no replacement.
-     *
-     * <p>This method was originally defined to return an
-     * <code>Enumeration</code>
-     * of all the servlet names known to this context. In this version,
-     * this method always returns an empty <code>Enumeration</code> and
-     * remains only to preserve binary compatibility. This method will
-     * be permanently removed in a future version of the Java Servlet API.
-     */
-    public Enumeration getServletNames() {
-    	return null;
-    }
-
-    /**
-     * Writes the specified message to a servlet log file, usually
-     * an event log. The name and type of the servlet log file is
-     * specific to the servlet container.
-     *
-     * @param msg a <code>String</code> specifying the
-     * message to be written to the log file
-     */
-    public void log(String msg) {
-    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg );
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.1, use
-     * {@link #log(String message, Throwable throwable)}
-     * instead.
-     *
-     * <p>This method was originally defined to write an
-     * exception's stack trace and an explanatory error message
-     * to the servlet log file.
-     */
-    public void log(Exception exception, String msg) {
-    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg, exception );
-    }
-
-    /**
-     * Writes an explanatory message and a stack trace
-     * for a given <code>Throwable</code> exception
-     * to the servlet log file. The name and type of the servlet log
-     * file is specific to the servlet container, usually an event log.
-     *
-     * @param message a <code>String</code> that
-     * describes the error or exception
-     *
-     * @param throwable the <code>Throwable</code> error
-     * or exception
-     */
-    public void log(String message, Throwable throwable) {
-    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, message, throwable );
-    }
-
-    /**
-     * Returns a <code>String</code> containing the real path
-     * for a given virtual path. For example, the path "/index.html"
-     * returns the absolute file path on the server's filesystem would be
-     * served by a request for "http://host/contextPath/index.html",
-     * where contextPath is the context path of this ServletContext..
-     *
-     * <p>The real path returned will be in a form
-     * appropriate to the computer and operating system on
-     * which the servlet container is running, including the
-     * proper path separators. This method returns <code>null</code>
-     * if the servlet container cannot translate the virtual path
-     * to a real path for any reason (such as when the content is
-     * being made available from a <code>.war</code> archive).
-     *
-     * @param path a <code>String</code> specifying a virtual path
-     *
-     * @return a <code>String</code> specifying the real path,
-     * or null if the translation cannot be performed
-     */
-    public String getRealPath(String path) {
-    	return ESAPI.securityConfiguration().getResourceFile( path ).getAbsolutePath();
-    }
-
-    /**
-     * Returns the name and version of the servlet container on which
-     * the servlet is running.
-     *
-     * <p>The form of the returned string is
-     * <i>servername</i>/<i>versionnumber</i>.
-     * For example, the JavaServer Web Development Kit may return the string
-     * <code>JavaServer Web Dev Kit/1.0</code>.
-     *
-     * <p>The servlet container may return other optional information
-     * after the primary string in parentheses, for example,
-     * <code>JavaServer Web Dev Kit/1.0 (JDK 1.1.6; Windows NT 4.0 x86)</code>.
-     *
-     * @return a <code>String</code> containing at least the
-     * servlet container name and version number
-     */
-    public String getServerInfo() {
-    	return null;
-    }
-
-    /**
-     * Returns a <code>String</code> containing the value of the named
-     * context-wide initialization parameter, or <code>null</code> if the
-     * parameter does not exist.
-     *
-     * <p>This method can make available configuration information useful
-     * to an entire "web application".  For example, it can provide a
-     * webmaster's email address or the name of a system that holds
-     * critical data.
-     *
-     * @param name a <code>String</code> containing the name of the
-     * parameter whose value is requested
-     *
-     * @return a <code>String</code> containing at least the
-     * servlet container name and version number
-     *
-     * @see ServletConfig#getInitParameter
-     */
-    public String getInitParameter(String name) {
-    	return null;
-    }
-
-    /**
-     * Returns the names of the context's initialization parameters as an
-     * <code>Enumeration</code> of <code>String</code> objects, or an
-     * empty <code>Enumeration</code> if the context has no initialization
-     * parameters.
-     *
-     * @return an <code>Enumeration</code> of <code>String</code>
-     * objects containing the names of the context's initialization parameters
-     *
-     * @see ServletConfig#getInitParameter
-     */
-    public Enumeration getInitParameterNames() {
-    	return null;
-    }
-
-
-    /**
-     * Returns the servlet container attribute with the given name,
-     * or <code>null</code> if there is no attribute by that name.
-     * An attribute allows a servlet container to give the
-     * servlet additional information not
-     * already provided by this interface. See your
-     * server documentation for information about its attributes.
-     * A list of supported attributes can be retrieved using
-     * <code>getAttributeNames</code>.
-     *
-     * <p>The attribute is returned as a <code>java.lang.Object</code>
-     * or some subclass.
-     * Attribute names should follow the same convention as package
-     * names. The Java Servlet API specification reserves names
-     * matching <code>java.*</code>, <code>javax.*</code>,
-     * and <code>sun.*</code>.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of the attribute
-     *
-     * @return an <code>Object</code> containing the value
-     * of the attribute, or <code>null</code> if no attribute
-     * exists matching the given name
-     *
-     * @see ServletContext#getAttributeNames
-     */
-    public Object getAttribute(String name) {
-    	return null;
-    }
-
-    /**
-     * Returns an <code>Enumeration</code> containing the
-     * attribute names available
-     * within this servlet context. Use the
-     * {@link #getAttribute} method with an attribute name
-     * to get the value of an attribute.
-     *
-     * @return an <code>Enumeration</code> of attribute names
-     *
-     * @see #getAttribute
-     */
-    public Enumeration getAttributeNames() {
-    	return null;
-    }
-
-    /**
-     * Binds an object to a given attribute name in this servlet context. If
-     * the name specified is already used for an attribute, this
-     * method will replace the attribute with the new to the new attribute.
-     * <p>If listeners are configured on the <code>ServletContext</code> the
-     * container notifies them accordingly.
-     * <p>
-     * If a null value is passed, the effect is the same as calling
-     * <code>removeAttribute()</code>.
-     *
-     * <p>Attribute names should follow the same convention as package
-     * names. The Java Servlet API specification reserves names
-     * matching <code>java.*</code>, <code>javax.*</code>, and
-     * <code>sun.*</code>.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of the attribute
-     *
-     * @param object an <code>Object</code> representing the
-     * attribute to be bound
-     */
-    public void setAttribute(String name, Object object) {
-    }
-
-    /**
-     * Removes the attribute with the given name from
-     * the servlet context. After removal, subsequent calls to
-     * {@link #getAttribute} to retrieve the attribute's value
-     * will return <code>null</code>.
-     *
-     * <p>If listeners are configured on the <code>ServletContext</code> the
-     * container notifies them accordingly.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of the attribute to be removed
-     */
-    public void removeAttribute(String name) {
-    }
-
-    /**
-     * Returns the name of this web application correponding to this ServletContext as specified in the deployment
-     * descriptor for this web application by the display-name element.
-     *
-     * @return The name of the web application or null if no name has been declared in the deployment descriptor.
-     * @since Servlet 2.3
-     */
-    public String getServletContextName() {
-    	return null;
-    }
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+import java.util.EventListener;
+import java.util.Map;
+import java.util.Set;
+import javax.servlet.Filter;
+import javax.servlet.FilterRegistration;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.Servlet;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRegistration;
+import javax.servlet.SessionCookieConfig;
+import javax.servlet.SessionTrackingMode;
+import javax.servlet.descriptor.JspConfigDescriptor;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+/**
+ * Defines a set of methods that a servlet uses to communicate with its
+ * servlet container, for example, to get the MIME type of a file, dispatch
+ * requests, or write to a log file.
+ *
+ * <p>There is one context per "web application" per Java Virtual Machine.  (A
+ * "web application" is a collection of servlets and content installed under a
+ * specific subset of the server's URL namespace such as <code>/catalog</code>
+ * and possibly installed via a <code>.war</code> file.)
+ *
+ * <p>In the case of a web
+ * application marked "distributed" in its deployment descriptor, there will
+ * be one context instance for each virtual machine.  In this situation, the
+ * context cannot be used as a location to share global information (because
+ * the information won't be truly global).  Use an external resource like
+ * a database instead.
+ *
+ * <p>The <code>ServletContext</code> object is contained within
+ * the {@link ServletConfig} object, which the Web server provides the
+ * servlet when the servlet is initialized.
+ *
+ * @see Servlet#getServletConfig
+ * @see ServletConfig#getServletContext
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 04:56:06 -0500 (Tue, 14 Sep 2004) $
+ */
+public class MockServletContext implements ServletContext {
+    @Override
+    public String getContextPath() {
+        return "/";
+    }
+
+    /**
+     * Returns a <code>ServletContext</code> object that
+     * corresponds to a specified URL on the server.
+     *
+     * <p>This method allows servlets to gain
+     * access to the context for various parts of the server, and as
+     * needed obtain {@link RequestDispatcher} objects from the context.
+     * The given path must be begin with "/", is interpreted relative
+     * to the server's document root and is matched against the context roots of
+     * other web applications hosted on this container.
+     *
+     * <p>In a security conscious environment, the servlet container may
+     * return <code>null</code> for a given URL.
+     *
+     * @param uripath a <code>String</code> specifying the context path of
+     * another web application in the container.
+     * @return the <code>ServletContext</code> object that
+     * corresponds to the named URL, or null if either none exists or the
+     * container wishes to restrict this access.
+     *
+     * @see RequestDispatcher
+     */
+    public ServletContext getContext(String uripath) {
+        return null;
+    }
+
+    /**
+     * Returns the major version of the Java Servlet API that this
+     * servlet container supports. All implementations that comply
+     * with Version 2.4 must have this method
+     * return the integer 2.
+     *
+     * @return 2
+     */
+    public int getMajorVersion() {
+        return 2;
+    }
+
+    /**
+     * Returns the minor version of the Servlet API that this
+     * servlet container supports. All implementations that comply
+     * with Version 2.4 must have this method
+     * return the integer 4.
+     */
+    public int getMinorVersion() {
+        return 4;
+    }
+
+    /**
+     * Returns the MIME type of the specified file, or <code>null</code> if
+     * the MIME type is not known. The MIME type is determined
+     * by the configuration of the servlet container, and may be specified
+     * in a web application deployment descriptor. Common MIME
+     * types are <code>"text/html"</code> and <code>"image/gif"</code>.
+     *
+     * @param file a <code>String</code> specifying the name
+     * of a file
+     *
+     * @return a <code>String</code> specifying the file's MIME type
+     */
+    public String getMimeType(String file) {
+        return "text/html";
+    }
+
+    /**
+     * Returns a directory-like listing of all the paths to resources within
+     * the web application whose longest sub-path matches the supplied path
+     * argument. Paths indicating subdirectory paths end with a '/'. The
+     * returned paths are all relative to the root of the web application and
+     * have a leading '/'. For example, for a web application containing<br>
+     * <br>
+     * /welcome.html<br>
+     * /catalog/index.html<br>
+     * /catalog/products.html<br>
+     * /catalog/offers/books.html<br>
+     * /catalog/offers/music.html<br>
+     * /customer/login.jsp<br>
+     * /WEB-INF/web.xml<br>
+     * /WEB-INF/classes/com.acme.OrderServlet.class,<br><br>
+     *
+     * getResourcePaths("/") returns {"/welcome.html", "/catalog/", "/customer/", "/WEB-INF/"}<br>
+     * getResourcePaths("/catalog/") returns {"/catalog/index.html", "/catalog/products.html", "/catalog/offers/"}.<br>
+     *
+     * @param path the partial path used to match the resources,
+     *  which must start with a /
+     * @return a Set containing the directory listing, or null if there are no
+     * resources in the web application whose path begins with the supplied path.
+     *
+     * @since Servlet 2.3
+     */
+    public Set getResourcePaths(String path) {
+        return null;
+    }
+
+    /**
+     * Returns a URL to the resource that is mapped to a specified
+     * path. The path must begin with a "/" and is interpreted
+     * as relative to the current context root.
+     *
+     * <p>This method allows the servlet container to make a resource
+     * available to servlets from any source. Resources
+     * can be located on a local or remote
+     * file system, in a database, or in a <code>.war</code> file.
+     *
+     * <p>The servlet container must implement the URL handlers
+     * and <code>URLConnection</code> objects that are necessary
+     * to access the resource.
+     *
+     * <p>This method returns <code>null</code>
+     * if no resource is mapped to the pathname.
+     *
+     * <p>Some containers may allow writing to the URL returned by
+     * this method using the methods of the URL class.
+     *
+     * <p>The resource content is returned directly, so be aware that
+     * requesting a <code>.jsp</code> page returns the JSP source code.
+     * Use a <code>RequestDispatcher</code> instead to include results of
+     * an execution.
+     *
+     * <p>This method has a different purpose than
+     * <code>java.lang.Class.getResource</code>,
+     * which looks up resources based on a class loader. This
+     * method does not use class loaders.
+     *
+     * @param path a <code>String</code> specifying the path to the resource
+     *
+     * @return the resource located at the named path, or <code>null</code>
+     * if there is no resource at that path
+     *
+     * @exception MalformedURLException if the pathname is not given in
+     * the correct form
+     */
+    public URL getResource(String path) throws MalformedURLException {
+        return null;
+    }
+
+    /**
+     * Returns the resource located at the named path as
+     * an <code>InputStream</code> object.
+     *
+     * <p>The data in the <code>InputStream</code> can be
+     * of any type or length. The path must be specified according
+     * to the rules given in <code>getResource</code>.
+     * This method returns <code>null</code> if no resource exists at
+     * the specified path.
+     *
+     * <p>Meta-information such as content length and content type
+     * that is available via <code>getResource</code>
+     * method is lost when using this method.
+     *
+     * <p>The servlet container must implement the URL handlers
+     * and <code>URLConnection</code> objects necessary to access
+     * the resource.
+     *
+     * <p>This method is different from
+     * <code>java.lang.Class.getResourceAsStream</code>,
+     * which uses a class loader. This method allows servlet containers
+     * to make a resource available
+     * to a servlet from any location, without using a class loader.
+     *
+     * @param path a <code>String</code> specifying the path
+     * to the resource
+     *
+     * @return the <code>InputStream</code> returned to the
+     * servlet, or <code>null</code> if no resource exists at the
+     * specified path
+     */
+    public InputStream getResourceAsStream(String path) {
+        return null;
+    }
+
+    /**
+     * Returns a {@link RequestDispatcher} object that acts
+     * as a wrapper for the resource located at the given path.
+     * A <code>RequestDispatcher</code> object can be used to forward
+     * a request to the resource or to include the resource in a response.
+     * The resource can be dynamic or static.
+     *
+     * <p>The pathname must begin with a "/" and is interpreted as relative
+     * to the current context root.  Use <code>getContext</code> to obtain
+     * a <code>RequestDispatcher</code> for resources in foreign contexts.
+     * This method returns <code>null</code> if the <code>ServletContext</code>
+     * cannot return a <code>RequestDispatcher</code>.
+     *
+     * @param path a <code>String</code> specifying the pathname
+     * to the resource
+     *
+     * @return a <code>RequestDispatcher</code> object that acts as a wrapper
+     * for the resource at the specified path, or <code>null</code> if the
+     * <code>ServletContext</code> cannot return a <code>RequestDispatcher</code>
+     *
+     * @see RequestDispatcher
+     * @see ServletContext#getContext
+     */
+    public RequestDispatcher getRequestDispatcher(String path) {
+        return null;
+    }
+
+    /**
+     * Returns a {@link RequestDispatcher} object that acts
+     * as a wrapper for the named servlet.
+     *
+     * <p>Servlets (and JSP pages also) may be given names via server
+     * administration or via a web application deployment descriptor.
+     * A servlet instance can determine its name using
+     * {@link ServletConfig#getServletName}.
+     *
+     * <p>This method returns <code>null</code> if the
+     * <code>ServletContext</code>
+     * cannot return a <code>RequestDispatcher</code> for any reason.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of a servlet to wrap
+     *
+     * @return a <code>RequestDispatcher</code> object
+     * that acts as a wrapper for the named servlet,
+     * or <code>null</code> if the <code>ServletContext</code>
+     * cannot return a <code>RequestDispatcher</code>
+     *
+     * @see RequestDispatcher
+     * @see ServletContext#getContext
+     * @see ServletConfig#getServletName
+     */
+    public RequestDispatcher getNamedDispatcher(String name) {
+        return null;
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.1, with no direct replacement.
+     *
+     * <p>This method was originally defined to retrieve a servlet
+     * from a <code>ServletContext</code>. In this version, this method
+     * always returns <code>null</code> and remains only to preserve
+     * binary compatibility. This method will be permanently removed
+     * in a future version of the Java Servlet API.
+     *
+     * <p>In lieu of this method, servlets can share information using the
+     * <code>ServletContext</code> class and can perform shared business logic
+     * by invoking methods on common non-servlet classes.
+     */
+    @Deprecated
+    public Servlet getServlet(String name) throws ServletException {
+        return null;
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.0, with no replacement.
+     *
+     * <p>This method was originally defined to return an <code>Enumeration</code>
+     * of all the servlets known to this servlet context. In this
+     * version, this method always returns an empty enumeration and
+     * remains only to preserve binary compatibility. This method
+     * will be permanently removed in a future version of the Java
+     * Servlet API.
+     */
+    @Deprecated
+    public Enumeration getServlets() {
+        return null;
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.1, with no replacement.
+     *
+     * <p>This method was originally defined to return an
+     * <code>Enumeration</code>
+     * of all the servlet names known to this context. In this version,
+     * this method always returns an empty <code>Enumeration</code> and
+     * remains only to preserve binary compatibility. This method will
+     * be permanently removed in a future version of the Java Servlet API.
+     */
+    @Deprecated
+    public Enumeration getServletNames() {
+        return null;
+    }
+
+    /**
+     * Writes the specified message to a servlet log file, usually
+     * an event log. The name and type of the servlet log file is
+     * specific to the servlet container.
+     *
+     * @param msg a <code>String</code> specifying the
+     * message to be written to the log file
+     */
+    public void log(String msg) {
+        ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg );
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.1, use
+     * {@link #log(String message, Throwable throwable)}
+     * instead.
+     *
+     * <p>This method was originally defined to write an
+     * exception's stack trace and an explanatory error message
+     * to the servlet log file.
+     */
+    @Deprecated
+    public void log(Exception exception, String msg) {
+        ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg, exception );
+    }
+
+    /**
+     * Writes an explanatory message and a stack trace
+     * for a given <code>Throwable</code> exception
+     * to the servlet log file. The name and type of the servlet log
+     * file is specific to the servlet container, usually an event log.
+     *
+     * @param message a <code>String</code> that
+     * describes the error or exception
+     *
+     * @param throwable the <code>Throwable</code> error
+     * or exception
+     */
+    public void log(String message, Throwable throwable) {
+        ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, message, throwable );
+    }
+
+    /**
+     * Returns a <code>String</code> containing the real path
+     * for a given virtual path. For example, the path "/index.html"
+     * returns the absolute file path on the server's filesystem would be
+     * served by a request for "http://host/contextPath/index.html",
+     * where contextPath is the context path of this ServletContext..
+     *
+     * <p>The real path returned will be in a form
+     * appropriate to the computer and operating system on
+     * which the servlet container is running, including the
+     * proper path separators. This method returns <code>null</code>
+     * if the servlet container cannot translate the virtual path
+     * to a real path for any reason (such as when the content is
+     * being made available from a <code>.war</code> archive).
+     *
+     * @param path a <code>String</code> specifying a virtual path
+     *
+     * @return a <code>String</code> specifying the real path,
+     * or null if the translation cannot be performed
+     */
+    public String getRealPath(String path) {
+        return ESAPI.securityConfiguration().getResourceFile( path ).getAbsolutePath();
+    }
+
+    /**
+     * Returns the name and version of the servlet container on which
+     * the servlet is running.
+     *
+     * <p>The form of the returned string is
+     * <i>servername</i>/<i>versionnumber</i>.
+     * For example, the JavaServer Web Development Kit may return the string
+     * <code>JavaServer Web Dev Kit/1.0</code>.
+     *
+     * <p>The servlet container may return other optional information
+     * after the primary string in parentheses, for example,
+     * <code>JavaServer Web Dev Kit/1.0 (JDK 1.1.6; Windows NT 4.0 x86)</code>.
+     *
+     * @return a <code>String</code> containing at least the
+     * servlet container name and version number
+     */
+    public String getServerInfo() {
+        return null;
+    }
+
+    /**
+     * Returns a <code>String</code> containing the value of the named
+     * context-wide initialization parameter, or <code>null</code> if the
+     * parameter does not exist.
+     *
+     * <p>This method can make available configuration information useful
+     * to an entire "web application".  For example, it can provide a
+     * webmaster's email address or the name of a system that holds
+     * critical data.
+     *
+     * @param name a <code>String</code> containing the name of the
+     * parameter whose value is requested
+     *
+     * @return a <code>String</code> containing at least the
+     * servlet container name and version number
+     *
+     * @see ServletConfig#getInitParameter
+     */
+    public String getInitParameter(String name) {
+        return null;
+    }
+
+    /**
+     * Returns the names of the context's initialization parameters as an
+     * <code>Enumeration</code> of <code>String</code> objects, or an
+     * empty <code>Enumeration</code> if the context has no initialization
+     * parameters.
+     *
+     * @return an <code>Enumeration</code> of <code>String</code>
+     * objects containing the names of the context's initialization parameters
+     *
+     * @see ServletConfig#getInitParameter
+     */
+    public Enumeration getInitParameterNames() {
+        return null;
+    }
+
+
+    /**
+     * Returns the servlet container attribute with the given name,
+     * or <code>null</code> if there is no attribute by that name.
+     * An attribute allows a servlet container to give the
+     * servlet additional information not
+     * already provided by this interface. See your
+     * server documentation for information about its attributes.
+     * A list of supported attributes can be retrieved using
+     * <code>getAttributeNames</code>.
+     *
+     * <p>The attribute is returned as a <code>java.lang.Object</code>
+     * or some subclass.
+     * Attribute names should follow the same convention as package
+     * names. The Java Servlet API specification reserves names
+     * matching <code>java.*</code>, <code>javax.*</code>,
+     * and <code>sun.*</code>.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of the attribute
+     *
+     * @return an <code>Object</code> containing the value
+     * of the attribute, or <code>null</code> if no attribute
+     * exists matching the given name
+     *
+     * @see ServletContext#getAttributeNames
+     */
+    public Object getAttribute(String name) {
+        return null;
+    }
+
+    /**
+     * Returns an <code>Enumeration</code> containing the
+     * attribute names available
+     * within this servlet context. Use the
+     * {@link #getAttribute} method with an attribute name
+     * to get the value of an attribute.
+     *
+     * @return an <code>Enumeration</code> of attribute names
+     *
+     * @see #getAttribute
+     */
+    public Enumeration getAttributeNames() {
+        return null;
+    }
+
+    /**
+     * Binds an object to a given attribute name in this servlet context. If
+     * the name specified is already used for an attribute, this
+     * method will replace the attribute with the new to the new attribute.
+     * <p>If listeners are configured on the <code>ServletContext</code> the
+     * container notifies them accordingly.
+     * <p>
+     * If a null value is passed, the effect is the same as calling
+     * <code>removeAttribute()</code>.
+     *
+     * <p>Attribute names should follow the same convention as package
+     * names. The Java Servlet API specification reserves names
+     * matching <code>java.*</code>, <code>javax.*</code>, and
+     * <code>sun.*</code>.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of the attribute
+     *
+     * @param object an <code>Object</code> representing the
+     * attribute to be bound
+     */
+    public void setAttribute(String name, Object object) {
+    }
+
+    /**
+     * Removes the attribute with the given name from
+     * the servlet context. After removal, subsequent calls to
+     * {@link #getAttribute} to retrieve the attribute's value
+     * will return <code>null</code>.
+     *
+     * <p>If listeners are configured on the <code>ServletContext</code> the
+     * container notifies them accordingly.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of the attribute to be removed
+     */
+    public void removeAttribute(String name) {
+    }
+
+    /**
+     * Returns the name of this web application correponding to this ServletContext as specified in the deployment
+     * descriptor for this web application by the display-name element.
+     *
+     * @return The name of the web application or null if no name has been declared in the deployment descriptor.
+     * @since Servlet 2.3
+     */
+    public String getServletContextName() {
+        return null;
+    }
+
+    @Override
+    public int getEffectiveMajorVersion() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public int getEffectiveMinorVersion() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public boolean setInitParameter(String string, String string1) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration.Dynamic addServlet(String string, String string1) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration.Dynamic addServlet(String string, Servlet srvlt) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration.Dynamic addServlet(String string, Class<? extends Servlet> type) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends Servlet> T createServlet(Class<T> type) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration getServletRegistration(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Map<String, ? extends ServletRegistration> getServletRegistrations() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration.Dynamic addFilter(String string, String string1) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration.Dynamic addFilter(String string, Filter filter) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration.Dynamic addFilter(String string, Class<? extends Filter> type) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends Filter> T createFilter(Class<T> type) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration getFilterRegistration(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Map<String, ? extends FilterRegistration> getFilterRegistrations() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public SessionCookieConfig getSessionCookieConfig() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void setSessionTrackingModes(Set<SessionTrackingMode> set) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void addListener(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends EventListener> void addListener(T t) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void addListener(Class<? extends EventListener> type) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends EventListener> T createListener(Class<T> type) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public JspConfigDescriptor getJspConfigDescriptor() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ClassLoader getClassLoader() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void declareRoles(String... strings) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public String getVirtualServerName() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
 }
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/http/MockServletInputStream.java b/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
index 1e7c90389..f54b49144 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
@@ -1,51 +1,69 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import javax.servlet.ServletInputStream;
-import java.io.IOException;
-
-/**
- *
- * @author jwilliams
- */
-public class MockServletInputStream extends ServletInputStream {
-
-    private byte[] body;
-
-    private int next;
-
-    /**
-     * constructor
-     * @param body
-     */
-    public MockServletInputStream(byte[] body) {
-        this.body = body;
-    }
-
-    /**
-     * read
-     * @return 
-     * @throws IOException
-     */
-    public int read() throws IOException {
-        if (next < body.length) {
-            return body[next++];
-        } else {
-            return -1;
-        }
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import javax.servlet.ReadListener;
+import javax.servlet.ServletInputStream;
+import java.io.IOException;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class MockServletInputStream extends ServletInputStream {
+
+    private byte[] body;
+
+    private int next;
+
+    private boolean isDone = false;
+    /**
+     * constructor
+     * @param body
+     */
+    public MockServletInputStream(byte[] body) {
+        this.body = body;
+    }
+
+    /**
+     * read
+     * @return the next char from this InputStream
+     * @throws IOException
+     */
+    public int read() throws IOException {
+        if (next < body.length) {
+            return body[next++];
+        } else {
+            isDone = true;
+            return -1;
+        }
+    }
+
+    @Override
+    public boolean isFinished() {
+        return isDone;
+    }
+
+    @Override
+    public boolean isReady() {
+        return false;
+    }
+
+    @Override
+    public void setReadListener(ReadListener readListener) {
+        //NO_OP
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/http/package.html b/src/test/java/org/owasp/esapi/http/package.html
index 76f720fb6..c61efd69f 100644
--- a/src/test/java/org/owasp/esapi/http/package.html
+++ b/src/test/java/org/owasp/esapi/http/package.html
@@ -1,15 +1,15 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-A few simple mock classes to help test the ESAPI reference
-implementation. These classes are not fully functional and only
-implement the functions required to test the library. These
-implementations are not fully accurate and may not behave like the real
-Java EE classes.
-
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+A few simple mock classes to help test the ESAPI reference
+implementation. These classes are not fully functional and only
+implement the functions required to test the library. These
+implementations are not fully accurate and may not behave like the real
+Java EE classes.
+
+</body>
+</html>
diff --git a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
new file mode 100644
index 000000000..e3dcd76a5
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
@@ -0,0 +1,168 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.when;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.User;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ESAPI.class})
+@PowerMockIgnore("javax.security.*") //Required since User extends javax.security.Principal
+public class ClientInfoSupplierTest {
+    private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+
+    @Rule
+    public TestName testName = new TestName();
+
+    private HttpServletRequest mockRequest;
+    private HttpSession mockSession;
+    private Authenticator mockAuth;
+    private Randomizer mockRand;
+    private User mockUser;
+
+    @Before
+    public void before() throws Exception {
+        mockAuth =mock(Authenticator.class);
+        mockRand =mock(Randomizer.class);
+        mockRequest =mock(HttpServletRequest.class);
+        mockSession =mock(HttpSession.class);
+        mockUser =mock(User.class);
+
+        mockStatic(ESAPI.class);
+        when(ESAPI.class, "currentRequest").thenReturn(mockRequest);
+        when(ESAPI.class, "authenticator").thenReturn(mockAuth);
+        when(ESAPI.class, "randomizer").thenReturn(mockRand);
+
+        when(mockRequest.getSession(false)).thenReturn(mockSession);
+        when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(testName.getMethodName()+ "-SESSION");
+
+        //Session value generation
+        when(mockRand.getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn(55555);
+
+        when(mockUser.getLastHostAddress()).thenReturn(testName.getMethodName() + "-HOST_ADDR");
+
+
+        when(mockAuth.getCurrentUser()).thenReturn(mockUser);
+    }
+
+    @Test
+    public void testHappyPath() throws Exception {
+        ClientInfoSupplier cis = new ClientInfoSupplier();
+        cis.setLogClientInfo(true);
+        String result = cis.get();
+
+        assertEquals(testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
+
+        verify(mockAuth,times(1)).getCurrentUser();
+        verify(mockRequest,times(1)).getSession(false);
+        verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
+        verify(mockUser,times(1)).getLastHostAddress();
+
+        verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+    }
+
+    @Test
+    public void testLogUserOff() {
+        ClientInfoSupplier cis = new ClientInfoSupplier();
+        cis.setLogClientInfo(false);
+        String result = cis.get();
+
+        assertTrue(result.isEmpty());
+
+        verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+    }
+
+    @Test
+    public void testLogUserNull() {
+        when(mockAuth.getCurrentUser()).thenReturn(null);
+        ClientInfoSupplier cis = new ClientInfoSupplier();
+        cis.setLogClientInfo(true);
+        String result = cis.get();
+
+        assertEquals(testName.getMethodName()+ "-SESSION@#UNKNOWN_HOST#", result);
+
+        verify(mockAuth,times(1)).getCurrentUser();
+        verify(mockRequest,times(1)).getSession(false);
+        verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
+
+        verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+    }
+
+    @Test
+    public void testNullRequest() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(null);
+        ClientInfoSupplier cis = new ClientInfoSupplier();
+        cis.setLogClientInfo(true);
+        String result = cis.get();
+
+        //sid is empty when request is null
+        assertEquals("@"+testName.getMethodName() + "-HOST_ADDR", result);
+
+        verify(mockAuth,times(1)).getCurrentUser();
+        verify(mockUser,times(1)).getLastHostAddress();
+
+        verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+    }
+
+    @Test
+    public void testNullSession() throws Exception {
+        when(mockRequest.getSession(false)).thenReturn(null);
+        ClientInfoSupplier cis = new ClientInfoSupplier();
+        cis.setLogClientInfo(true);
+        String result = cis.get();
+
+        //sid is empty when session is null
+        assertEquals("@"+testName.getMethodName() + "-HOST_ADDR", result);
+
+
+        verify(mockAuth,times(1)).getCurrentUser();
+        verify(mockRequest,times(1)).getSession(false);
+        verify(mockUser,times(1)).getLastHostAddress();
+
+
+        verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+    }
+
+
+
+    @Test
+    public void testNullEsapiSession() throws Exception {
+        when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(null);
+        ClientInfoSupplier cis = new ClientInfoSupplier();
+        cis.setLogClientInfo(true);
+        String result = cis.get();
+
+        //sid is empty when session is null
+        assertEquals("55555@"+testName.getMethodName() + "-HOST_ADDR", result);
+
+        verify(mockAuth,times(1)).getCurrentUser();
+        verify(mockRequest,times(1)).getSession(false);
+        verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
+        verify(mockSession, times(1)).setAttribute(ESAPI_SESSION_ATTR, (""+55555));
+        verify(mockRand, times(1)).getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt());
+        verify(mockUser,times(1)).getLastHostAddress();
+
+        verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+    }
+}
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java
new file mode 100644
index 000000000..3f8858bfa
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierIgnoreEventTypeTest.java
@@ -0,0 +1,45 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.owasp.esapi.Logger;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+@RunWith(Parameterized.class)
+public class EventTypeLogSupplierIgnoreEventTypeTest {
+
+    @Parameterized.Parameters (name="{0} -> {1}")
+    public static Collection<Object[]> assembleTests() {
+        List<Object[]> paramSets = new ArrayList<>();
+        paramSets.add(new Object[] {Logger.EVENT_FAILURE,""});
+        paramSets.add(new Object[] {Logger.EVENT_SUCCESS,""});
+        paramSets.add(new Object[] {Logger.EVENT_UNSPECIFIED,""});
+        paramSets.add(new Object[] {Logger.SECURITY_AUDIT,""});
+        paramSets.add(new Object[] {Logger.SECURITY_FAILURE,""});
+        paramSets.add(new Object[] {Logger.SECURITY_SUCCESS,""});
+        paramSets.add(new Object[] {null, ""});
+
+        return paramSets;
+    }
+
+    private final Logger.EventType eventType;
+    private final String expectedResult;
+
+    public EventTypeLogSupplierIgnoreEventTypeTest(Logger.EventType eventType, String result) {
+        this.eventType = eventType;
+        this.expectedResult = result;
+    }
+
+    @Test
+    public void testEventTypeLogIgnoreEventType() {
+        EventTypeLogSupplier supplier = new EventTypeLogSupplier(eventType);
+        supplier.setLogEventType(false);
+        assertEquals(expectedResult, supplier.get());
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
new file mode 100644
index 000000000..f547ce61c
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
@@ -0,0 +1,46 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+
+@RunWith(Parameterized.class)
+public class EventTypeLogSupplierTest {
+
+    @Parameters (name="{0} -> {1}")
+    public static Collection<Object[]> assembleTests() {
+        List<Object[]> paramSets = new ArrayList<>();
+        paramSets.add(new Object[] {Logger.EVENT_FAILURE,Logger.EVENT_FAILURE.toString()});
+        paramSets.add(new Object[] {Logger.EVENT_SUCCESS,Logger.EVENT_SUCCESS.toString()});
+        paramSets.add(new Object[] {Logger.EVENT_UNSPECIFIED,Logger.EVENT_UNSPECIFIED.toString()});
+        paramSets.add(new Object[] {Logger.SECURITY_AUDIT,Logger.SECURITY_AUDIT.toString()});
+        paramSets.add(new Object[] {Logger.SECURITY_FAILURE,Logger.SECURITY_FAILURE.toString()});
+        paramSets.add(new Object[] {Logger.SECURITY_SUCCESS,Logger.SECURITY_SUCCESS.toString()});
+        paramSets.add(new Object[] {null, Logger.EVENT_UNSPECIFIED.toString()});
+
+        return paramSets;
+    }
+
+    private final EventType eventType;
+    private final String expectedResult;
+
+    public EventTypeLogSupplierTest(EventType eventType, String result) {
+        this.eventType = eventType;
+        this.expectedResult = result;
+    }
+    @Test
+    public void testEventTypeLog() {
+        EventTypeLogSupplier supplier = new EventTypeLogSupplier(eventType);
+        assertEquals(expectedResult, supplier.get());
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
new file mode 100644
index 000000000..cbd368b5e
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
@@ -0,0 +1,218 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(LogPrefixAppender.class)
+public class LogPrefixAppenderTest {
+    private static final String EMPTY_RESULT = "   ";
+    private static final String ETL_RESULT = "EVENT_TYPE";
+    private static final String CIS_RESULT = "CLIENT_INFO";
+    private static final String UIS_RESULT = "USER_INFO";
+    private static final String SIS_RESULT = "SERVER_INFO";
+
+    @Rule
+    public TestName testName = new TestName();
+
+    private String testLoggerName = testName.getMethodName() + "-LOGGER";
+    private String testLogMessage =  testName.getMethodName() + "-MESSAGE";
+    private String testApplicationName = testName.getMethodName() + "-APPLICATION_NAME";
+    private EventType testEventType = Logger.EVENT_UNSPECIFIED;
+
+    private EventTypeLogSupplier etlsSpy;
+    private ClientInfoSupplier cisSpy;
+    private UserInfoSupplier uisSpy;
+    private ServerInfoSupplier sisSpy;
+
+    @Before
+    public void buildSupplierSpies() {
+        etlsSpy = spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED));
+        uisSpy = spy(new UserInfoSupplier());
+        cisSpy = spy(new ClientInfoSupplier());
+        sisSpy = spy(new ServerInfoSupplier(testName.getMethodName()));
+
+        testLoggerName = testName.getMethodName() + "-LOGGER";
+        testLogMessage =  testName.getMethodName() + "-MESSAGE";
+        testApplicationName =  testName.getMethodName() + "-APPLICATION_NAME";
+    }
+    @Test
+    public void testCtrArgTruePassthroughToDelegates() throws Exception {
+        when(etlsSpy.get()).thenReturn(ETL_RESULT);
+        when(uisSpy.get()).thenReturn(UIS_RESULT);
+        when(cisSpy.get()).thenReturn(CIS_RESULT);
+        when(sisSpy.get()).thenReturn(SIS_RESULT);
+
+        whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy);
+
+        LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName);
+        lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        verify(uisSpy, times(1)).setLogUserInfo(true);
+        verify(cisSpy, times(1)).setLogClientInfo(true);
+        verify(sisSpy, times(1)).setLogServerIp(true);
+        verify(sisSpy, times(1)).setLogApplicationName(true, testApplicationName);
+    }
+
+    @Test
+    public void testCtrArgFalsePassthroughToDelegates() throws Exception {
+        when(etlsSpy.get()).thenReturn(ETL_RESULT);
+        when(uisSpy.get()).thenReturn(UIS_RESULT);
+        when(cisSpy.get()).thenReturn(CIS_RESULT);
+        when(sisSpy.get()).thenReturn(SIS_RESULT);
+
+        whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy);
+
+        LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null);
+        lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        verify(uisSpy, times(1)).setLogUserInfo(false);
+        verify(cisSpy, times(1)).setLogClientInfo(false);
+        verify(sisSpy, times(1)).setLogServerIp(false);
+        verify(sisSpy, times(1)).setLogApplicationName(false, null);
+    }
+
+    @Test
+    public void testDelegateCtrArgs() throws Exception {
+        ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
+        ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
+        whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
+
+        LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName);
+        lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        assertEquals(testEventType, eventTypeCapture.getValue());
+        assertEquals(testLoggerName, logNameCapture.getValue());
+    }
+
+    @Test
+    public void testLogContentWhenClientInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, "[EVENT_TYPE USER_INFO -> SERVER_INFO]");
+    }
+
+
+    @Test
+    public void testLogContentWhenUserInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenClientInfoEmptyAndServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, "[EVENT_TYPE USER_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoEmptyAndServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, "[EVENT_TYPE CLIENT_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoAndClientInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, "[EVENT_TYPE -> SERVER_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, "[EVENT_TYPE USER_INFO:CLIENT_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, "[EVENT_TYPE]");
+    }
+
+    private void runTest(String typeResult, String userResult, String clientResult, String serverResult, String exResult) throws Exception{
+        when(etlsSpy.get()).thenReturn(typeResult);
+        when(uisSpy.get()).thenReturn(userResult);
+        when(cisSpy.get()).thenReturn(clientResult);
+        when(sisSpy.get()).thenReturn(serverResult);
+
+        whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy);
+
+        //Since everything is mocked these booleans don't much matter aside from the later verifies
+        LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null);
+        String result =   lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        assertEquals(exResult + " " + testName.getMethodName() + "-MESSAGE", result);
+    }
+
+    @Test
+    public void testLogContentWhenServerInfoEmptyAndIgnoreLogPrefix() throws Exception {
+        runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, false, "[ USER_INFO:CLIENT_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception {
+        runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, CIS_RESULT, EMPTY_RESULT, false, "[ CLIENT_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndIgnoreLogPrefix() throws Exception {
+        runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, false, "[ -> SERVER_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenClientInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception {
+        runTestWithLogPrefixIgnore(ETL_RESULT, UIS_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, "[ USER_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmptyAndIgnoreLogPrefix() throws Exception {
+        runTestWithLogPrefixIgnore(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, false, "");
+    }
+
+    private void runTestWithLogPrefixIgnore(String typeResult, String userResult, String clientResult, String serverResult, boolean logPrefix, String exResult) throws Exception{
+        etlsSpy.setLogEventType(logPrefix);
+        when(etlsSpy.get()).thenReturn(typeResult);
+
+        when(uisSpy.get()).thenReturn(userResult);
+        when(cisSpy.get()).thenReturn(clientResult);
+
+        sisSpy.setLogLogName(logPrefix);
+        when(sisSpy.get()).thenReturn(serverResult);
+
+        whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy);
+
+        //Since everything is mocked these booleans don't much matter aside from the later verifies
+        LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null, false);
+        String result =   lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        if (exResult.isEmpty()) {
+            assertEquals( testName.getMethodName() + "-MESSAGE", result);
+        }
+        else {
+            assertEquals(exResult + " " + testName.getMethodName() + "-MESSAGE", result);
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java
new file mode 100644
index 000000000..5bd3c8335
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierIgnoreLogNameTest.java
@@ -0,0 +1,116 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.when;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.owasp.esapi.ESAPI;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ ESAPI.class })
+public class ServerInfoSupplierIgnoreLogNameTest {
+    @Rule
+    public TestName testName = new TestName();
+
+    private HttpServletRequest request;
+
+    @Before
+    public void buildStaticMocks() {
+        request = mock(HttpServletRequest.class);
+        mockStatic(ESAPI.class);
+    }
+
+    @Test
+    public void verifyFullOutputIgnoreLogName() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(request);
+        when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+        when(request.getLocalPort()).thenReturn(99999);
+
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
+        sis.setLogServerIp(true);
+        sis.setLogLogName(false);
+
+        String result = sis.get();
+        assertEquals("LOCAL_ADDR:99999/" + testName.getMethodName() + "-APPLICATION",
+                result);
+    }
+
+    @Test
+    public void verifyOutputNullRequestIgnoreLogName() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(null);
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
+        sis.setLogServerIp(true);
+        sis.setLogLogName(false);
+
+        String result = sis.get();
+        assertEquals("/" + testName.getMethodName() + "-APPLICATION", result);
+    }
+
+    @Test
+    public void verifyOutputNoAppNameIgnoreLogName() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(request);
+        when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+        when(request.getLocalPort()).thenReturn(99999);
+
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(false, null);
+        sis.setLogServerIp(true);
+        sis.setLogLogName(false);
+
+        String result = sis.get();
+        assertEquals("LOCAL_ADDR:99999", result);
+    }
+
+    @Test
+    public void verifyOutputNullAppNameIgnoreLogName() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(request);
+        when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+        when(request.getLocalPort()).thenReturn(99999);
+
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, null);
+        sis.setLogServerIp(true);
+        sis.setLogLogName(false);
+
+        String result = sis.get();
+        assertEquals("LOCAL_ADDR:99999/null", result);
+    }
+
+    @Test
+    public void verifyOutputNoServerIpIgnoreLogName() {
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
+        sis.setLogServerIp(false);
+        sis.setLogLogName(false);
+
+        String result = sis.get();
+        assertEquals("/" + testName.getMethodName() + "-APPLICATION", result);
+    }
+
+    @Test
+    public void verifyOutputNullRequestNoServerIpNullAppNameIgnoreLogName() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(null);
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(false, null);
+        sis.setLogServerIp(false);
+        sis.setLogLogName(false);
+
+        String result = sis.get();
+        assertEquals("", result);
+    }
+
+
+}
+
diff --git a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java
new file mode 100644
index 000000000..807c61290
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java
@@ -0,0 +1,97 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.when;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.owasp.esapi.ESAPI;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ ESAPI.class })
+public class ServerInfoSupplierTest {
+    @Rule
+    public TestName testName = new TestName();
+
+    private HttpServletRequest request;
+
+    @Before
+    public void buildStaticMocks() {
+        request = mock(HttpServletRequest.class);
+        mockStatic(ESAPI.class);
+    }
+
+    @Test
+    public void verifyFullOutput() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(request);
+        when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+        when(request.getLocalPort()).thenReturn(99999);
+
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
+        sis.setLogServerIp(true);
+
+        String result = sis.get();
+        assertEquals("LOCAL_ADDR:99999/" + testName.getMethodName() + "-APPLICATION/" + testName.getMethodName(),
+                result);
+    }
+
+    @Test
+    public void verifyOutputNullRequest() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(null);
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
+        sis.setLogServerIp(true);
+
+        String result = sis.get();
+        assertEquals("/" + testName.getMethodName() + "-APPLICATION/" + testName.getMethodName(), result);
+    }
+
+    @Test
+    public void verifyOutputNoAppName() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(request);
+        when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+        when(request.getLocalPort()).thenReturn(99999);
+
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(false, null);
+        sis.setLogServerIp(true);
+
+        String result = sis.get();
+        assertEquals("LOCAL_ADDR:99999/" + testName.getMethodName(), result);
+    }
+
+    @Test
+    public void verifyOutputNullAppName() throws Exception {
+        when(ESAPI.class, "currentRequest").thenReturn(request);
+        when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+        when(request.getLocalPort()).thenReturn(99999);
+
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, null);
+        sis.setLogServerIp(true);
+
+        String result = sis.get();
+        assertEquals("LOCAL_ADDR:99999/null/" + testName.getMethodName(), result);
+    }
+
+    @Test
+    public void verifyOutputNoServerIp() {
+        ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+        sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
+        sis.setLogServerIp(false);
+
+        String result = sis.get();
+        assertEquals("/" + testName.getMethodName() + "-APPLICATION/" + testName.getMethodName(), result);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/appender/UserInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/UserInfoSupplierTest.java
new file mode 100644
index 000000000..f873816f0
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/UserInfoSupplierTest.java
@@ -0,0 +1,95 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.when;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.User;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ESAPI.class})
+@PowerMockIgnore("javax.security.*") //Required since User extends javax.security.Principal
+public class UserInfoSupplierTest {
+    private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+
+    @Rule
+    public TestName testName = new TestName();
+
+    private Authenticator mockAuth;
+    private User mockUser;
+
+    @Before
+    public void before() throws Exception {
+        mockAuth =mock(Authenticator.class);
+        mockUser =mock(User.class);
+
+        mockStatic(ESAPI.class);
+        when(ESAPI.class, "authenticator").thenReturn(mockAuth);
+
+        when(mockUser.getAccountName()).thenReturn(testName.getMethodName() + "-USER");
+
+
+        when(mockAuth.getCurrentUser()).thenReturn(mockUser);
+    }
+
+    @Test
+    public void testHappyPath() throws Exception {
+        UserInfoSupplier uis = new UserInfoSupplier();
+        uis.setLogUserInfo(true);
+        String result = uis.get();
+
+        assertEquals(testName.getMethodName() + "-USER", result);
+
+        verify(mockAuth,times(1)).getCurrentUser();
+        verify(mockUser,times(1)).getAccountName();
+
+        verifyNoMoreInteractions(mockAuth, mockUser);
+    }
+
+    @Test
+    public void testLogUserOff() {
+        UserInfoSupplier uis = new UserInfoSupplier();
+        uis.setLogUserInfo(false);
+        String result = uis.get();
+
+        assertTrue(result.isEmpty());
+        verify(mockAuth,times(1)).getCurrentUser();
+
+        verifyNoMoreInteractions(mockAuth, mockUser);
+    }
+
+    @Test
+    public void testLogUserNull() {
+        when(mockAuth.getCurrentUser()).thenReturn(null);
+        UserInfoSupplier uis = new UserInfoSupplier();
+        uis.setLogUserInfo(true);
+        String result = uis.get();
+
+        assertEquals("#ANONYMOUS#", result);
+
+        verify(mockAuth,times(1)).getCurrentUser();
+
+        verifyNoMoreInteractions(mockAuth,  mockUser);
+    }
+
+}
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
new file mode 100644
index 000000000..8ca742673
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
@@ -0,0 +1,73 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.cleaning;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.codecs.Codec;
+
+public class CodecLogScrubberTest {
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    @Test
+    public void testNullCodecThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("cannot be null");
+
+        new CodecLogScrubber(null, new char[0]);
+    }
+
+    @Test
+    public void testNullImmuneIsEmpty() {
+        String message = "cleanThis";
+        @SuppressWarnings("unchecked")
+        Codec<String> mockCodec = Mockito.mock(Codec.class);
+
+        CodecLogScrubber scrubber = new CodecLogScrubber(mockCodec, null);
+
+        ArgumentCaptor<char[]> immuneCapture = ArgumentCaptor.forClass(char[].class);
+
+        scrubber.cleanMessage(message);
+
+        Mockito.verify(mockCodec, Mockito.times(1)).encode(immuneCapture.capture(), ArgumentMatchers.matches(message));
+        Mockito.verifyNoMoreInteractions(mockCodec);
+
+        assertEquals(0, immuneCapture.getValue().length);
+    }
+
+    @Test
+    public void testCleanMessage() {
+        char[] immune = new char[] { 'a', 'b', 'c' };
+        String message = "cleanThis";
+        @SuppressWarnings("unchecked")
+        Codec<String> mockCodec = Mockito.mock(Codec.class);
+
+        CodecLogScrubber scrubber = new CodecLogScrubber(mockCodec, immune);
+
+        scrubber.cleanMessage(message);
+
+        Mockito.verify(mockCodec, Mockito.times(1)).encode(ArgumentMatchers.same(immune), ArgumentMatchers.matches(message));
+        Mockito.verifyNoMoreInteractions(mockCodec);
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
new file mode 100644
index 000000000..fa11554b4
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
@@ -0,0 +1,68 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.cleaning;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.mockito.Mockito;
+
+public class CompositeLogScrubberTest {
+
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    @Test
+    public void testNullListThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("cannot be null");
+
+        new CompositeLogScrubber(null);
+    }
+
+    @Test
+    public void testPassthroughOnEmpty() {
+        String str = "Testing Content";
+        String cleaned = new CompositeLogScrubber(new ArrayList<LogScrubber>()).cleanMessage(str);
+        assertEquals(str, cleaned);
+    }
+
+    @Test
+    public void testListIteration() {
+        LogScrubber scrub1 = Mockito.mock(LogScrubber.class);
+        LogScrubber scrub2 = Mockito.mock(LogScrubber.class);
+        CompositeLogScrubber scrubber = new CompositeLogScrubber(Arrays.asList(scrub1, scrub2));
+
+        String msg1 = "start";
+        String msg2 = "scrub1 return";
+        String msg3 = "scrub2 return";
+
+        Mockito.when(scrub1.cleanMessage(msg1)).thenReturn(msg2);
+        Mockito.when(scrub2.cleanMessage(msg2)).thenReturn(msg3);
+
+        String cleaned = scrubber.cleanMessage(msg1);
+
+        Mockito.verify(scrub1, Mockito.times(1)).cleanMessage(msg1);
+        Mockito.verify(scrub2, Mockito.times(1)).cleanMessage(msg2);
+
+        assertEquals(msg3, cleaned);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
new file mode 100644
index 000000000..810f3f210
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
@@ -0,0 +1,42 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.cleaning;
+
+import static org.junit.Assert.assertEquals;
+import org.junit.Test;
+
+public class NewlineLogScrubberTest {
+
+    private NewlineLogScrubber scrubber = new NewlineLogScrubber();
+
+    @Test
+    public void testReplaceR() {
+        String cleanedr = scrubber.cleanMessage("\r");
+        assertEquals("_", cleanedr);
+    }
+
+    @Test
+    public void testReplaceN() {
+        String cleanedc = scrubber.cleanMessage("\n");
+        assertEquals("_", cleanedc);
+    }
+
+    @Test
+    public void testNoReplacement() {
+        String cleanedc = scrubber.cleanMessage("This content should remain unchanged");
+        assertEquals("This content should remain unchanged", cleanedc);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
new file mode 100644
index 000000000..b2928f4bf
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
@@ -0,0 +1,162 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+
+public class JavaLogBridgeImplTest {
+
+    @Rule
+    public TestName testName = new TestName();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    private LogScrubber mockScrubber = Mockito.mock(LogScrubber.class);
+    private LogAppender mockAppender = Mockito.mock(LogAppender.class);
+    private JavaLogLevelHandler mockHandler = Mockito.mock(JavaLogLevelHandler.class);
+    private java.util.logging.Logger javaLogSpy;
+    private Throwable testEx = new Throwable(testName.getMethodName());
+    private JavaLogBridge bridge;
+
+    @Before
+    public void setup() {
+        Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, mockHandler);
+
+        java.util.logging.Logger wrappedLogger = java.util.logging.Logger.getLogger(testName.getMethodName());
+        javaLogSpy = Mockito.spy(wrappedLogger);
+        bridge = new JavaLogBridgeImpl(mockAppender, mockScrubber, levelLookup);
+    }
+
+    @Test
+    public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup Java level mapping");
+        Map<Integer, JavaLogLevelHandler> emptyMap = Collections.emptyMap();
+        new JavaLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(javaLogSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
+    }
+
+    @Test
+    public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup Java level mapping");
+        Map<Integer, JavaLogLevelHandler> emptyMap = Collections.emptyMap();
+        new JavaLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(javaLogSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
+    }
+
+    @Test
+    public void testLogMessage() {
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName() + "-LOGGER";
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(javaLogSpy.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(true);
+
+        bridge.log(javaLogSpy, Logger.ALL, eventType, testName.getMethodName());
+
+        Mockito.verify(javaLogSpy, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(javaLogSpy), ArgumentMatchers.eq(cleanMsg));
+
+        Mockito.verifyNoMoreInteractions(javaLogSpy, mockAppender, mockScrubber,mockHandler);
+    }
+
+    @Test
+    public void testLogErrorMessageWithException() {
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName() + "-LOGGER";
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(javaLogSpy.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(true);
+
+        bridge.log(javaLogSpy, Logger.ALL, eventType, testName.getMethodName(), testEx);
+
+        Mockito.verify(javaLogSpy, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class));
+
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(javaLogSpy), ArgumentMatchers.eq(cleanMsg), ArgumentMatchers.same(testEx));
+
+        Mockito.verifyNoMoreInteractions(javaLogSpy, mockAppender, mockScrubber,mockHandler);
+    }
+
+
+    @Test
+    public void testDisabledLogMessage() {
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(false);
+
+        bridge.log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+    }
+
+    @Test
+    public void testDisabledErrorLogWithException() {
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(false);
+
+        bridge.log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+
+    }
+
+    @Test
+    public void testNullEventTypeWorks()
+    {
+        // would throw an exception if the null wasn't handled properly
+        bridge.log(javaLogSpy, Logger.ALL, null, testName.getMethodName());
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
new file mode 100644
index 000000000..201a3c42a
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -0,0 +1,112 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest (JavaLogFactory.class)
+public class JavaLogFactoryTest {
+    @Rule
+    public TestName testName = new TestName();
+
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    @Test
+    public void testCreateLoggerByString() {
+        Logger logger = new JavaLogFactory().getLogger("test");
+        Assert.assertTrue(logger instanceof JavaLogger);
+    }
+
+    @Test public void testCreateLoggerByClass() {
+        Logger logger = new JavaLogFactory().getLogger(JavaLogBridgeImplTest.class);
+        Assert.assertTrue(logger instanceof JavaLogger);
+    }
+
+    @Test
+    public void checkScrubberWithEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+
+        //Call to invoke the constructor capture
+        JavaLogFactory.createLogScrubber(true);
+
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(2, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+        Assert.assertTrue(scrubbers.get(1) instanceof CodecLogScrubber);
+    }
+
+    @Test
+    public void checkScrubberWithoutEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+
+        //Call to invoke the constructor capture
+        JavaLogFactory.createLogScrubber(false);
+
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(1, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+    }
+
+    /**
+     * At this time there are no special considerations or handling for the appender
+     * creation in this scope. It is expected that the arguments to the internal
+     * creation method are passed directly to the constructor of the
+     * LogPrefixAppender with no mutation or additional validation.
+     */
+    @Test
+    public void checkPassthroughAppenderConstruct() throws Exception {
+        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "");
+        ArgumentCaptor<Boolean> userInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+
+        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+
+        LogAppender appender = JavaLogFactory.createLogAppender(true, true, false, true, testName.getMethodName());
+
+        Assert.assertEquals(stubAppender, appender);
+        Assert.assertTrue(userInfoCapture.getValue());
+        Assert.assertTrue(clientInfoCapture.getValue());
+        Assert.assertFalse(serverInfoCapture.getValue());
+        Assert.assertTrue(logAppNameCapture.getValue());
+        Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());
+    }
+
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
new file mode 100644
index 000000000..62c5a1d9a
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
@@ -0,0 +1,116 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.mockito.Mockito;
+
+public class JavaLogLevelHandlersTest {
+
+    private Logger mockLogger = Mockito.mock(Logger.class);
+    @Rule
+    public TestName testName = new TestName();
+
+    private Throwable testException = new Throwable("Expected for testing");
+
+    @Test
+    public void testErrorDelegation() {
+        JavaLogLevelHandlers.ERROR.isEnabled(mockLogger);
+        JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = ESAPICustomJavaLevel.ERROR_LEVEL;
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+
+    @Test
+    public void testAlwaysDelegation() {
+        JavaLogLevelHandlers.ALWAYS.isEnabled(mockLogger);
+        JavaLogLevelHandlers.ALWAYS.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.ALWAYS.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = ESAPICustomJavaLevel.ALWAYS_LEVEL;
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+
+    @Test
+    public void testWarnDelegation() {
+        JavaLogLevelHandlers.WARNING.isEnabled(mockLogger);
+        JavaLogLevelHandlers.WARNING.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.WARNING.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.WARNING;
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testInfoDelegation() {
+        JavaLogLevelHandlers.INFO.isEnabled(mockLogger);
+        JavaLogLevelHandlers.INFO.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.INFO.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.INFO;
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testDebugDelegation() {
+        JavaLogLevelHandlers.FINE.isEnabled(mockLogger);
+        JavaLogLevelHandlers.FINE.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.FINE.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.FINE;
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testTraceDelegation() {
+        JavaLogLevelHandlers.FINEST.isEnabled(mockLogger);
+        JavaLogLevelHandlers.FINEST.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.FINEST.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.FINEST;
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
new file mode 100644
index 000000000..906bb6434
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
@@ -0,0 +1,297 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.java;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+
+public class JavaLoggerTest {
+    @Rule
+    public TestName testName = new TestName();
+
+    private static final String MSG = JavaLoggerTest.class.getSimpleName();
+
+    private JavaLogBridge mockBridge = Mockito.mock(JavaLogBridge.class);
+    private java.util.logging.Logger javaLogSpy;
+
+    private Throwable testEx = new Throwable(MSG + "_Exception");
+    private Logger testLogger;
+
+    @Before
+    public void setup() {
+        java.util.logging.Logger wrappedLogger = java.util.logging.Logger.getLogger(testName.getMethodName());
+        javaLogSpy = Mockito.spy(wrappedLogger);
+        testLogger = new JavaLogger(javaLogSpy, mockBridge, Logger.ALL);
+    }
+
+    @Test
+    public void testLevelEnablement() {
+        testLogger.setLevel(Logger.INFO);
+
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
+
+        Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
+    }
+
+    @Test
+    public void testAllLevelEnablement() {
+        testLogger.setLevel(Logger.ALL);
+
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+    }
+
+    @Test
+    public void testOffLevelEnablement() {
+        testLogger.setLevel(Logger.OFF);
+
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertFalse(testLogger.isInfoEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
+    }
+    @Test
+    public void testFatalWithMessage() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowable() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testFatalWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testErrorWithMessage() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowable() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testErrorWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testWarnWithMessage() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowable() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testWarnWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testInfoWithMessage() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowable() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testInfoWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testDebugWithMessage() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowable() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testDebugWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testTraceWithMessage() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowable() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testTraceWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testAlwaysWithMessage() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowable() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+
+    @Test
+    public void testAlwaysWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
new file mode 100644
index 000000000..97398d9da
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
@@ -0,0 +1,179 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.slf4j.Marker;
+
+public class Slf4JLogBridgeImplTest {
+
+    @Rule
+    public TestName testName = new TestName();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    private LogScrubber mockScrubber = Mockito.mock(LogScrubber.class);
+    private LogAppender mockAppender = Mockito.mock(LogAppender.class);
+    private Slf4JLogLevelHandler mockHandler = Mockito.mock(Slf4JLogLevelHandler.class);
+    private org.slf4j.Logger mockSlf4JLogger = Mockito.mock(org.slf4j.Logger.class);
+    private Throwable testEx = new Throwable(testName.getMethodName());
+    private Slf4JLogBridge bridge;
+
+    @Before
+    public void setup() {
+        Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, mockHandler);
+        levelLookup.put(Logger.ERROR, mockHandler);
+
+        bridge = new Slf4JLogBridgeImpl(mockAppender, mockScrubber, levelLookup);
+    }
+
+    @Test
+    public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup SLF4J level mapping");
+        Map<Integer, Slf4JLogLevelHandler> emptyMap = Collections.emptyMap();
+        new Slf4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
+    }
+
+    @Test
+    public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup SLF4J level mapping");
+        Map<Integer, Slf4JLogLevelHandler> emptyMap = Collections.emptyMap();
+        new Slf4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
+    }
+
+    @Test
+    public void testLogMessage() {
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName() + "-LOGGER";
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(mockSlf4JLogger.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(true);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, eventType, testName.getMethodName());
+
+        Mockito.verify(mockSlf4JLogger, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.eq(cleanMsg));
+
+        Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());
+        Mockito.verifyNoMoreInteractions(mockSlf4JLogger, mockAppender, mockScrubber,mockHandler);
+    }
+
+    @Test
+    public void testLogErrorMessageWithException() {
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName() + "-LOGGER";
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(mockSlf4JLogger.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(true);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, eventType, testName.getMethodName(), testEx);
+
+        Mockito.verify(mockSlf4JLogger, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class));
+
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.eq(cleanMsg), ArgumentMatchers.same(testEx));
+
+        Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());
+        Mockito.verifyNoMoreInteractions(mockSlf4JLogger, mockAppender, mockScrubber,mockHandler);
+    }
+
+
+    @Test
+    public void testDisabledLogMessage() {
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(false);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+    }
+
+    @Test
+    public void testDisabledErrorLogWithException() {
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(false);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+
+    }
+
+
+    @Test
+    public void testNullEventTypeUsesUnspecified() {
+        EventType computedEventType = Logger.EVENT_UNSPECIFIED;
+
+        //Setup for Delegate Handler
+        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(true);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, null, testName.getMethodName());
+
+        Mockito.verify(mockHandler).log(ArgumentMatchers.any(), markerCapture.capture(), ArgumentMatchers.any());
+        Mockito.verify(mockAppender).appendTo(ArgumentMatchers.any(), ArgumentMatchers.eq(computedEventType), ArgumentMatchers.any());
+
+        Assert.assertEquals(computedEventType.toString(), markerCapture.getValue().getName());
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
new file mode 100644
index 000000000..12a16af4c
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
@@ -0,0 +1,108 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest (Slf4JLogFactory.class)
+public class Slf4JLogFactoryTest {
+    @Rule
+    public TestName testName = new TestName();
+
+    @Test
+    public void testCreateLoggerByString() {
+        Logger logger = new Slf4JLogFactory().getLogger("test");
+        Assert.assertTrue(logger instanceof Slf4JLogger);
+    }
+
+    @Test public void testCreateLoggerByClass() {
+        Logger logger = new Slf4JLogFactory().getLogger(Slf4JLogBridgeImplTest.class);
+        Assert.assertTrue(logger instanceof Slf4JLogger);
+    }
+
+    @Test
+    public void checkScrubberWithEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+
+        //Call to invoke the constructor capture
+        Slf4JLogFactory.createLogScrubber(true);
+
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(2, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+        Assert.assertTrue(scrubbers.get(1) instanceof CodecLogScrubber);
+    }
+
+    @Test
+    public void checkScrubberWithoutEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+
+        //Call to invoke the constructor capture
+        Slf4JLogFactory.createLogScrubber(false);
+
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(1, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+    }
+
+    /**
+     * At this time there are no special considerations or handling for the appender
+     * creation in this scope. It is expected that the arguments to the internal
+     * creation method are passed directly to the constructor of the
+     * LogPrefixAppender with no mutation or additional validation.
+     */
+    @Test
+    public void checkPassthroughAppenderConstruct() throws Exception {
+        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "");
+        ArgumentCaptor<Boolean> userInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+
+        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+
+        LogAppender appender = Slf4JLogFactory.createLogAppender(true, true, false, true, testName.getMethodName());
+
+        Assert.assertEquals(stubAppender, appender);
+        Assert.assertTrue(userInfoCapture.getValue());
+        Assert.assertTrue(clientInfoCapture.getValue());
+        Assert.assertFalse(serverInfoCapture.getValue());
+        Assert.assertTrue(logAppNameCapture.getValue());
+        Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());
+    }
+
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlersTest.java
new file mode 100644
index 000000000..73e4833ba
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlersTest.java
@@ -0,0 +1,90 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.mockito.Mockito;
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+import org.slf4j.helpers.BasicMarkerFactory;
+
+public class Slf4JLogLevelHandlersTest {
+
+    private Logger mockLogger = Mockito.mock(Logger.class);
+    @Rule
+    public TestName testName = new TestName();
+
+    private Marker marker = new BasicMarkerFactory().getMarker(Slf4JLogLevelHandlersTest.class.getSimpleName());
+    private Throwable testException = new Throwable("Expected for testing");
+
+    @Test
+    public void testErrorDelegation() {
+        Slf4JLogLevelHandlers.ERROR.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.ERROR.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.ERROR.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isErrorEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).error(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).error(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+
+    @Test
+    public void testWarnDelegation() {
+        Slf4JLogLevelHandlers.WARN.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.WARN.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.WARN.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isWarnEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).warn(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).warn(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testInfoDelegation() {
+        Slf4JLogLevelHandlers.INFO.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.INFO.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.INFO.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isInfoEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).info(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).info(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testDebugDelegation() {
+        Slf4JLogLevelHandlers.DEBUG.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isDebugEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).debug(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).debug(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testTraceDelegation() {
+        Slf4JLogLevelHandlers.TRACE.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.TRACE.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.TRACE.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isTraceEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).trace(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).trace(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
new file mode 100644
index 000000000..77e718d34
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
@@ -0,0 +1,285 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+
+public class Slf4JLoggerTest {
+
+    private static final String MSG = Slf4JLoggerTest.class.getSimpleName();
+
+    private Slf4JLogBridge mockBridge = Mockito.mock(Slf4JLogBridge.class);
+    private org.slf4j.Logger mockLogDelegate = Mockito.mock(org.slf4j.Logger.class);
+
+    private Throwable testEx = new Throwable(MSG + "_Exception");
+    private Logger testLogger = new Slf4JLogger(mockLogDelegate, mockBridge, Logger.ALL);
+
+    @Test
+    public void testLevelEnablement() {
+        testLogger.setLevel(Logger.INFO);
+
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
+
+        Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
+    }
+
+    @Test
+    public void testAllLevelEnablement() {
+        testLogger.setLevel(Logger.ALL);
+
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+    }
+
+    @Test
+    public void testOffLevelEnablement() {
+        testLogger.setLevel(Logger.OFF);
+
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertFalse(testLogger.isInfoEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
+    }
+    @Test
+    public void testFatalWithMessage() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowable() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testFatalWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testErrorWithMessage() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowable() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testErrorWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testWarnWithMessage() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowable() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testWarnWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testInfoWithMessage() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowable() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testInfoWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessage() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowable() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testDebugWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testTraceWithMessage() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowable() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testTraceWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testAlwaysWithMessage() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowable() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+
+    @Test
+    public void testAlwaysWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/AbstractAccessReferenceMapTest.java b/src/test/java/org/owasp/esapi/reference/AbstractAccessReferenceMapTest.java
new file mode 100644
index 000000000..3d7836210
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/AbstractAccessReferenceMapTest.java
@@ -0,0 +1,100 @@
+package org.owasp.esapi.reference;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.powermock.reflect.Whitebox;
+
+
+public class AbstractAccessReferenceMapTest {
+
+    @Test
+    public void testConcurrentAddDirectReference() throws Exception {
+        @SuppressWarnings("unchecked")
+        final AbstractAccessReferenceMap<Object> map = Mockito.mock(AbstractAccessReferenceMap.class, Mockito.withSettings().useConstructor()
+                .defaultAnswer(Mockito.CALLS_REAL_METHODS)
+                );
+        Object indirectObj = new Object();
+        Mockito.when(map.getUniqueReference()).thenReturn(indirectObj);
+
+        final HashMap<?,?> itod= Whitebox.getInternalState(map, "itod");
+
+        final Object toAdd = new Object();
+
+        Runnable addReference1 = new Runnable() {
+            @Override
+            public void run() {
+                map.addDirectReference(toAdd);
+            }
+        };
+        Runnable addReference2 = new Runnable() {
+            @Override
+            public void run() {
+                map.addDirectReference(toAdd);
+            }
+        };
+
+        Runnable lockItod = new Runnable() {
+            public void run() {
+                synchronized (itod) {
+                    try {
+                        Thread.sleep(2000);
+                    } catch (InterruptedException e) {
+                        // TODO Auto-generated catch block
+                        e.printStackTrace();
+                    }
+
+                }
+            }
+        };
+
+        Thread lockIndirectRefs = new Thread(lockItod, "Lock Indirect Refs");
+        Thread addRef1Thread = new Thread(addReference1, "Add Ref 1");
+        Thread addRef2Thread = new Thread(addReference2, "Add Ref 2");
+        lockIndirectRefs.start();
+        addRef1Thread.start();
+        addRef2Thread.start();
+
+        addRef1Thread.join();
+        addRef2Thread.join();
+        lockIndirectRefs.join();
+
+        Mockito.verify(map,Mockito.times(1)).getUniqueReference();
+    }
+
+    @Test
+    public void verifyNoDuplicateKeysOnUpdateReplace() {
+        @SuppressWarnings("unchecked")
+        final AbstractAccessReferenceMap<Object> map = Mockito.mock(AbstractAccessReferenceMap.class, Mockito.withSettings().useConstructor()
+                .defaultAnswer(Mockito.CALLS_REAL_METHODS)
+                );
+        Object indirectObj1 = new Object();
+        Object indirectObj2 = new Object();
+        Mockito.when(map.getUniqueReference()).thenReturn(indirectObj1);
+
+        Object direct1 = new Object();
+        Object direct2 = new Object();
+
+        map.addDirectReference(direct1);
+
+        Mockito.reset(map);
+
+        Set<Object> newDirectElements = new HashSet<>();
+        newDirectElements.add(direct2);
+        newDirectElements.add(direct1);
+
+        Mockito.when(map.getUniqueReference()).thenReturn(indirectObj1).thenReturn(indirectObj2);
+
+        map.update(newDirectElements);
+
+        //Needs to be called 2 times to get past the first duplicate key. This verifies that we're inserting unique pairs.
+        Mockito.verify(map, Mockito.times(2)).getUniqueReference();
+
+        Assert.assertEquals(indirectObj1, map.getIndirectReference(direct1));
+        Assert.assertEquals(indirectObj2, map.getIndirectReference(direct2));
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java b/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
index b3c2a6d8b..a2c20c2e5 100644
--- a/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
@@ -1,358 +1,358 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-
-
-/**
- * The Class AccessControllerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AccessControllerTest extends TestCase {
-
-	/**
-	 * Instantiates a new access controller test.
-	 * 
-	 * @param testName
-     *            the test name
-     * @throws Exception
-	 */
-	public AccessControllerTest(String testName) throws Exception {
-		super(testName);
-		
-		Authenticator authenticator = ESAPI.authenticator();
-		String password = authenticator.generateStrongPassword();
-
-		// create a user with the "user" role for this test
-		User alice = authenticator.getUser("testuser1");
-		if ( alice == null ) {
-			alice = authenticator.createUser( "testuser1", password, password);
-		}
-		alice.addRole("user");		
-
-		// create a user with the "admin" role for this test
-		User bob = authenticator.getUser("testuser2");
-		if ( bob == null ) {
-			bob = authenticator.createUser( "testuser2", password, password);
-		}
-		bob.addRole("admin");
-		
-		// create a user with the "user" and "admin" roles for this test
-		User mitch = authenticator.getUser("testuser3");
-		if ( mitch == null ) {
-			mitch = authenticator.createUser( "testuser3", password, password);
-		}
-		mitch.addRole("admin");
-		mitch.addRole("user");
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(AccessControllerTest.class);
-		return suite;
-	}
-
-    /**
-     *
-     */
-    public void testMatchRule() {
-		ESAPI.authenticator().setCurrentUser(null);
-		assertFalse(ESAPI.accessController().isAuthorizedForURL("/nobody"));
-	}
-	
-	/**
-	 * Test of isAuthorizedForURL method, of class
-	 * org.owasp.esapi.AccessController.
-     *
-     * @throws Exception
-     */
-	public void testIsAuthorizedForURL() throws Exception {
-		System.out.println("isAuthorizedForURL");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertFalse(instance.isAuthorizedForURL("/nobody"));
-		assertFalse(instance.isAuthorizedForURL("/test/admin"));
-		assertTrue(instance.isAuthorizedForURL("/test/user"));
-		assertTrue(instance.isAuthorizedForURL("/test/all"));
-		assertFalse(instance.isAuthorizedForURL("/test/none"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.gif"));
-		assertFalse(instance.isAuthorizedForURL("/test/none/test.exe"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
-		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
-		assertTrue(instance.isAuthorizedForURL("/test/profile"));
-		assertFalse(instance.isAuthorizedForURL("/upload"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForURL("/nobody"));
-		assertTrue(instance.isAuthorizedForURL("/test/admin"));
-		assertFalse(instance.isAuthorizedForURL("/test/user"));
-		assertTrue(instance.isAuthorizedForURL("/test/all"));
-		assertFalse(instance.isAuthorizedForURL("/test/none"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
-		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
-		assertTrue(instance.isAuthorizedForURL("/test/profile"));
-		assertFalse(instance.isAuthorizedForURL("/upload"));
-		
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertFalse(instance.isAuthorizedForURL("/nobody"));
-		assertTrue(instance.isAuthorizedForURL("/test/admin"));
-		assertTrue(instance.isAuthorizedForURL("/test/user"));
-		assertTrue(instance.isAuthorizedForURL("/test/all"));
-		assertFalse(instance.isAuthorizedForURL("/test/none"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
-		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
-		assertTrue(instance.isAuthorizedForURL("/test/profile"));
-		assertFalse(instance.isAuthorizedForURL("/upload"));
-		
-		try {
-			instance.assertAuthorizedForURL("/test/admin");
-			instance.assertAuthorizedForURL( "/nobody" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of isAuthorizedForFunction method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForFunction() {
-		System.out.println("isAuthorizedForFunction");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionB"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForFunction("/FunctionA"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionD"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionDdeny"));
-
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
-
-		try {
-			instance.assertAuthorizedForFunction("/FunctionA");
-			instance.assertAuthorizedForFunction( "/FunctionDdeny" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of isAuthorizedForData method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForData() {
-		System.out.println("isAuthorizedForData");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		Class adminR = null;
-		Class adminRW = null;
-		Class userW = null;
-		Class userRW = null;
-		Class anyR = null;
-		Class userAdminR = null;
-		Class userAdminRW = null;
-		Class undefined = null;
-		
-		try{
-			adminR = Class.forName("java.util.ArrayList");
-			adminRW = Class.forName("java.lang.Math");
-			userW = Class.forName("java.util.Date");
-			userRW = Class.forName("java.lang.String");
-			anyR = Class.forName("java.io.BufferedReader");
-			userAdminR = Class.forName("java.util.Random");
-			userAdminRW = Class.forName("java.awt.event.MouseWheelEvent");
-			undefined = Class.forName("java.io.FileWriter");
-			
-		}catch(ClassNotFoundException cnf){
-			System.out.println("CLASS NOT FOUND.");
-			cnf.printStackTrace();
-		}
-		//test User
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForData("read", userRW));
-		assertFalse(instance.isAuthorizedForData("read", undefined));
-		assertFalse(instance.isAuthorizedForData("write", undefined));
-		assertFalse(instance.isAuthorizedForData("read", userW));
-		assertFalse(instance.isAuthorizedForData("read", adminRW));
-		assertTrue(instance.isAuthorizedForData("write", userRW));
-		assertTrue(instance.isAuthorizedForData("write", userW));
-		assertFalse(instance.isAuthorizedForData("write", anyR));
-		assertTrue(instance.isAuthorizedForData("read", anyR));
-		assertTrue(instance.isAuthorizedForData("read", userAdminR));
-		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
-		
-		//test Admin
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertTrue(instance.isAuthorizedForData("read", adminRW));
-		assertFalse(instance.isAuthorizedForData("read", undefined));
-		assertFalse(instance.isAuthorizedForData("write", undefined));
-		assertFalse(instance.isAuthorizedForData("read", userRW));
-		assertTrue(instance.isAuthorizedForData("write", adminRW));
-		assertFalse(instance.isAuthorizedForData("write", anyR));
-		assertTrue(instance.isAuthorizedForData("read", anyR));
-		assertTrue(instance.isAuthorizedForData("read", userAdminR));
-		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
-		
-		//test User/Admin
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForData("read", userRW));
-		assertFalse(instance.isAuthorizedForData("read", undefined));
-		assertFalse(instance.isAuthorizedForData("write", undefined));
-		assertFalse(instance.isAuthorizedForData("read", userW));
-		assertTrue(instance.isAuthorizedForData("read", adminR));
-		assertTrue(instance.isAuthorizedForData("write", userRW));
-		assertTrue(instance.isAuthorizedForData("write", userW));
-		assertFalse(instance.isAuthorizedForData("write", anyR));
-		assertTrue(instance.isAuthorizedForData("read", anyR));
-		assertTrue(instance.isAuthorizedForData("read", userAdminR));
-		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
-		try {
-			instance.assertAuthorizedForData("read", userRW);
-			instance.assertAuthorizedForData( "write", adminR );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-		
-	}
-
-	/**
-	 * Test of isAuthorizedForFile method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForFile() {
-		System.out.println("isAuthorizedForFile");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/File2"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File3"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForFile("/Dir/File1"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File4"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/File5"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
-
-		try {
-			instance.assertAuthorizedForFile("/Dir/File1");
-			instance.assertAuthorizedForFile( "/Dir/File6" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of isAuthorizedForService method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForService() {
-		System.out.println("isAuthorizedForService");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
-		assertFalse(instance.isAuthorizedForService("/services/ServiceB"));
-		assertTrue(instance.isAuthorizedForService("/services/ServiceC"));
-		
-		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForService("/services/ServiceA"));
-		assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
-		assertFalse(instance.isAuthorizedForService("/services/ServiceF"));
-		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
-		assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
-		assertFalse(instance.isAuthorizedForService("/services/ServiceE"));
-		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
-
-		try {
-			instance.assertAuthorizedForService("/services/ServiceD");
-			instance.assertAuthorizedForService( "/test/ridiculous" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+
+
+/**
+ * The Class AccessControllerTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AccessControllerTest extends TestCase {
+
+    /**
+     * Instantiates a new access controller test.
+     *
+     * @param testName
+     *            the test name
+     * @throws Exception
+     */
+    public AccessControllerTest(String testName) throws Exception {
+        super(testName);
+
+        Authenticator authenticator = ESAPI.authenticator();
+        String password = authenticator.generateStrongPassword();
+
+        // create a user with the "user" role for this test
+        User alice = authenticator.getUser("testuser1");
+        if ( alice == null ) {
+            alice = authenticator.createUser( "testuser1", password, password);
+        }
+        alice.addRole("user");
+
+        // create a user with the "admin" role for this test
+        User bob = authenticator.getUser("testuser2");
+        if ( bob == null ) {
+            bob = authenticator.createUser( "testuser2", password, password);
+        }
+        bob.addRole("admin");
+
+        // create a user with the "user" and "admin" roles for this test
+        User mitch = authenticator.getUser("testuser3");
+        if ( mitch == null ) {
+            mitch = authenticator.createUser( "testuser3", password, password);
+        }
+        mitch.addRole("admin");
+        mitch.addRole("user");
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(AccessControllerTest.class);
+        return suite;
+    }
+
+    /**
+     *
+     */
+    public void testMatchRule() {
+        ESAPI.authenticator().setCurrentUser(null);
+        assertFalse(ESAPI.accessController().isAuthorizedForURL("/nobody"));
+    }
+
+    /**
+     * Test of isAuthorizedForURL method, of class
+     * org.owasp.esapi.AccessController.
+     *
+     * @throws Exception
+     */
+    public void testIsAuthorizedForURL() throws Exception {
+        System.out.println("isAuthorizedForURL");
+        AccessController instance = ESAPI.accessController();
+        Authenticator auth = ESAPI.authenticator();
+
+        auth.setCurrentUser( auth.getUser("testuser1") );
+        assertFalse(instance.isAuthorizedForURL("/nobody"));
+        assertFalse(instance.isAuthorizedForURL("/test/admin"));
+        assertTrue(instance.isAuthorizedForURL("/test/user"));
+        assertTrue(instance.isAuthorizedForURL("/test/all"));
+        assertFalse(instance.isAuthorizedForURL("/test/none"));
+        assertTrue(instance.isAuthorizedForURL("/test/none/test.gif"));
+        assertFalse(instance.isAuthorizedForURL("/test/none/test.exe"));
+        assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
+        assertFalse(instance.isAuthorizedForURL("/test/moderator"));
+        assertTrue(instance.isAuthorizedForURL("/test/profile"));
+        assertFalse(instance.isAuthorizedForURL("/upload"));
+
+        auth.setCurrentUser( auth.getUser("testuser2") );
+        assertFalse(instance.isAuthorizedForURL("/nobody"));
+        assertTrue(instance.isAuthorizedForURL("/test/admin"));
+        assertFalse(instance.isAuthorizedForURL("/test/user"));
+        assertTrue(instance.isAuthorizedForURL("/test/all"));
+        assertFalse(instance.isAuthorizedForURL("/test/none"));
+        assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
+        assertFalse(instance.isAuthorizedForURL("/test/moderator"));
+        assertTrue(instance.isAuthorizedForURL("/test/profile"));
+        assertFalse(instance.isAuthorizedForURL("/upload"));
+
+        auth.setCurrentUser( auth.getUser("testuser3") );
+        assertFalse(instance.isAuthorizedForURL("/nobody"));
+        assertTrue(instance.isAuthorizedForURL("/test/admin"));
+        assertTrue(instance.isAuthorizedForURL("/test/user"));
+        assertTrue(instance.isAuthorizedForURL("/test/all"));
+        assertFalse(instance.isAuthorizedForURL("/test/none"));
+        assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
+        assertFalse(instance.isAuthorizedForURL("/test/moderator"));
+        assertTrue(instance.isAuthorizedForURL("/test/profile"));
+        assertFalse(instance.isAuthorizedForURL("/upload"));
+
+        try {
+            instance.assertAuthorizedForURL("/test/admin");
+            instance.assertAuthorizedForURL( "/nobody" );
+            fail();
+        } catch ( AccessControlException e ) {
+            // expected
+        }
+    }
+
+    /**
+     * Test of isAuthorizedForFunction method, of class
+     * org.owasp.esapi.AccessController.
+     */
+    public void testIsAuthorizedForFunction() {
+        System.out.println("isAuthorizedForFunction");
+        AccessController instance = ESAPI.accessController();
+        Authenticator auth = ESAPI.authenticator();
+
+        auth.setCurrentUser( auth.getUser("testuser1") );
+        assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionB"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
+        assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
+
+        auth.setCurrentUser( auth.getUser("testuser2") );
+        assertFalse(instance.isAuthorizedForFunction("/FunctionA"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
+        assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
+        assertTrue(instance.isAuthorizedForFunction("/FunctionD"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionDdeny"));
+
+        auth.setCurrentUser( auth.getUser("testuser3") );
+        assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
+        assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
+        assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
+        assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
+
+        try {
+            instance.assertAuthorizedForFunction("/FunctionA");
+            instance.assertAuthorizedForFunction( "/FunctionDdeny" );
+            fail();
+        } catch ( AccessControlException e ) {
+            // expected
+        }
+    }
+
+    /**
+     * Test of isAuthorizedForData method, of class
+     * org.owasp.esapi.AccessController.
+     */
+    public void testIsAuthorizedForData() {
+        System.out.println("isAuthorizedForData");
+        AccessController instance = ESAPI.accessController();
+        Authenticator auth = ESAPI.authenticator();
+
+        Class adminR = null;
+        Class adminRW = null;
+        Class userW = null;
+        Class userRW = null;
+        Class anyR = null;
+        Class userAdminR = null;
+        Class userAdminRW = null;
+        Class undefined = null;
+
+        try{
+            adminR = Class.forName("java.util.ArrayList");
+            adminRW = Class.forName("java.lang.Math");
+            userW = Class.forName("java.util.Date");
+            userRW = Class.forName("java.lang.String");
+            anyR = Class.forName("java.io.BufferedReader");
+            userAdminR = Class.forName("java.util.Random");
+            userAdminRW = Class.forName("javax.crypto.Cipher");
+            undefined = Class.forName("java.io.FileWriter");
+
+        }catch(ClassNotFoundException cnf){
+            System.out.println("CLASS NOT FOUND.");
+            cnf.printStackTrace();
+        }
+        //test User
+        auth.setCurrentUser( auth.getUser("testuser1") );
+        assertTrue(instance.isAuthorizedForData("read", userRW));
+        assertFalse(instance.isAuthorizedForData("read", undefined));
+        assertFalse(instance.isAuthorizedForData("write", undefined));
+        assertFalse(instance.isAuthorizedForData("read", userW));
+        assertFalse(instance.isAuthorizedForData("read", adminRW));
+        assertTrue(instance.isAuthorizedForData("write", userRW));
+        assertTrue(instance.isAuthorizedForData("write", userW));
+        assertFalse(instance.isAuthorizedForData("write", anyR));
+        assertTrue(instance.isAuthorizedForData("read", anyR));
+        assertTrue(instance.isAuthorizedForData("read", userAdminR));
+        assertTrue(instance.isAuthorizedForData("write", userAdminRW));
+
+        //test Admin
+        auth.setCurrentUser( auth.getUser("testuser2") );
+        assertTrue(instance.isAuthorizedForData("read", adminRW));
+        assertFalse(instance.isAuthorizedForData("read", undefined));
+        assertFalse(instance.isAuthorizedForData("write", undefined));
+        assertFalse(instance.isAuthorizedForData("read", userRW));
+        assertTrue(instance.isAuthorizedForData("write", adminRW));
+        assertFalse(instance.isAuthorizedForData("write", anyR));
+        assertTrue(instance.isAuthorizedForData("read", anyR));
+        assertTrue(instance.isAuthorizedForData("read", userAdminR));
+        assertTrue(instance.isAuthorizedForData("write", userAdminRW));
+
+        //test User/Admin
+        auth.setCurrentUser( auth.getUser("testuser3") );
+        assertTrue(instance.isAuthorizedForData("read", userRW));
+        assertFalse(instance.isAuthorizedForData("read", undefined));
+        assertFalse(instance.isAuthorizedForData("write", undefined));
+        assertFalse(instance.isAuthorizedForData("read", userW));
+        assertTrue(instance.isAuthorizedForData("read", adminR));
+        assertTrue(instance.isAuthorizedForData("write", userRW));
+        assertTrue(instance.isAuthorizedForData("write", userW));
+        assertFalse(instance.isAuthorizedForData("write", anyR));
+        assertTrue(instance.isAuthorizedForData("read", anyR));
+        assertTrue(instance.isAuthorizedForData("read", userAdminR));
+        assertTrue(instance.isAuthorizedForData("write", userAdminRW));
+        try {
+            instance.assertAuthorizedForData("read", userRW);
+            instance.assertAuthorizedForData( "write", adminR );
+            fail();
+        } catch ( AccessControlException e ) {
+            // expected
+        }
+
+    }
+
+    /**
+     * Test of isAuthorizedForFile method, of class
+     * org.owasp.esapi.AccessController.
+     */
+    public void testIsAuthorizedForFile() {
+        System.out.println("isAuthorizedForFile");
+        AccessController instance = ESAPI.accessController();
+        Authenticator auth = ESAPI.authenticator();
+
+        auth.setCurrentUser( auth.getUser("testuser1") );
+        assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
+        assertFalse(instance.isAuthorizedForFile("/Dir/File2"));
+        assertTrue(instance.isAuthorizedForFile("/Dir/File3"));
+        assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
+
+        auth.setCurrentUser( auth.getUser("testuser2") );
+        assertFalse(instance.isAuthorizedForFile("/Dir/File1"));
+        assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
+        assertTrue(instance.isAuthorizedForFile("/Dir/File4"));
+        assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
+
+        auth.setCurrentUser( auth.getUser("testuser3") );
+        assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
+        assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
+        assertFalse(instance.isAuthorizedForFile("/Dir/File5"));
+        assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
+
+        try {
+            instance.assertAuthorizedForFile("/Dir/File1");
+            instance.assertAuthorizedForFile( "/Dir/File6" );
+            fail();
+        } catch ( AccessControlException e ) {
+            // expected
+        }
+    }
+
+    /**
+     * Test of isAuthorizedForService method, of class
+     * org.owasp.esapi.AccessController.
+     */
+    public void testIsAuthorizedForService() {
+        System.out.println("isAuthorizedForService");
+        AccessController instance = ESAPI.accessController();
+        Authenticator auth = ESAPI.authenticator();
+
+        auth.setCurrentUser( auth.getUser("testuser1") );
+        assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
+        assertFalse(instance.isAuthorizedForService("/services/ServiceB"));
+        assertTrue(instance.isAuthorizedForService("/services/ServiceC"));
+
+        assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
+
+        auth.setCurrentUser( auth.getUser("testuser2") );
+        assertFalse(instance.isAuthorizedForService("/services/ServiceA"));
+        assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
+        assertFalse(instance.isAuthorizedForService("/services/ServiceF"));
+        assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
+
+        auth.setCurrentUser( auth.getUser("testuser3") );
+        assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
+        assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
+        assertFalse(instance.isAuthorizedForService("/services/ServiceE"));
+        assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
+
+        try {
+            instance.assertAuthorizedForService("/services/ServiceD");
+            instance.assertAuthorizedForService( "/test/ridiculous" );
+            fail();
+        } catch ( AccessControlException e ) {
+            // expected
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java b/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java
index ec9832997..f04655fb3 100644
--- a/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java
@@ -1,223 +1,223 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The Class AccessReferenceMapTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AccessReferenceMapTest extends TestCase {
-    
-    /**
-	 * Instantiates a new access reference map test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public AccessReferenceMapTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(AccessReferenceMapTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AuthenticationException
-     *             the authentication exception
-     * @throws EncryptionException
-	 */
-    public void testUpdate() throws AuthenticationException, EncryptionException {
-        System.out.println("update");
-    	RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
-    	Authenticator auth = ESAPI.authenticator();
-    	
-    	String pass = auth.generateStrongPassword();
-    	User u = auth.createUser( "armUpdate", pass, pass );
-    	
-    	// test to make sure update returns something
-		arm.update(auth.getUserNames());
-		String indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect == null ) fail();
-		
-		// test to make sure update removes items that are no longer in the list
-		auth.removeUser( u.getAccountName() );
-		arm.update(auth.getUserNames());
-		indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect != null ) fail();
-		
-		// test to make sure old indirect reference is maintained after an update
-		arm.update(auth.getUserNames());
-		String newIndirect = arm.getIndirectReference( u.getAccountName() );
-		assertEquals(indirect, newIndirect);
-    }
-    
-    
-    /**
-	 * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testIterator() {
-        System.out.println("iterator");
-    	RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
-        Authenticator auth = ESAPI.authenticator();
-        
-		arm.update(auth.getUserNames());
-
-		Iterator i = arm.iterator();
-		while ( i.hasNext() ) {
-			String userName = (String)i.next();
-			User u = auth.getUser( userName );
-			if ( u == null ) fail();
-		}
-    }
-    
-    /**
-	 * Test of getIndirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testGetIndirectReference() {
-        System.out.println("getIndirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String expResult = directReference;
-        String result = instance.getIndirectReference(directReference);
-        assertNotSame(expResult, result);        
-    }
-
-    /**
-	 * Test of getDirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AccessControlException
-	 *             the access control exception
-	 */
-    public void testGetDirectReference() throws AccessControlException {
-        System.out.println("getDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String ind = instance.getIndirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-        try {
-        	instance.getDirectReference("invalid");
-        	fail();
-        } catch( AccessControlException e ) {
-        	// success
-        }
-    }
-    
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testAddDirectReference() throws AccessControlException {
-        System.out.println("addDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String newDirect = instance.addDirectReference("newDirect");
-        assertNotNull( newDirect );
-        String ind = instance.addDirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-    	String newInd = instance.addDirectReference(directReference);
-    	assertEquals(ind, newInd);
-    }
-
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testRemoveDirectReference() throws AccessControlException {
-        System.out.println("removeDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String indirect = instance.getIndirectReference(directReference);
-        assertNotNull(indirect);
-        String deleted = instance.removeDirectReference(directReference);
-        assertEquals(indirect,deleted);
-    	deleted = instance.removeDirectReference("ridiculous");
-    	assertNull(deleted);
-    }
-    
-    
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+
+
+/**
+ * The Class AccessReferenceMapTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AccessReferenceMapTest extends TestCase {
+
+    /**
+     * Instantiates a new access reference map test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public AccessReferenceMapTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(AccessReferenceMapTest.class);
+        return suite;
+    }
+
+
+    /**
+     * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     * @throws EncryptionException
+     */
+    public void testUpdate() throws AuthenticationException, EncryptionException {
+        System.out.println("update");
+        RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
+        Authenticator auth = ESAPI.authenticator();
+
+        String pass = auth.generateStrongPassword();
+        User u = auth.createUser( "armUpdate", pass, pass );
+
+        // test to make sure update returns something
+        arm.update(auth.getUserNames());
+        String indirect = arm.getIndirectReference( u.getAccountName() );
+        if ( indirect == null ) fail();
+
+        // test to make sure update removes items that are no longer in the list
+        auth.removeUser( u.getAccountName() );
+        arm.update(auth.getUserNames());
+        indirect = arm.getIndirectReference( u.getAccountName() );
+        if ( indirect != null ) fail();
+
+        // test to make sure old indirect reference is maintained after an update
+        arm.update(auth.getUserNames());
+        String newIndirect = arm.getIndirectReference( u.getAccountName() );
+        assertEquals(indirect, newIndirect);
+    }
+
+
+    /**
+     * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
+     */
+    public void testIterator() {
+        System.out.println("iterator");
+        RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
+        Authenticator auth = ESAPI.authenticator();
+
+        arm.update(auth.getUserNames());
+
+        Iterator i = arm.iterator();
+        while ( i.hasNext() ) {
+            String userName = (String)i.next();
+            User u = auth.getUser( userName );
+            if ( u == null ) fail();
+        }
+    }
+
+    /**
+     * Test of getIndirectReference method, of class
+     * org.owasp.esapi.AccessReferenceMap.
+     */
+    public void testGetIndirectReference() {
+        System.out.println("getIndirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+
+        String expResult = directReference;
+        String result = instance.getIndirectReference(directReference);
+        assertNotSame(expResult, result);
+    }
+
+    /**
+     * Test of getDirectReference method, of class
+     * org.owasp.esapi.AccessReferenceMap.
+     *
+     * @throws AccessControlException
+     *             the access control exception
+     */
+    public void testGetDirectReference() throws AccessControlException {
+        System.out.println("getDirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+
+        String ind = instance.getIndirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+        try {
+            instance.getDirectReference("invalid");
+            fail();
+        } catch( AccessControlException e ) {
+            // success
+        }
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testAddDirectReference() throws AccessControlException {
+        System.out.println("addDirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+
+        String newDirect = instance.addDirectReference("newDirect");
+        assertNotNull( newDirect );
+        String ind = instance.addDirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+        String newInd = instance.addDirectReference(directReference);
+        assertEquals(ind, newInd);
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testRemoveDirectReference() throws AccessControlException {
+        System.out.println("removeDirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+
+        String indirect = instance.getIndirectReference(directReference);
+        assertNotNull(indirect);
+        String deleted = instance.removeDirectReference(directReference);
+        assertEquals(indirect,deleted);
+        deleted = instance.removeDirectReference("ridiculous");
+        assertNull(deleted);
+    }
+
+
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
index 31699ccfb..5df1b5c5b 100644
--- a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
@@ -1,617 +1,697 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class AuthenticatorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticatorTest extends TestCase {
-
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(AuthenticatorTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Instantiates a new authenticator test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public AuthenticatorTest(String testName) {
-		super(testName);
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	
-	/**
-	 * Test of createAccount method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-     *             the authentication exception
-     * @throws EncryptionException
-	 */
-	public void testCreateUser() throws AuthenticationException, EncryptionException {
-		System.out.println("createUser");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(accountName, password, password);
-		assertTrue(user.verifyPassword(password));
-        try {
-            instance.createUser(accountName, password, password); // duplicate user
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "password1", "password2"); // don't match
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "weak1", "weak1");  // weak password
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(null, "weak1", "weak1");  // null username
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), null, null);  // null password
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-        	String uName = "ea234kEknr";	//sufficiently random password that also works as a username
-            instance.createUser(uName, uName, uName);  // using username as password
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-	}
-
-	/**
-	 * Test of generateStrongPassword method, of class
-	 * org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGenerateStrongPassword() throws AuthenticationException {
-		System.out.println("generateStrongPassword");		
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = "iiiiiiiiii";  // i is not allowed in passwords - this prevents failures from containing pieces of old password
-		String newPassword = null;
-		String username = "FictionalEsapiUser";
-		User user = new DefaultUser(username);
-		for (int i = 0; i < 100; i++) {
-            try {
-                newPassword = instance.generateStrongPassword();
-                instance.verifyPasswordStrength(oldPassword, newPassword, user);
-            } catch( AuthenticationException e ) {
-            	System.out.println( "  FAILED >> " + newPassword + " : " + e.getLogMessage());
-                fail();
-            }
-		}
-		try {
-			instance.verifyPasswordStrength("test56^$test", "abcdx56^$sl", user );
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-	}
-
-
-	/**
-	 * Test of getCurrentUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-     *
-     * @throws Exception
-     */
-	public void testGetCurrentUser() throws Exception {
-		System.out.println("getCurrentUser");
-        Authenticator instance = ESAPI.authenticator();
-		String username1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String username2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user1 = instance.createUser(username1, "getCurrentUser", "getCurrentUser");
-		User user2 = instance.createUser(username2, "getCurrentUser", "getCurrentUser");		
-		user1.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		user1.loginWithPassword("getCurrentUser");
-		User currentUser = instance.getCurrentUser();
-		assertEquals( currentUser, user1 );
-		instance.setCurrentUser( user2 );
-		assertFalse( currentUser.getAccountName().equals( user2.getAccountName() ) );
-		
-		Runnable echo = new Runnable() {
-			private int count = 1;
-            private boolean result = false;
-			public void run() {
-		        Authenticator auth = ESAPI.authenticator();
-				User a = null;
-				try {
-					String password = auth.generateStrongPassword();
-					String accountName = "TestAccount" + count++;
-					a = auth.getUser(accountName);
-					if ( a != null ) {
-						auth.removeUser(accountName);
-					}
-					a = auth.createUser(accountName, password, password);
-					auth.setCurrentUser(a);
-				} catch (AuthenticationException e) {
-					e.printStackTrace();
-				}
-				User b = auth.getCurrentUser();
-				result &= a.equals(b);
-			}
-		};
-        ThreadGroup tg = new ThreadGroup("test");
-		for ( int i = 0; i<10; i++ ) {
-			new Thread( tg, echo ).start();
-		}
-        while (tg.activeCount() > 0 ) {
-            Thread.sleep(100);
-        }
-	}
-
-	/**
-	 * Test of getUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetUser() throws AuthenticationException {
-		System.out.println("getUser");
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		instance.createUser(accountName, password, password);
-		assertNotNull(instance.getUser( accountName ));
-		assertNull(instance.getUser( ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS) ));
-	}
-	
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AuthenticationException
-     */
-    public void testGetUserFromRememberToken() throws AuthenticationException {
-		System.out.println("getUserFromRememberToken");
-        Authenticator instance = ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
-		String password = instance.generateStrongPassword();
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user = instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		
-		System.out.println("getUserFromRememberToken - expecting failure");
-		request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, "ridiculous" );
-		try {
-			instance.login( request, response );  // wrong cookie will fail
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-
-		System.out.println("getUserFromRememberToken - expecting success");
-		request = new MockHttpServletRequest();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		ESAPI.authenticator().setCurrentUser(user);
-		String newToken = ESAPI.httpUtilities().setRememberToken(request, response, password, 10000, "test.com", request.getContextPath() );
-		request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, newToken );
-        user.logout();  // logout the current user so we can log them in with the remember cookie
-		User test2 = instance.login( request, response );
-		assertSame( user, test2 );
-	}
-	
-
-	
-	/**
-	 * Test get user from session.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetUserFromSession() throws AuthenticationException {
-		System.out.println("getUserFromSession");
-        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", accountName);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP( request, response );
-		instance.login( request, response);
-		User test = instance.getUserFromSession();
-		assertEquals( user, test );
-	}
-
-	/**
-	 * Test get user names.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetUserNames() throws AuthenticationException {
-		System.out.println("getUserNames");
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		String[] testnames = new String[10];
-		for(int i=0;i<testnames.length;i++) {
-			testnames[i] = ESAPI.randomizer().getRandomString(8,EncoderConstants.CHAR_ALPHANUMERICS);
-		}
-		for(int i=0;i<testnames.length;i++) {
-			instance.createUser(testnames[i], password, password);
-		}
-		Set names = instance.getUserNames();
-		for(int i=0;i<testnames.length;i++) {
-			assertTrue(names.contains(testnames[i].toLowerCase()));
-		}
-	}
-	
-	/**
-	 * Test of hashPassword method, of class org.owasp.esapi.Authenticator.
-     *
-     * @throws EncryptionException
-     */
-	public void testHashPassword() throws EncryptionException {
-		System.out.println("hashPassword");
-		String username = "Jeff";
-		String password = "test";
-        Authenticator instance = ESAPI.authenticator();
-		String result1 = instance.hashPassword(password, username);
-		String result2 = instance.hashPassword(password, username);
-		assertTrue(result1.equals(result2));
-	}
-
-	/**
-	 * Test of login method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLogin() throws AuthenticationException {
-		System.out.println("login");
-        Authenticator instance = ESAPI.authenticator();
-        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(username, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", username);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		User test = instance.login( request, response);
-		assertTrue( test.isLoggedIn() );
-	}
-	
-	/**
-	 * Test of removeAccount method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testRemoveUser() throws Exception {
-		System.out.println("removeUser");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		instance.createUser(accountName, password, password);
-		assertTrue( instance.exists(accountName));
-		instance.removeUser(accountName);
-		assertFalse( instance.exists(accountName));
-	}
-
-	/**
-	 * Test of saveUsers method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testSaveUsers() throws Exception {
-		System.out.println("saveUsers");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		instance.createUser(accountName, password, password);
-		instance.saveUsers();
-		assertNotNull( instance.getUser(accountName) );
-		instance.removeUser(accountName);
-		assertNull( instance.getUser(accountName) );
-	}
-
-	
-	/**
-	 * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetCurrentUser() throws AuthenticationException {
-		System.out.println("setCurrentUser");
-        final Authenticator instance = ESAPI.authenticator();
-		String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
-		String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
-		User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");
-		userOne.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		userOne.loginWithPassword("getCurrentUser");
-		User currentUser = instance.getCurrentUser();
-		assertEquals( currentUser, userOne );
-		User userTwo = instance.createUser(user2, "getCurrentUser", "getCurrentUser");		
-		instance.setCurrentUser( userTwo );
-		assertFalse( currentUser.getAccountName().equals( userTwo.getAccountName() ) );
-		
-		Runnable echo = new Runnable() {
-			private int count = 1;
-			public void run() {
-				User u=null;
-				try {
-					String password = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-					u = instance.createUser("test" + count++, password, password);
-					instance.setCurrentUser(u);
-					ESAPI.getLogger("test").info( Logger.SECURITY_SUCCESS, "Got current user" );
-					// ESAPI.authenticator().removeUser( u.getAccountName() );
-				} catch (AuthenticationException e) {
-					e.printStackTrace();
-				}
-			}
-		};
-		for ( int i = 0; i<10; i++ ) {
-			new Thread( echo ).start();
-		}
-	}
-	
-
-	/**
-	 * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetCurrentUserWithRequest() throws AuthenticationException {
-		System.out.println("setCurrentUser(req,resp)");
-        Authenticator instance = ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
-		String password = instance.generateStrongPassword();
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", accountName);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		instance.login( request, response );
-		assertEquals( user, instance.getCurrentUser() );
-		try {
-			user.disable();
-			instance.login( request, response );
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			user.enable();
-			user.lock();
-			instance.login( request, response );
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			user.unlock();
-			user.setExpirationTime( new Date() );
-			instance.login( request, response );
-		} catch( Exception e ) {
-			// expected
-		}
-	}
-	
-	
-	
-	/**
-	 * Test of validatePasswordStrength method, of class
-	 * org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testValidatePasswordStrength() throws AuthenticationException {
-		System.out.println("validatePasswordStrength");
-        Authenticator instance = ESAPI.authenticator();
-        
-        String username = "FictionalEsapiUser";
-		User user = new DefaultUser(username);
-
-		// should fail
-		try {
-			instance.verifyPasswordStrength("password", "jeff", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("diff123bang", "same123string", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "JEFF", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "1234", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "password", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "-1", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "password123", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "test123", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		//jtm - 11/16/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
-		try {
-			instance.verifyPasswordStrength("password", "FictionalEsapiUser", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "FICTIONALESAPIUSER", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-
-		// should pass
-		instance.verifyPasswordStrength("password", "jeffJEFF12!", user);
-		instance.verifyPasswordStrength("password", "super calif ragil istic", user);
-		instance.verifyPasswordStrength("password", "TONYTONYTONYTONY", user);
-		instance.verifyPasswordStrength("password", instance.generateStrongPassword(), user);
-
-        // chrisisbeef - Issue 65 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=65
-        instance.verifyPasswordStrength("password", "b!gbr0ther", user);
-	}
-
-	/**
-	 * Test of exists method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testExists() throws Exception {
-		System.out.println("exists");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		instance.createUser(accountName, password, password);
-		assertTrue(instance.exists(accountName));
-		instance.removeUser(accountName);
-		assertFalse(instance.exists(accountName));
-	}
-
-    /**
-     * Test of main method, of class org.owasp.esapi.Authenticator.
-     * @throws Exception
-     */
-    public void testMain() throws Exception {
-        System.out.println("Authenticator Main");
-        Authenticator instance = ESAPI.authenticator();
-        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        String password = instance.generateStrongPassword();
-        String role = "test";
-        
-        // test wrong parameters - missing role parameter
-        String[] badargs = { accountName, password };
-        FileBasedAuthenticator.main( badargs );
-        // load users since the new user was added in another instance
-        ((FileBasedAuthenticator)instance).loadUsersImmediately();
-        User u1 = instance.getUser(accountName);
-        assertNull( u1 );
-
-        // test good parameters
-        String[] args = { accountName, password, role };
-        FileBasedAuthenticator.main(args);
-        // load users since the new user was added in another instance
-        ((FileBasedAuthenticator)instance).loadUsersImmediately();
-        DefaultUser u2 = (DefaultUser) instance.getUser(accountName);
-        assertNotNull( u2 );
-        assertTrue( u2.isInRole(role));
-        assertEquals( instance.hashPassword(password, accountName), ((FileBasedAuthenticator)instance).getHashedPassword(u2) );
-    }
-    
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+import java.util.Calendar;
+import java.util.Set;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.hamcrest.core.IsEqual;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ErrorCollector;
+import org.junit.rules.TestName;
+import org.junit.rules.Timeout;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * The Class AuthenticatorTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticatorTest {
+    private static Authenticator instance;
+    /**
+     * User session information is stored on a per-thread basis.  So long as this has potential to run single threaded then we'll maintain a synchronous nature execution.
+     * This is done to prevent tests corrupting each others states since all will be executed on a limited set of Threads within the JVM.
+     */
+    private static Semaphore threadIsolation = new Semaphore(1, true);
+
+    @Rule
+    public ErrorCollector collector = new ErrorCollector();
+    @Rule
+    public Timeout testTimout = new Timeout(5, TimeUnit.MINUTES);
+    @Rule
+    public TestName name = new TestName();
+
+    @BeforeClass
+    public static void setUpStatic() {
+        instance = ESAPI.authenticator();
+    }
+
+    @Before
+    public void setup() throws InterruptedException {
+        while (!threadIsolation.tryAcquire(500, TimeUnit.MILLISECONDS)) {
+            //Spurious Interrupt Guard
+        }
+    }
+
+    @After
+    public void cleanup() {
+        try {
+            instance.logout();
+            instance.clearCurrent();
+            HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+            HttpServletResponse response = ESAPI.httpUtilities().getCurrentResponse();
+            if (request != null  && response != null) {
+                //I don't know why killAllCookies doesn't nullcheck state.  I'm assuming this is unique to the test environment.
+                ESAPI.httpUtilities().killAllCookies();
+            }
+            ESAPI.httpUtilities().clearCurrent();
+        } finally {
+            threadIsolation.release();
+        }
+    }
+
+
+    /**
+     * Test of createAccount method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     * @throws EncryptionException
+     */
+    @Test public void testCreateUser() throws AuthenticationException, EncryptionException {
+        System.out.println("createUser");
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        User user = instance.createUser(accountName, password, password);
+        assertTrue(user.verifyPassword(password));
+        try {
+            instance.createUser(accountName, password, password); // duplicate user
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "password1", "password2"); // don't match
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "weak1", "weak1");  // weak password
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(null, "weak1", "weak1");  // null username
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), null, null);  // null password
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            String uName = "ea234kEknr";    //sufficiently random password that also works as a username
+            instance.createUser(uName, uName, uName);  // using username as password
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+    }
+
+    /**
+     * Test of generateStrongPassword method, of class
+     * org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testGenerateStrongPassword() throws AuthenticationException {
+        System.out.println("generateStrongPassword");
+        String oldPassword = "iiiiiiiiii";  // i is not allowed in passwords - this prevents failures from containing pieces of old password
+        String newPassword = null;
+        String username = "FictionalEsapiUser";
+        User user = new DefaultUser(username);
+        for (int i = 0; i < 100; i++) {
+            try {
+                newPassword = instance.generateStrongPassword();
+                instance.verifyPasswordStrength(oldPassword, newPassword, user);
+            } catch( AuthenticationException e ) {
+                System.out.println( "  FAILED >> " + newPassword + " : " + e.getLogMessage());
+                fail();
+            }
+        }
+        try {
+            instance.verifyPasswordStrength("test56^$test", "abcdx56^$sl", user );
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+    }
+
+
+    /**
+     * Test of getCurrentUser method, of class org.owasp.esapi.Authenticator.
+     *
+     *
+     * @throws Exception
+     */
+    @Test public void testGetCurrentUser() throws Exception {
+        System.out.println("getCurrentUser");
+        String username1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String username2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        User user1 = instance.createUser(username1, "getCurrentUser", "getCurrentUser");
+        User user2 = instance.createUser(username2, "getCurrentUser", "getCurrentUser");
+        user1.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        user1.loginWithPassword("getCurrentUser");
+        User currentUser = instance.getCurrentUser();
+        assertEquals( currentUser, user1 );
+        instance.setCurrentUser( user2 );
+        assertFalse( currentUser.getAccountName().equals( user2.getAccountName() ) );
+
+        Runnable echo = new Runnable() {
+            public void run() {
+                User a = null;
+                try {
+                    String password = instance.generateStrongPassword();
+                    //Create account name using random strings to guarantee uniqueness among running threads.
+                    String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+                    a = instance.getUser(accountName);
+                    if ( a != null ) {
+                        instance.removeUser(accountName);
+                    }
+                    a = instance.createUser(accountName, password, password);
+                    instance.setCurrentUser(a);
+                } catch (AuthenticationException e) {
+                    //Use ErrorCollector to fail test.
+                    collector.addError(e);
+                }
+                User b = instance.getCurrentUser();
+                collector.checkThat("Logged in user should equal original user", a.equals(b), new IsEqual<Boolean>(Boolean.TRUE));
+            }
+        };
+        ThreadGroup tg = new ThreadGroup("test");
+        for ( int i = 0; i<10; i++ ) {
+            new Thread( tg, echo ).start();
+        }
+        while (tg.activeCount() > 0 ) {
+            Thread.sleep(100);
+        }
+    }
+
+    /**
+     * Test of getUser method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testGetUser() throws AuthenticationException {
+        System.out.println("getUser");
+        String password = instance.generateStrongPassword();
+        String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        instance.createUser(accountName, password, password);
+        assertNotNull(instance.getUser( accountName ));
+        assertNull(instance.getUser( ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS) ));
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AuthenticationException
+     */
+    @Test public void testGetUserFromRememberToken() throws AuthenticationException {
+        System.out.println("getUserFromRememberToken");
+        String password = instance.generateStrongPassword();
+        String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        User user = instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+
+        System.out.println("getUserFromRememberToken - expecting failure");
+        request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, "ridiculous" );
+        try {
+            instance.login( request, response );  // wrong cookie will fail
+            fail();
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+
+        System.out.println("getUserFromRememberToken - expecting success");
+        request = new MockHttpServletRequest();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        ESAPI.authenticator().setCurrentUser(user);
+        String newToken = ESAPI.httpUtilities().setRememberToken(request, response, password, 10000, "test.com", request.getContextPath() );
+        request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, newToken );
+        user.logout();  // logout the current user so we can log them in with the remember cookie
+        User test2 = instance.login( request, response );
+        assertSame( user, test2 );
+    }
+
+
+
+    /**
+     * Test get user from session.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testGetUserFromSession() throws AuthenticationException {
+        System.out.println("getUserFromSession");
+        assumeTrue(instance instanceof FileBasedAuthenticator);
+        String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        User user = instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP( request, response );
+        instance.login( request, response);
+        User test = ((FileBasedAuthenticator)instance).getUserFromSession();
+        assertEquals( user, test );
+    }
+
+    /**
+     * Test get user names.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testGetUserNames() throws AuthenticationException {
+        System.out.println("getUserNames");
+        String password = instance.generateStrongPassword();
+        String[] testnames = new String[10];
+        for(int i=0;i<testnames.length;i++) {
+            testnames[i] = ESAPI.randomizer().getRandomString(8,EncoderConstants.CHAR_ALPHANUMERICS);
+        }
+        for(int i=0;i<testnames.length;i++) {
+            instance.createUser(testnames[i], password, password);
+        }
+        Set names = instance.getUserNames();
+        for(int i=0;i<testnames.length;i++) {
+            assertTrue(names.contains(testnames[i].toLowerCase()));
+        }
+    }
+
+    /**
+     * Test of hashPassword method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws EncryptionException
+     */
+    @Test public void testHashPassword() throws EncryptionException {
+        System.out.println("hashPassword");
+        String username = "Jeff";
+        String password = "test";
+        String result1 = instance.hashPassword(password, username);
+        String result2 = instance.hashPassword(password, username);
+        assertTrue(result1.equals(result2));
+    }
+
+    /**
+     * Test of login method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testLogin() throws AuthenticationException {
+        System.out.println("login");
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        User user = instance.createUser(username, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", username);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        User test = instance.login( request, response);
+        assertTrue( test.isLoggedIn() );
+        assertSame(user, test);
+    }
+
+    /**
+     * Test of removeAccount method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test public void testRemoveUser() throws Exception {
+        System.out.println("removeUser");
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        instance.createUser(accountName, password, password);
+        assertTrue( instance.exists(accountName));
+        instance.removeUser(accountName);
+        assertFalse( instance.exists(accountName));
+    }
+
+    /**
+     * Test of saveUsers method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test public void testSaveUsers() throws Exception {
+        System.out.println("saveUsers");
+        assumeTrue(instance instanceof FileBasedAuthenticator);
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        instance.createUser(accountName, password, password);
+        ((FileBasedAuthenticator)instance).saveUsers();
+        assertNotNull( instance.getUser(accountName) );
+        instance.removeUser(accountName);
+        assertNull( instance.getUser(accountName) );
+    }
+
+
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     * @throws InterruptedException Thrown if test is interrupted while awaiting completion of child threads.
+     */
+    @Test public void testSetCurrentUser() throws AuthenticationException, InterruptedException {
+        System.out.println("setCurrentUser");
+        String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
+        String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
+        User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");
+        userOne.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        userOne.loginWithPassword("getCurrentUser");
+        User currentUser = instance.getCurrentUser();
+        assertEquals( currentUser, userOne );
+        User userTwo = instance.createUser(user2, "getCurrentUser", "getCurrentUser");
+        instance.setCurrentUser( userTwo );
+        assertFalse( currentUser.getAccountName().equals( userTwo.getAccountName() ) );
+        final CountDownLatch latch = new CountDownLatch(10);
+        Runnable echo = new Runnable() {
+            public void run() {
+                User u=null;
+                try {
+                  //Increase pwd size to guarantee greater than (not "or equal to") 16 strength.  See FileBasedAuthenticator 711-715
+                    String password = ESAPI.randomizer().getRandomString(17, EncoderConstants.CHAR_ALPHANUMERICS);
+                    String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+                    u = instance.createUser(username, password, password);
+                    instance.setCurrentUser(u);
+                    ESAPI.getLogger("test").info( Logger.SECURITY_SUCCESS, "Got current user" );
+                    //If the user isn't removed every subsequent execution will fail because we cannot create a duplicate user of the same name!
+                    instance.removeUser( u.getAccountName() );
+                } catch (AuthenticationException e) {
+                    collector.addError(e);
+                } finally {
+                    latch.countDown();
+                }
+            }
+        };
+        for ( int i = 0; i<10; i++ ) {
+            new Thread( echo ).start();
+        }
+        while(!latch.await(500, TimeUnit.MILLISECONDS)) {
+            //Spurious Interrupt Guard.
+        }
+    }
+
+
+
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequest() throws AuthenticationException {
+        instance.logout();  // in case anyone is logged in
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        User loggedIn = instance.login( request, response );
+        User currentUser = instance.getCurrentUser();
+        assertTrue(loggedIn.isLoggedIn());
+        assertSame(currentUser, loggedIn);
+        assertSame(user, loggedIn);
+    }
+
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequestDisabledAccount() throws AuthenticationException {
+        instance.logout();  // in case anyone is logged in
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        try {
+            user.disable();
+            instance.login( request, response );
+            fail("Disabled User Account should not be able to log in.");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+    }
+
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequestLockedAccount() throws AuthenticationException {
+        instance.logout();  // in case anyone is logged in
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        try {
+            user.lock();
+            instance.login( request, response );
+            fail("Locked User Account should not be able to log in.");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+    }
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequestExpiredAccount() throws AuthenticationException {
+        instance.logout();  // in case anyone is logged in
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        Calendar calendar = Calendar.getInstance();
+        calendar.add(Calendar.MINUTE, -1);
+        try {
+            user.unlock();
+            user.setExpirationTime( calendar.getTime() );
+            instance.login( request, response );
+            fail("Expired User account should not be allowed to log in.");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+    }
+
+
+
+    /**
+     * Test of validatePasswordStrength method, of class
+     * org.owasp.esapi.Authenticator.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testValidatePasswordStrength() throws AuthenticationException {
+        System.out.println("validatePasswordStrength");
+
+        String username = "FictionalEsapiUser";
+        User user = new DefaultUser(username);
+
+        // should fail
+        try {
+            instance.verifyPasswordStrength("password", "jeff", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("diff123bang", "same123string", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("password", "JEFF", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("password", "1234", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("password", "password", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("password", "-1", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("password", "password123", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("password", "test123", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        //jtm - 11/16/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
+        try {
+            instance.verifyPasswordStrength("password", "FictionalEsapiUser", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.verifyPasswordStrength("password", "FICTIONALESAPIUSER", user);
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+
+        // should pass
+        instance.verifyPasswordStrength("password", "jeffJEFF12!", user);
+        instance.verifyPasswordStrength("password", "super calif ragil istic", user);
+        instance.verifyPasswordStrength("password", "TONYTONYTONYTONY", user);
+        instance.verifyPasswordStrength("password", instance.generateStrongPassword(), user);
+
+        // chrisisbeef - Issue 65 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=65
+        instance.verifyPasswordStrength("password", "b!gbr0ther", user);
+    }
+
+    /**
+     * Test of exists method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    @Test public void testExists() throws Exception {
+        System.out.println("exists");
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        instance.createUser(accountName, password, password);
+        assertTrue(instance.exists(accountName));
+        instance.removeUser(accountName);
+        assertFalse(instance.exists(accountName));
+    }
+
+    /**
+     * Test of main method, of class org.owasp.esapi.Authenticator.
+     * @throws Exception
+     */
+    @Test public void testMain() throws Exception {
+        System.out.println("Authenticator Main");
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        String role = "test";
+
+        // test wrong parameters - missing role parameter
+        String[] badargs = { accountName, password };
+        FileBasedAuthenticator.main( badargs );
+        // load users since the new user was added in another instance
+        ((FileBasedAuthenticator)instance).loadUsersImmediately();
+        User u1 = instance.getUser(accountName);
+        assertNull( u1 );
+
+        // test good parameters
+        String[] args = { accountName, password, role };
+        FileBasedAuthenticator.main(args);
+        // load users since the new user was added in another instance
+        ((FileBasedAuthenticator)instance).loadUsersImmediately();
+        DefaultUser u2 = (DefaultUser) instance.getUser(accountName);
+        assertNotNull( u2 );
+        assertTrue( u2.isInRole(role));
+        assertEquals( instance.hashPassword(password, accountName), ((FileBasedAuthenticator)instance).getHashedPassword(u2) );
+    }
+
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index b25d8e4dd..9a801614c 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -1,418 +1,491 @@
-package org.owasp.esapi.reference;
-
-import java.util.regex.Pattern;
-
-import junit.framework.Assert;
-
-import org.junit.Test;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.ConfigurationException;
-
-public class DefaultSecurityConfigurationTest {
-
-	private DefaultSecurityConfiguration createWithProperty(String key, String val) {
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(key, val);
-		return new DefaultSecurityConfiguration(properties);
-	}
-	
-	@Test
-	public void testGetApplicationName() {
-		final String expected = "ESAPI_UnitTests";
-		DefaultSecurityConfiguration secConf = this.createWithProperty(DefaultSecurityConfiguration.APPLICATION_NAME, expected);
-		Assert.assertEquals(expected, secConf.getApplicationName());
-	}
-	
-	@Test
-	public void testGetLogImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_LOG_IMPLEMENTATION, secConf.getLogImplementation());
-		
-		final String expected = "TestLogger";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getLogImplementation());
-	}
-	
-	@Test
-	public void testAuthenticationImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_AUTHENTICATION_IMPLEMENTATION, secConf.getAuthenticationImplementation());
-		
-		final String expected = "TestAuthentication";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.AUTHENTICATION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getAuthenticationImplementation());
-	}
-	
-	@Test
-	public void testEncoderImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCODER_IMPLEMENTATION, secConf.getEncoderImplementation());
-		
-		final String expected = "TestEncoder";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCODER_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getEncoderImplementation());
-	}
-	
-	@Test
-	public void testAccessControlImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, secConf.getAccessControlImplementation());
-		
-		final String expected = "TestAccessControl";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ACCESS_CONTROL_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getAccessControlImplementation());
-	}
-	
-	@Test
-	public void testEncryptionImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCRYPTION_IMPLEMENTATION, secConf.getEncryptionImplementation());
-		
-		final String expected = "TestEncryption";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getEncryptionImplementation());
-	}
-	
-	@Test
-	public void testIntrusionDetectionImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, secConf.getIntrusionDetectionImplementation());
-		
-		final String expected = "TestIntrusionDetection";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.INTRUSION_DETECTION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getIntrusionDetectionImplementation());
-	}
-	
-	@Test
-	public void testRandomizerImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_RANDOMIZER_IMPLEMENTATION, secConf.getRandomizerImplementation());
-		
-		final String expected = "TestRandomizer";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.RANDOMIZER_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getRandomizerImplementation());
-	}
-	
-	@Test
-	public void testExecutorImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_EXECUTOR_IMPLEMENTATION, secConf.getExecutorImplementation());
-		
-		final String expected = "TestExecutor";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.EXECUTOR_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getExecutorImplementation());
-	}
-	
-	@Test
-	public void testHTTPUtilitiesImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, secConf.getHTTPUtilitiesImplementation());
-		
-		final String expected = "TestHTTPUtilities";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.HTTP_UTILITIES_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getHTTPUtilitiesImplementation());
-	}
-	
-	@Test
-	public void testValidationImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_VALIDATOR_IMPLEMENTATION, secConf.getValidationImplementation());
-		
-		final String expected = "TestValidation";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.VALIDATOR_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getValidationImplementation());
-	}
-	
-	@Test
-	public void testGetEncryptionKeyLength() {
-		// test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(128, secConf.getEncryptionKeyLength());
-		
-		final int expected = 256;
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.KEY_LENGTH, String.valueOf(expected));
-		Assert.assertEquals(expected, secConf.getEncryptionKeyLength());
-	}
-	
-	@Test
-	public void testGetKDFPseudoRandomFunction() {
-		// test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("HmacSHA256", secConf.getKDFPseudoRandomFunction());
-		
-		final String expected = "HmacSHA1";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.KDF_PRF_ALG, expected);
-		Assert.assertEquals(expected, secConf.getKDFPseudoRandomFunction());
-	}
-	
-	@Test
-	public void testGetMasterSalt() {
-		try {
-			DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-			secConf.getMasterSalt();
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-		
-		final String salt = "53081";
-		final String property = ESAPI.encoder().encodeForBase64(salt.getBytes(), false);
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.MASTER_SALT, property);
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals(salt, new String(secConf.getMasterSalt()));
-	}
-	
-	@Test
-	public void testGetAllowedExecutables() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		java.util.List<String> allowedExecutables = secConf.getAllowedExecutables();
-		
-		//is this really what should be returned? what about an empty list?
-		Assert.assertEquals(1, allowedExecutables.size());
-		Assert.assertEquals("", allowedExecutables.get(0));
-		
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.APPROVED_EXECUTABLES, String.valueOf("/bin/bzip2,/bin/diff, /bin/cvs"));
-		secConf = new DefaultSecurityConfiguration(properties);
-		allowedExecutables = secConf.getAllowedExecutables();
-		Assert.assertEquals(3, allowedExecutables.size());
-		Assert.assertEquals("/bin/bzip2", allowedExecutables.get(0));
-		Assert.assertEquals("/bin/diff", allowedExecutables.get(1));
-		
-		//this seems less than optimal, maybe each value should have a trim() done to it
-		//at least we know that this behavior exists, the property should'nt have spaces between values
-		Assert.assertEquals(" /bin/cvs", allowedExecutables.get(2));
-	}
-	
-	@Test
-	public void testGetAllowedFileExtensions() {
-		
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		java.util.List<String> allowedFileExtensions = secConf.getAllowedFileExtensions();
-		Assert.assertFalse(allowedFileExtensions.isEmpty());
-		
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.APPROVED_UPLOAD_EXTENSIONS, String.valueOf(".txt,.xml,.html,.png"));
-		secConf = new DefaultSecurityConfiguration(properties);
-		allowedFileExtensions = secConf.getAllowedFileExtensions();
-		Assert.assertEquals(4, allowedFileExtensions.size());
-		Assert.assertEquals(".html", allowedFileExtensions.get(2));
-	}
-	
-	@Test
-	public void testGetAllowedFileUploadSize() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		//assert that the default is of some reasonable size
-		Assert.assertTrue(secConf.getAllowedFileUploadSize() > (1024 * 100));
-		
-		final int expected = (1024 * 1000);
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_UPLOAD_FILE_BYTES, String.valueOf(expected));
-		Assert.assertEquals(expected, secConf.getAllowedFileUploadSize());
-	}
-	
-	@Test
-	public void testGetParameterNames() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("password", secConf.getPasswordParameterName());
-		Assert.assertEquals("username", secConf.getUsernameParameterName());
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.PASSWORD_PARAMETER_NAME, "j_password");
-		properties.setProperty(DefaultSecurityConfiguration.USERNAME_PARAMETER_NAME, "j_username");
-		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("j_password", secConf.getPasswordParameterName());
-		Assert.assertEquals("j_username", secConf.getUsernameParameterName());
-	}
-	
-	@Test
-	public void testGetEncryptionAlgorithm() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("AES", secConf.getEncryptionAlgorithm());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_ALGORITHM, "3DES");
-		Assert.assertEquals("3DES", secConf.getEncryptionAlgorithm());
-	}
-	
-	@Test
-	public void testGetCipherXProperties() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getCipherTransformation());
-		//Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getC);
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.CIPHER_TRANSFORMATION_IMPLEMENTATION, "Blowfish/CFB/ISO10126Padding");
-		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
-		
-		secConf.setCipherTransformation("DESede/PCBC/PKCS5Padding");
-		Assert.assertEquals("DESede/PCBC/PKCS5Padding", secConf.getCipherTransformation());
-		
-		secConf.setCipherTransformation(null);//sets it back to default
-		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
-	}
-	
-	@Test
-	public void testIV() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("random", secConf.getIVType());
-		try {
-			secConf.getFixedIV();
-			Assert.fail();
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "fixed");
-		properties.setProperty(DefaultSecurityConfiguration.FIXED_IV, "ivValue");
-		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("fixed", secConf.getIVType());
-		Assert.assertEquals("ivValue", secConf.getFixedIV());
-		
-		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "illegal");
-		secConf = new DefaultSecurityConfiguration(properties);
-		try {
-			secConf.getIVType();
-			Assert.fail();
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-		try {
-			secConf.getFixedIV();
-			Assert.fail();
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-	}
-	
-	@Test
-	public void testGetAllowMultipleEncoding() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getAllowMultipleEncoding());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "yes");
-		Assert.assertTrue(secConf.getAllowMultipleEncoding());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "true");
-		Assert.assertTrue(secConf.getAllowMultipleEncoding());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "no");
-		Assert.assertFalse(secConf.getAllowMultipleEncoding());
-	}
-	
-	@Test
-	public void testGetDefaultCanonicalizationCodecs() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getDefaultCanonicalizationCodecs().isEmpty());
-		
-		String property = "org.owasp.esapi.codecs.TestCodec1,org.owasp.esapi.codecs.TestCodec2";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.CANONICALIZATION_CODECS, property);
-		Assert.assertTrue(secConf.getDefaultCanonicalizationCodecs().contains("org.owasp.esapi.codecs.TestCodec1"));
-	}
-	
-	@Test
-	public void testGetDisableIntrusionDetection() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getDisableIntrusionDetection());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "TRUE");
-		Assert.assertTrue(secConf.getDisableIntrusionDetection());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "true");
-		Assert.assertTrue(secConf.getDisableIntrusionDetection());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "false");
-		Assert.assertFalse(secConf.getDisableIntrusionDetection());
-	}
-	
-	@Test
-	public void testGetLogLevel() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(Logger.WARNING, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "trace");
-		Assert.assertEquals(Logger.TRACE, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "Off");
-		Assert.assertEquals(Logger.OFF, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "all");
-		Assert.assertEquals(Logger.ALL, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "DEBUG");
-		Assert.assertEquals(Logger.DEBUG, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "info");
-		Assert.assertEquals(Logger.INFO, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "ERROR");
-		Assert.assertEquals(Logger.ERROR, secConf.getLogLevel());
-	}
-	
-	@Test
-	public void testGetLogFileName() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("ESAPI_logging_file", secConf.getLogFileName());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_FILE_NAME, "log.txt");
-		Assert.assertEquals("log.txt", secConf.getLogFileName());
-	}
-	
-	@Test
-	public void testGetMaxLogFileSize() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_MAX_LOG_FILE_SIZE, secConf.getMaxLogFileSize());
-		
-		int maxLogSize = (1024 * 1000);
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_LOG_FILE_SIZE, String.valueOf(maxLogSize));
-		Assert.assertEquals(maxLogSize, secConf.getMaxLogFileSize());
-	}
-	
-	private String patternOrNull(Pattern p){
-		return null==p?null:p.pattern();
-	}
-
-	@Test
-	public void testValidationsPropertiesFileOptions(){
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-SingleValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertNull(secConf.getValidationPattern("Test2"));
-		Assert.assertNull(secConf.getValidationPattern("TestC"));
-		
-		secConf = new DefaultSecurityConfiguration("ESAPI-DualValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
-		Assert.assertNull(secConf.getValidationPattern("TestC"));
-
-		secConf = new DefaultSecurityConfiguration("ESAPI-CommaValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
-		Assert.assertNull(secConf.getValidationPattern("Test1"));
-		Assert.assertNull(secConf.getValidationPattern("Test2"));
-
-		secConf = new DefaultSecurityConfiguration("ESAPI-QuotedValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
-	}
-	
-}
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.util.regex.Pattern;
+import java.util.Properties;
+
+import org.junit.Test;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.PropNames.DefaultSearchPath;
+
+import static org.owasp.esapi.PropNames.*;
+
+public class DefaultSecurityConfigurationTest {
+
+    private DefaultSecurityConfiguration createWithProperty(String key, String val) {
+        Properties properties = new Properties();
+        properties.setProperty(key, val);
+        return new DefaultSecurityConfiguration(properties);
+    }
+
+    @Test
+    public void testGetApplicationName() {
+        final String expected = "ESAPI_UnitTests";
+        DefaultSecurityConfiguration secConf = this.createWithProperty(APPLICATION_NAME, expected);
+        assertEquals(expected, secConf.getApplicationName());
+    }
+
+    @Test
+    public void testGetLogImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_LOG_IMPLEMENTATION, secConf.getLogImplementation());
+
+        final String expected = "TestLogger";
+        secConf = this.createWithProperty(LOG_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getLogImplementation());
+    }
+
+    @Test
+    public void testAuthenticationImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_AUTHENTICATION_IMPLEMENTATION, secConf.getAuthenticationImplementation());
+
+        final String expected = "TestAuthentication";
+        secConf = this.createWithProperty(AUTHENTICATION_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getAuthenticationImplementation());
+    }
+
+    @Test
+    public void testEncoderImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_ENCODER_IMPLEMENTATION, secConf.getEncoderImplementation());
+
+        final String expected = "TestEncoder";
+        secConf = this.createWithProperty(ENCODER_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getEncoderImplementation());
+    }
+
+    @Test
+    public void testAccessControlImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, secConf.getAccessControlImplementation());
+
+        final String expected = "TestAccessControl";
+        secConf = this.createWithProperty(ACCESS_CONTROL_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getAccessControlImplementation());
+    }
+
+    @Test
+    public void testEncryptionImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_ENCRYPTION_IMPLEMENTATION, secConf.getEncryptionImplementation());
+
+        final String expected = "TestEncryption";
+        secConf = this.createWithProperty(ENCRYPTION_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getEncryptionImplementation());
+    }
+
+    @Test
+    public void testIntrusionDetectionImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, secConf.getIntrusionDetectionImplementation());
+
+        final String expected = "TestIntrusionDetection";
+        secConf = this.createWithProperty(INTRUSION_DETECTION_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getIntrusionDetectionImplementation());
+    }
+
+    @Test
+    public void testRandomizerImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_RANDOMIZER_IMPLEMENTATION, secConf.getRandomizerImplementation());
+
+        final String expected = "TestRandomizer";
+        secConf = this.createWithProperty(RANDOMIZER_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getRandomizerImplementation());
+    }
+
+    @Test
+    public void testExecutorImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_EXECUTOR_IMPLEMENTATION, secConf.getExecutorImplementation());
+
+        final String expected = "TestExecutor";
+        secConf = this.createWithProperty(EXECUTOR_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getExecutorImplementation());
+    }
+
+    @Test
+    public void testHTTPUtilitiesImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, secConf.getHTTPUtilitiesImplementation());
+
+        final String expected = "TestHTTPUtilities";
+        secConf = this.createWithProperty(HTTP_UTILITIES_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getHTTPUtilitiesImplementation());
+    }
+
+    @Test
+    public void testValidationImplementation() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(DEFAULT_VALIDATOR_IMPLEMENTATION, secConf.getValidationImplementation());
+
+        final String expected = "TestValidation";
+        secConf = this.createWithProperty(VALIDATOR_IMPLEMENTATION, expected);
+        assertEquals(expected, secConf.getValidationImplementation());
+    }
+
+    @Test
+    public void testGetEncryptionKeyLength() {
+        // test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals(128, secConf.getEncryptionKeyLength());
+
+        final int expected = 256;
+        secConf = this.createWithProperty(KEY_LENGTH, String.valueOf(expected));
+        assertEquals(expected, secConf.getEncryptionKeyLength());
+    }
+
+    @Test
+    public void testGetKDFPseudoRandomFunction() {
+        // test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals("HmacSHA256", secConf.getKDFPseudoRandomFunction());
+
+        final String expected = "HmacSHA1";
+        secConf = this.createWithProperty(KDF_PRF_ALG, expected);
+        assertEquals(expected, secConf.getKDFPseudoRandomFunction());
+    }
+
+    @Test
+    public void testGetMasterSalt() {
+        try {
+            DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+            secConf.getMasterSalt();
+            fail("Expected Exception not thrown");
+        }
+        catch (ConfigurationException ce) {
+            assertNotNull(ce.getMessage());
+        }
+
+        final String salt = "53081";
+        final String property = ESAPI.encoder().encodeForBase64(salt.getBytes(), false);
+        Properties properties = new Properties();
+        properties.setProperty(MASTER_SALT, property);
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(properties);
+        assertEquals(salt, new String(secConf.getMasterSalt()));
+    }
+
+    @Test
+    public void testGetAllowedExecutables() {
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        java.util.List<String> allowedExecutables = secConf.getAllowedExecutables();
+
+        //is this really what should be returned? what about an empty list?
+        assertEquals(1, allowedExecutables.size());
+        assertEquals("", allowedExecutables.get(0));
+
+
+        Properties properties = new Properties();
+        properties.setProperty(APPROVED_EXECUTABLES, String.valueOf("/bin/bzip2,/bin/diff, /bin/cvs"));
+        secConf = new DefaultSecurityConfiguration(properties);
+        allowedExecutables = secConf.getAllowedExecutables();
+        assertEquals(3, allowedExecutables.size());
+        assertEquals("/bin/bzip2", allowedExecutables.get(0));
+        assertEquals("/bin/diff", allowedExecutables.get(1));
+
+        //this seems less than optimal, maybe each value should have a trim() done to it
+        //at least we know that this behavior exists, the property should'nt have spaces between values
+        assertEquals(" /bin/cvs", allowedExecutables.get(2));
+    }
+
+    @Test
+    public void testGetAllowedFileExtensions() {
+
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        java.util.List<String> allowedFileExtensions = secConf.getAllowedFileExtensions();
+        assertFalse(allowedFileExtensions.isEmpty());
+
+
+        Properties properties = new Properties();
+        properties.setProperty(APPROVED_UPLOAD_EXTENSIONS, String.valueOf(".txt,.xml,.html,.png"));
+        secConf = new DefaultSecurityConfiguration(properties);
+        allowedFileExtensions = secConf.getAllowedFileExtensions();
+        assertEquals(4, allowedFileExtensions.size());
+        assertEquals(".html", allowedFileExtensions.get(2));
+    }
+
+    @Test
+    public void testGetAllowedFileUploadSize() {
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        //assert that the default is of some reasonable size
+        assertTrue(secConf.getAllowedFileUploadSize() > (1024 * 100));
+
+        final int expected = (1024 * 1000);
+        secConf = this.createWithProperty(MAX_UPLOAD_FILE_BYTES, String.valueOf(expected));
+        assertEquals(expected, secConf.getAllowedFileUploadSize());
+    }
+
+    @Test
+    public void testGetParameterNames() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals("password", secConf.getPasswordParameterName());
+        assertEquals("username", secConf.getUsernameParameterName());
+
+        Properties properties = new Properties();
+        properties.setProperty(PASSWORD_PARAMETER_NAME, "j_password");
+        properties.setProperty(USERNAME_PARAMETER_NAME, "j_username");
+        secConf = new DefaultSecurityConfiguration(properties);
+        assertEquals("j_password", secConf.getPasswordParameterName());
+        assertEquals("j_username", secConf.getUsernameParameterName());
+    }
+
+    @Test
+    public void testGetEncryptionAlgorithm() {
+        //test the default
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals("AES", secConf.getEncryptionAlgorithm());
+
+        secConf = this.createWithProperty(ENCRYPTION_ALGORITHM, "3DES");
+        assertEquals("3DES", secConf.getEncryptionAlgorithm());
+    }
+
+    @Test
+    public void testGetCipherXProperties() {
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals("AES/CBC/PKCS5Padding", secConf.getCipherTransformation());
+        //assertEquals("AES/CBC/PKCS5Padding", secConf.getC);
+
+        Properties properties = new Properties();
+        properties.setProperty(CIPHER_TRANSFORMATION_IMPLEMENTATION, "Blowfish/CFB/ISO10126Padding");
+        secConf = new DefaultSecurityConfiguration(properties);
+        assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
+
+        secConf.setCipherTransformation("DESede/PCBC/PKCS5Padding");
+        assertEquals("DESede/PCBC/PKCS5Padding", secConf.getCipherTransformation());
+
+        secConf.setCipherTransformation(null);//sets it back to default
+        assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
+    }
+
+    // NOTE: When SecurityConfiguration.getIVType() is finally removed, this test can be as well.
+    @Test
+    public void testIV() {
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertEquals("random", secConf.getIVType());    // Ensure that 'random' is the default type for getIVType().
+
+        Properties props = new Properties();
+        String ivType = null;
+        props.setProperty(IV_TYPE, "fixed");  // No longer supported.
+
+        secConf = new DefaultSecurityConfiguration( props );
+        try {
+            ivType = secConf.getIVType();    // This should now throw a Configuration Exception.
+            fail("Expected ConfigurationException to be thrown for " + IV_TYPE + "=" + ivType);
+        }
+        catch (ConfigurationException ce) {
+            assertNotNull(ce.getMessage());
+        }
+
+        props.setProperty(IV_TYPE, "illegal");    // This will just result in a logSpecial message & "random" is returned.
+        secConf = new DefaultSecurityConfiguration(props);
+        ivType = secConf.getIVType();
+        assertEquals(ivType, "random");
+    }
+
+    @Test
+    public void testGetAllowMultipleEncoding() {
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertFalse(secConf.getAllowMultipleEncoding());
+
+        secConf = this.createWithProperty(ALLOW_MULTIPLE_ENCODING, "yes");
+        assertTrue(secConf.getAllowMultipleEncoding());
+
+        secConf = this.createWithProperty(ALLOW_MULTIPLE_ENCODING, "true");
+        assertTrue(secConf.getAllowMultipleEncoding());
+
+        secConf = this.createWithProperty(ALLOW_MULTIPLE_ENCODING, "no");
+        assertFalse(secConf.getAllowMultipleEncoding());
+    }
+
+    @Test
+    public void testGetDefaultCanonicalizationCodecs() {
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertFalse(secConf.getDefaultCanonicalizationCodecs().isEmpty());
+
+        String property = "org.owasp.esapi.codecs.TestCodec1,org.owasp.esapi.codecs.TestCodec2";
+        secConf = this.createWithProperty(CANONICALIZATION_CODECS, property);
+        assertTrue(secConf.getDefaultCanonicalizationCodecs().contains("org.owasp.esapi.codecs.TestCodec1"));
+    }
+
+    @Test
+    public void testGetDisableIntrusionDetection() {
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+        assertFalse(secConf.getDisableIntrusionDetection());
+
+        secConf = this.createWithProperty(DISABLE_INTRUSION_DETECTION, "TRUE");
+        assertTrue(secConf.getDisableIntrusionDetection());
+
+        secConf = this.createWithProperty(DISABLE_INTRUSION_DETECTION, "true");
+        assertTrue(secConf.getDisableIntrusionDetection());
+
+        secConf = this.createWithProperty(DISABLE_INTRUSION_DETECTION, "false");
+        assertFalse(secConf.getDisableIntrusionDetection());
+    }
+
+    @Test
+    public void testNoSuchPropFile(){
+        try {
+                                        // Do NOT create a file by this name!!! -----vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
+            DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("NoSuchEsapiPropFileXyzzy.properties");
+        }
+        catch( ConfigurationException cex ) {
+            assertNotNull("Caught exception with null exception msg", cex.getMessage() );
+            assertFalse("Exception msg is empty string", cex.getMessage().equals("") );
+        }
+        catch( Throwable t ) {
+            fail("testNoSuchPropFile(): Unexpected exception type: " + t.getClass().getName() + "; ex msg: " + t);
+        }
+
+    }
+
+    private String patternOrNull(Pattern p){
+        return null==p?null:p.pattern();
+    }
+
+    @Test
+    public void testRootCPLoading(){
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-root-cp.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+        assertNull(secConf.getValidationPattern("Test2"));
+        assertNull(secConf.getValidationPattern("TestC"));
+    }
+
+    @Test
+    public void testRootCPLoadingAlt(){
+        // This should work also via the class loader.
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("esapi/ESAPI-SingleValidatorFileChecker.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+        assertNull(secConf.getValidationPattern("Test2"));
+        assertNull(secConf.getValidationPattern("TestC"));
+    }
+
+    @Test
+    public void testRootCPLoadingAlt2(){
+        try {
+            // This should fail, because of the '/' on the resourse.
+            DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("/ESAPI-root-cp.properties");
+        }
+        catch( ConfigurationException cex ) {
+            assertNotNull("Caught exception with null exception msg", cex.getMessage() );
+            assertFalse("Exception msg is empty string", cex.getMessage().equals("") );
+        }
+        catch( Throwable t ) {
+            fail("testNoSuchPropFile(): Unexpected exception type: " + t.getClass().getName() + "; ex msg: " + t);
+        }
+    }
+
+    @Test
+    public void testValidationsPropertiesFileOptions(){
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-SingleValidatorFileChecker.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+        assertNull(secConf.getValidationPattern("Test2"));
+        assertNull(secConf.getValidationPattern("TestC"));
+
+        secConf = new DefaultSecurityConfiguration("ESAPI-DualValidatorFileChecker.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+        assertNull(secConf.getValidationPattern("TestC"));
+
+        secConf = new DefaultSecurityConfiguration("ESAPI-CommaValidatorFileChecker.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+        assertNull(secConf.getValidationPattern("Test1"));
+        assertNull(secConf.getValidationPattern("Test2"));
+
+        secConf = new DefaultSecurityConfiguration("ESAPI-QuotedValidatorFileChecker.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+        assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+    }
+
+    @Test
+    public void DefaultSearchPathTest(){
+        assertEquals("", DefaultSearchPath.ROOT.value());
+        assertEquals("resourceDirectory/", DefaultSearchPath.RESOURCE_DIRECTORY.value());
+        assertEquals(".esapi/", DefaultSearchPath.DOT_ESAPI.value());
+        assertEquals("esapi/", DefaultSearchPath.ESAPI.value());
+        assertEquals("resources/", DefaultSearchPath.RESOURCES.value());
+        assertEquals("src/main/resources/", DefaultSearchPath.SRC_MAIN_RESOURCES.value());
+    }
+
+    @Test
+    public void DefaultSearchPathEnumChanges(){
+        int expected = 6;
+        int testValue = DefaultSearchPath.values().length;
+        assertEquals(expected, testValue);
+    }
+
+    @Test
+    public void defaultPropertiesTest(){
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+//        # Maximum size of JSESSIONID for the application--the validator regex may have additional values.
+//        HttpUtilities.HTTPJSESSIONIDLENGTH=50
+        assertEquals(50, sc.getIntProp("HttpUtilities.HTTPJSESSIONIDLENGTH"));
+//        # Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
+//        HttpUtilities.URILENGTH=2000
+        assertEquals(2000, sc.getIntProp("HttpUtilities.URILENGTH"));
+//        # Maximum length for an http scheme
+//        HttpUtilities.HTTPSCHEMELENGTH=10
+        assertEquals(10, sc.getIntProp("HttpUtilities.HTTPSCHEMELENGTH"));
+//        # Maximum length for an http host
+//        HttpUtilities.HTTPHOSTLENGTH=100
+        assertEquals(100, sc.getIntProp("HttpUtilities.HTTPHOSTLENGTH"));
+//        # Maximum length for an http path
+//        HttpUtilities.HTTPPATHLENGTH=150
+        assertEquals(150, sc.getIntProp("HttpUtilities.HTTPPATHLENGTH"));
+//        #Maximum length for a context path
+//        HttpUtilities.contextPathLength=150
+        assertEquals(150, sc.getIntProp("HttpUtilities.contextPathLength"));
+//        #Maximum length for an httpServletPath
+//        HttpUtilities.HTTPSERVLETPATHLENGTH=100
+        assertEquals(100, sc.getIntProp("HttpUtilities.HTTPSERVLETPATHLENGTH"));
+//        #Maximum length for an http query parameter name
+//        HttpUtilities.httpQueryParamNameLength=100
+        assertEquals(100, sc.getIntProp("HttpUtilities.httpQueryParamNameLength"));
+//        #Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
+//        HttpUtilities.httpQueryParamValueLength=500
+        assertEquals(500, sc.getIntProp("HttpUtilities.httpQueryParamValueLength"));
+//        # Maximum size of HTTP header key--the validator regex may have additional values.
+//        HttpUtilities.MaxHeaderNameSize=256
+        assertEquals(256, sc.getIntProp("HttpUtilities.MaxHeaderNameSize"));
+//        # Maximum size of HTTP header value--the validator regex may have additional values.
+//        HttpUtilities.MaxHeaderValueSize=4096
+        assertEquals(4096, sc.getIntProp("HttpUtilities.MaxHeaderValueSize"));
+//        # Maximum length of a redirect
+//        HttpUtilities.maxRedirectLength=512
+        assertEquals(512, sc.getIntProp("HttpUtilities.maxRedirectLength"));
+    }
+
+    // Test some of the deprecated methods to make sure I didn't screw them up
+    // given the double negatives on some these properties.
+    @Test
+    public void testDeprecatedMethods()
+    {
+        assertTrue("1: Deprecated (1st) method returns different value than new (2nd) method",
+                    ESAPI.securityConfiguration().getDisableIntrusionDetection() ==
+                      ESAPI.securityConfiguration().getBooleanProp( DISABLE_INTRUSION_DETECTION )
+                  );
+        // TODO: add some more tests here for the deprecated replacements.
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultValidaterDateAPITest.java b/src/test/java/org/owasp/esapi/reference/DefaultValidaterDateAPITest.java
new file mode 100644
index 000000000..3322633f6
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/DefaultValidaterDateAPITest.java
@@ -0,0 +1,198 @@
+package org.owasp.esapi.reference;
+
+
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.Locale;
+
+import org.hamcrest.core.Is;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.DateValidationRule;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+/**
+ * This class contains a subsection of tests of the DefaultValidator class
+ * SPECIFIC TO THE DATE VALIDATION API.
+ *
+ */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(DefaultValidator.class)
+public class DefaultValidaterDateAPITest {
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
+    private String dateString="Input Does not matter in this context";
+
+    private ValidationException validationEx;
+    private Date testDate = new Date();
+    private String contextStr;
+    private Encoder mockEncoder;
+    private DateFormat testFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US);
+    private DateValidationRule spyDateRule;
+    private ValidationErrorList errors = new ValidationErrorList();
+
+    private DefaultValidator uit;
+
+
+    @Before
+    public void setup() throws Exception {
+        contextStr = testName.getMethodName();
+
+        validationEx = new ValidationException(contextStr, contextStr);
+
+        mockEncoder = mock(Encoder.class);
+        uit = new DefaultValidator(mockEncoder);
+
+        spyDateRule = new DateValidationRule(contextStr, mockEncoder, testFormat);
+        spyDateRule = spy(spyDateRule);
+        whenNew(DateValidationRule.class).withArguments(anyString(), eq(mockEncoder), eq(testFormat)).thenReturn(spyDateRule);
+
+        errors = spy(errors);
+        whenNew(ValidationErrorList.class).withNoArguments().thenReturn(errors);
+    }
+
+    @After
+    public void tearDown() {
+        verifyNoMoreInteractions(spyDateRule, errors);
+    }
+
+    @Test
+    public void testIsValidDate() {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true);
+        Assert.assertTrue("Mock is configured to return a valid date, return should be equally valid.", isValid);
+
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+
+    @Test
+    public void testIsValidDateErrorList() {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertTrue("Mock is configured to return a valid date, return should be equally valid.", isValid);
+
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), eq(errors));
+    }
+
+    @Test
+    public void testGetValidDate() throws IntrusionException, ValidationException {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        Date validDate = uit.getValidDate(contextStr, dateString, testFormat, true);
+        Assert.assertEquals("ValidDate should match the mock's configured return value", testDate, validDate);
+
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+
+    @Test
+    public void testGetValidDateErrorList() {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        Date validDate = uit.getValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertEquals("ValidDate should match the mock's configured return value", testDate, validDate);
+
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), eq(errors));
+    }
+
+
+    @Test
+    public void testIsValidDateOnValidationError() {
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true);
+        Assert.assertFalse("On ValidationException input should be invalid", isValid);
+
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(1)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+
+    @Test
+    public void testIsValidDateErrorListOnValidationError() {
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertFalse("On ValidationException input should be invalid", isValid);
+
+        verify(errors, times(2)).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), eq(errors));
+    }
+    @Test
+    public void testGetValidDateOnValidationError() throws IntrusionException, ValidationException {
+        exEx.expect(Is.is(validationEx));
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        try {
+            uit.getValidDate(contextStr, dateString, testFormat, true);
+        } finally {
+            verify(errors, atLeastOnce()).isEmpty();
+            verify(errors, times(1)).errors();
+            verify(spyDateRule, times(1)).setAllowNull(true);
+            verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        }
+    }
+
+    @Test
+    public void testGetValidDateErrorListOnValidationError() {
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        Date validDate = uit.getValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertNull(validDate);
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java b/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java
new file mode 100644
index 000000000..d62907c07
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java
@@ -0,0 +1,231 @@
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
+import java.util.regex.Pattern;
+
+import org.hamcrest.core.Is;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.StringValidationRule;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+/**
+ * This class contains a subsection of tests of the DefaultValidator class
+ * SPECIFIC TO THE INPUT 'STRING' VALIDATION API.
+ *
+ */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({DefaultValidator.class, ESAPI.class})
+public class DefaultValidatorInputStringAPITest {
+    private static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
+    private static final Pattern TEST_PATTERN = Pattern.compile("");
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+    @Mock
+    private Encoder mockEncoder;
+
+    private ValidationException validationEx;
+    private String contextStr;
+    private StringValidationRule spyStringRule;
+    private ValidationErrorList errors = new ValidationErrorList();
+
+    private DefaultValidator uit;
+    private String testValidatorType;
+    private String validatorResultString;
+    private int testMaximumLength;
+
+    @Before
+    public void setup() throws Exception {
+        contextStr = testName.getMethodName();
+        testValidatorType = testName.getMethodName() + "_validator_type";
+        validatorResultString = testName.getMethodName() + "_validator_result";
+        testMaximumLength = testName.getMethodName().length();
+
+        validationEx = new ValidationException(contextStr, contextStr);
+
+        mockEncoder = mock(Encoder.class);
+        uit = new DefaultValidator(mockEncoder);
+
+        //Don't care how the StringValidationRule works, we just care that we forwarded the information as expected.
+        spyStringRule = new StringValidationRule(testValidatorType, mockEncoder);
+        spyStringRule = spy(spyStringRule);
+        doNothing().when(spyStringRule).addWhitelistPattern(ArgumentMatchers.<Pattern>any());
+        doNothing().when(spyStringRule).setAllowNull(ArgumentMatchers.anyBoolean());
+        doNothing().when(spyStringRule).setMaximumLength(ArgumentMatchers.anyInt());
+        doReturn(validatorResultString).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        whenNew(StringValidationRule.class).withArguments(eq(testValidatorType), eq(mockEncoder)).thenReturn(spyStringRule);
+
+        errors = spy(errors);
+        whenNew(ValidationErrorList.class).withNoArguments().thenReturn(errors);
+
+
+        PowerMockito.mockStatic(ESAPI.class);
+        PowerMockito.when(ESAPI.class, ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
+
+
+        when(mockSecConfig.getValidationPattern(testValidatorType)).thenReturn(TEST_PATTERN);
+
+    }
+
+    @After
+    public void verifyDelegateCalls() {
+        verify(mockSecConfig, times(1)).getValidationPattern(testValidatorType);
+
+        PowerMockito.verifyNoMoreInteractions(spyStringRule, mockSecConfig, mockEncoder);
+    }
+
+    @Test
+    public void getValidInputNullAllowedPassthrough() throws Exception {
+        String safeValue =  uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        assertEquals(validatorResultString, safeValue);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+
+    @Test
+    public void getValidInputNullNotAllowedPassthrough() throws Exception {
+        String safeValue =  uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, false);
+        assertEquals(validatorResultString, safeValue);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(0)).setAllowNull(true);
+        verify(spyStringRule, times(1)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+
+    @Test
+    public void getValidInputNullPatternThrows() throws Exception {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage(testValidatorType + "] was not set via the ESAPI validation configuration");
+        when(mockSecConfig.getValidationPattern(testValidatorType)).thenReturn(null);
+
+        uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+    }
+
+    @Test
+    public void getValidInputValidationExceptionPropagates() throws Exception {
+        exEx.expect(Is.is(validationEx));
+
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        try {
+            uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        } finally {
+            verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+            verify(spyStringRule, times(1)).setAllowNull(true);
+            verify(spyStringRule, times(0)).setAllowNull(false);
+            verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+            verify(spyStringRule, times(1)).setCanonicalize(true);
+            verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+        }
+    }
+
+    @Test
+    public void getValidInputValidationExceptionErrorList() throws Exception {
+        ValidationErrorList errorList = new ValidationErrorList();
+
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+       String result = uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true,errorList);
+        assertTrue(result.isEmpty());
+        assertEquals(1, errorList.size());
+        assertEquals(validationEx, errorList.getError(contextStr));
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+
+
+    @Test
+    public void isValidInputNullAllowedPassthrough() throws Exception {
+        boolean isValid=  uit.isValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        assertTrue(isValid);
+
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+
+    @Test
+    public void isValidInputValidationExceptionReturnsFalse() throws Exception {
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        boolean result = uit.isValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        assertFalse(result);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+
+    @Test
+    public void isValidInputValidationExceptionErrorListReturnsFalse() throws Exception {
+        ValidationErrorList errorList = new ValidationErrorList();
+
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        boolean result = uit.isValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true,errorList);
+        assertFalse(result);
+        assertEquals(1, errorList.size());
+        assertEquals(validationEx, errorList.getError(contextStr));
+        verify(errors, times(1)).addError(contextStr, validationEx);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+
+    @Test
+    public void canonicalizeSettingPassedThrough() throws Exception {
+        String safeValue =  uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, false,false);
+        assertEquals(validatorResultString, safeValue);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(0)).setAllowNull(true);
+        verify(spyStringRule, times(1)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(false);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 52feb91e7..51f72d063 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -1,802 +1,1532 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.Arrays;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.MySQLCodec;
-import org.owasp.esapi.codecs.OracleCodec;
-import org.owasp.esapi.codecs.PushbackString;
-import org.owasp.esapi.codecs.UnixCodec;
-import org.owasp.esapi.codecs.WindowsCodec;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.IntrusionException;
-
-/**
- * The Class EncoderTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncoderTest extends TestCase {
-    
-	private static final String PREFERRED_ENCODING = "UTF-8";
-	
-    /**
-	 * Instantiates a new encoder test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public EncoderTest(String testName) {
-        super(testName);
-    }
-    
-    /**
-     * {@inheritDoc}
-     * @throws Exception 
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-    
-    /**
-     * {@inheritDoc}s
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-    
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(EncoderTest.class);        
-        return suite;
-    }
-    
-	/**
-	 * Test of canonicalize method, of class org.owasp.esapi.Encoder.
-	 * 
-	 * @throws EncodingException
-	 */
-	public void testCanonicalize() throws EncodingException {
-		System.out.println("canonicalize");
-
-        ArrayList<String> list = new ArrayList<String>();
-        list.add( "HTMLEntityCodec" );
-	    list.add( "PercentCodec" );
-		Encoder instance = new DefaultEncoder( list );
-		
-		// Test null paths
-		assertEquals( null, instance.canonicalize(null));
-		assertEquals( null, instance.canonicalize(null, true));
-		assertEquals( null, instance.canonicalize(null, false));
-		assertEquals( null, instance.canonicalize(null, true, true));
-		assertEquals( null, instance.canonicalize(null, true, false));
-		assertEquals( null, instance.canonicalize(null, false, true));
-		assertEquals( null, instance.canonicalize(null, false, false));
-		
-		// test exception paths
-		assertEquals( "%", instance.canonicalize("%25", true));
-		assertEquals( "%", instance.canonicalize("%25", false));
-
-        assertEquals( "%", instance.canonicalize("%25"));
-        assertEquals( "%F", instance.canonicalize("%25F"));
-        assertEquals( "<", instance.canonicalize("%3c"));
-        assertEquals( "<", instance.canonicalize("%3C"));
-        assertEquals( "%X1", instance.canonicalize("%X1"));
-
-        assertEquals( "<", instance.canonicalize("&lt"));
-        assertEquals( "<", instance.canonicalize("&LT"));
-        assertEquals( "<", instance.canonicalize("&lt;"));
-        assertEquals( "<", instance.canonicalize("&LT;"));
-        
-        assertEquals( "%", instance.canonicalize("&#37;"));
-        assertEquals( "%", instance.canonicalize("&#37"));
-        assertEquals( "%b", instance.canonicalize("&#37b"));
-
-        assertEquals( "<", instance.canonicalize("&#x3c"));
-        assertEquals( "<", instance.canonicalize("&#x3c;"));
-        assertEquals( "<", instance.canonicalize("&#x3C"));
-        assertEquals( "<", instance.canonicalize("&#X3c"));
-        assertEquals( "<", instance.canonicalize("&#X3C"));
-        assertEquals( "<", instance.canonicalize("&#X3C;"));
-
-        // percent encoding
-        assertEquals( "<", instance.canonicalize("%3c"));
-        assertEquals( "<", instance.canonicalize("%3C"));
-
-        // html entity encoding
-        assertEquals( "<", instance.canonicalize("&#60"));
-        assertEquals( "<", instance.canonicalize("&#060"));
-        assertEquals( "<", instance.canonicalize("&#0060"));
-        assertEquals( "<", instance.canonicalize("&#00060"));
-        assertEquals( "<", instance.canonicalize("&#000060"));
-        assertEquals( "<", instance.canonicalize("&#0000060"));
-        assertEquals( "<", instance.canonicalize("&#60;"));
-        assertEquals( "<", instance.canonicalize("&#060;"));
-        assertEquals( "<", instance.canonicalize("&#0060;"));
-        assertEquals( "<", instance.canonicalize("&#00060;"));
-        assertEquals( "<", instance.canonicalize("&#000060;"));
-        assertEquals( "<", instance.canonicalize("&#0000060;"));
-        assertEquals( "<", instance.canonicalize("&#x3c"));
-        assertEquals( "<", instance.canonicalize("&#x03c"));
-        assertEquals( "<", instance.canonicalize("&#x003c"));
-        assertEquals( "<", instance.canonicalize("&#x0003c"));
-        assertEquals( "<", instance.canonicalize("&#x00003c"));
-        assertEquals( "<", instance.canonicalize("&#x000003c"));
-        assertEquals( "<", instance.canonicalize("&#x3c;"));
-        assertEquals( "<", instance.canonicalize("&#x03c;"));
-        assertEquals( "<", instance.canonicalize("&#x003c;"));
-        assertEquals( "<", instance.canonicalize("&#x0003c;"));
-        assertEquals( "<", instance.canonicalize("&#x00003c;"));
-        assertEquals( "<", instance.canonicalize("&#x000003c;"));
-        assertEquals( "<", instance.canonicalize("&#X3c"));
-        assertEquals( "<", instance.canonicalize("&#X03c"));
-        assertEquals( "<", instance.canonicalize("&#X003c"));
-        assertEquals( "<", instance.canonicalize("&#X0003c"));
-        assertEquals( "<", instance.canonicalize("&#X00003c"));
-        assertEquals( "<", instance.canonicalize("&#X000003c"));
-        assertEquals( "<", instance.canonicalize("&#X3c;"));
-        assertEquals( "<", instance.canonicalize("&#X03c;"));
-        assertEquals( "<", instance.canonicalize("&#X003c;"));
-        assertEquals( "<", instance.canonicalize("&#X0003c;"));
-        assertEquals( "<", instance.canonicalize("&#X00003c;"));
-        assertEquals( "<", instance.canonicalize("&#X000003c;"));
-        assertEquals( "<", instance.canonicalize("&#x3C"));
-        assertEquals( "<", instance.canonicalize("&#x03C"));
-        assertEquals( "<", instance.canonicalize("&#x003C"));
-        assertEquals( "<", instance.canonicalize("&#x0003C"));
-        assertEquals( "<", instance.canonicalize("&#x00003C"));
-        assertEquals( "<", instance.canonicalize("&#x000003C"));
-        assertEquals( "<", instance.canonicalize("&#x3C;"));
-        assertEquals( "<", instance.canonicalize("&#x03C;"));
-        assertEquals( "<", instance.canonicalize("&#x003C;"));
-        assertEquals( "<", instance.canonicalize("&#x0003C;"));
-        assertEquals( "<", instance.canonicalize("&#x00003C;"));
-        assertEquals( "<", instance.canonicalize("&#x000003C;"));
-        assertEquals( "<", instance.canonicalize("&#X3C"));
-        assertEquals( "<", instance.canonicalize("&#X03C"));
-        assertEquals( "<", instance.canonicalize("&#X003C"));
-        assertEquals( "<", instance.canonicalize("&#X0003C"));
-        assertEquals( "<", instance.canonicalize("&#X00003C"));
-        assertEquals( "<", instance.canonicalize("&#X000003C"));
-        assertEquals( "<", instance.canonicalize("&#X3C;"));
-        assertEquals( "<", instance.canonicalize("&#X03C;"));
-        assertEquals( "<", instance.canonicalize("&#X003C;"));
-        assertEquals( "<", instance.canonicalize("&#X0003C;"));
-        assertEquals( "<", instance.canonicalize("&#X00003C;"));
-        assertEquals( "<", instance.canonicalize("&#X000003C;"));
-        assertEquals( "<", instance.canonicalize("&lt"));
-        assertEquals( "<", instance.canonicalize("&lT"));
-        assertEquals( "<", instance.canonicalize("&Lt"));
-        assertEquals( "<", instance.canonicalize("&LT"));
-        assertEquals( "<", instance.canonicalize("&lt;"));
-        assertEquals( "<", instance.canonicalize("&lT;"));
-        assertEquals( "<", instance.canonicalize("&Lt;"));
-        assertEquals( "<", instance.canonicalize("&LT;"));
-        
-        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript%3Ealert%28%22hello%22%29%3B%3C%2Fscript%3E") );
-        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript&#x3E;alert%28%22hello&#34%29%3B%3C%2Fscript%3E", false) );
-        
-        // javascript escape syntax
-        ArrayList<String> js = new ArrayList<String>();
-        js.add( "JavaScriptCodec" );
-        instance = new DefaultEncoder( js );
-        System.out.println( "JavaScript Decoding" );
-
-        assertEquals( "\0", instance.canonicalize("\\0"));
-        assertEquals( "\b", instance.canonicalize("\\b"));
-        assertEquals( "\t", instance.canonicalize("\\t"));
-        assertEquals( "\n", instance.canonicalize("\\n"));
-        assertEquals( ""+(char)0x0b, instance.canonicalize("\\v"));
-        assertEquals( "\f", instance.canonicalize("\\f"));
-        assertEquals( "\r", instance.canonicalize("\\r"));
-        assertEquals( "\'", instance.canonicalize("\\'"));
-        assertEquals( "\"", instance.canonicalize("\\\""));
-        assertEquals( "\\", instance.canonicalize("\\\\"));
-        assertEquals( "<", instance.canonicalize("\\<"));
-        
-        assertEquals( "<", instance.canonicalize("\\u003c"));
-        assertEquals( "<", instance.canonicalize("\\U003c"));
-        assertEquals( "<", instance.canonicalize("\\u003C"));
-        assertEquals( "<", instance.canonicalize("\\U003C"));
-        assertEquals( "<", instance.canonicalize("\\x3c"));
-        assertEquals( "<", instance.canonicalize("\\X3c"));
-        assertEquals( "<", instance.canonicalize("\\x3C"));
-        assertEquals( "<", instance.canonicalize("\\X3C"));
-
-        // css escape syntax
-        // be careful because some codecs see \0 as null byte
-        ArrayList<String> css = new ArrayList<String>();
-        css.add( "CSSCodec" );
-        instance = new DefaultEncoder( css );
-        System.out.println( "CSS Decoding" );
-        assertEquals( "<", instance.canonicalize("\\3c"));  // add strings to prevent null byte
-        assertEquals( "<", instance.canonicalize("\\03c"));
-        assertEquals( "<", instance.canonicalize("\\003c"));
-        assertEquals( "<", instance.canonicalize("\\0003c"));
-        assertEquals( "<", instance.canonicalize("\\00003c"));
-        assertEquals( "<", instance.canonicalize("\\3C"));
-        assertEquals( "<", instance.canonicalize("\\03C"));
-        assertEquals( "<", instance.canonicalize("\\003C"));
-        assertEquals( "<", instance.canonicalize("\\0003C"));
-        assertEquals( "<", instance.canonicalize("\\00003C"));
-	}
-
-	
-    /**
-     * Test of canonicalize method, of class org.owasp.esapi.Encoder.
-     * 
-     * @throws EncodingException
-     */
-    public void testDoubleEncodingCanonicalization() throws EncodingException {
-        System.out.println("doubleEncodingCanonicalization");
-        Encoder instance = ESAPI.encoder();
-
-        // note these examples use the strict=false flag on canonicalize to allow
-        // full decoding without throwing an IntrusionException. Generally, you
-        // should use strict mode as allowing double-encoding is an abomination.
-        
-        // double encoding examples
-        assertEquals( "<", instance.canonicalize("&#x26;lt&#59", false )); //double entity
-        assertEquals( "\\", instance.canonicalize("%255c", false)); //double percent
-        assertEquals( "%", instance.canonicalize("%2525", false)); //double percent
-        
-        // double encoding with multiple schemes example
-        assertEquals( "<", instance.canonicalize("%26lt%3b", false)); //first entity, then percent
-        assertEquals( "&", instance.canonicalize("&#x25;26", false)); //first percent, then entity
-
-		//enforce multiple and mixed encoding detection
-		try {
-			instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", true, true);
-			fail("Multiple and mixed encoding not detected");
-		} catch (IntrusionException ie) {}
-
-		//enforce multiple but not mixed encoding detection
-		try {
-			instance.canonicalize("%252525253C", true, false); 
-			fail("Multiple encoding not detected");
-		} catch (IntrusionException ie) {}
-
-		//enforce mixed but not multiple encoding detection
-		try {
-			instance.canonicalize("%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false, true); 
-			fail("Mixed encoding not detected");
-		} catch (IntrusionException ie) {}
-
-		//enforce niether mixed nor multiple encoding detection -should canonicalize but not throw an error
-		assertEquals( "< < < < < < <", instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", 
-															 false, false)); 
-
-        // nested encoding examples
-        assertEquals( "<", instance.canonicalize("%253c", false)); //nested encode % with percent
-        assertEquals( "<", instance.canonicalize("%%33%63", false)); //nested encode both nibbles with percent
-        assertEquals( "<", instance.canonicalize("%%33c", false)); // nested encode first nibble with percent
-        assertEquals( "<", instance.canonicalize("%3%63", false));  //nested encode second nibble with percent
-        assertEquals( "<", instance.canonicalize("&&#108;t;", false)); //nested encode l with entity
-        assertEquals( "<", instance.canonicalize("%2&#x35;3c", false)); //triple percent, percent, 5 with entity
-        
-        // nested encoding with multiple schemes examples
-        assertEquals( "<", instance.canonicalize("&%6ct;", false)); // nested encode l with percent
-        assertEquals( "<", instance.canonicalize("%&#x33;c", false)); //nested encode 3 with entity            
-        
-        // multiple encoding tests
-        assertEquals( "% & <script> <script>", instance.canonicalize( "%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false ) );
-        assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", false ) );
-
-        // test strict mode with both mixed and multiple encoding
-        try {
-            assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B" ) );
-        } catch( IntrusionException e ) {
-            // expected
-        }
-        
-        try {
-            assertEquals( "<script", instance.canonicalize("%253Cscript" ) );
-        } catch( IntrusionException e ) {
-            // expected
-        }
-        try {
-            assertEquals( "<script", instance.canonicalize("&#37;3Cscript" ) );
-        } catch( IntrusionException e ) {
-            // expected
-        }
-    }
-
-    /**
-	 * Test of encodeForHTML method, of class org.owasp.esapi.Encoder.
-     *
-     * @throws Exception
-     */
-    public void testEncodeForHTML() throws Exception {
-        System.out.println("encodeForHTML");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForHTML(null));
-        // test invalid characters are replaced with spaces
-        assertEquals("a&#xfffd;b&#xfffd;c&#xfffd;d&#xfffd;e&#xfffd;f&#x9;g", instance.encodeForHTML("a" + (char)0 + "b" + (char)4 + "c" + (char)128 + "d" + (char)150 + "e" +(char)159 + "f" + (char)9 + "g"));
-        
-        assertEquals("&lt;script&gt;", instance.encodeForHTML("<script>"));
-        assertEquals("&amp;lt&#x3b;script&amp;gt&#x3b;", instance.encodeForHTML("&lt;script&gt;"));
-        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML("!@$%()=+{}[]"));
-        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML(instance.canonicalize("&#33;&#64;&#36;&#37;&#40;&#41;&#61;&#43;&#123;&#125;&#91;&#93;") ) );
-        assertEquals(",.-_ ", instance.encodeForHTML(",.-_ "));
-        assertEquals("dir&amp;", instance.encodeForHTML("dir&"));
-        assertEquals("one&amp;two", instance.encodeForHTML("one&two"));
-        assertEquals("" + (char)12345 + (char)65533 + (char)1244, "" + (char)12345 + (char)65533 + (char)1244 );
-    }
-    
-    /**
-	 * Test of encodeForHTMLAttribute method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForHTMLAttribute() {
-        System.out.println("encodeForHTMLAttribute");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForHTMLAttribute(null));
-        assertEquals("&lt;script&gt;", instance.encodeForHTMLAttribute("<script>"));
-        assertEquals(",.-_", instance.encodeForHTMLAttribute(",.-_"));
-        assertEquals("&#x20;&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTMLAttribute(" !@$%()=+{}[]"));
-    }
-    
-    
-    /**
-     *
-     */
-    public void testEncodeForCSS() {
-        System.out.println("encodeForCSS");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForCSS(null));
-        assertEquals("\\3c script\\3e ", instance.encodeForCSS("<script>"));
-        assertEquals("\\21 \\40 \\24 \\25 \\28 \\29 \\3d \\2b \\7b \\7d \\5b \\5d ", instance.encodeForCSS("!@$%()=+{}[]"));
-    }
-    
-
-    
-    /**
-	 * Test of encodeForJavaScript method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForJavascript() {
-        System.out.println("encodeForJavascript");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForJavaScript(null));
-        assertEquals("\\x3Cscript\\x3E", instance.encodeForJavaScript("<script>"));
-        assertEquals(",.\\x2D_\\x20", instance.encodeForJavaScript(",.-_ "));
-        assertEquals("\\x21\\x40\\x24\\x25\\x28\\x29\\x3D\\x2B\\x7B\\x7D\\x5B\\x5D", instance.encodeForJavaScript("!@$%()=+{}[]"));
-        // assertEquals( "\\0", instance.encodeForJavaScript("\0"));
-        // assertEquals( "\\b", instance.encodeForJavaScript("\b"));
-        // assertEquals( "\\t", instance.encodeForJavaScript("\t"));
-        // assertEquals( "\\n", instance.encodeForJavaScript("\n"));
-        // assertEquals( "\\v", instance.encodeForJavaScript("" + (char)0x0b));
-        // assertEquals( "\\f", instance.encodeForJavaScript("\f"));
-        // assertEquals( "\\r", instance.encodeForJavaScript("\r"));
-        // assertEquals( "\\'", instance.encodeForJavaScript("\'"));
-        // assertEquals( "\\\"", instance.encodeForJavaScript("\""));
-        // assertEquals( "\\\\", instance.encodeForJavaScript("\\"));
-    }
-        
-    /**
-     *
-     */
-    public void testEncodeForVBScript() {
-        System.out.println("encodeForVBScript");        
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForVBScript(null));
-        assertEquals( "chrw(60)&\"script\"&chrw(62)", instance.encodeForVBScript("<script>"));
-        assertEquals( "x\"&chrw(32)&chrw(33)&chrw(64)&chrw(36)&chrw(37)&chrw(40)&chrw(41)&chrw(61)&chrw(43)&chrw(123)&chrw(125)&chrw(91)&chrw(93)", instance.encodeForVBScript("x !@$%()=+{}[]"));
-        assertEquals( "alert\"&chrw(40)&chrw(39)&\"ESAPI\"&chrw(32)&\"test\"&chrw(33)&chrw(39)&chrw(41)", instance.encodeForVBScript("alert('ESAPI test!')" ));
-        assertEquals( "jeff.williams\"&chrw(64)&\"aspectsecurity.com", instance.encodeForVBScript("jeff.williams@aspectsecurity.com"));
-        assertEquals( "test\"&chrw(32)&chrw(60)&chrw(62)&chrw(32)&\"test", instance.encodeForVBScript("test <> test" ));
-    }
-
-        
-    /**
-	 * Test of encodeForXPath method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForXPath() {
-        System.out.println("encodeForXPath");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForXPath(null));
-        assertEquals("&#x27;or 1&#x3d;1", instance.encodeForXPath("'or 1=1"));
-    }
-    
-
-    
-    /**
-	 * Test of encodeForSQL method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForSQL() {
-        System.out.println("encodeForSQL");
-        Encoder instance = ESAPI.encoder();
-
-        Codec mySQL1 = new MySQLCodec( MySQLCodec.ANSI_MODE );
-        assertEquals("ANSI_MODE", null, instance.encodeForSQL(mySQL1, null));
-        assertEquals("ANSI_MODE", "Jeff'' or ''1''=''1", instance.encodeForSQL(mySQL1, "Jeff' or '1'='1"));
-        
-        Codec mySQL2 = new MySQLCodec( MySQLCodec.MYSQL_MODE );
-        assertEquals("MYSQL_MODE", null, instance.encodeForSQL(mySQL2, null));
-        assertEquals("MYSQL_MODE", "Jeff\\' or \\'1\\'\\=\\'1", instance.encodeForSQL(mySQL2, "Jeff' or '1'='1"));
-
-        Codec oracle = new OracleCodec();
-        assertEquals("Oracle", null, instance.encodeForSQL(oracle, null));
-        assertEquals("Oracle", "Jeff'' or ''1''=''1", instance.encodeForSQL(oracle, "Jeff' or '1'='1"));
-    }
-
-    public void testMySQLANSIModeQuoteInjection() {
-        Encoder instance = ESAPI.encoder();
-        Codec c = new MySQLCodec(MySQLCodec.Mode.ANSI);
-        assertEquals("MySQL Ansi Quote Injection Bug", " or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
-    }
-
-    
-    /**
-	 * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForLDAP() {
-        System.out.println("encodeForLDAP");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForLDAP(null));
-        assertEquals("No special characters to escape", "Hi This is a test #��", instance.encodeForLDAP("Hi This is a test #��"));
-        assertEquals("Zeros", "Hi \\00", instance.encodeForLDAP("Hi \u0000"));
-        assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # � � �", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �"));
-    }
-    
-    /**
-	 * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForDN() {
-        System.out.println("encodeForDN");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForDN(null));
-        assertEquals("No special characters to escape", "Hello�", instance.encodeForDN("Hello�"));
-        assertEquals("leading #", "\\# Hello�", instance.encodeForDN("# Hello�"));
-        assertEquals("leading space", "\\ Hello�", instance.encodeForDN(" Hello�"));
-        assertEquals("trailing space", "Hello�\\ ", instance.encodeForDN("Hello� "));
-        assertEquals("less than greater than", "Hello\\<\\>", instance.encodeForDN("Hello<>"));
-        assertEquals("only 3 spaces", "\\  \\ ", instance.encodeForDN("   "));
-        assertEquals("Christmas Tree DN", "\\ Hello\\\\ \\+ \\, \\\"World\\\" \\;\\ ", instance.encodeForDN(" Hello\\ + , \"World\" ; "));
-    }
-    
-    public void testEncodeForXMLNull() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForXML(null));
-    }
-
-    public void testEncodeForXMLSpace() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(" ", instance.encodeForXML(" "));
-    }
-
-    public void testEncodeForXMLScript() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#x3c;script&#x3e;", instance.encodeForXML("<script>"));
-    }
-
-    public void testEncodeForXMLImmune() {
-        System.out.println("encodeForXML");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(",.-_", instance.encodeForXML(",.-_"));
-    }
-    
-    public void testEncodeForXMLSymbol() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXML("!@$%()=+{}[]"));
-    }
-
-    public void testEncodeForXMLPound() {
-        System.out.println("encodeForXML");
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#xa3;", instance.encodeForXML("\u00A3"));
-    }
-    
-    public void testEncodeForXMLAttributeNull() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForXMLAttribute(null));
-    }
-    
-    public void testEncodeForXMLAttributeSpace() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(" ", instance.encodeForXMLAttribute(" "));
-    }
-    
-    public void testEncodeForXMLAttributeScript() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#x3c;script&#x3e;", instance.encodeForXMLAttribute("<script>"));
-    }
-    
-    public void testEncodeForXMLAttributeImmune() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(",.-_", instance.encodeForXMLAttribute(",.-_"));
-    }
-    
-    public void testEncodeForXMLAttributeSymbol() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(" &#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXMLAttribute(" !@$%()=+{}[]"));
-    }
-    
-    public void testEncodeForXMLAttributePound() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#xa3;", instance.encodeForXMLAttribute("\u00A3"));
-    }
-    
-    /**
-	 * Test of encodeForURL method, of class org.owasp.esapi.Encoder.
-     *
-     * @throws Exception
-     */
-    public void testEncodeForURL() throws Exception {
-        System.out.println("encodeForURL");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForURL(null));
-        assertEquals("%3Cscript%3E", instance.encodeForURL("<script>"));
-    }
-    
-    /**
-	 * Test of decodeFromURL method, of class org.owasp.esapi.Encoder.
-     *
-     * @throws Exception
-     */
-    public void testDecodeFromURL() throws Exception {
-        System.out.println("decodeFromURL");
-        Encoder instance = ESAPI.encoder();
-        try {
-        	assertEquals(null, instance.decodeFromURL(null));
-            assertEquals("<script>", instance.decodeFromURL("%3Cscript%3E"));
-            assertEquals("     ", instance.decodeFromURL("+++++") );
-        } catch ( Exception e ) {
-            fail();
-        }
-        try {
-        	instance.decodeFromURL( "%3xridiculous" );
-        	fail();
-        } catch( Exception e ) {
-        	// expected
-        }
-    }
-    
-    /**
-	 * Test of encodeForBase64 method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForBase64() {
-        System.out.println("encodeForBase64");
-        Encoder instance = ESAPI.encoder();
-        
-        try {
-        	assertEquals(null, instance.encodeForBase64(null, false));
-            assertEquals(null, instance.encodeForBase64(null, true));
-            assertEquals(null, instance.decodeFromBase64(null));
-            for ( int i=0; i < 100; i++ ) {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
-                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
-                byte[] decoded = instance.decodeFromBase64( encoded );
-                assertTrue( Arrays.equals( r, decoded ) );
-            }
-        } catch ( IOException e ) {
-            fail();
-        }
-    }
-    
-    /**
-	 * Test of decodeFromBase64 method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testDecodeFromBase64() {
-        System.out.println("decodeFromBase64");
-        Encoder instance = ESAPI.encoder();
-        for ( int i=0; i < 100; i++ ) {
-            try {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
-                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
-                byte[] decoded = instance.decodeFromBase64( encoded );
-                assertTrue( Arrays.equals( r, decoded ) );
-            } catch ( IOException e ) {
-                fail();
-	        }
-        }
-        for ( int i=0; i < 100; i++ ) {
-            try {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
-                String encoded = ESAPI.randomizer().getRandomString(1, EncoderConstants.CHAR_ALPHANUMERICS) + instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
-	            byte[] decoded = instance.decodeFromBase64( encoded );
-	            assertFalse( Arrays.equals(r, decoded) );
-            } catch( UnsupportedEncodingException ex) {
-            	fail();
-            } catch ( IOException e ) {
-            	// expected
-            }
-        }
-    }
-    
-
-    /**
-	 * Test of WindowsCodec
-	 */
-    public void testWindowsCodec() {
-        System.out.println("WindowsCodec");
-        Encoder instance = ESAPI.encoder();
-
-        Codec win = new WindowsCodec();
-        char[] immune = new char[0];
-        assertEquals(null, instance.encodeForOS(win, null));
-        
-        PushbackString npbs = new PushbackString("n");
-        assertEquals(null, win.decodeCharacter(npbs));
-
-        PushbackString epbs = new PushbackString("");
-        assertEquals(null, win.decodeCharacter(epbs));
-        
-        Character c = Character.valueOf('<');
-        PushbackString cpbs = new PushbackString(win.encodeCharacter(immune, c));
-        Character decoded = win.decodeCharacter(cpbs);
-        assertEquals(c, decoded);
-        
-        String orig = "c:\\jeff";
-        String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
-        assertEquals(orig, win.decode(enc));
-        assertEquals(orig, win.decode(orig));
-        
-     // TODO: Check that these are acceptable for Windows
-        assertEquals("c^:^\\jeff", instance.encodeForOS(win, "c:\\jeff"));		
-        assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"));
-        assertEquals("dir^ ^&^ foo", instance.encodeForOS(win, "dir & foo"));
-        assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"));
-    }
-
-    /**
-	 * Test of UnixCodec
-	 */
-    public void testUnixCodec() {
-        System.out.println("UnixCodec");
-        Encoder instance = ESAPI.encoder();
-
-        Codec unix = new UnixCodec();
-        char[] immune = new char[0];
-        assertEquals(null, instance.encodeForOS(unix, null));
-        
-        PushbackString npbs = new PushbackString("n");
-        assertEquals(null, unix.decodeCharacter(npbs));
-
-        Character c = Character.valueOf('<');
-        PushbackString cpbs = new PushbackString(unix.encodeCharacter(immune, c));
-        Character decoded = unix.decodeCharacter(cpbs);
-        assertEquals(c, decoded);
-        
-        PushbackString epbs = new PushbackString("");
-        assertEquals(null, unix.decodeCharacter(epbs));
-
-        String orig = "/etc/passwd";
-        String enc = unix.encode(immune, orig);
-        assertEquals(orig, unix.decode(enc));
-        assertEquals(orig, unix.decode(orig));
-        
-     // TODO: Check that these are acceptable for Unix hosts
-        assertEquals("c\\:\\\\jeff", instance.encodeForOS(unix, "c:\\jeff"));
-        assertEquals("c\\:\\\\jeff", unix.encode(immune, "c:\\jeff"));
-        assertEquals("dir\\ \\&\\ foo", instance.encodeForOS(unix, "dir & foo"));
-        assertEquals("dir\\ \\&\\ foo", unix.encode(immune, "dir & foo"));
-
-        // Unix paths (that must be encoded safely)
-        // TODO: Check that these are acceptable for Unix
-        assertEquals("\\/etc\\/hosts", instance.encodeForOS(unix, "/etc/hosts"));
-        assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", instance.encodeForOS(unix, "/etc/hosts; ls -l"));
-    }
-    
-    public void testCanonicalizePerformance() throws Exception {
-        System.out.println("Canonicalization Performance");
-    	Encoder encoder = ESAPI.encoder();
-    	int iterations = 100;
-    	String normal = "The quick brown fox jumped over the lazy dog";
-    	
-    	long start = System.currentTimeMillis();
-    	String temp = null;		// Trade in 1/2 doz warnings in Eclipse for one (never read)
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = normal;
-        }
-    	long stop = System.currentTimeMillis();
-        System.out.println( "Normal: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = encoder.canonicalize( normal, false );
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Normal Loose: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = encoder.canonicalize( normal, true );
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Normal Strict: " + (stop-start) );
-
-    	String attack = "%2&#x35;2%3525&#x32;\\u0036lt;\r\n\r\n%&#x%%%3333\\u0033;&%23101;";
-    	
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = attack;
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Attack: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = encoder.canonicalize( attack, false );
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Attack Loose: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	try {
-        		temp = encoder.canonicalize( attack, true );
-        	} catch( IntrusionException e ) { 
-        		// expected
-        	}
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Attack Strict: " + (stop-start) );
-    }
-    
-
-    public void testConcurrency() {
-        System.out.println("Encoder Concurrency");
-		for (int i = 0; i < 10; i++) {
-			new Thread( new EncoderConcurrencyMock( i )).start();
-		}
-	}
-
-    /**
-     *  A simple class that calls the Encoder to test thread safety
-     */
-    public class EncoderConcurrencyMock implements Runnable {
-    	public int num = 0;
-    	public EncoderConcurrencyMock( int num ) {
-    		this.num = num;
-    	}
-	    public void run() {
-			while( true ) {
-				String nonce = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS );
-				String result = javaScriptEncode( nonce );
-				// randomize the threads
-				try {
-					Thread.sleep( ESAPI.randomizer().getRandomInteger( 100, 500 ) );
-				} catch (InterruptedException e) {
-					// just continue
-				}
-				assertTrue( result.equals ( javaScriptEncode( nonce ) ) );
-			}
-		}
-		
-	    public String javaScriptEncode(String str) {
-			Encoder encoder = DefaultEncoder.getInstance();
-			return encoder.encodeForJavaScript(str);
-		}
-    }
-    
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertNotEquals;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.Ignore;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.codecs.MySQLCodec;
+import org.owasp.esapi.codecs.OracleCodec;
+import org.owasp.esapi.codecs.JSONCodec;
+import org.owasp.esapi.codecs.PushbackString;
+import org.owasp.esapi.codecs.UnixCodec;
+import org.owasp.esapi.codecs.WindowsCodec;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.Randomizer;
+
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * The Class EncoderTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncoderTest extends TestCase {
+
+    private static class Conf extends SecurityConfigurationWrapper
+    {
+        private final List<String> codecList;
+
+        /**
+         * @param orig   The original {@code SecurityConfiguration} to use as a basis.
+         *               Generally, that will just be:      {@code ESAPI.securityConfiguration()}
+         * @param codecsList List of {@code Codec}s to replace {@code Encoder.DefaultCodecList}
+         */
+        Conf(SecurityConfiguration orig, List<String> codecList)
+        {
+            super(orig);
+            this.codecList = codecList;
+        }
+
+        @Override
+        public List<String> getDefaultCanonicalizationCodecs()
+        {
+            return codecList;
+        }
+    }
+    private static final String PREFERRED_ENCODING = "UTF-8";
+
+    /**
+     * Instantiates a new encoder test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public EncoderTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}s
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        ESAPI.override(null); // Restore
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(EncoderTest.class);
+        return suite;
+    }
+
+    /**
+     * Test of canonicalize method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws EncodingException
+     */
+    public void testCanonicalize() throws EncodingException {
+        System.out.println("canonicalize");
+
+        ArrayList<String> list = new ArrayList<String>();
+        list.add( "HTMLEntityCodec" );
+        list.add( "PercentCodec" );
+        Encoder instance = new DefaultEncoder( list );
+
+        // Test null paths
+        assertEquals( null, instance.canonicalize(null));
+        assertEquals( null, instance.canonicalize(null, true));
+        assertEquals( null, instance.canonicalize(null, false));
+        assertEquals( null, instance.canonicalize(null, true, true));
+        assertEquals( null, instance.canonicalize(null, true, false));
+        assertEquals( null, instance.canonicalize(null, false, true));
+        assertEquals( null, instance.canonicalize(null, false, false));
+
+        // test exception paths
+        assertEquals( "%", instance.canonicalize("%25", true));
+        assertEquals( "%", instance.canonicalize("%25", false));
+
+        assertEquals( "%", instance.canonicalize("%25"));
+        assertEquals( "%F", instance.canonicalize("%25F"));
+        assertEquals( "<", instance.canonicalize("%3c"));
+        assertEquals( "<", instance.canonicalize("%3C"));
+        assertEquals( "%X1", instance.canonicalize("%X1"));
+
+        assertEquals( "<", instance.canonicalize("&lt"));
+        assertEquals( "<", instance.canonicalize("&LT"));
+        assertEquals( "<", instance.canonicalize("&lt;"));
+        assertEquals( "<", instance.canonicalize("&LT;"));
+
+        assertEquals( "%", instance.canonicalize("&#37;"));
+        assertEquals( "%", instance.canonicalize("&#37"));
+        assertEquals( "%b", instance.canonicalize("&#37b"));
+
+        assertEquals( "<", instance.canonicalize("&#x3c"));
+        assertEquals( "<", instance.canonicalize("&#x3c;"));
+        assertEquals( "<", instance.canonicalize("&#x3C"));
+        assertEquals( "<", instance.canonicalize("&#X3c"));
+        assertEquals( "<", instance.canonicalize("&#X3C"));
+        assertEquals( "<", instance.canonicalize("&#X3C;"));
+
+        // percent encoding
+        assertEquals( "<", instance.canonicalize("%3c"));
+        assertEquals( "<", instance.canonicalize("%3C"));
+
+        // html entity encoding
+        assertEquals( "<", instance.canonicalize("&#60"));
+        assertEquals( "<", instance.canonicalize("&#060"));
+        assertEquals( "<", instance.canonicalize("&#0060"));
+        assertEquals( "<", instance.canonicalize("&#00060"));
+        assertEquals( "<", instance.canonicalize("&#000060"));
+        assertEquals( "<", instance.canonicalize("&#0000060"));
+        assertEquals( "<", instance.canonicalize("&#60;"));
+        assertEquals( "<", instance.canonicalize("&#060;"));
+        assertEquals( "<", instance.canonicalize("&#0060;"));
+        assertEquals( "<", instance.canonicalize("&#00060;"));
+        assertEquals( "<", instance.canonicalize("&#000060;"));
+        assertEquals( "<", instance.canonicalize("&#0000060;"));
+        assertEquals( "<", instance.canonicalize("&#x3c"));
+        assertEquals( "<", instance.canonicalize("&#x03c"));
+        assertEquals( "<", instance.canonicalize("&#x003c"));
+        assertEquals( "<", instance.canonicalize("&#x0003c"));
+        assertEquals( "<", instance.canonicalize("&#x00003c"));
+        assertEquals( "<", instance.canonicalize("&#x000003c"));
+        assertEquals( "<", instance.canonicalize("&#x3c;"));
+        assertEquals( "<", instance.canonicalize("&#x03c;"));
+        assertEquals( "<", instance.canonicalize("&#x003c;"));
+        assertEquals( "<", instance.canonicalize("&#x0003c;"));
+        assertEquals( "<", instance.canonicalize("&#x00003c;"));
+        assertEquals( "<", instance.canonicalize("&#x000003c;"));
+        assertEquals( "<", instance.canonicalize("&#X3c"));
+        assertEquals( "<", instance.canonicalize("&#X03c"));
+        assertEquals( "<", instance.canonicalize("&#X003c"));
+        assertEquals( "<", instance.canonicalize("&#X0003c"));
+        assertEquals( "<", instance.canonicalize("&#X00003c"));
+        assertEquals( "<", instance.canonicalize("&#X000003c"));
+        assertEquals( "<", instance.canonicalize("&#X3c;"));
+        assertEquals( "<", instance.canonicalize("&#X03c;"));
+        assertEquals( "<", instance.canonicalize("&#X003c;"));
+        assertEquals( "<", instance.canonicalize("&#X0003c;"));
+        assertEquals( "<", instance.canonicalize("&#X00003c;"));
+        assertEquals( "<", instance.canonicalize("&#X000003c;"));
+        assertEquals( "<", instance.canonicalize("&#x3C"));
+        assertEquals( "<", instance.canonicalize("&#x03C"));
+        assertEquals( "<", instance.canonicalize("&#x003C"));
+        assertEquals( "<", instance.canonicalize("&#x0003C"));
+        assertEquals( "<", instance.canonicalize("&#x00003C"));
+        assertEquals( "<", instance.canonicalize("&#x000003C"));
+        assertEquals( "<", instance.canonicalize("&#x3C;"));
+        assertEquals( "<", instance.canonicalize("&#x03C;"));
+        assertEquals( "<", instance.canonicalize("&#x003C;"));
+        assertEquals( "<", instance.canonicalize("&#x0003C;"));
+        assertEquals( "<", instance.canonicalize("&#x00003C;"));
+        assertEquals( "<", instance.canonicalize("&#x000003C;"));
+        assertEquals( "<", instance.canonicalize("&#X3C"));
+        assertEquals( "<", instance.canonicalize("&#X03C"));
+        assertEquals( "<", instance.canonicalize("&#X003C"));
+        assertEquals( "<", instance.canonicalize("&#X0003C"));
+        assertEquals( "<", instance.canonicalize("&#X00003C"));
+        assertEquals( "<", instance.canonicalize("&#X000003C"));
+        assertEquals( "<", instance.canonicalize("&#X3C;"));
+        assertEquals( "<", instance.canonicalize("&#X03C;"));
+        assertEquals( "<", instance.canonicalize("&#X003C;"));
+        assertEquals( "<", instance.canonicalize("&#X0003C;"));
+        assertEquals( "<", instance.canonicalize("&#X00003C;"));
+        assertEquals( "<", instance.canonicalize("&#X000003C;"));
+        assertEquals( "<", instance.canonicalize("&lt"));
+        assertEquals( "<", instance.canonicalize("&lT"));
+        assertEquals( "<", instance.canonicalize("&Lt"));
+        assertEquals( "<", instance.canonicalize("&LT"));
+        assertEquals( "<", instance.canonicalize("&lt;"));
+        assertEquals( "<", instance.canonicalize("&lT;"));
+        assertEquals( "<", instance.canonicalize("&Lt;"));
+        assertEquals( "<", instance.canonicalize("&LT;"));
+        assertEquals( "&", instance.canonicalize("&amp"));
+        assertEquals( "〈", instance.canonicalize("&lang"));
+
+        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript%3Ealert%28%22hello%22%29%3B%3C%2Fscript%3E") );
+        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript&#x3E;alert%28%22hello&#34%29%3B%3C%2Fscript%3E", false) );
+
+        // javascript escape syntax
+        ArrayList<String> js = new ArrayList<String>();
+        js.add( "JavaScriptCodec" );
+        instance = new DefaultEncoder( js );
+        System.out.println( "JavaScript Decoding" );
+
+        assertEquals( "\0", instance.canonicalize("\\0"));
+        assertEquals( "\b", instance.canonicalize("\\b"));
+        assertEquals( "\t", instance.canonicalize("\\t"));
+        assertEquals( "\n", instance.canonicalize("\\n"));
+        assertEquals( ""+(char)0x0b, instance.canonicalize("\\v"));
+        assertEquals( "\f", instance.canonicalize("\\f"));
+        assertEquals( "\r", instance.canonicalize("\\r"));
+        assertEquals( "\'", instance.canonicalize("\\'"));
+        assertEquals( "\"", instance.canonicalize("\\\""));
+        assertEquals( "\\", instance.canonicalize("\\\\"));
+        assertEquals( "\\<", instance.canonicalize("\\<"));
+
+        assertEquals( "<", instance.canonicalize("\\u003c"));
+        assertEquals( "<", instance.canonicalize("\\U003c"));
+        assertEquals( "<", instance.canonicalize("\\u003C"));
+        assertEquals( "<", instance.canonicalize("\\U003C"));
+        assertEquals( "<", instance.canonicalize("\\x3c"));
+        assertEquals( "<", instance.canonicalize("\\X3c"));
+        assertEquals( "<", instance.canonicalize("\\x3C"));
+        assertEquals( "<", instance.canonicalize("\\X3C"));
+
+        // css escape syntax
+        // be careful because some codecs see \0 as null byte
+        ArrayList<String> css = new ArrayList<String>();
+        css.add( "CSSCodec" );
+        instance = new DefaultEncoder( css );
+        System.out.println( "CSS Decoding" );
+        assertEquals( "<", instance.canonicalize("\\3c"));  // add strings to prevent null byte
+        assertEquals( "<", instance.canonicalize("\\03c"));
+        assertEquals( "<", instance.canonicalize("\\003c"));
+        assertEquals( "<", instance.canonicalize("\\0003c"));
+        assertEquals( "<", instance.canonicalize("\\00003c"));
+        assertEquals( "<", instance.canonicalize("\\3C"));
+        assertEquals( "<", instance.canonicalize("\\03C"));
+        assertEquals( "<", instance.canonicalize("\\003C"));
+        assertEquals( "<", instance.canonicalize("\\0003C"));
+        assertEquals( "<", instance.canonicalize("\\00003C"));
+    }
+
+
+    /**
+     * Test of canonicalize method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws EncodingException
+     */
+    public void testDoubleEncodingCanonicalization() throws EncodingException {
+        System.out.println("doubleEncodingCanonicalization");
+        Encoder instance = ESAPI.encoder();
+
+        // note these examples use the strict=false flag on canonicalize to allow
+        // full decoding without throwing an IntrusionException. Generally, you
+        // should use strict mode as allowing double-encoding is an abomination.
+
+        // double encoding examples
+        assertEquals( "<", instance.canonicalize("&#x26;lt&#59", false )); //double entity
+        assertEquals( "\\", instance.canonicalize("%255c", false)); //double percent
+        assertEquals( "%", instance.canonicalize("%2525", false)); //double percent
+
+        // double encoding with multiple schemes example
+        assertEquals( "<", instance.canonicalize("%26lt%3b", false)); //first entity, then percent
+        assertEquals( "&", instance.canonicalize("&#x25;26", false)); //first percent, then entity
+
+        //enforce multiple and mixed encoding detection
+        try {
+            instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", true, true);
+            fail("Multiple and mixed encoding not detected");
+        } catch (IntrusionException ie) {}
+
+        //enforce multiple but not mixed encoding detection
+        try {
+            instance.canonicalize("%252525253C", true, false);
+            fail("Multiple encoding not detected");
+        } catch (IntrusionException ie) {}
+
+        //enforce mixed but not multiple encoding detection
+        try {
+            instance.canonicalize("%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false, true);
+            fail("Mixed encoding not detected");
+        } catch (IntrusionException ie) {}
+
+        //enforce niether mixed nor multiple encoding detection -should canonicalize but not throw an error
+        assertEquals( "< < < < < < <", instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B",
+                                                             false, false));
+
+        // nested encoding examples
+        assertEquals( "<", instance.canonicalize("%253c", false)); //nested encode % with percent
+        assertEquals( "<", instance.canonicalize("%%33%63", false)); //nested encode both nibbles with percent
+        assertEquals( "<", instance.canonicalize("%%33c", false)); // nested encode first nibble with percent
+        assertEquals( "<", instance.canonicalize("%3%63", false));  //nested encode second nibble with percent
+        assertEquals( "<", instance.canonicalize("&&#108;t;", false)); //nested encode l with entity
+        assertEquals( "<", instance.canonicalize("%2&#x35;3c", false)); //triple percent, percent, 5 with entity
+
+        // nested encoding with multiple schemes examples
+        assertEquals( "<", instance.canonicalize("&%6ct;", false)); // nested encode l with percent
+        assertEquals( "<", instance.canonicalize("%&#x33;c", false)); //nested encode 3 with entity
+
+        // multiple encoding tests
+        assertEquals( "% & <script> <script>", instance.canonicalize( "%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false ) );
+        assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", false ) );
+
+        // test strict mode with both mixed and multiple encoding
+        try {
+            assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B" ) );
+        } catch( IntrusionException e ) {
+            // expected
+        }
+
+        try {
+            assertEquals( "<script", instance.canonicalize("%253Cscript" ) );
+        } catch( IntrusionException e ) {
+            // expected
+        }
+        try {
+            assertEquals( "<script", instance.canonicalize("&#37;3Cscript" ) );
+        } catch( IntrusionException e ) {
+            // expected
+        }
+    }
+
+    /**
+     * Test of encodeForHTML method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws Exception
+     */
+    public void testEncodeForHTML() throws Exception {
+        System.out.println("encodeForHTML");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForHTML(null));
+        // test invalid characters are replaced with spaces
+        assertEquals("a&#xfffd;b&#xfffd;c&#xfffd;d&#xfffd;e&#xfffd;f&#x9;g", instance.encodeForHTML("a" + (char)0 + "b" + (char)4 + "c" + (char)128 + "d" + (char)150 + "e" +(char)159 + "f" + (char)9 + "g"));
+
+        assertEquals("&lt;script&gt;", instance.encodeForHTML("<script>"));
+        assertEquals("&amp;lt&#x3b;script&amp;gt&#x3b;", instance.encodeForHTML("&lt;script&gt;"));
+        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML("!@$%()=+{}[]"));
+        String canonicalized = instance.canonicalize("&#33;&#64;&#36;&#37;&#40;&#41;&#61;&#43;&#123;&#125;&#91;&#93;");
+        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML( canonicalized ) );
+        assertEquals(",.-_ ", instance.encodeForHTML(",.-_ "));
+        assertEquals("dir&amp;", instance.encodeForHTML("dir&"));
+        assertEquals("one&amp;two", instance.encodeForHTML("one&two"));
+        assertEquals("" + (char)12345 + (char)65533 + (char)1244, "" + (char)12345 + (char)65533 + (char)1244 );
+    }
+
+    /**
+     * Test of encodeForHTMLAttribute method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForHTMLAttribute() {
+        System.out.println("encodeForHTMLAttribute");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForHTMLAttribute(null));
+        assertEquals("&lt;script&gt;", instance.encodeForHTMLAttribute("<script>"));
+        assertEquals(",.-_", instance.encodeForHTMLAttribute(",.-_"));
+        assertEquals("&#x20;&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTMLAttribute(" !@$%()=+{}[]"));
+    }
+
+
+    /**
+     *
+     */
+    public void testencodeForCSS() {
+        System.out.println("encodeForCSS");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForCSS(null));
+        assertEquals("\\3c script\\3e ", instance.encodeForCSS("<script>"));
+        assertEquals("\\21 \\40 \\24 \\25 \\28 \\29 \\3d \\2b \\7b \\7d \\5b \\5d ", instance.encodeForCSS("!@$%()=+{}[]"));
+        assertEquals("#f00", instance.encodeForCSS("#f00"));
+        assertEquals("#123456", instance.encodeForCSS("#123456"));
+        assertEquals("#abcdef", instance.encodeForCSS("#abcdef"));
+        assertEquals("red", instance.encodeForCSS("red"));
+    }
+
+    public void testCSSTripletLeadString() {
+        System.out.println("CSSTripletLeadString");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("rgb(255,255,255)\\21 ", instance.encodeForCSS("rgb(255,255,255)!"));
+        assertEquals("rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("rgb(25%,25%,25%)!"));
+    }
+    public void testCSSTripletTailString() {
+        System.out.println("CSSTripletTailString");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)!"));
+        assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(25%,25%,25%)!"));
+    }
+    public void testCSSTripletStringPart() {
+        System.out.println("CSSTripletStringPart");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)!"));
+        assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(25%,25%,25%)!"));
+    }
+    public void testCSSTripletStringMultiPart() {
+        System.out.println("CSSTripletMultiPart");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(255,255,255)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)! $field=rgb(255,255,255)!"));
+        assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(25%,25%,25%)! $field=rgb(25%,25%,25%)!"));
+        assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)! $field=rgb(25%,25%,25%)!"));
+    }
+
+
+    /**
+     * Test of encodeForJavaScript method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForJavascript() {
+        System.out.println("encodeForJavascript");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForJavaScript(null));
+        assertEquals("\\x3Cscript\\x3E", instance.encodeForJavaScript("<script>"));
+        assertEquals(",.\\x2D_\\x20", instance.encodeForJavaScript(",.-_ "));
+        assertEquals("\\x21\\x40\\x24\\x25\\x28\\x29\\x3D\\x2B\\x7B\\x7D\\x5B\\x5D", instance.encodeForJavaScript("!@$%()=+{}[]"));
+        // assertEquals( "\\0", instance.encodeForJavaScript("\0"));
+        // assertEquals( "\\b", instance.encodeForJavaScript("\b"));
+        // assertEquals( "\\t", instance.encodeForJavaScript("\t"));
+        // assertEquals( "\\n", instance.encodeForJavaScript("\n"));
+        // assertEquals( "\\v", instance.encodeForJavaScript("" + (char)0x0b));
+        // assertEquals( "\\f", instance.encodeForJavaScript("\f"));
+        // assertEquals( "\\r", instance.encodeForJavaScript("\r"));
+        // assertEquals( "\\'", instance.encodeForJavaScript("\'"));
+        // assertEquals( "\\\"", instance.encodeForJavaScript("\""));
+        // assertEquals( "\\\\", instance.encodeForJavaScript("\\"));
+    }
+
+    /**
+     *
+     */
+    public void testEncodeForVBScript() {
+        System.out.println("encodeForVBScript");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForVBScript(null));
+        assertEquals( "chrw(60)&\"script\"&chrw(62)", instance.encodeForVBScript("<script>"));
+        assertEquals( "x\"&chrw(32)&chrw(33)&chrw(64)&chrw(36)&chrw(37)&chrw(40)&chrw(41)&chrw(61)&chrw(43)&chrw(123)&chrw(125)&chrw(91)&chrw(93)", instance.encodeForVBScript("x !@$%()=+{}[]"));
+        assertEquals( "alert\"&chrw(40)&chrw(39)&\"ESAPI\"&chrw(32)&\"test\"&chrw(33)&chrw(39)&chrw(41)", instance.encodeForVBScript("alert('ESAPI test!')" ));
+        assertEquals( "jeff.williams\"&chrw(64)&\"aspectsecurity.com", instance.encodeForVBScript("jeff.williams@aspectsecurity.com"));
+        assertEquals( "test\"&chrw(32)&chrw(60)&chrw(62)&chrw(32)&\"test", instance.encodeForVBScript("test <> test" ));
+    }
+
+
+    /**
+     * Test of encodeForXPath method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForXPath() {
+        System.out.println("encodeForXPath");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForXPath(null));
+        assertEquals("&#x27;or 1&#x3d;1", instance.encodeForXPath("'or 1=1"));
+    }
+
+
+
+    /**
+     * Test of encodeForSQL method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForSQL() {
+        System.out.println("encodeForSQL");
+        Encoder instance = ESAPI.encoder();
+
+        Codec mySQL1 = new MySQLCodec( MySQLCodec.ANSI_MODE );
+        assertEquals("ANSI_MODE", null, instance.encodeForSQL(mySQL1, null));
+        assertEquals("ANSI_MODE", "Jeff'' or ''1''=''1", instance.encodeForSQL(mySQL1, "Jeff' or '1'='1"));
+
+        Codec mySQL2 = new MySQLCodec( MySQLCodec.MYSQL_MODE );
+        assertEquals("MYSQL_MODE", null, instance.encodeForSQL(mySQL2, null));
+        assertEquals("MYSQL_MODE", "Jeff\\' or \\'1\\'\\=\\'1", instance.encodeForSQL(mySQL2, "Jeff' or '1'='1"));
+
+        Codec oracle = new OracleCodec();
+        assertEquals("Oracle", null, instance.encodeForSQL(oracle, null));
+        assertEquals("Oracle", "Jeff'' or ''1''=''1", instance.encodeForSQL(oracle, "Jeff' or '1'='1"));
+    }
+
+    public void testMySQLANSIModeQuoteInjection() {
+        System.out.println("mySQLANSIModeQuoteInjection");
+        Encoder instance = ESAPI.encoder();
+        Codec c = new MySQLCodec(MySQLCodec.Mode.ANSI);
+        //No special handling is required for double quotes in ANSI_Quotes mode
+        assertEquals("MySQL Ansi Quote Injection Bug", "\" or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
+    }
+
+
+    /**
+     * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
+     *
+     * Additional tests: https://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
+     */
+    public void testEncodeForLDAP() {
+        System.out.println("encodeForLDAP");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForLDAP(null));
+        assertEquals("No special characters to escape", "Hi This is a test", instance.encodeForLDAP("Hi This is a test"));
+        assertEquals("No special characters to escape", "Hi This is a test \u0007f", instance.encodeForLDAP("Hi This is a test \u0007f"));
+        assertEquals("Special characters to escape", "Hi This is a test \\c2\\80", instance.encodeForLDAP("Hi This is a test \u0080"));
+        assertEquals("Special characters to escape", "Hi This is a test \\c3\\bf", instance.encodeForLDAP("Hi This is a test \u00FF"));
+        assertEquals("Special characters to escape", "Hi This is a test \\df\\bf", instance.encodeForLDAP("Hi This is a test \u07FF"));
+        assertEquals("Special characters to escape", "Hi This is a test \\e0\\a0\\80", instance.encodeForLDAP("Hi This is a test \u0800"));
+        assertEquals("Special characters to escape", "Hi This is a test \\e0\\a3\\bf", instance.encodeForLDAP("Hi This is a test \u08FF"));
+        assertEquals("Special characters to escape", "Hi This is a test \\e7\\bf\\bf", instance.encodeForLDAP("Hi This is a test \u7FFF"));
+        assertEquals("Special characters to escape", "Hi This is a test \\e8\\80\\80", instance.encodeForLDAP("Hi This is a test \u8000"));
+        assertEquals("Special characters to escape", "Hi This is a test \\e8\\bf\\bf", instance.encodeForLDAP("Hi This is a test \u8FFF"));
+        assertEquals("Special characters to escape", "Hi This is a test \\ef\\bf\\bf", instance.encodeForLDAP("Hi This is a test \uFFFF"));
+        assertEquals("Special characters to escape", "Hi This is a test #\\ef\\bf\\bd\\ef\\bf\\bd", instance.encodeForLDAP("Hi This is a test #��"));
+        assertEquals("NUL", "Hi \\00", instance.encodeForLDAP("Hi \u0000"));
+        assertEquals("LPAREN", "Hi \\28", instance.encodeForLDAP("Hi ("));
+        assertEquals("RPAREN", "Hi \\29", instance.encodeForLDAP("Hi )"));
+        assertEquals("ASTERISK", "Hi \\2a", instance.encodeForLDAP("Hi *"));
+        assertEquals("SLASH", "Hi \\2f", instance.encodeForLDAP("Hi /"));
+        assertEquals("ESC", "Hi \\5c", instance.encodeForLDAP("Hi \\"));
+        assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # \\ef\\bf\\bd \\ef\\bf\\bd \\ef\\bf\\bd", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �"));
+        assertEquals("Hi \\28This\\29 =", instance.encodeForLDAP("Hi (This) ="));
+        assertEquals("Forward slash for \\2fMicrosoft\\2f \\2fAD\\2f", instance.encodeForLDAP("Forward slash for /Microsoft/ /AD/"));
+        assertEquals("RFC 4515, Section 4", "(cn=Babs Jensen)", "(cn=" + instance.encodeForLDAP("Babs Jensen") + ")");
+    }
+
+    /**
+     * Test of encodeForLDAP method with without encoding wildcard characters, of class org.owasp.esapi.Encoder.
+     *
+     * Additional tests: https://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
+     */
+    public void testEncodeForLDAPWithoutEncodingWildcards() {
+        System.out.println("encodeForLDAPWithoutEncodingWildcards");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForLDAP(null, false));
+        assertEquals("No special characters to escape", "Hi This is a test", instance.encodeForLDAP("Hi This is a test"));
+        assertEquals("No special characters to escape", "Hi This is a test \u0007f", instance.encodeForLDAP("Hi This is a test \u0007f", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\c2\\80", instance.encodeForLDAP("Hi This is a test \u0080", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\c3\\bf", instance.encodeForLDAP("Hi This is a test \u00FF", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\df\\bf", instance.encodeForLDAP("Hi This is a test \u07FF", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\e0\\a0\\80", instance.encodeForLDAP("Hi This is a test \u0800", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\e0\\a3\\bf", instance.encodeForLDAP("Hi This is a test \u08FF", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\e7\\bf\\bf", instance.encodeForLDAP("Hi This is a test \u7FFF", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\e8\\80\\80", instance.encodeForLDAP("Hi This is a test \u8000", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\e8\\bf\\bf", instance.encodeForLDAP("Hi This is a test \u8FFF", false));
+        assertEquals("Special characters to escape", "Hi This is a test \\ef\\bf\\bf", instance.encodeForLDAP("Hi This is a test \uFFFF", false));
+        assertEquals("Special characters to escape", "Hi This is a test #\\ef\\bf\\bd\\ef\\bf\\bd", instance.encodeForLDAP("Hi This is a test #��", false));
+        assertEquals("NUL", "Hi \\00", instance.encodeForLDAP("Hi \u0000", false));
+        assertEquals("LPAREN", "Hi \\28", instance.encodeForLDAP("Hi (", false));
+        assertEquals("RPAREN", "Hi \\29", instance.encodeForLDAP("Hi )", false));
+        assertEquals("ASTERISK", "Hi *", instance.encodeForLDAP("Hi *", false));
+        assertEquals("SLASH", "Hi \\2f", instance.encodeForLDAP("Hi /", false));
+        assertEquals("ESC", "Hi \\5c", instance.encodeForLDAP("Hi \\", false));
+        assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is * a \\5c test # \\ef\\bf\\bd \\ef\\bf\\bd \\ef\\bf\\bd", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �", false));
+        assertEquals("Forward slash for \\2fMicrosoft\\2f \\2fAD\\2f", instance.encodeForLDAP("Forward slash for /Microsoft/ /AD/"));
+        assertEquals("RFC 4515, Section 4", "(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))",
+            "(&(objectClass=" + instance.encodeForLDAP("Person") + ")(|(sn=" + instance.encodeForLDAP("Jensen") + ")(cn=" + instance.encodeForLDAP("Babs J*", false) + ")))");
+        assertEquals("RFC 4515, Section 4", "(o=univ*of*mich*)",
+            "(o=" + instance.encodeForLDAP("univ*of*mich*", false) + ")");
+    }
+
+    /**
+     * Test of encodeForDN method, of class org.owasp.esapi.Encoder.
+     *
+     * Additional tests: https://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
+     */
+    public void testEncodeForDN() {
+        System.out.println("encodeForDN");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForDN(null));
+        assertEquals("No special characters to escape", "Hello", instance.encodeForDN("Hello"));
+        assertEquals("No special characters to escape", "Hello \u0007f", instance.encodeForDN("Hello \u0007f"));
+        assertEquals("Special characters to escape", "Hello \\c2\\80", instance.encodeForDN("Hello \u0080"));
+        assertEquals("Special characters to escape", "Hello \\c3\\bf", instance.encodeForDN("Hello \u00FF"));
+        assertEquals("Special characters to escape", "Hello \\df\\bf", instance.encodeForDN("Hello \u07FF"));
+        assertEquals("Special characters to escape", "Hello \\e0\\a0\\80", instance.encodeForDN("Hello \u0800"));
+        assertEquals("Special characters to escape", "Hello \\e0\\a3\\bf", instance.encodeForLDAP("Hello \u08FF"));
+        assertEquals("Special characters to escape", "Hello \\e7\\bf\\bf", instance.encodeForDN("Hello \u7FFF"));
+        assertEquals("Special characters to escape", "Hello \\e8\\80\\80", instance.encodeForDN("Hello \u8000"));
+        assertEquals("Special characters to escape", "Hello \\e8\\bf\\bf", instance.encodeForDN("Hello \u8FFF"));
+        assertEquals("Special characters to escape", "Hello \\ef\\bf\\bf", instance.encodeForDN("Hello \uFFFF"));
+        assertEquals("Special characters to escape", "Hello\\ef\\bf\\bd", instance.encodeForDN("Hello�"));
+        assertEquals("NUL", "Hi \\00", instance.encodeForDN("Hi \u0000"));
+        assertEquals("DQUOTE", "Hi \\\"", instance.encodeForDN("Hi \""));
+        assertEquals("PLUS", "Hi \\+", instance.encodeForDN("Hi +"));
+        assertEquals("COMMA", "Hi \\,", instance.encodeForDN("Hi ,"));
+        assertEquals("SLASH", "Hi \\/", instance.encodeForDN("Hi /"));
+        assertEquals("SEMI", "Hi \\;", instance.encodeForDN("Hi ;"));
+        assertEquals("LANGLE", "Hi \\<", instance.encodeForDN("Hi <"));
+        assertEquals("RANGLE", "Hi \\>", instance.encodeForDN("Hi >"));
+        assertEquals("ESC", "Hi \\\\", instance.encodeForDN("Hi \\"));
+        assertEquals("leading #", "\\# Hello\\ef\\bf\\bd", instance.encodeForDN("# Hello�"));
+        assertEquals("leading space", "\\ Hello\\ef\\bf\\bd", instance.encodeForDN(" Hello�"));
+        assertEquals("trailing space", "Hello\\ef\\bf\\bd\\ ", instance.encodeForDN("Hello� "));
+        assertEquals("less than greater than", "Hello\\<\\>", instance.encodeForDN("Hello<>"));
+        assertEquals("only 3 spaces", "\\  \\ ", instance.encodeForDN("   "));
+        assertEquals("Christmas Tree DN", "\\ Hello\\\\ \\+ \\, \\\"World\\\" \\;\\ ", instance.encodeForDN(" Hello\\ + , \"World\" ; "));
+        assertEquals("Forward slash for \\/Microsoft\\/ \\/AD\\/", instance.encodeForDN("Forward slash for /Microsoft/ /AD/"));
+        assertEquals("RFC 4514, Section 4", "CN=James \\\"Jim\\\" Smith\\, III,DC=example,DC=net",
+            "CN=" + instance.encodeForDN("James \"Jim\" Smith, III") + ",DC=" + instance.encodeForDN("example") + ",DC=" + instance.encodeForDN("net"));
+        assertEquals("RFC 4514, Section 4", "CN=Lu\\c4\\8di\\c4\\87",
+            "CN=" + instance.encodeForDN("\u004C\u0075\u010D\u0069\u0107"));
+    }
+
+    /**
+     * Longstanding issue of always lowercasing named HTML entities.  This will be set right now.
+     */
+    public void testNamedUpperCaseDecoding(){
+        System.out.println("namedUpperCaseDecoding");
+        String input = "&Uuml;";
+        String expected = "Ü";
+        assertEquals(expected, ESAPI.encoder().decodeForHTML(input));
+    }
+
+    public void testEncodeForXMLNull() {
+        System.out.println("encodeFormXMLNull");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForXML(null));
+    }
+
+    public void testEncodeForXMLSpace() {
+        System.out.println("encodeFormXMLSpace");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(" ", instance.encodeForXML(" "));
+    }
+
+    public void testEncodeForXMLScript() {
+        System.out.println("encodeForXMLScript");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#x3c;script&#x3e;", instance.encodeForXML("<script>"));
+    }
+
+    public void testEncodeForXMLImmune() {
+        System.out.println("encodeForXML");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(",.-_", instance.encodeForXML(",.-_"));
+    }
+
+    public void testEncodeForXMLSymbol() {
+        System.out.println("encodeForXMLSymbol");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXML("!@$%()=+{}[]"));
+    }
+
+    public void testEncodeForXMLPound() {
+        System.out.println("encodeForXMLPound");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#xa3;", instance.encodeForXML("\u00A3"));
+    }
+
+    public void testEncodeForXMLAttributeNull() {
+        System.out.println("encodeForXMLAttributeNull");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForXMLAttribute(null));
+    }
+
+    public void testEncodeForXMLAttributeSpace() {
+        System.out.println("encodeForXMLAttributeSpace");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(" ", instance.encodeForXMLAttribute(" "));
+    }
+
+    public void testEncodeForXMLAttributeScript() {
+        System.out.println("encodeForXMLAttributeScript");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#x3c;script&#x3e;", instance.encodeForXMLAttribute("<script>"));
+    }
+
+    public void testEncodeForXMLAttributeImmune() {
+        System.out.println("encodeFormXMLAttributeImmune");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(",.-_", instance.encodeForXMLAttribute(",.-_"));
+    }
+
+    public void testEncodeForXMLAttributeSymbol() {
+        System.out.println("encodeFormXMLAttributeSymbol");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(" &#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXMLAttribute(" !@$%()=+{}[]"));
+    }
+
+    public void testEncodeForXMLAttributePound() {
+        System.out.println("encodeFormXMLAttributePound");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#xa3;", instance.encodeForXMLAttribute("\u00A3"));
+    }
+
+    /**
+     * Test of encodeForURL method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws Exception
+     */
+    public void testEncodeForURL() throws Exception {
+        System.out.println("encodeForURL");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForURL(null));
+        assertEquals("%3Cscript%3E", instance.encodeForURL("<script>"));
+    }
+
+    /**
+     * Test of decodeFromURL method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws Exception
+     */
+    public void testDecodeFromURL() throws Exception {
+        System.out.println("decodeFromURL");
+        Encoder instance = ESAPI.encoder();
+        try {
+            assertEquals(null, instance.decodeFromURL(null));
+            assertEquals("<script>", instance.decodeFromURL("%3Cscript%3E"));
+            assertEquals("     ", instance.decodeFromURL("+++++") );
+        } catch ( Exception e ) {
+            fail();
+        }
+        try {
+        	//FIXME:  Rewrite this to use expected Exceptions.  
+            instance.decodeFromURL( "%3xridiculous" );
+            fail();
+        } catch( Exception e ) {
+            // expected
+        }
+    }
+
+    /**
+     * Test of encodeForBase64 method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForBase64() {
+        System.out.println("encodeForBase64");
+        Encoder instance = ESAPI.encoder();
+
+        try {
+            assertEquals(null, instance.encodeForBase64(null, false));
+            assertEquals(null, instance.encodeForBase64(null, true));
+            assertEquals(null, instance.decodeFromBase64(null));
+            for ( int i=0; i < 100; i++ ) {
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
+                byte[] decoded = instance.decodeFromBase64( encoded );
+                assertTrue( Arrays.equals( r, decoded ) );
+            }
+        } catch ( IOException e ) {
+            fail();
+        }
+    }
+
+    /**
+     * Test of decodeFromBase64 method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromBase64() {
+        System.out.println("decodeFromBase64");
+        Encoder instance = ESAPI.encoder();
+        for ( int i=0; i < 100; i++ ) {
+            try {
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
+                byte[] decoded = instance.decodeFromBase64( encoded );
+                assertTrue( Arrays.equals( r, decoded ) );
+            } catch ( IOException e ) {
+                fail();
+            }
+        }
+        for ( int i=0; i < 100; i++ ) {
+            try {
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                String encoded = ESAPI.randomizer().getRandomString(1, EncoderConstants.CHAR_ALPHANUMERICS) + instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
+                byte[] decoded = instance.decodeFromBase64( encoded );
+                assertFalse( Arrays.equals(r, decoded) );
+            } catch( UnsupportedEncodingException ex) {
+                fail();
+            } catch ( IOException e ) {
+                // expected
+            }
+        }
+    }
+
+    /**
+     * Test of WindowsCodec
+     */
+    public void testWindowsCodec() {
+        System.out.println("WindowsCodec");
+        Encoder instance = ESAPI.encoder();
+
+        Codec<Character> win = new WindowsCodec();
+        char[] immune = new char[0];
+        assertEquals(null, instance.encodeForOS(win, null));
+
+        PushbackString npbs = new PushbackString("n");
+        assertEquals(null, win.decodeCharacter(npbs));
+
+        PushbackString epbs = new PushbackString("");
+        assertEquals(null, win.decodeCharacter(epbs));
+
+        Character c = Character.valueOf('<');
+        PushbackString cpbs = new PushbackString(win.encodeCharacter(immune, c));
+        Character decoded = win.decodeCharacter(cpbs);
+        assertEquals(c, decoded);
+
+        String orig = "c:\\jeff";
+        String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
+        assertEquals(orig, win.decode(enc));
+        assertEquals(orig, win.decode(orig));
+
+        // TODO: Check that these are acceptable for Windows
+        assertEquals("c^:^\\jeff", instance.encodeForOS(win, "c:\\jeff"));
+        assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"));
+        assertEquals("dir^ ^&^ foo", instance.encodeForOS(win, "dir & foo"));
+        assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"));
+    }
+
+    /**
+     * Test of UnixCodec
+     */
+    public void testUnixCodec() {
+        System.out.println("UnixCodec");
+        Encoder instance = ESAPI.encoder();
+
+        Codec<Character> unix = new UnixCodec();
+        char[] immune = new char[0];
+        assertEquals(null, instance.encodeForOS(unix, null));
+
+        PushbackString npbs = new PushbackString("n");
+        assertEquals(null, unix.decodeCharacter(npbs));
+
+        Character c = Character.valueOf('<');
+        PushbackString cpbs = new PushbackString(unix.encodeCharacter(immune, c));
+        Character decoded = unix.decodeCharacter(cpbs);
+        assertEquals(c, decoded);
+
+        PushbackString epbs = new PushbackString("");
+        assertEquals(null, unix.decodeCharacter(epbs));
+
+        String orig = "/etc/passwd";
+        String enc = unix.encode(immune, orig);
+        assertEquals(orig, unix.decode(enc));
+        assertEquals(orig, unix.decode(orig));
+
+        // TODO: Check that these are acceptable for Unix hosts
+        assertEquals("c\\:\\\\jeff", instance.encodeForOS(unix, "c:\\jeff"));
+        assertEquals("c\\:\\\\jeff", unix.encode(immune, "c:\\jeff"));
+        assertEquals("dir\\ \\&\\ foo", instance.encodeForOS(unix, "dir & foo"));
+        assertEquals("dir\\ \\&\\ foo", unix.encode(immune, "dir & foo"));
+
+        // Unix paths (that must be encoded safely)
+        // TODO: Check that these are acceptable for Unix
+        assertEquals("\\/etc\\/hosts", instance.encodeForOS(unix, "/etc/hosts"));
+        assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", instance.encodeForOS(unix, "/etc/hosts; ls -l"));
+    }
+
+    public void testCanonicalizePerformance() throws Exception {
+        System.out.println("Canonicalization Performance");
+        Encoder encoder = ESAPI.encoder();
+        int iterations = 100;
+        String normal = "The quick brown fox jumped over the lazy dog";
+
+        long start = System.currentTimeMillis();
+        String temp = null;        // Trade in 1/2 doz warnings in Eclipse for one (never read)
+        for ( int i=0; i< iterations; i++ ) {
+            temp = normal;
+        }
+        long stop = System.currentTimeMillis();
+        System.out.println( "Normal: " + (stop-start) );
+
+        start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+            temp = encoder.canonicalize( normal, false );
+        }
+        stop = System.currentTimeMillis();
+        System.out.println( "Normal Loose: " + (stop-start) );
+
+        start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+            temp = encoder.canonicalize( normal, true );
+        }
+        stop = System.currentTimeMillis();
+        System.out.println( "Normal Strict: " + (stop-start) );
+
+        String attack = "%2&#x35;2%3525&#x32;\\u0036lt;\r\n\r\n%&#x%%%3333\\u0033;&%23101;";
+
+        start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+            temp = attack;
+        }
+        stop = System.currentTimeMillis();
+        System.out.println( "Attack: " + (stop-start) );
+
+        start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+            temp = encoder.canonicalize( attack, false );
+        }
+        stop = System.currentTimeMillis();
+        System.out.println( "Attack Loose: " + (stop-start) );
+
+        start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+            try {
+                temp = encoder.canonicalize( attack, true );
+            } catch( IntrusionException e ) {
+                // expected
+            }
+        }
+        stop = System.currentTimeMillis();
+        System.out.println( "Attack Strict: " + (stop-start) );
+    }
+
+
+    public void testConcurrency() {
+        System.out.println("Encoder Concurrency");
+        for (int i = 0; i < 10; i++) {
+            new Thread( new EncoderConcurrencyMock( i )).start();
+        }
+    }
+
+    /**
+     *  A simple class that calls the Encoder to test thread safety
+     */
+    public class EncoderConcurrencyMock implements Runnable {
+        public int num = 0;
+        public EncoderConcurrencyMock( int num ) {
+            this.num = num;
+        }
+        public void run() {
+            while( true ) {
+                String nonce = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS );
+                String result = javaScriptEncode( nonce );
+                // randomize the threads
+                try {
+                    Thread.sleep( ESAPI.randomizer().getRandomInteger( 100, 500 ) );
+                } catch (InterruptedException e) {
+                    // just continue
+                }
+                assertTrue( result.equals ( javaScriptEncode( nonce ) ) );
+            }
+        }
+
+        public String javaScriptEncode(String str) {
+            Encoder encoder = DefaultEncoder.getInstance();
+            return encoder.encodeForJavaScript(str);
+        }
+    }
+
+    public void testGetCanonicalizedUri() throws Exception {
+        System.out.println("getCanonicalizedUri");
+        Encoder e = ESAPI.encoder();
+
+        String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
+        //Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+        //password information as in http://palpatine:password@foo.com, and this will
+        //not appear in the userinfo field.
+        String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+
+    }
+    
+    public void testGetCanonicalizedUriWithAnHTMLEntityCollision() throws Exception {
+        System.out.println("GetCanonicalizedUriWithAnHTMLEntityCollision");
+        Encoder e = ESAPI.encoder();
+
+        String expectedUri = "http://palpatine@foobar.com/path_to/resource?foo=bar&para1=test";
+        //Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+        //password information as in http://palpatine:password@foo.com, and this will
+        //not appear in the userinfo field.
+        String input = "http://palpatine@foobar.com/path_to/resource?foo=bar&para1=test";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+
+    }	
+    
+    @org.junit.Ignore("Pre-check in unit test for issue #826")
+    public void Issue826GetCanonicalizedUriWithMultipleEncoding() throws Exception {
+        System.out.println("GetCanonicalizedUriWithAnHTMLEntityCollision");
+        Encoder e = ESAPI.encoder();
+        String expectedUri = "http://palpatine@foobar.com/path_to/resource?foo=bar&para1=&amp;amp;amp;test";
+        //Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+        //password information as in http://palpatine:password@foo.com, and this will
+        //not appear in the userinfo field.
+        String input = "http://palpatine@foobar.com/path_to/resource?foo=bar&para1=&amp;amp;amp;test";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+
+    }	
+	    public void testGetCanonicalizedUriWithMultQueryParams() throws Exception {
+        System.out.println("getCanonicalizedUri");
+        Encoder e = ESAPI.encoder();
+
+        String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar&bar=foo#frag";
+        //Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+        //password information as in http://palpatine:password@foo.com, and this will
+        //not appear in the userinfo field.
+        String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar&bar=foo#frag";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+
+    }
+
+    public void testGetCanonicalizedUriPiazza() throws Exception {
+        System.out.println("getCanonicalizedUriPiazza");
+        Encoder e = ESAPI.encoder();
+
+        String expectedUri = "http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft,Launched";
+        //Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+        //password information as in http://palpatine:password@foo.com, and this will
+        //not appear in the userinfo field.
+        String input = "http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft%2CLaunched";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+
+    }
+    
+    public void testIssue824() throws Exception {
+        System.out.println("getCanonicalizedUriPiazza");
+        Encoder e = ESAPI.encoder();
+
+        String expectedUri = "/webapp/ux/home?d=1705914006565&status=login&ticket=1705914090394_HzJpTROVfhW-JhRW0OqDbHu7tWXXlgrKSUmOzIMsZNCcUIiYGMXX_Q==&newsess=false&roleid=DP010101/0007&origin=ourprogram";
+        //Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+        //password information as in http://palpatine:password@foo.com, and this will
+        //not appear in the userinfo field.
+        String input = "/webapp/ux/home?d=1705914006565&status=login&ticket=1705914090394_HzJpTROVfhW-JhRW0OqDbHu7tWXXlgrKSUmOzIMsZNCcUIiYGMXX_Q%3D%3D&newsess=false&roleid=DP010101/0007&origin=ourprogram";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+
+    }
+	
+    @org.junit.Ignore("Pre-check in unit test for issue #826")
+	public void Issue826GetCanonicalizedDoubleAmpersand() throws Exception {
+        System.out.println("getCanonicalizedDoubleAmpersand");
+        Encoder e = ESAPI.encoder();
+        String expectedUri = "http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft%2C&html=&amp;contentLaunched";
+        //http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft,&html=null&=null&amp;contentLaunched=null
+        /*
+         * In this case, the URI class should break up the HTML entity in the query so 
+         */
+        String input = "http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft%2C&html=&&amp;contentLaunched";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        try {
+        	assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+        	fail();
+        } catch (Exception ex) {
+        	//Expected 
+        }
+    }
+
+    public void testGetCanonicalizedUriWithMailto() throws Exception {
+        System.out.println("getCanonicalizedUriWithMailto");
+        Encoder e = ESAPI.encoder();
+
+        String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
+        //Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+        //password information as in http://palpatine:password@foo.com, and this will
+        //not appear in the userinfo field.
+        String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
+        URI uri = new URI(input);
+        System.out.println(uri.toString());
+        assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+    }
+
+    public void testHtmlEncodeStrSurrogatePair()
+    {
+        System.out.println("htmlEncodeStrSurrogatePair");
+        Encoder enc = ESAPI.encoder();
+        String inStr = new String (new int[]{0x2f804}, 0, 1);
+        assertEquals(false, Character.isBmpCodePoint(inStr.codePointAt(0)));
+        assertEquals(true, Character.isBmpCodePoint(new String(new int[] {0x0a}, 0, 1).codePointAt(0)));
+        String expected = "&#x2f804;";
+        String result;
+
+        result = enc.encodeForHTML(inStr);
+        assertEquals(expected, result);
+    }
+
+    public void testHtmlDecodeHexEntititesSurrogatePair()
+    {
+        System.out.println("htmlDecodeHexEntitiesSurrogatePair");
+        HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
+        String expected = new String (new int[]{0x2f804}, 0, 1);
+        assertEquals( expected, htmlCodec.decode("&#194564;") );
+        assertEquals( expected, htmlCodec.decode("&#x2f804;") );
+    }
+
+    public void testUnicodeCanonicalize() {
+        System.out.println("UnicodeCanonicalize");
+        Encoder e = ESAPI.encoder();
+        String input = "测试";
+        String expected = "测试";
+        String output = e.canonicalize(input);
+        assertEquals(expected, output);
+    }
+
+    public void testUnicodeCanonicalizePercentEncoding() {
+        System.out.println("UnicodeCanonicalizePercentEncoding");
+        //TODO:  We need to find a way to specify the encoding type for percent encoding.
+        //I believe by default we're doing Latin-1 and we really should be doing UTF-8
+        Encoder e = ESAPI.encoder();
+        String input = "%E6%B5%8B%E8%AF%95";
+        String expected = "测试";
+        String output = e.canonicalize(input);
+        assertNotSame(expected, output);
+    }
+
+    // Test for GitHub Issue 686.
+    public void testGetDefaultCanonicalizationCodecs() {
+        System.out.println("getDefaultCanonicalizationCodecs");
+
+        // This test input has mixed encoding. It is encoded using %-encoding (e.g.,
+        // the %20 representing spaces) and the '\\o' representing backslash
+        // encoding. This particular backslash encoding (the "e\\tc") should
+        // match *both* JavaScriptCodec and the UnixCodec.
+        String testInput = "echo%20\"Hello%20$(id)\";%20echo \"Today is: \\$(date)\" && cat \\.\\.\\///..///..///..//../e\\tc///passwd";
+
+            // SecurityConfiguration before we change it later to tweak the Encoder.DefaultCodecList property
+        SecurityConfiguration scOrig = ESAPI.securityConfiguration();
+
+        // We only use the 3 standard (default) Codecs here:
+        //      HTMLEntityCodec, PercentCodec, and JavaScriptCodec.
+        // Since testInput only has one of these encodings (the PercentCodec),
+        // it will not fire off an IntrustionDetectionException here.
+        Encoder ecOrig = new DefaultEncoder( scOrig.getDefaultCanonicalizationCodecs() );
+        String canonOrig = null;
+        boolean caughtExpected = false;
+        try {
+            ecOrig.canonicalize( testInput );
+        } catch( IntrusionException iex) {
+            caughtExpected = true;
+        }
+        assertTrue( caughtExpected );   // Verify it threw an IntrusionException
+
+        // Now set up a case where (via the Encoder.DefaultCodecList property)
+        // where "UnixCodec" is added on to the standard list of 3 normal codecs
+        // used. Since we also have encoding using '\' encoding that should be
+        // recognized by UnixCodec, we should now get an
+        // IntrusionException as we have mixed and mulitple encoding
+        // both that should be recognized here.
+        List<String> myCodecs = new ArrayList<String>();
+        myCodecs.add( "HTMLEntityCodec" );
+        myCodecs.add( "PercentCodec" );
+        // myCodecs.add( "JavaScriptCodec" );   // Don't use this or we will have to parse exception message
+                                                // to see if test was successful or not.
+            // Instead of JavaScriptCodec, we will use UnixCodec to detect the backslash encoding here.
+        myCodecs.add( "UnixCodec" );
+
+            // Finally override ESAPI to use the new SecurityConfiguration
+        ESAPI.override( new Conf( ESAPI.securityConfiguration(), myCodecs ) );
+
+        SecurityConfiguration scAltered = ESAPI.securityConfiguration();
+        List<String> origCodecs = scOrig.getDefaultCanonicalizationCodecs();
+        List<String> alteredCodecs = scAltered.getDefaultCanonicalizationCodecs();
+
+            // First, let's confirm we've actually overridden the SecurityConfiguration.
+        assertNotEquals( origCodecs, alteredCodecs );
+
+            // Now do the canonicalization w/ the new list of codecs
+        caughtExpected = true;
+        try {
+            String canonAltered = ESAPI.encoder().canonicalize( testInput );
+        } catch( IntrusionException iex ) {
+            caughtExpected = true;
+        }
+
+        assertTrue( caughtExpected );   // Verify it threw an IntrusionException
+    }
+
+    /**
+     * Test of encodeForJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForJSON_EmptyStrings() {
+        System.out.println("testEncodeForJSON_EmptyStrings");
+        Encoder instance = ESAPI.encoder();
+
+        // Empty strings
+        assertEquals( null, instance.encodeForJSON(null) );
+        assertEquals( "", instance.encodeForJSON("") );
+        assertEquals( " ", instance.encodeForJSON(" ") );
+    }
+
+    /**
+     * Test of encodeForJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForJSON_7BitClean() {
+        System.out.println("testEncodeForJSON_7BitClean");
+        Encoder instance = ESAPI.encoder();
+
+        // Walk a message without escaped characters
+        String message = "Now is the time for all good men to come to the aide of their country.";
+        for ( int i = 1; i < message.length(); ++i ) {
+            final String substring = message.substring(0, i);
+            assertEquals( substring, instance.encodeForJSON(substring) );
+        }
+    }
+
+    /**
+     * Test of encodeForJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForJSON_2CharEscapeSequences() {
+        System.out.println("testEncodeForJSON_2CharEscapeSequences");
+        Encoder instance = ESAPI.encoder();
+
+        // Two-character sequence escape representations of some
+        // popular characters
+        assertEquals( "\\b", instance.encodeForJSON("\b") );
+        assertEquals( "\\f", instance.encodeForJSON("\f") );
+        assertEquals( "\\r", instance.encodeForJSON("\r") );
+        assertEquals( "\\n", instance.encodeForJSON("\n") );
+        assertEquals( "\\t", instance.encodeForJSON("\t") );
+        assertEquals( "\\\"", instance.encodeForJSON("\"") );
+        assertEquals( "\\/",  instance.encodeForJSON("/" ) );
+        assertEquals( "\\\\", instance.encodeForJSON("\\") );
+    }
+
+    /**
+     * Test of encodeForJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForJSON_ControlCharacters() {
+        System.out.println("testEncodeForJSON_ControlCharacters");
+        Encoder instance = ESAPI.encoder();
+
+        // All Unicode characters may be placed within the quotation marks,
+        // except for the characters that MUST be escaped: quotation mark,
+        // reverse solidus, and the control characters (U+0000 through U+001F).
+        for ( int i = 0; i <= 0x1f; ++i ) {
+            final char ch = (char)i;
+            if( ch == '\b' || ch == '\f' || ch == '\r' || ch == '\n' || ch == '\t' ) {
+                continue;
+            }
+
+            final String str1 = String.format( "\\u%04x", i );
+            final String str2 = Character.toString( ch );
+            assertEquals( str1, instance.encodeForJSON(str2) );
+        }
+    }
+
+    /**
+     * Test of encodeForJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testEncodeForJSON_PrintableChars() {
+        System.out.println("testEncodeForJSON_PrintableChars");
+        Encoder instance = ESAPI.encoder();
+
+        // And the remainder of printable characters
+        for ( int i = 32; i <= 126; ++i ) {
+            final char ch = (char)i;
+            if( ch == '/' || ch == '\\' || ch == '\"' ) {
+                continue;
+            }
+
+            final String str = Character.toString( ch );
+            assertEquals( str, instance.encodeForJSON(str) );
+        }
+    }
+
+    /**
+     * Test of decodeFromJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromJSON_EmptyStrings() {
+        System.out.println("testDecodeFromJSON_EmptyStrings");
+        Encoder instance = ESAPI.encoder();
+
+        // Empty strings
+        assertEquals( null, instance.decodeFromJSON(null) );
+        assertEquals( "", instance.decodeFromJSON("") );
+        assertEquals( " ", instance.decodeFromJSON(" ") );
+    }
+
+    /**
+     * Test of decodeFromJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromJSON_7BitClean() {
+        System.out.println("testDecodeFromJSON_7BitClean");
+        Encoder instance = ESAPI.encoder();
+
+        // Walk a message without escaped characters
+        String message = "Now is the time for all good men to come to the aide of their country.";
+        for ( int i = 1; i < message.length(); ++i ) {
+            final String substring = message.substring(0, i);
+            assertEquals( substring, instance.decodeFromJSON(substring) );
+        }
+    }
+
+    /**
+     * Test of decodeFromJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromJSON_2CharEscapeSequences() {
+        System.out.println("testDecodeFromJSON_2CharEscapeSequences");
+        Encoder instance = ESAPI.encoder();
+
+        // Two-character sequence escape representations of some
+        // popular characters
+        assertEquals( "\b", instance.decodeFromJSON("\\b") );
+        assertEquals( "\f", instance.decodeFromJSON("\\f") );
+        assertEquals( "\r", instance.decodeFromJSON("\\r") );
+        assertEquals( "\n", instance.decodeFromJSON("\\n") );
+        assertEquals( "\t", instance.decodeFromJSON("\\t") );
+        assertEquals( "\"", instance.decodeFromJSON("\\\"") );
+        assertEquals( "/",  instance.decodeFromJSON("\\/" ) );
+        assertEquals( "\\", instance.decodeFromJSON("\\\\") );
+    }
+
+    /**
+     * Test of decodeFromJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromJSON_ControlCharacters() {
+        System.out.println("testDecodeFromJSON_ControlCharacters");
+        Encoder instance = ESAPI.encoder();
+
+        // All Unicode characters may be placed within the quotation marks,
+        // except for the characters that MUST be escaped: quotation mark,
+        // reverse solidus, and the control characters (U+0000 through U+001F).
+        for ( int i = 0; i <= 0x1f; ++i ) {
+            final String str = String.format( "\\u%04x", i );
+            final Character ch = (char)i;
+
+            assertEquals( Character.toString(ch), instance.decodeFromJSON(str) );
+        }
+    }
+
+    /**
+     * Test of decodeFromJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromJSON_PrintableChars() {
+        System.out.println("testDecodeFromJSON_PrintableChars");
+        Encoder instance = ESAPI.encoder();
+
+        // And the remainder of printable characters
+        for ( int i = 32; i <= 126; ++i ) {
+            final String str = String.format( "\\u%04x", i );
+            final Character ch = (char)i;
+
+            assertEquals( Character.toString(ch), instance.decodeFromJSON(str) );
+        }
+    }
+
+    /**
+     * Test of decodeFromJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromJSON_Slashes() {
+        System.out.println("testDecodeFromJSON_Slashes");
+        Encoder instance = ESAPI.encoder();
+
+        // And a couple extra for good measure...
+        assertEquals( "\\", instance.decodeFromJSON("\\u005c") );
+        assertEquals( "\\", instance.decodeFromJSON("\\u005C") );
+        assertEquals( "\\\\", instance.decodeFromJSON("\\u005c\\u005c") );
+        assertEquals( "\\\\", instance.decodeFromJSON("\\u005C\\u005C") );
+    }
+
+    /**
+     * Test of decodeFromJSON method, of class org.owasp.esapi.Encoder.
+     */
+    public void testDecodeFromJSON_Malformed() {
+        System.out.println("testDecodeFromJSON_Malformed");
+        Encoder instance = ESAPI.encoder();
+
+        // Malformed. No '\a' or \c' popular characters
+        boolean exceptionThrown = false;
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\a");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. No '\a' or \c' popular characters
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\c");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. Must have 4 hex digits
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\u");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. Must have 4 hex digits
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\u0");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. Must have 4 hex digits
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\u00");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. Must have 4 hex digits
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\u005");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. Must have 4 hex digits
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\u0nnnABCDEFGHIJKLMNOPQRSTUVWXYZ");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. Must have 4 hex digits
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\u00nnABCDEFGHIJKLMNOPQRSTUVWXYZ");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. Must have 4 hex digits
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\u005nABCDEFGHIJKLMNOPQRSTUVWXYZ");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+
+        // Malformed. The '\U' must be lowercase
+        try {
+            exceptionThrown = false;
+            String unused = instance.decodeFromJSON("\\U005C");
+        }
+        catch (IllegalArgumentException e) {
+            exceptionThrown = true;
+        }
+        assertTrue( exceptionThrown );
+    }
+
+    /**
+     * Test of encodeForJSON and decodeFromJSON methods, of class org.owasp.esapi.Encoder.
+     * https://github.com/ESAPI/esapi-java-legacy/pull/722#discussion_r922860329
+     */
+    public void testRoundtripWithJSON_SupplementaryUnicode () {
+        System.out.println("testRoundtripWithJSON_SupplementaryUnicode");
+        Encoder instance = ESAPI.encoder();
+
+        // U+1F602 is "\uD83D\uDE02" in Java
+        // https://www.fileformat.info/info/unicode/char/1f602/index.htm
+        final String FACE_WITH_TEARS_OF_JOY = "\uD83D\uDE02";
+        assertEquals( FACE_WITH_TEARS_OF_JOY, instance.decodeFromJSON(instance.encodeForJSON(FACE_WITH_TEARS_OF_JOY)) );
+    }
+
+    /**
+     * Test of encodeForJSON and decodeFromJSON methods, of class org.owasp.esapi.Encoder.
+     */
+    public void testRoundtripWithJSON_Random6CharEscapes () {
+        System.out.println("testRoundtripWithJSON_Random6CharEscapes");
+        Encoder instance = ESAPI.encoder();
+
+        // Walk a message without escaped characters
+        final String str1 = "Now is the time for all good men to come to the aide of their country.";
+
+        StringBuilder sb = new StringBuilder();
+        Randomizer prng = ESAPI.randomizer();
+
+        for ( int i = 0; i < str1.length(); ++i ) {
+            // Perform 6-character escaping on a character with probability 1/4
+            final boolean encode = prng.getRandomBoolean() & prng.getRandomBoolean();
+            if ( encode ) {
+                sb.append( String.format("\\u%04x", (int)str1.charAt(i)) );
+            }
+            else {
+                sb.append( str1.charAt(i) );
+            }
+        }
+
+        final String str2 = sb.toString();
+        assertEquals( str1, instance.decodeFromJSON(str2) );
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/ExecutorTest.java b/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
index f97a81ce0..922ac2d21 100644
--- a/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
@@ -1,269 +1,324 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.ExecuteResult;
-import org.owasp.esapi.Executor;
-import org.owasp.esapi.SecurityConfiguration;
-import org.owasp.esapi.SecurityConfigurationWrapper;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.UnixCodec;
-import org.owasp.esapi.codecs.WindowsCodec;
-
-/**
- * The Class ExecutorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ExecutorTest extends TestCase {
-
-	private SecurityConfiguration origConfig;
-
-	private static class Conf extends SecurityConfigurationWrapper
-	{
-		private final List allowedExes;
-		private final File workingDir;
-
-		Conf(SecurityConfiguration orig, List allowedExes, File workingDir)
-		{
-			super(orig);
-			this.allowedExes = allowedExes;
-			this.workingDir = workingDir;
-		}
-
-		@Override
-		public List getAllowedExecutables()
-		{
-			return allowedExes;
-		}
-
-		@Override
-		public File getWorkingDirectory()
-		{
-			return workingDir;
-		}
-	}
-
-	/**
-	 * Instantiates a new executor test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public ExecutorTest(String testName) {
-		super(testName);
-	}
-
-    @Override
-    protected void tearDown() throws Exception {
-        ESAPI.override(null);
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(ExecutorTest.class);
-		return suite;
-	}
-
-	/**
-	 * Test of executeOSCommand method, of class org.owasp.esapi.Executor
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testExecuteWindowsSystemCommand() throws Exception {
-		System.out.println("executeWindowsSystemCommand");
-
-		if ( System.getProperty("os.name").indexOf("Windows") == -1 ) {
-			System.out.println("testExecuteWindowsSystemCommand - on non-Windows platform, exiting");
-			return;	// Not windows, not going to execute this path
-		}
-		File tmpDir = new File(System.getProperty("java.io.tmpdir")).getCanonicalFile();
-		File sysRoot = new File(System.getenv("SystemRoot")).getCanonicalFile();
-		File sys32 = new File(sysRoot,"system32").getCanonicalFile();
-		File cmd = new File(sys32,"cmd.exe").getCanonicalFile();
-		ESAPI.override(
-			new Conf(
-				ESAPI.securityConfiguration(),
-				Collections.singletonList(cmd.getPath()),
-				tmpDir
-			)
-		);
-
-		Codec codec = new WindowsCodec();
-		System.out.println("executeSystemCommand");
-		Executor instance = ESAPI.executor();
-		List params = new ArrayList();
-		try {
-			params.add("/C");
-			params.add("dir");
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			assertTrue(result.getOutput().length() > 0);
-		} catch (Exception e) {
-			e.printStackTrace();
-			fail();
-		}
-		try {
-			File exec2 = new File( cmd.getPath() + ";inject.exe" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			File exec2 = new File( cmd.getPath() + "\\..\\cmd.exe" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			File workdir = new File( "c:\\ridiculous" );
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params), workdir, codec, false, false );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			params.add("&dir");
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-
-		try {
-			params.set( params.size()-1, "c:\\autoexec.bat" );
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-
-		try {
-			params.set( params.size()-1, "c:\\autoexec.bat c:\\config.sys" );
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-	}
-
-	/**
-	 * Test of executeOSCommand method, of class org.owasp.esapi.Executor
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testExecuteUnixSystemCommand() throws Exception {
-		System.out.println("executeUnixSystemCommand");
-
-		if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
-			System.out.println("executeUnixSystemCommand - on Windows platform, exiting");
-			return;
-		}
-
-		// FIXME: need more test cases to use this codec
-		Codec codec = new UnixCodec();
-
-		// make sure we have what /bin/sh is pointing at in the allowed exes for the test
-		// and a usable working dir
-		File binSh = new File("/bin/sh").getCanonicalFile();
-		ESAPI.override(
-			new Conf(
-				ESAPI.securityConfiguration(),
-				Collections.singletonList(binSh.getPath()),
-				new File("/tmp")
-			)
-		);
-
-		Executor instance = ESAPI.executor();
-		File executable = binSh;
-		List params = new ArrayList();
-		try {
-			params.add("-c");
-			params.add("ls");
-			params.add("/");
-			ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			assertTrue(result.getOutput().length() > 0);
-		} catch (Exception e) {
-			fail(e.getMessage());
-		}
-		try {
-			File exec2 = new File( executable.getPath() + ";./inject" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			File exec2 = new File( executable.getPath() + "/../bin/sh" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			params.add(";ls");
-			ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-
-		try {
-			File cwd = new File(".");
-			File script = File.createTempFile("ESAPI-ExecutorTest", "sh", cwd);
-			script.deleteOnExit();
-			FileWriter output = new FileWriter(script);
-			try {
-				output.write("i=0\nwhile [ $i -lt 8192 ]\ndo\necho stdout data\necho stderr data >&2\ni=$((i+1))\ndone\n");
-			} finally {
-				output.close();
-			}
-			List deadlockParams = new ArrayList();
-			deadlockParams.add(script.getName());
-			ExecuteResult result = instance.executeSystemCommand(executable, deadlockParams, cwd, codec, true, false);
-			System.out.println( "RESULT: " + result.getExitValue() );
-			assertEquals(0, result.getExitValue());
-		} catch (Exception e) {
-			fail();
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.ExecuteResult;
+import org.owasp.esapi.Executor;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.UnixCodec;
+import org.owasp.esapi.codecs.WindowsCodec;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * The Class ExecutorTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ExecutorTest extends TestCase {
+
+    private static class Conf extends SecurityConfigurationWrapper
+    {
+        private final List allowedExes;
+        private final File workingDir;
+
+        Conf(SecurityConfiguration orig, List allowedExes, File workingDir)
+        {
+            super(orig);
+            this.allowedExes = allowedExes;
+            this.workingDir = workingDir;
+        }
+
+        @Override
+        public List getAllowedExecutables()
+        {
+            return allowedExes;
+        }
+
+        @Override
+        public File getWorkingDirectory()
+        {
+            return workingDir;
+        }
+    }
+
+    /**
+     * Instantiates a new executor test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public ExecutorTest(String testName) {
+        super(testName);
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        ESAPI.override(null);
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(ExecutorTest.class);
+        return suite;
+    }
+
+    private void resetSingletonField() throws Exception {
+        //Wipe the singleton field here so we can force recreation.
+        Field singletonField = DefaultExecutor.class.getDeclaredField("singletonInstance");
+        singletonField.setAccessible(true);
+        //Object ref is ignored since field is static.
+        singletonField.set(new Object(), null);
+    }
+
+    public void testPlatformResoveWindows() throws Exception {
+        String origName = System.getProperty("os.name");
+
+        try {
+            //Wipe the singleton field here so we can force recreation.
+            resetSingletonField();
+
+            System.setProperty("os.name", "a name that includes the literal 'Windows'");
+            Executor ex = DefaultExecutor.getInstance();
+
+
+            Field codecField = DefaultExecutor.class.getDeclaredField("codec");
+            codecField.setAccessible(true);
+
+            Object instCodec = codecField.get(ex);
+
+            assertTrue(instCodec instanceof WindowsCodec);
+        } finally {
+            System.setProperty("os.name", origName);
+            resetSingletonField();
+        }
+    }
+
+    public void testPlatformResolveNx() throws Exception{
+        String origName = System.getProperty("os.name");
+
+        try {
+            //Wipe the singleton field here so we can force recreation.
+            resetSingletonField();
+
+            //Unmatched Platform is anything but the literal string "Windows" - In part or in whole.
+            System.setProperty("os.name", "unmatchedPlatform");
+            Executor ex = DefaultExecutor.getInstance();
+
+
+            Field codecField = DefaultExecutor.class.getDeclaredField("codec");
+            codecField.setAccessible(true);
+
+            Object instCodec = codecField.get(ex);
+
+            assertTrue(instCodec instanceof UnixCodec);
+        } finally {
+            System.setProperty("os.name", origName);
+            resetSingletonField();
+        }
+    }
+
+
+    /**
+     * Test of executeOSCommand method, of class org.owasp.esapi.Executor
+     *
+     * @throws Exception
+     *             the exception
+     */
+    public void testExecuteWindowsSystemCommand() throws Exception {
+        System.out.println("executeWindowsSystemCommand");
+
+        if ( System.getProperty("os.name").indexOf("Windows") == -1 ) {
+            System.out.println("testExecuteWindowsSystemCommand - on non-Windows platform, exiting");
+            return;    // Not windows, not going to execute this path
+        }
+        File tmpDir = new File(System.getProperty("java.io.tmpdir")).getCanonicalFile();
+        File sysRoot = new File(System.getenv("SystemRoot")).getCanonicalFile();
+        File sys32 = new File(sysRoot,"system32").getCanonicalFile();
+        File cmd = new File(sys32,"cmd.exe").getCanonicalFile();
+        ESAPI.override(
+            new Conf(
+                ESAPI.securityConfiguration(),
+                Collections.singletonList(cmd.getPath()),
+                tmpDir
+            )
+        );
+
+        Codec codec = new WindowsCodec();
+        System.out.println("executeSystemCommand");
+        Executor instance = ESAPI.executor();
+        List params = new ArrayList();
+        try {
+            params.add("/C");
+            params.add("dir");
+            ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+            assertTrue(result.getOutput().length() > 0);
+        } catch (Exception e) {
+            e.printStackTrace();
+            fail();
+        }
+        try {
+            File exec2 = new File( cmd.getPath() + ";inject.exe" );
+            ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+            fail();
+        } catch (Exception e) {
+            // expected
+        }
+        try {
+            File exec2 = new File( cmd.getPath() + "\\..\\cmd.exe" );
+            ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+            fail();
+        } catch (Exception e) {
+            // expected
+        }
+        try {
+            File workdir = new File( "c:\\ridiculous" );
+            ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params), workdir, codec, false, false );
+            System.out.println( "RESULT: " + result );
+            fail();
+        } catch (Exception e) {
+            // expected
+        }
+        try {
+            params.add("&dir");
+            ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+        } catch (Exception e) {
+            fail();
+        }
+
+        try {
+            params.set( params.size()-1, "c:\\autoexec.bat" );
+            ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+        } catch (Exception e) {
+            fail();
+        }
+
+        try {
+            params.set( params.size()-1, "c:\\autoexec.bat c:\\config.sys" );
+            ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+        } catch (Exception e) {
+            fail();
+        }
+    }
+
+    /**
+     * Test of executeOSCommand method, of class org.owasp.esapi.Executor
+     *
+     * @throws Exception
+     *             the exception
+     */
+    public void testExecuteUnixSystemCommand() throws Exception {
+        System.out.println("executeUnixSystemCommand");
+
+        if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
+            System.out.println("executeUnixSystemCommand - on Windows platform, exiting");
+            return;
+        }
+
+        // FIXME: need more test cases to use this codec
+        Codec codec = new UnixCodec();
+
+        // make sure we have what /bin/sh is pointing at in the allowed exes for the test
+        // and a usable working dir
+        File binSh = new File("/bin/sh").getCanonicalFile();
+        ESAPI.override(
+            new Conf(
+                ESAPI.securityConfiguration(),
+                Collections.singletonList(binSh.getPath()),
+                new File("/tmp")
+            )
+        );
+
+        Executor instance = ESAPI.executor();
+        File executable = binSh;
+        List params = new ArrayList();
+        try {
+            params.add("-c");
+            params.add("ls");
+            params.add("/");
+            ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+            assertTrue(result.getOutput().length() > 0);
+        } catch (Exception e) {
+            fail(e.getMessage());
+        }
+        try {
+            File exec2 = new File( executable.getPath() + ";./inject" );
+            ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+            fail();
+        } catch (Exception e) {
+            // expected
+        }
+        try {
+            File exec2 = new File( executable.getPath() + "/../bin/sh" );
+            ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+            fail();
+        } catch (Exception e) {
+            // expected
+        }
+        try {
+            params.add(";ls");
+            ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
+            System.out.println( "RESULT: " + result );
+        } catch (Exception e) {
+            fail();
+        }
+
+        try {
+            File cwd = new File(".");
+            File script = File.createTempFile("ESAPI-ExecutorTest", "sh", cwd);
+            script.deleteOnExit();
+            FileWriter output = new FileWriter(script);
+            try {
+                output.write("i=0\nwhile [ $i -lt 8192 ]\ndo\necho stdout data\necho stderr data >&2\ni=$((i+1))\ndone\n");
+            } finally {
+                output.close();
+            }
+            List deadlockParams = new ArrayList();
+            deadlockParams.add(script.getName());
+            ExecuteResult result = instance.executeSystemCommand(executable, deadlockParams, cwd, codec, true, false);
+            System.out.println( "RESULT: " + result.getExitValue() );
+            assertEquals(0, result.getExitValue());
+        } catch (Exception e) {
+            fail();
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
new file mode 100644
index 000000000..38e6103c6
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
@@ -0,0 +1,59 @@
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Validator;
+
+
+@RunWith(Parameterized.class)
+public class ExtensiveEncoderURITest {
+    static List<String> inputs = new ArrayList<>();
+    Validator v = ESAPI.validator();
+    String uri;
+    boolean expected;
+
+    public ExtensiveEncoderURITest(String uri){
+        String[] values = uri.split(",");
+        this.uri = values[0];
+        this.expected = Boolean.parseBoolean(values[1]);
+    }
+
+    @Parameters
+    public static Collection<String> getMyUris() throws Exception{
+        URL url = ExtensiveEncoderURITest.class.getResource("/urisForTest.txt");
+
+        try( BufferedReader br = new BufferedReader(new InputStreamReader(url.openStream(), StandardCharsets.UTF_8)) ) {
+            inputs = readAllLines(br);
+        }
+        return inputs;
+    }
+
+    private static List<String> readAllLines(BufferedReader br) throws IOException {
+        List<String> lines = new ArrayList<>();
+        String line;
+        while ((line = br.readLine()) != null) {
+            lines.add(line);
+        }
+        return lines;
+    }
+
+    @Test
+    public void testUrlsFromFile() {
+        assertEquals(this.expected, v.isValidURI("URL", uri, false));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index 40f9e219e..2b164dbd9 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -1,507 +1,762 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.User;
-import org.owasp.esapi.codecs.Hex;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.http.MockHttpSession;
-import org.owasp.esapi.util.FileTestUtils;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.*;
-
-/**
- * The Class HTTPUtilitiesTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class HTTPUtilitiesTest extends TestCase
-{
-	private static final Class<HTTPUtilitiesTest> CLASS = HTTPUtilitiesTest.class;
-	private static final String CLASS_NAME = CLASS.getName();
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		return new TestSuite(HTTPUtilitiesTest.class);
-	}
-
-	/**
-	 * Instantiates a new HTTP utilities test.
-	 * 
-	 * @param testName the test name
-	 */
-	public HTTPUtilitiesTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @throws Exception
-	 */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @throws Exception
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	public void testCSRFToken() throws Exception {
-		System.out.println( "CSRFToken");
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user = ESAPI.authenticator().createUser(username, "addCSRFToken", "addCSRFToken");
-		ESAPI.authenticator().setCurrentUser( user );
-		String token = ESAPI.httpUtilities().getCSRFToken();
-		assertEquals( 8, token.length() );
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		try {
-			ESAPI.httpUtilities().verifyCSRFToken(request);
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		request.addParameter( DefaultHTTPUtilities.CSRF_TOKEN_NAME, token );
-		ESAPI.httpUtilities().verifyCSRFToken(request);
-	}
-
-	/**
-	 * Test of addCSRFToken method, of class org.owasp.esapi.HTTPUtilities.
-	 * @throws AuthenticationException 
-	 */
-	public void testAddCSRFToken() throws AuthenticationException {
-		Authenticator instance = ESAPI.authenticator();
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user = instance.createUser(username, "addCSRFToken", "addCSRFToken");
-		instance.setCurrentUser( user );
-
-		System.out.println("addCSRFToken");
-		String csrf1=ESAPI.httpUtilities().addCSRFToken("/test1");
-		System.out.println( "CSRF1:" + csrf1);
-		assertTrue(csrf1.indexOf("?") > -1);
-
-		String csrf2=ESAPI.httpUtilities().addCSRFToken("/test1?one=two");
-		System.out.println( "CSRF1:" + csrf1);
-		assertTrue(csrf2.indexOf("&") > -1);
-	}
-
-
-	/**
-	 * Test of assertSecureRequest method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testAssertSecureRequest() {
-		System.out.println("assertSecureRequest");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		try {
-			request.setRequestURL( "http://example.com");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( "ftp://example.com");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( "");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( null );
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( "https://example.com");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			// pass
-		} catch( Exception e ) {
-			fail();
-		}
-	}
-
-
-	/**
-	 * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
-	 * 
-	 * @throws EnterpriseSecurityException
-	 */
-	public void testChangeSessionIdentifier() throws EnterpriseSecurityException {
-		System.out.println("changeSessionIdentifier");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		MockHttpSession session = (MockHttpSession) request.getSession();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		session.setAttribute("one", "one");
-		session.setAttribute("two", "two");
-		session.setAttribute("three", "three");
-		String id1 = session.getId();
-		session = (MockHttpSession) ESAPI.httpUtilities().changeSessionIdentifier( request );
-		String id2 = session.getId();
-		assertTrue(!id1.equals(id2));
-		assertEquals("one", (String) session.getAttribute("one"));
-	}
-
-	/**
-	 * Test of formatHttpRequestForLog method, of class org.owasp.esapi.HTTPUtilities.
-	 * @throws IOException 
-	 */
-	public void testGetFileUploads() throws IOException {
-		File home = null;
-
-		try
-		{
-			home = FileTestUtils.createTmpDirectory(CLASS_NAME);
-			String content = "--ridiculous\r\nContent-Disposition: form-data; name=\"upload\"; filename=\"testupload.txt\"\r\nContent-Type: application/octet-stream\r\n\r\nThis is a test of the multipart broadcast system.\r\nThis is only a test.\r\nStop.\r\n\r\n--ridiculous\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\nSubmit Query\r\n--ridiculous--\r\nEpilogue";
-
-			MockHttpServletResponse response = new MockHttpServletResponse();    
-			MockHttpServletRequest request1 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
-			ESAPI.httpUtilities().setCurrentHTTP(request1, response);
-			try {
-				ESAPI.httpUtilities().getFileUploads(request1, home);
-				fail();
-			} catch( ValidationException e ) {
-				// expected
-			}
-
-			MockHttpServletRequest request2 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
-			request2.setContentType( "multipart/form-data; boundary=ridiculous");
-			ESAPI.httpUtilities().setCurrentHTTP(request2, response);
-			try {
-				List list = ESAPI.httpUtilities().getFileUploads(request2, home);
-				Iterator i = list.iterator();
-				while ( i.hasNext() ) {
-					File f = (File)i.next();
-					System.out.println( "  " + f.getAbsolutePath() );
-				}
-				assertTrue( list.size() > 0 );
-			} catch (ValidationException e) {
-				fail();
-			}
-
-			MockHttpServletRequest request4 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
-			request4.setContentType( "multipart/form-data; boundary=ridiculous");
-			ESAPI.httpUtilities().setCurrentHTTP(request4, response);
-			System.err.println("UPLOAD DIRECTORY: " + ESAPI.securityConfiguration().getUploadDirectory());
-			try {
-				List list = ESAPI.httpUtilities().getFileUploads(request4, home);
-				Iterator i = list.iterator();
-				while ( i.hasNext() ) {
-					File f = (File)i.next();
-					System.out.println( "  " + f.getAbsolutePath() );
-				}
-				assertTrue( list.size() > 0 );
-			} catch (ValidationException e) {
-				System.err.println("ERROR: " + e.toString());
-				fail();
-			}
-
-			MockHttpServletRequest request3 = new MockHttpServletRequest("/test", content.replaceAll("txt", "ridiculous").getBytes(response.getCharacterEncoding()));
-			request3.setContentType( "multipart/form-data; boundary=ridiculous");
-			ESAPI.httpUtilities().setCurrentHTTP(request3, response);
-			try {
-				ESAPI.httpUtilities().getFileUploads(request3, home);
-				fail();
-			} catch (ValidationException e) {
-				// expected
-			}
-		}
-		finally
-		{
-			FileTestUtils.deleteRecursively(home);
-		}
-
-	}
-
-
-
-	/**
-	 * Test of killAllCookies method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testKillAllCookies() {
-		System.out.println("killAllCookies");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		assertTrue(response.getCookies().isEmpty());
-		ArrayList list = new ArrayList();
-		list.add(new Cookie("test1", "1"));
-		list.add(new Cookie("test2", "2"));
-		list.add(new Cookie("test3", "3"));
-		request.setCookies(list);
-		ESAPI.httpUtilities().killAllCookies(request, response);
-		assertTrue(response.getCookies().size() == 3);
-	}
-
-	/**
-	 * Test of killCookie method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testKillCookie() {
-		System.out.println("killCookie");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		assertTrue(response.getCookies().isEmpty());
-		ArrayList list = new ArrayList();
-		list.add(new Cookie("test1", "1"));
-		list.add(new Cookie("test2", "2"));
-		list.add(new Cookie("test3", "3"));
-		request.setCookies(list);
-		ESAPI.httpUtilities().killCookie( request, response, "test1" );
-		assertTrue(response.getCookies().size() == 1);
-	}
-
-	/**
-	 * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
-	 * 
-	 * @throws ValidationException the validation exception
-	 * @throws IOException Signals that an I/O exception has occurred.
-	 */
-	public void testSendSafeRedirect() throws Exception {
-		System.out.println("sendSafeRedirect");
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		try {
-			ESAPI.httpUtilities().sendRedirect(response, "/test1/abcdefg");
-			ESAPI.httpUtilities().sendRedirect(response,"/test2/1234567");
-		} catch (IOException e) {
-			fail();
-		}
-		try {
-			ESAPI.httpUtilities().sendRedirect(response,"http://www.aspectsecurity.com");
-			fail();
-		} catch (IOException e) {
-			// expected
-		}
-		try {
-			ESAPI.httpUtilities().sendRedirect(response,"/ridiculous");
-			fail();
-		} catch (IOException e) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of setCookie method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testSetCookie() {
-		System.out.println("setCookie");
-		HTTPUtilities instance = ESAPI.httpUtilities(); 
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		assertTrue(response.getHeaderNames().isEmpty());
-
-		instance.addCookie( response, new Cookie( "test1", "test1" ) );
-		assertTrue(response.getHeaderNames().size() == 1);
-
-		instance.addCookie( response, new Cookie( "test2", "test2" ) );
-		assertTrue(response.getHeaderNames().size() == 2);
-
-		// test illegal name
-		instance.addCookie( response, new Cookie( "tes<t3", "test3" ) );
-		assertTrue(response.getHeaderNames().size() == 2);
-
-		// test illegal value
-		instance.addCookie( response, new Cookie( "test3", "tes<t3" ) );
-		assertTrue(response.getHeaderNames().size() == 2);
-	}
-
-	/**
-	 *
-	 * @throws java.lang.Exception
-	 */
-	public void testGetStateFromEncryptedCookie() throws Exception {
-		System.out.println("getStateFromEncryptedCookie");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-
-		// test null cookie array
-		Map empty = ESAPI.httpUtilities().decryptStateFromCookie(request);
-		assertTrue( empty.isEmpty() );
-
-		HashMap map = new HashMap();
-		map.put( "one", "aspect" );
-		map.put( "two", "ridiculous" );
-		map.put( "test_hard", "&(@#*!^|;,." );
-		try {
-			ESAPI.httpUtilities().encryptStateInCookie(response, map);
-			String value = response.getHeader( "Set-Cookie" );
-			String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
-			request.setCookie( DefaultHTTPUtilities.ESAPI_STATE, encrypted );
-			Map state = ESAPI.httpUtilities().decryptStateFromCookie(request);
-			Iterator i = map.entrySet().iterator();
-			while ( i.hasNext() ) {
-				Map.Entry entry = (Map.Entry)i.next();
-				String origname = (String)entry.getKey();
-				String origvalue = (String)entry.getValue();
-				if( !state.get( origname ).equals( origvalue ) ) {
-					fail();
-				}
-			}
-		} catch( EncryptionException e ) {
-			fail();
-		}
-	}
-
-	/**
-	 *
-	 */
-	public void testSaveStateInEncryptedCookie() {
-		System.out.println("saveStateInEncryptedCookie");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		HashMap map = new HashMap();
-		map.put( "one", "aspect" );
-		map.put( "two", "ridiculous" );
-		map.put( "test_hard", "&(@#*!^|;,." );
-		try {
-			ESAPI.httpUtilities().encryptStateInCookie(response,map);
-			String value = response.getHeader( "Set-Cookie" );
-			String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
-			byte[] serializedCiphertext = Hex.decode(encrypted);
-	        CipherText restoredCipherText =
-	            CipherText.fromPortableSerializedBytes(serializedCiphertext);
-	        ESAPI.encryptor().decrypt(restoredCipherText);
-		} catch( EncryptionException e ) {
-			fail();
-		}
-	}
-
-
-	/**
-	 *
-	 */
-	public void testSaveTooLongStateInEncryptedCookieException() {
-		System.out.println("saveTooLongStateInEncryptedCookie");
-
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-
-		String foo = ESAPI.randomizer().getRandomString(4096, EncoderConstants.CHAR_ALPHANUMERICS);
-
-		HashMap map = new HashMap();
-		map.put("long", foo);
-		try {
-			ESAPI.httpUtilities().encryptStateInCookie(response, map);
-			fail("Should have thrown an exception");
-		}
-		catch (EncryptionException expected) {
-			//expected
-		}    	
-	}
-
-	/**
-	 * Test set no cache headers.
-	 */
-	public void testSetNoCacheHeaders() {
-		System.out.println("setNoCacheHeaders");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		assertTrue(response.getHeaderNames().isEmpty());
-		response.addHeader("test1", "1");
-		response.addHeader("test2", "2");
-		response.addHeader("test3", "3");
-		assertFalse(response.getHeaderNames().isEmpty());
-		ESAPI.httpUtilities().setNoCacheHeaders( response );
-		assertTrue(response.containsHeader("Cache-Control"));
-		assertTrue(response.containsHeader("Expires"));
-	}
-
-	/**
-	 *
-	 * @throws org.owasp.esapi.errors.AuthenticationException
-	 */
-	public void testSetRememberToken() throws AuthenticationException {
-		System.out.println("setRememberToken");
-		Authenticator instance = (Authenticator)ESAPI.authenticator();
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", accountName);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		instance.login( request, response);
-
-		int maxAge = ( 60 * 60 * 24 * 14 );
-		ESAPI.httpUtilities().setRememberToken( request, response, password, maxAge, "domain", "/" );
-		// Can't test this because we're using safeSetCookie, which sets a header, not a real cookie!
-		// String value = response.getCookie( Authenticator.REMEMBER_TOKEN_COOKIE_NAME ).getValue();
-		// assertEquals( user.getRememberToken(), value );
-	}
-
-	public void testGetSessionAttribute() throws Exception {
-		HttpServletRequest request = new MockHttpServletRequest();
-		HttpSession session = request.getSession();
-		session.setAttribute("testAttribute", 43f);
-
-		try {
-			Integer test1 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
-			fail();
-		} catch ( ClassCastException cce ) {}
-
-		Float test2 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
-		assertEquals( test2, 43f );
-	}
-
-	public void testGetRequestAttribute() throws Exception {
-		HttpServletRequest request = new MockHttpServletRequest();
-		request.setAttribute( "testAttribute", 43f );
-		try {
-			Integer test1 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
-			fail();
-		} catch ( ClassCastException cce ) {}
-
-		Float test2 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
-		assertEquals( test2, 43f );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.User;
+import org.owasp.esapi.codecs.Hex;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.errors.ValidationUploadException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.http.MockHttpSession;
+import org.owasp.esapi.util.FileTestUtils;
+import org.owasp.esapi.util.TestUtils;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+// import org.junit.Ignore;     // Doesn't seem to work with TestSuite.
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
+/**
+ * The Class HTTPUtilitiesTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class HTTPUtilitiesTest extends TestCase
+{
+    private static final Class<HTTPUtilitiesTest> CLASS = HTTPUtilitiesTest.class;
+    private static final String CLASS_NAME = CLASS.getName();
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        return new TestSuite(HTTPUtilitiesTest.class);
+    }
+
+    /**
+     * Instantiates a new HTTP utilities test.
+     *
+     * @param testName the test name
+     */
+    public HTTPUtilitiesTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    public void testCSRFToken() throws Exception {
+        System.out.println( "CSRFToken");
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        User user = ESAPI.authenticator().createUser(username, "addCSRFToken", "addCSRFToken");
+        ESAPI.authenticator().setCurrentUser( user );
+        String token = ESAPI.httpUtilities().getCSRFToken();
+        assertEquals( 8, token.length() );
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        try {
+            ESAPI.httpUtilities().verifyCSRFToken(request);
+            fail();
+        } catch( Exception e ) {
+            // expected
+        }
+        request.addParameter( DefaultHTTPUtilities.CSRF_TOKEN_NAME, token );
+        ESAPI.httpUtilities().verifyCSRFToken(request);
+    }
+
+    /**
+     * Test of addCSRFToken method, of class org.owasp.esapi.HTTPUtilities.
+     * @throws AuthenticationException
+     */
+    public void testAddCSRFToken() throws AuthenticationException {
+        Authenticator instance = ESAPI.authenticator();
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        User user = instance.createUser(username, "addCSRFToken", "addCSRFToken");
+        instance.setCurrentUser( user );
+
+        System.out.println("addCSRFToken");
+        String csrf1=ESAPI.httpUtilities().addCSRFToken("/test1");
+        System.out.println( "CSRF1:" + csrf1);
+        assertTrue(csrf1.indexOf("?") > -1);
+
+        String csrf2=ESAPI.httpUtilities().addCSRFToken("/test1?one=two");
+        System.out.println( "CSRF1:" + csrf1);
+        assertTrue(csrf2.indexOf("&") > -1);
+    }
+
+
+    /**
+     * Test of assertSecureRequest method, of class org.owasp.esapi.HTTPUtilities.
+     */
+    public void testAssertSecureRequest() {
+        System.out.println("assertSecureRequest");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        try {
+            request.setRequestURL( "http://example.com");
+            ESAPI.httpUtilities().assertSecureRequest( request );
+            fail();
+        } catch( Exception e ) {
+            // pass
+        }
+        try {
+            request.setRequestURL( "ftp://example.com");
+            ESAPI.httpUtilities().assertSecureRequest( request );
+            fail();
+        } catch( Exception e ) {
+            // pass
+        }
+        try {
+            request.setRequestURL( "");
+            ESAPI.httpUtilities().assertSecureRequest( request );
+            fail();
+        } catch( Exception e ) {
+            // pass
+        }
+        try {
+            request.setRequestURL( null );
+            ESAPI.httpUtilities().assertSecureRequest( request );
+            fail();
+        } catch( Exception e ) {
+            // pass
+        }
+        try {
+            request.setRequestURL( "https://example.com");
+            ESAPI.httpUtilities().assertSecureRequest( request );
+            // pass
+        } catch( Exception e ) {
+            fail();
+        }
+    }
+
+
+    /**
+     * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
+     *
+     * @throws EnterpriseSecurityException
+     */
+    public void testChangeSessionIdentifier() throws EnterpriseSecurityException {
+        System.out.println("changeSessionIdentifier");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        MockHttpSession session = (MockHttpSession) request.getSession();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        session.setAttribute("one", "one");
+        session.setAttribute("two", "two");
+        session.setAttribute("three", "three");
+        String id1 = session.getId();
+        session = (MockHttpSession) ESAPI.httpUtilities().changeSessionIdentifier( request );
+        String id2 = session.getId();
+        assertTrue(!id1.equals(id2));
+        assertEquals("one", (String) session.getAttribute("one"));
+    }
+
+    /**
+     * Test of getFileUploads() method, of class org.owasp.esapi.HTTPUtilities.
+     * @throws IOException
+     */
+    public void testGetFileUploads() throws Exception {
+        File home = null;
+
+        try
+        {
+            home = FileTestUtils.createTmpDirectory(CLASS_NAME);
+            String content = "--ridiculous\r\nContent-Disposition: form-data; name=\"upload\"; filename=\"testupload.txt\"\r\nContent-Type: application/octet-stream\r\n\r\nThis is a test of the multipart broadcast system.\r\nThis is only a test.\r\nStop.\r\n\r\n--ridiculous\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\nSubmit Query\r\n--ridiculous--\r\nEpilogue";
+
+            MockHttpServletResponse response = new MockHttpServletResponse();
+            MockHttpServletRequest request1 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+            ESAPI.httpUtilities().setCurrentHTTP(request1, response);
+            try {
+                ESAPI.httpUtilities().getFileUploads(request1, home);
+                fail();
+            } catch( ValidationException e ) {
+                // expected
+            }
+
+            MockHttpServletRequest request2 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+            request2.setContentType( "multipart/form-data; boundary=ridiculous");
+            ESAPI.httpUtilities().setCurrentHTTP(request2, response);
+            List<File> response2 = new ArrayList<>();
+            try {
+                response2 = ESAPI.httpUtilities().getFileUploads(request2, home);
+                assertTrue( response2.size() > 0 );
+            } finally {
+                response2.forEach(file -> file.delete());
+            }
+
+            MockHttpServletRequest request4 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+            request4.setContentType( "multipart/form-data; boundary=ridiculous");
+            ESAPI.httpUtilities().setCurrentHTTP(request4, response);
+            System.err.println("UPLOAD DIRECTORY: " + ESAPI.securityConfiguration().getUploadDirectory());
+            List<File> response4 = new ArrayList<>();
+            try {
+                response4 = ESAPI.httpUtilities().getFileUploads(request4, home);
+                assertTrue( response4.size() > 0 );
+            } finally {
+                response4.forEach(file -> file.delete());
+            }
+
+            MockHttpServletRequest request3 = new MockHttpServletRequest("/test", content.replaceAll("txt", "ridiculous").getBytes(response.getCharacterEncoding()));
+            request3.setContentType( "multipart/form-data; boundary=ridiculous");
+            ESAPI.httpUtilities().setCurrentHTTP(request3, response);
+            try {
+                ESAPI.httpUtilities().getFileUploads(request3, home);
+                fail();
+            } catch (ValidationException e) {
+                // expected
+            }
+        }
+        finally
+        {
+            FileTestUtils.deleteRecursively(home);
+        }
+
+    }
+
+    /**
+     * Second test of getFileUpload() method, of class org.owasp.esapi.HTTPUtilities.
+     * This one is designed to fail by uploading 3 files. (The max is set to 2 files.)
+     * Based on experimentation with a dummy HTML form to send to localhost:8081
+     * and the captured request caught by running 'nc -l 127.0.0.01 8081', this 'content'
+     * is what it looks like (changing the boundary back 'ridiculous') for the
+     * result of this HTML form:
+     * <pre>
+     *    <!DOCTYPE html>
+     *    <html lang="en-US">
+     *    <head>
+     *        <title>Multifle-upload</title>
+     *    </head>
+     *    <body>
+     *    Upload files...
+     *    <form action="http://127.0.0.1:8081/"
+     *           enctype="multipart/form-data"
+     *           method="POST">
+     *       <p>
+     *       What is your name?
+     *       <input type="text" name="full-name"><br/>
+     *       </p<p><br/>What files are you sending?<br/>
+     *       <label for="file1">File 1:</label>
+     *       <input type="file" id="file1" name="file1"><br/>
+     *       <label for="file2">File 2:</label>
+     *       <input type="file" id="file2" name="file2"><br/>
+     *       <label for="file3">File 3:</label>
+     *       <input type="file" id="file3" name="file3"><br/>
+     *       <br/>
+     *       <input type="submit" value="Send">
+     *       <input type="reset">
+     *       </p>
+     *     </form>
+     *    </body>
+     *    </html>
+     * </pre>
+     * with the 'full-name' field filled in with 'kevin w. wall' and the 3
+     * uploaded files filled in with files named 'aaa.txt', 'bbb.txt', and 'ccc.txt',
+     * respectively and each those file containing created thusly from bash:
+     * <pre>
+     *     $ echo AAA >aaa.txt
+     *     $ echo BBB >bbb.txt
+     *     $ echo CCC >ccc.txt
+     * </pre>
+     * Because we are uploading 3 files, but have the property HttpUtilities.MaxUploadFileCount
+     * set to 2 in 'src/test/resources/esapi/ESAPI.properties', the file upload
+     * attempt via HTTPUtilities.getFileUploads() will result in throwing a ValidationUploadException,
+     * and if you look through the exception stack trace, you can see the
+     * 'Caused by' reason is:
+     *      Caused by: org.apache.commons.fileupload.FileCountLimitExceededException: attachment
+     *          at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:367)
+     *          at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(ServletFileUpload.java:113)
+     *          at org.owasp.esapi.reference.DefaultHTTPUtilities.getFileUploads(DefaultHTTPUtilities.java:628)
+     *          ... 23 more
+     * which is as it should be.
+     *
+     */
+    public void testGetFileUploadsTooManyFiles() throws Exception {
+        File home = null;
+
+        System.out.println("testGetFileUploadsTooManyFiles");
+
+        try
+        {
+            home = FileTestUtils.createTmpDirectory(CLASS_NAME);
+            String content =    "Content-Type: multipart/form-data; boundary=ridiculous\r\n\r\n\r\n" +
+                                "--ridiculous\r\n" +
+                                "Content-Disposition: form-data; name=\"full-name\"\r\n\r\n" +
+                                "kevin w wall\r\n" +
+                                "--ridiculous\r\n" +
+                                "Content-Disposition: form-data; name=\"file1\"; filename=\"aaa.txt\"\r\n" +
+                                "Content-Type: text/plain\r\n\r\n" +
+                                "AAA\r\n\r\n" +
+                                "--ridiculous\r\n" +
+                                "Content-Disposition: form-data; name=\"file2\"; filename=\"bbb.txt\"\r\n" +
+                                "Content-Type: text/plain\r\n\r\n" +
+                                "BBB\r\n\r\n" +
+                                "--ridiculous\r\n" +
+                                "Content-Disposition: form-data; name=\"file3\"; filename=\"ccc.txt\"\r\n" +
+                                "Content-Type: text/plain\r\n\r\n" +
+                                "CCC\r\n\r\n" +
+                                "--ridiculous--\r\n\r\n";
+
+            MockHttpServletResponse response = new MockHttpServletResponse();
+            MockHttpServletRequest request1 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+            ESAPI.httpUtilities().setCurrentHTTP(request1, response);
+
+            MockHttpServletRequest request2 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+            request2.setContentType( "multipart/form-data; boundary=ridiculous");
+            ESAPI.httpUtilities().setCurrentHTTP(request2, response);
+            List<File> response2 = new ArrayList<>();
+            boolean caughtExpectedException = false;
+            try {
+                response2 = ESAPI.httpUtilities().getFileUploads(request2, home);
+            } catch( ValidationUploadException vuex ) {
+                caughtExpectedException = true;
+            } finally {
+                response2.forEach(file -> file.delete());
+            }
+                // If this assertion fails, check the property HttpUtilities.MaxUploadFileCount in
+                // 'src/test/resources/esapi/ESAPI.properties' to make sure it is still to 2.
+            assertTrue("Did not catch expected ValidationUploadException because too many files uploaded.", caughtExpectedException );
+        }
+        finally
+        {
+            FileTestUtils.deleteRecursively(home);
+        }
+
+    }
+
+
+    /**
+     * Test of killAllCookies method, of class org.owasp.esapi.HTTPUtilities.
+     */
+    public void testKillAllCookies() {
+        System.out.println("killAllCookies");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        assertTrue(response.getCookies().isEmpty());
+        ArrayList<Cookie> list = new ArrayList<Cookie>();
+        list.add(new Cookie("test1", "1"));
+        list.add(new Cookie("test2", "2"));
+        list.add(new Cookie("test3", "3"));
+        request.setCookies(list);
+        ESAPI.httpUtilities().killAllCookies(request, response);
+        assertTrue(response.getCookies().size() == 3);
+    }
+
+    /**
+     * Test of killCookie method, of class org.owasp.esapi.HTTPUtilities.
+     */
+    public void testKillCookie() {
+        System.out.println("killCookie");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        assertTrue(response.getCookies().isEmpty());
+        ArrayList<Cookie> list = new ArrayList<Cookie>();
+        list.add(new Cookie("test1", "1"));
+        list.add(new Cookie("test2", "2"));
+        list.add(new Cookie("test3", "3"));
+        request.setCookies(list);
+        ESAPI.httpUtilities().killCookie( request, response, "test1" );
+        assertTrue(response.getCookies().size() == 1);
+    }
+
+    /**
+     * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
+     *
+     * @throws ValidationException the validation exception
+     * @throws IOException Signals that an I/O exception has occurred.
+     */
+    public void testSendSafeRedirect() throws Exception {
+        System.out.println("sendSafeRedirect");
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        try {
+            ESAPI.httpUtilities().sendRedirect(response, "/test1/abcdefg");
+            ESAPI.httpUtilities().sendRedirect(response,"/test2/1234567");
+        } catch (AccessControlException e) {
+            fail();
+        }
+        try {
+            ESAPI.httpUtilities().sendRedirect(response,"http://www.aspectsecurity.com");
+            fail();
+        } catch (AccessControlException e) {
+            // expected
+        }
+        try {
+            ESAPI.httpUtilities().sendRedirect(response,"/ridiculous");
+            fail();
+        } catch (AccessControlException e) {
+            // expected
+        }
+    }
+
+        @Rule
+        public ExpectedException thrown = ExpectedException.none();
+
+    /**
+     * Test of setCookie method, of class org.owasp.esapi.HTTPUtilities.
+     */
+    public void testSetCookie() {
+        System.out.println("setCookie");
+        HTTPUtilities instance = ESAPI.httpUtilities();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        assertTrue(response.getHeaderNames().isEmpty());
+
+        instance.addCookie( response, new Cookie( "test1", "test1" ) );
+        assertTrue(response.getHeaderNames().size() == 1);
+
+        instance.addCookie( response, new Cookie( "test2", "test2" ) );
+        assertTrue(response.getHeaderNames().size() == 2);
+
+        // test illegal name - this case is now handled by the servlet API
+                try {
+                    instance.addCookie( response, new Cookie( "tes<t3", "test3" ) );
+                    fail("Expected IllegalArgumentException");
+                } catch (IllegalArgumentException iae) {
+                    assertThat(iae.getMessage(), is("Cookie name \"tes<t3\" is a reserved token"));
+                }
+
+        // test illegal value
+        instance.addCookie( response, new Cookie( "test3", "tes<t3" ) );
+        assertTrue(response.getHeaderNames().size() == 2);
+    }
+
+    /**
+     * Test of setCookie method, of class org.owasp.esapi.HTTPUtilities.
+     * Validation failures should prevent cookies being added.
+     */
+    public void testSetCookieExceedingMaxValueAndName() {
+        HTTPUtilities instance = ESAPI.httpUtilities();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        assertTrue(response.getHeaderNames().isEmpty());
+        //request.addParameter(TestUtils.generateStringOfLength(32), "pass");
+        instance.addCookie( response, new Cookie( TestUtils.generateStringOfLength(32), "pass" ) );
+        assertTrue(response.getHeaderNames().size() == 1);
+
+        instance.addCookie( response, new Cookie( "pass", TestUtils.generateStringOfLength(32) ) );
+        assertTrue(response.getHeaderNames().size() == 2);
+        instance.addCookie( response, new Cookie( TestUtils.generateStringOfLength(5000), "fail" ) );
+        assertTrue(response.getHeaderNames().size() == 2);
+        instance.addCookie( response, new Cookie( "fail", TestUtils.generateStringOfLength(5001) ) );
+        assertTrue(response.getHeaderNames().size() == 2);
+    }
+
+
+    /**
+     *
+     * @throws java.lang.Exception
+     */
+    public void testGetStateFromEncryptedCookie() throws Exception {
+        System.out.println("getStateFromEncryptedCookie");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        // test null cookie array
+        Map<String, String> empty = ESAPI.httpUtilities().decryptStateFromCookie(request);
+        assertTrue( empty.isEmpty() );
+
+        HashMap<String, String> map = new HashMap<String, String>();
+        map.put( "one", "aspect" );
+        map.put( "two", "ridiculous" );
+        map.put( "test_hard", "&(@#*!^|;,." );
+        try {
+            ESAPI.httpUtilities().encryptStateInCookie(response, map);
+            String value = response.getHeader( "Set-Cookie" );
+            String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
+            request.setCookie( DefaultHTTPUtilities.ESAPI_STATE, encrypted );
+            Map<String, String> state = ESAPI.httpUtilities().decryptStateFromCookie(request);
+            Iterator<?> i = map.entrySet().iterator();
+            while ( i.hasNext() ) {
+                Map.Entry<?, ?> entry = (Map.Entry<?, ?>)i.next();
+                String origname = (String)entry.getKey();
+                String origvalue = (String)entry.getValue();
+                if( !state.get( origname ).equals( origvalue ) ) {
+                    fail();
+                }
+            }
+        } catch( EncryptionException e ) {
+            fail();
+        }
+    }
+
+    /**
+     *
+     */
+    public void testSaveStateInEncryptedCookie() {
+        System.out.println("saveStateInEncryptedCookie");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        HashMap<String, String> map = new HashMap<String, String>();
+        map.put( "one", "aspect" );
+        map.put( "two", "ridiculous" );
+        map.put( "test_hard", "&(@#*!^|;,." );
+        try {
+            ESAPI.httpUtilities().encryptStateInCookie(response,map);
+            String value = response.getHeader( "Set-Cookie" );
+            String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
+            byte[] serializedCiphertext = Hex.decode(encrypted);
+            CipherText restoredCipherText =
+                CipherText.fromPortableSerializedBytes(serializedCiphertext);
+            ESAPI.encryptor().decrypt(restoredCipherText);
+        } catch( EncryptionException e ) {
+            fail();
+        }
+    }
+
+
+    /**
+     *
+     */
+    public void testSaveTooLongStateInEncryptedCookieException() {
+        System.out.println("saveTooLongStateInEncryptedCookie");
+
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+
+        String foo = ESAPI.randomizer().getRandomString(4096, EncoderConstants.CHAR_ALPHANUMERICS);
+
+        HashMap<String, String> map = new HashMap<String, String>();
+        map.put("long", foo);
+        try {
+            ESAPI.httpUtilities().encryptStateInCookie(response, map);
+            fail("Should have thrown an exception");
+        }
+        catch (EncryptionException expected) {
+            //expected
+        }
+    }
+
+    /**
+     * Test set no cache headers.
+     */
+    public void testSetNoCacheHeaders() {
+        System.out.println("setNoCacheHeaders");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        assertTrue(response.getHeaderNames().isEmpty());
+        response.addHeader("test1", "1");
+        response.addHeader("test2", "2");
+        response.addHeader("test3", "3");
+        assertFalse(response.getHeaderNames().isEmpty());
+        ESAPI.httpUtilities().setNoCacheHeaders( response );
+        assertTrue(response.containsHeader("Cache-Control"));
+        assertTrue(response.containsHeader("Expires"));
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AuthenticationException
+     */
+    @SuppressWarnings("deprecation")
+    public void testDeprecatedSetRememberToken() throws AuthenticationException {
+        System.out.println("setRememberToken");
+        Authenticator instance = ESAPI.authenticator();
+        String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        User user = instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        instance.login( request, response);
+
+        int maxAge = ( 60 * 60 * 24 * 14 );
+        ESAPI.httpUtilities().setRememberToken( request, response, password, maxAge, "domain", "/" );
+        // Can't test this because we're using safeSetCookie, which sets a header, not a real cookie!
+        // String value = response.getCookie( Authenticator.REMEMBER_TOKEN_COOKIE_NAME ).getValue();
+        // assertEquals( user.getRememberToken(), value );
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AuthenticationException
+     */
+    public void testSetRememberToken() throws Exception {
+        //System.out.println("setRememberToken");
+        Authenticator instance = ESAPI.authenticator();
+        String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        User user = instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        HttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        instance.login( request, response);
+
+        int maxAge = ( 60 * 60 * 24 * 14 );
+
+        ESAPI.httpUtilities().setRememberToken( request, response, maxAge, "domain", "/" );
+
+        Field field = response.getClass().getDeclaredField("cookies");
+        field.setAccessible(true);
+        @SuppressWarnings("unchecked")
+        List<Cookie> cookies = (List<Cookie>) field.get(response);
+        Cookie cookie = null;
+        for(Cookie c: cookies){
+            if(c.getName().equals(HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME)){
+                cookie = c;
+                break;
+            }
+        }
+        assertEquals(HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, cookie.getName());
+    }
+
+    public void testGetSessionAttribute() throws Exception {
+        HttpServletRequest request = new MockHttpServletRequest();
+        HttpSession session = request.getSession();
+        session.setAttribute("testAttribute", 43f);
+
+        try {
+            // Deleting the unused assignment of the results to test1 causes the expected ClassCastException to not occur. So don't delete it!
+            @SuppressWarnings("unused")
+            Integer test1 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
+            fail();
+        } catch ( ClassCastException cce ) {}
+
+        Float test2 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
+        assertEquals( test2, 43f );
+    }
+
+    public void testGetRequestAttribute() throws Exception {
+        HttpServletRequest request = new MockHttpServletRequest();
+        request.setAttribute( "testAttribute", 43f );
+        try {
+            // Deleting the unused assignment of the results to test1 causes the expected ClassCastException to not occur. So don't delete it!
+            @SuppressWarnings("unused")
+            Integer test1 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
+            fail();
+        } catch ( ClassCastException cce ) {}
+
+        Float test2 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
+        assertEquals( test2, 43f );
+    }
+
+    /** Test HTTPUtilities.getFileUploads with an unauthenticated (i.e.,
+     *  anonymous) user. In 'src/test/resources/esapi/ESAPI.properties', the
+     *  property 'HttpUtilities.FileUploadAllowAnonymousUser' is set to 'false'.
+     *  This is okay, because as it turns out most (all?) of these tests are
+     *  executed after testCSRFToken(), which creates a users.txt file with
+     *  a random user account name that gets used when
+     *  <pre>
+     *      ESAPI.authenticator().setCurrentUser( user );
+     *  </pre>
+     *  gets called a few lines later. That seems to persist throughout the
+     *  remainder of this test suite. However, this test needs to clear that
+     *  information so that any further HTTP requests are made as an anonymous
+     *  user.
+     *
+     *  However, there is a concern here. I is not clear whether or not this
+     *  would have unintended consequences because I don't this assumptions can
+     *  be made about the specific order these test cases within a test suite
+     *  are executed in.
+     *
+     *  Consequently, I ignoring this specific test by commenting it out for the
+     *  concerns mentioned above. Unfortunately, the @Ignore annotation from
+     *  JUnit 4 doesn't work here; apparently, it doesn't play nicely with the JUnit 3
+     *  construct of
+     *      public static Test suite() {
+     *          return new TestSuite(HTTPUtilitiesTest.class);
+     *      }
+     *
+     *  Note, however, the test does give the expected results and fails the
+     *  upload as intended.
+     */
+/********************* KWWALL Commented Out - Do not delete this comment or test! *************
+    public void testGetFileUploadsUnauthenticatedUser() throws Exception {
+        System.out.print( "testGetFileUploadsUnauthenticatedUser" );
+
+        File home = null;
+
+            // Clear the current user info making it effective an anonymous user again.
+        ESAPI.authenticator().clearCurrent();   // Either this or logout(), but logout may kill the session too.
+
+        try
+        {
+            home = FileTestUtils.createTmpDirectory(CLASS_NAME);
+            String content = "--ridiculous\r\nContent-Disposition: form-data; name=\"upload\"; filename=\"testupload.txt\"\r\nContent-Type: application/octet-stream\r\n\r\nThis is a test of the multipart broadcast system.\r\nThis is only a test.\r\nStop.\r\n\r\n--ridiculous\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\nSubmit Query\r\n--ridiculous--\r\nEpilogue";
+
+            MockHttpServletResponse response = new MockHttpServletResponse();
+            MockHttpServletRequest request1 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+            ESAPI.httpUtilities().setCurrentHTTP(request1, response);
+
+            MockHttpServletRequest request2 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+            request2.setContentType( "multipart/form-data; boundary=ridiculous");
+            ESAPI.httpUtilities().setCurrentHTTP(request2, response);
+            List<File> response2 = new ArrayList<>();
+            try {
+                response2 = ESAPI.httpUtilities().getFileUploads(request2, home);
+                fail("Expecting an exception here");
+            } catch ( java.security.AccessControlException acex ) {
+                ;   // Expected
+            } catch ( Exception ex ) {
+                fail("Wrong exception type caught: " + ex.getClass().getName() +
+                     ", received, expected java.security.AccessControlException");
+            } finally {
+                response2.forEach(file -> file.delete());
+            }
+        }
+        finally
+        {
+            FileTestUtils.deleteRecursively(home);
+        }
+    }
+********************* KWWALL End Commented Out Code ********************/
+}
diff --git a/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java b/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java
index c4afc8eda..0367ce03b 100644
--- a/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java
+++ b/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java
@@ -1,223 +1,223 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The Class AccessReferenceMapTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntegerAccessReferenceMapTest extends TestCase {
-    
-    /**
-	 * Instantiates a new access reference map test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public IntegerAccessReferenceMapTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(IntegerAccessReferenceMapTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AuthenticationException
-     *             the authentication exception
-     * @throws EncryptionException
-	 */
-    public void testUpdate() throws AuthenticationException, EncryptionException {
-        System.out.println("update");
-    	IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
-    	Authenticator auth = ESAPI.authenticator();
-    	
-    	String pass = auth.generateStrongPassword();
-    	User u = auth.createUser( "armUpdate", pass, pass );
-    	
-    	// test to make sure update returns something
-		arm.update(auth.getUserNames());
-		String indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect == null ) fail();
-		
-		// test to make sure update removes items that are no longer in the list
-		auth.removeUser( u.getAccountName() );
-		arm.update(auth.getUserNames());
-		indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect != null ) fail();
-		
-		// test to make sure old indirect reference is maintained after an update
-		arm.update(auth.getUserNames());
-		String newIndirect = arm.getIndirectReference( u.getAccountName() );
-		assertEquals(indirect, newIndirect);
-    }
-    
-    
-    /**
-	 * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testIterator() {
-        System.out.println("iterator");
-    	IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
-        Authenticator auth = ESAPI.authenticator();
-        
-		arm.update(auth.getUserNames());
-
-		Iterator i = arm.iterator();
-		while ( i.hasNext() ) {
-			String userName = (String)i.next();
-			User u = auth.getUser( userName );
-			if ( u == null ) fail();
-		}
-    }
-    
-    /**
-	 * Test of getIndirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testGetIndirectReference() {
-        System.out.println("getIndirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String expResult = directReference;
-        String result = instance.getIndirectReference(directReference);
-        assertNotSame(expResult, result);        
-    }
-
-    /**
-	 * Test of getDirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AccessControlException
-	 *             the access control exception
-	 */
-    public void testGetDirectReference() throws AccessControlException {
-        System.out.println("getDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String ind = instance.getIndirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-        try {
-        	instance.getDirectReference("invalid");
-        	fail();
-        } catch( AccessControlException e ) {
-        	// success
-        }
-    }
-    
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testAddDirectReference() throws AccessControlException {
-        System.out.println("addDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String newDirect = instance.addDirectReference("newDirect");
-        assertNotNull( newDirect );
-        String ind = instance.addDirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-    	String newInd = instance.addDirectReference(directReference);
-    	assertEquals(ind, newInd);
-    }
-
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testRemoveDirectReference() throws AccessControlException {
-        System.out.println("removeDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String indirect = instance.getIndirectReference(directReference);
-        assertNotNull(indirect);
-        String deleted = instance.removeDirectReference(directReference);
-        assertEquals(indirect,deleted);
-    	deleted = instance.removeDirectReference("ridiculous");
-    	assertNull(deleted);
-    }
-    
-    
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+
+
+/**
+ * The Class AccessReferenceMapTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntegerAccessReferenceMapTest extends TestCase {
+
+    /**
+     * Instantiates a new access reference map test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public IntegerAccessReferenceMapTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(IntegerAccessReferenceMapTest.class);
+        return suite;
+    }
+
+
+    /**
+     * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     * @throws EncryptionException
+     */
+    public void testUpdate() throws AuthenticationException, EncryptionException {
+        System.out.println("update");
+        IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
+        Authenticator auth = ESAPI.authenticator();
+
+        String pass = auth.generateStrongPassword();
+        User u = auth.createUser( "armUpdate", pass, pass );
+
+        // test to make sure update returns something
+        arm.update(auth.getUserNames());
+        String indirect = arm.getIndirectReference( u.getAccountName() );
+        if ( indirect == null ) fail();
+
+        // test to make sure update removes items that are no longer in the list
+        auth.removeUser( u.getAccountName() );
+        arm.update(auth.getUserNames());
+        indirect = arm.getIndirectReference( u.getAccountName() );
+        if ( indirect != null ) fail();
+
+        // test to make sure old indirect reference is maintained after an update
+        arm.update(auth.getUserNames());
+        String newIndirect = arm.getIndirectReference( u.getAccountName() );
+        assertEquals(indirect, newIndirect);
+    }
+
+
+    /**
+     * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
+     */
+    public void testIterator() {
+        System.out.println("iterator");
+        IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
+        Authenticator auth = ESAPI.authenticator();
+
+        arm.update(auth.getUserNames());
+
+        Iterator i = arm.iterator();
+        while ( i.hasNext() ) {
+            String userName = (String)i.next();
+            User u = auth.getUser( userName );
+            if ( u == null ) fail();
+        }
+    }
+
+    /**
+     * Test of getIndirectReference method, of class
+     * org.owasp.esapi.AccessReferenceMap.
+     */
+    public void testGetIndirectReference() {
+        System.out.println("getIndirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+
+        String expResult = directReference;
+        String result = instance.getIndirectReference(directReference);
+        assertNotSame(expResult, result);
+    }
+
+    /**
+     * Test of getDirectReference method, of class
+     * org.owasp.esapi.AccessReferenceMap.
+     *
+     * @throws AccessControlException
+     *             the access control exception
+     */
+    public void testGetDirectReference() throws AccessControlException {
+        System.out.println("getDirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+
+        String ind = instance.getIndirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+        try {
+            instance.getDirectReference("invalid");
+            fail();
+        } catch( AccessControlException e ) {
+            // success
+        }
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testAddDirectReference() throws AccessControlException {
+        System.out.println("addDirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+
+        String newDirect = instance.addDirectReference("newDirect");
+        assertNotNull( newDirect );
+        String ind = instance.addDirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+        String newInd = instance.addDirectReference(directReference);
+        assertEquals(ind, newInd);
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testRemoveDirectReference() throws AccessControlException {
+        System.out.println("removeDirectReference");
+
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+
+        String indirect = instance.getIndirectReference(directReference);
+        assertNotNull(indirect);
+        String deleted = instance.removeDirectReference(directReference);
+        assertEquals(indirect,deleted);
+        deleted = instance.removeDirectReference("ridiculous");
+        assertNull(deleted);
+    }
+
+
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java b/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
index e7f79d509..46cb93240 100644
--- a/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
@@ -1,132 +1,132 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class IntrusionDetectorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntrusionDetectorTest extends TestCase {
-
-	/**
-	 * Instantiates a new intrusion detector test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public IntrusionDetectorTest(String testName) {
-		super(testName);
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(IntrusionDetectorTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Test of addException method, of class org.owasp.esapi.IntrusionDetector.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testAddException() throws AuthenticationException {
-		System.out.println("addException");
-		ESAPI.intrusionDetector().addException( new RuntimeException("message") );
-		ESAPI.intrusionDetector().addException( new ValidationException("user message", "log message") );
-		ESAPI.intrusionDetector().addException( new IntrusionException("user message", "log message") );
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator auth = ESAPI.authenticator();
-		User user = auth.createUser(username, "addException", "addException");
-		user.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		user.loginWithPassword("addException");
-		
-		// Now generate some exceptions to disable account
-		for ( int i = 0; i < ESAPI.securityConfiguration().getQuota(IntegrityException.class.getName()).count; i++ ) {
-            // EnterpriseSecurityExceptions are added to IntrusionDetector automatically
-            new IntegrityException( "IntegrityException " + i, "IntegrityException " + i );
-		}
-        assertFalse( user.isLoggedIn() );
-	}
-
-    
-    /**
-     * Test of addEvent method, of class org.owasp.esapi.IntrusionDetector.
-     * 
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testAddEvent() throws AuthenticationException {
-        System.out.println("addEvent");
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator auth = ESAPI.authenticator();
-		User user = auth.createUser(username, "addEvent", "addEvent");
-		user.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		user.loginWithPassword("addEvent");
-        
-        // Now generate some events to disable user account
-        for ( int i = 0; i < ESAPI.securityConfiguration().getQuota("event.test").count; i++ ) {
-            ESAPI.intrusionDetector().addEvent("test", "test message");
-        }
-        assertFalse( user.isEnabled() );
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * The Class IntrusionDetectorTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntrusionDetectorTest extends TestCase {
+
+    /**
+     * Instantiates a new intrusion detector test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public IntrusionDetectorTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(IntrusionDetectorTest.class);
+
+        return suite;
+    }
+
+    /**
+     * Test of addException method, of class org.owasp.esapi.IntrusionDetector.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testAddException() throws AuthenticationException {
+        System.out.println("addException");
+        ESAPI.intrusionDetector().addException( new RuntimeException("message") );
+        ESAPI.intrusionDetector().addException( new ValidationException("user message", "log message") );
+        ESAPI.intrusionDetector().addException( new IntrusionException("user message", "log message") );
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Authenticator auth = ESAPI.authenticator();
+        User user = auth.createUser(username, "addException", "addException");
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        user.loginWithPassword("addException");
+
+        // Now generate some exceptions to disable account
+        for ( int i = 0; i < ESAPI.securityConfiguration().getQuota(IntegrityException.class.getName()).count; i++ ) {
+            // EnterpriseSecurityExceptions are added to IntrusionDetector automatically
+            new IntegrityException( "IntegrityException " + i, "IntegrityException " + i );
+        }
+        assertFalse( user.isLoggedIn() );
+    }
+
+
+    /**
+     * Test of addEvent method, of class org.owasp.esapi.IntrusionDetector.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testAddEvent() throws AuthenticationException {
+        System.out.println("addEvent");
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Authenticator auth = ESAPI.authenticator();
+        User user = auth.createUser(username, "addEvent", "addEvent");
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        user.loginWithPassword("addEvent");
+
+        // Now generate some events to disable user account
+        for ( int i = 0; i < ESAPI.securityConfiguration().getQuota("event.test").count; i++ ) {
+            ESAPI.intrusionDetector().addEvent("test", "test message");
+        }
+        assertFalse( user.isEnabled() );
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java
deleted file mode 100644
index 88d42bc13..000000000
--- a/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java
+++ /dev/null
@@ -1,282 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.IOException;
-import java.util.Arrays;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class LoggerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class JavaLoggerTest extends TestCase {
-
-	private static int testCount = 0;
-	
-	private static Logger testLogger = null;
-
-	
-    /**
-	 * Instantiates a new logger test.
-	 * 
-	 * @param testName the test name
-	 */
-    public JavaLoggerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
-        tmpConfig.setLogImplementation( JavaLogFactory.class.getName() );
-        ESAPI.override(tmpConfig);
-    	//This ensures a clean logger between tests
-    	testLogger = ESAPI.getLogger( "test" + testCount++ );
-    	System.out.println("Test logger: " + testLogger);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	//this helps, with garbage collection
-    	testLogger = null;
-        ESAPI.override(null);
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(JavaLoggerTest.class);    
-        return suite;
-    }
-    
-    /**
-     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
-     * 
-     * @throws ValidationException
-     *             the validation exception
-     * @throws IOException
-     *             Signals that an I/O exception has occurred.
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
-        System.out.println("logHTTPRequest");
-        String[] ignore = {"password","ssn","ccn"};
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Logger logger = ESAPI.getLogger("logger");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-        request.addParameter("one","one");
-        request.addParameter("two","two1");
-        request.addParameter("two","two2");
-        request.addParameter("password","jwilliams");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-    }    
-    
-    
-    /**
-     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.reference.JavaLogFactory.
-     */
-    public void testSetLevel() {
-        System.out.println("setLevel");
-        
-        // The following tests that the default logging level is set to WARNING. Since the default might be changed
-        // in the ESAPI security configuration file, these are commented out.
-//       	assertTrue(testLogger.isWarningEnabled());
-//       	assertFalse(testLogger.isInfoEnabled());
-
-        // First, test all the different logging levels
-        testLogger.setLevel( Logger.ALL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.TRACE );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.DEBUG );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.INFO );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.WARNING );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.ERROR );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.FATAL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.OFF );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	//Now test to see if a change to the logging level in one log affects other logs
-       	Logger newLogger = ESAPI.getLogger( "test_num2" );
-       	testLogger.setLevel( Logger.OFF );
-       	newLogger.setLevel( Logger.INFO );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	assertTrue(newLogger.isFatalEnabled());
-       	assertTrue(newLogger.isErrorEnabled());
-       	assertTrue(newLogger.isWarningEnabled());
-       	assertTrue(newLogger.isInfoEnabled());
-       	assertFalse(newLogger.isDebugEnabled());
-       	assertFalse(newLogger.isTraceEnabled());
-    }
-
-    
-    /**
-	 * Test of info method, of class org.owasp.esapi.Logger.
-	 */
-    public void testInfo() {
-        System.out.println("info");
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-    }
-
-    /**
-	 * Test of trace method, of class org.owasp.esapi.Logger.
-	 */
-    public void testTrace() {
-        System.out.println("trace");
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
-    }
-
-    /**
-	 * Test of debug method, of class org.owasp.esapi.Logger.
-	 */
-    public void testDebug() {
-        System.out.println("debug");
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
-    }
-
-    /**
-	 * Test of error method, of class org.owasp.esapi.Logger.
-	 */
-    public void testError() {
-        System.out.println("error");
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
-    }
-
-    /**
-	 * Test of warning method, of class org.owasp.esapi.Logger.
-	 */
-    public void testWarning() {
-        System.out.println("warning");
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
-    }
-
-    /**
-	 * Test of fatal method, of class org.owasp.esapi.Logger.
-	 */
-    public void testFatal() {
-        System.out.println("fatal");
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
-    }
-    
-    /**
-     * Test of always method, of class org.owasp.esapi.Logger.
-     */
-    public void testAlways() {
-
-        System.out.println("always");
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
-        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 2 (SECURITY_AUDIT)" );
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 3 (SECURITY_SUCCESS)", null );
-        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 4 (SECURITY_AUDIT)", null );
-        try {
-        	throw new RuntimeException("What? You call that a 'throw'? My grandmother throws " +
-        							   "better than that and she's been dead for more than 10 years!");
-        } catch(RuntimeException rtex) {
-            testLogger.always(Logger.SECURITY_AUDIT,   "test message always 5", rtex );
-        }
-	}
-}
diff --git a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
deleted file mode 100644
index cddf71e20..000000000
--- a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
+++ /dev/null
@@ -1,463 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.IOException;
-import java.util.Arrays;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class LoggerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author August Detlefsen (augustd at codemagi dot com) <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- */
-public class Log4JLoggerTest extends TestCase {
-	private static int testCount = 0;
-	
-	private static Logger testLogger = null;
-
-	//a logger for explicit tests of log4j logging methods
-	private static Log4JLogger log4JLogger = null;
-
-    /**
-	 * Instantiates a new logger test.
-	 * 
-	 * @param testName the test name
-	 */
-    public Log4JLoggerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-		//override default log configuration in ESAPI.properties to use Log4JLogFactory
-        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
-        tmpConfig.setLogImplementation( Log4JLogFactory.class.getName() );
-        ESAPI.override(tmpConfig);
-
-    	//This ensures a clean logger between tests
-    	testLogger = ESAPI.getLogger( "test ExampleExtendedLog4JLogFactory: " + testCount++ );
-    	System.out.println("Test ExampleExtendedLog4JLogFactory logger: " + testLogger);
-
-		//declare this one as Log4JLogger to be able to use Log4J logging methods
-		log4JLogger = (Log4JLogger)ESAPI.getLogger( "test Log4JLogFactory: " + testCount);
-		System.out.println("Test Log4JLogFactory logger: " + log4JLogger);
-
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	//this helps, with garbage collection
-    	testLogger = null;
-		log4JLogger = null;
-
-		ESAPI.override(null);
-	}
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(Log4JLoggerTest.class);    
-        return suite;
-    }
-    
-    /**
-     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
-     * 
-     * @throws ValidationException
-     *             the validation exception
-     * @throws IOException
-     *             Signals that an I/O exception has occurred.
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
-        System.out.println("logHTTPRequest");
-        String[] ignore = {"password","ssn","ccn"};
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Logger logger = ESAPI.getLogger("logger");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-        request.addParameter("one","one");
-        request.addParameter("two","two1");
-        request.addParameter("two","two2");
-        request.addParameter("password","jwilliams");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-    } 
-    
-    
-    /**
-     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.reference.JavaLogFactory.
-     */
-    public void testSetLevel() {
-        System.out.println("setLevel");
-        
-        // The following tests that the default logging level is set to WARNING. Since the default might be changed
-        // in the ESAPI security configuration file, these are commented out.
-//       	assertTrue(testLogger.isWarningEnabled());
-//       	assertFalse(testLogger.isInfoEnabled());
-
-        // First, test all the different logging levels
-        testLogger.setLevel( Logger.ALL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.TRACE );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.DEBUG );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.INFO );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.WARNING );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.ERROR );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.FATAL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.OFF );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	//Now test to see if a change to the logging level in one log affects other logs
-       	Logger newLogger = ESAPI.getLogger( "test_num2" );
-       	testLogger.setLevel( Logger.OFF );
-       	newLogger.setLevel( Logger.INFO );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	assertTrue(newLogger.isFatalEnabled());
-       	assertTrue(newLogger.isErrorEnabled());
-       	assertTrue(newLogger.isWarningEnabled());
-       	assertTrue(newLogger.isInfoEnabled());
-       	assertFalse(newLogger.isDebugEnabled());
-       	assertFalse(newLogger.isTraceEnabled());
-    }
-
-	/**
-	 * test of loggers without setting explicit log levels
-	 * (log levels set from log4j.xml configuration)
-	 */
-	public void testLogLevels() {
-
-		Logger traceLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestTrace");
-		Logger debugLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestDebug");
-		Logger infoLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestInfo");
-		Logger errorLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestError");
-		Logger warningLogger		= ESAPI.getLogger("org.owasp.esapi.reference.TestWarning");
-		Logger fatalLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestFatal");
-		Logger unspecifiedLogger	= ESAPI.getLogger("org.owasp.esapi.reference");  //should use package-wide log level configuration (info)
-
-
-		//traceLogger - all log levels should be enabled
-		assertTrue(traceLogger.isTraceEnabled());
-		assertTrue(traceLogger.isDebugEnabled());
-		assertTrue(traceLogger.isInfoEnabled());
-		assertTrue(traceLogger.isWarningEnabled());
-		assertTrue(traceLogger.isErrorEnabled());
-		assertTrue(traceLogger.isFatalEnabled());
-
-		//debugLogger - all log levels should be enabled EXCEPT trace
-		assertFalse(debugLogger.isTraceEnabled());
-		assertTrue(debugLogger.isDebugEnabled());
-		assertTrue(debugLogger.isInfoEnabled());
-		assertTrue(debugLogger.isWarningEnabled());
-		assertTrue(debugLogger.isErrorEnabled());
-		assertTrue(debugLogger.isFatalEnabled());
-
-		//infoLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(infoLogger.isTraceEnabled());
-		assertFalse(infoLogger.isDebugEnabled());
-		assertTrue(infoLogger.isInfoEnabled());
-		assertTrue(infoLogger.isWarningEnabled());
-		assertTrue(infoLogger.isErrorEnabled());
-		assertTrue(infoLogger.isFatalEnabled());
-
-		//warningLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(warningLogger.isTraceEnabled());
-		assertFalse(warningLogger.isDebugEnabled());
-		assertFalse(warningLogger.isInfoEnabled());
-		assertTrue(warningLogger.isWarningEnabled());
-		assertTrue(warningLogger.isErrorEnabled());
-		assertTrue(warningLogger.isFatalEnabled());
-
-		//errorLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(errorLogger.isTraceEnabled());
-		assertFalse(errorLogger.isDebugEnabled());
-		assertFalse(errorLogger.isInfoEnabled());
-		assertFalse(errorLogger.isWarningEnabled());
-		assertTrue(errorLogger.isErrorEnabled());
-		assertTrue(errorLogger.isFatalEnabled());
-
-		//fatalLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(fatalLogger.isTraceEnabled());
-		assertFalse(fatalLogger.isDebugEnabled());
-		assertFalse(fatalLogger.isInfoEnabled());
-		assertFalse(fatalLogger.isWarningEnabled());
-		assertFalse(fatalLogger.isErrorEnabled());
-		assertTrue(fatalLogger.isFatalEnabled());
-
-		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(unspecifiedLogger.isTraceEnabled());
-		assertFalse(unspecifiedLogger.isDebugEnabled());
-		assertTrue(unspecifiedLogger.isInfoEnabled());
-		assertTrue(unspecifiedLogger.isWarningEnabled());
-		assertTrue(unspecifiedLogger.isErrorEnabled());
-		assertTrue(unspecifiedLogger.isFatalEnabled());
-	}
-
-	/**
-	 * test of loggers without setting explicit log levels
-	 * (log levels set from log4j.xml configuration)
-	 */
-	public void testLogLevelsWithClass() {
-
-		Logger traceLogger			= ESAPI.getLogger(TestTrace.class);
-		Logger debugLogger			= ESAPI.getLogger(TestDebug.class);
-		Logger infoLogger			= ESAPI.getLogger(TestInfo.class);
-		Logger errorLogger			= ESAPI.getLogger(TestError.class);
-		Logger warningLogger		= ESAPI.getLogger(TestWarning.class);
-		Logger fatalLogger			= ESAPI.getLogger(TestFatal.class);
-		Logger unspecifiedLogger	= ESAPI.getLogger(TestUnspecified.class);  //should use package-wide log level configuration (info)
-
-		//traceLogger - all log levels should be enabled
-		assertTrue(traceLogger.isTraceEnabled());
-		assertTrue(traceLogger.isDebugEnabled());
-		assertTrue(traceLogger.isInfoEnabled());
-		assertTrue(traceLogger.isWarningEnabled());
-		assertTrue(traceLogger.isErrorEnabled());
-		assertTrue(traceLogger.isFatalEnabled());
-
-		//debugLogger - all log levels should be enabled EXCEPT trace
-		assertFalse(debugLogger.isTraceEnabled());
-		assertTrue(debugLogger.isDebugEnabled());
-		assertTrue(debugLogger.isInfoEnabled());
-		assertTrue(debugLogger.isWarningEnabled());
-		assertTrue(debugLogger.isErrorEnabled());
-		assertTrue(debugLogger.isFatalEnabled());
-
-		//infoLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(infoLogger.isTraceEnabled());
-		assertFalse(infoLogger.isDebugEnabled());
-		assertTrue(infoLogger.isInfoEnabled());
-		assertTrue(infoLogger.isWarningEnabled());
-		assertTrue(infoLogger.isErrorEnabled());
-		assertTrue(infoLogger.isFatalEnabled());
-
-		//warningLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(warningLogger.isTraceEnabled());
-		assertFalse(warningLogger.isDebugEnabled());
-		assertFalse(warningLogger.isInfoEnabled());
-		assertTrue(warningLogger.isWarningEnabled());
-		assertTrue(warningLogger.isErrorEnabled());
-		assertTrue(warningLogger.isFatalEnabled());
-
-		//errorLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(errorLogger.isTraceEnabled());
-		assertFalse(errorLogger.isDebugEnabled());
-		assertFalse(errorLogger.isInfoEnabled());
-		assertFalse(errorLogger.isWarningEnabled());
-		assertTrue(errorLogger.isErrorEnabled());
-		assertTrue(errorLogger.isFatalEnabled());
-
-		//fatalLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(fatalLogger.isTraceEnabled());
-		assertFalse(fatalLogger.isDebugEnabled());
-		assertFalse(fatalLogger.isInfoEnabled());
-		assertFalse(fatalLogger.isWarningEnabled());
-		assertFalse(fatalLogger.isErrorEnabled());
-		assertTrue(fatalLogger.isFatalEnabled());
-
-		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(unspecifiedLogger.isTraceEnabled());
-		assertFalse(unspecifiedLogger.isDebugEnabled());
-		assertTrue(unspecifiedLogger.isInfoEnabled());
-		assertTrue(unspecifiedLogger.isWarningEnabled());
-		assertTrue(unspecifiedLogger.isErrorEnabled());
-		assertTrue(unspecifiedLogger.isFatalEnabled());
-	}
-
-    /**
-	 * Test of info method, of class org.owasp.esapi.Logger.
-	 */
-    public void testInfo() {
-        System.out.println("info");
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-
-        log4JLogger.info("test message" );
-        log4JLogger.info("test message", null );
-        log4JLogger.info("%3escript%3f test message", null );
-        log4JLogger.info("<script> test message", null );
-
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-	}
-
-    /**
-	 * Test of trace method, of class org.owasp.esapi.Logger.
-	 */
-    public void testTrace() {
-        System.out.println("trace");
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
-
-        log4JLogger.trace("test message trace" );
-        log4JLogger.trace("test message trace", null );
-	}
-
-    /**
-	 * Test of debug method, of class org.owasp.esapi.Logger.
-	 */
-    public void testDebug() {
-        System.out.println("debug");
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
-
-	    log4JLogger.debug("test message debug" );
-		log4JLogger.debug("test message debug", null );
-	}
-
-    /**
-	 * Test of error method, of class org.owasp.esapi.Logger.
-	 */
-    public void testError() {
-        System.out.println("error");
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
-
-	    log4JLogger.error("test message error" );
-		log4JLogger.error("test message error", null );
-	}
-
-    /**
-	 * Test of warning method, of class org.owasp.esapi.Logger.
-	 */
-    public void testWarning() {
-        System.out.println("warning");
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
-
-	    log4JLogger.warn("test message warning" );
-		log4JLogger.warn("test message warning", null );
-    }
-
-    /**
-	 * Test of fatal method, of class org.owasp.esapi.Logger.
-	 */
-    public void testFatal() {
-        System.out.println("fatal");
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
-
-	    log4JLogger.fatal("test message fatal" );
-		log4JLogger.fatal("test message fatal", null );    
-	}
-    
-    /**
-     * Test of always method, of class org.owasp.esapi.Logger.
-     */
-    public void testAlways() {
-        System.out.println("always");
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
-        testLogger.always(Logger.SECURITY_AUDIT, "test message always 2 (SECURITY_AUDIT)", null );
-
-	    log4JLogger.always("test message always 3" );
-		log4JLogger.always("test message always 4", null );
-
-        try {
-        	throw new RuntimeException("What? You call that a 'throw'??? You couldn't hit the " +
-        							   "broad side of a barn (assuming that barns wore bras).");
-        } catch(RuntimeException rtex) {
-            testLogger.always(Logger.SECURITY_AUDIT, "test message always 5", rtex );
-            log4JLogger.always("test message always 6", rtex);
-        }
-	}
-
-}
diff --git a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
index 605dfb3e8..e01101c76 100644
--- a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
@@ -1,177 +1,182 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.FileWriter;
-import java.io.IOException;
-import java.util.ArrayList;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Randomizer;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.errors.EncryptionException;
-
-/**
- * The Class RandomizerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class RandomizerTest extends TestCase {
-    
-    /**
-	 * Instantiates a new randomizer test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public RandomizerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(RandomizerTest.class);        
-        return suite;
-    }
-
-    /**
-	 * Test of getRandomString method, of class org.owasp.esapi.Randomizer.
-	 */
-    public void testGetRandomString() {
-        System.out.println("getRandomString");
-        int length = 20;
-        int trials = 1000;
-        Randomizer instance = ESAPI.randomizer();
-        int[] counts = new int[128];
-        for ( int i = 0; i < 1000; i++ ) {
-            String result = instance.getRandomString(length, EncoderConstants.CHAR_ALPHANUMERICS );
-            for ( int j=0;j<result.length();j++ ) {
-            	char c = result.charAt(j);
-            	counts[c]++;
-            }
-            assertEquals(length, result.length());
-        }
-        
-        // Simple check to see if the overall character counts are within 10% of each other
-        int min=Integer.MAX_VALUE;
-        int max=0;
-        for ( int i = 0; i < 128; i++ ) {
-        	if ( counts[i] > max ) { max = counts[i]; } 
-        	if ( counts[i] > 0 && counts[i] < min ) { min = counts[i]; }
-        	if ( max - min > trials/10 ) {
-        		fail( "getRandomString randomness counts are off" );
-        	}
-        }
-    }
-
-    /**
-	 * Test of getRandomInteger method, of class org.owasp.esapi.Randomizer.
-	 */
-    public void testGetRandomInteger() {
-        System.out.println("getRandomInteger");        
-        int min = -20;
-        int max = 100;
-        Randomizer instance = ESAPI.randomizer();        
-        int minResult = ( max - min ) / 2;
-        int maxResult = ( max - min ) / 2;
-        for ( int i = 0; i < 100; i++ ) {
-            int result = instance.getRandomInteger(min, max);
-            if ( result < minResult ) minResult = result;
-            if ( result > maxResult ) maxResult = result;
-        }
-        assertEquals(true, (minResult >= min && maxResult < max) );
-    }
-
-    /**
-	 * Test of getRandomReal method, of class org.owasp.esapi.Randomizer.
-	 */
-    public void testGetRandomReal() {
-        System.out.println("getRandomReal");
-        float min = -20.5234F;
-        float max = 100.12124F;
-        Randomizer instance = ESAPI.randomizer();
-        float minResult = ( max - min ) / 2;
-        float maxResult = ( max - min ) / 2;
-        for ( int i = 0; i < 100; i++ ) {
-            float result = instance.getRandomReal(min, max);
-            if ( result < minResult ) minResult = result;
-            if ( result > maxResult ) maxResult = result;
-        }
-        assertEquals(true, (minResult >= min && maxResult < max));
-    }
-    
-    
-    /**
-     * Test of getRandomGUID method, of class org.owasp.esapi.Randomizer.
-     * @throws EncryptionException
-     */
-    public void testGetRandomGUID() throws EncryptionException {
-        System.out.println("getRandomGUID");
-        Randomizer instance = ESAPI.randomizer();
-        ArrayList list = new ArrayList();
-        for ( int i = 0; i < 100; i++ ) {
-            String guid = instance.getRandomGUID();
-            if ( list.contains( guid ) ) fail();
-            list.add( guid );
-        }
-    }
-
-    
-    /**
-     * Run this class to generate a file named "tokens.txt" with 20,000 random 20 character ALPHANUMERIC tokens.
-     * Use Burp Pro sequencer to load this file and run a series of randomness tests.
-     * 
-     * NOTE: be careful not to include any CRLF characters (10 or 13 ASCII) because they'll create new tokens
-     * Check to be sure your analysis tool loads exactly 20,000 tokens of 20 characters each.
-     */
-    
-	public static void main(String[] args) throws IOException {
-		FileWriter fw = new FileWriter("tokens.txt");
-		for (int i = 0; i < 20000; i++) {
-			String token = ESAPI.randomizer().getRandomString(20, EncoderConstants.CHAR_ALPHANUMERICS);
-			fw.write(token + "\n");
-		}
-		fw.close();
-	}
-
-
-     
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.FileWriter;
+import java.io.IOException;
+import java.util.ArrayList;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.codecs.AbstractCodec;
+import org.owasp.esapi.errors.EncryptionException;
+
+/**
+ * The Class RandomizerTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class RandomizerTest extends TestCase {
+
+    /**
+     * Instantiates a new randomizer test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public RandomizerTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(RandomizerTest.class);
+        return suite;
+    }
+
+    /**
+     * Test of getRandomString method, of class org.owasp.esapi.Randomizer.
+     */
+    public void testGetRandomString() {
+        System.out.println("getRandomString");
+        int length = 20;
+        int trials = 1000;
+        Randomizer instance = ESAPI.randomizer();
+        int[] counts = new int[128];
+        for ( int i = 0; i < 1000; i++ ) {
+            String result = instance.getRandomString(length, EncoderConstants.CHAR_ALPHANUMERICS );
+            for ( int j=0;j<result.length();j++ ) {
+                char c = result.charAt(j);
+                counts[c]++;
+            }
+            assertEquals(length, result.length());
+        }
+
+        // Simple check to see if the overall character counts are within 10% of each other
+        int min=Integer.MAX_VALUE;
+        int max=0;
+        for ( int i = 0; i < 128; i++ ) {
+            if ( counts[i] > max ) { max = counts[i]; }
+            if ( counts[i] > 0 && counts[i] < min ) { min = counts[i]; }
+            if ( max - min > trials/10 ) {
+                System.err.println("*** WARNING: RandomizerTest.testGetRandomString(): " +
+                        "Randomness counts are off. This may be simply from " +
+                        "statistical variance or it could signify a flaw in " +
+                        "Randomizer.getRandomString(). Repeat this test " +
+                        "multiple times and if you get repeated warnings " +
+                        "you should assume the latter and investigate further.");
+            }
+        }
+    }
+
+    /**
+     * Test of getRandomInteger method, of class org.owasp.esapi.Randomizer.
+     */
+    public void testGetRandomInteger() {
+        System.out.println("getRandomInteger");
+        int min = -20;
+        int max = 100;
+        Randomizer instance = ESAPI.randomizer();
+        int minResult = ( max - min ) / 2;
+        int maxResult = ( max - min ) / 2;
+        for ( int i = 0; i < 100; i++ ) {
+            int result = instance.getRandomInteger(min, max);
+            if ( result < minResult ) minResult = result;
+            if ( result > maxResult ) maxResult = result;
+        }
+        assertEquals(true, (minResult >= min && maxResult < max) );
+    }
+
+    /**
+     * Test of getRandomReal method, of class org.owasp.esapi.Randomizer.
+     */
+    public void testGetRandomReal() {
+        System.out.println("getRandomReal");
+        float min = -20.5234F;
+        float max = 100.12124F;
+        Randomizer instance = ESAPI.randomizer();
+        float minResult = ( max - min ) / 2;
+        float maxResult = ( max - min ) / 2;
+        for ( int i = 0; i < 100; i++ ) {
+            float result = instance.getRandomReal(min, max);
+            if ( result < minResult ) minResult = result;
+            if ( result > maxResult ) maxResult = result;
+        }
+        assertEquals(true, (minResult >= min && maxResult < max));
+    }
+
+
+    /**
+     * Test of getRandomGUID method, of class org.owasp.esapi.Randomizer.
+     * @throws EncryptionException
+     */
+    public void testGetRandomGUID() throws EncryptionException {
+        System.out.println("getRandomGUID");
+        Randomizer instance = ESAPI.randomizer();
+        ArrayList list = new ArrayList();
+        for ( int i = 0; i < 100; i++ ) {
+            String guid = instance.getRandomGUID();
+            if ( list.contains( guid ) ) fail();
+            list.add( guid );
+        }
+    }
+
+
+    /**
+     * Run this class to generate a file named "tokens.txt" with 20,000 random 20 character ALPHANUMERIC tokens.
+     * Use Burp Pro sequencer to load this file and run a series of randomness tests.
+     *
+     * NOTE: be careful not to include any CRLF characters (10 or 13 ASCII) because they'll create new tokens
+     * Check to be sure your analysis tool loads exactly 20,000 tokens of 20 characters each.
+     */
+
+    public static void main(String[] args) throws IOException {
+        FileWriter fw = new FileWriter("tokens.txt");
+        for (int i = 0; i < 20000; i++) {
+            String token = ESAPI.randomizer().getRandomString(20, EncoderConstants.CHAR_ALPHANUMERICS);
+            fw.write(token + "\n");
+        }
+        fw.close();
+    }
+
+
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
index ef24f4495..63fc424a3 100644
--- a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
+++ b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
@@ -1,279 +1,288 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.File;
-import java.net.URI;
-import java.net.URLDecoder;
-import java.util.Iterator;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.SafeFile;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.util.FileTestUtils;
-import org.owasp.esapi.util.CollectionsUtil;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class SafeFileTest extends TestCase
-{
-	private static final Class CLASS = SafeFileTest.class;
-	private static final String CLASS_NAME = CLASS.getName();
-	/** Name of the file in the temporary directory */
-	private static final String TEST_FILE_NAME = "test.file";
-	private static final Set GOOD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-" /* + "." */);
-	private static final Set BAD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("\u0000" + /*(File.separatorChar == '/' ? '\\' : '/') +*/ "*|<>?:" /*+ "~!@#$%^&(){}[],`;"*/);
-
-	private File testDir = null;
-	private File testFile = null;
-
-	String pathWithNullByte = "/temp/file.txt" + (char)0;
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void setUp() throws Exception
-	{
-		// create a file to test with
-		testDir = FileTestUtils.createTmpDirectory(CLASS_NAME).getCanonicalFile();
-		testFile = new File(testDir, TEST_FILE_NAME);
-		testFile.createNewFile();
-		testFile = testFile.getCanonicalFile();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void tearDown() throws Exception
-	{
-		FileTestUtils.deleteRecursively(testDir);
-	}
-
-	public static Test suite() {
-		TestSuite suite = new TestSuite(SafeFileTest.class);
-		return suite;
-	}
-
-	public void testEscapeCharactersInFilename() {
-		System.out.println("testEscapeCharactersInFilenameInjection");
-		File tf = testFile;
-		if ( tf.exists() ) {
-			System.out.println( "File is there: " + tf );
-		}
-
-		File sf = new File(testDir, "test^.file" );
-		if ( sf.exists() ) {
-			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
-		} else {
-			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
-		}
-	}
-
-	public void testEscapeCharacterInDirectoryInjection() {
-		System.out.println("testEscapeCharacterInDirectoryInjection");
-		File sf = new File(testDir, "test\\^.^.\\file");
-		if ( sf.exists() ) {
-			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
-		} else {
-			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
-		}
-	}
-
-	public void testJavaFileInjectionGood() throws ValidationException
-	{
-		for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-			sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-		}		
-	}
-
-	public void testJavaFileInjectionBad()
-	{
-		for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-		}		
-	}
-
-	public void testMultipleJavaFileInjectionGood() throws ValidationException
-	{
-		for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			ch = ch + ch + ch;
-			File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-			sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-		}		
-	}
-
-	public void testMultipleJavaFileInjectionBad()
-	{
-		for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			ch = ch + ch + ch;
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-		}		
-	}
-
-	public void testAlternateDataStream() {
-		try
-		{
-			File sf = new SafeFile(testDir, TEST_FILE_NAME + ":secret.txt");
-			fail("Able to construct SafeFile for alternate data stream: " + sf.getPath());
-		}
-		catch(ValidationException expected)
-		{
-		}
-	}
-
-	static public String toHex(final byte b) {
-		final char hexDigit[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
-		final char[] array = { hexDigit[(b >> 4) & 0x0f], hexDigit[b & 0x0f] };
-		return new String(array);
-	}	
-
-	public void testCreatePath() throws Exception
-	{
-		SafeFile sf = new SafeFile(testFile.getPath());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateParentPathName() throws Exception
-	{
-		SafeFile sf = new SafeFile(testDir, testFile.getName());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateParentFileName() throws Exception
-	{
-		SafeFile sf = new SafeFile(testFile.getParentFile(), testFile.getName());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateURI() throws Exception
-	{
-		SafeFile sf = new SafeFile(testFile.toURI());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateFileNamePercentNull()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testDir + File.separator + "file%00.txt");
-			fail("no exception thrown for file name with percent encoded null");
-		}
-		catch(ValidationException expected)
-		{
-		}
-	}
-
-	public void testCreateFileNameQuestion()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file?.txt");
-			fail("no exception thrown for file name with question mark in it");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-	public void testCreateFileNameNull()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)0) + ".txt");
-			fail("no exception thrown for file name with null in it");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-	public void testCreateFileHighByte()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)160) + ".txt");
-			fail("no exception thrown for file name with high byte in it");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-	public void testCreateParentPercentNull()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file%00.txt");
-			fail("no exception thrown for file name with percent encoded null");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.owasp.esapi.SafeFile;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.util.CollectionsUtil;
+import org.owasp.esapi.util.FileTestUtils;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class SafeFileTest extends TestCase
+{
+    private static final Class CLASS = SafeFileTest.class;
+    private static final String CLASS_NAME = CLASS.getName();
+    /** Name of the file in the temporary directory */
+    private static final String TEST_FILE_NAME = "test.file";
+    private static final Set GOOD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-" /* + "." */);
+    private static final Set BAD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("\u0000" + /*(File.separatorChar == '/' ? '\\' : '/') +*/ "*|<>?:" /*+ "~!@#$%^&(){}[],`;"*/);
+
+    private File testDir = null;
+    private File testFile = null;
+
+    String pathWithNullByte = "/temp/file.txt" + (char)0;
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void setUp() throws Exception
+    {
+        // create a file to test with
+        testDir = FileTestUtils.createTmpDirectory(CLASS_NAME).getCanonicalFile();
+        testFile = new File(testDir, TEST_FILE_NAME);
+        testFile.createNewFile();
+        testFile = testFile.getCanonicalFile();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void tearDown() throws Exception
+    {
+        FileTestUtils.deleteRecursively(testDir);
+    }
+
+    public static Test suite() {
+        TestSuite suite = new TestSuite(SafeFileTest.class);
+        return suite;
+    }
+
+    public void testEscapeCharactersInFilename() {
+        System.out.println("testEscapeCharactersInFilenameInjection");
+        File tf = testFile;
+        if ( tf.exists() ) {
+            System.out.println( "File is there: " + tf );
+        }
+
+        try {
+            File sf = new SafeFile(testDir, "test^.file" );
+        } catch (ValidationException e) {
+            assertEquals("Invalid directory", e.getMessage());
+        }
+
+    }
+
+    public void testEscapeCharacterInDirectoryInjection() {
+        System.out.println("testEscapeCharacterInDirectoryInjection");
+        try {
+            File sf = new SafeFile(testDir, "test\\^.^.\\file");
+        } catch (ValidationException e) {
+            assertEquals("Invalid directory", e.getMessage());
+        }
+    }
+
+    public void testJavaFileInjectionGood() throws ValidationException
+    {
+        for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
+        {
+            String ch = i.next().toString();    // avoids generic issues in 1.4&1.5
+            File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+            assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+            sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
+            assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+        }
+    }
+
+    public void testJavaFileInjectionBad()
+    {
+        for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
+        {
+            String ch = i.next().toString();    // avoids generic issues in 1.4&1.5
+            try
+            {
+                File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+                fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+            }
+            catch(ValidationException expected)
+            {
+            }
+            try
+            {
+                File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
+                fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+            }
+            catch(ValidationException expected)
+            {
+            }
+        }
+    }
+
+    public void testMultipleJavaFileInjectionGood() throws ValidationException
+    {
+        for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
+        {
+            String ch = i.next().toString();    // avoids generic issues in 1.4&1.5
+            ch = ch + ch + ch;
+            File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+            assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+            sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
+            assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+        }
+    }
+
+    public void testMultipleJavaFileInjectionBad()
+    {
+        for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
+        {
+            String ch = i.next().toString();    // avoids generic issues in 1.4&1.5
+            ch = ch + ch + ch;
+            try
+            {
+                File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+                fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+            }
+            catch(ValidationException expected)
+            {
+            }
+            try
+            {
+                File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
+                fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+            }
+            catch(ValidationException expected)
+            {
+            }
+        }
+    }
+
+    public void testAlternateDataStream() {
+        try
+        {
+            File sf = new SafeFile(testDir, TEST_FILE_NAME + ":secret.txt");
+            fail("Able to construct SafeFile for alternate data stream: " + sf.getPath());
+        }
+        catch(ValidationException expected)
+        {
+        }
+    }
+
+    static public String toHex(final byte b) {
+        final char hexDigit[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+        final char[] array = { hexDigit[(b >> 4) & 0x0f], hexDigit[b & 0x0f] };
+        return new String(array);
+    }
+
+    public void testCreatePath() throws Exception
+    {
+        SafeFile sf = new SafeFile(testFile.getPath());
+        assertTrue(sf.exists());
+    }
+
+    public void testCreateParentPathName() throws Exception
+    {
+        SafeFile sf = new SafeFile(testDir, testFile.getName());
+        assertTrue(sf.exists());
+    }
+
+    public void testCreateParentFileName() throws Exception
+    {
+        SafeFile sf = new SafeFile(testFile.getParentFile(), testFile.getName());
+        assertTrue(sf.exists());
+    }
+
+    public void testCreateURI() throws Exception
+    {
+        SafeFile sf = new SafeFile(testFile.toURI());
+        assertTrue(sf.exists());
+    }
+
+    public void testCreateFileNamePercentNull()
+    {
+        try
+        {
+            SafeFile sf = new SafeFile(testDir + File.separator + "file%00.txt");
+            fail("no exception thrown for file name with percent encoded null");
+        }
+        catch(ValidationException expected)
+        {
+        }
+    }
+
+    public void testCreateFileNameQuestion()
+    {
+        try
+        {
+            SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file?.txt");
+            fail("no exception thrown for file name with question mark in it");
+        }
+        catch(ValidationException e)
+        {
+            // expected
+        }
+    }
+
+    public void testCreateFileNameNull()
+    {
+        try
+        {
+            SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)0) + ".txt");
+            fail("no exception thrown for file name with null in it");
+        }
+        catch(ValidationException e)
+        {
+            // expected
+        }
+    }
+
+    public void testCreateFileHighByte()
+    {
+        try
+        {
+            SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)160) + ".txt");
+            fail("no exception thrown for file name with high byte in it");
+        }
+        catch(ValidationException e)
+        {
+            // expected
+        }
+    }
+
+    public void testCreateParentPercentNull()
+    {
+        try
+        {
+            SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file%00.txt");
+            fail("no exception thrown for file name with percent encoded null");
+        }
+        catch(ValidationException e)
+        {
+            // expected
+        }
+    }
+
+    public final void testSafeFileShouldAcceptEmptyPath() throws ValidationException
+    {
+        String filename = "hello.txt";
+        //API dictates that NPE should be thrown.
+        try{
+            SafeFile file = new SafeFile(filename);
+        }catch(NullPointerException npe){
+            assertNotNull(npe);
+        }
+
+
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/TestDebug.java b/src/test/java/org/owasp/esapi/reference/TestDebug.java
index 7b456e4a4..c0c6d58ef 100644
--- a/src/test/java/org/owasp/esapi/reference/TestDebug.java
+++ b/src/test/java/org/owasp/esapi/reference/TestDebug.java
@@ -8,15 +8,15 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.java.JavaLoggerTest
  */
 public class TestDebug extends TestCase {
 
-	/** 
-	 * Dummy method so that JUnit won't complain
-	 */
-	public void testLogging() {
+    /**
+     * Dummy method so that JUnit won't complain
+     */
+    public void testLogging() {
 
-	}
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/TestError.java b/src/test/java/org/owasp/esapi/reference/TestError.java
index 98d984557..17e889fd7 100644
--- a/src/test/java/org/owasp/esapi/reference/TestError.java
+++ b/src/test/java/org/owasp/esapi/reference/TestError.java
@@ -8,15 +8,15 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.java.JavaLoggerTest
  */
 public class TestError extends TestCase {
 
-	/**
-	 * Dummy method so that JUnit won't complain
-	 */
-	public void testLogging() {
+    /**
+     * Dummy method so that JUnit won't complain
+     */
+    public void testLogging() {
 
-	}
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/TestFatal.java b/src/test/java/org/owasp/esapi/reference/TestFatal.java
index 5caa11cf4..a8176a2c1 100644
--- a/src/test/java/org/owasp/esapi/reference/TestFatal.java
+++ b/src/test/java/org/owasp/esapi/reference/TestFatal.java
@@ -8,15 +8,15 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.java.JavaLoggerTest
  */
 public class TestFatal extends TestCase {
 
-	/**
-	 * Dummy method so that JUnit won't complain
-	 */
-	public void testLogging() {
+    /**
+     * Dummy method so that JUnit won't complain
+     */
+    public void testLogging() {
 
-	}
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/TestInfo.java b/src/test/java/org/owasp/esapi/reference/TestInfo.java
index 17cd3dfec..f404ecbbb 100644
--- a/src/test/java/org/owasp/esapi/reference/TestInfo.java
+++ b/src/test/java/org/owasp/esapi/reference/TestInfo.java
@@ -8,15 +8,15 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.java.JavaLoggerTest
  */
 public class TestInfo extends TestCase {
 
-	/**
-	 * Dummy method so that JUnit won't complain
-	 */
-	public void testLogging() {
+    /**
+     * Dummy method so that JUnit won't complain
+     */
+    public void testLogging() {
 
-	}
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/TestTrace.java b/src/test/java/org/owasp/esapi/reference/TestTrace.java
index b38e65b96..3e7b841ea 100644
--- a/src/test/java/org/owasp/esapi/reference/TestTrace.java
+++ b/src/test/java/org/owasp/esapi/reference/TestTrace.java
@@ -8,15 +8,15 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.java.JavaLoggerTest
  */
 public class TestTrace extends TestCase {
 
-	/**
-	 * Dummy method so that JUnit won't complain
-	 */
-	public void testLogging() {
+    /**
+     * Dummy method so that JUnit won't complain
+     */
+    public void testLogging() {
 
-	}
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/TestUnspecified.java b/src/test/java/org/owasp/esapi/reference/TestUnspecified.java
index dc35da34e..c8c9c2651 100644
--- a/src/test/java/org/owasp/esapi/reference/TestUnspecified.java
+++ b/src/test/java/org/owasp/esapi/reference/TestUnspecified.java
@@ -8,15 +8,15 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.java.JavaLoggerTest
  */
 public class TestUnspecified extends TestCase {
 
-	/**
-	 * Dummy method so that JUnit won't complain
-	 */
-	public void testLogging() {
+    /**
+     * Dummy method so that JUnit won't complain
+     */
+    public void testLogging() {
 
-	}
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/TestWarning.java b/src/test/java/org/owasp/esapi/reference/TestWarning.java
index 16c14e3b3..0d80c1c7e 100644
--- a/src/test/java/org/owasp/esapi/reference/TestWarning.java
+++ b/src/test/java/org/owasp/esapi/reference/TestWarning.java
@@ -8,15 +8,15 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.java.JavaLoggerTest
  */
 public class TestWarning extends TestCase {
 
-	/**
-	 * Dummy method so that JUnit won't complain
-	 */
-	public void testLogging() {
+    /**
+     * Dummy method so that JUnit won't complain
+     */
+    public void testLogging() {
 
-	}
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java b/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
index 82b842785..b44bd5389 100644
--- a/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
+++ b/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
@@ -1,87 +1,52 @@
-package org.owasp.esapi.reference;
-
-import java.util.Properties;
-
-public class UnitTestSecurityConfiguration extends DefaultSecurityConfiguration {
-    public UnitTestSecurityConfiguration(DefaultSecurityConfiguration cfg) {
-        super(cfg.getESAPIProperties());
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setApplicationName(String v) {
-    	getESAPIProperties().setProperty(APPLICATION_NAME, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setLogImplementation(String v) {
-    	getESAPIProperties().setProperty(LOG_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setAuthenticationImplementation(String v) {
-    	getESAPIProperties().setProperty(AUTHENTICATION_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setEncoderImplementation(String v) {
-    	getESAPIProperties().setProperty(ENCODER_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setAccessControlImplementation(String v) {
-    	getESAPIProperties().setProperty(ACCESS_CONTROL_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setEncryptionImplementation(String v) {
-    	getESAPIProperties().setProperty(ENCRYPTION_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setIntrusionDetectionImplementation(String v) {
-    	getESAPIProperties().setProperty(INTRUSION_DETECTION_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setRandomizerImplementation(String v) {
-    	getESAPIProperties().setProperty(RANDOMIZER_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setExecutorImplementation(String v) {
-    	getESAPIProperties().setProperty(EXECUTOR_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setHTTPUtilitiesImplementation(String v) {
-    	getESAPIProperties().setProperty(HTTP_UTILITIES_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setValidationImplementation(String v) {
-    	getESAPIProperties().setProperty(VALIDATOR_IMPLEMENTATION, v);
-    }
-
-}
+package org.owasp.esapi.reference;
+
+public class UnitTestSecurityConfiguration extends DefaultSecurityConfiguration {
+    public UnitTestSecurityConfiguration(DefaultSecurityConfiguration cfg) {
+        super(cfg.getESAPIProperties());
+    }
+
+    public void setApplicationName(String v) {
+        getESAPIProperties().setProperty(APPLICATION_NAME, v);
+    }
+
+    public void setLogImplementation(String v) {
+        getESAPIProperties().setProperty(LOG_IMPLEMENTATION, v);
+    }
+
+    public void setAuthenticationImplementation(String v) {
+        getESAPIProperties().setProperty(AUTHENTICATION_IMPLEMENTATION, v);
+    }
+
+    public void setEncoderImplementation(String v) {
+        getESAPIProperties().setProperty(ENCODER_IMPLEMENTATION, v);
+    }
+
+    public void setAccessControlImplementation(String v) {
+        getESAPIProperties().setProperty(ACCESS_CONTROL_IMPLEMENTATION, v);
+    }
+
+    public void setEncryptionImplementation(String v) {
+        getESAPIProperties().setProperty(ENCRYPTION_IMPLEMENTATION, v);
+    }
+
+    public void setIntrusionDetectionImplementation(String v) {
+        getESAPIProperties().setProperty(INTRUSION_DETECTION_IMPLEMENTATION, v);
+    }
+
+    public void setRandomizerImplementation(String v) {
+        getESAPIProperties().setProperty(RANDOMIZER_IMPLEMENTATION, v);
+    }
+
+    public void setExecutorImplementation(String v) {
+        getESAPIProperties().setProperty(EXECUTOR_IMPLEMENTATION, v);
+    }
+
+    public void setHTTPUtilitiesImplementation(String v) {
+        getESAPIProperties().setProperty(HTTP_UTILITIES_IMPLEMENTATION, v);
+    }
+
+    public void setValidationImplementation(String v) {
+        getESAPIProperties().setProperty(VALIDATOR_IMPLEMENTATION, v);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/UserTest.java b/src/test/java/org/owasp/esapi/reference/UserTest.java
index 630976e7b..2a95a4195 100644
--- a/src/test/java/org/owasp/esapi/reference/UserTest.java
+++ b/src/test/java/org/owasp/esapi/reference/UserTest.java
@@ -1,739 +1,748 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import javax.servlet.http.HttpSession;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.http.MockHttpSession;
-
-/**
- * The Class UserTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class UserTest extends TestCase {
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(UserTest.class);
-		return suite;
-	}
-	
-	/**
-	 * Instantiates a new user test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public UserTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * Creates the test user.
-	 * 
-	 * @param password
-	 *            the password
-	 * 
-	 * @return the user
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	private DefaultUser createTestUser(String password) throws AuthenticationException {
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		Exception e = new Exception();
-		System.out.println("Creating user " + username + " for " + e.getStackTrace()[1].getMethodName());
-		DefaultUser user = (DefaultUser) ESAPI.authenticator().createUser(username, password, password);
-		return user;
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Test of testAddRole method, of class org.owasp.esapi.User.
-	 * 
-	 * @exception Exception
-	 * 				any Exception thrown by testing addRole()
-	 */
-	public void testAddRole() throws Exception {
-		System.out.println("addRole");
-		Authenticator instance = ESAPI.authenticator();
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = ESAPI.authenticator().generateStrongPassword();
-		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
-		User user = instance.createUser(accountName, password, password);
-		user.addRole(role);
-		assertTrue(user.isInRole(role));
-		assertFalse(user.isInRole("ridiculous"));
-	}
-
-	/**
-	 * Test of addRoles method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testAddRoles() throws AuthenticationException {
-		System.out.println("addRoles");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		Set set = new HashSet();
-		set.add("rolea");
-		set.add("roleb");
-		user.addRoles(set);
-		assertTrue(user.isInRole("rolea"));
-		assertTrue(user.isInRole("roleb"));
-		assertFalse(user.isInRole("ridiculous"));
-	}
-
-	/**
-	 * Test of changePassword method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testChangePassword() throws Exception {
-		System.out.println("changePassword");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = "Password12!@";
-		DefaultUser user = createTestUser(oldPassword);
-		System.out.println("Hash of " + oldPassword + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
-		String password1 = "SomethingElse34#$";
-		user.changePassword(oldPassword, password1, password1);
-		System.out.println("Hash of " + password1 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
-		assertTrue(user.verifyPassword(password1));
-		String password2 = "YetAnother56%^";
-		user.changePassword(password1, password2, password2);
-		System.out.println("Hash of " + password2 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
-		try {
-			user.changePassword(password2, password1, password1);
-			fail("Shouldn't be able to reuse a password");
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-		assertTrue(user.verifyPassword(password2));
-		assertFalse(user.verifyPassword("badpass"));
-	}
-
-	/**
-	 * Test of disable method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testDisable() throws AuthenticationException {
-		System.out.println("disable");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.enable();
-		assertTrue(user.isEnabled());
-		user.disable();
-		assertFalse(user.isEnabled());
-	}
-
-	/**
-	 * Test of enable method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testEnable() throws AuthenticationException {
-		System.out.println("enable");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.enable();
-		assertTrue(user.isEnabled());
-		user.disable();
-		assertFalse(user.isEnabled());
-	}
-
-	/**
-	 * Test of failedLoginCount lockout, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 * @throws EncryptionException
-	 *             any EncryptionExceptions thrown by testing failedLoginLockout()
-	 */
-	public void testFailedLoginLockout() throws AuthenticationException, EncryptionException {
-		System.out.println("failedLoginLockout");
-		DefaultUser user = createTestUser("failedLoginLockout");
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        
-		user.loginWithPassword("failedLoginLockout");
-		
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
- 		System.out.println("FAILED: " + user.getFailedLoginCount());
-		assertFalse(user.isLocked());
-
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		System.out.println("FAILED: " + user.getFailedLoginCount());
-		assertFalse(user.isLocked());
-
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		System.out.println("FAILED: " + user.getFailedLoginCount());
-		assertTrue(user.isLocked());
-	}
-
-	/**
-	 * Test of getAccountName method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetAccountName() throws AuthenticationException {
-		System.out.println("getAccountName");
-		DefaultUser user = createTestUser("getAccountName");
-		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setAccountName(accountName);
-		assertEquals(accountName.toLowerCase(), user.getAccountName());
-		assertFalse("ridiculous".equals(user.getAccountName()));
-	}
-
-	/**
-	 * Test get last failed login time.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testGetLastFailedLoginTime() throws Exception {
-		System.out.println("getLastLoginTime");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		Date llt1 = user.getLastFailedLoginTime();
-		Thread.sleep(100); // need a short delay to separate attempts
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		Date llt2 = user.getLastFailedLoginTime();
-		assertTrue(llt1.before(llt2));
-	}
-
-	/**
-	 * Test get last login time.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testGetLastLoginTime() throws Exception {
-		System.out.println("getLastLoginTime");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.verifyPassword(oldPassword);
-		Date llt1 = user.getLastLoginTime();
-		Thread.sleep(10); // need a short delay to separate attempts
-		user.verifyPassword(oldPassword);
-		Date llt2 = user.getLastLoginTime();
-		assertTrue(llt1.before(llt2));
-	}
-
-	/**
-	 * Test getLastPasswordChangeTime method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testGetLastPasswordChangeTime() throws Exception {
-		System.out.println("getLastPasswordChangeTime");
-		DefaultUser user = createTestUser("getLastPasswordChangeTime");
-		Date t1 = user.getLastPasswordChangeTime();
-		Thread.sleep(10); // need a short delay to separate attempts
-		String newPassword = ESAPI.authenticator().generateStrongPassword(user, "getLastPasswordChangeTime");
-		user.changePassword("getLastPasswordChangeTime", newPassword, newPassword);
-		Date t2 = user.getLastPasswordChangeTime();
-		assertTrue(t2.after(t1));
-	}
-
-	/**
-	 * Test of getRoles method, of class org.owasp.esapi.User.
-     *
-     * @throws Exception
-     */
-	public void testGetRoles() throws Exception {
-		System.out.println("getRoles");
-		Authenticator instance = ESAPI.authenticator();
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = ESAPI.authenticator().generateStrongPassword();
-		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
-		User user = instance.createUser(accountName, password, password);
-		user.addRole(role);
-		Set roles = user.getRoles();
-		assertTrue(roles.size() > 0);
-	}
-
-	/**
-	 * Test of getScreenName method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetScreenName() throws AuthenticationException {
-		System.out.println("getScreenName");
-		DefaultUser user = createTestUser("getScreenName");
-		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setScreenName(screenName);
-		assertEquals(screenName, user.getScreenName());
-		assertFalse("ridiculous".equals(user.getScreenName()));
-	}
-
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AuthenticationException
-     */
-    public void testGetSessions() throws AuthenticationException {
-        System.out.println("getSessions");
-        Authenticator instance = ESAPI.authenticator();
-        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        String password = ESAPI.authenticator().generateStrongPassword();
-        User user = instance.createUser(accountName, password, password);
-        HttpSession session1 = new MockHttpSession();
-        user.addSession( session1 );
-        HttpSession session2 = new MockHttpSession();
-        user.addSession( session2 );
-        HttpSession session3 = new MockHttpSession();
-        user.addSession( session3 );
-        Set sessions = user.getSessions();
-        Iterator i = sessions.iterator();
-        while ( i.hasNext() ) {
-            HttpSession s = (HttpSession)i.next();
-            System.out.println( ">>>" + s.getId() );
-        }
-        assertTrue(sessions.size() == 3);
-	}
-	
-	
-    /**
-     *
-     */
-    public void testAddSession() {
-	    // TODO
-	}
-	
-    /**
-     *
-     */
-    public void testRemoveSession() {
-	    // TODO
-	}
-	
-	/**
-	 * Test of incrementFailedLoginCount method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIncrementFailedLoginCount() throws AuthenticationException {
-		System.out.println("incrementFailedLoginCount");
-		DefaultUser user = createTestUser("incrementFailedLoginCount");
-		user.enable();
-		assertEquals(0, user.getFailedLoginCount());
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertEquals(1, user.getFailedLoginCount());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertEquals(2, user.getFailedLoginCount());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertEquals(3, user.getFailedLoginCount());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertTrue(user.isLocked());
-	}
-
-	/**
-	 * Test of isEnabled method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsEnabled() throws AuthenticationException {
-		System.out.println("isEnabled");
-		DefaultUser user = createTestUser("isEnabled");
-		user.disable();
-		assertFalse(user.isEnabled());
-		user.enable();
-		assertTrue(user.isEnabled());
-	}
-
-    
-    
-	/**
-	 * Test of isInRole method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsInRole() throws AuthenticationException {
-		System.out.println("isInRole");
-		DefaultUser user = createTestUser("isInRole");
-		String role = "TestRole";
-		assertFalse(user.isInRole(role));
-		user.addRole(role);
-		assertTrue(user.isInRole(role));
-		assertFalse(user.isInRole("Ridiculous"));
-	}
-
-	/**
-	 * Test of isLocked method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsLocked() throws AuthenticationException {
-		System.out.println("isLocked");
-		DefaultUser user = createTestUser("isLocked");
-		user.lock();
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertFalse(user.isLocked());
-	}
-
-	/**
-	 * Test of isSessionAbsoluteTimeout method, of class
-	 * org.owasp.esapi.IntrusionDetector.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsSessionAbsoluteTimeout() throws AuthenticationException {
-		System.out.println("isSessionAbsoluteTimeout");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		long now = System.currentTimeMillis();
-		// setup request and response
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		MockHttpSession session = (MockHttpSession)request.getSession();
-				
-		// set session creation -3 hours (default is 2 hour timeout)		
-		session.setCreationTime( now - (1000 * 60 * 60 * 3) );
-		assertTrue(user.isSessionAbsoluteTimeout());
-		
-		// set session creation -1 hour (default is 2 hour timeout)
-		session.setCreationTime( now - (1000 * 60 * 60 * 1) );
-		assertFalse(user.isSessionAbsoluteTimeout());
-	}
-
-	/**
-	 * Test of isSessionTimeout method, of class
-	 * org.owasp.esapi.IntrusionDetector.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsSessionTimeout() throws AuthenticationException {
-		System.out.println("isSessionTimeout");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		long now = System.currentTimeMillis();
-		// setup request and response
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		MockHttpSession session = (MockHttpSession)request.getSession();
-		
-		// set creation -30 mins (default is 20 min timeout)
-		session.setAccessedTime( now - 1000 * 60 * 30 );
-		assertTrue(user.isSessionTimeout());
-		
-		// set creation -1 hour (default is 20 min timeout)
-		session.setAccessedTime( now - 1000 * 60 * 10 );
-		assertFalse(user.isSessionTimeout());
-	}
-
-	/**
-	 * Test of lockAccount method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLock() throws AuthenticationException {
-		System.out.println("lock");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.lock();
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertFalse(user.isLocked());
-	}
-
-	/**
-	 * Test of loginWithPassword method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLoginWithPassword() throws AuthenticationException {
-		System.out.println("loginWithPassword");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpSession session = (MockHttpSession) request.getSession();
-		assertFalse(session.getInvalidated());
-		DefaultUser user = createTestUser("loginWithPassword");
-		user.enable();
-		user.loginWithPassword("loginWithPassword");
-		assertTrue(user.isLoggedIn());
-		user.logout();
-		assertFalse(user.isLoggedIn());
-		assertFalse(user.isLocked());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertFalse(user.isLoggedIn());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertTrue(user.getFailedLoginCount() == 0 );
-	}
-
-
-	/**
-	 * Test of logout method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLogout() throws AuthenticationException {
-		System.out.println("logout");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		MockHttpSession session = (MockHttpSession) request.getSession();
-		assertFalse(session.getInvalidated());
-		Authenticator instance = ESAPI.authenticator();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.enable();
-		System.out.println(user.getLastLoginTime());
-		user.loginWithPassword(oldPassword);
-		assertTrue(user.isLoggedIn());
-		// get new session after user logs in
-		session = (MockHttpSession) request.getSession();
-		assertFalse(session.getInvalidated());
-		user.logout();
-		assertFalse(user.isLoggedIn());
-		assertTrue(session.getInvalidated());
-	}
-
-	/**
-	 * Test of testRemoveRole method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testRemoveRole() throws AuthenticationException {
-		System.out.println("removeRole");
-		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
-		DefaultUser user = createTestUser("removeRole");
-		user.addRole(role);
-		assertTrue(user.isInRole(role));
-		user.removeRole(role);
-		assertFalse(user.isInRole(role));
-	}
-
-	/**
-	 * Test of testResetCSRFToken method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testResetCSRFToken() throws AuthenticationException {
-		System.out.println("resetCSRFToken");
-		DefaultUser user = createTestUser("resetCSRFToken");
-        String token1 = user.resetCSRFToken();
-        String token2 = user.resetCSRFToken();
-        assertFalse( token1.equals( token2 ) );
-	}
-	
-	/**
-	 * Test of setAccountName method, of class org.owasp.esapi.User.
-     *
-     * @throws AuthenticationException
-     */
-	public void testSetAccountName() throws AuthenticationException {
-		System.out.println("setAccountName");
-		DefaultUser user = createTestUser("setAccountName");
-		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setAccountName(accountName);
-		assertEquals(accountName.toLowerCase(), user.getAccountName());
-		assertFalse("ridiculous".equals(user.getAccountName()));
-	}
-
-	/**
-	 * Test of setExpirationTime method, of class org.owasp.esapi.User.
-     *
-     * @throws Exception
-     */
-	public void testSetExpirationTime() throws Exception {
-		Date longAgo = new Date(0);
-		Date now = new Date();
-		assertTrue("new Date(0) returned " + longAgo + " which is considered before new Date() " + now + ". Please report this output to the email list or as a issue", longAgo.before(now));
-		String password=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		DefaultUser user = createTestUser(password);
-		user.setExpirationTime(longAgo);
-		assertTrue( user.isExpired() );
-	}
-
-	
-	/**
-	 * Test of setRoles method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetRoles() throws AuthenticationException {
-		System.out.println("setRoles");
-		DefaultUser user = createTestUser("setRoles");
-		user.addRole("user");
-		assertTrue(user.isInRole("user"));
-		Set set = new HashSet();
-		set.add("rolea");
-		set.add("roleb");
-		user.setRoles(set);
-		assertFalse(user.isInRole("user"));
-		assertTrue(user.isInRole("rolea"));
-		assertTrue(user.isInRole("roleb"));
-		assertFalse(user.isInRole("ridiculous"));
-	}
-
-	/**
-	 * Test of setScreenName method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetScreenName() throws AuthenticationException {
-		System.out.println("setScreenName");
-		DefaultUser user = createTestUser("setScreenName");
-		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setScreenName(screenName);
-		assertEquals(screenName, user.getScreenName());
-		assertFalse("ridiculous".equals(user.getScreenName()));
-	}
-
-	/**
-	 * Test of unlockAccount method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testUnlock() throws AuthenticationException {
-		System.out.println("unlockAccount");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.lock();
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertFalse(user.isLocked());
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.http.HttpSession;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.http.MockHttpSession;
+
+/**
+ * The Class UserTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class UserTest extends TestCase {
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(UserTest.class);
+        return suite;
+    }
+
+    /**
+     * Instantiates a new user test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public UserTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * Creates the test user.
+     *
+     * @param password
+     *            the password
+     *
+     * @return the user
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    private DefaultUser createTestUser(String password) throws AuthenticationException {
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Exception e = new Exception();
+        System.out.println("Creating user " + username + " for " + e.getStackTrace()[1].getMethodName());
+        DefaultUser user = (DefaultUser) ESAPI.authenticator().createUser(username, password, password);
+        return user;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Test of testAddRole method, of class org.owasp.esapi.User.
+     *
+     * @exception Exception
+     *                 any Exception thrown by testing addRole()
+     */
+    public void testAddRole() throws Exception {
+        System.out.println("addRole");
+        Authenticator instance = ESAPI.authenticator();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = ESAPI.authenticator().generateStrongPassword();
+        String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
+        User user = instance.createUser(accountName, password, password);
+        user.addRole(role);
+        assertTrue(user.isInRole(role));
+        assertFalse(user.isInRole("ridiculous"));
+    }
+
+    /**
+     * Test of addRoles method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testAddRoles() throws AuthenticationException {
+        System.out.println("addRoles");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        Set set = new HashSet();
+        set.add("rolea");
+        set.add("roleb");
+        user.addRoles(set);
+        assertTrue(user.isInRole("rolea"));
+        assertTrue(user.isInRole("roleb"));
+        assertFalse(user.isInRole("ridiculous"));
+    }
+
+    /**
+     * Test of changePassword method, of class org.owasp.esapi.User.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    public void testChangePassword() throws Exception {
+        System.out.println("changePassword");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = "Password12!@";
+        DefaultUser user = createTestUser(oldPassword);
+        System.out.println("Hash of " + oldPassword + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
+        String password1 = "SomethingElse34#$";
+        user.changePassword(oldPassword, password1, password1);
+        System.out.println("Hash of " + password1 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
+        assertTrue(user.verifyPassword(password1));
+        String password2 = "YetAnother56%^";
+        user.changePassword(password1, password2, password2);
+        System.out.println("Hash of " + password2 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
+        try {
+            user.changePassword(password2, password1, password1);
+            fail("Shouldn't be able to reuse a password");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+        try {
+            // Test for GitHub issue 288; note that GitHub issue 287
+            // needed fixed first, because that's what made the password
+            // history work!
+            user.changePassword(password2, oldPassword, oldPassword);
+            fail("Shouldn't be able to reuse original (initial) password.");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+        assertTrue(user.verifyPassword(password2));
+        assertFalse(user.verifyPassword("badpass"));
+    }
+
+    /**
+     * Test of disable method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testDisable() throws AuthenticationException {
+        System.out.println("disable");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        user.enable();
+        assertTrue(user.isEnabled());
+        user.disable();
+        assertFalse(user.isEnabled());
+    }
+
+    /**
+     * Test of enable method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testEnable() throws AuthenticationException {
+        System.out.println("enable");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        user.enable();
+        assertTrue(user.isEnabled());
+        user.disable();
+        assertFalse(user.isEnabled());
+    }
+
+    /**
+     * Test of failedLoginCount lockout, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     * @throws EncryptionException
+     *             any EncryptionExceptions thrown by testing failedLoginLockout()
+     */
+    public void testFailedLoginLockout() throws AuthenticationException, EncryptionException {
+        System.out.println("failedLoginLockout");
+        DefaultUser user = createTestUser("failedLoginLockout");
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+
+        user.loginWithPassword("failedLoginLockout");
+
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+         System.out.println("FAILED: " + user.getFailedLoginCount());
+        assertFalse(user.isLocked());
+
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+        System.out.println("FAILED: " + user.getFailedLoginCount());
+        assertFalse(user.isLocked());
+
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+        System.out.println("FAILED: " + user.getFailedLoginCount());
+        assertTrue(user.isLocked());
+    }
+
+    /**
+     * Test of getAccountName method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testGetAccountName() throws AuthenticationException {
+        System.out.println("getAccountName");
+        DefaultUser user = createTestUser("getAccountName");
+        String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+        user.setAccountName(accountName);
+        assertEquals(accountName.toLowerCase(), user.getAccountName());
+        assertFalse("ridiculous".equals(user.getAccountName()));
+    }
+
+    /**
+     * Test get last failed login time.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    public void testGetLastFailedLoginTime() throws Exception {
+        System.out.println("getLastLoginTime");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+        Date llt1 = user.getLastFailedLoginTime();
+        Thread.sleep(100); // need a short delay to separate attempts
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+        Date llt2 = user.getLastFailedLoginTime();
+        assertTrue(llt1.before(llt2));
+    }
+
+    /**
+     * Test get last login time.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    public void testGetLastLoginTime() throws Exception {
+        System.out.println("getLastLoginTime");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        user.verifyPassword(oldPassword);
+        Date llt1 = user.getLastLoginTime();
+        Thread.sleep(10); // need a short delay to separate attempts
+        user.verifyPassword(oldPassword);
+        Date llt2 = user.getLastLoginTime();
+        assertTrue(llt1.before(llt2));
+    }
+
+    /**
+     * Test getLastPasswordChangeTime method, of class org.owasp.esapi.User.
+     *
+     * @throws Exception
+     *             the exception
+     */
+    public void testGetLastPasswordChangeTime() throws Exception {
+        System.out.println("getLastPasswordChangeTime");
+        DefaultUser user = createTestUser("getLastPasswordChangeTime");
+        Date t1 = user.getLastPasswordChangeTime();
+        Thread.sleep(10); // need a short delay to separate attempts
+        String newPassword = ESAPI.authenticator().generateStrongPassword(user, "getLastPasswordChangeTime");
+        user.changePassword("getLastPasswordChangeTime", newPassword, newPassword);
+        Date t2 = user.getLastPasswordChangeTime();
+        assertTrue(t2.after(t1));
+    }
+
+    /**
+     * Test of getRoles method, of class org.owasp.esapi.User.
+     *
+     * @throws Exception
+     */
+    public void testGetRoles() throws Exception {
+        System.out.println("getRoles");
+        Authenticator instance = ESAPI.authenticator();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = ESAPI.authenticator().generateStrongPassword();
+        String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
+        User user = instance.createUser(accountName, password, password);
+        user.addRole(role);
+        Set roles = user.getRoles();
+        assertTrue(roles.size() > 0);
+    }
+
+    /**
+     * Test of getScreenName method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testGetScreenName() throws AuthenticationException {
+        System.out.println("getScreenName");
+        DefaultUser user = createTestUser("getScreenName");
+        String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+        user.setScreenName(screenName);
+        assertEquals(screenName, user.getScreenName());
+        assertFalse("ridiculous".equals(user.getScreenName()));
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AuthenticationException
+     */
+    public void testGetSessions() throws AuthenticationException {
+        System.out.println("getSessions");
+        Authenticator instance = ESAPI.authenticator();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = ESAPI.authenticator().generateStrongPassword();
+        User user = instance.createUser(accountName, password, password);
+        HttpSession session1 = new MockHttpSession();
+        user.addSession( session1 );
+        HttpSession session2 = new MockHttpSession();
+        user.addSession( session2 );
+        HttpSession session3 = new MockHttpSession();
+        user.addSession( session3 );
+        Set sessions = user.getSessions();
+        Iterator i = sessions.iterator();
+        while ( i.hasNext() ) {
+            HttpSession s = (HttpSession)i.next();
+            System.out.println( ">>>" + s.getId() );
+        }
+        assertTrue(sessions.size() == 3);
+    }
+
+
+    /**
+     *
+     */
+    public void testAddSession() {
+        // TODO
+    }
+
+    /**
+     *
+     */
+    public void testRemoveSession() {
+        // TODO
+    }
+
+    /**
+     * Test of incrementFailedLoginCount method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testIncrementFailedLoginCount() throws AuthenticationException {
+        System.out.println("incrementFailedLoginCount");
+        DefaultUser user = createTestUser("incrementFailedLoginCount");
+        user.enable();
+        assertEquals(0, user.getFailedLoginCount());
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch (AuthenticationException e) {
+            // expected
+        }
+        assertEquals(1, user.getFailedLoginCount());
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch (AuthenticationException e) {
+            // expected
+        }
+        assertEquals(2, user.getFailedLoginCount());
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch (AuthenticationException e) {
+            // expected
+        }
+        assertEquals(3, user.getFailedLoginCount());
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch (AuthenticationException e) {
+            // expected
+        }
+        assertTrue(user.isLocked());
+    }
+
+    /**
+     * Test of isEnabled method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testIsEnabled() throws AuthenticationException {
+        System.out.println("isEnabled");
+        DefaultUser user = createTestUser("isEnabled");
+        user.disable();
+        assertFalse(user.isEnabled());
+        user.enable();
+        assertTrue(user.isEnabled());
+    }
+
+
+
+    /**
+     * Test of isInRole method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testIsInRole() throws AuthenticationException {
+        System.out.println("isInRole");
+        DefaultUser user = createTestUser("isInRole");
+        String role = "TestRole";
+        assertFalse(user.isInRole(role));
+        user.addRole(role);
+        assertTrue(user.isInRole(role));
+        assertFalse(user.isInRole("Ridiculous"));
+    }
+
+    /**
+     * Test of isLocked method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testIsLocked() throws AuthenticationException {
+        System.out.println("isLocked");
+        DefaultUser user = createTestUser("isLocked");
+        user.lock();
+        assertTrue(user.isLocked());
+        user.unlock();
+        assertFalse(user.isLocked());
+    }
+
+    /**
+     * Test of isSessionAbsoluteTimeout method, of class
+     * org.owasp.esapi.IntrusionDetector.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testIsSessionAbsoluteTimeout() throws AuthenticationException {
+        System.out.println("isSessionAbsoluteTimeout");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        long now = System.currentTimeMillis();
+        // setup request and response
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        MockHttpSession session = (MockHttpSession)request.getSession();
+
+        // set session creation -3 hours (default is 2 hour timeout)
+        session.setCreationTime( now - (1000 * 60 * 60 * 3) );
+        assertTrue(user.isSessionAbsoluteTimeout());
+
+        // set session creation -1 hour (default is 2 hour timeout)
+        session.setCreationTime( now - (1000 * 60 * 60 * 1) );
+        assertFalse(user.isSessionAbsoluteTimeout());
+    }
+
+    /**
+     * Test of isSessionTimeout method, of class
+     * org.owasp.esapi.IntrusionDetector.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testIsSessionTimeout() throws AuthenticationException {
+        System.out.println("isSessionTimeout");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        long now = System.currentTimeMillis();
+        // setup request and response
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        MockHttpSession session = (MockHttpSession)request.getSession();
+
+        // set creation -30 mins (default is 20 min timeout)
+        session.setAccessedTime( now - 1000 * 60 * 30 );
+        assertTrue(user.isSessionTimeout());
+
+        // set creation -1 hour (default is 20 min timeout)
+        session.setAccessedTime( now - 1000 * 60 * 10 );
+        assertFalse(user.isSessionTimeout());
+    }
+
+    /**
+     * Test of lockAccount method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testLock() throws AuthenticationException {
+        System.out.println("lock");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        user.lock();
+        assertTrue(user.isLocked());
+        user.unlock();
+        assertFalse(user.isLocked());
+    }
+
+    /**
+     * Test of loginWithPassword method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testLoginWithPassword() throws AuthenticationException {
+        System.out.println("loginWithPassword");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpSession session = (MockHttpSession) request.getSession();
+        assertFalse(session.getInvalidated());
+        DefaultUser user = createTestUser("loginWithPassword");
+        user.enable();
+        user.loginWithPassword("loginWithPassword");
+        assertTrue(user.isLoggedIn());
+        user.logout();
+        assertFalse(user.isLoggedIn());
+        assertFalse(user.isLocked());
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch (AuthenticationException e) {
+            // expected
+        }
+        assertFalse(user.isLoggedIn());
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch (AuthenticationException e) {
+            // expected
+        }
+        try {
+            user.loginWithPassword("ridiculous");
+        } catch (AuthenticationException e) {
+            // expected
+        }
+        assertTrue(user.isLocked());
+        user.unlock();
+        assertTrue(user.getFailedLoginCount() == 0 );
+    }
+
+
+    /**
+     * Test of logout method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testLogout() throws AuthenticationException {
+        System.out.println("logout");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        MockHttpSession session = (MockHttpSession) request.getSession();
+        assertFalse(session.getInvalidated());
+        Authenticator instance = ESAPI.authenticator();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        user.enable();
+        System.out.println(user.getLastLoginTime());
+        user.loginWithPassword(oldPassword);
+        assertTrue(user.isLoggedIn());
+        // get new session after user logs in
+        session = (MockHttpSession) request.getSession();
+        assertFalse(session.getInvalidated());
+        user.logout();
+        assertFalse(user.isLoggedIn());
+        assertTrue(session.getInvalidated());
+    }
+
+    /**
+     * Test of testRemoveRole method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testRemoveRole() throws AuthenticationException {
+        System.out.println("removeRole");
+        String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
+        DefaultUser user = createTestUser("removeRole");
+        user.addRole(role);
+        assertTrue(user.isInRole(role));
+        user.removeRole(role);
+        assertFalse(user.isInRole(role));
+    }
+
+    /**
+     * Test of testResetCSRFToken method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testResetCSRFToken() throws AuthenticationException {
+        System.out.println("resetCSRFToken");
+        DefaultUser user = createTestUser("resetCSRFToken");
+        String token1 = user.resetCSRFToken();
+        String token2 = user.resetCSRFToken();
+        assertFalse( token1.equals( token2 ) );
+    }
+
+    /**
+     * Test of setAccountName method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     */
+    public void testSetAccountName() throws AuthenticationException {
+        System.out.println("setAccountName");
+        DefaultUser user = createTestUser("setAccountName");
+        String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+        user.setAccountName(accountName);
+        assertEquals(accountName.toLowerCase(), user.getAccountName());
+        assertFalse("ridiculous".equals(user.getAccountName()));
+    }
+
+    /**
+     * Test of setExpirationTime method, of class org.owasp.esapi.User.
+     *
+     * @throws Exception
+     */
+    public void testSetExpirationTime() throws Exception {
+        Date longAgo = new Date(0);
+        Date now = new Date();
+        assertTrue("new Date(0) returned " + longAgo + " which is considered before new Date() " + now + ". Please report this output to the email list or as a issue", longAgo.before(now));
+        String password=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = createTestUser(password);
+        user.setExpirationTime(longAgo);
+        assertTrue( user.isExpired() );
+    }
+
+
+    /**
+     * Test of setRoles method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testSetRoles() throws AuthenticationException {
+        System.out.println("setRoles");
+        DefaultUser user = createTestUser("setRoles");
+        user.addRole("user");
+        assertTrue(user.isInRole("user"));
+        Set set = new HashSet();
+        set.add("rolea");
+        set.add("roleb");
+        user.setRoles(set);
+        assertFalse(user.isInRole("user"));
+        assertTrue(user.isInRole("rolea"));
+        assertTrue(user.isInRole("roleb"));
+        assertFalse(user.isInRole("ridiculous"));
+    }
+
+    /**
+     * Test of setScreenName method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testSetScreenName() throws AuthenticationException {
+        System.out.println("setScreenName");
+        DefaultUser user = createTestUser("setScreenName");
+        String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+        user.setScreenName(screenName);
+        assertEquals(screenName, user.getScreenName());
+        assertFalse("ridiculous".equals(user.getScreenName()));
+    }
+
+    /**
+     * Test of unlockAccount method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testUnlock() throws AuthenticationException {
+        System.out.println("unlockAccount");
+        Authenticator instance = ESAPI.authenticator();
+        String oldPassword = instance.generateStrongPassword();
+        DefaultUser user = createTestUser(oldPassword);
+        user.lock();
+        assertTrue(user.isLocked());
+        user.unlock();
+        assertFalse(user.isLocked());
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 9402630bb..7a530e4f2 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1,1150 +1,1161 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.*;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.*;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.filters.SecurityWrapperRequest;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.reference.validation.HTMLValidationRule;
-import org.owasp.esapi.reference.validation.StringValidationRule;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * The Class ValidatorTest.
- *
- * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidatorTest extends TestCase {
-
-    private static final String PREFERRED_ENCODING = "UTF-8";
-
-    public static Test suite() {
-        return new TestSuite(ValidatorTest.class);
-    }
-
-    /**
-     * Instantiates a new HTTP utilities test.
-     *
-     * @param testName the test name
-     */
-    public ValidatorTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        // none
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-        // none
-    }
-
-    public void testAddRule() {
-        Validator validator = ESAPI.validator();
-        ValidationRule rule = new StringValidationRule("ridiculous");
-        validator.addRule(rule);
-        assertEquals(rule, validator.getRule("ridiculous"));
-    }
-
-    public void testAssertValidFileUpload() {
-        //		assertValidFileUpload(String, String, String, byte[], int, boolean, ValidationErrorList)
-    }
-
-    public void testGetPrintable1() {
-        //		getValidPrintable(String, char[], int, boolean, ValidationErrorList)
-    }
-
-    public void testGetPrintable2() {
-        //		getValidPrintable(String, String, int, boolean, ValidationErrorList)
-    }
-
-    public void testGetRule() {
-        Validator validator = ESAPI.validator();
-        ValidationRule rule = new StringValidationRule("rule");
-        validator.addRule(rule);
-        assertEquals(rule, validator.getRule("rule"));
-        assertFalse(rule == validator.getRule("ridiculous"));
-    }
-
-    public void testGetValidCreditCard() {
-        System.out.println("getValidCreditCard");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-
-        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false));
-        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false));
-        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false));
-        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false));
-
-        instance.getValidCreditCard("cctest5", "1234 9876 0000 0008", false, errors);
-        assertEquals(0, errors.size());
-        instance.getValidCreditCard("cctest6", "1234987600000008", false, errors);
-        assertEquals(0, errors.size());
-        instance.getValidCreditCard("cctest7", "12349876000000081", false, errors);
-        assertEquals(1, errors.size());
-        instance.getValidCreditCard("cctest8", "4417 1234 5678 9112", false, errors);
-        assertEquals(2, errors.size());
-
-        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false, errors));
-        assertTrue(errors.size()==2);
-        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false, errors));
-        assertTrue(errors.size()==3);
-        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false, errors));
-        assertTrue(errors.size()==4);
-    }
-
-    public void testGetValidDate() throws Exception {
-    	System.out.println("getValidDate");
-    	Validator instance = ESAPI.validator();
-    	ValidationErrorList errors = new ValidationErrorList();
-    	assertTrue(instance.getValidDate("datetest1", "June 23, 1967", DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US), false) != null);
-    	instance.getValidDate("datetest2", "freakshow", DateFormat.getDateInstance(), false, errors);
-    	assertEquals(1, errors.size());
-
-    	// TODO: This test case fails due to an apparent bug in SimpleDateFormat
-    	// Note: This seems to be fixed in JDK 6. Will leave it commented out since
-    	//		 we only require JDK 5. -kww
-    	instance.getValidDate("test", "June 32, 2008", DateFormat.getDateInstance(), false, errors);
-    	// assertEquals( 2, errors.size() );
-    }
-    
-    // FIXME: Should probably use SecurityConfigurationWrapper and force
-    //		  Validator.AcceptLenientDates to be false.
-    public void testLenientDate() {
-    	System.out.println("testLenientDate");
-    	boolean acceptLenientDates = ESAPI.securityConfiguration().getLenientDatesAccepted();
-    	if ( acceptLenientDates ) {
-    		assertTrue("Lenient date test skipped because Validator.AcceptLenientDates set to true", true);
-    		return;
-    	}
-
-    	Date lenientDateTest = null;
-    	try {
-    		// lenientDateTest will be null when Validator.AcceptLenientDates
-    		// is set to false (the default).
-    		Validator instance = ESAPI.validator();
-    		lenientDateTest = instance.getValidDate("datatest3-lenient", "15/2/2009 11:83:00",
-    				                                DateFormat.getDateInstance(DateFormat.SHORT, Locale.US),
-    				                                false);
-    		fail("Failed to throw expected ValidationException when Validator.AcceptLenientDates set to false.");
-    	} catch (ValidationException ve) {
-    		assertNull( lenientDateTest );
-    		Throwable cause = ve.getCause();
-    		assertTrue( cause.getClass().getName().equals("java.text.ParseException") );
-    	} catch (Exception e) {
-    		fail("Caught unexpected exception: " + e.getClass().getName() + "; msg: " + e);
-    	}
-    }
-
-    public void testGetValidDirectoryPath() throws Exception {
-        System.out.println("getValidDirectoryPath");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // find a directory that exists
-        File parent = new File("/");
-        String path = ESAPI.securityConfiguration().getResourceFile("ESAPI.properties").getParentFile().getCanonicalPath();
-        instance.getValidDirectoryPath("dirtest1", path, parent, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidDirectoryPath("dirtest2", null, parent, false, errors);
-        assertEquals(1, errors.size());
-        instance.getValidDirectoryPath("dirtest3", "ridicul%00ous", parent, false, errors);
-        assertEquals(2, errors.size());
-    }
-
-    public void testGetValidDouble() {
-        System.out.println("getValidDouble");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        instance.getValidDouble("dtest1", "1.0", 0, 20, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidDouble("dtest2", null, 0, 20, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidDouble("dtest3", null, 0, 20, false, errors);
-        assertEquals(1, errors.size());
-        instance.getValidDouble("dtest4", "ridiculous", 0, 20, true, errors);
-        assertEquals(2, errors.size());
-        instance.getValidDouble("dtest5", "" + (Double.MAX_VALUE), 0, 20, true, errors);
-        assertEquals(3, errors.size());
-        instance.getValidDouble("dtest6", "" + (Double.MAX_VALUE + .00001), 0, 20, true, errors);
-        assertEquals(4, errors.size());
-    }
-
-    public void testGetValidFileContent() {
-        System.out.println("getValidFileContent");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        byte[] bytes = null;
-        try {
-            bytes = "12345".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!");
-        }
-        instance.getValidFileContent("test", bytes, 5, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidFileContent("test", bytes, 4, true, errors);
-        assertEquals(1, errors.size());
-    }
-
-    public void testGetValidFileName() throws Exception {
-        System.out.println("getValidFileName");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        String testName = "aspe%20ct.jar";
-        assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
-    }
-
-    public void testGetValidInput() {
-        System.out.println("getValidInput");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidInput(String, String, String, int, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidInteger() {
-        System.out.println("getValidInteger");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidInteger(String, String, int, int, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidListItem() {
-        System.out.println("getValidListItem");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidListItem(String, String, List, ValidationErrorList)
-    }
-
-    public void testGetValidNumber() {
-        System.out.println("getValidNumber");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidNumber(String, String, long, long, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidRedirectLocation() {
-        System.out.println("getValidRedirectLocation");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidRedirectLocation(String, String, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidSafeHTML() throws Exception {
-        System.out.println("getValidSafeHTML");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-
-        // new school test case setup
-        HTMLValidationRule rule = new HTMLValidationRule("test");
-        ESAPI.validator().addRule(rule);
-
-        assertEquals("Test.", ESAPI.validator().getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>"));
-
-        String test1 = "<b>Jeff</b>";
-        String result1 = instance.getValidSafeHTML("test", test1, 100, false, errors);
-        assertEquals(test1, result1);
-
-        String test2 = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>";
-        String result2 = instance.getValidSafeHTML("test", test2, 100, false, errors);
-        assertEquals(test2, result2);
-
-        String test3 = "Test. <script>alert(document.cookie)</script>";
-        assertEquals("Test.", rule.getSafe("test", test3));
-
-        assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
-        assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
-        assertEquals("Test.", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
-        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
-        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
-        // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts
-        // This would be nice to catch, but just looks like text to AntiSamy
-        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
-        // String result4 = instance.getValidSafeHTML("test", test4);
-        // assertEquals("", result4);
-    }
-
-    public void testIsInvalidFilename() {
-        System.out.println("testIsInvalidFilename");
-        Validator instance = ESAPI.validator();
-        char invalidChars[] = "/\\:*?\"<>|".toCharArray();
-        for (int i = 0; i < invalidChars.length; i++) {
-            assertFalse(invalidChars[i] + " is an invalid character for a filename",
-                    instance.isValidFileName("test", "as" + invalidChars[i] + "pect.jar", false));
-        }
-        assertFalse("Files must have an extension", instance.isValidFileName("test", "", false));
-        assertFalse("Files must have a valid extension", instance.isValidFileName("test.invalidExtension", "", false));
-        assertFalse("Filennames cannot be the empty string", instance.isValidFileName("test", "", false));
-    }
-
-    public void testIsValidDate() {
-        System.out.println("isValidDate");
-        Validator instance = ESAPI.validator();
-        DateFormat format = SimpleDateFormat.getDateInstance();
-        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true));
-        assertFalse(instance.isValidDate("datetest2", null, format, false));
-        assertFalse(instance.isValidDate("datetest3", "", format, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidDate("datetest2", null, format, false, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidDate("datetest3", "", format, false, errors));
-        assertTrue(errors.size()==2);
-
-    }
-
-    public void testIsValidDirectoryPath() throws IOException {
-        System.out.println("isValidDirectoryPath");
-
-        // get an encoder with a special list of codecs and make a validator out of it
-        List list = new ArrayList();
-        list.add("HTMLEntityCodec");
-        Encoder encoder = new DefaultEncoder(list);
-        Validator instance = new DefaultValidator(encoder);
-
-        boolean isWindows = (System.getProperty("os.name").indexOf("Windows") != -1) ? true : false;
-        File parent = new File("/");
-
-        ValidationErrorList errors = new ValidationErrorList();
-
-        if (isWindows) {
-            String sysRoot = new File(System.getenv("SystemRoot")).getCanonicalPath();
-            // Windows paths that don't exist and thus should fail
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\jeff", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
-
-            // Windows paths
-            assertTrue(instance.isValidDirectoryPath("test", "C:\\", parent, false));                        // Windows root directory
-            assertTrue(instance.isValidDirectoryPath("test", sysRoot, parent, false));                  // Windows always exist directory
-            assertFalse(instance.isValidDirectoryPath("test", sysRoot + "\\System32\\cmd.exe", parent, false));      // Windows command shell
-
-            // Unix specific paths should not pass
-            assertFalse(instance.isValidDirectoryPath("test", "/tmp", parent, false));      // Unix Temporary directory
-            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Unix Standard shell
-            assertFalse(instance.isValidDirectoryPath("test", "/etc/config", parent, false));
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
-
-            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
-            assertTrue(errors.size()==1);
-            assertFalse(instance.isValidDirectoryPath("test2", "c:\\jeff", parent, false, errors));
-            assertTrue(errors.size()==2);
-            assertFalse(instance.isValidDirectoryPath("test3", "c:\\temp\\..\\etc", parent, false, errors));
-            assertTrue(errors.size()==3);
-
-            // Windows paths
-            assertTrue(instance.isValidDirectoryPath("test4", "C:\\", parent, false, errors));                        // Windows root directory
-            assertTrue(errors.size()==3);
-            assertTrue(instance.isValidDirectoryPath("test5", sysRoot, parent, false, errors));                  // Windows always exist directory
-            assertTrue(errors.size()==3);
-            assertFalse(instance.isValidDirectoryPath("test6", sysRoot + "\\System32\\cmd.exe", parent, false, errors));      // Windows command shell
-            assertTrue(errors.size()==4);
-
-            // Unix specific paths should not pass
-            assertFalse(instance.isValidDirectoryPath("test7", "/tmp", parent, false, errors));      // Unix Temporary directory
-            assertTrue(errors.size()==5);
-            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Unix Standard shell
-            assertTrue(errors.size()==6);
-            assertFalse(instance.isValidDirectoryPath("test9", "/etc/config", parent, false, errors));
-            assertTrue(errors.size()==7);
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test10", "/etc/ridiculous", parent, false, errors));
-            assertTrue(errors.size()==8);
-            assertFalse(instance.isValidDirectoryPath("test11", "/tmp/../etc", parent, false, errors));
-            assertTrue(errors.size()==9);
-
-        } else {
-            // Windows paths should fail
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
-
-            // Standard Windows locations should fail
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\", parent, false));                        // Windows root directory
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\temp", parent, false));               // Windows temporary directory
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\System32\\cmd.exe", parent, false));   // Windows command shell
-
-            // Unix specific paths should pass
-            assertTrue(instance.isValidDirectoryPath("test", "/", parent, false));         // Root directory
-            assertTrue(instance.isValidDirectoryPath("test", "/bin", parent, false));      // Always exist directory
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Standard shell, not dir
-            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
-
-            // Windows paths should fail
-            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
-            assertTrue(errors.size()==1);
-            assertFalse(instance.isValidDirectoryPath("test2", "c:\\temp\\..\\etc", parent, false, errors));
-            assertTrue(errors.size()==2);
-
-            // Standard Windows locations should fail
-            assertFalse(instance.isValidDirectoryPath("test3", "c:\\", parent, false, errors));                        // Windows root directory
-            assertTrue(errors.size()==3);
-            assertFalse(instance.isValidDirectoryPath("test4", "c:\\Windows\\temp", parent, false, errors));               // Windows temporary directory
-            assertTrue(errors.size()==4);
-            assertFalse(instance.isValidDirectoryPath("test5", "c:\\Windows\\System32\\cmd.exe", parent, false, errors));   // Windows command shell
-            assertTrue(errors.size()==5);
-
-            // Unix specific paths should pass
-            assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors));         // Root directory
-            assertTrue(errors.size()==5);
-            assertTrue(instance.isValidDirectoryPath("test7", "/bin", parent, false, errors));      // Always exist directory
-            assertTrue(errors.size()==5);
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Standard shell, not dir
-            assertTrue(errors.size()==6);
-            assertFalse(instance.isValidDirectoryPath("test9", "/etc/ridiculous", parent, false, errors));
-            assertTrue(errors.size()==7);
-            assertFalse(instance.isValidDirectoryPath("test10", "/tmp/../etc", parent, false, errors));
-            assertTrue(errors.size()==8);
-        }
-    }
-
-    public void TestIsValidDirectoryPath() {
-        // isValidDirectoryPath(String, String, boolean)
-    }
-
-    public void testIsValidDouble() {
-        // isValidDouble(String, String, double, double, boolean)
-    	Validator instance = ESAPI.validator();
-    	ValidationErrorList errors = new ValidationErrorList();
-    	//testing negative range
-        assertFalse(instance.isValidDouble("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        assertTrue(instance.isValidDouble("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        //testing null value
-        assertTrue(instance.isValidDouble("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size() == 1);
-        assertFalse(instance.isValidDouble("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size() == 2);
-        //testing empty string
-        assertTrue(instance.isValidDouble("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size() == 2);
-        assertFalse(instance.isValidDouble("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size() == 3);
-        //testing improper range
-        assertFalse(instance.isValidDouble("test7", "50.0", 10, -10, false, errors));
-        assertTrue(errors.size() == 4);
-        //testing non-integers
-        assertTrue(instance.isValidDouble("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size() == 4);
-        assertTrue(instance.isValidDouble("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size() == 4);
-        //other testing
-        assertTrue(instance.isValidDouble("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size() == 4);
-        assertTrue(instance.isValidDouble("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size() == 4);
-        assertTrue(instance.isValidDouble("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size() == 4);
-        assertFalse(instance.isValidDouble("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size() == 5);
-        assertFalse(instance.isValidDouble("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size() == 6);
-        assertFalse(instance.isValidDouble("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size() == 7);
-        assertFalse(instance.isValidDouble("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size() == 8);
-        assertFalse(instance.isValidDouble("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 9);
-        assertFalse(instance.isValidDouble("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 10);
-        assertFalse(instance.isValidDouble("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 11);
-        assertFalse(instance.isValidDouble("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 12);
-        assertFalse(instance.isValidDouble("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 13);
-        assertTrue(instance.isValidDouble("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 13);
-        assertTrue(instance.isValidDouble("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 13);
-    }
-
-    public void testIsValidFileContent() {
-        System.out.println("isValidFileContent");
-        byte[] content = null;
-        try {
-            content = "This is some file content".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidFileContent("test", content, 100, false));
-    }
-
-    public void testIsValidFileName() {
-        System.out.println("isValidFileName");
-        Validator instance = ESAPI.validator();
-        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false));
-        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false));
-        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false, errors));
-        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false, errors));
-        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false, errors));
-        assertTrue(errors.size() == 0);
-    }
-
-    public void testIsValidFileUpload() throws IOException {
-        System.out.println("isValidFileUpload");
-        String filepath = new File(System.getProperty("user.dir")).getCanonicalPath();
-        String filename = "aspect.jar";
-        File parent = new File("/").getCanonicalFile();
-        ValidationErrorList errors = new ValidationErrorList();
-        byte[] content = null;
-        try {
-            content = "This is some file content".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
-        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
-        assertTrue(errors.size() == 0);
-
-        filepath = "/ridiculous";
-        filename = "aspect.jar";
-        try {
-            content = "This is some file content".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
-        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
-        assertTrue(errors.size() == 1);
-    }
-
-    public void testIsValidHTTPRequestParameterSet() {
-        //		isValidHTTPRequestParameterSet(String, Set, Set)
-    }
-
-    public void testisValidInput() {
-        System.out.println("isValidInput");
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidInput("test", "jeff.williams@aspectsecurity.com", "Email", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff.williams@@aspectsecurity.com", "Email", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff.williams@aspectsecurity", "Email", 100, false));
-        assertTrue(instance.isValidInput("test", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false));
-        assertTrue(instance.isValidInput("test", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false));
-        assertTrue(instance.isValidInput("test", "123.168.100.234", "IPAddress", 100, false));
-        assertTrue(instance.isValidInput("test", "192.168.1.234", "IPAddress", 100, false));
-        assertFalse(instance.isValidInput("test", "..168.1.234", "IPAddress", 100, false));
-        assertFalse(instance.isValidInput("test", "10.x.1.234", "IPAddress", 100, false));
-        assertTrue(instance.isValidInput("test", "http://www.aspectsecurity.com", "URL", 100, false));
-        assertFalse(instance.isValidInput("test", "http:///www.aspectsecurity.com", "URL", 100, false));
-        assertFalse(instance.isValidInput("test", "http://www.aspect security.com", "URL", 100, false));
-        assertTrue(instance.isValidInput("test", "078-05-1120", "SSN", 100, false));
-        assertTrue(instance.isValidInput("test", "078 05 1120", "SSN", 100, false));
-        assertTrue(instance.isValidInput("test", "078051120", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "987-65-4320", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "000-00-0000", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "(555) 555-5555", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "test", "SSN", 100, false));
-        assertTrue(instance.isValidInput("test", "jeffWILLIAMS123", "HTTPParameterValue", 100, false));
-        assertTrue(instance.isValidInput("test", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false));
-        // Removed per Issue 116 - The '*' character is valid as a parameter character
-//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff^WILLIAMS", "HTTPParameterValue", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false));
-
-        assertTrue(instance.isValidInput("test", null, "Email", 100, true));
-        assertFalse(instance.isValidInput("test", null, "Email", 100, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-
-        assertTrue(instance.isValidInput("test1", "jeff.williams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidInput("test2", "jeff.williams@@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidInput("test3", "jeff.williams@aspectsecurity", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test4", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test5", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test6", "123.168.100.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test7", "192.168.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertFalse(instance.isValidInput("test8", "..168.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==3);
-        assertFalse(instance.isValidInput("test9", "10.x.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidInput("test10", "http://www.aspectsecurity.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==4);
-        assertFalse(instance.isValidInput("test11", "http:///www.aspectsecurity.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==5);
-        assertFalse(instance.isValidInput("test12", "http://www.aspect security.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertTrue(instance.isValidInput("test13", "078-05-1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertTrue(instance.isValidInput("test14", "078 05 1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertTrue(instance.isValidInput("test15", "078051120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertFalse(instance.isValidInput("test16", "987-65-4320", "SSN", 100, false, errors));
-        assertTrue(errors.size()==7);
-        assertFalse(instance.isValidInput("test17", "000-00-0000", "SSN", 100, false, errors));
-        assertTrue(errors.size()==8);
-        assertFalse(instance.isValidInput("test18", "(555) 555-5555", "SSN", 100, false, errors));
-        assertTrue(errors.size()==9);
-        assertFalse(instance.isValidInput("test19", "test", "SSN", 100, false, errors));
-        assertTrue(errors.size()==10);
-        assertTrue(instance.isValidInput("test20", "jeffWILLIAMS123", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==10);
-        assertTrue(instance.isValidInput("test21", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==10);
-        // Removed per Issue 116 - The '*' character is valid as a parameter character
-//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
-        assertFalse(instance.isValidInput("test22", "jeff^WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==11);
-        assertFalse(instance.isValidInput("test23", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==12);
-
-        assertTrue(instance.isValidInput("test", null, "Email", 100, true, errors));
-        assertFalse(instance.isValidInput("test", null, "Email", 100, false, errors));
-    }
-
-    public void testIsValidInteger() {
-        System.out.println("isValidInteger");
-        Validator instance = ESAPI.validator();
-        //testing negative range
-        assertFalse(instance.isValidInteger("test", "-4", 1, 10, false));
-        assertTrue(instance.isValidInteger("test", "-4", -10, 10, false));
-        //testing null value
-        assertTrue(instance.isValidInteger("test", null, -10, 10, true));
-        assertFalse(instance.isValidInteger("test", null, -10, 10, false));
-        //testing empty string
-        assertTrue(instance.isValidInteger("test", "", -10, 10, true));
-        assertFalse(instance.isValidInteger("test", "", -10, 10, false));
-        //testing improper range
-        assertFalse(instance.isValidInteger("test", "50", 10, -10, false));
-        //testing non-integers
-        assertFalse(instance.isValidInteger("test", "4.3214", -10, 10, true));
-        assertFalse(instance.isValidInteger("test", "-1.65", -10, 10, true));
-        //other testing
-        assertTrue(instance.isValidInteger("test", "4", 1, 10, false));
-        assertTrue(instance.isValidInteger("test", "400", 1, 10000, false));
-        assertTrue(instance.isValidInteger("test", "400000000", 1, 400000000, false));
-        assertFalse(instance.isValidInteger("test", "4000000000000", 1, 10000, false));
-        assertFalse(instance.isValidInteger("test", "alsdkf", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "--10", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "14.1414234x", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "Infinity", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "-Infinity", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "NaN", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "-NaN", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "+NaN", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "1e-6", -999999999, 999999999, false));
-        assertFalse(instance.isValidInteger("test", "-1e-6", -999999999, 999999999, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        //testing negative range
-        assertFalse(instance.isValidInteger("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        assertTrue(instance.isValidInteger("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        //testing null value
-        assertTrue(instance.isValidInteger("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size() == 1);
-        assertFalse(instance.isValidInteger("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size() == 2);
-        //testing empty string
-        assertTrue(instance.isValidInteger("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size() == 2);
-        assertFalse(instance.isValidInteger("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size() == 3);
-        //testing improper range
-        assertFalse(instance.isValidInteger("test7", "50", 10, -10, false, errors));
-        assertTrue(errors.size() == 4);
-        //testing non-integers
-        assertFalse(instance.isValidInteger("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size() == 5);
-        assertFalse(instance.isValidInteger("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size() == 6);
-        //other testing
-        assertTrue(instance.isValidInteger("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size() == 6);
-        assertTrue(instance.isValidInteger("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size() == 6);
-        assertTrue(instance.isValidInteger("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size() == 6);
-        assertFalse(instance.isValidInteger("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size() == 7);
-        assertFalse(instance.isValidInteger("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size() == 8);
-        assertFalse(instance.isValidInteger("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size() == 9);
-        assertFalse(instance.isValidInteger("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size() == 10);
-        assertFalse(instance.isValidInteger("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 11);
-        assertFalse(instance.isValidInteger("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 12);
-        assertFalse(instance.isValidInteger("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 13);
-        assertFalse(instance.isValidInteger("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 14);
-        assertFalse(instance.isValidInteger("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 15);
-        assertFalse(instance.isValidInteger("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 16);
-        assertFalse(instance.isValidInteger("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 17);
-
-    }
-
-    public void testIsValidListItem() {
-        System.out.println("isValidListItem");
-        Validator instance = ESAPI.validator();
-        List list = new ArrayList();
-        list.add("one");
-        list.add("two");
-        assertTrue(instance.isValidListItem("test", "one", list));
-        assertFalse(instance.isValidListItem("test", "three", list));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidListItem("test1", "one", list, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidListItem("test2", "three", list, errors));
-        assertTrue(errors.size()==1);
-    }
-
-    public void testIsValidNumber() {
-        System.out.println("isValidNumber");
-        Validator instance = ESAPI.validator();
-        //testing negative range
-        assertFalse(instance.isValidNumber("test", "-4", 1, 10, false));
-        assertTrue(instance.isValidNumber("test", "-4", -10, 10, false));
-        //testing null value
-        assertTrue(instance.isValidNumber("test", null, -10, 10, true));
-        assertFalse(instance.isValidNumber("test", null, -10, 10, false));
-        //testing empty string
-        assertTrue(instance.isValidNumber("test", "", -10, 10, true));
-        assertFalse(instance.isValidNumber("test", "", -10, 10, false));
-        //testing improper range
-        assertFalse(instance.isValidNumber("test", "5", 10, -10, false));
-        //testing non-integers
-        assertTrue(instance.isValidNumber("test", "4.3214", -10, 10, true));
-        assertTrue(instance.isValidNumber("test", "-1.65", -10, 10, true));
-        //other testing
-        assertTrue(instance.isValidNumber("test", "4", 1, 10, false));
-        assertTrue(instance.isValidNumber("test", "400", 1, 10000, false));
-        assertTrue(instance.isValidNumber("test", "400000000", 1, 400000000, false));
-        assertFalse(instance.isValidNumber("test", "4000000000000", 1, 10000, false));
-        assertFalse(instance.isValidNumber("test", "alsdkf", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "--10", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "14.1414234x", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "Infinity", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "-Infinity", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "NaN", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "-NaN", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "+NaN", 10, 10000, false));
-        assertTrue(instance.isValidNumber("test", "1e-6", -999999999, 999999999, false));
-        assertTrue(instance.isValidNumber("test", "-1e-6", -999999999, 999999999, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-      //testing negative range
-        assertFalse(instance.isValidNumber("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size()==1);
-        assertTrue(instance.isValidNumber("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size()==1);
-        //testing null value
-        assertTrue(instance.isValidNumber("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidNumber("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size()==2);
-        //testing empty string
-        assertTrue(instance.isValidNumber("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size()==2);
-        assertFalse(instance.isValidNumber("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size()==3);
-        //testing improper range
-        assertFalse(instance.isValidNumber("test7", "5", 10, -10, false, errors));
-        assertTrue(errors.size()==4);
-        //testing non-integers
-        assertTrue(instance.isValidNumber("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidNumber("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size()==4);
-        //other testing
-        assertTrue(instance.isValidNumber("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidNumber("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidNumber("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size()==4);
-        assertFalse(instance.isValidNumber("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size()==5);
-        assertFalse(instance.isValidNumber("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size()==6);
-        assertFalse(instance.isValidNumber("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size()==7);
-        assertFalse(instance.isValidNumber("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size()==8);
-        assertFalse(instance.isValidNumber("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size()==9);
-        assertFalse(instance.isValidNumber("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size()==10);
-        assertFalse(instance.isValidNumber("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==11);
-        assertFalse(instance.isValidNumber("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==12);
-        assertFalse(instance.isValidNumber("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==13);
-        assertTrue(instance.isValidNumber("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size()==13);
-        assertTrue(instance.isValidNumber("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size()==13);
-    }
-
-    public void testIsValidParameterSet() {
-        System.out.println("isValidParameterSet");
-        Set requiredNames = new HashSet();
-        requiredNames.add("p1");
-        requiredNames.add("p2");
-        requiredNames.add("p3");
-        Set optionalNames = new HashSet();
-        optionalNames.add("p4");
-        optionalNames.add("p5");
-        optionalNames.add("p6");
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        request.addParameter("p1", "value");
-        request.addParameter("p2", "value");
-        request.addParameter("p3", "value");
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames,errors));
-        assertTrue(errors.size()==0);
-        request.addParameter("p4", "value");
-        request.addParameter("p5", "value");
-        request.addParameter("p6", "value");
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
-        assertTrue(errors.size()==0);
-        request.removeParameter("p1");
-        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
-        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
-        assertTrue(errors.size() ==1);
-    }
-
-    public void testIsValidPrintable() {
-        System.out.println("isValidPrintable");
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidPrintable("name", "abcDEF", 100, false));
-        assertTrue(instance.isValidPrintable("name", "!@#R()*$;><()", 100, false));
-        char[] chars = {0x60, (char) 0xFF, 0x10, 0x25};
-        assertFalse(instance.isValidPrintable("name", chars, 100, false));
-        assertFalse(instance.isValidPrintable("name", "%08", 100, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidPrintable("name1", "abcDEF", 100, false, errors));
-        assertTrue(errors.size()==0);
-        assertTrue(instance.isValidPrintable("name2", "!@#R()*$;><()", 100, false, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidPrintable("name3", chars, 100, false, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidPrintable("name4", "%08", 100, false, errors));
-        assertTrue(errors.size()==2);
-
-    }
-
-    public void testIsValidRedirectLocation() {
-        //		isValidRedirectLocation(String, String, boolean)
-    }
-
-    public void testIsValidSafeHTML() {
-        System.out.println("isValidSafeHTML");
-        Validator instance = ESAPI.validator();
-
-        assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
-
-        // TODO: waiting for a way to validate text headed for an attribute for scripts
-        // This would be nice to catch, but just looks like text to AntiSamy
-        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidSafeHTML("test1", "<b>Jeff</b>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test2", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test3", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test4", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test5", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test6", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test7", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(errors.size() == 0);
-
-    }
-
-    public void testSafeReadLine() {
-        System.out.println("safeReadLine");
-
-        byte[] bytes = null;
-        try {
-            bytes = "testString".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e1) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        ByteArrayInputStream s = new ByteArrayInputStream(bytes);
-        Validator instance = ESAPI.validator();
-        try {
-            instance.safeReadLine(s, -1);
-            fail();
-        }
-        catch (ValidationException e) {
-            // Expected
-        }
-        s.reset();
-        try {
-            instance.safeReadLine(s, 4);
-            fail();
-        }
-        catch (ValidationException e) {
-            // Expected
-        }
-        s.reset();
-        try {
-            String u = instance.safeReadLine(s, 20);
-            assertEquals("testString", u);
-        }
-        catch (ValidationException e) {
-            fail();
-        }
-
-        // This sub-test attempts to validate that BufferedReader.readLine() and safeReadLine() are similar in operation
-        // for the nominal case
-        try {
-            s.reset();
-            InputStreamReader isr = new InputStreamReader(s);
-            BufferedReader br = new BufferedReader(isr);
-            String u = br.readLine();
-            s.reset();
-            String v = instance.safeReadLine(s, 20);
-            assertEquals(u, v);
-        }
-        catch (IOException e) {
-            fail();
-        }
-        catch (ValidationException e) {
-            fail();
-        }
-    }
-
-    public void testIssue82_SafeString_Bad_Regex() {
-        Validator instance = ESAPI.validator();
-        try {
-            instance.getValidInput("address", "55 main st. pasadena ak", "SafeString", 512, false);
-        }
-        catch (ValidationException e) {
-            fail(e.getLogMessage());
-        }
-    }
-
-    public void testGetParameterMap() {
-//testing Validator.HTTPParameterName and Validator.HTTPParameterValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-//an example of a parameter from displaytag, should pass
-        request.addParameter("d-49653-p", "pass");
-        request.addParameter("<img ", "fail");
-        request.addParameter(generateStringOfLength(32), "pass");
-        request.addParameter(generateStringOfLength(33), "fail");
-        assertEquals(safeRequest.getParameterMap().size(), 2);
-        assertNull(safeRequest.getParameterMap().get("<img"));
-        assertNull(safeRequest.getParameterMap().get(generateStringOfLength(33)));
-    }
-
-    public void testGetParameterNames() {
-//testing Validator.HTTPParameterName
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-//an example of a parameter from displaytag, should pass
-        request.addParameter("d-49653-p", "pass");
-        request.addParameter("<img ", "fail");
-        request.addParameter(generateStringOfLength(32), "pass");
-        request.addParameter(generateStringOfLength(33), "fail");
-        assertEquals(Collections.list(safeRequest.getParameterNames()).size(), 2);
-    }
-
-    public void testGetParameter() {
-//testing Validator.HTTPParameterValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.addParameter("p1", "Alice");
-        request.addParameter("p2", "bob@alice.com");//mail-address from a submit-form
-        request.addParameter("p3", ESAPI.authenticator().generateStrongPassword());
-        request.addParameter("p4", new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));
-        //TODO - I think this should fair request.addParameter("p5", "�������?����"); //some special characters from european languages;
-        request.addParameter("f1", "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>");
-        request.addParameter("f2", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
-        request.addParameter("f3", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
-        for (int i = 1; i <= 4; i++) {
-            assertTrue(safeRequest.getParameter("p" + i).equals(request.getParameter("p" + i)));
-        }
-        for (int i = 1; i <= 2; i++) {
-        	boolean testResult = false;
-        	try {
-        		testResult = safeRequest.getParameter("f" + i).equals(request.getParameter("f" + i));
-        	} catch (NullPointerException npe) {
-        		//the test is this block SHOULD fail. a NPE is an acceptable failure state
-        		testResult = false; //redundant, just being descriptive here
-        	}
-        	assertFalse(testResult);
-        }
-        assertNull(safeRequest.getParameter("e1"));
-
-        //This is revealing problems with Jeff's original SafeRequest
-        //mishandling of the AllowNull parameter. I'm adding a new Google code
-        //bug to track this.
-        //
-        //assertNotNull(safeRequest.getParameter("e1", false));
-    }
-
-    public void testGetCookies() {
-//testing Validator.HTTPCookieName and Validator.HTTPCookieValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-//should support a base64-encode value
-        request.setCookie("p1", "34=VJhjv7jiDu7tsdLrQQ2KcUwpfWUM2_mBae6UA8ttk4wBHdxxQ-1IBxyCOn3LWE08SDhpnBcJ7N5Vze48F2t8a1R_hXt7PX1BvgTM0pn-T4JkqGTm_tlmV4RmU3GT-dgn");
-        request.setCookie("f1", "<A HREF=\"http://66.102.7.147/\">XSS</A>");
-        request.setCookie("load-balancing", "pass");
-        request.setCookie("'bypass", "fail");
-        Cookie[] cookies = safeRequest.getCookies();
-        assertEquals(cookies[0].getValue(), request.getCookies()[0].getValue());
-        assertEquals(cookies[1].getName(), request.getCookies()[2].getName());
-        assertTrue(cookies.length == 2);
-    }
-
-    public void testGetHeader() {
-//testing Validator.HTTPHeaderValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.addHeader("p1", "login");
-        request.addHeader("f1", "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>");
-        request.addHeader("p2", generateStringOfLength(150));
-        request.addHeader("f2", generateStringOfLength(151));
-        assertEquals(safeRequest.getHeader("p1"), request.getHeader("p1"));
-        assertEquals(safeRequest.getHeader("p2"), request.getHeader("p2"));
-        assertFalse(safeRequest.getHeader("f1").equals(request.getHeader("f1")));
-        assertFalse(safeRequest.getHeader("f2").equals(request.getHeader("f2")));
-        assertNull(safeRequest.getHeader("p3"));
-    }
-
-    public void testGetHeaderNames() {
-//testing Validator.HTTPHeaderName
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.addHeader("d-49653-p", "pass");
-        request.addHeader("<img ", "fail");
-        request.addHeader(generateStringOfLength(32), "pass");
-        request.addHeader(generateStringOfLength(33), "fail");
-        assertEquals(Collections.list(safeRequest.getHeaderNames()).size(), 2);
-    }
-
-    public void testGetQueryString() {
-//testing Validator.HTTPQueryString
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.setQueryString("mail=bob@alice.com&passwd=" + new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));// TODO, fix this + "&special=�����");
-        assertEquals(safeRequest.getQueryString(), request.getQueryString());
-        request.setQueryString("mail=<IMG SRC=\"jav\tascript:alert('XSS');\">");
-        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
-        request.setQueryString("mail=bob@alice.com-passwd=johny");
-        assertTrue(safeRequest.getQueryString().equals(request.getQueryString()));
-        request.setQueryString("mail=bob@alice.com-passwd=johny&special"); //= is missing!
-        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
-    }
-
-    public void testGetRequestURI() {
-//testing Validator.HTTPURI
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        try {
-            request.setRequestURI("/app/page.jsp");
-        } catch (UnsupportedEncodingException ignored) {
-        }
-        assertEquals(safeRequest.getRequestURI(), request.getRequestURI());
-    }
-
-    private String generateStringOfLength(int length) {
-        StringBuilder longString = new StringBuilder();
-        for (int i = 0; i < length; i++) {
-            longString.append("a");
-        }
-        return longString.toString();
-    }
-
-    public void testGetContextPath() {
-        // Root Context Path ("")
-        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "", "HTTPContextPath", 512, true));
-        // Deployed Context Path ("/context")
-        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "/context", "HTTPContextPath", 512, true));
-        // Fail-case - URL Splitting
-        assertFalse(ESAPI.validator().isValidInput("HTTPContextPath", "/\\nGET http://evil.com", "HTTPContextPath", 512, true));
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.Cookie;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.filters.SecurityWrapperRequest;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.reference.validation.StringValidationRule;
+import org.owasp.esapi.util.TestUtils;
+
+
+/**
+ * The Class ValidatorTest.
+ *
+ * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidatorTest {
+
+    private static final String PREFERRED_ENCODING = "UTF-8";
+
+    @Rule
+    public TemporaryFolder tempFolder = new TemporaryFolder();
+
+    @Test
+    public void testAddRule() {
+        Validator validator = ESAPI.validator();
+        ValidationRule rule = new StringValidationRule("ridiculous");
+        validator.addRule(rule);
+        assertEquals(rule, validator.getRule("ridiculous"));
+    }
+
+    @Test
+    public void testAssertValidFileUpload() {
+        // TODO -        assertValidFileUpload(String, String, String, byte[], int, boolean, ValidationErrorList)
+    }
+
+    @Test
+    public void testGetPrintable1() {
+        // TODO -        getValidPrintable(String, char[], int, boolean, ValidationErrorList)
+    }
+
+    @Test
+    public void testGetPrintable2() {
+        //     TODO -    getValidPrintable(String, String, int, boolean, ValidationErrorList)
+    }
+
+    @Test
+    public void testGetRule() {
+        Validator validator = ESAPI.validator();
+        ValidationRule rule = new StringValidationRule("rule");
+        validator.addRule(rule);
+        assertEquals(rule, validator.getRule("rule"));
+        assertFalse("Found unexpected validation rule named 'ridiculous'.", rule == validator.getRule("ridiculous"));
+    }
+
+    @Test
+    public void testGetValidCreditCard() {
+        System.out.println("getValidCreditCard");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false));
+        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false));
+        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false));
+        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false));
+
+        instance.getValidCreditCard("cctest5", "1234 9876 0000 0008", false, errors);
+        assertEquals(0, errors.size());
+        instance.getValidCreditCard("cctest6", "1234987600000008", false, errors);
+        assertEquals(0, errors.size());
+        instance.getValidCreditCard("cctest7", "12349876000000081", false, errors);
+        assertEquals(1, errors.size());
+        instance.getValidCreditCard("cctest8", "4417 1234 5678 9112", false, errors);
+        assertEquals(2, errors.size());
+
+        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false, errors));
+        assertEquals(2, errors.size());
+        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false, errors));
+        assertEquals(2, errors.size());
+        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false, errors));
+        assertEquals(3, errors.size());
+        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false, errors));
+        assertEquals(4, errors.size());
+    }
+
+    @Test
+    public void testGetValidDirectoryPath() throws Exception {
+        System.out.println("getValidDirectoryPath");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // find a directory that exists
+        File parent = new File("/");
+        String path = ESAPI.securityConfiguration().getResourceFile("ESAPI.properties").getParentFile().getCanonicalPath();
+        instance.getValidDirectoryPath("dirtest1", path, parent, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidDirectoryPath("dirtest2", null, parent, false, errors);
+        assertEquals(1, errors.size());
+        instance.getValidDirectoryPath("dirtest3", "ridicul%00ous", parent, false, errors);
+        assertEquals(2, errors.size());
+    }
+
+    @Test
+    public void testGetValidDouble() {
+        System.out.println("getValidDouble");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        instance.getValidDouble("dtest1", "1.0", 0, 20, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidDouble("dtest2", null, 0, 20, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidDouble("dtest3", null, 0, 20, false, errors);
+        assertEquals(1, errors.size());
+        instance.getValidDouble("dtest4", "ridiculous", 0, 20, true, errors);
+        assertEquals(2, errors.size());
+        instance.getValidDouble("dtest5", "" + (Double.MAX_VALUE), 0, 20, true, errors);
+        assertEquals(3, errors.size());
+        instance.getValidDouble("dtest6", "" + (Double.MAX_VALUE + .00001), 0, 20, true, errors);
+        assertEquals(4, errors.size());
+    }
+
+    @Test
+    public void testGetValidFileContent() {
+        System.out.println("getValidFileContent");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        byte[] bytes = null;
+        try {
+            bytes = "12345".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!");
+        }
+        instance.getValidFileContent("test", bytes, 5, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidFileContent("test", bytes, 4, true, errors);
+        assertEquals(1, errors.size());
+    }
+
+    @Test
+    public void testGetValidFileName() throws Exception {
+        System.out.println("getValidFileName");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String testName = "aspe%20ct.txt";
+        assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
+    }
+
+    @Test
+    public void testGetValidInput(){
+        System.out.println("getValidInput");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidInput(String, String, String, int, boolean, ValidationErrorList)
+    }
+
+    @Test
+    public void testGetValidInteger() {
+        System.out.println("getValidInteger");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidInteger(String, String, int, int, boolean, ValidationErrorList)
+    }
+
+    @Test
+    public void testGetValidListItem() {
+        System.out.println("getValidListItem");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidListItem(String, String, List, ValidationErrorList)
+    }
+
+    @Test
+    public void testGetValidNumber() {
+        System.out.println("getValidNumber");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidNumber(String, String, long, long, boolean, ValidationErrorList)
+    }
+
+    @Test
+    public void testGetValidRedirectLocation() {
+        System.out.println("getValidRedirectLocation");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidRedirectLocation(String, String, boolean, ValidationErrorList)
+    }
+
+    //      Test split out and moved to HTMLValidationRuleLogsTest.java & HTMLValidationRuleThrowsTest.java
+    // @Test
+    // public void testGetValidSafeHTML() throws Exception {
+
+    @Test
+    public void testIsInvalidFilename() {
+        System.out.println("testIsInvalidFilename");
+        Validator instance = ESAPI.validator();
+        char invalidChars[] = "/\\:*?\"<>|".toCharArray();
+        for (int i = 0; i < invalidChars.length; i++) {
+            assertFalse(invalidChars[i] + " is an invalid character for a filename",
+                    instance.isValidFileName("test", "as" + invalidChars[i] + "pect.txt", false));
+        }
+        assertFalse("Files must have an extension", instance.isValidFileName("test", "", false));
+        assertFalse("Files must have a valid extension", instance.isValidFileName("test.invalidExtension", "", false));
+        assertFalse("Filennames cannot be the empty string", instance.isValidFileName("test", "", false));
+    }
+
+    // Reset 'parent' depending on where Windows is installed so running off
+    // different drive doesn't break tests in testIsValidDirectoryPath().
+    private File resetParentForWindows(String sysRoot) throws IOException {
+        if ( sysRoot == null ) {
+            return new File("C:\\");
+        }
+        int bslash = sysRoot.indexOf('\\');
+        String winRoot = null;
+        if ( bslash == -1 || sysRoot.length() < 4 ) {
+            winRoot = "C:\\";   // Well, that's a first. Just pretend it's under C:\.
+        } else {
+            winRoot = sysRoot.substring(0, bslash + 1);
+        }
+        return new File( winRoot );
+    }
+
+    @Test
+    public void testIsValidDirectoryPath() throws IOException {
+        System.out.println("isValidDirectoryPath");
+
+        // get an encoder with a special list of codecs and make a validator out of it
+        List list = new ArrayList();
+        list.add("HTMLEntityCodec");
+        Encoder encoder = new DefaultEncoder(list);
+        Validator instance = new DefaultValidator(encoder);
+
+        boolean isWindows = (System.getProperty("os.name").indexOf("Windows") != -1) ? true : false;
+        File parent = new File("/");
+
+        ValidationErrorList errors = new ValidationErrorList();
+
+        if (isWindows) {
+            String sysRoot = new File(System.getenv("SystemRoot")).getCanonicalPath();
+
+            // Reset 'parent' in case running from drive other than where Windows installed.
+            parent = resetParentForWindows( sysRoot );
+
+            // Windows paths that don't exist and thus should fail
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\jeff", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
+
+            // Windows paths
+            assertTrue(instance.isValidDirectoryPath("test", "C:\\", parent, false));                        // Windows root directory
+            assertTrue(instance.isValidDirectoryPath("test", sysRoot, parent, false));                  // Windows always exist directory
+            assertFalse(instance.isValidDirectoryPath("test", sysRoot + "\\System32\\cmd.exe", parent, false));      // Windows command shell
+
+            // Unix specific paths should not pass
+            assertFalse(instance.isValidDirectoryPath("test", "/tmp", parent, false));      // Unix Temporary directory
+            assertFalse(instance.isValidDirectoryPath("test", "/etc", parent, false));   // Unix Standard shell
+            assertFalse(instance.isValidDirectoryPath("test", "/etc/config", parent, false));
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
+
+            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
+            assertEquals(1, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test2", "c:\\jeff", parent, false, errors));
+            assertEquals(2, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test3", "c:\\temp\\..\\etc", parent, false, errors));
+            assertEquals(3, errors.size());
+
+            // Windows paths
+            assertTrue(instance.isValidDirectoryPath("test4", "C:\\", parent, false, errors));                        // Windows root directory
+            assertEquals(3, errors.size());
+            assertTrue(instance.isValidDirectoryPath("test5", sysRoot, parent, false, errors));                  // Windows always exist directory
+            assertEquals(3, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test6", sysRoot + "\\System32\\cmd.exe", parent, false, errors));      // Windows command shell
+            assertEquals(4, errors.size());
+
+            // Unix specific paths should not pass
+            assertFalse(instance.isValidDirectoryPath("test7", "/tmp", parent, false, errors));      // Unix Temporary directory
+            assertEquals(5, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Unix Standard shell
+            assertEquals(6, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test9", "/etc/config", parent, false, errors));
+            assertEquals(7, errors.size());
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test10", "/etc/ridiculous", parent, false, errors));
+            assertEquals(8, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test11", "/tmp/../etc", parent, false, errors));
+            assertEquals(9, errors.size());
+
+        } else {    // Non-Windows OS case...
+            // Windows paths should fail
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
+
+            // Standard Windows locations should fail
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\", parent, false));                        // Windows root directory
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\temp", parent, false));               // Windows temporary directory
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\System32\\cmd.exe", parent, false));   // Windows command shell
+
+            // Unix specific paths should pass
+            assertTrue(instance.isValidDirectoryPath("test", "/", parent, false));         // Root directory
+                // Unfortunately, on MacOS both "/etc" and "/var" are symlinks
+                // to "/private/etc" and "/private/var" respectively, and "/sbin"
+                // and "/bin" sometimes are symlinks on certain *nix OSs, so we need
+                // to special case MacOS here.
+            boolean isMac = System.getProperty("os.name").toLowerCase().contains("mac");
+            String testDirNotSymLink = isMac ? "/private" : "/etc";
+            assertTrue(instance.isValidDirectoryPath("test", testDirNotSymLink, parent, false));      // Always exist directory
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Standard shell, not dir
+            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
+
+            // Windows paths should fail
+            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
+            assertEquals(1, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test2", "c:\\temp\\..\\etc", parent, false, errors));
+            assertEquals(2, errors.size());
+
+            // Standard Windows locations should fail
+            assertFalse(instance.isValidDirectoryPath("test3", "c:\\", parent, false, errors));                        // Windows root directory
+            assertEquals(3, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test4", "c:\\Windows\\temp", parent, false, errors));               // Windows temporary directory
+            assertEquals(4, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test5", "c:\\Windows\\System32\\cmd.exe", parent, false, errors));   // Windows command shell
+            assertEquals(5, errors.size());
+
+            // Unix specific paths should pass
+            assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors));         // Root directory
+            assertEquals(5, errors.size());
+            // Note, we used to say that about '/bin', but Ubuntu 20.x
+            // changed '/bin' to a sym link to 'usr/bin'. We can't use '/etc'
+            // because under MacOS, that is a sym link to 'private/etc'.
+            assertTrue(instance.isValidDirectoryPath("test7", "/dev", parent, false, errors));      // Always exist directory
+            assertEquals(5, errors.size());
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Standard shell, not dir
+            assertEquals(6, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test9", "/etc/ridiculous", parent, false, errors));
+            assertEquals(7, errors.size());
+            assertFalse(instance.isValidDirectoryPath("test10", "/tmp/../etc", parent, false, errors));
+            assertEquals(8, errors.size());
+        }
+    }
+
+    // GHSL-2022-008 - CVE-2022-23457 - Patched in commit a0d67b7
+    @Test
+    public void testIsValidDirectoryPathGHSL_POC() throws IOException {
+        // Note this uses different 'parent' and 'input' directories that generally don't already
+        // exist, so we will may have to create them and then remove them. The above
+        // mkdir() method does this.
+
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        String invalidPath = tempFolder.newFolder("esapi-test2").getAbsolutePath();
+        File parent = tempFolder.newFolder("sibling-of-esapi-test2");
+        String validPath = tempFolder.newFolder("sibling-of-esapi-test2", "child").getCanonicalPath();
+
+        // Before the fix, this incorrectly would return 'true' even though
+        // 'esapi-test2' directory clearly was not within the 'esapi-test'
+        // directory.
+        //
+        assertFalse( instance.isValidDirectoryPath("GHSL-2022-008", invalidPath, parent, false, errors) );
+        assertEquals( 1, errors.size() );
+        assertTrue (instance.isValidDirectoryPath("GHSL-2022-008", validPath, parent, false, new ValidationErrorList()));
+    }
+
+
+    @Test
+    public void TestIsValidDirectoryPath() {
+        // TODO - isValidDirectoryPath(String, File, boolean) - returns true if no exceptions thrown
+    }
+
+    @Test
+    public void testIsValidDouble() {
+        // isValidDouble(String, String, double, double, boolean)
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        //testing negative range
+        assertFalse(instance.isValidDouble("test1", "-4", 1, 10, false, errors));
+        assertEquals(1, errors.size());
+        assertTrue(instance.isValidDouble("test2", "-4", -10, 10, false, errors));
+        assertEquals(1, errors.size());
+        //testing null value
+        assertTrue(instance.isValidDouble("test3", null, -10, 10, true, errors));
+        assertEquals(1, errors.size());
+        assertFalse(instance.isValidDouble("test4", null, -10, 10, false, errors));
+        assertEquals(2, errors.size());
+        //testing empty string
+        assertTrue(instance.isValidDouble("test5", "", -10, 10, true, errors));
+        assertEquals(2, errors.size());
+        assertFalse(instance.isValidDouble("test6", "", -10, 10, false, errors));
+        assertEquals(3, errors.size());
+        //testing improper range
+        assertFalse(instance.isValidDouble("test7", "50.0", 10, -10, false, errors));
+        assertEquals(4, errors.size());
+        //testing non-integers
+        assertTrue(instance.isValidDouble("test8", "4.3214", -10, 10, true, errors));
+        assertEquals(4, errors.size());
+        assertTrue(instance.isValidDouble("test9", "-1.65", -10, 10, true, errors));
+        assertEquals(4, errors.size());
+        //other testing
+        assertTrue(instance.isValidDouble("test10", "4", 1, 10, false, errors));
+        assertEquals(4, errors.size());
+        assertTrue(instance.isValidDouble("test11", "400", 1, 10000, false, errors));
+        assertEquals(4, errors.size());
+        assertTrue(instance.isValidDouble("test12", "400000000", 1, 400000000, false, errors));
+        assertEquals(4, errors.size());
+        assertFalse(instance.isValidDouble("test13", "4000000000000", 1, 10000, false, errors));
+        assertEquals(5, errors.size());
+        assertFalse(instance.isValidDouble("test14", "alsdkf", 10, 10000, false, errors));
+        assertEquals(6, errors.size());
+        assertFalse(instance.isValidDouble("test15", "--10", 10, 10000, false, errors));
+        assertEquals(7, errors.size());
+        assertFalse(instance.isValidDouble("test16", "14.1414234x", 10, 10000, false, errors));
+        assertEquals(8, errors.size());
+        assertFalse(instance.isValidDouble("test17", "Infinity", 10, 10000, false, errors));
+        assertEquals(9, errors.size());
+        assertFalse(instance.isValidDouble("test18", "-Infinity", 10, 10000, false, errors));
+        assertEquals(10, errors.size());
+        assertFalse(instance.isValidDouble("test19", "NaN", 10, 10000, false, errors));
+        assertEquals(11, errors.size());
+        assertFalse(instance.isValidDouble("test20", "-NaN", 10, 10000, false, errors));
+        assertEquals(12, errors.size());
+        assertFalse(instance.isValidDouble("test21", "+NaN", 10, 10000, false, errors));
+        assertEquals(13, errors.size());
+        assertTrue(instance.isValidDouble("test22", "1e-6", -999999999, 999999999, false, errors));
+        assertEquals(13, errors.size());
+        assertTrue(instance.isValidDouble("test23", "-1e-6", -999999999, 999999999, false, errors));
+        assertEquals(13, errors.size());
+    }
+
+    @Test
+    public void testIsValidFileContent() {
+        System.out.println("isValidFileContent");
+        byte[] content = null;
+        try {
+            content = "This is some file content".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidFileContent("test", content, 100, false));
+    }
+
+    @Test
+    public void testIsValidFileName() {
+        System.out.println("isValidFileName");
+        Validator instance = ESAPI.validator();
+        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.txt", false));
+        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.txt", false));
+        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.txt", false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.txt", false, errors));
+        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.txt", false, errors));
+        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.txt", false, errors));
+        assertEquals(0, errors.size());
+    }
+
+    @Test
+    public void testIsValidFileUpload() throws IOException {
+        System.out.println("isValidFileUpload");
+        String filepath = new File(System.getProperty("user.dir")).getCanonicalPath();
+        String filename = "aspect.txt";
+        File parent = new File("/").getCanonicalFile();
+        ValidationErrorList errors = new ValidationErrorList();
+        byte[] content = null;
+        try {
+            content = "This is some file content".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
+        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
+        assertEquals(0, errors.size());
+
+        filepath = "/ridiculous";
+        filename = "aspect.txt";
+        try {
+            content = "This is some file content".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
+        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
+        assertEquals(1, errors.size());
+    }
+
+    @Test
+    public void testIsValidHTTPRequestParameterSet() throws Exception{
+    }
+
+    @Test
+    public void testisValidInput() {
+        System.out.println("isValidInput");
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidInput("test", "jeff.williams@aspectsecurity.com", "Email", 100, false));
+        assertFalse(instance.isValidInput("test", "jeff.williams@@aspectsecurity.com", "Email", 100, false));
+        assertFalse(instance.isValidInput("test", "jeff.williams@aspectsecurity", "Email", 100, false));
+        assertTrue(instance.isValidInput("test", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false));
+        assertTrue(instance.isValidInput("test", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false));
+        assertTrue(instance.isValidInput("test", "123.168.100.234", "IPAddress", 100, false));
+        assertTrue(instance.isValidInput("test", "192.168.1.234", "IPAddress", 100, false));
+        assertFalse(instance.isValidInput("test", "..168.1.234", "IPAddress", 100, false));
+        assertFalse(instance.isValidInput("test", "10.x.1.234", "IPAddress", 100, false));
+        assertTrue(instance.isValidInput("test", "http://www.aspectsecurity.com", "URL", 100, false));
+        assertTrue(instance.isValidInput("test", "http://www.aspectsecurity.com", "URL", 100, false));
+        assertFalse(instance.isValidInput("test", "http://www.aspect security.com", "URL", 100, false));
+        assertTrue(instance.isValidInput("test", "078-05-1120", "SSN", 100, false));
+        assertTrue(instance.isValidInput("test", "078 05 1120", "SSN", 100, false));
+        assertTrue(instance.isValidInput("test", "078051120", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "987-65-4320", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "000-00-0000", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "(555) 555-5555", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "test", "SSN", 100, false));
+        assertTrue(instance.isValidInput("test", "jeffWILLIAMS123", "HTTPParameterValue", 100, false));
+        assertTrue(instance.isValidInput("test", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false));
+        // Removed per Issue 116 - The '*' character is valid as a parameter character
+//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false))
+        System.err.println(instance.isValidInput("test", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false));;
+        assertFalse(instance.isValidInput("test", "jeff^WILLIAMS", "HTTPParameterValue", 100, false));
+        assertFalse(instance.isValidInput("test", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false));
+
+        assertTrue(instance.isValidInput("test", null, "Email", 100, true));
+        assertFalse(instance.isValidInput("test", null, "Email", 100, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+
+        assertTrue(instance.isValidInput("test1", "jeff.williams@aspectsecurity.com", "Email", 100, false, errors));
+        assertEquals(0, errors.size());
+        assertFalse(instance.isValidInput("test2", "jeff.williams@@aspectsecurity.com", "Email", 100, false, errors));
+        assertEquals(1, errors.size());
+        assertFalse(instance.isValidInput("test3", "jeff.williams@aspectsecurity", "Email", 100, false, errors));
+        assertEquals(2, errors.size());
+        assertTrue(instance.isValidInput("test4", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false, errors));
+        assertEquals(2, errors.size());
+        assertTrue(instance.isValidInput("test5", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false, errors));
+        assertEquals(2, errors.size());
+        assertTrue(instance.isValidInput("test6", "123.168.100.234", "IPAddress", 100, false, errors));
+        assertEquals(2, errors.size());
+        assertTrue(instance.isValidInput("test7", "192.168.1.234", "IPAddress", 100, false, errors));
+        assertEquals(2, errors.size());
+        assertFalse(instance.isValidInput("test8", "..168.1.234", "IPAddress", 100, false, errors));
+        assertEquals(3, errors.size());
+        assertFalse(instance.isValidInput("test9", "10.x.1.234", "IPAddress", 100, false, errors));
+        assertEquals(4, errors.size());
+        assertTrue(instance.isValidInput("test10", "http://www.aspectsecurity.com", "URL", 100, false, errors));
+        assertEquals(4, errors.size());
+//        This is getting flipped to true because it is no longer the validator regex's job to enforce URL structure.
+        assertTrue(instance.isValidInput("test11", "http:///www.aspectsecurity.com", "URL", 100, false, errors));
+        assertEquals(4, errors.size());
+        assertFalse(instance.isValidInput("test12", "http://www.aspect security.com", "URL", 100, false, errors));
+        assertEquals(5, errors.size());
+        assertTrue(instance.isValidInput("test13", "078-05-1120", "SSN", 100, false, errors));
+        assertEquals(5, errors.size());
+        assertTrue(instance.isValidInput("test14", "078 05 1120", "SSN", 100, false, errors));
+        assertEquals(5, errors.size());
+        assertTrue(instance.isValidInput("test15", "078051120", "SSN", 100, false, errors));
+        assertEquals(5, errors.size());
+        assertFalse(instance.isValidInput("test16", "987-65-4320", "SSN", 100, false, errors));
+        assertEquals(6, errors.size());
+        assertFalse(instance.isValidInput("test17", "000-00-0000", "SSN", 100, false, errors));
+        assertEquals(7, errors.size());
+        assertFalse(instance.isValidInput("test18", "(555) 555-5555", "SSN", 100, false, errors));
+        assertEquals(8, errors.size());
+        assertFalse(instance.isValidInput("test19", "test", "SSN", 100, false, errors));
+        assertEquals(9, errors.size());
+        assertTrue(instance.isValidInput("test20", "jeffWILLIAMS123", "HTTPParameterValue", 100, false, errors));
+        assertEquals(9, errors.size());
+        assertTrue(instance.isValidInput("test21", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false, errors));
+        assertEquals(9, errors.size());
+        // Removed per Issue 116 - The '*' character is valid as a parameter character
+//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
+        assertFalse(instance.isValidInput("test22", "jeff^WILLIAMS", "HTTPParameterValue", 100, false, errors));
+        assertEquals(10, errors.size());
+        assertFalse(instance.isValidInput("test23", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false, errors));
+        assertEquals(11, errors.size());
+
+        assertTrue(instance.isValidInput("test", null, "Email", 100, true, errors));
+        assertFalse(instance.isValidInput("test", null, "Email", 100, false, errors));
+    }
+
+    @Test
+    public void testIsValidInteger() {
+        System.out.println("isValidInteger");
+        Validator instance = ESAPI.validator();
+        //testing negative range
+        assertFalse(instance.isValidInteger("test", "-4", 1, 10, false));
+        assertTrue(instance.isValidInteger("test", "-4", -10, 10, false));
+        //testing null value
+        assertTrue(instance.isValidInteger("test", null, -10, 10, true));
+        assertFalse(instance.isValidInteger("test", null, -10, 10, false));
+        //testing empty string
+        assertTrue(instance.isValidInteger("test", "", -10, 10, true));
+        assertFalse(instance.isValidInteger("test", "", -10, 10, false));
+        //testing improper range
+        assertFalse(instance.isValidInteger("test", "50", 10, -10, false));
+        //testing non-integers
+        assertFalse(instance.isValidInteger("test", "4.3214", -10, 10, true));
+        assertFalse(instance.isValidInteger("test", "-1.65", -10, 10, true));
+        //other testing
+        assertTrue(instance.isValidInteger("test", "4", 1, 10, false));
+        assertTrue(instance.isValidInteger("test", "400", 1, 10000, false));
+        assertTrue(instance.isValidInteger("test", "400000000", 1, 400000000, false));
+        assertFalse(instance.isValidInteger("test", "4000000000000", 1, 10000, false));
+        assertFalse(instance.isValidInteger("test", "alsdkf", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "--10", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "14.1414234x", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "Infinity", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "-Infinity", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "NaN", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "-NaN", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "+NaN", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "1e-6", -999999999, 999999999, false));
+        assertFalse(instance.isValidInteger("test", "-1e-6", -999999999, 999999999, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        //testing negative range
+        assertFalse(instance.isValidInteger("test1", "-4", 1, 10, false, errors));
+        assertEquals(1, errors.size());
+        assertTrue(instance.isValidInteger("test2", "-4", -10, 10, false, errors));
+        assertEquals(1, errors.size());
+        //testing null value
+        assertTrue(instance.isValidInteger("test3", null, -10, 10, true, errors));
+        assertEquals(1, errors.size());
+        assertFalse(instance.isValidInteger("test4", null, -10, 10, false, errors));
+        assertEquals(2, errors.size());
+        //testing empty string
+        assertTrue(instance.isValidInteger("test5", "", -10, 10, true, errors));
+        assertEquals(2, errors.size());
+        assertFalse(instance.isValidInteger("test6", "", -10, 10, false, errors));
+        assertEquals(3, errors.size());
+        //testing improper range
+        assertFalse(instance.isValidInteger("test7", "50", 10, -10, false, errors));
+        assertEquals(4, errors.size());
+        //testing non-integers
+        assertFalse(instance.isValidInteger("test8", "4.3214", -10, 10, true, errors));
+        assertEquals(5, errors.size());
+        assertFalse(instance.isValidInteger("test9", "-1.65", -10, 10, true, errors));
+        assertEquals(6, errors.size());
+        //other testing
+        assertTrue(instance.isValidInteger("test10", "4", 1, 10, false, errors));
+        assertEquals(6, errors.size());
+        assertTrue(instance.isValidInteger("test11", "400", 1, 10000, false, errors));
+        assertEquals(6, errors.size());
+        assertTrue(instance.isValidInteger("test12", "400000000", 1, 400000000, false, errors));
+        assertEquals(6, errors.size());
+        assertFalse(instance.isValidInteger("test13", "4000000000000", 1, 10000, false, errors));
+        assertEquals(7, errors.size());
+        assertFalse(instance.isValidInteger("test14", "alsdkf", 10, 10000, false, errors));
+        assertEquals(8, errors.size());
+        assertFalse(instance.isValidInteger("test15", "--10", 10, 10000, false, errors));
+        assertEquals(9, errors.size());
+        assertFalse(instance.isValidInteger("test16", "14.1414234x", 10, 10000, false, errors));
+        assertEquals(10, errors.size());
+        assertFalse(instance.isValidInteger("test17", "Infinity", 10, 10000, false, errors));
+        assertEquals(11, errors.size());
+        assertFalse(instance.isValidInteger("test18", "-Infinity", 10, 10000, false, errors));
+        assertEquals(12, errors.size());
+        assertFalse(instance.isValidInteger("test19", "NaN", 10, 10000, false, errors));
+        assertEquals(13, errors.size());
+        assertFalse(instance.isValidInteger("test20", "-NaN", 10, 10000, false, errors));
+        assertEquals(14, errors.size());
+        assertFalse(instance.isValidInteger("test21", "+NaN", 10, 10000, false, errors));
+        assertEquals(15, errors.size());
+        assertFalse(instance.isValidInteger("test22", "1e-6", -999999999, 999999999, false, errors));
+        assertEquals(16, errors.size());
+        assertFalse(instance.isValidInteger("test23", "-1e-6", -999999999, 999999999, false, errors));
+        assertEquals(17, errors.size());
+
+    }
+
+    @Test
+    public void testIsValidListItem() {
+        System.out.println("isValidListItem");
+        Validator instance = ESAPI.validator();
+        List list = new ArrayList();
+        list.add("one");
+        list.add("two");
+        assertTrue(instance.isValidListItem("test", "one", list));
+        assertFalse(instance.isValidListItem("test", "three", list));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidListItem("test1", "one", list, errors));
+        assertEquals(0, errors.size());
+        assertFalse(instance.isValidListItem("test2", "three", list, errors));
+        assertEquals(1, errors.size());
+    }
+
+    @Test
+    public void testIsValidNumber() {
+        System.out.println("isValidNumber");
+        Validator instance = ESAPI.validator();
+        //testing negative range
+        assertFalse(instance.isValidNumber("test", "-4", 1, 10, false));
+        assertTrue(instance.isValidNumber("test", "-4", -10, 10, false));
+        //testing null value
+        assertTrue(instance.isValidNumber("test", null, -10, 10, true));
+        assertFalse(instance.isValidNumber("test", null, -10, 10, false));
+        //testing empty string
+        assertTrue(instance.isValidNumber("test", "", -10, 10, true));
+        assertFalse(instance.isValidNumber("test", "", -10, 10, false));
+        //testing improper range
+        assertFalse(instance.isValidNumber("test", "5", 10, -10, false));
+        //testing non-integers
+        assertTrue(instance.isValidNumber("test", "4.3214", -10, 10, true));
+        assertTrue(instance.isValidNumber("test", "-1.65", -10, 10, true));
+        //other testing
+        assertTrue(instance.isValidNumber("test", "4", 1, 10, false));
+        assertTrue(instance.isValidNumber("test", "400", 1, 10000, false));
+        assertTrue(instance.isValidNumber("test", "400000000", 1, 400000000, false));
+        assertFalse(instance.isValidNumber("test", "4000000000000", 1, 10000, false));
+        assertFalse(instance.isValidNumber("test", "alsdkf", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "--10", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "14.1414234x", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "Infinity", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "-Infinity", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "NaN", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "-NaN", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "+NaN", 10, 10000, false));
+        assertTrue(instance.isValidNumber("test", "1e-6", -999999999, 999999999, false));
+        assertTrue(instance.isValidNumber("test", "-1e-6", -999999999, 999999999, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+      //testing negative range
+        assertFalse(instance.isValidNumber("test1", "-4", 1, 10, false, errors));
+        assertEquals(1, errors.size());
+        assertTrue(instance.isValidNumber("test2", "-4", -10, 10, false, errors));
+        assertEquals(1, errors.size());
+        //testing null value
+        assertTrue(instance.isValidNumber("test3", null, -10, 10, true, errors));
+        assertEquals(1, errors.size());
+        assertFalse(instance.isValidNumber("test4", null, -10, 10, false, errors));
+        assertEquals(2, errors.size());
+        //testing empty string
+        assertTrue(instance.isValidNumber("test5", "", -10, 10, true, errors));
+        assertEquals(2, errors.size());
+        assertFalse(instance.isValidNumber("test6", "", -10, 10, false, errors));
+        assertEquals(3, errors.size());
+        //testing improper range
+        assertFalse(instance.isValidNumber("test7", "5", 10, -10, false, errors));
+        assertEquals(4, errors.size());
+        //testing non-integers
+        assertTrue(instance.isValidNumber("test8", "4.3214", -10, 10, true, errors));
+        assertEquals(4, errors.size());
+        assertTrue(instance.isValidNumber("test9", "-1.65", -10, 10, true, errors));
+        assertEquals(4, errors.size());
+        //other testing
+        assertTrue(instance.isValidNumber("test10", "4", 1, 10, false, errors));
+        assertEquals(4, errors.size());
+        assertTrue(instance.isValidNumber("test11", "400", 1, 10000, false, errors));
+        assertEquals(4, errors.size());
+        assertTrue(instance.isValidNumber("test12", "400000000", 1, 400000000, false, errors));
+        assertEquals(4, errors.size());
+        assertFalse(instance.isValidNumber("test13", "4000000000000", 1, 10000, false, errors));
+        assertEquals(5, errors.size());
+        assertFalse(instance.isValidNumber("test14", "alsdkf", 10, 10000, false, errors));
+        assertEquals(6, errors.size());
+        assertFalse(instance.isValidNumber("test15", "--10", 10, 10000, false, errors));
+        assertEquals(7, errors.size());
+        assertFalse(instance.isValidNumber("test16", "14.1414234x", 10, 10000, false, errors));
+        assertEquals(8, errors.size());
+        assertFalse(instance.isValidNumber("test17", "Infinity", 10, 10000, false, errors));
+        assertEquals(9, errors.size());
+        assertFalse(instance.isValidNumber("test18", "-Infinity", 10, 10000, false, errors));
+        assertEquals(10, errors.size());
+        assertFalse(instance.isValidNumber("test19", "NaN", 10, 10000, false, errors));
+        assertEquals(11, errors.size());
+        assertFalse(instance.isValidNumber("test20", "-NaN", 10, 10000, false, errors));
+        assertEquals(12, errors.size());
+        assertFalse(instance.isValidNumber("test21", "+NaN", 10, 10000, false, errors));
+        assertEquals(13, errors.size());
+        assertTrue(instance.isValidNumber("test22", "1e-6", -999999999, 999999999, false, errors));
+        assertEquals(13, errors.size());
+        assertTrue(instance.isValidNumber("test23", "-1e-6", -999999999, 999999999, false, errors));
+        assertEquals(13, errors.size());
+    }
+
+    @Test
+    public void testIsValidParameterSet() {
+        System.out.println("isValidParameterSet");
+        Set requiredNames = new HashSet();
+        requiredNames.add("p1");
+        requiredNames.add("p2");
+        requiredNames.add("p3");
+        Set optionalNames = new HashSet();
+        optionalNames.add("p4");
+        optionalNames.add("p5");
+        optionalNames.add("p6");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        request.addParameter("p1", "value");
+        request.addParameter("p2", "value");
+        request.addParameter("p3", "value");
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames,errors));
+        assertEquals(0, errors.size());
+        request.addParameter("p4", "value");
+        request.addParameter("p5", "value");
+        request.addParameter("p6", "value");
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
+        assertEquals(0, errors.size());
+        request.removeParameter("p1");
+        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
+        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
+        assertEquals(1, errors.size());
+    }
+
+    @Test
+    public void testIsValidPrintable() {
+        System.out.println("isValidPrintable");
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidPrintable("name", "abcDEF", 100, false));
+        assertTrue(instance.isValidPrintable("name", "!@#R()*$;><()", 100, false));
+        char[] chars = {0x60, (char) 0xFF, 0x10, 0x25};
+        assertFalse(instance.isValidPrintable("name", chars, 100, false));
+        assertFalse(instance.isValidPrintable("name", "%08", 100, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidPrintable("name1", "abcDEF", 100, false, errors));
+        assertEquals(0, errors.size());
+        assertTrue(instance.isValidPrintable("name2", "!@#R()*$;><()", 100, false, errors));
+        assertEquals(0, errors.size());
+        assertFalse(instance.isValidPrintable("name3", chars, 100, false, errors));
+        assertEquals(1, errors.size());
+        assertFalse(instance.isValidPrintable("name4", "%08", 100, false, errors));
+        assertEquals(2, errors.size());
+
+    }
+
+    @Test
+    public void testIsValidRedirectLocation() {
+        // TODO -        isValidRedirectLocation(String, String, boolean)
+    }
+
+    //      Test split out and moved to HTMLValidationRuleLogsTest.java & HTMLValidationRuleThrowsTest.java
+    // @Test
+    //public void testIsValidSafeHTML() {
+
+    @Test
+    public void testSafeReadLine() {
+        System.out.println("safeReadLine");
+
+        byte[] bytes = null;
+        try {
+            bytes = "testString".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e1) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        ByteArrayInputStream s = new ByteArrayInputStream(bytes);
+        Validator instance = ESAPI.validator();
+        try {
+            instance.safeReadLine(s, -1);
+            fail();
+        }
+        catch (ValidationException e) {
+            // Expected
+        }
+        s.reset();
+        try {
+            instance.safeReadLine(s, 4);
+            fail();
+        }
+        catch (ValidationException e) {
+            // Expected
+        }
+        s.reset();
+        try {
+            String u = instance.safeReadLine(s, 20);
+            assertEquals("testString", u);
+        }
+        catch (ValidationException e) {
+            fail();
+        }
+
+        // This sub-test attempts to validate that BufferedReader.readLine() and safeReadLine() are similar in operation
+        // for the nominal case
+        try {
+            s.reset();
+            InputStreamReader isr = new InputStreamReader(s);
+            BufferedReader br = new BufferedReader(isr);
+            String u = br.readLine();
+            s.reset();
+            String v = instance.safeReadLine(s, 20);
+            assertEquals(u, v);
+        }
+        catch (IOException e) {
+            fail();
+        }
+        catch (ValidationException e) {
+            fail();
+        }
+    }
+
+    @Test
+    public void testIssue82_SafeString_Bad_Regex() {
+        Validator instance = ESAPI.validator();
+        try {
+            instance.getValidInput("address", "55 main st. pasadena ak", "SafeString", 512, false);
+        }
+        catch (ValidationException e) {
+            fail(e.getLogMessage());
+        }
+    }
+
+    @Test
+    public void testGetParameterMap() {
+//testing Validator.HTTPParameterName and Validator.HTTPParameterValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+//an example of a parameter from displaytag, should pass
+        request.addParameter("d-49653-p", "pass");
+        request.addParameter("<img ", "fail");
+        request.addParameter(TestUtils.generateStringOfLength(32), "pass");
+        request.addParameter(TestUtils.generateStringOfLength(33), "fail");
+        assertEquals(safeRequest.getParameterMap().size(), 2);
+        assertNull(safeRequest.getParameterMap().get("<img"));
+        assertNull(safeRequest.getParameterMap().get(TestUtils.generateStringOfLength(33)));
+    }
+
+    @Test
+    public void testGetParameterNames() {
+//testing Validator.HTTPParameterName
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+//an example of a parameter from displaytag, should pass
+        request.addParameter("d-49653-p", "pass");
+        request.addParameter("<img ", "fail");
+        request.addParameter(TestUtils.generateStringOfLength(32), "pass");
+        request.addParameter(TestUtils.generateStringOfLength(33), "fail");
+        assertEquals(Collections.list(safeRequest.getParameterNames()).size(), 2);
+    }
+
+    @Test
+    public void testGetParameter() {
+//testing Validator.HTTPParameterValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.addParameter("p1", "Alice");
+        request.addParameter("p2", "bob@alice.com");//mail-address from a submit-form
+        request.addParameter("p3", ESAPI.authenticator().generateStrongPassword());
+        request.addParameter("p4", new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));
+        //TODO - I think this should fair request.addParameter("p5", "�������?����"); //some special characters from european languages;
+        request.addParameter("f1", "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>");
+        request.addParameter("f2", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
+        request.addParameter("f3", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
+        for (int i = 1; i <= 4; i++) {
+            assertTrue(safeRequest.getParameter("p" + i).equals(request.getParameter("p" + i)));
+        }
+        for (int i = 1; i <= 2; i++) {
+            boolean testResult = false;
+            try {
+                testResult = safeRequest.getParameter("f" + i).equals(request.getParameter("f" + i));
+            } catch (NullPointerException npe) {
+                //the test is this block SHOULD fail. a NPE is an acceptable failure state
+                testResult = false; //redundant, just being descriptive here
+            }
+            assertFalse(testResult);
+        }
+        assertNull(safeRequest.getParameter("e1"));
+
+        //This is revealing problems with Jeff's original SafeRequest
+        //mishandling of the AllowNull parameter. I'm adding a new Google code
+        //bug to track this.
+        //
+        //assertNotNull(safeRequest.getParameter("e1", false));
+    }
+
+    @Test
+    public void testGetCookies() {
+//testing Validator.HTTPCookieName and Validator.HTTPCookieValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+//should support a base64-encode value
+        request.setCookie("p1", "34=VJhjv7jiDu7tsdLrQQ2KcUwpfWUM2_mBae6UA8ttk4wBHdxxQ-1IBxyCOn3LWE08SDhpnBcJ7N5Vze48F2t8a1R_hXt7PX1BvgTM0pn-T4JkqGTm_tlmV4RmU3GT-dgn");
+        request.setCookie("f1", "<A HREF=\"http://66.102.7.147/\">XSS</A>");
+        request.setCookie("load-balancing", "pass");
+        request.setCookie("'bypass", "fail");
+        Cookie[] cookies = safeRequest.getCookies();
+        assertEquals(cookies[0].getValue(), request.getCookies()[0].getValue());
+        assertEquals(cookies[1].getName(), request.getCookies()[2].getName());
+        assertEquals(2, cookies.length);
+    }
+
+    @Test
+    public void testGetHeader() {
+//testing Validator.HTTPHeaderValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.addHeader("p1", "login");
+        request.addHeader("f1", "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>");
+        request.addHeader("p2", TestUtils.generateStringOfLength(200));   // Upper limit increased from 150 -> 200, GitHub issue #351
+        request.addHeader("f2", TestUtils.generateStringOfLength(4097));
+        assertEquals(safeRequest.getHeader("p1"), request.getHeader("p1"));
+        assertEquals(safeRequest.getHeader("p2"), request.getHeader("p2"));
+        assertFalse(safeRequest.getHeader("f1").equals(request.getHeader("f1")));
+        assertFalse(safeRequest.getHeader("f2").equals(request.getHeader("f2")));
+        assertNull(safeRequest.getHeader("p3"));
+    }
+
+    @Test
+    public void testHeaderLengthChecks(){
+        Validator v = ESAPI.validator();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        assertFalse(v.isValidInput("addHeader", TestUtils.generateStringOfLength(257), "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false));
+        assertFalse(v.isValidInput("addHeader", TestUtils.generateStringOfLength(4097), "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
+    }
+
+    @Test
+    public void testGetHeaderNames() {
+//testing Validator.HTTPHeaderName
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.addHeader("d-49653-p", "pass");
+        request.addHeader("<img ", "fail");
+            // Note: Max length in ESAPI.properties as per
+            // Validator.HTTPHeaderName regex is 256, but upper
+            // bound is configurable by the property HttpUtilities.MaxHeaderNameSize
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        request.addHeader(TestUtils.generateStringOfLength(255), "pass");
+        request.addHeader(TestUtils.generateStringOfLength(257), "fail");
+        assertEquals(2, Collections.list(safeRequest.getHeaderNames()).size());
+    }
+
+    @Test
+    public void testGetQueryString() {
+//testing Validator.HTTPQueryString
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.setQueryString("mail=bob@alice.com&passwd=" + new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));// TODO, fix this + "&special=�����");
+        assertEquals(safeRequest.getQueryString(), request.getQueryString());
+        request.setQueryString("mail=<IMG SRC=\"jav\tascript:alert('XSS');\">");
+        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
+        request.setQueryString("mail=bob@alice.com-passwd=johny");
+        assertTrue(safeRequest.getQueryString().equals(request.getQueryString()));
+        request.setQueryString("mail=bob@alice.com-passwd=johny&special"); //= is missing!
+        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
+    }
+
+    @Test
+    public void testGetRequestURI() {
+//testing Validator.HTTPURI
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        try {
+            request.setRequestURI("/app/page.jsp");
+        } catch (UnsupportedEncodingException ignored) {
+        }
+        assertEquals(safeRequest.getRequestURI(), request.getRequestURI());
+    }
+
+    @Test
+    public void testGetContextPath() {
+        // Root Context Path ("")
+        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "", "HTTPContextPath", 512, true));
+        // Deployed Context Path ("/context")
+        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "/context", "HTTPContextPath", 512, true));
+        // Fail-case - URL Splitting
+        assertFalse(ESAPI.validator().isValidInput("HTTPContextPath", "/\\nGET http://evil.com", "HTTPContextPath", 512, true));
+    }
+
+    @Test
+    public void testGmailEmailAddress(){
+        Validator v = ESAPI.validator();
+        assertTrue(v.isValidInput("Gmail", "Darth+Sidious@gmail.com", "Gmail", 512, false));
+        assertTrue(v.isValidInput("Gmail", "Darth.Sidious@gmail.com", "Gmail", 512, false));
+    }
+
+    @Test
+    public void testGetValidUri(){
+        Validator v = ESAPI.validator();
+        assertFalse(v.isValidURI("test", "http://core-jenkins.scansafe.cisco.com/�贺诺伦-^ńörén.jpg", false));
+    }
+
+    @Test
+    public void testGetValidUriNullInput(){
+        Validator v = ESAPI.validator();
+        boolean isValid = v.isValidURI("test", null, true);
+        assertTrue(isValid);
+    }
+
+    @Test
+    public void testRegex(){
+        Validator v = ESAPI.validator();
+        boolean isValid = v.isValidInput("RegexString", "%2d%2d%3e%3c%2f%73%43%72%49%70%54%3e%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%31%36%35%38%38%29%3c%2f%73%43%72%49%70%54%3e", "RegexString", 30000, true);
+        assertFalse(isValid);
+    }
+
+    @Test(expected = ValidationException.class)
+    public void testRegexWithGetValid() throws IntrusionException, ValidationException {
+        Validator v = ESAPI.validator();
+        String foo = v.getValidInput("RegexString", "%2d%2d%3e%3c%2f%73%43%72%49%70%54%3e%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%31%36%35%38%38%29%3c%2f%73%43%72%49%70%54%3e", "RegexString", 30000, true);
+    }
+
+    @Test
+    public void testavaloqLooseSafeString(){
+        Validator v = ESAPI.validator();
+        boolean isValid = v.isValidInput("RegexString", "&quot;test&quot;", "avaloqLooseSafeString", 2147483647, true, true);
+        assertFalse(isValid);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java
index 1f3cc8998..9c4864cde 100644
--- a/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java
@@ -1,128 +1,128 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR;
-import org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR;
-import org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController;
-
-/**
- * Answers the question: is the AccessController itself working properly?
- * @author Mike H. Fauzy
- *
- */
-public class AccessControllerTest {
-	
-	protected AccessController accessController;
-		
-	@Before
-	public void setup() {
-		Map accessControlRules = new HashMap(3);
-		accessControlRules.put("AlwaysTrue", new AlwaysTrueACR());
-		accessControlRules.put("AlwaysFalse", new AlwaysFalseACR());		
-		accessControlRules.put("EchoRuntimeParameter", new EchoRuntimeParameterACR());
-		accessController = new ExperimentalAccessController(accessControlRules);
-	}
-	
-	@Test 
-	public void isAuthorized() {
-		assertEquals("Rule Not Found: null", accessController.isAuthorized(null, null), false);
-		assertEquals("Rule Not Found: Invalid Key", accessController.isAuthorized("A key that does not map to a rule", null), false);		
-
-		assertEquals("AlwaysTrue", accessController.isAuthorized("AlwaysTrue", null), true);
-		assertEquals("AlwaysFalse", accessController.isAuthorized("AlwaysFalse", null), false);
-		
-		assertEquals("EchoRuntimeParameter: True", accessController.isAuthorized("EchoRuntimeParameter", Boolean.TRUE), true );
-		assertEquals("EchoRuntimeParameter: False", accessController.isAuthorized("EchoRuntimeParameter", Boolean.FALSE), false);
-		assertEquals("EchoRuntimeParameter: ClassCastException", accessController.isAuthorized("EchoRuntimeParameter", "This is not a boolean"), false);
-		assertEquals("EchoRuntimeParameter: null Runtime Parameter", accessController.isAuthorized("EchoRuntimeParameter", null), false);
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationRuleNotFoundNullKey() throws Exception {		
-		accessController.assertAuthorized(null, null);
-	}
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationRuleAKeyThatDoesNotMapToARule() throws Exception {		
-		accessController.assertAuthorized("A key that does not map to a rule", null);
-	}
-	
-	
-	@Test  
-	//Should not throw an exception
-	public void enforceAuthorizationAlwaysTrue() throws Exception {		
-		accessController.assertAuthorized("AlwaysTrue", null);
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationAlwaysFalse() throws Exception {		
-		accessController.assertAuthorized("AlwaysFalse", null);
-	}
-	
-	/**
-	 * Ensure that isAuthorized does nothing if enforceAuthorization 
-	 * is called and isAuthorized returns true
-	 */
-	@Test 
-	//Should not throw an exception
-	public void enforceAuthorizationEchoRuntimeParameterTrue() throws Exception {
-		accessController.assertAuthorized("EchoRuntimeParameter", Boolean.TRUE);
-	}
-	
-	/**
-	 * Ensure that isAuthorized translates into an exception if enforceAuthorization 
-	 * is called and isAuthorized returns false
-	 */
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationEchoRuntimeParameterFalse() throws Exception {		
-		accessController.assertAuthorized("EchoRuntimeParameter", Boolean.FALSE);
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationEchoRuntimeParameterClassCastException() throws Exception {	
-		accessController.assertAuthorized("EchoRuntimeParameter", "This is not a boolean");
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationEchoRuntimeParameterNullRuntimeParameter() throws Exception {		
-		accessController.assertAuthorized("EchoRuntimeParameter", null);
-	}
-	
-	@org.junit.Test
-	public void delegatingACR() throws Exception {
-		DelegatingACR delegatingACR = new DelegatingACR();
-		DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
-
-		delegatingACR = new DelegatingACR();
-		policyParameter = new DynaBeanACRParameter();
-		policyParameter.set("delegateClass", "java.lang.Object");
-		policyParameter.set("delegateMethod", "equals");
-		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
-		delegatingACR.setPolicyParameters(policyParameter);
-		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {new Object()}));
-		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {delegatingACR}));
-
-		
-		policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR");
-		policyParameter.set("delegateMethod", "isAuthorized");
-		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
-		delegatingACR.setPolicyParameters(policyParameter);
-		org.junit.Assert.assertTrue(delegatingACR.isAuthorized(new Object[] {null}));
-		
-		delegatingACR = new DelegatingACR();
-		policyParameter = new DynaBeanACRParameter();
-		policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR");
-		policyParameter.set("delegateMethod", "isAuthorized");
-		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
-		delegatingACR.setPolicyParameters(policyParameter);
-		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {null}));
-	}
-	
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR;
+import org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR;
+import org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController;
+
+/**
+ * Answers the question: is the AccessController itself working properly?
+ * @author Mike H. Fauzy
+ *
+ */
+public class AccessControllerTest {
+
+    protected AccessController accessController;
+
+    @Before
+    public void setup() {
+        Map accessControlRules = new HashMap(3);
+        accessControlRules.put("AlwaysTrue", new AlwaysTrueACR());
+        accessControlRules.put("AlwaysFalse", new AlwaysFalseACR());
+        accessControlRules.put("EchoRuntimeParameter", new EchoRuntimeParameterACR());
+        accessController = new ExperimentalAccessController(accessControlRules);
+    }
+
+    @Test
+    public void isAuthorized() {
+        assertEquals("Rule Not Found: null", accessController.isAuthorized(null, null), false);
+        assertEquals("Rule Not Found: Invalid Key", accessController.isAuthorized("A key that does not map to a rule", null), false);
+
+        assertEquals("AlwaysTrue", accessController.isAuthorized("AlwaysTrue", null), true);
+        assertEquals("AlwaysFalse", accessController.isAuthorized("AlwaysFalse", null), false);
+
+        assertEquals("EchoRuntimeParameter: True", accessController.isAuthorized("EchoRuntimeParameter", Boolean.TRUE), true );
+        assertEquals("EchoRuntimeParameter: False", accessController.isAuthorized("EchoRuntimeParameter", Boolean.FALSE), false);
+        assertEquals("EchoRuntimeParameter: ClassCastException", accessController.isAuthorized("EchoRuntimeParameter", "This is not a boolean"), false);
+        assertEquals("EchoRuntimeParameter: null Runtime Parameter", accessController.isAuthorized("EchoRuntimeParameter", null), false);
+    }
+
+    @Test (expected = AccessControlException.class)
+    public void enforceAuthorizationRuleNotFoundNullKey() throws Exception {
+        accessController.assertAuthorized(null, null);
+    }
+    @Test (expected = AccessControlException.class)
+    public void enforceAuthorizationRuleAKeyThatDoesNotMapToARule() throws Exception {
+        accessController.assertAuthorized("A key that does not map to a rule", null);
+    }
+
+
+    @Test
+    //Should not throw an exception
+    public void enforceAuthorizationAlwaysTrue() throws Exception {
+        accessController.assertAuthorized("AlwaysTrue", null);
+    }
+
+    @Test (expected = AccessControlException.class)
+    public void enforceAuthorizationAlwaysFalse() throws Exception {
+        accessController.assertAuthorized("AlwaysFalse", null);
+    }
+
+    /**
+     * Ensure that isAuthorized does nothing if enforceAuthorization
+     * is called and isAuthorized returns true
+     */
+    @Test
+    //Should not throw an exception
+    public void enforceAuthorizationEchoRuntimeParameterTrue() throws Exception {
+        accessController.assertAuthorized("EchoRuntimeParameter", Boolean.TRUE);
+    }
+
+    /**
+     * Ensure that isAuthorized translates into an exception if enforceAuthorization
+     * is called and isAuthorized returns false
+     */
+    @Test (expected = AccessControlException.class)
+    public void enforceAuthorizationEchoRuntimeParameterFalse() throws Exception {
+        accessController.assertAuthorized("EchoRuntimeParameter", Boolean.FALSE);
+    }
+
+    @Test (expected = AccessControlException.class)
+    public void enforceAuthorizationEchoRuntimeParameterClassCastException() throws Exception {
+        accessController.assertAuthorized("EchoRuntimeParameter", "This is not a boolean");
+    }
+
+    @Test (expected = AccessControlException.class)
+    public void enforceAuthorizationEchoRuntimeParameterNullRuntimeParameter() throws Exception {
+        accessController.assertAuthorized("EchoRuntimeParameter", null);
+    }
+
+    @org.junit.Test
+    public void delegatingACR() throws Exception {
+        DelegatingACR delegatingACR = new DelegatingACR();
+        DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
+
+        delegatingACR = new DelegatingACR();
+        policyParameter = new DynaBeanACRParameter();
+        policyParameter.set("delegateClass", "java.lang.Object");
+        policyParameter.set("delegateMethod", "equals");
+        policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
+        delegatingACR.setPolicyParameters(policyParameter);
+        org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {new Object()}));
+        org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {delegatingACR}));
+
+
+        policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR");
+        policyParameter.set("delegateMethod", "isAuthorized");
+        policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
+        delegatingACR.setPolicyParameters(policyParameter);
+        org.junit.Assert.assertTrue(delegatingACR.isAuthorized(new Object[] {null}));
+
+        delegatingACR = new DelegatingACR();
+        policyParameter = new DynaBeanACRParameter();
+        policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR");
+        policyParameter.set("delegateMethod", "isAuthorized");
+        policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
+        delegatingACR.setPolicyParameters(policyParameter);
+        org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {null}));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java
index 1dcc86b15..a8d4394d1 100644
--- a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java
@@ -1,70 +1,70 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Map;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.errors.AccessControlException;
-/**
- * Answers the question: Is the policy file being loaded properly?
- * @author Mike H. Fauzy
- */
-public class ACRPolicyFileLoaderTest {
-
-	protected AccessController accessController;
-
-	@Before
-	public void setUp() throws Exception {
-		accessController = ESAPI.accessController();
-	}
-
-	@Test
-	public void testSetup() throws AccessControlException {
-		/**
-		 * This tests the policy file
-		 */
-		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
-		PolicyDTO policyDTO = policyDescriptor.load();
-		Map accessControlRules = policyDTO.getAccessControlRules();
-		assertTrue("Some AccessControlRules are loaded", !accessControlRules
-				.isEmpty());
-		assertTrue("Access Control Map Contains AlwaysTrue", accessControlRules
-				.containsKey("AlwaysTrue"));
-		assertTrue("Access Control Map Contains AlwaysFalse",
-				accessControlRules.containsKey("AlwaysFalse"));
-		assertTrue("Access Control Map Contains EchoRuntimeParameter",
-				accessControlRules.containsKey("EchoRuntimeParameter"));
-		assertTrue("Access Control Map Contains EchoPolicyParameter",
-				accessControlRules.containsKey("EchoPolicyParameter"));
-	}
-
-	@Test
-	public void isAuthorizedEchoPolicyParameter() {
-		assertEquals("EchoPolicyParameter", accessController
-				.isAuthorized("EchoPolicyParameter", null), true);
-		assertEquals("EchoRuntimeParameterClassCastException", accessController
-				.isAuthorized("EchoRuntimeParameterClassCastException", null),
-				false);
-		// Policy parameter value null, empty or missing. (TODO add more fail
-		// state tests
-		// assertEquals("EchoRuntimeParameterValueNull",
-		// accessController.isAuthorized("EchoRuntimeParameterValueNull", null),
-		// false);
-		// assertEquals("EchoRuntimeParameterValueEmpty",
-		// accessController.isAuthorized("EchoRuntimeParameterValueEmpty",
-		// null), false);
-		// assertEquals("EchoRuntimeParameterValueMissing",
-		// accessController.isAuthorized("EchoRuntimeParameterValueMissing",
-		// null), false);
-	}
-	
-	@Test(expected = AccessControlException.class)
-	public void enforceAuthorizationRuleNotFoundNullKey() throws AccessControlException {
-		accessController.assertAuthorized(null, null);
-	}
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.AccessControlException;
+/**
+ * Answers the question: Is the policy file being loaded properly?
+ * @author Mike H. Fauzy
+ */
+public class ACRPolicyFileLoaderTest {
+
+    protected AccessController accessController;
+
+    @Before
+    public void setUp() throws Exception {
+        accessController = ESAPI.accessController();
+    }
+
+    @Test
+    public void testSetup() throws AccessControlException {
+        /**
+         * This tests the policy file
+         */
+        ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
+        PolicyDTO policyDTO = policyDescriptor.load();
+        Map accessControlRules = policyDTO.getAccessControlRules();
+        assertTrue("Some AccessControlRules are loaded", !accessControlRules
+                .isEmpty());
+        assertTrue("Access Control Map Contains AlwaysTrue", accessControlRules
+                .containsKey("AlwaysTrue"));
+        assertTrue("Access Control Map Contains AlwaysFalse",
+                accessControlRules.containsKey("AlwaysFalse"));
+        assertTrue("Access Control Map Contains EchoRuntimeParameter",
+                accessControlRules.containsKey("EchoRuntimeParameter"));
+        assertTrue("Access Control Map Contains EchoPolicyParameter",
+                accessControlRules.containsKey("EchoPolicyParameter"));
+    }
+
+    @Test
+    public void isAuthorizedEchoPolicyParameter() {
+        assertEquals("EchoPolicyParameter", accessController
+                .isAuthorized("EchoPolicyParameter", null), true);
+        assertEquals("EchoRuntimeParameterClassCastException", accessController
+                .isAuthorized("EchoRuntimeParameterClassCastException", null),
+                false);
+        // Policy parameter value null, empty or missing. (TODO add more fail
+        // state tests
+        // assertEquals("EchoRuntimeParameterValueNull",
+        // accessController.isAuthorized("EchoRuntimeParameterValueNull", null),
+        // false);
+        // assertEquals("EchoRuntimeParameterValueEmpty",
+        // accessController.isAuthorized("EchoRuntimeParameterValueEmpty",
+        // null), false);
+        // assertEquals("EchoRuntimeParameterValueMissing",
+        // accessController.isAuthorized("EchoRuntimeParameterValueMissing",
+        // null), false);
+    }
+
+    @Test(expected = AccessControlException.class)
+    public void enforceAuthorizationRuleNotFoundNullKey() throws AccessControlException {
+        accessController.assertAuthorized(null, null);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java b/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java
index fe3a8e948..f679f4c83 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java
@@ -61,14 +61,14 @@ private static boolean checkCrypto()
             byte[] raw = skey.getEncoded();
             SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
             Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
-            
+
                 // This usually will throw InvalidKeyException unless the
                 // unlimited jurisdiction policy files are installed. However,
                 // it can succeed even if it's not a provider chooses to use
                 // an exemption mechanism such as key escrow, key recovery, or
                 // key weakening for this cipher instead.
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
-            
+
                 // Try the encryption on dummy string to make sure it works.
                 // Not using padding so # bytes must be multiple of AES cipher
                 // block size which is 16 bytes. Also, OK not to use UTF-8 here.
@@ -83,7 +83,7 @@ private static boolean checkCrypto()
             }
         } catch( InvalidKeyException ikex ) {
             System.out.println("CryptoPolicy: 256 bits is " +
-            		"invalid key size ==> unlimited strength crypto NOT installed!");
+                    "invalid key size ==> unlimited strength crypto NOT installed!");
             return false;
         } catch( Exception ex ) {
             System.out.println("Caught unexpected exception: " + ex);
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java
index d09713734..0f7882bd3 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java
@@ -1,232 +1,232 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.StringBufferInputStream;
-import java.util.Iterator;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.reference.crypto.DefaultEncryptedProperties;
-
-/**
- * The Class EncryptedPropertiesTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncryptedPropertiesTest extends TestCase {
-
-	/**
-	 * Instantiates a new encrypted properties test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public EncryptedPropertiesTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(EncryptedPropertiesTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Test of getProperty method, of class org.owasp.esapi.EncryptedProperties.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-	public void testGetProperty() throws EncryptionException {
-		System.out.println("getProperty");
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		String name = "name";
-		String value = "value";
-		instance.setProperty(name, value);
-		String result = instance.getProperty(name);
-		assertEquals(value, result);
-		assertNull(instance.getProperty("ridiculous"));
-	}
-
-	/**
-	 * Test of setProperty method, of class org.owasp.esapi.EncryptedProperties.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-	public void testSetProperty() throws EncryptionException {
-		System.out.println("setProperty");
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		String name = "name";
-		String value = "value";
-		instance.setProperty(name, value);
-		String result = instance.getProperty(name);
-		assertEquals(value, result);
-		
-        instance.setProperty(name, "");
-        result = instance.getProperty(name);
-        assertEquals(result, "");
-        
-        try {
-            instance.setProperty(null, value);
-            fail("testSetProperty(): Null property name did not result in expected exception.");
-        } catch( Exception e ) {
-            assertTrue( e instanceof EncryptionException );
-        }
-        try {
-            instance.setProperty(name, null);
-            fail("testSetProperty(): Null property value did not result in expected exception.");
-        } catch( Exception e ) {
-            assertTrue( e instanceof EncryptionException );
-        }
-		try {
-			instance.setProperty(null, null);			
-			fail("testSetProperty(): Null property name and valud did not result in expected exception.");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof EncryptionException );
-		}
-	}
-
-	/**
-	 * Test the behavior when the requested key does not exist.
-	 */
-	public void testNonExistantKeyValue() throws Exception
-	{
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		assertNull(instance.getProperty("not.there"));
-	}
-
-	/**
-	 * Test of keySet method, of class org.owasp.esapi.EncryptedProperties.
-	 */
-	public void testKeySet() throws Exception
-	{
-		boolean sawTwo = false;
-		boolean sawOne = false;
-
-		System.out.println("keySet");
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		instance.setProperty("one", "two");
-		instance.setProperty("two", "three");
-		Iterator i = instance.keySet().iterator();
-		while(i.hasNext())
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-					sawOne = true;
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-					sawTwo = true;
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-
-	/**
-	 * Test storing and loading of encrypted properties.
-	 */
-	public void testStoreLoad() throws Exception
-	{
-		DefaultEncryptedProperties toLoad = new DefaultEncryptedProperties();
-		ByteArrayOutputStream baos = new ByteArrayOutputStream();
-		ByteArrayInputStream bais;
-		boolean sawOne = false;
-		boolean sawTwo = false;
-		boolean sawSeuss = false;
-
-	    DefaultEncryptedProperties toStore = new DefaultEncryptedProperties();
-		toStore.setProperty("one", "two");
-		toStore.setProperty("two", "three");
-		toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
-		toStore.store(baos, "testStore");
-
-		bais = new ByteArrayInputStream(baos.toByteArray());
-		toLoad.load(bais);
-
-		for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-				{
-					sawOne = true;
-					assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
-				}
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-				{
-					sawTwo = true;
-					assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
-				}
-	         else if(key.equals("seuss.schneier"))
-	                if(sawSeuss)
-	                    fail("Key seuss.schneier seen more than once.");
-	                else
-	                {
-	                    sawSeuss = true;
-	                    assertEquals("Key seuss.schneier's value was not expected value",
-	                                 "one fish, twofish, red fish, blowfish",
-	                                 toStore.getProperty("seuss.schneier"));
-	                }
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.StringBufferInputStream;
+import java.util.Iterator;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.reference.crypto.DefaultEncryptedProperties;
+
+/**
+ * The Class EncryptedPropertiesTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncryptedPropertiesTest extends TestCase {
+
+    /**
+     * Instantiates a new encrypted properties test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public EncryptedPropertiesTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(EncryptedPropertiesTest.class);
+
+        return suite;
+    }
+
+    /**
+     * Test of getProperty method, of class org.owasp.esapi.EncryptedProperties.
+     *
+     * @throws EncryptionException
+     *             the encryption exception
+     */
+    public void testGetProperty() throws EncryptionException {
+        System.out.println("getProperty");
+        DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+        String name = "name";
+        String value = "value";
+        instance.setProperty(name, value);
+        String result = instance.getProperty(name);
+        assertEquals(value, result);
+        assertNull(instance.getProperty("ridiculous"));
+    }
+
+    /**
+     * Test of setProperty method, of class org.owasp.esapi.EncryptedProperties.
+     *
+     * @throws EncryptionException
+     *             the encryption exception
+     */
+    public void testSetProperty() throws EncryptionException {
+        System.out.println("setProperty");
+        DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+        String name = "name";
+        String value = "value";
+        instance.setProperty(name, value);
+        String result = instance.getProperty(name);
+        assertEquals(value, result);
+
+        instance.setProperty(name, "");
+        result = instance.getProperty(name);
+        assertEquals(result, "");
+
+        try {
+            instance.setProperty(null, value);
+            fail("testSetProperty(): Null property name did not result in expected exception.");
+        } catch( Exception e ) {
+            assertTrue( e instanceof EncryptionException );
+        }
+        try {
+            instance.setProperty(name, null);
+            fail("testSetProperty(): Null property value did not result in expected exception.");
+        } catch( Exception e ) {
+            assertTrue( e instanceof EncryptionException );
+        }
+        try {
+            instance.setProperty(null, null);
+            fail("testSetProperty(): Null property name and valud did not result in expected exception.");
+        } catch( Exception e ) {
+            assertTrue( e instanceof EncryptionException );
+        }
+    }
+
+    /**
+     * Test the behavior when the requested key does not exist.
+     */
+    public void testNonExistantKeyValue() throws Exception
+    {
+        DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+        assertNull(instance.getProperty("not.there"));
+    }
+
+    /**
+     * Test of keySet method, of class org.owasp.esapi.EncryptedProperties.
+     */
+    public void testKeySet() throws Exception
+    {
+        boolean sawTwo = false;
+        boolean sawOne = false;
+
+        System.out.println("keySet");
+        DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+        instance.setProperty("one", "two");
+        instance.setProperty("two", "three");
+        Iterator i = instance.keySet().iterator();
+        while(i.hasNext())
+        {
+            String key = (String)i.next();
+
+            assertNotNull("key returned from keySet() iterator was null", key);
+            if(key.equals("one"))
+                if(sawOne)
+                    fail("Key one seen more than once.");
+                else
+                    sawOne = true;
+            else if(key.equals("two"))
+                if(sawTwo)
+                    fail("Key two seen more than once.");
+                else
+                    sawTwo = true;
+            else
+                fail("Unset key " + key + " returned from keySet().iterator()");
+        }
+        assertTrue("Key one was never seen", sawOne);
+        assertTrue("Key two was never seen", sawTwo);
+    }
+
+    /**
+     * Test storing and loading of encrypted properties.
+     */
+    public void testStoreLoad() throws Exception
+    {
+        DefaultEncryptedProperties toLoad = new DefaultEncryptedProperties();
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ByteArrayInputStream bais;
+        boolean sawOne = false;
+        boolean sawTwo = false;
+        boolean sawSeuss = false;
+
+        DefaultEncryptedProperties toStore = new DefaultEncryptedProperties();
+        toStore.setProperty("one", "two");
+        toStore.setProperty("two", "three");
+        toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
+        toStore.store(baos, "testStore");
+
+        bais = new ByteArrayInputStream(baos.toByteArray());
+        toLoad.load(bais);
+
+        for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
+        {
+            String key = (String)i.next();
+
+            assertNotNull("key returned from keySet() iterator was null", key);
+            if(key.equals("one"))
+                if(sawOne)
+                    fail("Key one seen more than once.");
+                else
+                {
+                    sawOne = true;
+                    assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
+                }
+            else if(key.equals("two"))
+                if(sawTwo)
+                    fail("Key two seen more than once.");
+                else
+                {
+                    sawTwo = true;
+                    assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
+                }
+             else if(key.equals("seuss.schneier"))
+                    if(sawSeuss)
+                        fail("Key seuss.schneier seen more than once.");
+                    else
+                    {
+                        sawSeuss = true;
+                        assertEquals("Key seuss.schneier's value was not expected value",
+                                     "one fish, twofish, red fish, blowfish",
+                                     toStore.getProperty("seuss.schneier"));
+                    }
+            else
+                fail("Unset key " + key + " returned from keySet().iterator()");
+        }
+        assertTrue("Key one was never seen", sawOne);
+        assertTrue("Key two was never seen", sawTwo);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
index 8619dbcdf..124e289b8 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
@@ -1,196 +1,176 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
 package org.owasp.esapi.reference.crypto;
 
+import static org.junit.Assert.*;
+
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.FileReader;
+import java.io.IOException;
 import java.util.Properties;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.junit.rules.TestName;
 
-import org.owasp.esapi.errors.EncryptionException;
 
 /**
  * The Class EncryptedPropertiesTest.
- * 
+ *
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 8, 2010
  */
-public class EncryptedPropertiesUtilsTest extends TestCase {
-
-	private static final String KEY1	= "quick";
-	private static final String VALUE1	= "brown fox";
-	private static final String KEY2	= "jumps";
-	private static final String VALUE2	= "lazy dog";
-	private static final String KEY3	= "joe bob";
-	private static final String VALUE3	= "jim bob";
-	private static final String KEY4	= "sally sue";
-	private static final String VALUE4	= "betty mae";
-
-	private static final String PLAINTEXT_FILENAME		= "plaintext.properties";
-	private static final String ENCRYPTED_FILENAME_1	= "encrypted.properties";
-	private static final String ENCRYPTED_FILENAME_2	= "encrypted.2.properties";
-
-	/**
-	 * Instantiates a new encrypted properties test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public EncryptedPropertiesUtilsTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void setUp() throws Exception {
-		//write an initial plaintext properties file
-		Properties props = new Properties();
-		props.setProperty(KEY3, VALUE3);
-		props.setProperty(KEY4, VALUE4);
-
-		props.store(new FileOutputStream(PLAINTEXT_FILENAME), "Plaintext test file created by EncryptedPropertiesUtilsTest");
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void tearDown() throws Exception {
-		File[] delFiles = new File[] { new File(PLAINTEXT_FILENAME), new File(ENCRYPTED_FILENAME_1), new File(ENCRYPTED_FILENAME_2) };
-        for ( File f : delFiles ) {
-            f.deleteOnExit();
-        }
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(EncryptedPropertiesUtilsTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Test of creating and storing a new EncryptedProperties from scratch,
-	 * as if calling:
-	 * <code>
-	 *     EncryptedPropertiesUtils --out encrypted.properties
-	 * </code>
-	 *
-	 * @throws Exception Any exception that occurs
-	 */
-	public void testCreateNew() throws Exception {
-
-		//create a new properties with no input
-		Properties props = EncryptedPropertiesUtils.loadProperties(null, null);
-		
-		//add some properties
-		Object prop1 = EncryptedPropertiesUtils.addProperty(props, KEY1, VALUE1);
-		assertNull("Expected null but returned: " + prop1, prop1);
-
-		Object prop2 = EncryptedPropertiesUtils.addProperty(props, KEY2, VALUE2);
-		assertNull("Expected null but returned: " + prop2, prop2);
-
-		//store the file 
-		EncryptedPropertiesUtils.storeProperties(ENCRYPTED_FILENAME_1, props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
-
-		//try reading in the resulting file
-		ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
-		loadedProps.load(new FileReader(ENCRYPTED_FILENAME_1));
-		
-		assertEquals(VALUE1, loadedProps.getProperty(KEY1));
-		assertEquals(VALUE2, loadedProps.getProperty(KEY2));
-	}
-
-	/**
-	 * Test of loading a plaintext file and storing it as an encrypted properties file,
-	 * as if calling:
-	 * <code>
-	 *     EncryptedPropertiesUtils --in plaintext.properties --out encrypted.properties --in-encrypted false
-	 * </code>
-	 *
-	 * @throws Exception Any exception that occurs
-	 */
-	public void testLoadPlaintextAndEncrypt() throws Exception {
-
-		//load the plaintext properties file
-		Properties props = EncryptedPropertiesUtils.loadProperties(PLAINTEXT_FILENAME, false);
-
-		//test some properties using getProperty
-		assertEquals(VALUE3, props.getProperty(KEY3));
-		assertEquals(VALUE4, props.getProperty(KEY4));
-
-		//store the file
-		EncryptedPropertiesUtils.storeProperties(ENCRYPTED_FILENAME_1, props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
-
-		//try reading in the resulting file
-		ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
-		loadedProps.load(new FileReader(ENCRYPTED_FILENAME_1));
-
-		assertEquals(VALUE3, loadedProps.getProperty(KEY3));
-		assertEquals(VALUE4, loadedProps.getProperty(KEY4));
-	}
-
-	/**
-	 * Test of loading an encrypted file, adding new properties and storing it as an encrypted properties file,
-	 * as if calling:
-	 * <code>
-	 *     EncryptedPropertiesUtils --in encrypted.properties --out encrypted.2.properties
-	 * </code>
-	 *
-	 * @throws Exception Any exception that occurs
-	 */
-	public void testLoadEncryptedAndAdd() throws Exception {
-
-		//load the plaintext properties file
-		Properties props = EncryptedPropertiesUtils.loadProperties(ENCRYPTED_FILENAME_1, true);
-
-		//test some properties
-		assertEquals(VALUE3, props.getProperty(KEY3));
-		assertEquals(VALUE4, props.getProperty(KEY4));
-
-		//add some new properties
-		EncryptedPropertiesUtils.addProperty(props, KEY1, VALUE1);
-		EncryptedPropertiesUtils.addProperty(props, KEY2, VALUE2);
-
-		//test the newly added properties
-		assertEquals(VALUE1, props.getProperty(KEY1));
-		assertEquals(VALUE2, props.getProperty(KEY2));
-
-		//store the file
-		EncryptedPropertiesUtils.storeProperties(ENCRYPTED_FILENAME_2, props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
-
-		//try reading in the resulting file
-		ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
-		loadedProps.load(new FileReader(ENCRYPTED_FILENAME_2));
-
-		//test the values read in
-		assertEquals(VALUE1, loadedProps.getProperty(KEY1));
-		assertEquals(VALUE2, loadedProps.getProperty(KEY2));
-		assertEquals(VALUE3, loadedProps.getProperty(KEY3));
-		assertEquals(VALUE4, loadedProps.getProperty(KEY4));
-	}
+public class EncryptedPropertiesUtilsTest {
+
+    private static final String KEY1    = "quick";
+    private static final String VALUE1    = "brown fox";
+    private static final String KEY2    = "jumps";
+    private static final String VALUE2    = "lazy dog";
+    private static final String KEY3    = "joe bob";
+    private static final String VALUE3    = "jim bob";
+    private static final String KEY4    = "sally sue";
+    private static final String VALUE4    = "betty mae";
+
+
+    /** Rule to acquire the running test's information at runtime.*/
+    @Rule
+    public TestName testName = new TestName();
+
+    /** File management component for IO targets during test executions.*/
+    @Rule
+    public TemporaryFolder tempFolder = new TemporaryFolder();
+
+    /** Counter used to track the number of files created for a single test to assist with creating unique file references.*/
+    private int fileIndex = 0;
+
+    /**
+     * Creates a new properties file reference for the active test which will be cleaned up upon test completion.
+     * @return File New unique file reference for the active test.
+     * @throws IOException If a new file could not be generated.
+     */
+    private final File getTempPropertiesFile() throws IOException {
+        return tempFolder.newFile(String.format("%s_%2d.properties", testName.getMethodName(), fileIndex++));
+    }
+    /**
+     * Test of creating and storing a new EncryptedProperties from scratch,
+     * as if calling:
+     * <code>
+     *     EncryptedPropertiesUtils --out encrypted.properties
+     * </code>
+     *
+     * @throws Exception Any exception that occurs
+     */
+    @Test public void testCreateNew() throws Exception {
+        File encryptedFile = getTempPropertiesFile();
+
+        //create a new properties with no input
+        Properties props = EncryptedPropertiesUtils.loadProperties(null, null);
+
+        //add some properties
+        Object prop1 = EncryptedPropertiesUtils.addProperty(props, KEY1, VALUE1);
+        assertNull("Expected null but returned: " + prop1, prop1);
+
+        Object prop2 = EncryptedPropertiesUtils.addProperty(props, KEY2, VALUE2);
+        assertNull("Expected null but returned: " + prop2, prop2);
+
+        //store the file
+        EncryptedPropertiesUtils.storeProperties(encryptedFile.getAbsolutePath(), props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
+
+        //try reading in the resulting file
+        ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
+        loadedProps.load(new FileReader(encryptedFile.getAbsolutePath()));
+
+        assertEquals(VALUE1, loadedProps.getProperty(KEY1));
+        assertEquals(VALUE2, loadedProps.getProperty(KEY2));
+    }
+
+    /**
+     * Test of loading a plaintext file and storing it as an encrypted properties file,
+     * as if calling:
+     * <code>
+     *     EncryptedPropertiesUtils --in plaintext.properties --out encrypted.properties --in-encrypted false
+     * </code>
+     *
+     * @throws Exception Any exception that occurs
+     */
+    @Test public void testLoadPlaintextAndEncrypt() throws Exception {
+        File encryptedFile = getTempPropertiesFile();
+        File plainTextFile = getTempPropertiesFile();
+
+      //write an initial plaintext properties file
+        Properties props = new Properties();
+        props.setProperty(KEY3, VALUE3);
+        props.setProperty(KEY4, VALUE4);
+
+        props.store(new FileOutputStream(plainTextFile.getAbsolutePath()), "Plaintext test file created by EncryptedPropertiesUtilsTest");
+
+        //load the plaintext properties file
+        props = EncryptedPropertiesUtils.loadProperties(plainTextFile.getAbsolutePath(), false);
+
+        //test some properties using getProperty
+        assertEquals(VALUE3, props.getProperty(KEY3));
+        assertEquals(VALUE4, props.getProperty(KEY4));
+
+        //store the file
+        EncryptedPropertiesUtils.storeProperties(encryptedFile.getAbsolutePath(), props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
+
+        //try reading in the resulting file
+        ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
+        loadedProps.load(new FileReader(encryptedFile.getAbsolutePath()));
+
+        assertEquals(VALUE3, loadedProps.getProperty(KEY3));
+        assertEquals(VALUE4, loadedProps.getProperty(KEY4));
+    }
+
+    /**
+     * Test of loading an encrypted file, adding new properties and storing it as an encrypted properties file,
+     * as if calling:
+     * <code>
+     *     EncryptedPropertiesUtils --in encrypted.properties --out encrypted.2.properties
+     * </code>
+     *
+     * @throws Exception Any exception that occurs
+     */
+    @Test public void testLoadEncryptedAndAdd() throws Exception {
+        File encryptedFile = getTempPropertiesFile();
+        File encryptedFile2 = getTempPropertiesFile();
+        //load the plaintext properties file
+        Properties props = EncryptedPropertiesUtils.loadProperties(encryptedFile.getAbsolutePath(), true);
+
+        //add some new properties
+        EncryptedPropertiesUtils.addProperty(props, KEY1, VALUE1);
+        EncryptedPropertiesUtils.addProperty(props, KEY2, VALUE2);
+
+        //test the newly added properties
+        assertEquals(VALUE1, props.getProperty(KEY1));
+        assertEquals(VALUE2, props.getProperty(KEY2));
+
+        //store the file
+        EncryptedPropertiesUtils.storeProperties(encryptedFile2.getAbsolutePath(), props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
+
+        //try reading in the resulting file
+        ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
+        loadedProps.load(new FileReader(encryptedFile2.getAbsolutePath()));
+
+        //test the values read in
+        assertEquals(VALUE1, loadedProps.getProperty(KEY1));
+        assertEquals(VALUE2, loadedProps.getProperty(KEY2));
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 35709a21a..08819d175 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -1,527 +1,599 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.UnsupportedEncodingException;
-
-import javax.crypto.SecretKey;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Encryptor;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.CryptoHelper;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.reference.crypto.JavaEncryptor;
-
-/**
- * The Class EncryptorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author kevin.w.wall@gmail.com
- */
-public class EncryptorTest extends TestCase {
-    
-    /**
-	 * Instantiates a new encryptor test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public EncryptorTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    @SuppressWarnings("deprecation")
-	protected void setUp() throws Exception {
-        // This is only mechanism to change this for now. Will do this with
-        // a soon to be CryptoControls class or equivalent mechanism in a
-    	// future release.
-        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-     * Run all the test cases in this suite.
-     * This is to allow running from {@code org.owasp.esapi.AllTests}.
-     * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(EncryptorTest.class);
-        
-        return suite;
-    }
-
-    /**
-	 * Test of hash method, of class org.owasp.esapi.Encryptor.
-     *
-     * @throws EncryptionException
-     */
-    public void testHash() throws EncryptionException {
-        System.out.println("testHash()");
-        Encryptor instance = ESAPI.encryptor();
-        String hash1 = instance.hash("test1", "salt");
-        String hash2 = instance.hash("test2", "salt");
-        assertFalse(hash1.equals(hash2));
-        String hash3 = instance.hash("test", "salt1");
-        String hash4 = instance.hash("test", "salt2");
-        assertFalse(hash3.equals(hash4));
-    }
-
-    /**
-	 * Test of new encrypt / decrypt method for Strings whose length is
-	 * not a multiple of the cipher block size (16 bytes for AES).
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-    public void testEncryptDecrypt1() throws EncryptionException {
-        System.out.println("testEncryptDecrypt2()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = "test1234test1234tes"; // Not a multiple of block size (16 bytes)
-        try {
-            CipherText ct = instance.encrypt(new PlainText(plaintext));
-            PlainText pt = instance.decrypt(ct);
-            assertTrue( pt.toString().equals(plaintext) );
-        }
-        catch( EncryptionException e ) {
-        	fail("testEncryptDecrypt2(): Caught exception: " + e);
-        }
-    }
-
-    /**
-	 * Test of new encrypt / decrypt method for Strings whose length is
-	 * same as cipher block size (16 bytes for AES).
-	 */
-    public void testEncryptDecrypt2() {
-        System.out.println("testEncryptDecrypt2()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = "test1234test1234";
-        try {
-            CipherText ct = instance.encrypt(new PlainText(plaintext));
-            PlainText pt = instance.decrypt(ct);
-            assertTrue( pt.toString().equals(plaintext) );
-        }
-        catch( EncryptionException e ) {
-        	fail("testEncryptDecrypt2(): Caught exception: " + e);
-        }
-    }
-
-    /**
-     * Test of encrypt methods for empty String.
-     */
-    public void testEncryptEmptyStrings() {
-        System.out.println("testEncryptEmptyStrings()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = "";
-        try {
-            // System.out.println("New encryption methods");
-            CipherText ct = instance.encrypt(new PlainText(plaintext));
-            PlainText pt = instance.decrypt(ct);
-            assertTrue( pt.toString().equals("") );
-        } catch(Exception e) {
-            fail("testEncryptEmptyStrings() -- Caught exception: " + e);
-        }
-    }
-    
-    /**
-     * Test encryption method for null.
-     */
-    public void testEncryptNull() {
-        System.out.println("testEncryptNull()");
-        Encryptor instance = ESAPI.encryptor();
-        try {
-			CipherText ct = instance.encrypt( null );  // Should throw NPE or AssertionError
-            fail("New encrypt(PlainText) method did not throw. Result was: " + ct.toString());
-        } catch(Throwable t) {
-            // It should be one of these, depending on whether or not assertions are enabled.
-            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
-        }
-    }
-
-    /**
-     * Test decryption method for null.
-     */
-    public void testDecryptNull() {
-        System.out.println("testDecryptNull()");
-        Encryptor instance = ESAPI.encryptor();
-        try {
-			PlainText pt = instance.decrypt( null );  // Should throw IllegalArgumentException or AssertionError
-            fail("New decrypt(PlainText) method did not throw. Result was: " + pt.toString());
-        } catch(Throwable t) {
-            // It should be one of these, depending on whether or not assertions are enabled.
-            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
-        }
-    }
-    
-    /**
-     * Test of new encrypt / decrypt methods added in ESAPI 2.0.
-     */
-    public void testNewEncryptDecrypt() {
-    	System.out.println("testNewEncryptDecrypt()");
-    	try {
-
-    	    // Let's try it with a 2-key version of 3DES. This should work for all
-    	    // installations, whereas the 3-key Triple DES will only work for those
-    	    // who have the Unlimited Strength Jurisdiction Policy files installed.
-			runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 112, "1234567890".getBytes("UTF-8"));
-			runNewEncryptDecryptTestCase("DESede/CBC/NoPadding", 112, "12345678".getBytes("UTF-8"));
-			
-			runNewEncryptDecryptTestCase("DES/ECB/NoPadding", 56, "test1234".getBytes("UTF-8"));
-			
-	        runNewEncryptDecryptTestCase("AES/CBC/PKCS5Padding", 128, "Encrypt the world!".getBytes("UTF-8"));
-	        
-	        // These tests are only valid (and run) if one has the JCE Unlimited
-	        // Strength Jurisdiction Policy files installed for this Java VM.
-	            // 256-bit AES
-            runNewEncryptDecryptTestCase("AES/ECB/NoPadding", 256, "test1234test1234".getBytes("UTF-8"));
-                // 168-bit (aka, 3-key) Triple DES
-            runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 168, "Groucho's secret word".getBytes("UTF-8"));
-		} catch (UnsupportedEncodingException e) {
-			fail("OK, who stole UTF-8 encoding from the Java rt.jar ???");
-		}
-    	
-    }
-    
-    /**
-     * Helper method to test new encryption / decryption.
-     * @param cipherXform	Cipher transformation
-     * @param keySize	Size of key, in bits.
-     * @param plaintextBytes Byte array of plaintext.
-     * @return The base64-encoded IV+ciphertext (or just ciphertext if no IV) or
-     *         null if {@code keysize} is greater than 128 bits and unlimited
-     *         strength crypto is not available for this Java VM.
-     */
-    private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byte[] plaintextBytes) {
-    	System.out.println("New encrypt / decrypt: " + cipherXform);
-    	
-    	if ( keySize > 128 && !CryptoPolicy.isUnlimitedStrengthCryptoAvailable() ) {
-    	    System.out.println("Skipping test for cipher transformation " +
-    	                       cipherXform + " with key size of " + keySize +
-    	                       " bits because this requires JCE Unlimited Strength" +
-    	                       " Jurisdiction Policy files to be installed and they" +
-    	                       " are not.");
-    	    return null;
-    	}
-
-    	try {
-    		// Generate an appropriate random secret key
-			SecretKey skey = CryptoHelper.generateSecretKey(cipherXform, keySize);	
-			assertTrue( skey.getAlgorithm().equals(cipherXform.split("/")[0]) );
-			String cipherAlg = cipherXform.split("/")[0];
-			
-			// Adjust key size for DES and DESede specific oddities.
-			// NOTE: Key size that encrypt() method is using is 192 bits!!!
-    		//        which is 3 times 64 bits, but DES key size is only 56 bits.
-    		// See 'IMPORTANT NOTE', in JavaEncryptor, near line 376. It's a "feature"!!!
-			if ( cipherAlg.equals( "DESede" ) ) {
-				keySize = 192;
-			} else if ( cipherAlg.equals( "DES" ) ) {
-				keySize = 64;
-			} // Else... use specified keySize.
-			assertTrue( (keySize / 8) == skey.getEncoded().length );
-//			System.out.println("testNewEncryptDecrypt(): Skey length (bits) = " + 8 * skey.getEncoded().length);
-
-			// Change to a possibly different cipher. This is kludgey at best. Am thinking about an
-			// alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
-			// Change the cipher transform from whatever it currently is to the specified cipherXform.
-	    	@SuppressWarnings("deprecation")
-			String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
-	    	if ( ! cipherXform.equals(oldCipherXform) ) {
-	    		System.out.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
-	    	}
-	    	
-	    	// Get an Encryptor instance with the specified, possibly new, cipher transformation.
-	    	Encryptor instance = ESAPI.encryptor();
-	    	PlainText plaintext = new PlainText(plaintextBytes);
-	    	PlainText origPlainText = new PlainText( plaintext.toString() ); // Make _copy_ of original for comparison.
-	    	
-	    	// Do the encryption with the new encrypt() method and get back the CipherText.
-	    	CipherText ciphertext = instance.encrypt(skey, plaintext);	// The new encrypt() method.
-	    	System.out.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
-	    	assertTrue( ciphertext != null );
-//	    	System.out.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
-//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
-//	    	System.out.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
-//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getBase64EncodedRawCipherText()) );
-
-	    	// If we are supposed to have overwritten the plaintext, check this to see
-	    	// if origPlainText was indeed overwritten.
-			boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
-			if ( overwritePlaintext ) {
-				assertTrue( isPlaintextOverwritten(plaintext) );
-			}
-	    	
-	    	// Take the resulting ciphertext and decrypt w/ new decryption method.
-	    	PlainText decryptedPlaintext  = instance.decrypt(skey, ciphertext);		// The new decrypt() method.
-	    	
-	    	// Make sure we got back the same thing we started with.
-	    	System.out.println("\tOriginal plaintext: " + origPlainText);
-	    	System.out.println("\tResult after decryption: " + decryptedPlaintext);
-			assertTrue( "Failed to decrypt properly.", origPlainText.toString().equals( decryptedPlaintext.toString() ) );
-	    	
-	    	// Restore the previous cipher transformation. For now, this is only way to do this.
-	    	@SuppressWarnings("deprecation")
-			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
-	    	assertTrue( previousCipherXform.equals( cipherXform ) );
-	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
-	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
-	    	
-	    	return ciphertext.getEncodedIVCipherText();
-		} catch (Exception e) {
-			// OK if not counted toward code coverage.
-			System.out.println("testNewEncryptDecrypt(): Caught unexpected exception: " + e.getClass().getName());
-			e.printStackTrace(System.out);
-			fail("Caught unexpected exception; msg was: " + e);
-		}
-		return null;
-    }
-    
-    private static boolean isPlaintextOverwritten(PlainText plaintext) {
-    	// Note: An assumption here that the original plaintext did not consist
-    	// entirely of all '*' characters.
-    	byte[] ptBytes = plaintext.asBytes();
-    	
-    	for ( int i = 0; i < ptBytes.length; i++ ) {
-    		if ( ptBytes[i] != '*' ) {
-    			return false;
-    		}
-    	}
-    	return true;
-    }
-    
-    // TODO - Because none of the encryption / decryption tests persists
-    //		  encrypted data across runs, that means everything is run
-    //		  under same JVM at same time thus always with the same
-    //		  _native_ byte encoding.
-    //
-    //		  Need test(s) such that data is persisted across JVM runs
-    //		  so we can test a run on (say) a Windows Intel box can decrypt
-    //		  encrypted data produced by the reference Encryptor on
-    //		  (say) a Solaris SPARC box. I.e., test that the change to
-    //		  JavaEncryptor to use UTF-8 encoding throughout works as
-    //		  desired.
-    //
-    //		  Files saved across tests need to be added to SVN (under
-    //		  resources or where) and they should be named so we know
-    //		  where and how they were created. E.g., WinOS-AES-ECB.dat,
-    //		  Sparc-Solaris-AEC-CBC-PKCS5Padding.dat, etc., but they should be
-    //		  able to be decrypted from any platform. May wish to place that
-    //		  under a separate JUnit test.
-    //
-    // TODO - Need to test rainy day paths of new encrypt / decrypt so can
-    //		  verify that exception handling working OK, etc. Maybe also in
-    //		  a separate JUnit test, since everything here seems to be sunny
-    //		  day path. (Note: Some of this no in new test case,
-    //		  org.owasp.esapi.crypto.ESAPICryptoMACByPassTest.)
-    //
-    //				-kevin wall
-    
-
-    /**
-	 * Test of sign method, of class org.owasp.esapi.Encryptor.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-    public void testSign() throws EncryptionException {
-        System.out.println("testSign()");        
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
-        String signature = instance.sign(plaintext);
-        assertTrue( instance.verifySignature( signature, plaintext ) );
-        assertFalse( instance.verifySignature( signature, "ridiculous" ) );
-        assertFalse( instance.verifySignature( "ridiculous", plaintext ) );
-    }
-
-    /**
-	 * Test of verifySignature method, of class org.owasp.esapi.Encryptor.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-    public void testVerifySignature() throws EncryptionException {
-        System.out.println("testVerifySignature()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
-        String signature = instance.sign(plaintext);
-        assertTrue( instance.verifySignature( signature, plaintext ) );
-    }
-    
- 
-    /**
-	 * Test of seal method, of class org.owasp.esapi.Encryptor.
-	 * 
-     * @throws IntegrityException
-	 */
-    public void testSeal() throws IntegrityException {
-        System.out.println("testSeal()");
-        Encryptor instance = ESAPI.encryptor(); 
-        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
-        String seal = instance.seal( plaintext, instance.getTimeStamp() + 1000*60 );
-        instance.verifySeal( seal );
-        
-        int progressMark = 1;
-        boolean caughtExpectedEx = false;
-        try {
-            seal = instance.seal("", instance.getTimeStamp() + 1000*60);
-            progressMark++;
-            instance.verifySeal(seal);
-            progressMark++;
-        } catch(Exception e) {
-            fail("Failed empty string test: " + e + "; progress mark = " + progressMark);
-        }
-        try {
-            seal = instance.seal(null, instance.getTimeStamp() + 1000*60);
-            fail("Did not throw expected IllegalArgumentException");
-        } catch(IllegalArgumentException e) {
-            caughtExpectedEx = true;
-        } catch(Exception e) {
-            fail("Failed null string test; did not get expected IllegalArgumentException: " + e);
-        }
-        assertTrue(caughtExpectedEx);
-        
-        try {
-            seal = instance.seal("test", 0);
-            progressMark++;
-            // instance.verifySeal(seal);
-            progressMark++;
-        } catch(Exception e) {
-            fail("Fail test with 0 timestamp: " + e + "; progress mark = " + progressMark);
-        }
-        try {
-            seal = instance.seal("test", -1);
-            progressMark++;
-            // instance.verifySeal(seal);
-            progressMark++;
-        } catch(Exception e) {
-            fail("Fail test with -1 timestamp: " + e + "; progress mark = " + progressMark);
-        }
-    }
-
-    /**
-	 * Test of verifySeal method, of class org.owasp.esapi.Encryptor.
-	 * 
-     * @throws EnterpriseSecurityException
-	 */
-    public void testVerifySeal() throws EnterpriseSecurityException {
-        final int NSEC = 5;
-        System.out.println("testVerifySeal()");
-        Encryptor instance = ESAPI.encryptor(); 
-        String plaintext = "ridiculous:with:delimiters";    // Should now work w/ : (issue #28)
-        String seal = instance.seal( plaintext, instance.getRelativeTimeStamp( 1000 * NSEC ) );
-        try {
-        	assertNotNull("Encryptor.seal() returned null", seal );
-        	assertTrue("Failed to verify seal", instance.verifySeal( seal ) );
-        } catch ( Exception e ) {
-        	fail();
-        }
-        int progressMark = 1;
-        try {
-            // NOTE: I regrouped these all into a single try / catch since they
-            //       all test the same thing. Hence if one fails, they all should.
-            //       Also changed these tests so they no longer depend on the
-            //       deprecated encrypt() methods. IMO, *all these multiple
-            //       similar tests are not really required*, as they all are more
-            //       or less testing the same thing.
-            //                                              -kevin wall
-            // ================================================================
-            // Try to validate some invalid seals.
-            //
-            // All these should return false and log a warning with an Exception stack
-            // trace caused by an EncryptionException indicating "Invalid seal".
-        	assertFalse( instance.verifySeal( plaintext ) );
-        	progressMark++;      	
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;            
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(100 + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext+ ":badsig")  ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext + ":"+ instance.sign( Long.MAX_VALUE + ":random:" + plaintext) ) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-        } catch ( Exception e ) {
-        	// fail("Failed invalid seal test # " + progressMark + " to verify seal.");
-            System.err.println("Failed seal verification at step # " + progressMark);
-            System.err.println("Exception was: " + e);
-            e.printStackTrace(System.err);
-        }
-        
-        try {
-            Thread.sleep(1000 * (NSEC + 1) );
-                // Seal now past expiration date.
-            assertFalse( instance.verifySeal( seal ) );
-        } catch ( Exception e ) {
-            fail("Failed expired seal test. Seal should be expired.");
-        }
-    }
-        
-
-    @SuppressWarnings("deprecation")
-    public void testEncryptionSerialization() throws EncryptionException {
-        String secretMsg = "Secret Message";
-        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
-        CipherText ct = ESAPI.encryptor().encrypt(new PlainText(secretMsg));
-        
-        byte[] serializedCipherText = ct.asPortableSerializedByteArray();
-        
-        PlainText plainText = ESAPI.encryptor().decrypt(
-                                CipherText.fromPortableSerializedBytes(serializedCipherText) );
-        
-        assertTrue( secretMsg.equals( plainText.toString() ) );
-    }
-    
-    /**
-     * Test of main method, of class org.owasp.esapi.Encryptor. Must be done by
-     * visual inspection for now. (Needs improvement.)
-     * @throws Exception
-     */
-    public void testMain() throws Exception {
-        System.out.println("testMain(): Encryptor Main with '-print' argument.");
-        String[] args = {};
-        JavaEncryptor.main( args );        
-        String[] args1 = {"-print"};
-        // TODO:
-        // It probably would be a better if System.out were changed to be
-        // a file or a byte stream so that the output could be slurped up
-        // and checked against (at least some of) the expected output.
-        // Left as an exercise to some future, ambitious ESAPI developer. ;-)
-        JavaEncryptor.main( args1 );        
-    }    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.UnsupportedEncodingException;
+
+import javax.crypto.SecretKey;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Encryptor;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.CryptoHelper;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.reference.crypto.JavaEncryptor;
+
+/**
+ * The Class EncryptorTest.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author kevin.w.wall@gmail.com
+ */
+public class EncryptorTest extends TestCase {
+
+    public static boolean unlimitedStrengthJurisdictionPolicyInstalled = false;
+    static {
+        try {
+            unlimitedStrengthJurisdictionPolicyInstalled = CryptoPolicy.isUnlimitedStrengthCryptoAvailable();
+        } catch(Throwable t) {
+            ;   // Intentionally ignore (but really shouldn't happen unless Error thrown) and we don't want to bail in that case anyhow
+        } finally {
+            System.out.println("EncryptorTest: Strong crypto tests " +
+                                ( unlimitedStrengthJurisdictionPolicyInstalled ? "will not" : "will" ) +
+                                " be skipped.");
+        }
+    }
+
+    /**
+     * Instantiates a new encryptor test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public EncryptorTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    @SuppressWarnings("deprecation")
+    protected void setUp() throws Exception {
+        // This is only mechanism to change this for now. Will do this with
+        // a soon to be CryptoControls class or equivalent mechanism in a
+        // future release.
+        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Run all the test cases in this suite.
+     * This is to allow running from {@code org.owasp.esapi.AllTests}.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(EncryptorTest.class);
+
+        return suite;
+    }
+
+    /**
+     * Test of hash method, of class org.owasp.esapi.Encryptor.
+     *
+     * @throws EncryptionException
+     */
+    public void testHash() throws EncryptionException {
+        System.out.println("testHash()");
+        Encryptor instance = ESAPI.encryptor();
+        String hash1 = instance.hash("test1", "salt");
+        String hash2 = instance.hash("test2", "salt");
+        assertFalse(hash1.equals(hash2));
+        String hash3 = instance.hash("test", "salt1");
+        String hash4 = instance.hash("test", "salt2");
+        assertFalse(hash3.equals(hash4));
+    }
+
+    /**
+     * Test of new encrypt / decrypt method for Strings whose length is
+     * not a multiple of the cipher block size (16 bytes for AES).
+     *
+     * @throws EncryptionException
+     *             the encryption exception
+     */
+    public void testEncryptDecrypt1() throws EncryptionException {
+        System.out.println("testEncryptDecrypt2()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = "test1234test1234tes"; // Not a multiple of block size (16 bytes)
+        try {
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals(plaintext) );
+        }
+        catch( EncryptionException e ) {
+            fail("testEncryptDecrypt2(): Caught exception: " + e);
+        }
+    }
+
+    /**
+     * Test of new encrypt / decrypt method for Strings whose length is
+     * same as cipher block size (16 bytes for AES).
+     */
+    public void testEncryptDecrypt2() {
+        System.out.println("testEncryptDecrypt2()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = "test1234test1234";
+        try {
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals(plaintext) );
+        }
+        catch( EncryptionException e ) {
+            fail("testEncryptDecrypt2(): Caught exception: " + e);
+        }
+    }
+
+    /**
+     * Test of encrypt methods for empty String.
+     */
+    public void testEncryptEmptyStrings() {
+        System.out.println("testEncryptEmptyStrings()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = "";
+        try {
+            // System.out.println("New encryption methods");
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals("") );
+        } catch(Exception e) {
+            fail("testEncryptEmptyStrings() -- Caught exception: " + e);
+        }
+    }
+
+    /**
+     * Test encryption method for null.
+     */
+    public void testEncryptNull() {
+        System.out.println("testEncryptNull()");
+        Encryptor instance = ESAPI.encryptor();
+        try {
+            CipherText ct = instance.encrypt( null );  // Should throw NPE or AssertionError
+            fail("New encrypt(PlainText) method did not throw. Result was: " + ct.toString());
+        } catch(Throwable t) {
+            // It should be one of these, depending on whether or not assertions are enabled.
+            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
+        }
+    }
+
+    /**
+     * Test decryption method for null.
+     */
+    public void testDecryptNull() {
+        System.out.println("testDecryptNull()");
+        Encryptor instance = ESAPI.encryptor();
+        try {
+            PlainText pt = instance.decrypt( null );  // Should throw IllegalArgumentException or AssertionError
+            fail("New decrypt(PlainText) method did not throw. Result was: " + pt.toString());
+        } catch(Throwable t) {
+            // It should be one of these, depending on whether or not assertions are enabled.
+            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
+        }
+    }
+
+    /**
+     * Test of new encrypt / decrypt methods added in ESAPI 2.0.
+     */
+    public void testNewEncryptDecrypt() {
+        System.out.println("testNewEncryptDecrypt()");
+        try {
+            // Let's try it with a 2-key version of 3DES. This should work for all
+            // installations, whereas the 3-key Triple DES will only work for those
+            // who have the Unlimited Strength Jurisdiction Policy files installed.
+            runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 112, "1234567890".getBytes("UTF-8"));
+            runNewEncryptDecryptTestCase("DESede/CBC/NoPadding", 112, "12345678".getBytes("UTF-8"));
+
+            runNewEncryptDecryptTestCase("AES/CBC/PKCS5Padding", 128, "Encrypt the world!".getBytes("UTF-8"));
+
+            // These tests are only valid (and run) if one has the JCE Unlimited
+            // Strength Jurisdiction Policy files installed for this Java VM.
+                // 256-bit AES
+            runNewEncryptDecryptTestCase("AES/ECB/NoPadding", 256, "test1234test1234".getBytes("UTF-8"));
+                // 168-bit (aka, 3-key) Triple DES
+            runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 168, "Groucho's secret word".getBytes("UTF-8"));
+        } catch (UnsupportedEncodingException e) {
+            fail("OK, who stole UTF-8 encoding from the Java rt.jar ???");
+        }
+
+    }
+
+    /** Special encryption case!!! Test encryption with DES, which has a key less than the
+     * min key size specified as Encryptor.EncryptionKeyLength in the file
+     * src/test/resources/esapi/ESAPI.properties.
+     */
+    public void testWithTooShortKey() {
+        boolean desTestFailed = false;
+        try {
+            // We expect this one to throw because we have:
+            //      Encryptor.EncryptionKeyLength=112
+            // set in src/test/resources/esapi/ESAPI.properties. It should throw
+            // an EncryptionException (with a cause of ConfigurationException).
+
+            // Generate an appropriate random secret key
+            SecretKey skey = CryptoHelper.generateSecretKey("DES/ECB/NoPadding", 56);
+
+            // Change to different cipher. (Default is AES.) This is kludgey at best. Am thinking about an
+            // alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
+            // Change the cipher transform from whatever it currently is to the specified cipherXform.
+            @SuppressWarnings("deprecation")
+            String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation("DES/ECB/NoPadding");
+
+            // Get an Encryptor instance with the specified, new, cipher transformation.
+            Encryptor instance = ESAPI.encryptor();
+            PlainText plaintext = new PlainText( "test1234".getBytes("UTF-8") );
+
+            // Do the encryption with the new encrypt() method and get back the CipherText.
+            // This should throw because the key is too short.
+            CipherText ciphertext = instance.encrypt(skey, plaintext);  // The new encrypt() method. Should throw!
+
+        } catch ( EncryptionException eex ) {
+            desTestFailed = true;
+        } catch ( Exception ex ) {
+            fail("testWithTooShortKey(): Caught unexpected exception; msg was: " + ex);
+        }
+
+        assertTrue(
+                    "Expected 56-key DES to throw EncryptionException; " +
+                        "check Encryptor.EncryptionKeyLength in src/test/resources/esapi/ESAPI.properties file.",
+                    desTestFailed);
+    }
+
+    /**
+     * Helper method to test new encryption / decryption.
+     * @param cipherXform    Cipher transformation
+     * @param keySize    Size of key, in bits.
+     * @param plaintextBytes Byte array of plaintext.
+     * @return The base64-encoded IV+ciphertext (or just ciphertext if no IV) or
+     *         null if {@code keysize} is greater than 128 bits and unlimited
+     *         strength crypto is not available for this Java VM.
+     */
+    private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byte[] plaintextBytes) {
+        // System.err.println("New encrypt / decrypt: " + cipherXform + "; requested key size: " + keySize + " bits.");
+
+        if ( keySize > 128 && !unlimitedStrengthJurisdictionPolicyInstalled ) {
+            System.err.println("Skipping test for cipher transformation " +
+                               cipherXform + " with key size of " + keySize +
+                               " bits because this requires JCE Unlimited Strength" +
+                               " Jurisdiction Policy files to be installed and they" +
+                               " are not.");
+            return null;
+        }
+
+        try {
+            // Generate an appropriate random secret key
+            SecretKey skey = CryptoHelper.generateSecretKey(cipherXform, keySize);
+            assertTrue( skey.getAlgorithm().equals(cipherXform.split("/")[0]) );
+            String cipherAlg = cipherXform.split("/")[0];
+
+            // System.err.println("Key size of generated encoded key: " + skey.getEncoded().length * 8 + " bits.");
+
+            // Adjust key size for DES and DESede specific oddities.
+            // NOTE: Key size that encrypt() method is using is 192 bits!!!
+            //        which is 3 times 64 bits, but DES key size is only 56 bits.
+            // See 'IMPORTANT NOTE', in JavaEncryptor, near line 376. It's a "feature"!!!
+/////   This section is causing problems. BC for instance sometimes creates a
+/////   192 bit key and then subsequently creates a 128-bit key for 2-key
+/////   3DES so adjusing this is futile. THis is a holdover when we were
+/////   doing an *exact* size comparison in the following assertTrue() though.
+/////   Since we are no longer doing that, we don't need to "adjust" the size
+/////   so hopefully all will be well with the world.
+/////
+/////   Delete this comment and the following commented-out code after the
+/////   official 2.2.0.0 release.
+/////
+/*
+            if ( cipherAlg.equals( "DESede" ) ) {
+                System.err.println("Adjusting requested key size of " + keySize + " bits to 192 bits for DESede");
+                keySize = 192;
+            } else if ( cipherAlg.equals( "DES" ) ) {
+                System.err.println("Adjusting requested key size of " + keySize + " bits to 64 bits for DES");
+                keySize = 64;
+            } // Else... use specified keySize.
+ */
+
+            assertTrue(cipherXform + ": encoded key size of " + skey.getEncoded().length + " shorter than requested key size of: " + (keySize / 8),
+                    skey.getEncoded().length >= (keySize / 8) );
+
+            // Change to a possibly different cipher. This is kludgey at best. Am thinking about an
+            // alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
+            // Change the cipher transform from whatever it currently is to the specified cipherXform.
+            @SuppressWarnings("deprecation")
+            String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
+/*
+            if ( ! cipherXform.equals(oldCipherXform) ) {
+                System.err.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
+            }
+ */
+
+            // Get an Encryptor instance with the specified, possibly new, cipher transformation.
+            Encryptor instance = ESAPI.encryptor();
+            PlainText plaintext = new PlainText(plaintextBytes);
+            PlainText origPlainText = new PlainText( plaintext.toString() ); // Make _copy_ of original for comparison.
+
+            // Do the encryption with the new encrypt() method and get back the CipherText.
+            CipherText ciphertext = instance.encrypt(skey, plaintext);    // The new encrypt() method.
+            System.err.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
+            assertNotNull( ciphertext );
+//            System.err.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
+//            System.err.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
+//            System.err.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
+//            System.err.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getBase64EncodedRawCipherText()) );
+
+            // If we are supposed to have overwritten the plaintext, check this to see
+            // if origPlainText was indeed overwritten.
+            @SuppressWarnings("deprecation")
+            boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+            if ( overwritePlaintext ) {
+                assertTrue( isPlaintextOverwritten(plaintext) );
+            }
+
+            // Take the resulting ciphertext and decrypt w/ new decryption method.
+            PlainText decryptedPlaintext  = instance.decrypt(skey, ciphertext);        // The new decrypt() method.
+
+            // Make sure we got back the same thing we started with.
+            System.out.println("\tOriginal plaintext: " + origPlainText);
+            System.out.println("\tResult after decryption: " + decryptedPlaintext);
+            assertEquals( "Failed to decrypt properly.", origPlainText.toString(), decryptedPlaintext.toString() );
+
+            // Restore the previous cipher transformation. For now, this is only way to do this.
+            @SuppressWarnings("deprecation")
+            String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
+            assertEquals( previousCipherXform,  cipherXform  );
+            @SuppressWarnings("deprecation")
+            String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
+            assertEquals( defaultCipherXform, oldCipherXform );
+
+            return ciphertext.getEncodedIVCipherText();
+        } catch (Exception e) {
+            // OK if not counted toward code coverage.
+            System.out.println("testNewEncryptDecrypt(): Caught unexpected exception: " + e.getClass().getName());
+            e.printStackTrace(System.out);
+            fail("Caught unexpected exception; msg was: " + e);
+        }
+        return null;
+    }
+
+    private static boolean isPlaintextOverwritten(PlainText plaintext) {
+        // Note: An assumption here that the original plaintext did not consist
+        // entirely of all '*' characters.
+        byte[] ptBytes = plaintext.asBytes();
+
+        for ( int i = 0; i < ptBytes.length; i++ ) {
+            if ( ptBytes[i] != '*' ) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    // TODO - Because none of the encryption / decryption tests persists
+    //          encrypted data across runs, that means everything is run
+    //          under same JVM at same time thus always with the same
+    //          _native_ byte encoding.
+    //
+    //          Need test(s) such that data is persisted across JVM runs
+    //          so we can test a run on (say) a Windows Intel box can decrypt
+    //          encrypted data produced by the reference Encryptor on
+    //          (say) a Solaris SPARC box. I.e., test that the change to
+    //          JavaEncryptor to use UTF-8 encoding throughout works as
+    //          desired.
+    //
+    //          Files saved across tests need to be added to SVN (under
+    //          resources or where) and they should be named so we know
+    //          where and how they were created. E.g., WinOS-AES-ECB.dat,
+    //          Sparc-Solaris-AEC-CBC-PKCS5Padding.dat, etc., but they should be
+    //          able to be decrypted from any platform. May wish to place that
+    //          under a separate JUnit test.
+    //
+    // TODO - Need to test rainy day paths of new encrypt / decrypt so can
+    //          verify that exception handling working OK, etc. Maybe also in
+    //          a separate JUnit test, since everything here seems to be sunny
+    //          day path. (Note: Some of this no in new test case,
+    //          org.owasp.esapi.crypto.ESAPICryptoMACByPassTest.)
+    //
+    //                -kevin wall
+
+
+    /**
+     * Test of sign method, of class org.owasp.esapi.Encryptor.
+     *
+     * @throws EncryptionException
+     *             the encryption exception
+     */
+    public void testSign() throws EncryptionException {
+        System.out.println("testSign()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
+        String signature = instance.sign(plaintext);
+        assertTrue( instance.verifySignature( signature, plaintext ) );
+        assertFalse( instance.verifySignature( signature, "ridiculous" ) );
+        assertFalse( instance.verifySignature( "ridiculous", plaintext ) );
+    }
+
+    /**
+     * Test of verifySignature method, of class org.owasp.esapi.Encryptor.
+     *
+     * @throws EncryptionException
+     *             the encryption exception
+     */
+    public void testVerifySignature() throws EncryptionException {
+        System.out.println("testVerifySignature()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
+        String signature = instance.sign(plaintext);
+        assertTrue( instance.verifySignature( signature, plaintext ) );
+    }
+
+
+    /**
+     * Test of seal method, of class org.owasp.esapi.Encryptor.
+     *
+     * @throws IntegrityException
+     */
+    public void testSeal() throws IntegrityException {
+        System.out.println("testSeal()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
+        String seal = instance.seal( plaintext, instance.getTimeStamp() + 1000*60 );
+        instance.verifySeal( seal );
+
+        int progressMark = 1;
+        boolean caughtExpectedEx = false;
+        try {
+            seal = instance.seal("", instance.getTimeStamp() + 1000*60);
+            progressMark++;
+            instance.verifySeal(seal);
+            progressMark++;
+        } catch(Exception e) {
+            fail("Failed empty string test: " + e + "; progress mark = " + progressMark);
+        }
+        try {
+            seal = instance.seal(null, instance.getTimeStamp() + 1000*60);
+            fail("Did not throw expected IllegalArgumentException");
+        } catch(IllegalArgumentException e) {
+            caughtExpectedEx = true;
+        } catch(Exception e) {
+            fail("Failed null string test; did not get expected IllegalArgumentException: " + e);
+        }
+        assertTrue(caughtExpectedEx);
+
+        try {
+            seal = instance.seal("test", 0);
+            progressMark++;
+            // instance.verifySeal(seal);
+            progressMark++;
+        } catch(Exception e) {
+            fail("Fail test with 0 timestamp: " + e + "; progress mark = " + progressMark);
+        }
+        try {
+            seal = instance.seal("test", -1);
+            progressMark++;
+            // instance.verifySeal(seal);
+            progressMark++;
+        } catch(Exception e) {
+            fail("Fail test with -1 timestamp: " + e + "; progress mark = " + progressMark);
+        }
+    }
+
+    /**
+     * Test of verifySeal method, of class org.owasp.esapi.Encryptor.
+     *
+     * @throws EnterpriseSecurityException
+     */
+    public void testVerifySeal() throws EnterpriseSecurityException {
+        final int NSEC = 5;
+        System.out.println("testVerifySeal()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = "ridiculous:with:delimiters";    // Should now work w/ : (issue #28)
+        String seal = instance.seal( plaintext, instance.getRelativeTimeStamp( 1000 * NSEC ) );
+        try {
+            assertNotNull("Encryptor.seal() returned null", seal );
+            assertTrue("Failed to verify seal", instance.verifySeal( seal ) );
+        } catch ( Exception e ) {
+            fail();
+        }
+        int progressMark = 1;
+        try {
+            // NOTE: I regrouped these all into a single try / catch since they
+            //       all test the same thing. Hence if one fails, they all should.
+            //       Also changed these tests so they no longer depend on the
+            //       deprecated encrypt() methods. IMO, *all these multiple
+            //       similar tests are not really required*, as they all are more
+            //       or less testing the same thing.
+            //                                              -kevin wall
+            // ================================================================
+            // Try to validate some invalid seals.
+            //
+            // All these should return false and log a warning with an Exception stack
+            // trace caused by an EncryptionException indicating "Invalid seal".
+            assertFalse( instance.verifySeal( plaintext ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(100 + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext+ ":badsig")  ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext + ":"+ instance.sign( Long.MAX_VALUE + ":random:" + plaintext) ) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+        } catch ( Exception e ) {
+            // fail("Failed invalid seal test # " + progressMark + " to verify seal.");
+            System.err.println("Failed seal verification at step # " + progressMark);
+            System.err.println("Exception was: " + e);
+            e.printStackTrace(System.err);
+        }
+
+        try {
+            Thread.sleep(1000 * (NSEC + 1) );
+                // Seal now past expiration date.
+            assertFalse( instance.verifySeal( seal ) );
+        } catch ( Exception e ) {
+            fail("Failed expired seal test. Seal should be expired.");
+        }
+    }
+
+
+    @SuppressWarnings("deprecation")
+    public void testEncryptionSerialization() throws EncryptionException {
+        String secretMsg = "Secret Message";
+        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
+        CipherText ct = ESAPI.encryptor().encrypt(new PlainText(secretMsg));
+
+        byte[] serializedCipherText = ct.asPortableSerializedByteArray();
+
+        PlainText plainText = ESAPI.encryptor().decrypt(
+                                CipherText.fromPortableSerializedBytes(serializedCipherText) );
+
+        assertTrue( secretMsg.equals( plainText.toString() ) );
+    }
+
+    /**
+     * Test of main method, of class org.owasp.esapi.Encryptor. Must be done by
+     * visual inspection for now. (Needs improvement.)
+     * @throws Exception
+     */
+    public void testMain() throws Exception {
+        System.out.println("testMain(): Encryptor Main with '-print' argument.");
+        String[] args = {};
+        JavaEncryptor.main( args );
+            // TODO:
+            // It probably would be a better if System.out were changed to be
+            // a file or a byte stream so that the output could be slurped up
+            // and checked against (at least some of) the expected output.
+            // Left as an exercise to some future, ambitious ESAPI developer. ;-)
+        String[] args1 = {"-print"};
+        JavaEncryptor.main( args1 );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java b/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java
index 89eb563d3..eaa2507b6 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java
@@ -1,113 +1,82 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
 package org.owasp.esapi.reference.crypto;
 
+import static org.junit.Assert.*;
+
 import java.io.*;
 import java.util.Collection;
 import java.util.Enumeration;
 import java.util.Iterator;
 import java.util.Properties;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
 import org.owasp.esapi.errors.EncryptionException;
 import org.owasp.esapi.errors.EncryptionRuntimeException;
 
 /**
  * The Class EncryptedPropertiesTest.
- * 
+ *
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 8, 2010
  */
-public class ReferenceEncryptedPropertiesTest extends TestCase {
-
-	/**
-	 * Instantiates a new encrypted properties test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public ReferenceEncryptedPropertiesTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(ReferenceEncryptedPropertiesTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Test of getProperty method, of class org.owasp.esapi.EncryptedProperties.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-	public void testGetProperty() throws EncryptionException {
-		System.out.println("getProperty");
-		ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
-		String name = "name";
-		String value = "value";
-		instance.setProperty(name, value);
-		String result = instance.getProperty(name);
-		assertEquals(value, result);
-		assertNull(instance.getProperty("ridiculous"));
-	}
-
-	/**
-	 * Test of setProperty method, of class org.owasp.esapi.EncryptedProperties.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-	public void testSetProperty() throws EncryptionException {
-		System.out.println("setProperty");
-		ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
-		String name = "name";
-		String value = "value";
-		instance.setProperty(name, value);
-		String result = instance.getProperty(name);
-		assertEquals(value, result);
-		
+public class ReferenceEncryptedPropertiesTest {
+
+    @Rule
+    public TemporaryFolder tempFolder = new TemporaryFolder();
+
+    /**
+     * Test of getProperty method, of class org.owasp.esapi.EncryptedProperties.
+     *
+     * @throws EncryptionException
+     *             the encryption exception
+     */
+    @Test public void testGetProperty() throws EncryptionException {
+        System.out.println("getProperty");
+        ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
+        String name = "name";
+        String value = "value";
+        instance.setProperty(name, value);
+        String result = instance.getProperty(name);
+        assertEquals(value, result);
+        assertNull(instance.getProperty("ridiculous"));
+    }
+
+    /**
+     * Test of setProperty method, of class org.owasp.esapi.EncryptedProperties.
+     *
+     * @throws EncryptionException
+     *             the encryption exception
+     */
+    @Test public void testSetProperty() throws EncryptionException {
+        System.out.println("setProperty");
+        ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
+        String name = "name";
+        String value = "value";
+        instance.setProperty(name, value);
+        String result = instance.getProperty(name);
+        assertEquals(value, result);
+
         instance.setProperty(name, "");
         result = instance.getProperty(name);
         assertEquals(result, "");
-        
+
         try {
             instance.setProperty(null, value);
             fail("testSetProperty(): Null property name did not result in expected exception.");
@@ -120,218 +89,218 @@ public void testSetProperty() throws EncryptionException {
         } catch( Exception e ) {
             assertTrue( e instanceof EncryptionRuntimeException );
         }
-		try {
-			instance.setProperty(null, null);			
-			fail("testSetProperty(): Null property name and valud did not result in expected exception.");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof EncryptionRuntimeException );
-		}
-	}
-
-	/**
-	 * Test the behavior when the requested key does not exist.
-	 */
-	public void testNonExistantKeyValue() throws Exception
-	{
-		ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
-		assertNull(instance.getProperty("not.there"));
-	}
-
-	/**
-	 * Test of keySet method, of class org.owasp.esapi.EncryptedProperties.
-	 */
-	public void testKeySet() throws Exception
-	{
-		boolean sawTwo = false;
-		boolean sawOne = false;
-
-		System.out.println("keySet");
-		ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
-		instance.setProperty("one", "two");
-		instance.setProperty("two", "three");
-		Iterator i = instance.keySet().iterator();
-		while(i.hasNext())
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-					sawOne = true;
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-					sawTwo = true;
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-
-	/**
-	 * Test storing and loading of encrypted properties.
-	 */
-	public void testStoreLoad() throws Exception
-	{
-		ReferenceEncryptedProperties toLoad = new ReferenceEncryptedProperties();
-		ByteArrayOutputStream baos = new ByteArrayOutputStream();
-		ByteArrayInputStream bais;
-		boolean sawOne = false;
-		boolean sawTwo = false;
-		boolean sawSeuss = false;
-
-	    ReferenceEncryptedProperties toStore = new ReferenceEncryptedProperties();
-		toStore.setProperty("one", "two");
-		toStore.setProperty("two", "three");
-		toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
-		toStore.store(baos, "testStore");
-
-		bais = new ByteArrayInputStream(baos.toByteArray());
-		toLoad.load(bais);
-
-		for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-				{
-					sawOne = true;
-					assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
-				}
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-				{
-					sawTwo = true;
-					assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
-				}
-	         else if(key.equals("seuss.schneier"))
-	                if(sawSeuss)
-	                    fail("Key seuss.schneier seen more than once.");
-	                else
-	                {
-	                    sawSeuss = true;
-	                    assertEquals("Key seuss.schneier's value was not expected value",
-	                                 "one fish, twofish, red fish, blowfish",
-	                                 toStore.getProperty("seuss.schneier"));
-	                }
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-
-	/**
-	 * Test storing and loading of encrypted properties.
-	 */
-	public void testStoreLoadWithReader() throws Exception
-	{
+        try {
+            instance.setProperty(null, null);
+            fail("testSetProperty(): Null property name and valud did not result in expected exception.");
+        } catch( Exception e ) {
+            assertTrue( e instanceof EncryptionRuntimeException );
+        }
+    }
+
+    /**
+     * Test the behavior when the requested key does not exist.
+     */
+    @Test public void testNonExistantKeyValue() throws Exception
+    {
+        ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
+        assertNull(instance.getProperty("not.there"));
+    }
+
+    /**
+     * Test of keySet method, of class org.owasp.esapi.EncryptedProperties.
+     */
+    @Test public void testKeySet() throws Exception
+    {
+        boolean sawTwo = false;
+        boolean sawOne = false;
+
+        System.out.println("keySet");
+        ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
+        instance.setProperty("one", "two");
+        instance.setProperty("two", "three");
+        Iterator i = instance.keySet().iterator();
+        while(i.hasNext())
+        {
+            String key = (String)i.next();
+
+            assertNotNull("key returned from keySet() iterator was null", key);
+            if(key.equals("one"))
+                if(sawOne)
+                    fail("Key one seen more than once.");
+                else
+                    sawOne = true;
+            else if(key.equals("two"))
+                if(sawTwo)
+                    fail("Key two seen more than once.");
+                else
+                    sawTwo = true;
+            else
+                fail("Unset key " + key + " returned from keySet().iterator()");
+        }
+        assertTrue("Key one was never seen", sawOne);
+        assertTrue("Key two was never seen", sawTwo);
+    }
+
+    /**
+     * Test storing and loading of encrypted properties.
+     */
+    @Test public void testStoreLoad() throws Exception
+    {
+        ReferenceEncryptedProperties toLoad = new ReferenceEncryptedProperties();
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ByteArrayInputStream bais;
+        boolean sawOne = false;
+        boolean sawTwo = false;
+        boolean sawSeuss = false;
+
+        ReferenceEncryptedProperties toStore = new ReferenceEncryptedProperties();
+        toStore.setProperty("one", "two");
+        toStore.setProperty("two", "three");
+        toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
+        toStore.store(baos, "testStore");
+
+        bais = new ByteArrayInputStream(baos.toByteArray());
+        toLoad.load(bais);
+
+        for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
+        {
+            String key = (String)i.next();
+
+            assertNotNull("key returned from keySet() iterator was null", key);
+            if(key.equals("one"))
+                if(sawOne)
+                    fail("Key one seen more than once.");
+                else
+                {
+                    sawOne = true;
+                    assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
+                }
+            else if(key.equals("two"))
+                if(sawTwo)
+                    fail("Key two seen more than once.");
+                else
+                {
+                    sawTwo = true;
+                    assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
+                }
+             else if(key.equals("seuss.schneier"))
+                    if(sawSeuss)
+                        fail("Key seuss.schneier seen more than once.");
+                    else
+                    {
+                        sawSeuss = true;
+                        assertEquals("Key seuss.schneier's value was not expected value",
+                                     "one fish, twofish, red fish, blowfish",
+                                     toStore.getProperty("seuss.schneier"));
+                    }
+            else
+                fail("Unset key " + key + " returned from keySet().iterator()");
+        }
+        assertTrue("Key one was never seen", sawOne);
+        assertTrue("Key two was never seen", sawTwo);
+    }
+
+    /**
+     * Test storing and loading of encrypted properties.
+     */
+    @Test public void testStoreLoadWithReader() throws Exception
+    {
 /*
-		//create an EncryptedProperties to store
-		ReferenceEncryptedProperties toStore = new ReferenceEncryptedProperties();
-		toStore.setProperty("one", "two");
-		toStore.setProperty("two", "three");
-		toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
-
-		//store properties to a Writer
-		CharArrayWriter writer = new CharArrayWriter();
-		//toStore.store(writer, "testStore");
-
-		//read it back in from a Reader
-		Reader reader = new CharArrayReader(writer.toCharArray());
-
-		ReferenceEncryptedProperties toLoad = new ReferenceEncryptedProperties();
-		toLoad.load(reader);
-
-		//test the resulting loaded properties
-		boolean sawOne = false;
-		boolean sawTwo = false;
-		boolean sawSeuss = false;
-
-		for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-				{
-					sawOne = true;
-					assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
-				}
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-				{
-					sawTwo = true;
-					assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
-				}
-	         else if(key.equals("seuss.schneier"))
-	                if(sawSeuss)
-	                    fail("Key seuss.schneier seen more than once.");
-	                else
-	                {
-	                    sawSeuss = true;
-	                    assertEquals("Key seuss.schneier's value was not expected value",
-	                                 "one fish, twofish, red fish, blowfish",
-	                                 toStore.getProperty("seuss.schneier"));
-	                }
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
+        //create an EncryptedProperties to store
+        ReferenceEncryptedProperties toStore = new ReferenceEncryptedProperties();
+        toStore.setProperty("one", "two");
+        toStore.setProperty("two", "three");
+        toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
+
+        //store properties to a Writer
+        CharArrayWriter writer = new CharArrayWriter();
+        //toStore.store(writer, "testStore");
+
+        //read it back in from a Reader
+        Reader reader = new CharArrayReader(writer.toCharArray());
+
+        ReferenceEncryptedProperties toLoad = new ReferenceEncryptedProperties();
+        toLoad.load(reader);
+
+        //test the resulting loaded properties
+        boolean sawOne = false;
+        boolean sawTwo = false;
+        boolean sawSeuss = false;
+
+        for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
+        {
+            String key = (String)i.next();
+
+            assertNotNull("key returned from keySet() iterator was null", key);
+            if(key.equals("one"))
+                if(sawOne)
+                    fail("Key one seen more than once.");
+                else
+                {
+                    sawOne = true;
+                    assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
+                }
+            else if(key.equals("two"))
+                if(sawTwo)
+                    fail("Key two seen more than once.");
+                else
+                {
+                    sawTwo = true;
+                    assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
+                }
+             else if(key.equals("seuss.schneier"))
+                    if(sawSeuss)
+                        fail("Key seuss.schneier seen more than once.");
+                    else
+                    {
+                        sawSeuss = true;
+                        assertEquals("Key seuss.schneier's value was not expected value",
+                                     "one fish, twofish, red fish, blowfish",
+                                     toStore.getProperty("seuss.schneier"));
+                    }
+            else
+                fail("Unset key " + key + " returned from keySet().iterator()");
+        }
+        assertTrue("Key one was never seen", sawOne);
+        assertTrue("Key two was never seen", sawTwo);
 */
-	}
+    }
 
-	/**
-	 * Test overridden put method.
-	 */
-	public void testPut() throws Exception
-	{
-		ReferenceEncryptedProperties props = new ReferenceEncryptedProperties();
+    /**
+     * Test overridden put method.
+     */
+    @Test public void testPut() throws Exception
+    {
+        ReferenceEncryptedProperties props = new ReferenceEncryptedProperties();
 
-		String name = "name";
-		String value = "value";
+        String name = "name";
+        String value = "value";
 
-		props.put(name, value);  //should work and store encrypted
-		String result = props.getProperty(name);
-		assertEquals(value, result);
+        props.put(name, value);  //should work and store encrypted
+        String result = props.getProperty(name);
+        assertEquals(value, result);
 
-		Integer five = new Integer(5);
+        Integer five = new Integer(5);
 
-		try {
-			props.put("Integer", five); //should fail and throw IllegalArgumentException
-			fail("testPut(): Non-String property value did not result in expected exception.");
-		} catch( Exception e ) {
+        try {
+            props.put("Integer", five); //should fail and throw IllegalArgumentException
+            fail("testPut(): Non-String property value did not result in expected exception.");
+        } catch( Exception e ) {
             assertTrue( e instanceof IllegalArgumentException );
         }
-		try {
-			props.put(five, "Integer"); //should fail and throw IllegalArgumentException
-			fail("testPut(): Non-String property key did not result in expected exception.");
-		} catch( Exception e ) {
+        try {
+            props.put(five, "Integer"); //should fail and throw IllegalArgumentException
+            fail("testPut(): Non-String property key did not result in expected exception.");
+        } catch( Exception e ) {
             assertTrue( e instanceof IllegalArgumentException );
         }
-		try {
-			props.put(five, five); //should fail and throw IllegalArgumentException
-			fail("testPut(): Non-String property key and value did not result in expected exception.");
-		} catch( Exception e ) {
+        try {
+            props.put(five, five); //should fail and throw IllegalArgumentException
+            fail("testPut(): Non-String property key and value did not result in expected exception.");
+        } catch( Exception e ) {
             assertTrue( e instanceof IllegalArgumentException );
         }
-		try {
+        try {
             props.put(null, five);
             fail("testSetProperty(): Null property name and non-String value did not result in expected exception.");
         } catch( Exception e ) {
@@ -343,7 +312,7 @@ public void testPut() throws Exception
         } catch( Exception e ) {
             assertTrue( e instanceof IllegalArgumentException );
         }
-		try {
+        try {
             props.put(null, value);
             fail("testSetProperty(): Null property name did not result in expected exception.");
         } catch( Exception e ) {
@@ -355,181 +324,176 @@ public void testPut() throws Exception
         } catch( Exception e ) {
             assertTrue( e instanceof IllegalArgumentException );
         }
-		try {
-			props.put(null, null);
-			fail("testSetProperty(): Null property name and valud did not result in expected exception.");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof IllegalArgumentException );
-		}
-	}
-
-	/**
-	 * Test that ReferenceEncryptedProperties can be properly constructed
-	 * with an instance of Properties.
-	 */
-	public void testConstructWithProperties() {
-		Properties props = new Properties();
-		props.setProperty("one", "two");
-		props.setProperty("two", "three");
-		props.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
-
-		ReferenceEncryptedProperties eProps = new ReferenceEncryptedProperties(props);
-
-		boolean sawOne = false;
-		boolean sawTwo = false;
-		boolean sawSeuss = false;
-
-		for(Iterator i=eProps.keySet().iterator();i.hasNext();)
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-				{
-					sawOne = true;
-					assertEquals("Key one's value was not two", "two", eProps.getProperty("one"));
-				}
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-				{
-					sawTwo = true;
-					assertEquals("Key two's value was not three", "three", eProps.getProperty("two"));
-				}
-	         else if(key.equals("seuss.schneier"))
-	                if(sawSeuss)
-	                    fail("Key seuss.schneier seen more than once.");
-	                else
-	                {
-	                    sawSeuss = true;
-	                    assertEquals("Key seuss.schneier's value was not expected value",
-	                                 "one fish, twofish, red fish, blowfish",
-	                                 eProps.getProperty("seuss.schneier"));
-	                }
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-
-	/**
-	 * Test that ReferenceEncryptedProperties can be properly constructed
-	 * with an instance of EncryptedProperties.
-	 */
-	public void testConstructWithEncryptedProperties() throws Exception {
-		ReferenceEncryptedProperties props = new ReferenceEncryptedProperties();
-		props.setProperty("one", "two");
-		props.setProperty("two", "three");
-		props.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
-
-		ReferenceEncryptedProperties eProps = new ReferenceEncryptedProperties(props);
-
-		boolean sawOne = false;
-		boolean sawTwo = false;
-		boolean sawSeuss = false;
-
-		for(Iterator i=eProps.keySet().iterator();i.hasNext();)
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-				{
-					sawOne = true;
-					assertEquals("Key one's value was not two", "two", eProps.getProperty("one"));
-				}
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-				{
-					sawTwo = true;
-					assertEquals("Key two's value was not three", "three", eProps.getProperty("two"));
-				}
-	         else if(key.equals("seuss.schneier"))
-	                if(sawSeuss)
-	                    fail("Key seuss.schneier seen more than once.");
-	                else
-	                {
-	                    sawSeuss = true;
-	                    assertEquals("Key seuss.schneier's value was not expected value",
-	                                 "one fish, twofish, red fish, blowfish",
-	                                 eProps.getProperty("seuss.schneier"));
-	                }
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-
-
-	/**
-	 * Test overridden methods from Properties and Hashtable.
-	 */
-	public void testOverriddenMethods() throws Exception {
-		Properties props = new ReferenceEncryptedProperties();
-		props.setProperty("one", "two");
-		props.setProperty("two", "three");
-		props.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
-
-		FileOutputStream out = new FileOutputStream("ReferenceEncryptedProperties.test.txt");
-		PrintStream ps = new PrintStream(out);
-		try {
-			props.list(ps);
-			fail("testOverriddenMethods(): list(PrintStream) did not result in expected Exception");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof UnsupportedOperationException );
-		}
-
-		PrintWriter pw = new PrintWriter(new FileWriter("test.out"));
-		try {
-			props.list(pw);
-			fail("testOverriddenMethods(): list(PrintWriter) did not result in expected Exception");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof UnsupportedOperationException );
-		}
-
-		try {
-			props.list(ps);
-			fail("testOverriddenMethods(): list(PrintStream) did not result in expected Exception");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof UnsupportedOperationException );
-		}
-
-		try {
-			Collection c = props.values();
-			fail("testOverriddenMethods(): values() did not result in expected Exception");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof UnsupportedOperationException );
-		}
-
-		try {
-			Collection c = props.entrySet();
-			fail("testOverriddenMethods(): entrySet() did not result in expected Exception");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof UnsupportedOperationException );
-		}
-
-		try {
-			Enumeration e = props.elements();
-			fail("testOverriddenMethods(): elements() did not result in expected Exception");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof UnsupportedOperationException );
-		}
-
-        File f1 = new File("test.out");
-        f1.delete();
-        File f = new File("ReferenceEncryptedProperties.test.txt");
-        f.delete();
-	}
+        try {
+            props.put(null, null);
+            fail("testSetProperty(): Null property name and valud did not result in expected exception.");
+        } catch( Exception e ) {
+            assertTrue( e instanceof IllegalArgumentException );
+        }
+    }
+
+    /**
+     * Test that ReferenceEncryptedProperties can be properly constructed
+     * with an instance of Properties.
+     */
+    @Test public void testConstructWithProperties() {
+        Properties props = new Properties();
+        props.setProperty("one", "two");
+        props.setProperty("two", "three");
+        props.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
+
+        ReferenceEncryptedProperties eProps = new ReferenceEncryptedProperties(props);
+
+        boolean sawOne = false;
+        boolean sawTwo = false;
+        boolean sawSeuss = false;
+
+        for(Iterator i=eProps.keySet().iterator();i.hasNext();)
+        {
+            String key = (String)i.next();
+
+            assertNotNull("key returned from keySet() iterator was null", key);
+            if(key.equals("one"))
+                if(sawOne)
+                    fail("Key one seen more than once.");
+                else
+                {
+                    sawOne = true;
+                    assertEquals("Key one's value was not two", "two", eProps.getProperty("one"));
+                }
+            else if(key.equals("two"))
+                if(sawTwo)
+                    fail("Key two seen more than once.");
+                else
+                {
+                    sawTwo = true;
+                    assertEquals("Key two's value was not three", "three", eProps.getProperty("two"));
+                }
+             else if(key.equals("seuss.schneier"))
+                    if(sawSeuss)
+                        fail("Key seuss.schneier seen more than once.");
+                    else
+                    {
+                        sawSeuss = true;
+                        assertEquals("Key seuss.schneier's value was not expected value",
+                                     "one fish, twofish, red fish, blowfish",
+                                     eProps.getProperty("seuss.schneier"));
+                    }
+            else
+                fail("Unset key " + key + " returned from keySet().iterator()");
+        }
+        assertTrue("Key one was never seen", sawOne);
+        assertTrue("Key two was never seen", sawTwo);
+    }
+
+    /**
+     * Test that ReferenceEncryptedProperties can be properly constructed
+     * with an instance of EncryptedProperties.
+     */
+    @Test public void testConstructWithEncryptedProperties() throws Exception {
+        ReferenceEncryptedProperties props = new ReferenceEncryptedProperties();
+        props.setProperty("one", "two");
+        props.setProperty("two", "three");
+        props.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
+
+        ReferenceEncryptedProperties eProps = new ReferenceEncryptedProperties(props);
+
+        boolean sawOne = false;
+        boolean sawTwo = false;
+        boolean sawSeuss = false;
+
+        for(Iterator i=eProps.keySet().iterator();i.hasNext();)
+        {
+            String key = (String)i.next();
+
+            assertNotNull("key returned from keySet() iterator was null", key);
+            if(key.equals("one"))
+                if(sawOne)
+                    fail("Key one seen more than once.");
+                else
+                {
+                    sawOne = true;
+                    assertEquals("Key one's value was not two", "two", eProps.getProperty("one"));
+                }
+            else if(key.equals("two"))
+                if(sawTwo)
+                    fail("Key two seen more than once.");
+                else
+                {
+                    sawTwo = true;
+                    assertEquals("Key two's value was not three", "three", eProps.getProperty("two"));
+                }
+             else if(key.equals("seuss.schneier"))
+                    if(sawSeuss)
+                        fail("Key seuss.schneier seen more than once.");
+                    else
+                    {
+                        sawSeuss = true;
+                        assertEquals("Key seuss.schneier's value was not expected value",
+                                     "one fish, twofish, red fish, blowfish",
+                                     eProps.getProperty("seuss.schneier"));
+                    }
+            else
+                fail("Unset key " + key + " returned from keySet().iterator()");
+        }
+        assertTrue("Key one was never seen", sawOne);
+        assertTrue("Key two was never seen", sawTwo);
+    }
+
+
+    /**
+     * Test overridden methods from Properties and Hashtable.
+     */
+    @Test public void testOverriddenMethods() throws Exception {
+        Properties props = new ReferenceEncryptedProperties();
+        props.setProperty("one", "two");
+        props.setProperty("two", "three");
+        props.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
+
+        FileOutputStream out = new FileOutputStream(tempFolder.newFile("ReferenceEncryptedProperties.test.txt"));
+        PrintStream ps = new PrintStream(out);
+        try {
+            props.list(ps);
+            fail("testOverriddenMethods(): list(PrintStream) did not result in expected Exception");
+        } catch( Exception e ) {
+            assertTrue( e instanceof UnsupportedOperationException );
+        }
+
+        PrintWriter pw = new PrintWriter(new FileWriter(tempFolder.newFile("test.out")));
+        try {
+            props.list(pw);
+            fail("testOverriddenMethods(): list(PrintWriter) did not result in expected Exception");
+        } catch( Exception e ) {
+            assertTrue( e instanceof UnsupportedOperationException );
+        }
+
+        try {
+            props.list(ps);
+            fail("testOverriddenMethods(): list(PrintStream) did not result in expected Exception");
+        } catch( Exception e ) {
+            assertTrue( e instanceof UnsupportedOperationException );
+        }
+
+        try {
+            Collection c = props.values();
+            fail("testOverriddenMethods(): values() did not result in expected Exception");
+        } catch( Exception e ) {
+            assertTrue( e instanceof UnsupportedOperationException );
+        }
+
+        try {
+            Collection c = props.entrySet();
+            fail("testOverriddenMethods(): entrySet() did not result in expected Exception");
+        } catch( Exception e ) {
+            assertTrue( e instanceof UnsupportedOperationException );
+        }
+
+        try {
+            Enumeration e = props.elements();
+            fail("testOverriddenMethods(): elements() did not result in expected Exception");
+        } catch( Exception e ) {
+            assertTrue( e instanceof UnsupportedOperationException );
+        }
+    }
 
 }
diff --git a/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
new file mode 100644
index 000000000..f887db57b
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
@@ -0,0 +1,70 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+package org.owasp.esapi.reference.regex;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.regex.Pattern;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+/**
+ * Abstract parameterized test case meant to assist with verifying regular expressions in test scope.
+ * <br/>
+ * Sub-classes are expected to provide instances of {@link PatternTestTuple} to this instance.
+ * <br/>
+ * For better test naming output specify {@link PatternTestTuple#description} and use <code> @Parameters (name="{0}")</code>,
+ * where '0' is the index that the PatternTestTuple reference appears in the constructor.
+ */
+@RunWith(Parameterized.class)
+public abstract class AbstractPatternTest {
+
+    /**
+     * Test tuple for Pattern validation.
+     */
+    protected static class PatternTestTuple {
+        /** String value to be tested against the compiled regex reference. */
+        String input;
+        /** Regular expression string that will be compiled and be passed the input. */
+        String regex;
+        /** Test Expectation whether input should match the compiled regex. */
+        boolean shouldMatch;
+        /** Optional field to override the toString value of this tuple. */
+        String description;
+
+        /** {@inheritDoc} */
+        @Override
+        public String toString() {
+            return description != null ? description : regex;
+        }
+    }
+
+    private String input;
+    private Pattern pattern;
+    private boolean shouldMatch;
+
+    public AbstractPatternTest(PatternTestTuple tuple) {
+        this.input = tuple.input;
+        this.pattern = Pattern.compile(tuple.regex);
+        this.shouldMatch = tuple.shouldMatch;
+    }
+
+    @Test
+    public void checkPatternMatches() {
+        assertEquals(shouldMatch, pattern.matcher(input).matches());
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java b/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
new file mode 100644
index 000000000..b6080344d
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
@@ -0,0 +1,103 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
+package org.owasp.esapi.reference.regex;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.junit.Assume;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+
+/**
+ * Extension of the AbstractPatternTest which focuses on asserting that the default whitelist regex values applied in
+ * the validation process are performing the intended function in the environment.
+ * <br/>
+ * If the regex values in this test are found to not match the running environment configurations, then the tests will
+ * be skipped.
+ *
+ * @author Jeremiah
+ * @since Jan 20, 2018
+ */
+public class EsapiWhitelistValidationPatternTester extends AbstractPatternTest {
+    // See ESAPI.properties
+    private static final String HTTP_QUERY_STRING_PROP_NAME = "HTTPQueryString";
+    private static final String HTTP_QUERY_STRING_REGEX = "^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$";
+
+    private static final String CONFIGURATION_PATTERN_MISMATCH_MESSAGE = "The regular expression specified does not match the configuration settings.\n"
+        + "If the value was changed from the ESAPI default, it is recommended to copy "
+        + "this class into your project, update the regex being tested, and update all "
+        + "associated input expectations for your unique environment.";
+
+    @Parameters(name = "{0}-{1}")
+    public static Collection<Object[]> createDefaultPatternTests() {
+        Collection<Object[]> parameters = new ArrayList<>();
+
+        for (PatternTestTuple tuple : buildHttpQueryStringTests()) {
+            parameters.add(new Object[] { HTTP_QUERY_STRING_PROP_NAME, tuple });
+        }
+
+        return parameters;
+    }
+
+    private static Collection<PatternTestTuple> buildHttpQueryStringTests() {
+        Collection<PatternTestTuple> httpQueryStringTests = new ArrayList<>();
+
+        // MATCHING CASES
+        PatternTestTuple tuple = newHttpQueryStringTuple("Default Case", "b", true);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Percent Encoded Value", "%62", true);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Percent Encoded Null Character", "%00", true);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Double Equals", "=", true);
+        httpQueryStringTests.add(tuple);
+
+        // NON-MATCHING CASES
+        tuple = newHttpQueryStringTuple("Ampersand In Value", "&b", false);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Null Character", "" + Character.MIN_VALUE, false);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Encoded Null Character", "\u0000", false);
+        httpQueryStringTests.add(tuple);
+
+        return httpQueryStringTests;
+    }
+
+    private static PatternTestTuple newHttpQueryStringTuple(String description, String value, boolean shouldPass) {
+        PatternTestTuple tuple = new PatternTestTuple();
+        tuple.input = "a=" + value;
+        tuple.shouldMatch = shouldPass;
+        tuple.regex = HTTP_QUERY_STRING_REGEX;
+        tuple.description = description;
+        return tuple;
+    }
+
+    public EsapiWhitelistValidationPatternTester(String property, PatternTestTuple tuple) {
+        super(tuple);
+        /*
+         * This next block causes the case to be skipped programatically if the regex being tested
+         * is different than the one being loaded at runtime.
+         * This is being done to prevent a false sense of security.
+         * If the configurations are changed to meet additional environmental concerns, the intent of this test should
+         * be copied into that environment and tested there to assert the additional expectations or changes in desired
+         * behavior.
+         */
+        DefaultSecurityConfiguration configuration = new DefaultSecurityConfiguration();
+        Assume.assumeTrue(CONFIGURATION_PATTERN_MISMATCH_MESSAGE, configuration.getValidationPattern(property)
+            .toString().equals(tuple.regex));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java
new file mode 100644
index 000000000..36a7b1b99
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java
@@ -0,0 +1,295 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Ben Sleek <a href="http://www.spartasystems.com">Sparta Systems</a>
+ * @created 2015
+ */
+package org.owasp.esapi.reference.validation;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.CALLS_REAL_METHODS;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.withSettings;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.hamcrest.Matcher;
+import org.hamcrest.core.Is;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+
+public class BaseValidationRuleTest {
+    /**Static Test Data.*/
+    private static final String STR_VAL="";
+    private static final String EX_MSG="Expected Failure Message from " + BaseValidationRuleTest.class.getSimpleName();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    private ValidationException testValidationEx = new ValidationException(EX_MSG, EX_MSG);
+
+    private BaseValidationRule uit = mock(BaseValidationRule.class, CALLS_REAL_METHODS);
+    @Test
+    public void testCtrNullTypeName() throws Exception {
+        String typename = null;
+        BaseValidationRule rule = mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertNull(rule.getTypeName());
+    }
+
+    @Test
+    public void testCtrNullEncoder() {
+        String typename = "typename";
+        Encoder encoder = null;
+        BaseValidationRule rule = mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename, encoder)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertEquals(typename, rule.getTypeName());
+        assertNull(rule.getEncoder());
+    }
+
+    @Test
+    public void testCtrNullTypenameNullEncoder() {
+        String typename = null;
+        Encoder encoder = null;
+        BaseValidationRule rule = mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename, encoder)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertNull(rule.getTypeName());
+        assertNull(rule.getEncoder());
+    }
+
+    @Test
+    public void testCtr2ArgHappyPath() {
+        String typename = "typename";
+        Encoder encoder = mock(Encoder.class);
+        BaseValidationRule rule =  mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename, encoder)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertEquals(typename, rule.getTypeName());
+        assertEquals(encoder, rule.getEncoder());
+    }
+
+    @Test
+    public void testCtr1ArgHappyPath() {
+        String typename = "typename";
+        mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+    }
+
+    @Test
+    public void testSetTypeNameNull() {
+        uit.setTypeName(null);
+        assertNull(uit.getTypeName());
+    }
+
+    @Test
+    public void testSetTypeName() {
+        uit.setTypeName(STR_VAL);
+        assertEquals(STR_VAL, uit.getTypeName());
+    }
+
+    @Test
+    public void testSetEncoderNull() {
+        uit.setEncoder(null);
+        assertNull(uit.getEncoder());
+    }
+
+    @Test
+    public void testSetEncoder() {
+        Encoder mockEnc = mock(Encoder.class);
+        uit.setEncoder(mockEnc);
+        assertEquals(mockEnc, uit.getEncoder());
+    }
+
+    @Test
+    public void testSetAllowNull() {
+        uit.setAllowNull(true);
+        assertTrue(uit.isAllowNull());
+        uit.setAllowNull(false);
+        assertFalse(uit.isAllowNull());
+    }
+
+    @Test
+    public void testAssertValidCallsGetValid() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        uit.assertValid(STR_VAL, STR_VAL);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+    @Test
+    public void testAssertValidThrowsValidationException() throws ValidationException {
+        /*
+         * Verifies assertValid throws ValidationException on invalid input
+         * Validates fix for Google issue #195
+         */
+        Matcher<ValidationException> validationExMatch = Is.is(testValidationEx);
+        exEx.expect(validationExMatch);
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        uit.assertValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testGetValidErrorListCallsGetValid() throws ValidationException {
+        ValidationErrorList vel = new ValidationErrorList();
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        Object vRef = uit.getValid(STR_VAL, STR_VAL, vel);
+        assertEquals(this, vRef);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testGetValidExceptionAddedToErrorList() throws ValidationException {
+        ValidationErrorList vel = new ValidationErrorList();
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        Object vRef = uit.getValid(STR_VAL, STR_VAL, vel);
+        assertNull(vRef);
+        List<ValidationException> elEx = vel.errors();
+        assertEquals(1, elEx.size());
+        assertEquals(testValidationEx, elEx.get(0));
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+    @Test
+    public void testGetValidNullErrorListThrows() throws ValidationException {
+        Matcher<ValidationException> validationExMatch = Is.is(testValidationEx);
+        exEx.expect(validationExMatch);
+        ValidationErrorList vel = null;
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        uit.getValid(STR_VAL, STR_VAL, vel);
+    }
+
+    @Test
+    public void testGetSafeCallsGetValid() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        Object vRef = uit.getSafe(STR_VAL, STR_VAL);
+        assertEquals(this, vRef);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testGetSafeOnExceptionCallsSanitize() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        when(uit.sanitize(STR_VAL, STR_VAL)).thenReturn(this);
+        Object vRef = uit.getSafe(STR_VAL, STR_VAL);
+        assertEquals(this, vRef);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+        verify(uit, times(1)).sanitize(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testIsValidCallsGetValid() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        assertTrue(uit.isValid(STR_VAL, STR_VAL));
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testIsValidOnExceptionRetursFalse() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        assertFalse(uit.isValid(STR_VAL, STR_VAL));
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    /* *************************
+     * TO DISCUSS
+     * FIXME
+     * Tests below this block are items which are valid against the current implementation, but have side effects
+     * or unclear results under certain conditions.
+     *
+     * Once Items are discussed and understood they should probably be well-commented and moved out of this area.
+     */
+
+    @Test
+    public void testGetValidMultipleExceptionSameContextThrowsRuntimeException() throws ValidationException {
+        exEx.expect(RuntimeException.class);
+        ValidationErrorList vel = new ValidationErrorList();
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        uit.getValid(STR_VAL, STR_VAL, vel);
+        /*
+         * Side-effect of ValidationErrorList. If the same context is used against a BaseValidationRule multiple times resulting in exception, the ValidationErrorList impl will blow up.
+         * This can be an unclear event at runtime if a single BaseValidationRule instance is shared in an application and multiple parts happen to use the same contextual string to capture failure events.
+         *
+         */
+        uit.getValid(STR_VAL, STR_VAL, vel);
+    }
+
+    //None of the Whitelist content belongs in this class, IMO.
+
+    @Test
+    public void testWhitelistCharArrayCleansString() {
+        String myString = "AAAGaaadBBB12345*";
+        char[] whitelist = new char[] {'d', 'G', '3', '*', ']'};
+        String result = uit.whitelist(myString, whitelist);
+        assertEquals("Gd3*", result);
+    }
+
+    @Test
+    public void testWhitelistNullCharArrayThrows() {
+        exEx.expect(NullPointerException.class);
+        String myString = "AAAGaaadBBB12345*";
+        char[] whitelist = null;
+        uit.whitelist(myString, whitelist);
+    }
+
+    @Test
+    public void testWhitelistSetCleansString() {
+        String myString = "AAAGaaadBBB12345*";
+        Set<Character> whitelist = new HashSet<>();
+        whitelist.add('d');
+        whitelist.add('G');
+        whitelist.add('3');
+        whitelist.add('*');
+        whitelist.add(']');
+        String result = uit.whitelist(myString, whitelist);
+        assertEquals("Gd3*", result);
+    }
+
+    @Test
+    public void testWhitelistNullSetThrows() {
+        exEx.expect(NullPointerException.class);
+        String myString = "AAAGaaadBBB12345*";
+        Set<Character> whitelist = null;
+        uit.whitelist(myString, whitelist);
+    }
+
+    @Test
+
+    public void testWhitelistSetExtendedCharacterSets() {
+        String myString = "𡘾𦴩<𥻂";
+        //(55365 56894) (55387 56617) 60 (55383 57026)
+        Set<Character> whitelist = new HashSet<>();
+        whitelist.add((char) 60);
+        whitelist.add((char) 55387);
+        whitelist.add((char) 56617);
+        String result = uit.whitelist(myString, whitelist);
+        assertEquals("𦴩<", result);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/DateValidationRulePowerMockTest.java b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRulePowerMockTest.java
new file mode 100644
index 000000000..1b7c9ed82
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRulePowerMockTest.java
@@ -0,0 +1,141 @@
+package org.owasp.esapi.reference.validation;
+
+import java.text.DateFormat;
+import java.util.Locale;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.internal.verification.VerificationModeFactory;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.util.ObjFactory;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ObjFactory.class})
+public class DateValidationRulePowerMockTest {
+
+    @Rule
+    public TestName testName = new TestName();
+    private Encoder mockEncoder;
+    private DateFormat testFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US);
+    private DateValidationRule uit;
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+
+    @Before
+    public void configureStaticContexts() throws Exception {
+        PowerMockito.mockStatic(ObjFactory.class);
+        PowerMockito.when(ObjFactory.class, "make", ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration")).thenReturn(mockSecConfig);
+
+        mockEncoder = Mockito.mock(Encoder.class);
+        testFormat = Mockito.spy(testFormat);
+    }
+
+    @Test
+    public void testSetDateFormatLenientTrueFromCtr() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(true);
+
+        testFormat.setLenient(false);
+        Mockito.reset(testFormat);
+
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+
+        Assert.assertTrue(testFormat.isLenient());
+
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(false);
+
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+
+
+    }
+
+    @Test
+    public void testSetDateFormatLenientFalseFromCtr() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(false);
+
+        testFormat.setLenient(true);
+        Mockito.reset(testFormat);
+
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+
+        Assert.assertFalse(testFormat.isLenient());
+
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(false);
+
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+    }
+
+    @Test
+    public void testSetDateFormatLenientFalseFromSetter() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(false);
+
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+
+        //Configuration is lenient=false
+        testFormat.setLenient(true);
+        Mockito.reset(testFormat, mockSecConfig);
+        Assert.assertTrue(testFormat.isLenient());
+
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(false);
+
+        uit.setDateFormat(testFormat);
+
+        Assert.assertFalse(testFormat.isLenient());
+
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(false);
+
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(2));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+    }
+
+    @Test
+    public void testSetDateFormatLenientTrueFromSetter() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(true);
+
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+
+        //Configuration is lenient=true
+        testFormat.setLenient(false);
+        Mockito.reset(testFormat, mockSecConfig);
+        Assert.assertFalse(testFormat.isLenient());
+
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(true);
+
+        uit.setDateFormat(testFormat);
+
+        Assert.assertTrue(testFormat.isLenient());
+
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(false);
+
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(2));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/DateValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRuleTest.java
new file mode 100644
index 000000000..57e9d021e
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRuleTest.java
@@ -0,0 +1,248 @@
+package org.owasp.esapi.reference.validation;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.hamcrest.CustomMatcher;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+import static org.owasp.esapi.PropNames.ACCEPT_LENIENT_DATES;
+import org.powermock.reflect.Whitebox;
+
+public class DateValidationRuleTest {
+
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
+    private ParseException testParseEx = new ParseException("Test Exception", 0);
+    private Date testDate = new Date();
+    private String dateString;
+    private String canonDateString ;
+
+    private String contextStr;
+    private Encoder mockEncoder;
+    private DateFormat testFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US);
+    private DateValidationRule uit;
+
+    @Before
+    public void setup() {
+        mockEncoder = Mockito.mock(Encoder.class);
+        testFormat = Mockito.spy(testFormat);
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+        contextStr = testName.getMethodName();
+
+        dateString = testFormat.format(testDate);
+        canonDateString = dateString;
+    }
+    @Test
+    public void testCtrNullDateFormatThrows() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("DateValidationRule.setDateFormat requires a non-null DateFormat");
+        new DateValidationRule("context", mockEncoder, null);
+    }
+
+    @Test
+    public void testCtrSetDateFormat() {
+        DateFormat uitFormat = Whitebox.getInternalState(uit, "format");
+        Assert.assertEquals(testFormat, uitFormat);
+    }
+
+    @Test
+    public void testsetDateFormatNullThrows() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("DateValidationRule.setDateFormat requires a non-null DateFormat");
+        uit.setDateFormat(null);
+    }
+
+    @Test
+    public void testsetDateFormat() {
+        boolean acceptLenient = ESAPI.securityConfiguration().getBooleanProp( ACCEPT_LENIENT_DATES );
+        DateFormat newFormat = DateFormat.getDateInstance(DateFormat.SHORT, Locale.US);
+        newFormat.setLenient(!acceptLenient);
+
+        newFormat = Mockito.spy(newFormat);
+
+        uit.setDateFormat(newFormat);
+        DateFormat uitFormat = Whitebox.getInternalState(uit, "format");
+        Assert.assertEquals(newFormat, uitFormat);
+        Mockito.verify(newFormat).setLenient(acceptLenient);
+    }
+
+    @Test
+    public void testGetValidNullInputAllowed() throws ValidationException {
+        uit.setAllowNull(true);
+        Date vDate = uit.getValid(contextStr, null);
+        Assert.assertNull(vDate);
+    }
+
+    @Test
+    public void testGetValidNullInputNotAllowed() throws ValidationException {
+        exEx.expect(ValidationException.class);
+        exEx.expectMessage("Input date required");
+        uit.setAllowNull(false);
+        uit.getValid(contextStr, null);
+    }
+
+    @Test
+    public void testGetValidNullInputNotAllowedEmptyString() throws ValidationException {
+        exEx.expect(ValidationException.class);
+        exEx.expectMessage("Input date required");
+        uit.setAllowNull(false);
+        uit.getValid(contextStr, "");
+    }
+
+    @Test
+    public void testGetValidBadDateThrows() throws ValidationException, ParseException {
+        exEx.expect(ValidationException.class);
+        exEx.expectMessage(contextStr + ": Invalid date");
+        exEx.expectCause(new CustomMatcher<Throwable>("Check for Test Parse Exception") {
+
+            @Override
+            public boolean matches(Object item) {
+               return item.equals(testParseEx);
+            }
+        });
+
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doThrow(testParseEx).when(testFormat).parse(canonDateString);
+
+        uit.getValid(contextStr, dateString);
+    }
+
+    @Test
+    public void testGetValidHappyPath() throws ValidationException, ParseException {
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doReturn(testDate).when(testFormat).parse(canonDateString);
+
+        Date date = uit.getValid(contextStr, dateString);
+        Assert.assertEquals(testDate, date);
+    }
+
+    @Test
+    public void testGetValidDateWithCruft() throws ValidationException, ParseException {
+        String cruftyDate = canonDateString + "' union select * from another_table where user_id like '%";
+        Mockito.when(mockEncoder.canonicalize(cruftyDate)).thenReturn(cruftyDate);
+        Mockito.doReturn(testDate).when(testFormat).parse(cruftyDate);
+
+        Date date = uit.getValid(contextStr, cruftyDate);
+        Assert.assertEquals(testDate, date);
+    }
+
+
+    @Test
+    public void testSanitizeNullInputAllowed() throws ValidationException {
+        uit.setAllowNull(true);
+        Date vDate = uit.sanitize(contextStr, null);
+        Assert.assertNull(vDate);
+    }
+
+    @Test
+    public void testSanitizeNullInputNotAllowed() throws ValidationException {
+        uit.setAllowNull(false);
+        Date date = uit.sanitize(contextStr, null);
+        Assert.assertEquals(0, date.getTime());
+    }
+
+    @Test
+    public void testSanitizeNullInputNotAllowedEmptyString() throws ValidationException {
+        uit.setAllowNull(false);
+        Date date = uit.sanitize(contextStr, "");
+        Assert.assertEquals(0, date.getTime());
+    }
+
+    @Test
+    public void testSanitizeBadDateReturnsDefault() throws ValidationException, ParseException {
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doThrow(testParseEx).when(testFormat).parse(canonDateString);
+
+        Date date =  uit.sanitize(contextStr, dateString);
+        Assert.assertEquals(0, date.getTime());
+    }
+
+    @Test
+    public void testSanitizeErrorListContainsError() throws ValidationException, ParseException {
+        ValidationErrorList vel = new ValidationErrorList();
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doThrow(testParseEx).when(testFormat).parse(canonDateString);
+
+        Date date =  uit.sanitize(contextStr, dateString, vel);
+        Assert.assertEquals(0, date.getTime());
+        Assert.assertEquals(1, vel.size());
+        ValidationException wrapper = vel.errors().get(0);
+        Assert.assertEquals(testParseEx, wrapper.getCause());
+    }
+
+    @Test
+    public void testSanitizeHappyPath() throws ValidationException, ParseException {
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doReturn(testDate).when(testFormat).parse(canonDateString);
+
+        Date date = uit.sanitize(contextStr, dateString);
+        Assert.assertEquals(testDate, date);
+    }
+    @Test
+    public void testSanitizeDateWithCruft() throws ValidationException, ParseException {
+        String cruftyDate = canonDateString + "' union select * from another_table where user_id like '%";
+        Mockito.when(mockEncoder.canonicalize(cruftyDate)).thenReturn(cruftyDate);
+        Mockito.doReturn(testDate).when(testFormat).parse(cruftyDate);
+
+        Date date = uit.sanitize(contextStr, cruftyDate);
+        Assert.assertEquals(0, date.getTime());
+    }
+
+    @Test
+    public void testGithubIssue299() throws ParseException, ValidationException {
+        Map<DateFormat, String> formatDateMap = new HashMap<>();
+        formatDateMap.put(new SimpleDateFormat("dd/MM/yyyy"), "01/01/2aaa");
+        formatDateMap.put(new SimpleDateFormat("yyyy/dd/MM"), "2aaa/01/01");
+        formatDateMap.put(new SimpleDateFormat("dd/yyyy/MM"), "01/2012'SELECT * FROM user_table'/01");
+        formatDateMap.put(new SimpleDateFormat("dd/MM/yyyy"),"01/01/2012'SELECT * FROM user_table'");
+        formatDateMap.put(new SimpleDateFormat("dd/yyyy/MM"),"01/2aaa/01");
+        formatDateMap.put(SimpleDateFormat.getDateInstance(SimpleDateFormat.LONG, Locale.US), "September 11, 2001' union select * from another_table where user_id like '%");
+
+        for (Entry<DateFormat, String> pair : formatDateMap.entrySet()) {
+            String cruftyDate = pair.getValue();
+            Mockito.when(mockEncoder.canonicalize(cruftyDate)).thenReturn(cruftyDate);
+
+            DateFormat lenientFormat = Mockito.spy(pair.getKey());
+            lenientFormat.setLenient(true);
+            Mockito.doNothing().when(lenientFormat).setLenient(ArgumentMatchers.anyBoolean());
+            Mockito.doReturn(testDate).when(lenientFormat).parse(cruftyDate);
+
+            DateFormat strictFormat = Mockito.spy(pair.getKey());
+            strictFormat.setLenient(false);
+            Mockito.doNothing().when(strictFormat).setLenient(ArgumentMatchers.anyBoolean());
+            Mockito.doReturn(testDate).when(strictFormat).parse(cruftyDate);
+
+            uit.setDateFormat(lenientFormat);
+            Date lenientValidDate = uit.getValid(contextStr, cruftyDate);
+            Assert.assertEquals("calls to getValid should not change the parsed date regardless of cruft",testDate, lenientValidDate);
+            Date lenientSanitizedDate = uit.sanitize(contextStr, cruftyDate);
+            Assert.assertEquals("calls to sanitize should return default date if cruft exists in input string",0, lenientSanitizedDate.getTime());
+
+            uit.setDateFormat(strictFormat);
+            Date strictValidDate = uit.getValid(contextStr, cruftyDate);
+            Assert.assertEquals("calls to getValid should not change the parsed date regardless of cruft",testDate, strictValidDate);
+            Date strictSanitizedDate = uit.sanitize(contextStr, cruftyDate);
+            Assert.assertEquals("calls to sanitize should return default date if cruft exists in input string",0, strictSanitizedDate.getTime());
+        }
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleAntisamyPropertyTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleAntisamyPropertyTest.java
new file mode 100644
index 000000000..082bd626c
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleAntisamyPropertyTest.java
@@ -0,0 +1,36 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference.validation;
+
+import org.junit.Test;
+import org.owasp.validator.html.PolicyException;
+
+/**
+ * Isolate scope test to assert the behavior of the HTMLValidationRule
+ * when schema validation is disabled in the Antisamy Project.
+ */
+public class HTMLValidationRuleAntisamyPropertyTest {
+    /** The intentionally non-compliant AntiSamy policy file. We don't intend to
+     * actually <i>use</i> it for anything.
+     */
+    private static final String INVALID_ANTISAMY_POLICY_FILE = "antisamy-InvalidPolicy.xml";
+
+    @Test( expected = PolicyException.class )
+    public void checkAntisamySystemPropertyWorksAsAdvertised() throws Exception {
+        HTMLValidationRule.loadAntisamyPolicy(INVALID_ANTISAMY_POLICY_FILE);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
new file mode 100644
index 000000000..9492c6b7c
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
@@ -0,0 +1,175 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference.validation;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.validator.html.PolicyException;
+import static org.owasp.esapi.PropNames.VALIDATOR_HTML_VALIDATION_ACTION;
+import static org.owasp.esapi.PropNames.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE;
+
+/**
+ * The class {@code HTMLValidationRuleClasspathTest} is used to test ESAPI where
+ * the AntiSamy policy file is located in a non-standard place. It is based
+ * on te original test cases, testGetValidSafeHTML() and
+ * testIsValidSafeHTML() from the file {@code ValidatorTest} originally written
+ * by
+ *      Mike Fauzy (mike.fauzy@aspectsecurity.com) and
+ *      Jeff Williams (jeff.williams@aspectsecurity.com)
+ * that were originally part of "src/test/java/org/owasp/esapi/reference/ValidatorTest.java".
+ *
+ * This class tests the case of a non-standard AntiSamy policy file along with
+ * the case where the new ESAPI.property
+ *      <b>Validator.HtmlValidationAction</b>
+ * is set to "throw", which causes certain calls to
+ *      {@code ESAPI.validator().getValidSafeHTML()}
+ * to throw a ValidationException rather than simply logging a warning and returning
+ * the cleansed (sanitizied) output when certain unsafe input is encountered.
+ */
+public class HTMLValidationRuleClasspathTest {
+    /** The intentionally non-compliant (to the AntiSamy XSD) AntiSamy policy file. We don't intend to
+     * actually <i>use</i> it for anything other than to test that we report
+     * non-compliant AntiSamy policy files in a sane manner.
+     */
+    private static final String INVALID_ANTISAMY_POLICY_FILE = "antisamy-InvalidPolicy.xml";
+
+    /** A compliant AntiSamy policy file that is just located in a non-standard
+     * place. We don't intend to * actually <i>use</i> it for anything other
+     * than testing. Otherwise, it's mostly identical to the AntiSamy policy
+     * file "src/test/resources/esapi/antisamy-esapi.xml".
+     */
+    private static final String ANTISAMY_POLICY_FILE_NONSTANDARD_LOCATION = "antisamy-esapi-CP.xml";
+
+    private static class ConfOverride extends SecurityConfigurationWrapper {
+        private String desiredReturnAction = "clean";
+        private String desiredReturnConfigurationFile = null;
+
+        ConfOverride(SecurityConfiguration orig, String desiredReturnAction, String desiredReturnConfigurationFile) {
+            super(orig);
+            this.desiredReturnAction = desiredReturnAction;
+            this.desiredReturnConfigurationFile = desiredReturnConfigurationFile;
+        }
+
+        @Override
+        public String getStringProp(String propName) {
+            // Would it be better making this file a static import?
+            if ( propName.equals( VALIDATOR_HTML_VALIDATION_ACTION ) ) {
+                return desiredReturnAction;
+            } else if ( propName.equals( VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE ) ) {
+                return desiredReturnConfigurationFile;
+            } else {
+                return super.getStringProp( propName );
+            }
+        }
+    }
+
+    // Must be public!
+    @Rule
+    public ExpectedException thrownEx = ExpectedException.none();
+
+    @After
+    public void tearDown() throws Exception {
+        ESAPI.override(null);
+    }
+
+    @Before
+    public void setUp() throws Exception {
+        ESAPI.override(
+            new ConfOverride( ESAPI.securityConfiguration(), "throw", ANTISAMY_POLICY_FILE_NONSTANDARD_LOCATION )
+        );
+    }
+
+
+    @Test
+    public void checkPolicyExceptionWithBadConfig() throws Exception {
+        ESAPI.override(null);
+        thrownEx.expect(PolicyException.class);
+        HTMLValidationRule.loadAntisamyPolicy(INVALID_ANTISAMY_POLICY_FILE);
+    }
+
+    @Test
+    public void testGetValid() throws Exception {
+        System.out.println("getValidCP");
+        Validator instance = ESAPI.validator();
+        HTMLValidationRule rule = new HTMLValidationRule("testCP");
+        ESAPI.validator().addRule(rule);
+
+        thrownEx.expect(ValidationException.class);
+        thrownEx.expectMessage("test: Invalid HTML input");
+
+        instance.getRule("testCP").getValid("test", "Test. <script>alert(document.cookie)</script>");
+    }
+
+    @Test
+    public void testGetValidSafeHTML() throws Exception {
+        System.out.println("getValidSafeHTML");
+        Validator instance = ESAPI.validator();
+
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        String[] testInput = {
+                                // These first two don't cause AntiSamy to throw.
+                                // They are only listed here for completeness.
+                        // "Test. <a href=\"http://www.aspectsecurity.com\">Aspect Security</a>",
+                        // "Test. <<div on<script></script>load=alert()",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <div style={xss:expression(xss)}>b</div>",
+                        "Test. <s%00cript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>"
+        };
+
+        int errors = 0;
+        for( int i = 0; i < testInput.length; i++ ) {
+            try {
+                String result = instance.getValidSafeHTML("test", testInput[i], 100, false);
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' failed to throw.");
+            }
+            catch( ValidationException vex ) {
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' returned:");
+                System.out.println("\t" + i + ": logMsg =" + vex.getLogMessage());
+                assertEquals( vex.getUserMessage(), "test: Invalid HTML input");
+            }
+            catch( Exception ex ) {
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] +
+                                   "' threw wrong exception type: " + ex.getClass().getName() );
+            }
+        }
+
+        if ( errors > 0 ) {
+            fail("testGetValidSafeHTML() encountered " + errors + " failures.");
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
new file mode 100644
index 000000000..964df6c1f
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
@@ -0,0 +1,408 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference.validation;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.filters.SecurityWrapperRequest;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+import static org.owasp.esapi.PropNames.VALIDATOR_HTML_VALIDATION_ACTION;
+
+import org.junit.Test;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.After;
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
+import static org.hamcrest.CoreMatchers.both;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * The Class HTMLValidationRuleCleanTest.
+ *
+ * Based on original test cases, testGetValidSafeHTML() and
+ * testIsValidSafeHTML() from ValidatorTest by
+ *      Mike Fauzy (mike.fauzy@aspectsecurity.com) and
+ *      Jeff Williams (jeff.williams@aspectsecurity.com)
+ * that were originally part of src/test/java/org/owasp/esapi/reference/ValidatorTest.java.
+ *
+ * This class tests the cases where the new ESAPI.property
+ *      <b>Validator.HtmlValidationAction</b>
+ * is set to "clean", which causes certain calls to
+ *      {@code ESAPI.validator().getValidSafeHTML()}
+ * to simply log a warning and return the cleansed (sanitized) output rather
+ * than throwing a ValidationException when certain unsafe input is
+ * encountered.
+ * 
+ * @author kevin.w.wall@gmail.com
+ */
+public class HTMLValidationRuleCleanTest {
+	private static SecurityConfiguration origConfig = ESAPI.securityConfiguration();
+
+    private static class ConfOverride extends SecurityConfigurationWrapper {
+        private String desiredReturn = "clean";
+
+        ConfOverride(SecurityConfiguration orig, String desiredReturn) {
+            super(orig);
+            this.desiredReturn = desiredReturn;
+        }
+
+        @Override
+        public String getStringProp(String propName) {
+            // Would it be better making this file a static import?
+            if ( propName.equals( VALIDATOR_HTML_VALIDATION_ACTION ) ) {
+                return desiredReturn;
+            } else {
+                return super.getStringProp( propName );
+            }
+        }
+    }
+
+
+    /**
+     * Default constructor that instantiates a new {@code HTMLValidationRule} test.
+     */
+    public HTMLValidationRuleCleanTest() {
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        ESAPI.override(null);
+    }
+
+    @Before
+    public void setUp() throws Exception {
+        ESAPI.override(
+            new ConfOverride( origConfig, "clean" )
+        );
+
+    }
+
+    @Test
+    public void testGetValidSafeHTML() throws Exception {
+        System.out.println("testGetValidSafeHTML");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        assertEquals("Test.", ESAPI.validator().getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>"));
+
+        String test1 = "<b>Jeff</b>";
+        String result1 = instance.getValidSafeHTML("test", test1, 100, false, errors);
+        assertEquals(test1, result1);
+
+        String test2 = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>";
+        String result2 = instance.getValidSafeHTML("test", test2, 100, false, errors);
+        assertEquals(test2, result2);
+
+        String test3 = "Test. <script>alert(document.cookie)</script> Cookie :-)";
+        assertEquals("Test.  Cookie :-)", rule.getSafe("test", test3));
+
+        assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
+        assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+    }
+
+    // Test to confirm that CVE-2022-24891 is fixed in ESAPI. The cause of this was
+    // from a subtly botched regex for 'onsiteURL' in all the versions of
+    // antsamy-esapi.xml that had been there as far back as ESAPI 1.4!
+    //
+    // This CVE should arguably get the same CVSSv3 score as the AntiSamy
+    // CVE-2021-35043 as they are very similar.
+    //
+    // Updated: Requested CVE from GitHub CNA on 4/23/2022. See also
+    // https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
+    @Test
+    public void testESAPI_CVE_2022_24891() throws Exception {
+        System.out.println("testESAPI_CVE_2022_24891");
+
+        String expectedSafeText = "This is safe from XSS. Trust us!";
+        String badVoodoo = "<a href=\"javascript:alert(1)\">" + expectedSafeText + "</a>";
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errorList = new ValidationErrorList();
+        String result = instance.getValidSafeHTML("test", badVoodoo, 100, false, errorList);
+        assertEquals( expectedSafeText, result );
+    }
+
+    // To confirm fix for CVE-2021-35043 in AntiSamy 1.6.5 and later. Actually,
+    // it was never really "broken" in ESAPI's "default configuration" because it is
+    // triggers an Intrusion Detection when it is checking the canonicalization
+    // and the '&#00058' trips it up, that that's pretty much irrelevant given
+    // the CVE mentioned in the previous test case.
+    //
+    // Note: This test assumes a standard default ESAPI.properties file. In
+    // particular, the normal canonicalization has to be enabled.
+    //
+    public void testAntiSamy_CVE_2021_35043Fixed() throws Exception {
+        System.out.println("testAntiSamy_CVE_2021_35043Fixed");
+
+        String expectedSafeText = "This is safe from XSS. Trust us!";
+
+            // Translates to '<a href="javascript:x=1,alert("boom")".
+        String badVoodoo = "<a href=\"javascript&#00058alert(1)>" + expectedSafeText + "</a>";
+        Validator instance = ESAPI.validator();
+        String cleansed = instance.getValidSafeHTML("CVE-2021-35043", badVoodoo, 200, false);
+        assertEquals( "", cleansed );
+    }
+
+    ////////// New AntiSamy tests added to ESAPI 2.5.3.0 //////////
+    // Some of these were with the new XSS discoveries in AntiSamy.
+    // Sebastian doesn't think thta ESAPI should be vulnerable to these 2. (They weren't.)
+    @Test
+    public void testQuotesInsideStyles() throws Exception {
+    	System.out.println("testQuotesInsideStyles");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        // Added this test because of a fix to AntiSamy that doesn't seem to have affected ESAPI because of our
+        // very restrictive default AntiSamy policy file. However, with some of AntiSamy policy files, this used
+        // to cause any quoted (double or single) string identifier in CSS was being enclosed in quotes.
+        // That resulted in quotes enclosed by more quotes in some cases without any kind of escape or
+        // transformation. It never did that for ESAPI, but it seemed like a good test to add.
+        String input =
+            "<span style=\"font-family: 'comic sans ms', sans-serif; color: #ba372a;\">Safe Text</span>";
+        String expected = "Safe Text";  // We expect the span tag to be completely filtered out & only the tag contents to remain.
+        String output = instance.getValidSafeHTML("testQuotesInsideStyles-1", input, 250, false);
+        assertEquals(expected, output);
+
+        input = "<span style='font-family: \"comic sans ms\", sans-serif; color: #ba372a;'>Safe Text</span>"; // Slight variation
+        output = instance.getValidSafeHTML("testQuotesInsideStyle-2", input, 250, false);
+        assertEquals(expected, output);
+
+        assertTrue(errors.size() == 0);
+    }
+
+    @Test
+    public void testSmuggledTagsInStyleContentCase() throws Exception {
+    	System.out.println("testSmuggledTagsInStyleContentCase");
+
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        // Style tag processing was not handling correctly the value set to its child node that should
+        // be only text. On some mutation scenarios due to filtering tags by default, content was being
+        // smuggled and not properly sanitized by the output serializer.
+        //
+        // Not expected to affect ESAPI because our default AntiSamy policy file does NOT have:
+        //          <tag name="style" action="validate">
+        // in it.
+        //
+        String input = "Safe<style/><listing/>]]><noembed></style><img src=x onerror=mxss(1)></noembed> stuff";
+        String output = null;
+        String expected = null;
+        try {
+            expected = "Safe&lt;listing/&gt;]]&gt;&lt;noembed&gt; stuff";
+            output = instance.getValidSafeHTML("testSmuggledTagsInStyleContentCase-1", input, 250, false, errors);
+        } catch (IntrusionException ex) {
+            fail("testSmuggledTagsInStyleContentCase-1 - should not happen.");
+        }
+        assertTrue(errors.size() == 0);
+        assertEquals(expected, output);
+
+        input = "Safe<style/><math>'<noframes ></style><img src=x onerror=mxss(1)></noframes>' stuff";
+        try {
+            expected = "Safe&lt;math&gt;'&lt;noframes &gt;' stuff";
+            output = instance.getValidSafeHTML("testSmuggledTagsInStyleContentCase-2", input, 250, false, errors);
+        } catch (IntrusionException ex) {
+            fail("testSmuggledTagsInStyleContentCase-2 - should not happen.");
+        }
+        assertTrue(errors.size() == 0);
+        assertEquals(expected, output);
+    }
+
+    @Test
+    public void testAntiSamy_CVE_2023_43643() {
+      System.out.println("testAntiSamy_CVE_2023_43643");
+      // These are new tests are variations from AntiSamy 1.7.4 and were associted with CVE-2023-43643. (See
+      // https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2 for additional details.)
+      // The concern is that when preserving comments, certain tags would get their content badly parsed
+      // due to mutation XSS. Note that AntiSamy 1.7.3 and earlier had problems (depending on it's
+      // AntiSamy policy file) for all these constructs, but ESAPI using AntiSamy 1.7.3 had no vulnerabilities
+      // because our antisamy-esapi.xml AntiSamy policy file is much stricter. Regardless, these make good
+      // additions to our test suite.
+      String[] payloads = {
+        "<noscript><!--</noscript><img src=x onerror=mxss(1)>-->",
+        "<textarea/><!--</textarea><img src=x onerror=mxss(1)>-->",
+            // Note: <xmp> is a deprecated tag, but some browsers may still support.
+        "<xmp/><!--</xmp><img src=x onerror=mxss(1)>-->"
+      };
+  
+      Validator instance = ESAPI.validator();
+      int testCase = 0;
+      for (String payload : payloads) {
+          String testId = "";
+          try {
+              testId = "testAntiSamy_CVE_2023_43643- " + testCase++;
+              String output = instance.getValidSafeHTML(testId, payload, 250, false);
+              assertThat(testId + ": payload not cleansed from JS mxss()...", output, not(containsString("mxss")));
+          } catch( ValidationException vex ) {
+              fail(testId + " caused ValidationException: " + vex);
+          }
+      }
+    }
+    ////////////////////////////////////////
+
+    // This test has been significantly changed because as on AntiSamy 1.7.4
+    // (first used with ESAPI 2.5.3.0) has changed the results of
+    // Validator.getValidSafeHTMLfor this output. Prior to AntiSamy 1.7.4, the
+    // expected output was:
+    //      b&lt;/style&gt;&lt;a href=javascript:alert(1)&gt;test
+    // but with AntiSamy 1.7.4, it now is:
+    //      b&lt;![cdata[test
+    // which is still safe, but as a result, this test had to change.
+    //
+    // See AntiSamy GitHub issue #380 (https://github.com/nahsra/antisamy/issues/389) for more details.
+    //
+    // Also, this test, which originally used Validator.isValidSafeHTML(), has been
+    // changed to use Validator.getValidSafeHTML() instead because Validator.isValidSafeHTML()
+    // has been removed as of ESAPI 2.6.0.0. See GitHub Security Advisory
+    // https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm
+    // and the referenced ESAPI Security Bulletin mentioned therein.
+    @Test
+    public void testAntiSamyRegressionCDATAWithJavascriptURL() throws Exception {
+    	System.out.println("testAntiSamyRegressionCDATAWithJavascriptURL");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<style/>b<![cdata[</style><a href=javascript:alert(1)>test";
+        // String expected = "b&lt;script&gt;alert(1)&lt;/script&gt;";      // Before AntiSamy 1.7.4
+        String expected = "b&lt;![cdata[test";                              // AntiSamy 1.7.4 (and later?)
+        String output = instance.getValidSafeHTML("javascript Link", input, 250, false, errors);
+        assertEquals(expected, output);
+        assertTrue(errors.size() == 0);
+    }
+
+    // This test has been significantly changed because as on AntiSamy 1.7.4
+    // (first used with ESAPI 2.5.3.0) has changed the results of
+    // Validator.getValidSafeHTMLfor this output. Prior to AntiSamy 1.7.4, the
+    // expected output was:
+    //      W&lt;script&gt;alert(1)&lt;/script&gt;
+    // but with AntiSamy 1.7.4, it now is:
+    //      W&lt;xmp&lt;script&gt;alert(1)&lt;/script&gt;
+    // which is still safe, but as a result, this test had to change.
+    //
+    // See AntiSamy GitHub issue #380 (https://github.com/nahsra/antisamy/issues/389) for more details.
+    //
+    // The output has changed again as of AntiSamy 1.7.5. The expected output is now:
+    //      Walert(1)
+    // See AntiSamy Release notes for 1.7.5 (https://github.com/nahsra/antisamy/releases/tag/v1.7.5)
+    //
+    // Also, this test, which originally used Validator.isValidSafeHTML(), has been
+    // changed to use Validator.getValidSafeHTML() instead because Validator.isValidSafeHTML()
+    // has been removed as of ESAPI 2.6.0.0. See GitHub Security Advisory
+    // https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm
+    // and the referenced ESAPI Security Bulletin mentioned therein.
+    @Test
+    public void testScriptTagAfterStyleClosing() throws Exception {
+    	System.out.println("testScriptTagAfterStyleClosing");
+
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<select<style/>W<xmp<script>alert(1)</script>";
+        // String expected = "W&lt;script&gt;alert(1)&lt;/script&gt;";        // Before AntiSamy 1.7.4
+        // String expected = "W&lt;xmp&lt;script&gt;alert(1)&lt;/script&gt;";    // AntiSamy 1.7.4
+        String expected = "Walert(1)";                                      // AntiSamy 1.7.5 (and later?)
+        String output = instance.getValidSafeHTML("escaping style tag attack with script tag", input, 250, false, errors);
+        assertEquals(expected, output);
+        assertTrue(errors.size() == 0);
+    }
+
+    // This test has been significantly changed because as on AntiSamy 1.7.4
+    // (first used with ESAPI 2.5.3.0) has changed the results of
+    // Validator.getValidSafeHTMLfor this output. Prior to AntiSamy 1.7.4, the
+    // expected output was:
+    //      k&lt;input/onfocus=alert(1)&gt;
+    // but with AntiSamy 1.7.4, it now is:
+    //      k&lt;input&lt;&lt;/&gt;input/onfocus=alert(1)&gt;
+    // which is still safe, but as a result, this test had to change.
+    //
+    // See AntiSamy GitHub issue #380 (https://github.com/nahsra/antisamy/issues/389) for more details.
+    //
+    // The output has changed again as of AntiSamy 1.7.5. The expected output is now:
+    //      kinput/onfocus=alert(1)&gt;
+    // See AntiSamy Release notes for 1.7.5 (https://github.com/nahsra/antisamy/releases/tag/v1.7.5)
+    //
+    // Also, this test, which originally used Validator.isValidSafeHTML(), has been
+    // changed to use Validator.getValidSafeHTML() instead because Validator.isValidSafeHTML()
+    // has been removed as of ESAPI 2.6.0.0. See GitHub Security Advisory
+    // https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm
+    // and the referenced ESAPI Security Bulletin mentioned therein.
+    @Test
+    public void testOnfocusAfterStyleClosing() throws Exception {
+    	System.out.println("testOnfocusAfterStyleClosing");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<select<style/>k<input<</>input/onfocus=alert(1)>";
+
+        // String expected = "k&lt;input/onfocus=alert(1)&gt;";    // Before AntiSamy 1.7.4
+        // String expected = "k&lt;input&lt;&lt;/&gt;input/onfocus=alert(1)&gt;";    // AntiSamy 1.7.4
+        String expected = "kinput/onfocus=alert(1)&gt;";    // AntiSamy 1.7.5 (and later?)
+        String output = instance.getValidSafeHTML("escaping style tag attack with onfocus attribute", input, 250, false, errors);
+        assertEquals(expected, output);
+        assertTrue(errors.size() == 0);
+    }
+
+    // This test was a DoS issue (CVE-2022-28366) within a transitive dependency (Neko-HtmlUnit) that AntiSamy uses.
+    // It is fixed only in Neko-HtmlUnit 2.27 and later, but all those releases are only available for Java 8 and later.
+    //
+    // When the input here is called with AntiSamy.scan().getCleanHtml(), AntiSamy throws a ScanException.
+    // (For details, see the AntiSamy JUnit test case "testMalformedPIScan" in
+    // https://github.com/nahsra/antisamy/blob/main/src/test/java/org/owasp/validator/html/test/AntiSamyTest.java.)
+    //
+    @Test
+    public void testNekoDOSWithAnHTMLComment() throws Exception {
+        System.out.println("testNekoDOSWithAnHTMLComment");
+
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<!--><?a/";
+        String expectEmpty = "";
+        String output = instance.getValidSafeHTML("escaping style tag attack", input, 250, false);
+        assertEquals(expectEmpty, output);  // Because AntiSamy's CleanResults.getCleanHTML() should throw and is caught.
+        assertTrue(errors.size() == 0);
+    }
+
+    @Test
+    public void testIEConditionalComment() throws Exception {
+        System.out.println("testIEConditionalComment");
+
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<!--[if gte IE 4]>\r\n <SCRIPT>alert('XSS');</SCRIPT>\r\n<![endif]-->";
+        String expectEmpty = "";
+        String output = instance.getValidSafeHTML("escaping IE conditional comment", input, 250, true);
+        assertEquals(expectEmpty, output);  // Expect AntiSamy to return empty string here.
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java
new file mode 100644
index 000000000..01235325d
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java
@@ -0,0 +1,146 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference.validation;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+import static org.owasp.esapi.PropNames.VALIDATOR_HTML_VALIDATION_ACTION;
+
+import org.junit.Test;
+import org.junit.Before;
+import org.junit.After;
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
+import static org.junit.Assert.*;
+
+/**
+ * The Class HTMLValidationRuleThrowsTest.
+ *
+ * Based on original test cases, testGetValidSafeHTML() and
+ * testIsValidSafeHTML() from ValidatorTest by
+ *      Mike Fauzy (mike.fauzy@aspectsecurity.com) and
+ *      Jeff Williams (jeff.williams@aspectsecurity.com)
+ * that were originally part of src/test/java/org/owasp/esapi/reference/ValidatorTest.java.
+ *
+ * This class tests the cases where the new ESAPI.property
+ *      <b>Validator.HtmlValidationAction</b>
+ * is set to "throw", which causes certain calls to
+ *      {@code ESAPI.validator().getValidSafeHTML()}
+ * to throw a ValidationException rather than simply logging a warning and returning
+ * the cleansed (sanitizied) output when certain unsafe input is encountered.
+ */
+public class HTMLValidationRuleThrowsTest {
+    private static class ConfOverride extends SecurityConfigurationWrapper {
+        private String desiredReturn = "clean";
+
+        ConfOverride(SecurityConfiguration orig, String desiredReturn) {
+            super(orig);
+            this.desiredReturn = desiredReturn;
+        }
+
+        @Override
+        public String getStringProp(String propName) {
+            // Would it be better making this file a static import?
+            if ( propName.equals( VALIDATOR_HTML_VALIDATION_ACTION ) ) {
+                return desiredReturn;
+            } else {
+                return super.getStringProp( propName );
+            }
+        }
+    }
+
+    // Must be public!
+    @Rule
+    public ExpectedException thrownEx = ExpectedException.none();
+
+    @After
+    public void tearDown() throws Exception {
+        ESAPI.override(null);
+        thrownEx = ExpectedException.none();
+    }
+
+    @Before
+    public void setUp() throws Exception {
+        ESAPI.override(
+            new ConfOverride( ESAPI.securityConfiguration(), "throw" )
+        );
+
+    }
+
+    @Test
+    public void testGetValid() throws Exception {
+        System.out.println("getValid");
+        Validator instance = ESAPI.validator();
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        thrownEx.expect(ValidationException.class);
+        thrownEx.expectMessage("test: Invalid HTML input");
+
+        instance.getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>");
+    }
+
+    @Test
+    public void testGetValidSafeHTML() throws Exception {
+        System.out.println("getValidSafeHTML");
+        Validator instance = ESAPI.validator();
+
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        String[] testInput = {
+                                // These first two don't cause AntiSamy to throw.
+                        // "Test. <a href=\"http://www.aspectsecurity.com\">Aspect Security</a>",
+                        // "Test. <<div on<script></script>load=alert()",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <div style={xss:expression(xss)}>b</div>",
+                        "Test. <s%00cript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>"
+        };
+
+        int errors = 0;
+        for( int i = 0; i < testInput.length; i++ ) {
+            try {
+                String result = instance.getValidSafeHTML("test", testInput[i], 100, false);
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' failed to throw.");
+            }
+            catch( ValidationException vex ) {
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' returned:");
+                System.out.println("\t" + i + ": logMsg =" + vex.getLogMessage());
+                assertEquals( vex.getUserMessage(), "test: Invalid HTML input");
+            }
+            catch( Exception ex ) {
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] +
+                                   "' threw wrong exception type: " + ex.getClass().getName() );
+            }
+        }
+
+        if ( errors > 0 ) {
+            fail("testGetValidSafeHTML() encountered " + errors + " failures.");
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
index 9ea806e65..4028e5f8e 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
@@ -1,158 +1,180 @@
-package org.owasp.esapi.reference.validation;
-
-import junit.framework.Assert;
-
-import org.junit.Test;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.errors.ValidationException;
-
-public class StringValidationRuleTest {
-
-	@Test
-	public void testWhitelistPattern() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("Alphabetic");
-		
-		Assert.assertEquals("Magnum44", validationRule.getValid("", "Magnum44"));
-		validationRule.addWhitelistPattern("^[a-zA-Z]*");
-		try {
-			validationRule.getValid("", "Magnum44");
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (ValidationException ve) {
-			Assert.assertNotNull(ve.getMessage());
-		}
-		Assert.assertEquals("MagnumPI", validationRule.getValid("", "MagnumPI"));
-		
-	}
-	
-	@Test
-	public void testWhitelistPattern_Invalid() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		//null white list patterns throw IllegalArgumentException
-		try {
-			String pattern = null;
-			validationRule.addWhitelistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		try {
-			java.util.regex.Pattern pattern = null;
-			validationRule.addWhitelistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		//invalid white list patterns throw PatternSyntaxException
-		try {
-			String pattern = "_][0}[";
-			validationRule.addWhitelistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-	}
-	
-	@Test
-	public void testWhitelist() {
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		char[] whitelistArray = new char[] {'a', 'b', 'c'};
-		Assert.assertEquals("abc", validationRule.whitelist("12345abcdef", whitelistArray));
-	}
-	
-	@Test
-	public void testBlacklistPattern() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("NoAngleBrackets");
-		
-		Assert.assertEquals("beg <script> end", validationRule.getValid("", "beg <script> end"));
-		validationRule.addBlacklistPattern("^.*(<|>).*");
-		try {
-			validationRule.getValid("", "beg <script> end");
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (ValidationException ve) {
-			Assert.assertNotNull(ve.getMessage());
-		}
-		Assert.assertEquals("beg script end", validationRule.getValid("", "beg script end"));
-	}
-	
-	@Test
-	public void testBlacklistPattern_Invalid() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		//null black list patterns throw IllegalArgumentException
-		try {
-			String pattern = null;
-			validationRule.addBlacklistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		try {
-			java.util.regex.Pattern pattern = null;
-			validationRule.addBlacklistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		//invalid black list patterns throw PatternSyntaxException
-		try {
-			String pattern = "_][0}[";
-			validationRule.addBlacklistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-	}	
-	
-	@Test
-	public void testCheckLengths() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("Max12_Min2");
-		validationRule.setMinimumLength(2);
-		validationRule.setMaximumLength(12);
-		
-		Assert.assertTrue(validationRule.isValid("", "12"));
-		Assert.assertTrue(validationRule.isValid("", "123456"));
-		Assert.assertTrue(validationRule.isValid("", "ABCDEFGHIJKL"));
-		
-		Assert.assertFalse(validationRule.isValid("", "1"));
-		Assert.assertFalse(validationRule.isValid("", "ABCDEFGHIJKLM"));
-		
-		ValidationErrorList errorList = new ValidationErrorList();
-		Assert.assertEquals("1234567890", validationRule.getValid("", "1234567890", errorList));
-		Assert.assertEquals(0, errorList.size());
-		Assert.assertEquals(null, validationRule.getValid("", "123456789012345", errorList));
-		Assert.assertEquals(1, errorList.size());
-	}
-	
-	@Test
-	public void testAllowNull() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		Assert.assertFalse(validationRule.isAllowNull());
-		Assert.assertFalse(validationRule.isValid("", null));
-		
-		validationRule.setAllowNull(true);
-		Assert.assertTrue(validationRule.isAllowNull());
-		Assert.assertTrue(validationRule.isValid("", null));
-	}
-	
-}
+package org.owasp.esapi.reference.validation;
+
+import junit.framework.Assert;
+
+import org.junit.Test;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+
+public class StringValidationRuleTest {
+
+    @Test
+    public void testWhitelistPattern() throws ValidationException {
+
+        StringValidationRule validationRule = new StringValidationRule("Alphabetic");
+
+        Assert.assertEquals("Magnum44", validationRule.getValid("", "Magnum44"));
+        validationRule.addWhitelistPattern("^[a-zA-Z]*");
+        try {
+            validationRule.getValid("", "Magnum44");
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (ValidationException ve) {
+            Assert.assertNotNull(ve.getMessage());
+        }
+        Assert.assertEquals("MagnumPI", validationRule.getValid("", "MagnumPI"));
+
+    }
+
+    @Test
+    public void testWhitelistPattern_Invalid() throws ValidationException {
+
+        StringValidationRule validationRule = new StringValidationRule("");
+
+        //null white list patterns throw IllegalArgumentException
+        try {
+            String pattern = null;
+            validationRule.addWhitelistPattern(pattern);
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (IllegalArgumentException ie) {
+            Assert.assertNotNull(ie.getMessage());
+        }
+
+        try {
+            java.util.regex.Pattern pattern = null;
+            validationRule.addWhitelistPattern(pattern);
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (IllegalArgumentException ie) {
+            Assert.assertNotNull(ie.getMessage());
+        }
+
+        //invalid white list patterns throw PatternSyntaxException
+        try {
+            String pattern = "_][0}[";
+            validationRule.addWhitelistPattern(pattern);
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (IllegalArgumentException ie) {
+            Assert.assertNotNull(ie.getMessage());
+        }
+    }
+
+    @Test
+    public void testWhitelist() {
+        StringValidationRule validationRule = new StringValidationRule("");
+
+        char[] whitelistArray = new char[] {'a', 'b', 'c'};
+        Assert.assertEquals("abc", validationRule.whitelist("12345abcdef", whitelistArray));
+    }
+
+    @Test
+    public void testBlacklistPattern() throws ValidationException {
+
+        StringValidationRule validationRule = new StringValidationRule("NoAngleBrackets");
+
+        Assert.assertEquals("beg <script> end", validationRule.getValid("", "beg <script> end"));
+        validationRule.addBlacklistPattern("^.*(<|>).*");
+        try {
+            validationRule.getValid("", "beg <script> end");
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (ValidationException ve) {
+            Assert.assertNotNull(ve.getMessage());
+        }
+        Assert.assertEquals("beg script end", validationRule.getValid("", "beg script end"));
+    }
+
+    @Test
+    public void testBlacklistPattern_Invalid() throws ValidationException {
+
+        StringValidationRule validationRule = new StringValidationRule("");
+
+        //null black list patterns throw IllegalArgumentException
+        try {
+            String pattern = null;
+            validationRule.addBlacklistPattern(pattern);
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (IllegalArgumentException ie) {
+            Assert.assertNotNull(ie.getMessage());
+        }
+
+        try {
+            java.util.regex.Pattern pattern = null;
+            validationRule.addBlacklistPattern(pattern);
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (IllegalArgumentException ie) {
+            Assert.assertNotNull(ie.getMessage());
+        }
+
+        //invalid black list patterns throw PatternSyntaxException
+        try {
+            String pattern = "_][0}[";
+            validationRule.addBlacklistPattern(pattern);
+            Assert.fail("Expected Exception not thrown");
+        }
+        catch (IllegalArgumentException ie) {
+            Assert.assertNotNull(ie.getMessage());
+        }
+    }
+
+    @Test
+    public void testCheckLengths() throws ValidationException {
+
+        StringValidationRule validationRule = new StringValidationRule("Max12_Min2");
+        validationRule.setMinimumLength(2);
+        validationRule.setMaximumLength(12);
+
+        Assert.assertTrue(validationRule.isValid("", "12"));
+        Assert.assertTrue(validationRule.isValid("", "123456"));
+        Assert.assertTrue(validationRule.isValid("", "ABCDEFGHIJKL"));
+
+        Assert.assertFalse(validationRule.isValid("", "1"));
+        Assert.assertFalse(validationRule.isValid("", "ABCDEFGHIJKLM"));
+
+        ValidationErrorList errorList = new ValidationErrorList();
+        Assert.assertEquals("1234567890", validationRule.getValid("", "1234567890", errorList));
+        Assert.assertEquals(0, errorList.size());
+        Assert.assertEquals(null, validationRule.getValid("", "123456789012345", errorList));
+        Assert.assertEquals(1, errorList.size());
+    }
+
+    @Test
+    public void testAllowNull() throws ValidationException {
+
+        StringValidationRule validationRule = new StringValidationRule("");
+
+        Assert.assertFalse(validationRule.isAllowNull());
+        Assert.assertFalse(validationRule.isValid("", null));
+
+        validationRule.setAllowNull(true);
+        Assert.assertTrue(validationRule.isAllowNull());
+        Assert.assertTrue(validationRule.isValid("", null));
+    }
+
+    @Test
+    public void testSetCanonicalize() throws ValidationException {
+        String context = "test-scope";
+        String inputString = "SomeInputValue";
+        String encoderReturn = "MockReturnValue";
+        Encoder mockEncoder = Mockito.mock(Encoder.class);
+        Mockito.when(mockEncoder.canonicalize(inputString)).thenReturn(encoderReturn);
+        StringValidationRule testRule = new StringValidationRule(context, mockEncoder);
+        String valid = testRule.getValid(context, inputString);
+        Assert.assertEquals(encoderReturn, valid);
+        Mockito.verify(mockEncoder, Mockito.times(1)).canonicalize(inputString);
+        Mockito.reset(mockEncoder);
+
+        testRule.setCanonicalize(false);
+        valid = testRule.getValid(context, inputString);
+        Assert.assertEquals(inputString, valid);
+        Mockito.verify(mockEncoder, Mockito.times(0)).canonicalize(inputString);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/util/FileTestUtils.java b/src/test/java/org/owasp/esapi/util/FileTestUtils.java
index 51f40f80c..0181ba86a 100644
--- a/src/test/java/org/owasp/esapi/util/FileTestUtils.java
+++ b/src/test/java/org/owasp/esapi/util/FileTestUtils.java
@@ -10,207 +10,207 @@
  */
 public class FileTestUtils
 {
-	private static final Class CLASS = FileTestUtils.class;
-	private static final String CLASS_NAME = CLASS.getName();
-	private static final String DEFAULT_PREFIX = CLASS_NAME + '.';
-	private static final String DEFAULT_SUFFIX = ".tmp";
-	private static final Random rand;
-
-	/*
-		Rational for switching from SecureRandom to Random:
-		
-		This is used for generating filenames for temporary
-		directories. Origionally this was using SecureRandom for
-		this to make /tmp races harder. This is not necessary as
-		mkdir always returns false if if the directory already
-		exists.
-		
-		Additionally, SecureRandom for some reason on linux
-		is appears to be reading from /dev/random instead of
-		/dev/urandom. As such, the many calls for temporary
-		directories in the unit tests quickly depleates the
-		entropy pool causing unit test runs to block until more
-		entropy is collected (this is why moving the mouse speeds
-		up unit tests).
-	*/
-	static
-	{
-		SecureRandom secRand = new SecureRandom();
-		rand = new Random(secRand.nextLong());
-	}
-
-	/** Private constructor as all methods are static. */
-	private FileTestUtils()
-	{
-	}
-
-	/**
-	 * Convert a long to it's hex representation. Unlike
-	 * {@ Long#toHexString(long)} this always returns 16 digits.
-	 * @param l The long to convert.
-	 * @return l in hex.
-	 */
-	public static String toHexString(long l)
-	{
-		String initial;
-		StringBuffer sb;
-
-		initial = Long.toHexString(l);
-		if(initial.length() == 16)
-			return initial;
-		sb = new StringBuffer(16);
-		sb.append(initial);
-		while(sb.length()<16)
-			sb.insert(0,'0');
-		return sb.toString();
-	}
-
-	/**
-	 * Create a temporary directory.
-	 * @param parent The parent directory for the temporary
-	 *	directory. If this is null, the system property
-	 * 	"java.io.tmpdir" is used.
-	 * @param prefix The prefix for the directory's name. If this
-	 * 	is null, the full class name of this class is used.
-	 * @param suffix The suffix for the directory's name. If this
-	 * 	is null, ".tmp" is used.
-	 * @return The newly created temporary directory.
-	 * @throws IOException if directory creation fails
-	 * @throws SecurityException if {@link File#mkdir()} throws one.
-	 */
-	public static File createTmpDirectory(File parent, String prefix, String suffix) throws IOException
-	{
-		String name;
-		File dir;
-
-		if(prefix == null)
-			prefix = DEFAULT_PREFIX;
-		else if(!prefix.endsWith("."))
-			prefix += '.';
-		if(suffix == null)
-			suffix = DEFAULT_SUFFIX;
-		else if(!suffix.startsWith("."))
-			suffix = "." + suffix;
-		if(parent == null)
-			parent = new File(System.getProperty("java.io.tmpdir"));
-		name = prefix + toHexString(rand.nextLong()) + suffix;
-		dir = new File(parent, name);
-		if(!dir.mkdir())
-			throw new IOException("Unable to create temporary directory " + dir);
-		return dir.getCanonicalFile();
-	}
-
-	/**
-	 * Create a temporary directory. This calls
-	 * {@link #createTmpDirectory(File, String, String)} with null
-	 * for parent and suffix.
-	 * @param prefix The prefix for the directory's name. If this
-	 * 	is null, the full class name of this class is used.
-	 * @return The newly created temporary directory.
-	 * @throws IOException if directory creation fails
-	 * @throws SecurityException if {@link File#mkdir()} throws one.
-	 */
-	public static File createTmpDirectory(String prefix) throws IOException
-	{
-		return createTmpDirectory(null, prefix, null);
-	}
-
-	/**
-	 * Create a temporary directory. This calls
-	 * {@link #createTmpDirectory(File, String, String)} with null
-	 * for all arguments.
-	 * @return The newly created temporary directory.
-	 * @throws IOException if directory creation fails
-	 * @throws SecurityException if {@link File#mkdir()} throws one.
-	 */
-	public static File createTmpDirectory() throws IOException
-	{
-	 	return createTmpDirectory(null,null,null);
-	}
-
-	/**
-	 * Checks that child is a directory and really a child of
-	 * parent. This verifies that the {@link File#getCanonicalFile()
-	 * canonical} child is actually a child of parent. This should
-	 * fail if the child is a symbolic link to another directory and
-	 * therefore should not be traversed in a recursive traversal of
-	 * a directory.
-	 * @param parent The supposed parent of the child
-	 * @param child The child to check
-	 * @return true if child is a directory and a direct decendant
-	 * 	of parent.
-	 * @throws IOException if {@link File#getCanonicalFile()} does
-	 * @throws NullPointerException if either parent or child
-	 * 	are null.
-	 */
-	public static boolean isChildSubDirectory(File parent, File child) throws IOException
-	{
-		File childsParent;
-
-		if(child==null)
-			throw new NullPointerException("child argument is null");
-		if(!child.isDirectory())
-			return false;
-		if(parent==null)
-			throw new NullPointerException("parent argument is null");
-		parent = parent.getCanonicalFile();
-		child = child.getCanonicalFile();
-		childsParent = child.getParentFile();
-		if(childsParent == null)
-			return false;	// sym link to /?
-		childsParent = childsParent.getCanonicalFile();	// just in case...
-		if(!parent.equals(childsParent))
-			return false;
-		return true;
-	}
-
-	/**
-	 * Delete a file. Unlinke {@link File#delete()}, this throws an
-	 * exception if deletion fails.
-	 * @param file The file to delete
-	 * @throws IOException if file is not null, exists but delete
-	 * 	fails.
-	 */
-	public static void delete(File file) throws IOException
-	{
-		if(file==null || !file.exists())
-			return;
-		if(!file.delete())
-			throw new IOException("Unable to delete file " + file.getAbsolutePath());
-	}
-
-	/**
-	 * Recursively delete a file. If file is a directory,
-	 * subdirectories and files are also deleted. Care is taken to
-	 * not traverse symbolic links in this process. A null file or
-	 * a file that does not exist is considered to already been
-	 * deleted.
-	 * @param file The file or directory to be deleted
-	 * @throws IOException if the file, or a descendant, cannot
-	 * 	be deleted.
-	 * @throws SecurityException if {@link File#delete()} does.
-	 */
-	public static void deleteRecursively(File file) throws IOException
-	{
-		File[] children;
-		File child;
-
-		if(file == null || !file.exists())
-			return;	// already deleted?
-		if(file.isDirectory())
-		{
-			children = file.listFiles();
-			for(int i=0;i<children.length;i++)
-			{
-				child = children[i];
-				if(isChildSubDirectory(file,child))
-					deleteRecursively(child);
-				else
-					delete(child);
-			}
-		}
-
-		// finally
-		delete(file);
-	}
+    private static final Class<FileTestUtils> CLASS = FileTestUtils.class;
+    private static final String CLASS_NAME = CLASS.getName();
+    private static final String DEFAULT_PREFIX = CLASS_NAME + '.';
+    private static final String DEFAULT_SUFFIX = ".tmp";
+    private static final Random rand;
+
+    /*
+        Rational for switching from SecureRandom to Random:
+
+        This is used for generating filenames for temporary
+        directories. Originally this was using SecureRandom for
+        this to make /tmp races harder. This is not necessary as
+        mkdir always returns false if if the directory already
+        exists.
+
+        Additionally, SecureRandom for some reason on Linux
+        is appears to be reading from /dev/random instead of
+        /dev/urandom. As such, the many calls for temporary
+        directories in the unit tests quickly depletes the
+        entropy pool causing unit test runs to block until more
+        entropy is collected (this is why moving the mouse speeds
+        up unit tests).
+    */
+    static
+    {
+        SecureRandom secRand = new SecureRandom();
+        rand = new Random(secRand.nextLong());
+    }
+
+    /** Private constructor as all methods are static. */
+    private FileTestUtils()
+    {
+    }
+
+    /**
+     * Convert a long to it's hex representation. Unlike
+     * {@link Long#toHexString(long)} this always returns 16 digits.
+     * @param l The long to convert.
+     * @return l in hex.
+     */
+    public static String toHexString(long l)
+    {
+        String initial;
+        StringBuffer sb;
+
+        initial = Long.toHexString(l);
+        if(initial.length() == 16)
+            return initial;
+        sb = new StringBuffer(16);
+        sb.append(initial);
+        while(sb.length()<16)
+            sb.insert(0,'0');
+        return sb.toString();
+    }
+
+    /**
+     * Create a temporary directory.
+     * @param parent The parent directory for the temporary
+     *    directory. If this is null, the system property
+     *     "java.io.tmpdir" is used.
+     * @param prefix The prefix for the directory's name. If this
+     *     is null, the full class name of this class is used.
+     * @param suffix The suffix for the directory's name. If this
+     *     is null, ".tmp" is used.
+     * @return The newly created temporary directory.
+     * @throws IOException if directory creation fails
+     * @throws SecurityException if {@link File#mkdir()} throws one.
+     */
+    public static File createTmpDirectory(File parent, String prefix, String suffix) throws IOException
+    {
+        String name;
+        File dir;
+
+        if(prefix == null)
+            prefix = DEFAULT_PREFIX;
+        else if(!prefix.endsWith("."))
+            prefix += '.';
+        if(suffix == null)
+            suffix = DEFAULT_SUFFIX;
+        else if(!suffix.startsWith("."))
+            suffix = "." + suffix;
+        if(parent == null)
+            parent = new File(System.getProperty("java.io.tmpdir"));
+        name = prefix + toHexString(rand.nextLong()) + suffix;
+        dir = new File(parent, name);
+        if(!dir.mkdir())
+            throw new IOException("Unable to create temporary directory " + dir);
+        return dir.getCanonicalFile();
+    }
+
+    /**
+     * Create a temporary directory. This calls
+     * {@link #createTmpDirectory(File, String, String)} with null
+     * for parent and suffix.
+     * @param prefix The prefix for the directory's name. If this
+     *     is null, the full class name of this class is used.
+     * @return The newly created temporary directory.
+     * @throws IOException if directory creation fails
+     * @throws SecurityException if {@link File#mkdir()} throws one.
+     */
+    public static File createTmpDirectory(String prefix) throws IOException
+    {
+        return createTmpDirectory(null, prefix, null);
+    }
+
+    /**
+     * Create a temporary directory. This calls
+     * {@link #createTmpDirectory(File, String, String)} with null
+     * for all arguments.
+     * @return The newly created temporary directory.
+     * @throws IOException if directory creation fails
+     * @throws SecurityException if {@link File#mkdir()} throws one.
+     */
+    public static File createTmpDirectory() throws IOException
+    {
+         return createTmpDirectory(null,null,null);
+    }
+
+    /**
+     * Checks that child is a directory and really a child of
+     * parent. This verifies that the {@link File#getCanonicalFile()
+     * canonical} child is actually a child of parent. This should
+     * fail if the child is a symbolic link to another directory and
+     * therefore should not be traversed in a recursive traversal of
+     * a directory.
+     * @param parent The supposed parent of the child
+     * @param child The child to check
+     * @return true if child is a directory and a direct decendant
+     *     of parent.
+     * @throws IOException if {@link File#getCanonicalFile()} does
+     * @throws NullPointerException if either parent or child
+     *     are null.
+     */
+    public static boolean isChildSubDirectory(File parent, File child) throws IOException
+    {
+        File childsParent;
+
+        if(child==null)
+            throw new NullPointerException("child argument is null");
+        if(!child.isDirectory())
+            return false;
+        if(parent==null)
+            throw new NullPointerException("parent argument is null");
+        parent = parent.getCanonicalFile();
+        child = child.getCanonicalFile();
+        childsParent = child.getParentFile();
+        if(childsParent == null)
+            return false;    // sym link to /?
+        childsParent = childsParent.getCanonicalFile();    // just in case...
+        if(!parent.equals(childsParent))
+            return false;
+        return true;
+    }
+
+    /**
+     * Delete a file. Unlinke {@link File#delete()}, this throws an
+     * exception if deletion fails.
+     * @param file The file to delete
+     * @throws IOException if file is not null, exists but delete
+     *     fails.
+     */
+    public static void delete(File file) throws IOException
+    {
+        if(file==null || !file.exists())
+            return;
+        if(!file.delete())
+            throw new IOException("Unable to delete file " + file.getAbsolutePath());
+    }
+
+    /**
+     * Recursively delete a file. If file is a directory,
+     * subdirectories and files are also deleted. Care is taken to
+     * not traverse symbolic links in this process. A null file or
+     * a file that does not exist is considered to already been
+     * deleted.
+     * @param file The file or directory to be deleted
+     * @throws IOException if the file, or a descendant, cannot
+     *     be deleted.
+     * @throws SecurityException if {@link File#delete()} does.
+     */
+    public static void deleteRecursively(File file) throws IOException
+    {
+        File[] children;
+        File child;
+
+        if(file == null || !file.exists())
+            return;    // already deleted?
+        if(file.isDirectory())
+        {
+            children = file.listFiles();
+            for(int i=0;i<children.length;i++)
+            {
+                child = children[i];
+                if(isChildSubDirectory(file,child))
+                    deleteRecursively(child);
+                else
+                    delete(child);
+            }
+        }
+
+        // finally
+        delete(file);
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/util/ObjFactoryBenchmark.java b/src/test/java/org/owasp/esapi/util/ObjFactoryBenchmark.java
new file mode 100644
index 000000000..cf87608af
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/util/ObjFactoryBenchmark.java
@@ -0,0 +1,26 @@
+package org.owasp.esapi.util;
+
+import org.openjdk.jmh.annotations.*;
+import org.openjdk.jmh.infra.Blackhole;
+
+import javax.crypto.NullCipher;
+
+@State(Scope.Benchmark)
+@Fork(value = 3)
+@Warmup(iterations = 5, time = 1)
+@Measurement(iterations = 10, time = 1)
+public class ObjFactoryBenchmark {
+
+    @Benchmark
+    public void benchmark1(Blackhole hole) {
+        NullCipher nullCipher = ObjFactory.make("javax.crypto.NullCipher", "NullCipher");
+        hole.consume(nullCipher);
+    }
+
+    @Benchmark
+    public void benchmark2(Blackhole hole) {
+        String key = ObjFactory.make("java.lang.String", "testMakeNotASubclass");
+        hole.consume(key);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java b/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
index 2b817591c..3a3065a89 100644
--- a/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
@@ -11,19 +11,19 @@
 import org.owasp.esapi.errors.ConfigurationException;
 
 public class ObjFactoryTest extends TestCase {
-	
-	// Purpose of this is to prevent a default, no-arg, public CTOR to be generated.
-	// We want to prevent this so we can use this class to test the case of where
-	// ObjectFactory<T>.make() throws an IllegalAccessException.
-	@SuppressWarnings("unused")
-	private ObjFactoryTest(int i) { ; }
-	
+
+    // Purpose of this is to prevent a default, no-arg, public CTOR to be generated.
+    // We want to prevent this so we can use this class to test the case of where
+    // ObjectFactory<T>.make() throws an IllegalAccessException.
+    @SuppressWarnings("unused")
+    private ObjFactoryTest(int i) { ; }
+
     /**
-	 * Instantiates a new object factory test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
+     * Instantiates a new object factory test.
+     *
+     * @param testName
+     *            the test name
+     */
     public ObjFactoryTest(String testName) {
         super(testName);
     }
@@ -33,7 +33,7 @@ public ObjFactoryTest(String testName) {
      * @throws Exception
      */
     protected void setUp() throws Exception {
-    	// none
+        // none
     }
 
     /**
@@ -41,152 +41,195 @@ protected void setUp() throws Exception {
      * @throws Exception
      */
     protected void tearDown() throws Exception {
-    	// none
+        // none
     }
 
     /**
-	 * Run all the test cases in this suite.
+     * Run all the test cases in this suite.
      * This is to allow running from {@code org.owasp.esapi.AllTests}.
-	 * 
-	 * @return the test
-	 */
+     *
+     * @return the test
+     */
     public static Test suite() {
         TestSuite suite = new TestSuite(ObjFactoryTest.class);
         return suite;
     }
-    
+
     /** Test that NullCipher object is correctly returned. */
     public void testMakeNullCipher() throws ConfigurationException {
-    	String className = "javax.crypto.NullCipher";
-    	javax.crypto.Cipher nullCipher =
-    			ObjFactory.make(className, "NullCipher");
-    	assertTrue( nullCipher instanceof javax.crypto.NullCipher );
-    	System.out.println("W00t! Watch out NSA...we have a NullCipher and we're not afraid to use it!");
+        String className = "javax.crypto.NullCipher";
+        javax.crypto.Cipher nullCipher =
+                ObjFactory.make(className, "NullCipher");
+        assertTrue( nullCipher instanceof javax.crypto.NullCipher );
+        System.out.println("W00t! Watch out NSA...we have a NullCipher and we're not afraid to use it!");
     }
-    
+
     /** Test that InstantiationException is thrown as the root cause when the
      * specified class name is an abstract class or interface.
      */
     public void testInterface() throws ConfigurationException {
-    	Key key = null;  	
-    	try {
-    		key = ObjFactory.make("java.security.Key", "Key");
-    		assertFalse("Should not be reached - interface or abstract class", key != null);
-    	} catch(ConfigurationException ex) {
-    		Throwable cause = ex.getCause();
-    		assertTrue( cause instanceof InstantiationException);
-    	}
+        Key key = null;
+        try {
+            key = ObjFactory.make("java.security.Key", "Key");
+            assertFalse("Should not be reached - interface or abstract class", key != null);
+        } catch(ConfigurationException ex) {
+            Throwable cause = ex.getCause();
+            assertTrue( cause instanceof InstantiationException);
+        }
     }
-    
+
     /** Test that IllegalAccessException is thrown as the root cause when the
      *  specified class has no public, no-arg CTOR. Cipher has only a protected
      *  CTOR that takes multiple parameters.
-     *  
+     *
      *  FIXME: Need new test. This also throws an InstantiationException as the
      *  root cause. The goal is to have it throw IllegalAccessException.
      */
     public void testMakeNoPublicConstructor() throws ConfigurationException {
-    	ObjFactoryTest oft = null;	
-    	try {
-    		// CHECKME: As I read
-			//	  http://java.sun.com/docs/books/tutorial/reflect/member/ctorTrouble.html
-    		// this should cause an IllegalAccessException to be thrown because it has no public,
-    		// no-arg CTOR. However, it doesn't. It throws a InstantiationException instead.
-    		oft = ObjFactory.make(ObjFactoryTest.class.getName(), "ObjectFactoryTest");
-    		assertFalse("Should not be reached - no public CTOR", oft != null);
-    	} catch(ConfigurationException ex) {
-    		Throwable cause = ex.getCause();
-    		// assertTrue( cause instanceof IllegalAccessException);
-    		assertTrue( cause instanceof InstantiationException);
-    	}
+        ObjFactoryTest oft = null;
+        try {
+            // CHECKME: As I read
+            //      http://java.sun.com/docs/books/tutorial/reflect/member/ctorTrouble.html
+            // this should cause an IllegalAccessException to be thrown because it has no public,
+            // no-arg CTOR. However, it doesn't. It throws a InstantiationException instead.
+            oft = ObjFactory.make(ObjFactoryTest.class.getName(), "ObjectFactoryTest");
+            assertFalse("Should not be reached - no public CTOR", oft != null);
+        } catch(ConfigurationException ex) {
+            Throwable cause = ex.getCause();
+            // assertTrue( cause instanceof IllegalAccessException);
+            assertTrue( cause instanceof InstantiationException);
+        }
     }
-    
+
     /** Test that ClassNotFoundException is thrown as the root cause when
      * the class name to be created is not a class name that exists anywhere.
      */
     public void testMakeNoSuchClass() throws ConfigurationException {
-    	Object obj = null;
-    	
-    	try {
-    		obj = ObjFactory.make("kevin.wall.HasNoClass", "Object");
-    		assertFalse("Should not be reached - no such class", obj != null);
-    	} catch(ConfigurationException ex) {
-    		Throwable cause = ex.getCause();
-    		assertTrue( cause instanceof ClassNotFoundException);
-    	}
+        Object obj = null;
+
+        try {
+            obj = ObjFactory.make("kevin.wall.HasNoClass", "Object");
+            assertFalse("Should not be reached - no such class", obj != null);
+        } catch(ConfigurationException ex) {
+            Throwable cause = ex.getCause();
+            assertTrue( cause instanceof ClassNotFoundException);
+        }
     }
-    
+
     /** Test that ClassCastException is thrown as the root cause when the
      * created class is not a subclass / does not implement the specified type.
      * (In this case, String is not a subclass / does not implement Key.)
      */
     public void testMakeNotASubclass() throws ConfigurationException {
-    	Key key = null;
-    	try {
-    		key = ObjFactory.make("java.lang.String", "testMakeNotASubclass");
-    		assertFalse("Should not be reached - not a subclass", key != null);
-    	} catch(ConfigurationException ex) {
-    		Throwable cause = ex.getCause();
-    		System.out.println("DEBUG: Cause was: " + cause.getClass().getName());
-    		assertTrue( cause instanceof ClassCastException);
-    	} catch(ClassCastException ccex) {
-    		assertTrue("Caught expected class cast exception", true);
-    	}
+        Key key = null;
+        try {
+            key = ObjFactory.make("java.lang.String", "testMakeNotASubclass");
+            assertFalse("Should not be reached - not a subclass", key != null);
+        } catch(ConfigurationException ex) {
+            Throwable cause = ex.getCause();
+            System.out.println("DEBUG: Cause was: " + cause.getClass().getName());
+            assertTrue( cause instanceof ClassCastException);
+        } catch(ClassCastException ccex) {
+            assertTrue("Caught expected class cast exception", true);
+        }
     }
-    
+
     /** Test that IllegalArgumentException is thrown as the cause when the
      * class name is specified as an empty string.
      */
     public void testMakeEmptyClassName() throws ConfigurationException {
-    	Object obj = null;
-    	try {
-    		obj = ObjFactory.make("", "testMakeEmptyClassName");
-    		assertFalse("Should not be reached - not a subclass", obj != null);
-    	} catch(ConfigurationException ex) {
-    		Throwable cause = ex.getCause();
-    		assertTrue( cause instanceof IllegalArgumentException);
-    	}
+        Object obj = null;
+        try {
+            obj = ObjFactory.make("", "testMakeEmptyClassName");
+            assertFalse("Should not be reached - not a subclass", obj != null);
+        } catch(ConfigurationException ex) {
+            Throwable cause = ex.getCause();
+            assertTrue( cause instanceof IllegalArgumentException);
+        }
     }
-    
+
     /** Test that some other exception is thrown from the no-arg, public CTOR as the
      * root cause. Had to use special external class here because strangely, this didn't
      * work as an inner class. (Threw InstantiationException in that case instead.)
      */
     public void testMakeOtherException() throws ConfigurationException {
-    	@SuppressWarnings("unused")
-		ThePrefectClass ford = null;
-    	try {
-    		ford = ObjFactory.make("org.owasp.esapi.util.ThePrefectClass", "ThePrefectClass");
-    	} catch(ConfigurationException ex) {
-    		Throwable cause = ex.getCause();
-			assertTrue( cause instanceof UnsupportedOperationException);
-    	}
+        @SuppressWarnings("unused")
+        ThePrefectClass ford = null;
+        try {
+            ford = ObjFactory.make("org.owasp.esapi.util.ThePrefectClass", "ThePrefectClass");
+        } catch(ConfigurationException ex) {
+            Throwable cause = ex.getCause();
+            assertTrue( cause instanceof UnsupportedOperationException);
+        }
     }
-    
+
     /** Test case where typeName is null or empty string. */
     public void testNullorEmptyTypeName() throws ConfigurationException {
-    	String className = "javax.crypto.NullCipher";
-    	javax.crypto.Cipher nullCipher =
-    			ObjFactory.make(className, null);
-    	assertTrue( nullCipher instanceof javax.crypto.NullCipher );
-    	nullCipher =
-			ObjFactory.make(className, "");
-    	assertTrue( nullCipher instanceof javax.crypto.NullCipher );
+        String className = "javax.crypto.NullCipher";
+        javax.crypto.Cipher nullCipher =
+                ObjFactory.make(className, null);
+        assertTrue( nullCipher instanceof javax.crypto.NullCipher );
+        nullCipher =
+            ObjFactory.make(className, "");
+        assertTrue( nullCipher instanceof javax.crypto.NullCipher );
     }
-    
+
     /** Test case where no-arg CTOR does not exist. By all indications from
      * Javadoc for {@code Class.newInstance()} one would think this should
      * throw an {@code IllegalAccessException} because {@code SecretKeySpec}
      * has two public CTORs that both take arguments. */
     public void testMakeCipher() throws ConfigurationException {
-    	try {
-    		String className = "javax.crypto.spec.SecretKeySpec";
-    		javax.crypto.spec.SecretKeySpec skeySpec =
-    			(SecretKeySpec) ObjFactory.make(className, "SecretKeySpec");
-    		assertTrue( skeySpec != null );
-    	} catch(ConfigurationException ex) {
-    		Throwable cause = ex.getCause();
-    		assertTrue( cause instanceof InstantiationException);
-    	}
+        try {
+            String className = "javax.crypto.spec.SecretKeySpec";
+            javax.crypto.spec.SecretKeySpec skeySpec =
+                (SecretKeySpec) ObjFactory.make(className, "SecretKeySpec");
+            // Should not get to here. Exception is expected.
+        } catch(ConfigurationException ex) {
+            Throwable cause = ex.getCause();
+            assertTrue( cause instanceof InstantiationException);
+        }
+    }
+
+    /** Test cache. Create 100k JavaEncryptor instances with cache enabled (the
+     * default), and then create 100k instances with cache disabled. Time each.
+     * The cached version should save some time.
+     */
+    public void testObjFactoryCache() throws Exception {
+        final int reps = 100000;
+        System.out.println("testObjFactoryCache: " + reps + " iterations.");
+        org.owasp.esapi.reference.crypto.JavaEncryptor je = null;
+        String clz = "org.owasp.esapi.reference.crypto.JavaEncryptor";
+
+        long startCacheEnabled = System.nanoTime();
+        for ( int i = 0; i < reps; i++ ) {
+            je = (org.owasp.esapi.reference.crypto.JavaEncryptor) ObjFactory.make(clz, "JavaEncryptor");
+            assertNotNull( je );
+        }
+        long stopCacheEnabled = System.nanoTime();
+
+        ObjFactory.setCache( false );   // Disable cache
+
+        long startCacheDisabled = System.nanoTime();
+        for ( int i = 0; i < reps; i++ ) {
+            je = (org.owasp.esapi.reference.crypto.JavaEncryptor) ObjFactory.make(clz, "JavaEncryptor");
+            assertNotNull( je );
+        }
+/*
+ * TODO - Replace all this with the JMH benchmark harness stuff as similar to
+ * what is in ObjFactoryBenchmark. See GitHub issue #498 for further details.
+ * Unfortunately, we need to do this until then because JIT manipulations are
+ * sometimes making the cache disabled time take less than with caching enabled.
+ * In fact, when we start using JMH for this, we probably ought to move this
+ * entire test to ObjFactoryBenchmark.
+ *
+        long stopCacheDisabled = System.nanoTime();
+
+        long durationEnabled  = stopCacheEnabled - startCacheEnabled;
+        long durationDisabled = stopCacheDisabled - startCacheDisabled;
+        System.out.println("testObjFactoryCache: Time with cache ENABLED (nanosec):  " + durationEnabled );
+        System.out.println("testObjFactoryCache: Time with cache DISABLED (nanosec): " + durationDisabled );
+
+        assertTrue( durationEnabled < durationDisabled );
+ */
     }
 }
diff --git a/src/test/java/org/owasp/esapi/util/TestUtils.java b/src/test/java/org/owasp/esapi/util/TestUtils.java
new file mode 100644
index 000000000..ddc25edfb
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/util/TestUtils.java
@@ -0,0 +1,14 @@
+package org.owasp.esapi.util;
+
+public class TestUtils {
+
+    public static String generateStringOfLength(int length) {
+        assert length >= 0 : "length must be >= 0";
+        StringBuilder longString = new StringBuilder(length);
+        for (int i = 0; i < length; i++) {
+            longString.append("a");
+        }
+        return longString.toString();
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/util/ThePrefectClass.java b/src/test/java/org/owasp/esapi/util/ThePrefectClass.java
index 28b0f33bf..13275f340 100644
--- a/src/test/java/org/owasp/esapi/util/ThePrefectClass.java
+++ b/src/test/java/org/owasp/esapi/util/ThePrefectClass.java
@@ -4,9 +4,9 @@
 // For testing only. Doesn't work as an inner class in ObjFactoryTest.
 // Props to D. Adams for HG2G. RIP.
 public class ThePrefectClass {
-	private static final int lifeUniverseEverything = 42;
-	public ThePrefectClass() {
-		throw new UnsupportedOperationException("This public CTOR is not supported!");
-	}
-	public int getAnswer() { return lifeUniverseEverything; }
+    private static final int lifeUniverseEverything = 42;
+    public ThePrefectClass() {
+        throw new UnsupportedOperationException("This public CTOR is not supported!");
+    }
+    public int getAnswer() { return lifeUniverseEverything; }
 }
diff --git a/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java b/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java
index 0e4d69292..2a1bc2513 100644
--- a/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java
+++ b/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java
@@ -1,59 +1,59 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-import junit.framework.TestSuite;
-
-public class AddHeaderTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(AddHeaderTest.class);
-	}
-	
-    /*
-     * Test whether or not the WAF correctly adds the header to the response when it should and
-     * when it shouldn't, based on paths specified in the WAF rules.
-     */
-    public void testShouldAddHeader() throws Exception {
-        
-    	System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
-
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/addheader" ) );
-    	
-    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
-    	
-        String foo = response.getHeader( "FOO" );
-        assertTrue( foo != null && foo.equals( "BAR" ) );
-        
-    }
-    
-    public void testShouldNotAddHeader() throws Exception {
-    	System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
-
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/marketing/foo" ) );
-    	
-    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
-    	
-        String foo = response.getHeader( "FOO" );
-        assertTrue( foo == null );
-        
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+import junit.framework.TestSuite;
+
+public class AddHeaderTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(AddHeaderTest.class);
+    }
+
+    /*
+     * Test whether or not the WAF correctly adds the header to the response when it should and
+     * when it shouldn't, based on paths specified in the WAF rules.
+     */
+    public void testShouldAddHeader() throws Exception {
+
+        System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/addheader" ) );
+
+        WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
+
+        String foo = response.getHeader( "FOO" );
+        assertTrue( foo != null && foo.equals( "BAR" ) );
+
+    }
+
+    public void testShouldNotAddHeader() throws Exception {
+        System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/marketing/foo" ) );
+
+        WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
+
+        String foo = response.getHeader( "FOO" );
+        assertTrue( foo == null );
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/BeanShellTest.java b/src/test/java/org/owasp/esapi/waf/BeanShellTest.java
index 94e8a93a4..5253e9372 100644
--- a/src/test/java/org/owasp/esapi/waf/BeanShellTest.java
+++ b/src/test/java/org/owasp/esapi/waf/BeanShellTest.java
@@ -1,47 +1,47 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-import junit.framework.TestSuite;
-
-public class BeanShellTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(BeanShellTest.class);
-	}
-
-	public void testRedirectBeanShellRule() throws Exception {
-
-		request = new MockHttpServletRequest( new URL( "http://www.example.com/beanshelltest" ) );
-
-    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/bean-shell-policy.xml", request, response, new MockFilterChain() );
-    	
-    	HttpSession session = request.getSession();
-    	
-    	assert(session.getAttribute("simple_waf_test") != null);
-    	assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+import junit.framework.TestSuite;
+
+public class BeanShellTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(BeanShellTest.class);
+    }
+
+    public void testRedirectBeanShellRule() throws Exception {
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/beanshelltest" ) );
+
+        WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/bean-shell-policy.xml", request, response, new MockFilterChain() );
+
+        HttpSession session = request.getSession();
+
+        assert(session.getAttribute("simple_waf_test") != null);
+        assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java b/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java
index 54eefb8de..1d74e2483 100644
--- a/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java
+++ b/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class DetectOutboundTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(DetectOutboundTest.class);
-	}
-	
-	public void testBadDetectOutbound() throws Exception {
-	       
-    	System.out.println("detectOutboundPolicy - Fires if response has \"2008\" in it" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
-    	
-    	// this setting of the body gets overridden in the MockFilterChain =(. For a hack we put it in
-    	// the URI above, which gets reflected into the response body.
-    	response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
-        
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
-        
-    }
-	
-	public void testGoodDetectOutbound() throws Exception {
-	       
-    	System.out.println("detectOutboundPolicy - should not fire even if response has \"2008\" in it because the content type is image/jpeg" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
-    	response = new MockHttpServletResponse();
-    	response.setContentType("image/jpeg");
-    	response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
-        
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_OK );
-        
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class DetectOutboundTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(DetectOutboundTest.class);
+    }
+
+    public void testBadDetectOutbound() throws Exception {
+
+        System.out.println("detectOutboundPolicy - Fires if response has \"2008\" in it" );
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
+
+        // this setting of the body gets overridden in the MockFilterChain =(. For a hack we put it in
+        // the URI above, which gets reflected into the response body.
+        response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
+
+        assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
+
+    }
+
+    public void testGoodDetectOutbound() throws Exception {
+
+        System.out.println("detectOutboundPolicy - should not fire even if response has \"2008\" in it because the content type is image/jpeg" );
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
+        response = new MockHttpServletResponse();
+        response.setContentType("image/jpeg");
+        response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
+
+        assertTrue( response.getStatus() == HttpServletResponse.SC_OK );
+
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java b/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java
index 300da4b50..672294d20 100644
--- a/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java
+++ b/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java
@@ -1,70 +1,70 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.IOException;
-import java.net.URL;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-import junit.framework.TestSuite;
-
-public class DynamicInsertionTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(DynamicInsertionTest.class);
-	}
-	
-	public void testShouldReplaceContent() throws Exception {
-		
-    	System.out.println("dynamicInsertionPolicy - replaces </body> with 'this is a test'" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "https://www.example.com/here+</body>+there+everywhere" ) );
-        request.setScheme("https");
-        request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
-    	
-    	assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
-    	String body = response.getBody();
-    	assertTrue ( body.indexOf("test") > -1 );
-    	System.out.println( body );
-   	
-	}
-	
-	public void testShouldNotReplaceContent() throws Exception {
-		
-		System.out.println("dynamicInsertionPolicy - should not replace '< /body>' or </body > or </bo dy> with anything" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "https://www.example.com/here+<+/body></bo+dy>+</body+>+there+everywhere" ) );
-    	request.setScheme("https");
-    	request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
-    	
-    	assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
-    	assertTrue ( response.getBody().indexOf("test") == -1 );
-    	System.out.println( response.getBody() );
-   		
-    	
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.IOException;
+import java.net.URL;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+import junit.framework.TestSuite;
+
+public class DynamicInsertionTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(DynamicInsertionTest.class);
+    }
+
+    public void testShouldReplaceContent() throws Exception {
+
+        System.out.println("dynamicInsertionPolicy - replaces </body> with 'this is a test'" );
+
+        request = new MockHttpServletRequest( new URL( "https://www.example.com/here+</body>+there+everywhere" ) );
+        request.setScheme("https");
+        request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
+
+        assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
+        String body = response.getBody();
+        assertTrue ( body.indexOf("test") > -1 );
+        System.out.println( body );
+
+    }
+
+    public void testShouldNotReplaceContent() throws Exception {
+
+        System.out.println("dynamicInsertionPolicy - should not replace '< /body>' or </body > or </bo dy> with anything" );
+
+        request = new MockHttpServletRequest( new URL( "https://www.example.com/here+<+/body></bo+dy>+</body+>+there+everywhere" ) );
+        request.setScheme("https");
+        request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
+
+        assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
+        assertTrue ( response.getBody().indexOf("test") == -1 );
+        System.out.println( response.getBody() );
+
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java b/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java
index 2b833121b..80757fd37 100644
--- a/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java
+++ b/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java
@@ -1,52 +1,52 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class EnforceAuthenticationTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(EnforceAuthenticationTest.class);
-	}
-	
-	public void testAuthenticatedRequest() throws Exception {
-		// authentication test
-	    url = new URL( "https://www.example.com/authenticated" );
-		System.out.println( "\nTest good request (user in session): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession().setAttribute("ESAPIUserSessionKey", user);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
-	}
-
-	public void testUnauthenticatedRequest() throws Exception {
-	    // authentication test
-	    url = new URL( "http://www.example.com/authenticated" );
-		System.out.println( "\nTest bad request (no user in session): " + url );
-	    request = new MockHttpServletRequest( url );
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest ( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );		
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class EnforceAuthenticationTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(EnforceAuthenticationTest.class);
+    }
+
+    public void testAuthenticatedRequest() throws Exception {
+        // authentication test
+        url = new URL( "https://www.example.com/authenticated" );
+        System.out.println( "\nTest good request (user in session): " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+    }
+
+    public void testUnauthenticatedRequest() throws Exception {
+        // authentication test
+        url = new URL( "http://www.example.com/authenticated" );
+        System.out.println( "\nTest bad request (no user in session): " + url );
+        request = new MockHttpServletRequest( url );
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest ( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+
 }
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java b/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java
index 83bb550ab..05f66b1fb 100644
--- a/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java
+++ b/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java
@@ -1,68 +1,68 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class EnforceHTTPSTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(EnforceHTTPSTest.class);
-	}
-	
-	public void setUp() throws Exception {
-		super.setUp();
-    	WAFTestUtility.setWAFPolicy( waf, "waf-policy.xml" );
-	}
-
-	public void testGoodSchemeSSLRequired() throws Exception {
-	    // test good scheme
-		url = new URL( "https://www.example.com/" );
-		System.out.println( "\nTest good scheme (https): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession(true);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
-	}
-
-     
-	public void testBadSchemeSSLNotRequired () throws Exception {
-	    // test bad scheme
-	    url = new URL( "http://www.example.com/images/test.gif" );
-		System.out.println( "\nTest bad scheme (no ssl - but its not required): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession(true);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
-	}
-
-	public void testBadSchemeSSLRequired () throws Exception {
-	    // test bad scheme
-	    url = new URL( "http://www.example.com/secure" );
-		System.out.println( "\nTest bad scheme (no ssl - but its required): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession(true);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );		
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class EnforceHTTPSTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(EnforceHTTPSTest.class);
+    }
+
+    public void setUp() throws Exception {
+        super.setUp();
+        WAFTestUtility.setWAFPolicy( waf, "waf-policy.xml" );
+    }
+
+    public void testGoodSchemeSSLRequired() throws Exception {
+        // test good scheme
+        url = new URL( "https://www.example.com/" );
+        System.out.println( "\nTest good scheme (https): " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+    }
+
+
+    public void testBadSchemeSSLNotRequired () throws Exception {
+        // test bad scheme
+        url = new URL( "http://www.example.com/images/test.gif" );
+        System.out.println( "\nTest bad scheme (no ssl - but its not required): " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+    }
+
+    public void testBadSchemeSSLRequired () throws Exception {
+        // test bad scheme
+        url = new URL( "http://www.example.com/secure" );
+        System.out.println( "\nTest bad scheme (no ssl - but its required): " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java b/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java
index c1ed06876..25ae2b443 100644
--- a/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java
+++ b/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java
@@ -1,43 +1,43 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class GoodRequestTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(GoodRequestTest.class);
-	}
-	
-	public void testGoodRequest() throws Exception {
-		// should pass
-        url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "Test good URL: " + url );
-        request = new MockHttpServletRequest( url );
-        request.getSession(true);
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class GoodRequestTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(GoodRequestTest.class);
+    }
+
+    public void testGoodRequest() throws Exception {
+        // should pass
+        url = new URL( "http://www.example.com/index.jsp" );
+        System.out.println( "Test good URL: " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java b/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java
index b176207ef..61bdffbee 100644
--- a/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java
+++ b/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java
@@ -1,84 +1,84 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.http.MockFilterChain;
-
-import junit.framework.TestSuite;
-
-public class HttpOnlyTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(HttpOnlyTest.class);
-	}
-	
-    /*
-     * Test all aspects of the HTTPOnly protection. Note that attaching HTTPOnly to
-     * JSESSIONIDs requires a 3-step handshake, so the first 2 response codes should 
-     * be 301, and on the 3rd response the cookie should be set. A lot of extra traffic
-     * for HTTPOnly.
-     * 
-     * That same 3-step handshake won't be needed for custom cookies generated by the
-     * application with addCookie().
-     */
-
-	// this has been commented because we decided not to try to make this work. too much
-	// hackery.
-	/*
-    public void testAddHttpOnlyOnSessionCookie() throws Exception {
-    	
-     	System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on the session ID (JSESSIONID) cookie added to response" );
-   	        	
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
-    	
-    }
-    */
-	
-    public void testAddHttpOnlyOnCustomCookie() throws Exception {
-    	
-    	System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on a custom cookie (FOOBAR) added to the response" );
-   	    
-    	request.getSession(true);
-    	
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response, new HttpOnlyTestFilterChain() );
-    	
-    	//response.dump();
-     
-    	String foo = response.getHeader("Set-Cookie");
-    	assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
-    	assertTrue( foo.contains("HttpOnly") );
-    	
-    }
-    
-    class HttpOnlyTestFilterChain extends MockFilterChain {
-		public void doFilter(ServletRequest arg0, ServletResponse arg1)
-				throws IOException, ServletException {
-			HttpServletResponse response = (HttpServletResponse)arg1;
-			response.addCookie( new Cookie("FOO", "BAR" ) );
-		}
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.http.MockFilterChain;
+
+import junit.framework.TestSuite;
+
+public class HttpOnlyTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(HttpOnlyTest.class);
+    }
+
+    /*
+     * Test all aspects of the HTTPOnly protection. Note that attaching HTTPOnly to
+     * JSESSIONIDs requires a 3-step handshake, so the first 2 response codes should
+     * be 301, and on the 3rd response the cookie should be set. A lot of extra traffic
+     * for HTTPOnly.
+     *
+     * That same 3-step handshake won't be needed for custom cookies generated by the
+     * application with addCookie().
+     */
+
+    // this has been commented because we decided not to try to make this work. too much
+    // hackery.
+    /*
+    public void testAddHttpOnlyOnSessionCookie() throws Exception {
+
+         System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on the session ID (JSESSIONID) cookie added to response" );
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response );
+
+        assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
+
+    }
+    */
+
+    public void testAddHttpOnlyOnCustomCookie() throws Exception {
+
+        System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on a custom cookie (FOOBAR) added to the response" );
+
+        request.getSession(true);
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response, new HttpOnlyTestFilterChain() );
+
+        //response.dump();
+
+        String foo = response.getHeader("Set-Cookie");
+        assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
+        assertTrue( foo.contains("HttpOnly") );
+
+    }
+
+    class HttpOnlyTestFilterChain extends MockFilterChain {
+        public void doFilter(ServletRequest arg0, ServletResponse arg1)
+                throws IOException, ServletException {
+            HttpServletResponse response = (HttpServletResponse)arg1;
+            response.addCookie( new Cookie("FOO", "BAR" ) );
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java b/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java
index 25a80bc21..9ba84e753 100644
--- a/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java
+++ b/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java
@@ -1,18 +1,18 @@
-package org.owasp.esapi.waf;
-
-import java.util.Map;
-
-import javax.servlet.ServletContext;
-
-import org.owasp.esapi.http.MockFilterConfig;
-
-public class MockWafFilterConfig extends MockFilterConfig {
-
-	public MockWafFilterConfig(Map map) {
-		super(map);
-	}
-
-	public ServletContext getServletContext() {
-    	return new MockWafServletContext();
-    }
-}
+package org.owasp.esapi.waf;
+
+import java.util.Map;
+
+import javax.servlet.ServletContext;
+
+import org.owasp.esapi.http.MockFilterConfig;
+
+public class MockWafFilterConfig extends MockFilterConfig {
+
+    public MockWafFilterConfig(Map map) {
+        super(map);
+    }
+
+    public ServletContext getServletContext() {
+        return new MockWafServletContext();
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java b/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java
index 1d5b91022..4e61a5917 100644
--- a/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java
+++ b/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java
@@ -1,14 +1,14 @@
-package org.owasp.esapi.waf;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.http.MockServletContext;
-
-public class MockWafServletContext extends MockServletContext {
-
-	public String getRealPath(String s) {
-		
-		return ESAPI.securityConfiguration().getResourceFile( "" ).getAbsolutePath() + "/" + s;
-		
-	}
-	
-}
+package org.owasp.esapi.waf;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.http.MockServletContext;
+
+public class MockWafServletContext extends MockServletContext {
+
+    public String getRealPath(String s) {
+
+        return ESAPI.securityConfiguration().getResourceFile( "" ).getAbsolutePath() + "/" + s;
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/MustMatchTest.java b/src/test/java/org/owasp/esapi/waf/MustMatchTest.java
index c92eefd15..d23d9d6c5 100644
--- a/src/test/java/org/owasp/esapi/waf/MustMatchTest.java
+++ b/src/test/java/org/owasp/esapi/waf/MustMatchTest.java
@@ -1,55 +1,55 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class MustMatchTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(MustMatchTest.class);
-	}
-	
-	public void testUnauthorizedRequest () throws Exception {
-        // Test bad request (no x-roles header)
-        url = new URL( "https://www.example.com/admin/config" );
-		System.out.println( "\nTest bad request (request has no x-roles header): " + url );
-        request = new MockHttpServletRequest( url );
-        request.setRemoteAddr("192.168.1.5"); // necessary to pass IPRule
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
-	}
-	
-	public void testAuthorizedRequest() throws Exception {
-        // Test good request (request has x-roles header)
-        url = new URL( "https://www.example.com/admin/config" );
-		System.out.println( "\nTest good request (request has x-roles header): " + url );
-        request = new MockHttpServletRequest( url );
-        request.addHeader("x-roles", "admin" );
-        request.setRemoteAddr("192.168.1.100");
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class MustMatchTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(MustMatchTest.class);
+    }
+
+    public void testUnauthorizedRequest () throws Exception {
+        // Test bad request (no x-roles header)
+        url = new URL( "https://www.example.com/admin/config" );
+        System.out.println( "\nTest bad request (request has no x-roles header): " + url );
+        request = new MockHttpServletRequest( url );
+        request.setRemoteAddr("192.168.1.5"); // necessary to pass IPRule
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+
+    public void testAuthorizedRequest() throws Exception {
+        // Test good request (request has x-roles header)
+        url = new URL( "https://www.example.com/admin/config" );
+        System.out.println( "\nTest good request (request has x-roles header): " + url );
+        request = new MockHttpServletRequest( url );
+        request.addHeader("x-roles", "admin" );
+        request.setRemoteAddr("192.168.1.100");
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java b/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java
index 430600cbe..8088bbc26 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java
@@ -1,51 +1,51 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-public class RestrictContentTypeTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(RestrictContentTypeTest.class);
-	}
-
-	public void testNoContentType() throws Exception {
-
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_OK);
-	}
-	
-	public void testGoodContentType() throws Exception {
-		request.addHeader("Content-Type","text/html");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_OK);
-	}
-	
-	public void testBadContentType() throws Exception {
-		request.addHeader("Content-Type","multipart/form-upload");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+public class RestrictContentTypeTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(RestrictContentTypeTest.class);
+    }
+
+    public void testNoContentType() throws Exception {
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
+
+        assert(response.getStatus() == HttpServletResponse.SC_OK);
+    }
+
+    public void testGoodContentType() throws Exception {
+        request.addHeader("Content-Type","text/html");
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
+
+        assert(response.getStatus() == HttpServletResponse.SC_OK);
+    }
+
+    public void testBadContentType() throws Exception {
+        request.addHeader("Content-Type","multipart/form-upload");
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
+
+        assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java b/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java
index 7aee58e2e..eb7884e4f 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class RestrictExtensionTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(RestrictExtensionTest.class);
-	}
-	
-	public void testGoodExtension() throws Exception {
-        
-    	System.out.println("restrictExtensionPolicy - approve this URL (doesn't end in .log or anything else evil)" );
-
-        request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.jpg" ) );
-        request.getSession(true); // pass HttpOnly test...
-    	response = new MockHttpServletResponse();
-        
-        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
-    }
-
-	public void testBadExtension() throws Exception {
-        
-    	System.out.println("restrictExtensionPolicy - reject any URL ending in .log" );
-
-        MockHttpServletRequest request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.log" ) );
-    	MockHttpServletResponse response = new MockHttpServletResponse();
-        
-        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class RestrictExtensionTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(RestrictExtensionTest.class);
+    }
+
+    public void testGoodExtension() throws Exception {
+
+        System.out.println("restrictExtensionPolicy - approve this URL (doesn't end in .log or anything else evil)" );
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.jpg" ) );
+        request.getSession(true); // pass HttpOnly test...
+        response = new MockHttpServletResponse();
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
+
+        assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+
+    public void testBadExtension() throws Exception {
+
+        System.out.println("restrictExtensionPolicy - reject any URL ending in .log" );
+
+        MockHttpServletRequest request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.log" ) );
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
+
+        assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java b/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java
index 0203bb81a..bdb89f798 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java
@@ -1,56 +1,56 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class RestrictMethodTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(RestrictMethodTest.class);
-	}
-	
-	public void testGoodMethod() throws Exception {
-		// test good method
-	    url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "\nTest good method: " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.setMethod( "TRACE" );
-	    request.getSession(true); // so the app will pass the HttpOnly test...
-	    
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest(waf, request, response, HttpServletResponse.SC_OK );
-	}
-	
-	public void testBadMethod() throws Exception {
-		// test bad method
-	    url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "\nTest bad method: " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.setMethod( "JEFF" );
-	    request.getSession(true); // so the app will pass the HttpOnly test...
-	    
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
-	}    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class RestrictMethodTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(RestrictMethodTest.class);
+    }
+
+    public void testGoodMethod() throws Exception {
+        // test good method
+        url = new URL( "http://www.example.com/index.jsp" );
+        System.out.println( "\nTest good method: " + url );
+        request = new MockHttpServletRequest( url );
+        request.setMethod( "TRACE" );
+        request.getSession(true); // so the app will pass the HttpOnly test...
+
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest(waf, request, response, HttpServletResponse.SC_OK );
+    }
+
+    public void testBadMethod() throws Exception {
+        // test bad method
+        url = new URL( "http://www.example.com/index.jsp" );
+        System.out.println( "\nTest bad method: " + url );
+        request = new MockHttpServletRequest( url );
+        request.setMethod( "JEFF" );
+        request.getSession(true); // so the app will pass the HttpOnly test...
+
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java b/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java
index 1cd641df4..f1c1939c4 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java
@@ -1,46 +1,46 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-public class RestrictUserAgentTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(RestrictUserAgentTest.class);
-	}
-	
-	public void testBadUserAgent() throws Exception {
-		
-		request.addHeader("User-Agent","GoogleBot");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
-		
-		assert(response.getStatus() == 403);
-	}
-	
-	public void testGoodUserAgent() throws Exception {
-		
-		request.addHeader("User-Agent","MSIE NT Compatible");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_OK);
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+public class RestrictUserAgentTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(RestrictUserAgentTest.class);
+    }
+
+    public void testBadUserAgent() throws Exception {
+
+        request.addHeader("User-Agent","GoogleBot");
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
+
+        assert(response.getStatus() == 403);
+    }
+
+    public void testGoodUserAgent() throws Exception {
+
+        request.addHeader("User-Agent","MSIE NT Compatible");
+
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
+
+        assert(response.getStatus() == HttpServletResponse.SC_OK);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java b/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java
index 4be65efff..981fea525 100644
--- a/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java
+++ b/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java
@@ -1,60 +1,60 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-import junit.framework.TestSuite;
-
-public class VirtualPatchTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(VirtualPatchTest.class);
-	}
-	
-	public void testNonAttacktAfterVirtualPatch() throws Exception {
-		// should pass
-        url = new URL( "https://www.example.com/virtualpatch.jsp" );
-		System.out.println( "Testing non-attack after virtual patch on URL: " + url );
-        request = new MockHttpServletRequest( url );
-        request.getSession(true);
-        request.setScheme("https");
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-        request.addParameter("bar", "09124asd135r123irh2938rh9c82hr3hareohvw"); // alphanums are allowed
-        request.addParameter("foo", "<script>' oR 1=1-- bad.attax.google.com jar:"); // this parameter should not be touched by the patch
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
-	}
-	
-	public void testAttackAfterVirtualPatch() throws Exception {
-		// should fail
-        url = new URL( "https://www.example.com/foo.jsp" );
-		System.out.println( "Testing attack after virtual patch on URL: " + url );
-        request = new MockHttpServletRequest( url );
-        request.getSession(true);
-        request.setScheme("https");
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-        request.addParameter("bar", "09124asd135r123ir>h2938rh9c82hr3hareohvw"); // non-alphanums are not allowed (there is 1 in the middle)
-        request.addParameter("foo", "SADFSDfSDFSDF123123123"); // this parameter should not be touched by the patch
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+import junit.framework.TestSuite;
+
+public class VirtualPatchTest extends WAFTestCase {
+
+    public static TestSuite suite() {
+        return new TestSuite(VirtualPatchTest.class);
+    }
+
+    public void testNonAttacktAfterVirtualPatch() throws Exception {
+        // should pass
+        url = new URL( "https://www.example.com/virtualpatch.jsp" );
+        System.out.println( "Testing non-attack after virtual patch on URL: " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        request.setScheme("https");
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+        request.addParameter("bar", "09124asd135r123irh2938rh9c82hr3hareohvw"); // alphanums are allowed
+        request.addParameter("foo", "<script>' oR 1=1-- bad.attax.google.com jar:"); // this parameter should not be touched by the patch
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+    }
+
+    public void testAttackAfterVirtualPatch() throws Exception {
+        // should fail
+        url = new URL( "https://www.example.com/foo.jsp" );
+        System.out.println( "Testing attack after virtual patch on URL: " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        request.setScheme("https");
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+        request.addParameter("bar", "09124asd135r123ir>h2938rh9c82hr3hareohvw"); // non-alphanums are not allowed (there is 1 in the middle)
+        request.addParameter("foo", "SADFSDfSDFSDF123123123"); // this parameter should not be touched by the patch
+        response = new MockHttpServletResponse();
+        createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java b/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java
index fdb9f083b..3f008ae9d 100644
--- a/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java
+++ b/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java
@@ -1,81 +1,81 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * This is the main TestSuite for all the WAF tests. Some of the WAF
- * tests utilize a large policy file containing a bunch of unrelated
- * rules, and some use very small policy files that only exercise
- * specific functionality. Some may use both. 
- * 
- * There is an unlimited combination of rules to be exercised together, 
- * so the small policy files test the strict functionality, while the
- * larger policy files (hopefully) give us assurance that the rules 
- * won't interfere with each other.
- */
-
-public class WAFFilterTest extends TestCase {
-    
-    /**
-	 * Instantiates a new WAF test.
-	 * 
-	 * @param testName the test name
-	 */
-    public WAFFilterTest(String testName) {
-        super(testName);
-    }
-
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-
-    	TestSuite suite = new TestSuite(WAFFilterTest.class);
-
-        suite.addTest(AddHeaderTest.suite());
-        suite.addTest(BeanShellTest.suite());
-        suite.addTest(DetectOutboundTest.suite());
-        suite.addTest(EnforceAuthenticationTest.suite());
-        suite.addTest(EnforceHTTPSTest.suite());
-        suite.addTest(GoodRequestTest.suite());
-        suite.addTest(HttpOnlyTest.suite());
-        suite.addTest(MustMatchTest.suite());
-        suite.addTest(DynamicInsertionTest.suite());
-        suite.addTest(RestrictContentTypeTest.suite());
-        suite.addTest(RestrictExtensionTest.suite());
-        suite.addTest(RestrictMethodTest.suite());
-        suite.addTest(RestrictUserAgentTest.suite());
-        suite.addTest(VirtualPatchTest.suite());
-        
-        return suite;
-    }
-    
-    public void testConfigurationCanBeRead() throws Exception {
-    	
-    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
-    	WAFTestUtility.setWAFPolicy(waf, "waf-policy.xml");
-
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * This is the main TestSuite for all the WAF tests. Some of the WAF
+ * tests utilize a large policy file containing a bunch of unrelated
+ * rules, and some use very small policy files that only exercise
+ * specific functionality. Some may use both.
+ *
+ * There is an unlimited combination of rules to be exercised together,
+ * so the small policy files test the strict functionality, while the
+ * larger policy files (hopefully) give us assurance that the rules
+ * won't interfere with each other.
+ */
+
+public class WAFFilterTest extends TestCase {
+
+    /**
+     * Instantiates a new WAF test.
+     *
+     * @param testName the test name
+     */
+    public WAFFilterTest(String testName) {
+        super(testName);
+    }
+
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+
+        TestSuite suite = new TestSuite(WAFFilterTest.class);
+
+        suite.addTest(AddHeaderTest.suite());
+        suite.addTest(BeanShellTest.suite());
+        suite.addTest(DetectOutboundTest.suite());
+        suite.addTest(EnforceAuthenticationTest.suite());
+        suite.addTest(EnforceHTTPSTest.suite());
+        suite.addTest(GoodRequestTest.suite());
+        suite.addTest(HttpOnlyTest.suite());
+        suite.addTest(MustMatchTest.suite());
+        suite.addTest(DynamicInsertionTest.suite());
+        suite.addTest(RestrictContentTypeTest.suite());
+        suite.addTest(RestrictExtensionTest.suite());
+        suite.addTest(RestrictMethodTest.suite());
+        suite.addTest(RestrictUserAgentTest.suite());
+        suite.addTest(VirtualPatchTest.suite());
+
+        return suite;
+    }
+
+    public void testConfigurationCanBeRead() throws Exception {
+
+        ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
+        WAFTestUtility.setWAFPolicy(waf, "waf-policy.xml");
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/waf/WAFTestCase.java b/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
index c0c63f772..ba773ff7b 100644
--- a/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
+++ b/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
@@ -1,65 +1,65 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.User;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-import junit.framework.TestCase;
-
-public abstract class WAFTestCase extends TestCase {
-
-	protected MockHttpServletRequest request;
-	protected MockHttpServletResponse response;
-	protected URL url;
-	protected ESAPIWebApplicationFirewallFilter waf;
-	
-	protected static User user = null;
-	
-	public void setUp() throws Exception {
-	    // setup the user in session
-		
-		if ( user == null ) {
-			String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-			Authenticator instance = ESAPI.authenticator();
-			String password = instance.generateStrongPassword();
-			instance.setCurrentUser(user);
-			user = instance.createUser(accountName, password, password);
-			user.enable();
-		}
-		
-		request = new MockHttpServletRequest( new URL( "http://www.example.com/index" ) );
-        response = new MockHttpServletResponse();
-        waf = new ESAPIWebApplicationFirewallFilter();
-        
-        WAFTestUtility.setWAFPolicy(waf, "/waf-policy.xml");
-	}
-    
-	public void createAndExecuteWAFResponseCodeTest( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
-    	assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( waf, request, response) );	
-	}
-    
-    public void createAndExecuteWAFResponseCodeTest( String policy, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
-    	assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( policy, request, response) );	
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.User;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+import junit.framework.TestCase;
+
+public abstract class WAFTestCase extends TestCase {
+
+    protected MockHttpServletRequest request;
+    protected MockHttpServletResponse response;
+    protected URL url;
+    protected ESAPIWebApplicationFirewallFilter waf;
+
+    protected static User user = null;
+
+    public void setUp() throws Exception {
+        // setup the user in session
+
+        if ( user == null ) {
+            String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+            Authenticator instance = ESAPI.authenticator();
+            String password = instance.generateStrongPassword();
+            instance.setCurrentUser(user);
+            user = instance.createUser(accountName, password, password);
+            user.enable();
+        }
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/index" ) );
+        response = new MockHttpServletResponse();
+        waf = new ESAPIWebApplicationFirewallFilter();
+
+        WAFTestUtility.setWAFPolicy(waf, "/waf-policy.xml");
+    }
+
+    public void createAndExecuteWAFResponseCodeTest( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
+        assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( waf, request, response) );
+    }
+
+    public void createAndExecuteWAFResponseCodeTest( String policy, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
+        assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( policy, request, response) );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java b/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java
index 3a58b387c..b80bfa4d0 100644
--- a/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java
+++ b/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java
@@ -1,91 +1,103 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * 
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.FilterConfig;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockFilterConfig;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * This class holds a number of static utilities to make writing WAF test cases easy. Definitely not useful
- * for anything other than testing.
- */
-public class WAFTestUtility {
-
-    public static void setWAFPolicy( ESAPIWebApplicationFirewallFilter waf, String policyFile ) throws Exception {
-        Map map = new HashMap();
-    	map.put( "configuration", policyFile );
-    	map.put( "log_settings", "../log4j.xml");
-    	FilterConfig mfc = new MockWafFilterConfig( map );
-    	waf.init( mfc );
-    }
-    
-    public static int checkWAFResult( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain chain ) throws Exception {
-
-        //request.dump();
-    	waf.doFilter(request, response, chain);
-        //response.dump();
-        
-        return response.getStatus();
-       
-    }  
-
-    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
-
-		MockFilterChain chain = new MockFilterChain();
-		
-		return WAFTestUtility.checkWAFResult(waf, request, response, chain);
-		
-	}
-
-    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
-
-
-    	return WAFTestUtility.checkWAFResult(waf, request, response, filterChain);
-		
-	}
-    
-    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
-
-    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
-    	File f = ESAPI.securityConfiguration().getResourceFile(policy);
-    	waf.setConfiguration(f.getAbsolutePath(),"");
-
-		return createAndExecuteWAFTransaction(waf, request, response );
-		
-	}
-    
-    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
-
-    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
-    	File f = ESAPI.securityConfiguration().getResourceFile(policy);        
-    	waf.setConfiguration(f.getAbsolutePath(),"");
-
-		return createAndExecuteWAFTransaction(waf, request, response, filterChain );
-		
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ *
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockFilterConfig;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * This class holds a number of static utilities to make writing WAF test cases easy. Definitely not useful
+ * for anything other than testing.
+ */
+public class WAFTestUtility {
+
+    public static void setWAFPolicy( ESAPIWebApplicationFirewallFilter waf, String policyFile ) throws Exception {
+        Map map = new HashMap();
+        map.put( "configuration", policyFile );
+
+            // As of ESAPI 2.5.0.0 (when Log4J 1 dependency was removed), thsi
+            // init parameter is not ignored. However, it will produce a warning
+            // log message that looks something like this:
+            //
+            // [2022-07-11 00:25:45] [org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter] [EVENT FAILURE Anonymous:90471@unknown -> 10.1.43.6:80/ExampleApplication/org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter] >> Since ESAPI 2.5.0.0, ESAPI WAF ignoring parameter 'log_settings; for further details, see https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.0.0-release-notes.txt
+            //
+            // Without getting really fancy and making this test way more
+            // complicated than I want though, I am not sure how to test for
+            // some specicif log output. It's been manually verified (once).
+            // Hopefully, that is good enough.      -kwwall
+            //
+        map.put( "log_settings", "parameter-now-ignored!!!");
+        FilterConfig mfc = new MockWafFilterConfig( map );
+        waf.init( mfc );
+    }
+
+    public static int checkWAFResult( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain chain ) throws Exception {
+
+        //request.dump();
+        waf.doFilter(request, response, chain);
+        //response.dump();
+
+        return response.getStatus();
+
+    }
+
+    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
+
+        MockFilterChain chain = new MockFilterChain();
+
+        return WAFTestUtility.checkWAFResult(waf, request, response, chain);
+
+    }
+
+    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
+
+
+        return WAFTestUtility.checkWAFResult(waf, request, response, filterChain);
+
+    }
+
+    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
+
+        ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
+        File f = ESAPI.securityConfiguration().getResourceFile(policy);
+        waf.setConfiguration(f.getAbsolutePath(),"");
+
+        return createAndExecuteWAFTransaction(waf, request, response );
+
+    }
+
+    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
+
+        ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
+        File f = ESAPI.securityConfiguration().getResourceFile(policy);
+        waf.setConfiguration(f.getAbsolutePath(),"");
+
+        return createAndExecuteWAFTransaction(waf, request, response, filterChain );
+
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java
index f6b137056..06bd860e6 100644
--- a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java
+++ b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java
@@ -1,76 +1,76 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.waf.internal;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class InterceptingHttpServletRequestTest extends TestCase {
-
-    /**
-	 * Instantiates a new test.
-	 *
-	 * @param testName
-	 *            the test name
-	 */
-    public InterceptingHttpServletRequestTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 *
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(InterceptingHttpServletRequestTest.class);
-        return suite;
-    }
-
-
-    /**
-	 * Test.
-     */
-    public void testRequest() throws Exception {
-        System.out.println("InterceptingHTTPServletRequest");
-   	    MockHttpServletRequest mreq = new MockHttpServletRequest();
-   	    mreq.setMethod( "GET" );
-        InterceptingHTTPServletRequest ireq = new InterceptingHTTPServletRequest(mreq);
-        assertEquals( mreq.getMethod(), ireq.getMethod() );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.waf.internal;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class InterceptingHttpServletRequestTest extends TestCase {
+
+    /**
+     * Instantiates a new test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public InterceptingHttpServletRequestTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(InterceptingHttpServletRequestTest.class);
+        return suite;
+    }
+
+
+    /**
+     * Test.
+     */
+    public void testRequest() throws Exception {
+        System.out.println("InterceptingHTTPServletRequest");
+           MockHttpServletRequest mreq = new MockHttpServletRequest();
+           mreq.setMethod( "GET" );
+        InterceptingHTTPServletRequest ireq = new InterceptingHTTPServletRequest(mreq);
+        assertEquals( mreq.getMethod(), ireq.getMethod() );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java
index 20a97bc00..bee1c8f2d 100644
--- a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java
+++ b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java
@@ -1,80 +1,80 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.waf.internal;
-
-import java.util.ArrayList;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class InterceptingHttpServletResponseTest extends TestCase {
-    
-    /**
-	 * Instantiates a new test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public InterceptingHttpServletResponseTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(InterceptingHttpServletResponseTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test.
-     */
-    public void testRequest() throws Exception {
-        System.out.println("InterceptingHTTPServletResponse");
-   	    MockHttpServletResponse mres = new MockHttpServletResponse();
-        InterceptingHTTPServletResponse ires = new InterceptingHTTPServletResponse(mres, false, new ArrayList() );
-        // isos.println( "Hello" );
-        // ires.getOutputStream().println( "Hello" );
-        // ires.getWriter().println("Hello");
-        // assertEquals( "Hello\r\n", new String( ires.getInterceptingServletOutputStream().getResponseBytes() ) );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.util.ArrayList;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class InterceptingHttpServletResponseTest extends TestCase {
+
+    /**
+     * Instantiates a new test.
+     *
+     * @param testName
+     *            the test name
+     */
+    public InterceptingHttpServletResponseTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     *
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(InterceptingHttpServletResponseTest.class);
+        return suite;
+    }
+
+
+    /**
+     * Test.
+     */
+    public void testRequest() throws Exception {
+        System.out.println("InterceptingHTTPServletResponse");
+           MockHttpServletResponse mres = new MockHttpServletResponse();
+        InterceptingHTTPServletResponse ires = new InterceptingHTTPServletResponse(mres, false, new ArrayList() );
+        // isos.println( "Hello" );
+        // ires.getOutputStream().println( "Hello" );
+        // ires.getWriter().println("Hello");
+        // assertEquals( "Hello\r\n", new String( ires.getInterceptingServletOutputStream().getResponseBytes() ) );
+    }
+}
diff --git a/src/test/resources/ESAPI-properties.xsd b/src/test/resources/ESAPI-properties.xsd
new file mode 100644
index 000000000..523d3a124
--- /dev/null
+++ b/src/test/resources/ESAPI-properties.xsd
@@ -0,0 +1,17 @@
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="properties">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="property" maxOccurs="unbounded" minOccurs="0">
+                    <xs:complexType>
+                        <xs:simpleContent>
+                            <xs:extension base="xs:string">
+                                <xs:attribute type="xs:string" name="name" use="optional"/>
+                            </xs:extension>
+                        </xs:simpleContent>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
\ No newline at end of file
diff --git a/src/test/resources/antisamy-InvalidPolicy.xml b/src/test/resources/antisamy-InvalidPolicy.xml
new file mode 100644
index 000000000..d8aeef041
--- /dev/null
+++ b/src/test/resources/antisamy-InvalidPolicy.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="antisamy.xsd">
+    <!--    This AntiSamy policy file intentionally fails the AntiSamy XML
+            schema validation checks (because of 'notSupportedTag'). We don't
+            actually *do* any tests with it other than to see if we can construct
+            an HTMLValidationRule instance that uses it with both
+                owasp.validator.validateschema=false
+            to disable AntiSamy's XML schema validation (in which case, the CTOR should work)
+            and with
+                owasp.validator.validateschema=true
+            (which is the default), which leaves its XML schema validation enabled (in which
+            case the CTOR should fail with an exception).
+
+            @since: 2.2.3.0
+    -->
+	<directives></directives>
+	<common-regexps></common-regexps>
+	<common-attributes></common-attributes>
+	<global-tag-attributes></global-tag-attributes>
+	<dynamic-tag-attributes></dynamic-tag-attributes>
+	<tag-rules></tag-rules>
+	<css-rules></css-rules>
+	<notSupportedTag></notSupportedTag>
+</anti-samy-rules>
diff --git a/src/test/resources/antisamy-esapi-CP.xml b/src/test/resources/antisamy-esapi-CP.xml
new file mode 100644
index 000000000..ee1aa6b4d
--- /dev/null
+++ b/src/test/resources/antisamy-esapi-CP.xml
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+	
+<!-- 
+W3C rules retrieved from:
+http://www.w3.org/TR/html401/struct/global.html
+-->
+	
+<!--
+Slashdot allowed tags taken from "Reply" page:
+<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
+-->
+
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:noNamespaceSchemaLocation="antisamy.xsd">
+	
+	<directives>
+		<directive name="omitXmlDeclaration" value="true"/>
+		<directive name="omitDoctypeDeclaration" value="true"/>
+		<directive name="maxInputSize" value="500000"/>
+		<directive name="embedStyleSheets" value="false"/>
+	</directives>
+	
+	
+	<common-regexps>
+		
+		<!-- 
+		From W3C:
+		This attribute assigns a class name or set of class names to an
+		element. Any number of elements may be assigned the same class
+		name or names. Multiple class names must be separated by white 
+		space characters.
+		-->
+		
+		<regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+		<regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
+	
+	</common-regexps>
+	
+	<!-- 
+	
+	Tag.name = a, b, div, body, etc.
+	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
+	Attribute.name = id, class, href, align, width, etc.
+	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
+	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
+	 
+	 -->
+
+	<!-- 
+	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
+	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
+	-->
+
+	<common-attributes>
+		
+
+		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
+		 	<regexp-list>
+		 		<regexp value="[a-zA-Z]{2,20}"/>
+		 	</regexp-list>
+		 </attribute>
+		 
+		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
+		 	<regexp-list>
+		 		<regexp name="htmlTitle"/>
+		 	</regexp-list>
+		 </attribute>
+
+		<attribute name="href" onInvalid="filterTag">
+			<regexp-list>
+				<regexp name="onsiteURL"/>
+				<regexp name="offsiteURL"/>
+			</regexp-list>
+		</attribute>
+	
+		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
+			<literal-list>
+				<literal value="center"/>
+				<literal value="left"/>
+				<literal value="right"/>
+				<literal value="justify"/>
+				<literal value="char"/>
+			</literal-list>
+		</attribute>
+
+	</common-attributes>
+
+
+	<!--
+	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
+	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
+	a while?
+	 -->
+	
+	<global-tag-attributes>
+		<attribute name="title"/>
+		<attribute name="lang"/>
+	</global-tag-attributes>
+
+
+	<tag-rules>
+
+		<!-- Tags related to JavaScript -->
+
+		<tag name="script" action="remove"/>
+		<tag name="noscript" action="remove"/>
+		
+		<!-- Frame & related tags -->
+		
+		<tag name="iframe" action="remove"/>
+		<tag name="frameset" action="remove"/>
+		<tag name="frame" action="remove"/>
+		<tag name="noframes" action="remove"/>
+		
+
+		<!-- All reasonable formatting tags -->
+		
+		<tag name="p" action="validate">
+			<attribute name="align"/>
+		</tag>
+
+		<tag name="div" action="validate"/>		
+		<tag name="i" action="validate"/>
+		<tag name="b" action="validate"/>
+		<tag name="em" action="validate"/>
+		<tag name="blockquote" action="validate"/>
+		<tag name="tt" action="validate"/>
+		
+		<tag name="br" action="truncate"/>
+
+		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
+		
+		<tag name="quote" action="validate"/>
+		<tag name="ecode" action="validate"/> 
+		
+						
+		<!-- Anchor and anchor related tags -->
+		
+		<tag name="a" action="validate">
+
+			<attribute name="href" onInvalid="filterTag"/>
+			<attribute name="nohref">
+				<literal-list>
+					<literal value="nohref"/>
+					<literal value=""/>
+				</literal-list>
+			</attribute>
+			<attribute name="rel">
+				<literal-list>
+					<literal value="nofollow"/>
+				</literal-list>
+			</attribute>
+		</tag>
+
+		<!-- List tags -->
+
+		<tag name="ul" action="validate"/>
+		<tag name="ol" action="validate"/>
+		<tag name="li" action="validate"/>
+		
+	</tag-rules>
+
+
+
+	<!--  No CSS on Slashdot posts -->
+
+	<css-rules>
+	</css-rules>
+
+
+
+</anti-samy-rules>
diff --git a/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml b/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml
index 2ed0732bc..4d2ca74b5 100644
--- a/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml
+++ b/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml
@@ -1,127 +1,127 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-
-<AccessControlPolicy>
-	<AccessControlRules>
-		<AccessControlRule
-			name="AlwaysTrue"
-			description="Access is always granted"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="AlwaysFalse"
-			description="Access is always denied"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameter"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoPolicyParameter"
-			description="Access depends on the value of the policy parameter: isTrue"
-			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="true"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- 
-			The following Rules are for backwards compatibility with
-			the deprecated AcessController 1.0 reference implementation
-			specification
-		-->
-		<AccessControlRule
-			name="AC 1.0 Data"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 File"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Function"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Service"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 URL"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
-	</AccessControlRules>
-</AccessControlPolicy>
-
-
-
-<!-- 
-We have these as runtime tests, but not as policy file load tests yet.
-		<AccessControlRule
-			name="EchoRuntimeParameterClassCastException"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueNull"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="null"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueEmpty"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value=""/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueMissing"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean"/>
-			</Parameters>
-		</AccessControlRule>
--->
-
-<!-- we should add tests for name and type errors too -->
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+
+<AccessControlPolicy>
+	<AccessControlRules>
+		<AccessControlRule
+			name="AlwaysTrue"
+			description="Access is always granted"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="AlwaysFalse"
+			description="Access is always denied"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameter"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoPolicyParameter"
+			description="Access depends on the value of the policy parameter: isTrue"
+			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="true"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- 
+			The following Rules are for backwards compatibility with
+			the deprecated AcessController 1.0 reference implementation
+			specification
+		-->
+		<AccessControlRule
+			name="AC 1.0 Data"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 File"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Function"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Service"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 URL"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
+	</AccessControlRules>
+</AccessControlPolicy>
+
+
+
+<!-- 
+We have these as runtime tests, but not as policy file load tests yet.
+		<AccessControlRule
+			name="EchoRuntimeParameterClassCastException"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueNull"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="null"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueEmpty"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value=""/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueMissing"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean"/>
+			</Parameters>
+		</AccessControlRule>
+-->
+
+<!-- we should add tests for name and type errors too -->
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index 837d5a9d3..9e6d67616 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -1,466 +1,485 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-#Validator.ConfigurationFile.MultiValued=false
-Validator.ConfigurationFile=validation-test,comma.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dumbed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
+
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
+Encryptor.ChooseIVMethod=random
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+#Validator.ConfigurationFile.MultiValued=false
+Validator.ConfigurationFile=validation-test,comma.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index afa1d75f0..625071607 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -1,466 +1,486 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-Validator.ConfigurationFile.MultiValued=true
-Validator.ConfigurationFile=validation-test1.properties,validation-test2.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dumbed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
+
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
+Encryptor.ChooseIVMethod=random
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+Validator.ConfigurationFile.MultiValued=true
+Validator.ConfigurationFile=validation-test1.properties,validation-test2.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index 2dc8c5d15..46784ceff 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -1,466 +1,484 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-Validator.ConfigurationFile.MultiValued=true
-Validator.ConfigurationFile="validation-test,comma.properties",validation-test1.properties,validation-test2.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dumbed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
+
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
+Encryptor.ChooseIVMethod=random
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+Validator.ConfigurationFile.MultiValued=true
+Validator.ConfigurationFile="validation-test,comma.properties",validation-test1.properties,validation-test2.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index 95cdb0056..f3742cee8 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -1,466 +1,484 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-#Validator.ConfigurationFile.MultiValued=false
-Validator.ConfigurationFile=validation-test1.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dumbed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
+
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
+Encryptor.ChooseIVMethod=random
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+#Validator.ConfigurationFile.MultiValued=false
+Validator.ConfigurationFile=validation-test1.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI-root-cp.properties b/src/test/resources/esapi/ESAPI-root-cp.properties
new file mode 100644
index 000000000..aef298618
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-root-cp.properties
@@ -0,0 +1,4 @@
+# Test ESAPI properties file for JUnit test DefaultSecurityConfigurationTest.testRootCPLoading().
+# Only need this one property for that JUnit test, which tests if this property
+# file is found in the root path of the CLASSPATH.
+Validator.ConfigurationFile=validation-test1.properties
diff --git a/src/test/resources/esapi/ESAPI-test-2.properties b/src/test/resources/esapi/ESAPI-test-2.properties
new file mode 100644
index 000000000..fb2e582b6
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test-2.properties
@@ -0,0 +1,5 @@
+# Random properties for test purpose - all property keys could be found in ESAPI-test.properties but with
+# different values. Used for test property files priorities.
+string_property=test_string_property_2
+int_property=52
+boolean_property=false
diff --git a/src/test/resources/esapi/ESAPI-test-2.xml b/src/test/resources/esapi/ESAPI-test-2.xml
new file mode 100644
index 000000000..bec5597a4
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test-2.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property">test_string_property_2</property>
+    <property name="int_property">52</property>
+    <property name="boolean_property">false</property>
+</properties>
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-test-invalid-content.xml b/src/test/resources/esapi/ESAPI-test-invalid-content.xml
new file mode 100644
index 000000000..d6dc1f74b
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test-invalid-content.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property">test_string_property</property>
+    <property name="int_property">5</property>
+    <property name="boolean_property">true</property>
+    <invalid name="invalid_property">invalid</invalid>
+</properties>
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-test.properties b/src/test/resources/esapi/ESAPI-test.properties
new file mode 100644
index 000000000..d46c2d34e
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test.properties
@@ -0,0 +1,8 @@
+# random properties for test purpose
+string_property=test_string_property
+int_property=5
+invalid_int_property=invalid int
+boolean_property=true
+boolean_yes_property=yes
+boolean_no_property=no
+invalid_boolean_property=invalid boolean
diff --git a/src/test/resources/esapi/ESAPI-test.xml b/src/test/resources/esapi/ESAPI-test.xml
new file mode 100644
index 000000000..097f87eaf
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property">test_string_property</property>
+    <property name="int_property">5</property>
+    <property name="invalid_int_property">invalid int</property>
+    <property name="boolean_property">true</property>
+    <property name="boolean_yes_property">yes</property>
+    <property name="boolean_no_property">no</property>
+    <property name="invalid_boolean_property">invalid boolean</property>
+</properties>
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 1435b7c6d..e10691d1f 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -1,465 +1,617 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-Validator.ConfigurationFile=validation.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dumbed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
+# 
+# This file is part of the Open Worldwide Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# https://owasp.org/www-project-enterprise-security-api/
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
+# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
+#    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
+# and do whatever other normal SLF4J configuration that you normally would do for your application.
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# Default key size to use for cipher specified by Encryptor.EncryptionAlgorithm.
+# Note that this MUST be a valid key size for the algorithm being used
+# (as specified by Encryptor.EncryptionAlgorithm). So for example, if AES is used,
+# it must be 128, 192, or 256. If DESede is chosen, then it must be either 112 or 168.
+#
+# Note that 128-bits is almost always sufficient and for AES it appears to be more
+# somewhat more resistant to related key attacks than is 256-bit AES.)
+#
+# Defaults to 128-bits if left blank.
+#
+# NOTE: If you use a key size > 128-bits, then you MUST have the JCE Unlimited
+#       Strength Jurisdiction Policy files installed!!!
+#
+Encryptor.EncryptionKeyLength=128
+
+# This is the _minimum_ key size (in bits) that we allow with ANY symmetric
+# cipher for doing encryption. (There is no minimum for decryption.)
+#
+# Generally, if you only use one algorithm, this should be set the same as
+# the Encryptor.EncryptionKeyLength property.
+Encryptor.MinEncryptionKeyLength=112
+
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
+Encryptor.ChooseIVMethod=random
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+
+# Was 'SHA1withDSA', but that won't support 2048 key sizes. Change back for
+# backward compatibility.
+Encryptor.DigitalSignatureAlgorithm=SHA256withDSA
+
+# Was 1024. Change this back if you require backward compatibility.
+Encryptor.DigitalSignatureKeyLength=2048
+# SHA1 is fine as a CSRNG; no need to use anything else.
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP header key--the validator regex may have additional values. 
+HttpUtilities.MaxHeaderNameSize=256
+# Maximum size of HTTP header value--the validator regex may have additional values. 
+HttpUtilities.MaxHeaderValueSize=4096
+# Maximum size of JSESSIONID for the application--the validator regex may have additional values.  
+HttpUtilities.HTTPJSESSIONIDLENGTH=50
+# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
+HttpUtilities.URILENGTH=2000
+# Maximum length of a redirect 
+HttpUtilities.maxRedirectLength=512
+# Maximum length for an http scheme
+HttpUtilities.HTTPSCHEMELENGTH=10
+# Maximum length for an http host
+HttpUtilities.HTTPHOSTLENGTH=100
+# Maximum length for an http path
+HttpUtilities.HTTPPATHLENGTH=150
+#Maximum length for a context path 
+HttpUtilities.contextPathLength=150
+#Maximum length for an httpServletPath 
+HttpUtilities.HTTPSERVLETPATHLENGTH=100
+#Maximum length for an http query parameter name
+HttpUtilities.httpQueryParamNameLength=100
+#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
+HttpUtilities.httpQueryParamValueLength=500
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+HttpUtilities.MaxUploadFileBytes=500000000
+# Maximum # of files that can be uploaded per HTTP request.
+# Set to -1 for no maximum. Related to CVE-2023-24998.
+# This is intentionally small for testing purposes.
+HttpUtilities.MaxUploadFileCount=2
+
+# Allowing anonymous users to do file uploads via HTTPUtilities.getFileUploads
+# can make it easier for DoS attacks via uploading files easier. (See Security Bulletin #11,
+# https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin11.pdf
+# for details).
+#
+# By default, we allow anonymous users to upload files because we can only rely on
+# ESAPI.authenticator().getCurrentUser() to determine if a user associated
+# with the current HTTP session is authenticated and almost no one uses the
+# ESAPI Authenticator because the reference implementation is just a toy
+# implementation and is not enterprise scalable.
+#
+# If you are using the ESAPI Authenticator (the ESAPI reference implementation
+# or you've implemented your own custom one), then you can set this property value
+# to 'false' to disallow anonymous (i.e., unauthenticated) users to upload
+# files. However, if you are not using the ESAPI Authenticator, then you should
+# probably leave this set to 'false', otherwise you will completely prevent the
+# use of HTTPUtilities.getFileUploads methods.
+#
+HttpUtilities.FileUploadAllowAnonymousUser=false
+
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+#Sets whether or not we will overwrite http status codes to 200.
+HttpUtilities.OverwriteStatusCodes=true
+#Sets the application's base character encoding.  This is forked from the Java Encryptor property.
+HttpUtilities.CharacterEncoding=UTF-8
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# Determines whether ESAPI should log the user info.
+Logger.UserInfo=true
+# Determines whether ESAPI should log the session id and client IP.
+Logger.ClientInfo=true
+
+# Determines whether ESAPI should log the prefix of [EVENT_TYPE - APPLICATION NAME].
+# If all above Logger entries are set to false, as well as LogPrefix, then the output would be the same as if no ESAPI was used
+Logger.LogPrefix=true
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+# Use '\p{L}' (without the quotes) within the character class to match
+# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
+# You can also use any of the regex flags as documented at
+# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
+#
+Validator.ConfigurationFile=validation.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
+# Note that headerName and Value length is also configured in the HTTPUtilities section
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
+
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
+
+#                       ~~~~~ Important Note ~~~~~
+# This is a workaround to make sure that a commit to address GitHub issue #509
+# doesn't accidentally break someone's production code. So essentially what we
+# are doing is to reverting back to the previous possibly buggy (by
+# documentation intent at least), but, by now, expected legacy behavior.
+# Prior to the code changes for issue #509, if invalid / malicious HTML input was
+# observed, AntiSamy would simply attempt to sanitize (cleanse) it and it would
+# only be logged. However, the code change made ESAPI comply with its
+# documentation, which stated that a ValidationException should be thrown in
+# such cases. Unfortunately, changing this behavior--especially when no one is
+# 100% certain that the documentation was correct--could break existing code
+# using ESAPI so after a lot of debate, issue #521 was created to restore the
+# previous behavior, but still allow the documented behavior. (We did this
+# because it wasn't really causing an security issues since AntiSamy would clean
+# it up anyway and we value backward compatibility as long as it doesn't clearly
+# present security vulnerabilities.)
+# More defaults about this are written up under GitHub issue #521 and
+# the pull request it references. Future major releases of ESAPI (e.g., ESAPI 3.x)
+# will not support this previous behavior, but it will remain for ESAPI 2.x.
+# Set this to 'throw' if you want the originally intended behavior of throwing
+# that was fixed via issue #509. Set to 'clean' if you want want the HTML input
+# sanitized instead.
+#
+# Possible values:
+#   clean -- Use the legacy behavior where unsafe HTML input is logged and the
+#            sanitized (i.e., clean) input as determined by AntiSamy and your
+#            AntiSamy rules is returned. This is the default behavior if this
+#            new property is not found.
+#   throw -- The new, presumably correct and originally intended behavior where
+#            a ValidationException is thrown when unsafe HTML input is
+#            encountered.
+#
+#Validator.HtmlValidationAction=clean
+Validator.HtmlValidationAction=throw
+
+########################################################################################
+# The following methods are now disabled in the default configuration and must
+# be explicity enabled. If you try to invoke a method disabled by default, ESAPI
+# will thrown a NotConfiguredByDefaultException.
+#
+# The reason for this varies, but ranges from they are not really suitable for
+# enterprise scale to that are only marginally tested (if at all) versus the are
+# unsafe for general use, although them may be fine when combined with other
+# security-in-depth techiques.
+#
+# The disabled-by-default methods are:
+#   org.owasp.esapi.reference.DefaultEncoder.encodeForSQL
+#   org.owasp.esapi.ESAPI.accessController  [FUTURE]
+#
+# The format is a comma-separated list of fully.Qualified.ClassName.methodName;
+# all class names must begin with "org.owasp.esapi.".
+#
+#   Note to ESAPI Devs: There is presently NO WAY to specific which specific
+#                       method to indicate here when the method name alone,
+#                       absent from its signature, is ambiguous, so it is
+#                       best to avoid those if at all possible!
+#
+#                       An example of that would be something like:
+#                           org.owasp.esapi.reference.DefaultValidator.getValidPrintable
+#                       which has 4 interfaces so currently, there's no way to
+#                       specify a specific one.
+#       
+#       We need this there for our existing JUnit tests for encodeForSQL. Use an
+#       alternate ESAPI property config filen name for testing this aspect out.
+ESAPI.dangerouslyAllowUnsafeMethods.methodNames=org.owasp.esapi.reference.DefaultEncoder.encodeForSQL
+
+# Normally you would put some text here (that will be logged) that provides some
+# justification as to why you have enabled these functions. This can be
+# anythuing such as a Jira or ServiceNow ticket number, a security exception
+# reference, etc. If it is left empty, it will just like "Justification: none".`
+ESAPI.dangerouslyAllowUnsafeMethods.justification=blah,blah. Please don't fire my @$$. Ticket # 12345-not-the-winning-lotto#
diff --git a/src/test/resources/esapi/antisamy-esapi.xml b/src/test/resources/esapi/antisamy-esapi.xml
index 500ab5943..bcb53aed1 100644
--- a/src/test/resources/esapi/antisamy-esapi.xml
+++ b/src/test/resources/esapi/antisamy-esapi.xml
@@ -1,492 +1,172 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-	
-<!-- 
-W3C rules retrieved from:
-http://www.w3.org/TR/html401/struct/global.html
--->
-	
-<!--
-Slashdot allowed tags taken from "Reply" page:
-<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
--->
-
-<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:noNamespaceSchemaLocation="antisamy.xsd">
-	
-	<directives>
-		<directive name="omitXmlDeclaration" value="true"/>
-		<directive name="omitDoctypeDeclaration" value="true"/>
-		<directive name="maxInputSize" value="500000"/>
-		<directive name="embedStyleSheets" value="false"/>
-	</directives>
-	
-	
-	<common-regexps>
-		
-		<!-- 
-		From W3C:
-		This attribute assigns a class name or set of class names to an
-		element. Any number of elements may be assigned the same class
-		name or names. Multiple class names must be separated by white 
-		space characters.
-		-->
-		
-		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
-		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
-		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
-	
-	</common-regexps>
-	
-	<!-- 
-	
-	Tag.name = a, b, div, body, etc.
-	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
-	Attribute.name = id, class, href, align, width, etc.
-	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
-	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
-	 
-	 -->
-
-	<!-- 
-	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
-	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
-	-->
-
-	<common-attributes>
-		
-
-		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
-		 	<regexp-list>
-		 		<regexp value="[a-zA-Z]{2,20}"/>
-		 	</regexp-list>
-		 </attribute>
-		 
-		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
-		 	<regexp-list>
-		 		<regexp name="htmlTitle"/>
-		 	</regexp-list>
-		 </attribute>
-
-		<attribute name="href" onInvalid="filterTag">
-			<regexp-list>
-				<regexp name="onsiteURL"/>
-				<regexp name="offsiteURL"/>
-			</regexp-list>
-		</attribute>
-	
-		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
-			<literal-list>
-				<literal value="center"/>
-				<literal value="left"/>
-				<literal value="right"/>
-				<literal value="justify"/>
-				<literal value="char"/>
-			</literal-list>
-		</attribute>
-
-	</common-attributes>
-
-
-	<!--
-	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
-	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
-	a while?
-	 -->
-	
-	<global-tag-attributes>
-		<attribute name="title"/>
-		<attribute name="lang"/>
-	</global-tag-attributes>
-
-
-	<tag-rules>
-
-		<!-- Tags related to JavaScript -->
-
-		<tag name="script" action="remove"/>
-		<tag name="noscript" action="remove"/>
-		
-		<!-- Frame & related tags -->
-		
-		<tag name="iframe" action="remove"/>
-		<tag name="frameset" action="remove"/>
-		<tag name="frame" action="remove"/>
-		<tag name="noframes" action="remove"/>
-		
-
-		<!-- All reasonable formatting tags -->
-		
-		<tag name="p" action="validate">
-			<attribute name="align"/>
-		</tag>
-
-		<tag name="div" action="validate"/>		
-		<tag name="i" action="validate"/>
-		<tag name="b" action="validate"/>
-		<tag name="em" action="validate"/>
-		<tag name="blockquote" action="validate"/>
-		<tag name="tt" action="validate"/>
-		
-		<tag name="br" action="truncate"/>
-
-		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
-		
-		<tag name="quote" action="validate"/>
-		<tag name="ecode" action="validate"/> 
-		
-						
-		<!-- Anchor and anchor related tags -->
-		
-		<tag name="a" action="validate">
-
-			<attribute name="href" onInvalid="filterTag"/>
-			<attribute name="nohref">
-				<literal-list>
-					<literal value="nohref"/>
-					<literal value=""/>
-				</literal-list>
-			</attribute>
-			<attribute name="rel">
-				<literal-list>
-					<literal value="nofollow"/>
-				</literal-list>
-			</attribute>
-		</tag>
-
-		<!-- List tags -->
-
-		<tag name="ul" action="validate"/>
-		<tag name="ol" action="validate"/>
-		<tag name="li" action="validate"/>
-		
-	</tag-rules>
-
-
-
-	<!--  No CSS on Slashdot posts -->
-
-	<css-rules>
-	</css-rules>
-
-
-	<html-entities>
-		<entity name="amp" cdata="&amp;"/>
-		<entity name="nbsp" cdata="&amp;#160;"/>
-		
-		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
-		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
-		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
-		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
-		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
-		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
-		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
-		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
-		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
-		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
-		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
-		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
-		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
-		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
-		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
-		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
-		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
-		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
-		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
-		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
-		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
-		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
-		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
-		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
-		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
-		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
-		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
-		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
-		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
-		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
-		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
-		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
-		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
-		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
-		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
-		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
-		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
-		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
-		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
-		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
-		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
-		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
-		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
-		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
-		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
-		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
-		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
-		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
-		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
-		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
-		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
-		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
-		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
-		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
-		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
-		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
-		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
-		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
-		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
-		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
-		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
-		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
-		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
-		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
-		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
-		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
-		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
-		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
-		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
-		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
-		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
-		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
-		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
-		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
-		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
-		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
-		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
-		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
-		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
-		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
-		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
-		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
-		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
-		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
-		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
-		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
-		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
-		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
-		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
-		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
-		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
-		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
-		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
-		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
-		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
-		                                  
-		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
-		
-		<!-- Greek -->
-		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
-		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
-		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
-		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
-		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
-		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
-		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
-		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
-		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
-		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
-		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
-		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
-		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
-		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
-		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
-		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
-		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
-		<!-- there is no Sigmaf, and no U+03A2 character either -->
-		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
-		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
-		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
-		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
-		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
-		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
-		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
-		
-		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
-		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
-		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
-		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
-		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
-		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
-		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
-		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
-		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
-		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
-		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
-		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
-		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
-		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
-		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
-		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
-		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
-		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
-		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
-		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
-		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
-		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
-		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
-		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
-		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
-		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
-		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
-		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
-		
-		<!-- General Punctuation -->
-		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
-		<!-- bullet is NOT the same as bullet operator, U+2219 -->
-		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
-		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
-		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
-		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
-		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
-		
-		<!-- Letterlike Symbols -->
-		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
-		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
-		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
-		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
-		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
-		<!-- alef symbol is NOT the same as hebrew letter alef,
-		     U+05D0 although the same glyph could be used to depict both characters -->
-		
-		<!-- Arrows -->
-		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
-		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
-		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
-		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
-		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
-		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
-		                                     = carriage return, U+21B5 NEW -->
-		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
-		
-		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
-		    but also does not have any other character for that function. So ? lArr can
-		    be used for 'is implied by' as ISOtech suggests -->
-		    
-		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
-		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
-		
-		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
-		     another character with this function so ?
-		     rArr can be used for 'implies' as ISOtech suggests -->
-		     
-		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
-		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
-		
-		<!-- Mathematical Operators -->
-		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
-		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
-		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
-		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
-		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
-		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
-		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
-		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
-	
-		<!-- should there be a more memorable name than 'ni'? -->
-		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
-		
-		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
-		     the same glyph might be used for both -->
-		     
-		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
-		
-		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
-		     though the same glyph might be used for both -->
-		
-		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
-		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
-		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
-		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
-		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
-		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
-		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
-		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
-		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
-		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
-		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
-		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
-		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
-		
-		<!-- tilde operator is NOT the same character as the tilde, U+007E,
-		     although the same glyph might be used to represent both  -->
-		     
-		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
-		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
-		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
-		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
-		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
-		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
-		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
-		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
-		
-		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
-		     font encoding and is not included. Should it be, for symmetry?
-		     It is in ISOamsn  --> 
-		
-		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
-		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
-		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
-		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
-		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
-		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
-		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
-		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
-		
-		<!-- Miscellaneous Technical -->
-		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
-		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
-		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
-		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
-		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
-		<!-- lang is NOT the same character as U+003C 'less than' 
-		     or U+2039 'single left-pointing angle quotation mark' -->
-		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
-		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
-		
-		<!-- Geometric Shapes -->
-		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
-		
-		<!-- Miscellaneous Symbols -->
-		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
-		<!-- black here seems to mean filled as opposed to hollow -->
-		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
-		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
-		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
-		
-		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
-		<!-- Latin Extended-A -->
-		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
-		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
-		<!-- ligature is a misnomer, this is a separate character in some languages -->
-		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
-		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
-		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
-		
-		<!-- Spacing Modifier Letters -->
-		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
-		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
-		
-		<!-- General Punctuation -->
-		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
-		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
-		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
-		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
-		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
-		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
-		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
-		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
-		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
-		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
-		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
-		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
-		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
-		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
-		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
-		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
-		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
-		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
-		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
-		<!-- lsaquo is proposed but not yet ISO standardized -->
-		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
-		<!-- rsaquo is proposed but not yet ISO standardized -->
-		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
-	</html-entities>
-
-</anti-samy-rules>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+	
+<!-- 
+W3C rules retrieved from:
+http://www.w3.org/TR/html401/struct/global.html
+-->
+	
+<!--
+Slashdot allowed tags taken from "Reply" page:
+<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
+-->
+
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:noNamespaceSchemaLocation="antisamy.xsd">
+	
+	<directives>
+		<directive name="omitXmlDeclaration" value="true"/>
+		<directive name="omitDoctypeDeclaration" value="true"/>
+		<directive name="maxInputSize" value="500000"/>
+		<directive name="embedStyleSheets" value="false"/>
+        <directive name="noopenerAndNoreferrerAnchors" value="true" />
+	</directives>
+	
+	
+	<common-regexps>
+		
+		<!-- 
+		From W3C:
+		This attribute assigns a class name or set of class names to an
+		element. Any number of elements may be assigned the same class
+		name or names. Multiple class names must be separated by white 
+		space characters.
+		-->
+		
+		<regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+		<regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
+	
+	</common-regexps>
+	
+	<!-- 
+	
+	Tag.name = a, b, div, body, etc.
+	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
+	Attribute.name = id, class, href, align, width, etc.
+	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
+	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
+	 
+	 -->
+
+	<!-- 
+	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
+	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
+	-->
+
+	<common-attributes>
+		
+
+		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
+		 	<regexp-list>
+		 		<regexp value="[a-zA-Z]{2,20}"/>
+		 	</regexp-list>
+		 </attribute>
+		 
+		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
+		 	<regexp-list>
+		 		<regexp name="htmlTitle"/>
+		 	</regexp-list>
+		 </attribute>
+
+		<attribute name="href" onInvalid="filterTag">
+			<regexp-list>
+				<regexp name="onsiteURL"/>
+				<regexp name="offsiteURL"/>
+			</regexp-list>
+		</attribute>
+	
+		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
+			<literal-list>
+				<literal value="center"/>
+				<literal value="left"/>
+				<literal value="right"/>
+				<literal value="justify"/>
+				<literal value="char"/>
+			</literal-list>
+		</attribute>
+
+	</common-attributes>
+
+
+	<!--
+	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
+	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
+	a while?
+	 -->
+	
+	<global-tag-attributes>
+		<attribute name="title"/>
+		<attribute name="lang"/>
+	</global-tag-attributes>
+
+
+	<tag-rules>
+
+		<!-- Tags related to JavaScript -->
+
+		<tag name="script" action="remove"/>
+		<tag name="noscript" action="remove"/>
+		
+		<!-- Frame & related tags -->
+		
+		<tag name="iframe" action="remove"/>
+		<tag name="frameset" action="remove"/>
+		<tag name="frame" action="remove"/>
+		<tag name="noframes" action="remove"/>
+		
+
+		<!-- All reasonable formatting tags -->
+		
+		<tag name="p" action="validate">
+			<attribute name="align"/>
+		</tag>
+
+		<tag name="div" action="validate"/>		
+		<tag name="i" action="validate"/>
+		<tag name="b" action="validate"/>
+		<tag name="em" action="validate"/>
+		<tag name="blockquote" action="validate"/>
+		<tag name="tt" action="validate"/>
+		
+		<tag name="br" action="truncate"/>
+
+		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
+		
+		<tag name="quote" action="validate"/>
+		<tag name="ecode" action="validate"/> 
+		
+						
+		<!-- Anchor and anchor related tags -->
+		
+		<tag name="a" action="validate">
+
+			<attribute name="href" onInvalid="filterTag"/>
+			<attribute name="nohref">
+				<literal-list>
+					<literal value="nohref"/>
+					<literal value=""/>
+				</literal-list>
+			</attribute>
+			<attribute name="rel">
+				<literal-list>
+					<literal value="nofollow"/>
+				</literal-list>
+			</attribute>
+		</tag>
+
+		<!-- List tags -->
+
+		<tag name="ul" action="validate"/>
+		<tag name="ol" action="validate"/>
+		<tag name="li" action="validate"/>
+		
+	</tag-rules>
+
+
+
+	<!--  No CSS on Slashdot posts -->
+
+	<css-rules>
+	</css-rules>
+
+</anti-samy-rules>
diff --git a/src/test/resources/esapi/fbac-policies/DataAccessRules.txt b/src/test/resources/esapi/fbac-policies/DataAccessRules.txt
index f21e8c869..0341aa56f 100644
--- a/src/test/resources/esapi/fbac-policies/DataAccessRules.txt
+++ b/src/test/resources/esapi/fbac-policies/DataAccessRules.txt
@@ -4,6 +4,6 @@ java.io.BufferedReader             | any         | read        | default deny
 java.lang.String                   | User        | read, write |
 java.lang.Math                     | Admin       | read, write |
 java.util.ArrayList                | Admin       | read        |
-java.awt.event.MouseWheelEvent     | Admin, User | write, read |
+javax.crypto.Cipher                | Admin, User | write, read |
 java.util.Date                     | User        | write       |
-java.util.Random                   | User, Admin | read        |
\ No newline at end of file
+java.util.Random                   | User, Admin | read        |
diff --git a/src/test/resources/esapi/validation.properties b/src/test/resources/esapi/validation.properties
index 18e037f3b..cf36cbdb7 100644
--- a/src/test/resources/esapi/validation.properties
+++ b/src/test/resources/esapi/validation.properties
@@ -1,29 +1,48 @@
-# The ESAPI validator does many security checks on input, such as canonicalization
-# and whitelist validation. Note that all of these validation rules are applied *after*
-# canonicalization. Double-encoded characters (even with different encodings involved,
-# are never allowed.
-#
-# To use:
-#
-# First set up a pattern below. You can choose any name you want, prefixed by the word
-# "Validation." For example:
-#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-# 
-# Then you can validate in your code against the pattern like this:
-#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
-# Where maxLength and allowNull are set for you needs, respectively.
-#
-# But note, when you use boolean variants of validation functions, you lose critical 
-# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and 
-# and use the returned user input which is in canonical form. Consider the following:
-#  
-# try {
-#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
-#
-Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
-Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
-Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
-Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
-
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#
+# The ESAPI validator does many security checks on input, such as canonicalization
+# and whitelist validation. Note that all of these validation rules are applied *after*
+# canonicalization. Double-encoded characters (even with different encodings involved,
+# are never allowed.
+#
+# To use:
+#
+# First set up a pattern below. You can choose any name you want, prefixed by the word
+# "Validation." For example:
+#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+# 
+# Then you can validate in your code against the pattern like this:
+#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
+# Where maxLength and allowNull are set for you needs, respectively.
+#
+# But note, when you use boolean variants of validation functions, you lose critical 
+# canonicalization. It is preferable to use the "get" methods (which throw exceptions)
+# and use the returned user input which is in canonical form. Consider the following:
+#  
+# try {
+#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
+#
+Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
+#Given the discussion: https://github.com/ESAPI/esapi-java-legacy/issues/374, a better upper-bound for domain name
+#was selected as 62.  This is slightly under the length in RFC-1035
+Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
+Validator.Gmail=^[A-Za-z0-9._%'-+]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
+Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
+#Validator.URL=^(?:ht|f)tp(s?+)\\:\\/\\/[0-9a-zA-Z](?:[-.\\w]*[0-9a-zA-Z])*(?::(?:0-9)*)*(?:\\/?+)(?:[-a-zA-Z0-9\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?+$
+Validator.URL=^(?:ht|f)tp(?:s?)(?:[:A-Za-z0-9%/#?&.=-]*)$
+Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
+Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
+#RegexString here is PURELY for regression testing purposes.  NOT for production use.  
+Validator.RegexString=^[^<>]*  
+Validator.avaloqLooseSafeString=^[+>=<?!%_,~:@|\\-\\/\\*\\&\\;\\.\\#\\n\\r\\p{Pd}\\p{Ps}\\p{Pe}\\p{Pc}\\p{N}\\p{L}\\p{Sc}\\p{Z}]{0,10000}$
diff --git a/src/test/resources/esapi/waf-policies/add-header-policy.xml b/src/test/resources/esapi/waf-policies/add-header-policy.xml
index b2d8efc49..0a48ed2d0 100644
--- a/src/test/resources/esapi/waf-policies/add-header-policy.xml
+++ b/src/test/resources/esapi/waf-policies/add-header-policy.xml
@@ -1,29 +1,29 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-header rule.
-
-	Protection #1: Any response for a resource will contain a header "FOO" with
-	               a value "BAR".
-
-	Exception #1:  Any request for /marketing/* will not have any such header
-	               returned.
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-header name="FOO" value="BAR" path="/.*">
-			<path-exception type="regex">/marketing/.*</path-exception>
-		</add-header>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-header rule.
+
+	Protection #1: Any response for a resource will contain a header "FOO" with
+	               a value "BAR".
+
+	Exception #1:  Any request for /marketing/* will not have any such header
+	               returned.
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-header name="FOO" value="BAR" path="/.*">
+			<path-exception type="regex">/marketing/.*</path-exception>
+		</add-header>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/add-httponly-policy.xml b/src/test/resources/esapi/waf-policies/add-httponly-policy.xml
index 1232f5997..4420e6ce0 100644
--- a/src/test/resources/esapi/waf-policies/add-httponly-policy.xml
+++ b/src/test/resources/esapi/waf-policies/add-httponly-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-http-flag rule.
-
-	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<add-http-only-flag>
-			<cookie name=".*"/>
-		</add-http-only-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-http-flag rule.
+
+	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<add-http-only-flag>
+			<cookie name=".*"/>
+		</add-http-only-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/add-secure-policy.xml b/src/test/resources/esapi/waf-policies/add-secure-policy.xml
index 12298a45a..80067da42 100644
--- a/src/test/resources/esapi/waf-policies/add-secure-policy.xml
+++ b/src/test/resources/esapi/waf-policies/add-secure-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-secure-flag rule.
-
-	Protection #1: Any cookie set by the application will have the secure flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-secure-flag>
-			<cookie name=".*"/>
-		</add-secure-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-secure-flag rule.
+
+	Protection #1: Any cookie set by the application will have the secure flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-secure-flag>
+			<cookie name=".*"/>
+		</add-secure-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/authentication-policy.xml b/src/test/resources/esapi/waf-policies/authentication-policy.xml
index 1c1a485be..5a77e6c0b 100644
--- a/src/test/resources/esapi/waf-policies/authentication-policy.xml
+++ b/src/test/resources/esapi/waf-policies/authentication-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an authentication rule.
-
-	Authentication applies to: /.*
-	Session variable whose existence implies authentication: sessionUserObjKey
-	Static exception:   <path-exception>/index.html</path-exception>
-	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>>
-
-	<!--
-		Set authentication rules by path.
-	-->
-	<authentication-rules path="/.*"  key="sessionUserObjKey" >
-		<path-exception>/index.html</path-exception>
-		<path-exception type="regex">/images/.*</path-exception>
-	</authentication-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an authentication rule.
+
+	Authentication applies to: /.*
+	Session variable whose existence implies authentication: sessionUserObjKey
+	Static exception:   <path-exception>/index.html</path-exception>
+	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>>
+
+	<!--
+		Set authentication rules by path.
+	-->
+	<authentication-rules path="/.*"  key="sessionUserObjKey" >
+		<path-exception>/index.html</path-exception>
+		<path-exception type="regex">/images/.*</path-exception>
+	</authentication-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/bean-shell-policy.xml b/src/test/resources/esapi/waf-policies/bean-shell-policy.xml
index 5d2f9275f..948d151c0 100644
--- a/src/test/resources/esapi/waf-policies/bean-shell-policy.xml
+++ b/src/test/resources/esapi/waf-policies/bean-shell-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies different custom bean shell rules.
-	
-	
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<!--
-		Import the rules.
-	-->
-	<bean-shell-rules>	
-		<bean-shell-script 
-			id="example1" 
-			file="waf-policies/bean-shell-rule.bsh"
-			stage="before-request-body"/>
-	</bean-shell-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies different custom bean shell rules.
+	
+	
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<!--
+		Import the rules.
+	-->
+	<bean-shell-rules>	
+		<bean-shell-script 
+			id="example1" 
+			file="waf-policies/bean-shell-rule.bsh"
+			stage="before-request-body"/>
+	</bean-shell-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh b/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh
index 2a1f423e7..08c8424c4 100644
--- a/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh
+++ b/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh
@@ -1,5 +1,5 @@
-import org.owasp.esapi.waf.actions.*;
-
-session.setAttribute("simple_waf_test", "true");
-
+import org.owasp.esapi.waf.actions.*;
+
+session.setAttribute("simple_waf_test", "true");
+
 action = new RedirectAction();
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml b/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml
index 8312be95d..ac756aefa 100644
--- a/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml
+++ b/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a detect-content rule.
-
-	Protection #1: The rule should fire whenever the string "2008" appears in
-	               a response body.
-	Exception #1:  The rule should -not- fire when the content type is anything
-	               but text/*.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a detect-content rule.
+
+	Protection #1: The rule should fire whenever the string "2008" appears in
+	               a response body.
+	Exception #1:  The rule should -not- fire when the content type is anything
+	               but text/*.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml b/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml
+++ b/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/enforce-https-policy.xml b/src/test/resources/esapi/waf-policies/enforce-https-policy.xml
index ab123b7e6..beb88513a 100644
--- a/src/test/resources/esapi/waf-policies/enforce-https-policy.xml
+++ b/src/test/resources/esapi/waf-policies/enforce-https-policy.xml
@@ -1,28 +1,28 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an enforce-https rule.
-
-	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
-	Exception #1: Static path /index.html
-	Exception #2: Pattern path /images/.*
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<enforce-https path="/.*">
-			<path-exception>/index.html</path-exception>
-			<path-exception type="regex">/images/.*</path-exception>
-		</enforce-https>
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an enforce-https rule.
+
+	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
+	Exception #1: Static path /index.html
+	Exception #2: Pattern path /images/.*
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<enforce-https path="/.*">
+			<path-exception>/index.html</path-exception>
+			<path-exception type="regex">/images/.*</path-exception>
+		</enforce-https>
+	</url-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/must-match-policy.xml b/src/test/resources/esapi/waf-policies/must-match-policy.xml
index 721fa4cfa..af26fc4cd 100644
--- a/src/test/resources/esapi/waf-policies/must-match-policy.xml
+++ b/src/test/resources/esapi/waf-policies/must-match-policy.xml
@@ -1,35 +1,35 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a must-match rule.
-
-	Protection #1:
-	Protection applies to: /admin/.*
-	Header name needed to access: x-roles
-	Header value needs to *contain* the string: admin
-
-	Protection #2:
-	Protection applies to: /superadmin/.*
-	Header name needed to access: x-roles
-	Header value needs to *equal* the string: superadmin
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<must-match path="^/admin/.*" variable="request.header.x-roles"
-			operator="contains" value="admin" />
-		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
-			operator="equals" value="superadmin" />
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a must-match rule.
+
+	Protection #1:
+	Protection applies to: /admin/.*
+	Header name needed to access: x-roles
+	Header value needs to *contain* the string: admin
+
+	Protection #2:
+	Protection applies to: /superadmin/.*
+	Header name needed to access: x-roles
+	Header value needs to *equal* the string: superadmin
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<must-match path="^/admin/.*" variable="request.header.x-roles"
+			operator="contains" value="admin" />
+		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
+			operator="equals" value="superadmin" />
+	</authorization-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml b/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml
+++ b/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml b/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml
index a9b8a4a38..b766f19d3 100644
--- a/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-content-type rule.
-
-	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
-	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-content-type deny=".*multipart.*">
-			<path-exception type="regex">/fileupload.jsp</path-exception>
-		</restrict-content-type>
-
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-content-type rule.
+
+	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
+	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-content-type deny=".*multipart.*">
+			<path-exception type="regex">/fileupload.jsp</path-exception>
+		</restrict-content-type>
+
+	</header-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml b/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml
index fe1dbe193..a572bd4ea 100644
--- a/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny=".*\.log$" />
-		<restrict-extension allow=".*\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny=".*\.log$" />
+		<restrict-extension allow=".*\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/restrict-method-policy.xml b/src/test/resources/esapi/waf-policies/restrict-method-policy.xml
index 5a2337cf7..c1eb5a36e 100644
--- a/src/test/resources/esapi/waf-policies/restrict-method-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-method-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny="\.log$" />
-		<restrict-extension allow="\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny="\.log$" />
+		<restrict-extension allow="\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml b/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml
index d23d87a02..72860a7d3 100644
--- a/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-source-ip rule.
-
-	The restriction applies to: /admin/.*
-	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<restrict-source-ip
-			type="regex"
-			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
-
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-source-ip rule.
+
+	The restriction applies to: /admin/.*
+	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<restrict-source-ip
+			type="regex"
+			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
+
+	</authorization-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml b/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml
index 7cdebd595..c550a2c61 100644
--- a/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml
@@ -1,26 +1,26 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-user-agent rule.
-
-	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
-	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-user-agent deny=".*GoogleBot.*">
-			<path-exception type="regex">/index.html</path-exception>
-		</restrict-user-agent>
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-user-agent rule.
+
+	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
+	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-user-agent deny=".*GoogleBot.*">
+			<path-exception type="regex">/index.html</path-exception>
+		</restrict-user-agent>
+	</header-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml b/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml
index 61c93fa88..8b989dd6e 100644
--- a/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml
+++ b/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a virtual-patch rule.
-
-	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
-	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
-				   fails validation, the message "zomg attax" will be logged.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<virtual-patches>
-		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
-			pattern="[0-9a-zA-Z]" message="zomg attax" />
-	</virtual-patches>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a virtual-patch rule.
+
+	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
+	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
+				   fails validation, the message "zomg attax" will be logged.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<virtual-patches>
+		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
+			pattern="[0-9a-zA-Z]" message="zomg attax" />
+	</virtual-patches>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/esapi/waf-policy.xml b/src/test/resources/esapi/waf-policy.xml
index 05d75b23d..7a1df159f 100644
--- a/src/test/resources/esapi/waf-policy.xml
+++ b/src/test/resources/esapi/waf-policy.xml
@@ -1,149 +1,149 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-		This file defines a set of "web application firewall" rules that
-		defend a web application against certain types of attacks. These rules
-		are loaded and enforced by a filter that sits in front of a web
-		application and has access to both request and response on both the
-		way in and the way out.
-	-->
-
-<policy>
-
-
-	<!--
-		Setup some simple aliases to use elsewhere in the WAF policy. Alias
-		types are: string (default), regex. String is a literal string, regex
-		is a pattern.
-	-->
-	<aliases>
-		<alias name="INPUT_VALIDATION_ERROR">/security/input.jsp</alias>
-		<alias name="ADMIN_PATH" type="regex">^/admin/.*</alias>
-	</aliases>
-
-
-
-	<!--
-		Set the overall WAF mode of operation. The mode can be either "block"
-		or "log". "block" mode will send all errors to the web page defined in
-		the error-handling configuration. "log" mode will not change HTTP
-		requests at all, but will simply log errors.
-	-->
-	<settings>
-		<mode>redirect</mode>
-		<session-cookie-name>JSESSIONID</session-cookie-name>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-
-
-	<!--
-		Set authentication rules by path.
-	-->
-	<authentication-rules path="/.*"  key="ESAPIUserSessionKey" >
-		<path-exception>/</path-exception>
-		<path-exception>/index.html</path-exception>
-		<path-exception>/login.jsp</path-exception>
-		<path-exception>/index.jsp</path-exception>
-		<path-exception type="regex">/images/.*</path-exception>
-		<path-exception type="regex">/css/.*</path-exception>
-		<path-exception type="regex">/help/.*</path-exception>
-	</authentication-rules>
-
-
-	<bean-shell-rules>	
-		<!--  	<bean-shell-script 
-			id="example1" 
-			file="waf-policies/bean-shell-rule.bsh" 
-			stage="before-request-body"/>
-		-->
-	</bean-shell-rules>
-	
-	<!--
-		Set authorization rules by path. Types are: regex Operators for
-		must-match are: contains,equals,inList,exists
-	-->
-	<authorization-rules>
-		<restrict-source-ip type="regex"
-			ip-regex="(192\.168\.1\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
-		<must-match path="^/admin/.*" variable="request.headers.x-roles"
-			operator="contains" value="admin" />
-	</authorization-rules>
-
-
-
-	<!--
-		Set rules for incoming URLs.
-	-->
-	<url-rules>
-		<restrict-extension deny=".jpg" />
-
-		<restrict-method deny="GET" path=".*\.do$" />
-		<restrict-method allow="^(GET|POST|TRACE)$" />
-
-		<enforce-https path="/.*">
-			<path-exception>/index.html</path-exception>
-			<path-exception>/index.jsp</path-exception>
-			<path-exception type="regex">/images/.*</path-exception>
-			<path-exception type="regex">/css/.*</path-exception>
-			<path-exception type="regex">/help/.*</path-exception>
-		</enforce-https>
-	</url-rules>
-
-
-
-	<!--
-		Set rules for incoming headers and parameters.
-	-->
-	<header-rules>
-		<restrict-content-type deny=".*multipart.*" />
-		<restrict-content-type allow="text/plain" />
-		<restrict-content-type allow="x-www-form-urlencoded" />
-		<restrict-user-agent deny=".*GoogleBot.*" />
-		<restrict-user-agent allow=".*" />
-	</header-rules>
-
-
-	<!--
-		Set virtual patches to match specific vulnerability patterns.
-	-->
-	<virtual-patches>
-		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
-			pattern="[0-9a-zA-Z]" message="zomg attax" />
-	</virtual-patches>
-
-
-
-	<!-- Set rules for outbound headers and data -->
-
-	<outbound-rules>
-
-		<add-header name="FOO" value="BAR" path="/.*">
-			<path-exception type="regex">/foobar/.*</path-exception>
-		</add-header>
-
-		<add-http-only-flag>
-			<cookie name=".*" />
-		</add-http-only-flag>
-
-		<add-secure-flag>
-			<cookie name=".*" />
-		</add-secure-flag>
-
- 		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-
-		<dynamic-insertion
-			pattern="(&lt;input.*)type\s+=\s+&quot;+hidden&quot;+(.*/&gt;)">
-			<replacement>\1\2</replacement>
-		</dynamic-insertion>
-
-		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
-
-	</outbound-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+		This file defines a set of "web application firewall" rules that
+		defend a web application against certain types of attacks. These rules
+		are loaded and enforced by a filter that sits in front of a web
+		application and has access to both request and response on both the
+		way in and the way out.
+	-->
+
+<policy>
+
+
+	<!--
+		Setup some simple aliases to use elsewhere in the WAF policy. Alias
+		types are: string (default), regex. String is a literal string, regex
+		is a pattern.
+	-->
+	<aliases>
+		<alias name="INPUT_VALIDATION_ERROR">/security/input.jsp</alias>
+		<alias name="ADMIN_PATH" type="regex">^/admin/.*</alias>
+	</aliases>
+
+
+
+	<!--
+		Set the overall WAF mode of operation. The mode can be either "block"
+		or "log". "block" mode will send all errors to the web page defined in
+		the error-handling configuration. "log" mode will not change HTTP
+		requests at all, but will simply log errors.
+	-->
+	<settings>
+		<mode>redirect</mode>
+		<session-cookie-name>JSESSIONID</session-cookie-name>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+
+
+	<!--
+		Set authentication rules by path.
+	-->
+	<authentication-rules path="/.*"  key="ESAPIUserSessionKey" >
+		<path-exception>/</path-exception>
+		<path-exception>/index.html</path-exception>
+		<path-exception>/login.jsp</path-exception>
+		<path-exception>/index.jsp</path-exception>
+		<path-exception type="regex">/images/.*</path-exception>
+		<path-exception type="regex">/css/.*</path-exception>
+		<path-exception type="regex">/help/.*</path-exception>
+	</authentication-rules>
+
+
+	<bean-shell-rules>	
+		<!--  	<bean-shell-script 
+			id="example1" 
+			file="waf-policies/bean-shell-rule.bsh" 
+			stage="before-request-body"/>
+		-->
+	</bean-shell-rules>
+	
+	<!--
+		Set authorization rules by path. Types are: regex Operators for
+		must-match are: contains,equals,inList,exists
+	-->
+	<authorization-rules>
+		<restrict-source-ip type="regex"
+			ip-regex="(192\.168\.1\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
+		<must-match path="^/admin/.*" variable="request.headers.x-roles"
+			operator="contains" value="admin" />
+	</authorization-rules>
+
+
+
+	<!--
+		Set rules for incoming URLs.
+	-->
+	<url-rules>
+		<restrict-extension deny=".jpg" />
+
+		<restrict-method deny="GET" path=".*\.do$" />
+		<restrict-method allow="^(GET|POST|TRACE)$" />
+
+		<enforce-https path="/.*">
+			<path-exception>/index.html</path-exception>
+			<path-exception>/index.jsp</path-exception>
+			<path-exception type="regex">/images/.*</path-exception>
+			<path-exception type="regex">/css/.*</path-exception>
+			<path-exception type="regex">/help/.*</path-exception>
+		</enforce-https>
+	</url-rules>
+
+
+
+	<!--
+		Set rules for incoming headers and parameters.
+	-->
+	<header-rules>
+		<restrict-content-type deny=".*multipart.*" />
+		<restrict-content-type allow="text/plain" />
+		<restrict-content-type allow="x-www-form-urlencoded" />
+		<restrict-user-agent deny=".*GoogleBot.*" />
+		<restrict-user-agent allow=".*" />
+	</header-rules>
+
+
+	<!--
+		Set virtual patches to match specific vulnerability patterns.
+	-->
+	<virtual-patches>
+		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
+			pattern="[0-9a-zA-Z]" message="zomg attax" />
+	</virtual-patches>
+
+
+
+	<!-- Set rules for outbound headers and data -->
+
+	<outbound-rules>
+
+		<add-header name="FOO" value="BAR" path="/.*">
+			<path-exception type="regex">/foobar/.*</path-exception>
+		</add-header>
+
+		<add-http-only-flag>
+			<cookie name=".*" />
+		</add-http-only-flag>
+
+		<add-secure-flag>
+			<cookie name=".*" />
+		</add-secure-flag>
+
+ 		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+
+		<dynamic-insertion
+			pattern="(&lt;input.*)type\s+=\s+&quot;+hidden&quot;+(.*/&gt;)">
+			<replacement>\1\2</replacement>
+		</dynamic-insertion>
+
+		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
+
+	</outbound-rules>
+
 </policy>
\ No newline at end of file
diff --git a/src/test/resources/log4j.dtd b/src/test/resources/log4j.dtd
deleted file mode 100644
index 1aabd96c3..000000000
--- a/src/test/resources/log4j.dtd
+++ /dev/null
@@ -1,227 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements.  See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License.  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<!-- Authors: Chris Taylor, Ceki Gulcu. -->
-
-<!-- Version: 1.2 -->
-
-<!-- A configuration element consists of optional renderer
-elements,appender elements, categories and an optional root
-element. -->
-
-<!ELEMENT log4j:configuration (renderer*, appender*,plugin*, (category|logger)*,root?,
-                               (categoryFactory|loggerFactory)?)>
-
-<!-- The "threshold" attribute takes a level value below which -->
-<!-- all logging statements are disabled. -->
-
-<!-- Setting the "debug" enable the printing of internal log4j logging   -->
-<!-- statements.                                                         -->
-
-<!-- By default, debug attribute is "null", meaning that we not do touch -->
-<!-- internal log4j logging settings. The "null" value for the threshold -->
-<!-- attribute can be misleading. The threshold field of a repository	 -->
-<!-- cannot be set to null. The "null" value for the threshold attribute -->
-<!-- simply means don't touch the threshold field, the threshold field   --> 
-<!-- keeps its old value.                                                -->
-     
-<!ATTLIST log4j:configuration
-  xmlns:log4j              CDATA #FIXED "http://jakarta.apache.org/log4j/" 
-  threshold                (all|trace|debug|info|warn|error|fatal|off|null) "null"
-  debug                    (true|false|null)  "null"
-  reset                    (true|false) "false"
->
-
-<!-- renderer elements allow the user to customize the conversion of  -->
-<!-- message objects to String.                                       -->
-
-<!ELEMENT renderer EMPTY>
-<!ATTLIST renderer
-  renderedClass  CDATA #REQUIRED
-  renderingClass CDATA #REQUIRED
->
-
-<!-- Appenders must have a name and a class. -->
-<!-- Appenders may contain an error handler, a layout, optional parameters -->
-<!-- and filters. They may also reference (or include) other appenders. -->
-<!ELEMENT appender (errorHandler?, param*,
-      rollingPolicy?, triggeringPolicy?, connectionSource?,
-      layout?, filter*, appender-ref*)>
-<!ATTLIST appender
-  name 		CDATA 	#REQUIRED
-  class 	CDATA	#REQUIRED
->
-
-<!ELEMENT layout (param*)>
-<!ATTLIST layout
-  class		CDATA	#REQUIRED
->
-
-<!ELEMENT filter (param*)>
-<!ATTLIST filter
-  class		CDATA	#REQUIRED
->
-
-<!-- ErrorHandlers can be of any class. They can admit any number of -->
-<!-- parameters. -->
-
-<!ELEMENT errorHandler (param*, root-ref?, logger-ref*,  appender-ref?)> 
-<!ATTLIST errorHandler
-   class        CDATA   #REQUIRED 
->
-
-<!ELEMENT root-ref EMPTY>
-
-<!ELEMENT logger-ref EMPTY>
-<!ATTLIST logger-ref
-  ref CDATA #REQUIRED
->
-
-<!ELEMENT param EMPTY>
-<!ATTLIST param
-  name		CDATA   #REQUIRED
-  value		CDATA	#REQUIRED
->
-
-
-<!-- The priority class is org.apache.log4j.Level by default -->
-<!ELEMENT priority (param*)>
-<!ATTLIST priority
-  class   CDATA	#IMPLIED
-  value	  CDATA #REQUIRED
->
-
-<!-- The level class is org.apache.log4j.Level by default -->
-<!ELEMENT level (param*)>
-<!ATTLIST level
-  class   CDATA	#IMPLIED
-  value	  CDATA #REQUIRED
->
-
-
-<!-- If no level element is specified, then the configurator MUST not -->
-<!-- touch the level of the named category. -->
-<!ELEMENT category (param*,(priority|level)?,appender-ref*)>
-<!ATTLIST category
-  class         CDATA   #IMPLIED
-  name		CDATA	#REQUIRED
-  additivity	(true|false) "true"  
->
-
-<!-- If no level element is specified, then the configurator MUST not -->
-<!-- touch the level of the named logger. -->
-<!ELEMENT logger (level?,appender-ref*)>
-<!ATTLIST logger
-  name		CDATA	#REQUIRED
-  additivity	(true|false) "true"  
->
-
-
-<!ELEMENT categoryFactory (param*)>
-<!ATTLIST categoryFactory 
-   class        CDATA #REQUIRED>
-
-<!ELEMENT loggerFactory (param*)>
-<!ATTLIST loggerFactory
-   class        CDATA #REQUIRED>
-
-<!ELEMENT appender-ref EMPTY>
-<!ATTLIST appender-ref
-  ref CDATA #REQUIRED
->
-
-<!-- plugins must have a name and class and can have optional parameters -->
-<!ELEMENT plugin (param*, connectionSource?)>
-<!ATTLIST plugin
-  name 		CDATA 	   #REQUIRED
-  class 	CDATA  #REQUIRED
->
-
-<!ELEMENT connectionSource (dataSource?, param*)>
-<!ATTLIST connectionSource
-  class        CDATA  #REQUIRED
->
-
-<!ELEMENT dataSource (param*)>
-<!ATTLIST dataSource
-  class        CDATA  #REQUIRED
->
-
-<!ELEMENT triggeringPolicy ((param|filter)*)>
-<!ATTLIST triggeringPolicy
-  name 		CDATA  #IMPLIED
-  class 	CDATA  #REQUIRED
->
-
-<!ELEMENT rollingPolicy (param*)>
-<!ATTLIST rollingPolicy
-  name 		CDATA  #IMPLIED
-  class 	CDATA  #REQUIRED
->
-
-
-<!-- If no priority element is specified, then the configurator MUST not -->
-<!-- touch the priority of root. -->
-<!-- The root category always exists and cannot be subclassed. -->
-<!ELEMENT root (param*, (priority|level)?, appender-ref*)>
-
-
-<!-- ==================================================================== -->
-<!--                       A logging event                                -->
-<!-- ==================================================================== -->
-<!ELEMENT log4j:eventSet (log4j:event*)>
-<!ATTLIST log4j:eventSet
-  xmlns:log4j             CDATA #FIXED "http://jakarta.apache.org/log4j/" 
-  version                (1.1|1.2) "1.2" 
-  includesLocationInfo   (true|false) "true"
->
-
-
-
-<!ELEMENT log4j:event (log4j:message, log4j:NDC?, log4j:throwable?, 
-                       log4j:locationInfo?, log4j:properties?) >
-
-<!-- The timestamp format is application dependent. -->
-<!ATTLIST log4j:event
-    logger     CDATA #REQUIRED
-    level      CDATA #REQUIRED
-    thread     CDATA #REQUIRED
-    timestamp  CDATA #REQUIRED
-    time       CDATA #IMPLIED
->
-
-<!ELEMENT log4j:message (#PCDATA)>
-<!ELEMENT log4j:NDC (#PCDATA)>
-
-<!ELEMENT log4j:throwable (#PCDATA)>
-
-<!ELEMENT log4j:locationInfo EMPTY>
-<!ATTLIST log4j:locationInfo
-  class  CDATA	#REQUIRED
-  method CDATA	#REQUIRED
-  file   CDATA	#REQUIRED
-  line   CDATA	#REQUIRED
->
-
-<!ELEMENT log4j:properties (log4j:data*)>
-
-<!ELEMENT log4j:data EMPTY>
-<!ATTLIST log4j:data
-  name   CDATA	#REQUIRED
-  value  CDATA	#REQUIRED
->
diff --git a/src/test/resources/log4j.xml b/src/test/resources/log4j.xml
deleted file mode 100644
index 04c2b4364..000000000
--- a/src/test/resources/log4j.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-<!-- main resources -->
-<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
-
-  <appender name="console" class="org.apache.log4j.ConsoleAppender"> 
-    <param name="Target" value="System.out"/> 
-    <layout class="org.apache.log4j.PatternLayout"> 
-      <param name="ConversionPattern" value="%-5p %m%n"/> 
-    </layout> 
-  </appender>
-
-    <appender name="file" class="org.apache.log4j.FileAppender">
-        <param name="File" value="target/unit-tests.log"/>
-        <layout class="org.apache.log4j.PatternLayout">
-          <param name="ConversionPattern" value="%-5p %m%n"/>
-        </layout>
-    </appender>
-
-  <logger name="org.owasp.esapi.reference.TestTrace">
-    <level value="trace"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestDebug">
-    <level value="debug"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestInfo">
-    <level value="info"/>
- </logger>
-
-  <logger name="org.owasp.esapi.reference.TestWarning">
-    <level value="warn"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestError">
-    <level value="error"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestFatal">
-    <level value="fatal"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference">
-    <level value="info"/>
-  </logger>
-
-  <root>
-    <priority value="debug" />
-    <appender-ref ref="file" />
-  </root>
-
-  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
-
-</log4j:configuration>
diff --git a/src/test/resources/properties/ESAPI_en_US.properties b/src/test/resources/properties/ESAPI_en_US.properties
index 9b43d1a23..04f043b21 100644
--- a/src/test/resources/properties/ESAPI_en_US.properties
+++ b/src/test/resources/properties/ESAPI_en_US.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Error creating randomizer
-
-This.is.test.message=This {0} is {1} a test {2} message
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Error creating randomizer
+
+This.is.test.message=This {0} is {1} a test {2} message
+
+# Validation Messages
+
+# Log Messages
+
diff --git a/src/test/resources/properties/ESAPI_fr_FR.properties b/src/test/resources/properties/ESAPI_fr_FR.properties
index 89ebcba7d..3e5a7a8f5 100644
--- a/src/test/resources/properties/ESAPI_fr_FR.properties
+++ b/src/test/resources/properties/ESAPI_fr_FR.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Erreur lors de la création aléatoire
-
-This.is.test.message=Ceci est un message de test message singh
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Erreur lors de la création aléatoire
+
+This.is.test.message=Ceci est un message de test message singh
+
+# Validation Messages
+
+# Log Messages
+
diff --git a/src/test/resources/urisForTest.txt b/src/test/resources/urisForTest.txt
new file mode 100644
index 000000000..df34cbc8e
--- /dev/null
+++ b/src/test/resources/urisForTest.txt
@@ -0,0 +1,2005 @@
+#Format is URI,Expected test value
+http://www.google.com?connectid=68470072-44c2-417b-822b-d945dc0364f4&request=GetFeature&service=wfs&version=1.1.0&typeName=DigitalGlobe%3AFinishedFeature&bbox=37.5%2C41.5%2C37.8%2C41.7&PROPERTYNAME=source%2CsourceUnit%2CproductType,FALSE
+https://127.0.0.1:8080/foo/bar,TRUE
+http://shareasale.com:8080/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
+http://shareasale.com/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
+http://core-jenkins.scansafe.cisco.com/�贺诺伦-^ńörén.jpg,FALSE
+https://wunderground.com/luctus/rutrum/nulla/tellus/in/sagittis.xml?et=vulputate&magnis=ut&dis=ultrices&parturient=vel&montes=augue&nascetur=vestibulum&ridiculus=ante&mus=ipsum&vivamus=primis&vestibulum=in&sagittis=faucibus&sapien=orci&cum=luctus&sociis=et&natoque=ultrices&penatibus=posuere&et=cubilia&magnis=curae&dis=donec&parturient=pharetra&montes=magna&nascetur=vestibulum&ridiculus=aliquet&mus=ultrices&etiam=erat&vel=tortor&augue=sollicitudin&vestibulum=mi&rutrum=sit&rutrum=amet&neque=lobortis&aenean=sapien&auctor=sapien&gravida=non&sem=mi&praesent=integer&id=ac&massa=neque&id=duis&nisl=bibendum&venenatis=morbi&lacinia=non&aenean=quam&sit=nec&amet=dui&justo=luctus&morbi=rutrum&ut=nulla&odio=tellus&cras=in&mi=sagittis&pede=dui&malesuada=vel&in=nisl&imperdiet=duis&et=ac&commodo=nibh&vulputate=fusce&justo=lacus&in=purus&blandit=aliquet&ultrices=at&enim=feugiat&lorem=non&ipsum=pretium&dolor=quis&sit=lectus,TRUE
+http://eepurl.com/augue/vestibulum/rutrum/rutrum.xml?imperdiet=consequat&sapien=metus&urna=sapien&pretium=ut&nisl=nunc&ut=vestibulum&volutpat=ante&sapien=ipsum&arcu=primis&sed=in&augue=faucibus&aliquam=orci&erat=luctus&volutpat=et&in=ultrices&congue=posuere&etiam=cubilia&justo=curae&etiam=mauris&pretium=viverra&iaculis=diam&justo=vitae&in=quam&hac=suspendisse&habitasse=potenti&platea=nullam&dictumst=porttitor&etiam=lacus&faucibus=at&cursus=turpis&urna=donec&ut=posuere&tellus=metus&nulla=vitae&ut=ipsum&erat=aliquam&id=non&mauris=mauris&vulputate=morbi&elementum=non&nullam=lectus&varius=aliquam&nulla=sit&facilisi=amet&cras=diam&non=in&velit=magna&nec=bibendum&nisi=imperdiet&vulputate=nullam&nonummy=orci&maecenas=pede&tincidunt=venenatis&lacus=non&at=sodales&velit=sed&vivamus=tincidunt&vel=eu&nulla=felis&eget=fusce&eros=posuere&elementum=felis&pellentesque=sed&quisque=lacus&porta=morbi&volutpat=sem&erat=mauris&quisque=laoreet&erat=ut&eros=rhoncus&viverra=aliquet&eget=pulvinar&congue=sed&eget=nisl&semper=nunc&rutrum=rhoncus&nulla=dui&nunc=vel&purus=sem&phasellus=sed&in=sagittis&felis=nam&donec=congue&semper=risus&sapien=semper&a=porta&libero=volutpat&nam=quam&dui=pede&proin=lobortis&leo=ligula&odio=sit&porttitor=amet&id=eleifend&consequat=pede&in=libero&consequat=quis&ut=orci&nulla=nullam,TRUE
+https://wired.com/in/faucibus/orci/luctus.json?porttitor=non&lacus=ligula&at=pellentesque&turpis=ultrices&donec=phasellus&posuere=id&metus=sapien&vitae=in&ipsum=sapien&aliquam=iaculis&non=congue&mauris=vivamus&morbi=metus&non=arcu&lectus=adipiscing&aliquam=molestie&sit=hendrerit&amet=at&diam=vulputate&in=vitae&magna=nisl&bibendum=aenean&imperdiet=lectus&nullam=pellentesque&orci=eget&pede=nunc&venenatis=donec&non=quis&sodales=orci&sed=eget&tincidunt=orci&eu=vehicula&felis=condimentum&fusce=curabitur&posuere=in&felis=libero&sed=ut&lacus=massa&morbi=volutpat&sem=convallis&mauris=morbi&laoreet=odio&ut=odio&rhoncus=elementum&aliquet=eu,TRUE
+http://acquirethisname.com/quis/orci/eget/orci.jsp?tincidunt=faucibus&eu=cursus&felis=urna&fusce=ut&posuere=tellus&felis=nulla&sed=ut&lacus=erat&morbi=id&sem=mauris&mauris=vulputate&laoreet=elementum&ut=nullam&rhoncus=varius&aliquet=nulla&pulvinar=facilisi&sed=cras&nisl=non&nunc=velit&rhoncus=nec&dui=nisi&vel=vulputate&sem=nonummy&sed=maecenas&sagittis=tincidunt&nam=lacus&congue=at&risus=velit&semper=vivamus&porta=vel&volutpat=nulla&quam=eget&pede=eros&lobortis=elementum&ligula=pellentesque&sit=quisque&amet=porta&eleifend=volutpat&pede=erat&libero=quisque&quis=erat&orci=eros&nullam=viverra&molestie=eget&nibh=congue&in=eget&lectus=semper&pellentesque=rutrum&at=nulla&nulla=nunc&suspendisse=purus&potenti=phasellus&cras=in&in=felis&purus=donec&eu=semper&magna=sapien&vulputate=a&luctus=libero&cum=nam&sociis=dui&natoque=proin&penatibus=leo&et=odio&magnis=porttitor&dis=id&parturient=consequat&montes=in&nascetur=consequat&ridiculus=ut&mus=nulla&vivamus=sed&vestibulum=accumsan&sagittis=felis&sapien=ut&cum=at&sociis=dolor&natoque=quis&penatibus=odio&et=consequat&magnis=varius&dis=integer&parturient=ac&montes=leo&nascetur=pellentesque&ridiculus=ultrices&mus=mattis&etiam=odio&vel=donec&augue=vitae&vestibulum=nisi&rutrum=nam,TRUE
+https://squarespace.com/vestibulum/rutrum/rutrum/neque/aenean/auctor/gravida.jpg?suscipit=proin&a=at&feugiat=turpis&et=a&eros=pede&vestibulum=posuere&ac=nonummy&est=integer&lacinia=non&nisi=velit&venenatis=donec&tristique=diam&fusce=neque&congue=vestibulum&diam=eget&id=vulputate&ornare=ut&imperdiet=ultrices&sapien=vel&urna=augue&pretium=vestibulum&nisl=ante&ut=ipsum&volutpat=primis&sapien=in&arcu=faucibus&sed=orci&augue=luctus&aliquam=et&erat=ultrices&volutpat=posuere&in=cubilia&congue=curae&etiam=donec&justo=pharetra&etiam=magna&pretium=vestibulum&iaculis=aliquet&justo=ultrices&in=erat&hac=tortor&habitasse=sollicitudin&platea=mi&dictumst=sit&etiam=amet&faucibus=lobortis&cursus=sapien&urna=sapien&ut=non&tellus=mi&nulla=integer&ut=ac&erat=neque&id=duis&mauris=bibendum&vulputate=morbi&elementum=non&nullam=quam&varius=nec&nulla=dui&facilisi=luctus&cras=rutrum,TRUE
+https://usda.gov/in/faucibus/orci/luctus/et/ultrices.json?feugiat=lacinia&et=eget&eros=tincidunt&vestibulum=eget&ac=tempus&est=vel&lacinia=pede&nisi=morbi,TRUE
+https://wordpress.org/posuere.js?massa=consequat&tempor=morbi&convallis=a&nulla=ipsum&neque=integer&libero=a&convallis=nibh&eget=in&eleifend=quis&luctus=justo&ultricies=maecenas&eu=rhoncus&nibh=aliquam&quisque=lacus&id=morbi&justo=quis&sit=tortor&amet=id&sapien=nulla&dignissim=ultrices&vestibulum=aliquet&vestibulum=maecenas&ante=leo&ipsum=odio&primis=condimentum&in=id&faucibus=luctus&orci=nec&luctus=molestie&et=sed&ultrices=justo,TRUE
+https://msu.edu/ligula/vehicula/consequat/morbi/a/ipsum/integer.png?ut=amet&at=turpis&dolor=elementum&quis=ligula&odio=vehicula&consequat=consequat&varius=morbi&integer=a&ac=ipsum&leo=integer&pellentesque=a&ultrices=nibh&mattis=in&odio=quis&donec=justo&vitae=maecenas&nisi=rhoncus&nam=aliquam&ultrices=lacus,TRUE
+https://dyndns.org/congue/risus/semper/porta.xml?nunc=sagittis&nisl=sapien&duis=cum&bibendum=sociis&felis=natoque&sed=penatibus&interdum=et&venenatis=magnis&turpis=dis&enim=parturient&blandit=montes&mi=nascetur&in=ridiculus&porttitor=mus&pede=etiam&justo=vel&eu=augue&massa=vestibulum&donec=rutrum&dapibus=rutrum&duis=neque&at=aenean&velit=auctor&eu=gravida&est=sem&congue=praesent&elementum=id&in=massa&hac=id,TRUE
+https://bbc.co.uk/erat/tortor/sollicitudin/mi.xml?posuere=ac&nonummy=enim&integer=in&non=tempor&velit=turpis&donec=nec&diam=euismod&neque=scelerisque&vestibulum=quam&eget=turpis&vulputate=adipiscing&ut=lorem&ultrices=vitae&vel=mattis&augue=nibh&vestibulum=ligula&ante=nec&ipsum=sem&primis=duis&in=aliquam&faucibus=convallis&orci=nunc&luctus=proin&et=at&ultrices=turpis&posuere=a&cubilia=pede&curae=posuere&donec=nonummy&pharetra=integer&magna=non&vestibulum=velit&aliquet=donec&ultrices=diam&erat=neque&tortor=vestibulum&sollicitudin=eget&mi=vulputate&sit=ut&amet=ultrices&lobortis=vel&sapien=augue&sapien=vestibulum&non=ante&mi=ipsum&integer=primis&ac=in&neque=faucibus&duis=orci&bibendum=luctus&morbi=et&non=ultrices&quam=posuere&nec=cubilia,TRUE
+https://harvard.edu/donec/vitae/nisi.json?feugiat=quisque&non=ut&pretium=erat&quis=curabitur&lectus=gravida&suspendisse=nisi&potenti=at&in=nibh&eleifend=in&quam=hac&a=habitasse&odio=platea&in=dictumst&hac=aliquam&habitasse=augue&platea=quam&dictumst=sollicitudin&maecenas=vitae&ut=consectetuer&massa=eget&quis=rutrum&augue=at&luctus=lorem&tincidunt=integer&nulla=tincidunt&mollis=ante&molestie=vel&lorem=ipsum&quisque=praesent&ut=blandit&erat=lacinia&curabitur=erat&gravida=vestibulum&nisi=sed&at=magna&nibh=at&in=nunc&hac=commodo&habitasse=placerat&platea=praesent&dictumst=blandit&aliquam=nam&augue=nulla&quam=integer&sollicitudin=pede&vitae=justo&consectetuer=lacinia&eget=eget&rutrum=tincidunt&at=eget&lorem=tempus&integer=vel&tincidunt=pede&ante=morbi&vel=porttitor&ipsum=lorem&praesent=id&blandit=ligula&lacinia=suspendisse&erat=ornare&vestibulum=consequat&sed=lectus,TRUE
+https://com.com/ornare/consequat/lectus/in.xml?sit=in&amet=felis&justo=donec&morbi=semper&ut=sapien&odio=a&cras=libero&mi=nam&pede=dui&malesuada=proin&in=leo&imperdiet=odio&et=porttitor,TRUE
+http://nasa.gov/ipsum/integer/a/nibh/in.png?turpis=platea&integer=dictumst&aliquet=maecenas&massa=ut&id=massa&lobortis=quis&convallis=augue&tortor=luctus&risus=tincidunt&dapibus=nulla&augue=mollis&vel=molestie&accumsan=lorem&tellus=quisque&nisi=ut&eu=erat&orci=curabitur&mauris=gravida&lacinia=nisi&sapien=at&quis=nibh&libero=in&nullam=hac&sit=habitasse&amet=platea&turpis=dictumst&elementum=aliquam&ligula=augue&vehicula=quam&consequat=sollicitudin&morbi=vitae&a=consectetuer&ipsum=eget&integer=rutrum&a=at&nibh=lorem&in=integer&quis=tincidunt&justo=ante&maecenas=vel&rhoncus=ipsum&aliquam=praesent&lacus=blandit&morbi=lacinia&quis=erat&tortor=vestibulum&id=sed&nulla=magna&ultrices=at&aliquet=nunc&maecenas=commodo&leo=placerat&odio=praesent&condimentum=blandit&id=nam&luctus=nulla&nec=integer&molestie=pede&sed=justo&justo=lacinia&pellentesque=eget&viverra=tincidunt&pede=eget&ac=tempus&diam=vel&cras=pede&pellentesque=morbi&volutpat=porttitor&dui=lorem&maecenas=id&tristique=ligula&est=suspendisse&et=ornare&tempus=consequat&semper=lectus&est=in&quam=est&pharetra=risus&magna=auctor,TRUE
+http://jigsy.com/nec/condimentum/neque.jpg?justo=lectus&aliquam=pellentesque&quis=at&turpis=nulla&eget=suspendisse&elit=potenti&sodales=cras&scelerisque=in&mauris=purus&sit=eu&amet=magna&eros=vulputate&suspendisse=luctus&accumsan=cum&tortor=sociis&quis=natoque&turpis=penatibus&sed=et&ante=magnis&vivamus=dis&tortor=parturient&duis=montes&mattis=nascetur&egestas=ridiculus&metus=mus&aenean=vivamus&fermentum=vestibulum&donec=sagittis&ut=sapien&mauris=cum&eget=sociis&massa=natoque&tempor=penatibus&convallis=et&nulla=magnis&neque=dis&libero=parturient&convallis=montes&eget=nascetur&eleifend=ridiculus&luctus=mus&ultricies=etiam&eu=vel,TRUE
+https://cocolog-nifty.com/faucibus/orci/luctus/et/ultrices/posuere.jsp?odio=in&elementum=leo&eu=maecenas&interdum=pulvinar&eu=lobortis&tincidunt=est&in=phasellus&leo=sit&maecenas=amet&pulvinar=erat&lobortis=nulla&est=tempus&phasellus=vivamus&sit=in&amet=felis&erat=eu&nulla=sapien&tempus=cursus&vivamus=vestibulum&in=proin&felis=eu&eu=mi&sapien=nulla&cursus=ac&vestibulum=enim&proin=in&eu=tempor&mi=turpis&nulla=nec&ac=euismod&enim=scelerisque&in=quam&tempor=turpis&turpis=adipiscing&nec=lorem&euismod=vitae&scelerisque=mattis&quam=nibh&turpis=ligula&adipiscing=nec&lorem=sem&vitae=duis&mattis=aliquam&nibh=convallis&ligula=nunc&nec=proin&sem=at&duis=turpis&aliquam=a&convallis=pede&nunc=posuere&proin=nonummy&at=integer&turpis=non&a=velit&pede=donec&posuere=diam&nonummy=neque&integer=vestibulum&non=eget&velit=vulputate&donec=ut&diam=ultrices&neque=vel&vestibulum=augue,TRUE
+http://icq.com/volutpat.js?sit=mus&amet=etiam&justo=vel&morbi=augue&ut=vestibulum&odio=rutrum&cras=rutrum&mi=neque&pede=aenean&malesuada=auctor&in=gravida&imperdiet=sem&et=praesent&commodo=id&vulputate=massa&justo=id&in=nisl&blandit=venenatis&ultrices=lacinia&enim=aenean&lorem=sit&ipsum=amet&dolor=justo&sit=morbi&amet=ut&consectetuer=odio&adipiscing=cras&elit=mi&proin=pede&interdum=malesuada&mauris=in&non=imperdiet&ligula=et&pellentesque=commodo&ultrices=vulputate&phasellus=justo&id=in&sapien=blandit&in=ultrices,TRUE
+https://senate.gov/tortor/duis/mattis/egestas/metus/aenean/fermentum.json?cubilia=in&curae=ante&mauris=vestibulum&viverra=ante&diam=ipsum&vitae=primis&quam=in&suspendisse=faucibus&potenti=orci&nullam=luctus&porttitor=et&lacus=ultrices&at=posuere&turpis=cubilia&donec=curae&posuere=duis&metus=faucibus&vitae=accumsan&ipsum=odio&aliquam=curabitur&non=convallis&mauris=duis&morbi=consequat&non=dui&lectus=nec&aliquam=nisi&sit=volutpat&amet=eleifend&diam=donec&in=ut&magna=dolor&bibendum=morbi&imperdiet=vel&nullam=lectus&orci=in&pede=quam&venenatis=fringilla&non=rhoncus&sodales=mauris&sed=enim&tincidunt=leo&eu=rhoncus&felis=sed&fusce=vestibulum&posuere=sit&felis=amet&sed=cursus&lacus=id&morbi=turpis&sem=integer&mauris=aliquet&laoreet=massa&ut=id&rhoncus=lobortis&aliquet=convallis&pulvinar=tortor&sed=risus&nisl=dapibus&nunc=augue&rhoncus=vel&dui=accumsan&vel=tellus&sem=nisi&sed=eu&sagittis=orci&nam=mauris&congue=lacinia&risus=sapien&semper=quis&porta=libero&volutpat=nullam&quam=sit&pede=amet,TRUE
+https://imdb.com/imperdiet/et/commodo/vulputate/justo.js?augue=donec&vestibulum=posuere&ante=metus&ipsum=vitae&primis=ipsum&in=aliquam&faucibus=non&orci=mauris&luctus=morbi&et=non&ultrices=lectus&posuere=aliquam&cubilia=sit&curae=amet&donec=diam&pharetra=in&magna=magna&vestibulum=bibendum&aliquet=imperdiet&ultrices=nullam&erat=orci&tortor=pede&sollicitudin=venenatis&mi=non&sit=sodales&amet=sed&lobortis=tincidunt&sapien=eu&sapien=felis&non=fusce&mi=posuere&integer=felis&ac=sed&neque=lacus&duis=morbi&bibendum=sem&morbi=mauris&non=laoreet&quam=ut&nec=rhoncus&dui=aliquet&luctus=pulvinar&rutrum=sed&nulla=nisl&tellus=nunc&in=rhoncus&sagittis=dui&dui=vel&vel=sem&nisl=sed&duis=sagittis&ac=nam&nibh=congue&fusce=risus&lacus=semper&purus=porta&aliquet=volutpat&at=quam&feugiat=pede&non=lobortis&pretium=ligula&quis=sit&lectus=amet&suspendisse=eleifend&potenti=pede&in=libero&eleifend=quis&quam=orci&a=nullam&odio=molestie&in=nibh&hac=in&habitasse=lectus&platea=pellentesque,TRUE
+https://amazon.com/faucibus/orci/luctus/et/ultrices/posuere.xml?iaculis=ullamcorper&congue=purus&vivamus=sit&metus=amet&arcu=nulla&adipiscing=quisque&molestie=arcu&hendrerit=libero&at=rutrum&vulputate=ac&vitae=lobortis&nisl=vel&aenean=dapibus&lectus=at&pellentesque=diam,TRUE
+https://netlog.com/dapibus/dolor/vel/est/donec/odio/justo.jpg?quam=amet&suspendisse=eros&potenti=suspendisse&nullam=accumsan&porttitor=tortor&lacus=quis&at=turpis&turpis=sed&donec=ante&posuere=vivamus&metus=tortor&vitae=duis&ipsum=mattis&aliquam=egestas&non=metus&mauris=aenean&morbi=fermentum&non=donec&lectus=ut&aliquam=mauris&sit=eget&amet=massa&diam=tempor&in=convallis&magna=nulla&bibendum=neque&imperdiet=libero&nullam=convallis&orci=eget&pede=eleifend&venenatis=luctus&non=ultricies&sodales=eu&sed=nibh&tincidunt=quisque&eu=id&felis=justo&fusce=sit&posuere=amet&felis=sapien&sed=dignissim&lacus=vestibulum&morbi=vestibulum&sem=ante&mauris=ipsum&laoreet=primis&ut=in&rhoncus=faucibus&aliquet=orci&pulvinar=luctus&sed=et&nisl=ultrices&nunc=posuere&rhoncus=cubilia&dui=curae&vel=nulla&sem=dapibus&sed=dolor&sagittis=vel&nam=est&congue=donec&risus=odio&semper=justo&porta=sollicitudin&volutpat=ut&quam=suscipit&pede=a&lobortis=feugiat&ligula=et&sit=eros&amet=vestibulum&eleifend=ac&pede=est&libero=lacinia&quis=nisi&orci=venenatis&nullam=tristique,TRUE
+http://goodreads.com/lorem/quisque.png?nulla=venenatis&ultrices=non&aliquet=sodales&maecenas=sed&leo=tincidunt&odio=eu&condimentum=felis&id=fusce&luctus=posuere&nec=felis&molestie=sed&sed=lacus&justo=morbi&pellentesque=sem&viverra=mauris&pede=laoreet&ac=ut&diam=rhoncus&cras=aliquet&pellentesque=pulvinar,TRUE
+https://flickr.com/accumsan/tellus/nisi/eu/orci/mauris.aspx?ultrices=ornare&phasellus=consequat&id=lectus&sapien=in&in=est&sapien=risus&iaculis=auctor&congue=sed&vivamus=tristique&metus=in&arcu=tempus&adipiscing=sit&molestie=amet&hendrerit=sem&at=fusce&vulputate=consequat&vitae=nulla&nisl=nisl&aenean=nunc&lectus=nisl&pellentesque=duis&eget=bibendum&nunc=felis&donec=sed&quis=interdum&orci=venenatis&eget=turpis&orci=enim&vehicula=blandit&condimentum=mi&curabitur=in&in=porttitor&libero=pede&ut=justo&massa=eu&volutpat=massa&convallis=donec&morbi=dapibus&odio=duis&odio=at&elementum=velit,TRUE
+http://bbb.org/quis/orci/eget/orci.html?mus=sapien&etiam=sapien&vel=non&augue=mi&vestibulum=integer&rutrum=ac&rutrum=neque&neque=duis&aenean=bibendum&auctor=morbi&gravida=non&sem=quam&praesent=nec&id=dui&massa=luctus&id=rutrum&nisl=nulla&venenatis=tellus&lacinia=in&aenean=sagittis&sit=dui&amet=vel&justo=nisl&morbi=duis&ut=ac&odio=nibh&cras=fusce&mi=lacus&pede=purus,TRUE
+https://facebook.com/phasellus/sit/amet/erat/nulla.jsp?parturient=porttitor&montes=lorem,TRUE
+http://goodreads.com/quis/odio.xml?sed=proin&nisl=eu&nunc=mi&rhoncus=nulla&dui=ac&vel=enim&sem=in&sed=tempor&sagittis=turpis&nam=nec&congue=euismod&risus=scelerisque&semper=quam&porta=turpis&volutpat=adipiscing&quam=lorem&pede=vitae&lobortis=mattis&ligula=nibh&sit=ligula&amet=nec&eleifend=sem&pede=duis&libero=aliquam&quis=convallis&orci=nunc&nullam=proin&molestie=at&nibh=turpis&in=a&lectus=pede&pellentesque=posuere&at=nonummy&nulla=integer&suspendisse=non&potenti=velit&cras=donec&in=diam&purus=neque&eu=vestibulum&magna=eget&vulputate=vulputate&luctus=ut&cum=ultrices&sociis=vel&natoque=augue&penatibus=vestibulum&et=ante&magnis=ipsum&dis=primis&parturient=in&montes=faucibus&nascetur=orci&ridiculus=luctus&mus=et&vivamus=ultrices&vestibulum=posuere&sagittis=cubilia&sapien=curae&cum=donec&sociis=pharetra&natoque=magna&penatibus=vestibulum&et=aliquet,TRUE
+https://zdnet.com/enim/in.png?fermentum=nulla&justo=mollis&nec=molestie&condimentum=lorem&neque=quisque&sapien=ut&placerat=erat&ante=curabitur&nulla=gravida&justo=nisi&aliquam=at&quis=nibh&turpis=in&eget=hac&elit=habitasse&sodales=platea&scelerisque=dictumst&mauris=aliquam&sit=augue&amet=quam&eros=sollicitudin&suspendisse=vitae&accumsan=consectetuer&tortor=eget&quis=rutrum&turpis=at&sed=lorem&ante=integer&vivamus=tincidunt&tortor=ante&duis=vel&mattis=ipsum&egestas=praesent&metus=blandit&aenean=lacinia&fermentum=erat&donec=vestibulum&ut=sed&mauris=magna&eget=at&massa=nunc&tempor=commodo&convallis=placerat&nulla=praesent&neque=blandit&libero=nam&convallis=nulla&eget=integer,TRUE
+http://ox.ac.uk/amet/cursus/id/turpis/integer/aliquet.js?lectus=lacus&pellentesque=morbi&eget=sem&nunc=mauris&donec=laoreet&quis=ut&orci=rhoncus&eget=aliquet&orci=pulvinar&vehicula=sed&condimentum=nisl&curabitur=nunc&in=rhoncus&libero=dui&ut=vel&massa=sem&volutpat=sed&convallis=sagittis&morbi=nam&odio=congue&odio=risus&elementum=semper&eu=porta&interdum=volutpat&eu=quam&tincidunt=pede&in=lobortis&leo=ligula&maecenas=sit&pulvinar=amet&lobortis=eleifend&est=pede&phasellus=libero&sit=quis&amet=orci&erat=nullam&nulla=molestie&tempus=nibh&vivamus=in&in=lectus&felis=pellentesque&eu=at&sapien=nulla&cursus=suspendisse&vestibulum=potenti&proin=cras&eu=in&mi=purus&nulla=eu&ac=magna&enim=vulputate&in=luctus&tempor=cum&turpis=sociis&nec=natoque&euismod=penatibus&scelerisque=et&quam=magnis&turpis=dis,TRUE
+https://amazon.com/placerat/ante/nulla/justo/aliquam/quis/turpis.js?et=aenean&magnis=lectus&dis=pellentesque&parturient=eget&montes=nunc&nascetur=donec&ridiculus=quis&mus=orci&vivamus=eget&vestibulum=orci&sagittis=vehicula&sapien=condimentum&cum=curabitur&sociis=in&natoque=libero&penatibus=ut&et=massa&magnis=volutpat&dis=convallis&parturient=morbi&montes=odio&nascetur=odio&ridiculus=elementum&mus=eu&etiam=interdum&vel=eu&augue=tincidunt&vestibulum=in&rutrum=leo&rutrum=maecenas&neque=pulvinar&aenean=lobortis&auctor=est&gravida=phasellus&sem=sit&praesent=amet&id=erat&massa=nulla&id=tempus&nisl=vivamus&venenatis=in&lacinia=felis&aenean=eu&sit=sapien&amet=cursus&justo=vestibulum&morbi=proin&ut=eu&odio=mi&cras=nulla&mi=ac&pede=enim&malesuada=in&in=tempor&imperdiet=turpis&et=nec&commodo=euismod&vulputate=scelerisque&justo=quam,TRUE
+http://craigslist.org/sapien/cursus/vestibulum/proin/eu/mi/nulla.jsp?diam=vitae&in=nisl&magna=aenean&bibendum=lectus&imperdiet=pellentesque&nullam=eget&orci=nunc&pede=donec&venenatis=quis&non=orci&sodales=eget&sed=orci&tincidunt=vehicula&eu=condimentum&felis=curabitur&fusce=in&posuere=libero&felis=ut&sed=massa&lacus=volutpat&morbi=convallis&sem=morbi&mauris=odio&laoreet=odio&ut=elementum&rhoncus=eu&aliquet=interdum&pulvinar=eu&sed=tincidunt&nisl=in&nunc=leo&rhoncus=maecenas&dui=pulvinar&vel=lobortis&sem=est&sed=phasellus&sagittis=sit&nam=amet&congue=erat&risus=nulla&semper=tempus&porta=vivamus&volutpat=in&quam=felis&pede=eu&lobortis=sapien&ligula=cursus&sit=vestibulum&amet=proin&eleifend=eu&pede=mi&libero=nulla&quis=ac&orci=enim&nullam=in&molestie=tempor&nibh=turpis&in=nec&lectus=euismod&pellentesque=scelerisque&at=quam&nulla=turpis&suspendisse=adipiscing&potenti=lorem&cras=vitae&in=mattis&purus=nibh&eu=ligula&magna=nec&vulputate=sem&luctus=duis&cum=aliquam&sociis=convallis&natoque=nunc&penatibus=proin&et=at&magnis=turpis&dis=a&parturient=pede&montes=posuere&nascetur=nonummy&ridiculus=integer&mus=non&vivamus=velit&vestibulum=donec,TRUE
+http://noaa.gov/maecenas/leo/odio/condimentum.html?adipiscing=sed&elit=vestibulum&proin=sit&interdum=amet&mauris=cursus&non=id&ligula=turpis&pellentesque=integer&ultrices=aliquet&phasellus=massa&id=id&sapien=lobortis&in=convallis&sapien=tortor&iaculis=risus&congue=dapibus&vivamus=augue&metus=vel&arcu=accumsan&adipiscing=tellus&molestie=nisi&hendrerit=eu&at=orci&vulputate=mauris&vitae=lacinia&nisl=sapien&aenean=quis&lectus=libero&pellentesque=nullam&eget=sit&nunc=amet&donec=turpis&quis=elementum&orci=ligula&eget=vehicula&orci=consequat&vehicula=morbi&condimentum=a&curabitur=ipsum&in=integer&libero=a&ut=nibh&massa=in&volutpat=quis&convallis=justo&morbi=maecenas&odio=rhoncus&odio=aliquam&elementum=lacus&eu=morbi&interdum=quis&eu=tortor&tincidunt=id&in=nulla&leo=ultrices&maecenas=aliquet&pulvinar=maecenas&lobortis=leo&est=odio&phasellus=condimentum&sit=id&amet=luctus&erat=nec&nulla=molestie&tempus=sed&vivamus=justo&in=pellentesque&felis=viverra&eu=pede&sapien=ac&cursus=diam&vestibulum=cras&proin=pellentesque&eu=volutpat&mi=dui&nulla=maecenas&ac=tristique&enim=est&in=et&tempor=tempus&turpis=semper&nec=est&euismod=quam&scelerisque=pharetra&quam=magna&turpis=ac&adipiscing=consequat&lorem=metus&vitae=sapien&mattis=ut&nibh=nunc&ligula=vestibulum&nec=ante&sem=ipsum&duis=primis&aliquam=in&convallis=faucibus&nunc=orci&proin=luctus&at=et,TRUE
+http://apple.com/sit/amet/diam/in/magna/bibendum.jsp?lobortis=accumsan&est=tellus&phasellus=nisi&sit=eu&amet=orci&erat=mauris&nulla=lacinia&tempus=sapien&vivamus=quis,TRUE
+http://whitehouse.gov/tortor/duis.json?vestibulum=et&ante=ultrices&ipsum=posuere&primis=cubilia&in=curae&faucibus=duis&orci=faucibus&luctus=accumsan&et=odio&ultrices=curabitur&posuere=convallis&cubilia=duis&curae=consequat&duis=dui,TRUE
+http://patch.com/sapien/non/mi/integer/ac/neque/duis.xml?lectus=ut&in=nulla&quam=sed&fringilla=accumsan&rhoncus=felis&mauris=ut&enim=at&leo=dolor&rhoncus=quis&sed=odio&vestibulum=consequat&sit=varius&amet=integer&cursus=ac&id=leo&turpis=pellentesque&integer=ultrices&aliquet=mattis&massa=odio&id=donec&lobortis=vitae&convallis=nisi&tortor=nam&risus=ultrices&dapibus=libero&augue=non&vel=mattis&accumsan=pulvinar&tellus=nulla&nisi=pede&eu=ullamcorper&orci=augue&mauris=a&lacinia=suscipit&sapien=nulla&quis=elit&libero=ac&nullam=nulla&sit=sed&amet=vel&turpis=enim&elementum=sit&ligula=amet&vehicula=nunc&consequat=viverra&morbi=dapibus&a=nulla&ipsum=suscipit,TRUE
+http://disqus.com/luctus/et.js?molestie=potenti&nibh=cras&in=in&lectus=purus&pellentesque=eu&at=magna&nulla=vulputate&suspendisse=luctus&potenti=cum&cras=sociis&in=natoque&purus=penatibus&eu=et&magna=magnis&vulputate=dis&luctus=parturient&cum=montes&sociis=nascetur&natoque=ridiculus&penatibus=mus&et=vivamus&magnis=vestibulum&dis=sagittis&parturient=sapien&montes=cum&nascetur=sociis&ridiculus=natoque&mus=penatibus&vivamus=et&vestibulum=magnis&sagittis=dis&sapien=parturient&cum=montes&sociis=nascetur&natoque=ridiculus&penatibus=mus&et=etiam&magnis=vel&dis=augue&parturient=vestibulum&montes=rutrum&nascetur=rutrum&ridiculus=neque&mus=aenean&etiam=auctor&vel=gravida&augue=sem&vestibulum=praesent&rutrum=id,TRUE
+https://reuters.com/aenean/lectus.jsp?neque=elementum&libero=pellentesque&convallis=quisque&eget=porta&eleifend=volutpat&luctus=erat&ultricies=quisque&eu=erat&nibh=eros&quisque=viverra&id=eget&justo=congue&sit=eget&amet=semper&sapien=rutrum&dignissim=nulla&vestibulum=nunc&vestibulum=purus&ante=phasellus&ipsum=in&primis=felis&in=donec&faucibus=semper&orci=sapien&luctus=a&et=libero&ultrices=nam&posuere=dui&cubilia=proin&curae=leo&nulla=odio&dapibus=porttitor&dolor=id&vel=consequat&est=in&donec=consequat&odio=ut&justo=nulla,TRUE
+https://usda.gov/commodo/vulputate/justo/in.aspx?lobortis=nisl&sapien=venenatis&sapien=lacinia&non=aenean&mi=sit&integer=amet&ac=justo&neque=morbi&duis=ut&bibendum=odio&morbi=cras&non=mi&quam=pede&nec=malesuada&dui=in&luctus=imperdiet&rutrum=et&nulla=commodo&tellus=vulputate&in=justo&sagittis=in&dui=blandit&vel=ultrices&nisl=enim&duis=lorem&ac=ipsum&nibh=dolor&fusce=sit&lacus=amet&purus=consectetuer&aliquet=adipiscing&at=elit&feugiat=proin&non=interdum&pretium=mauris&quis=non&lectus=ligula&suspendisse=pellentesque&potenti=ultrices&in=phasellus&eleifend=id&quam=sapien&a=in&odio=sapien&in=iaculis&hac=congue&habitasse=vivamus&platea=metus&dictumst=arcu&maecenas=adipiscing&ut=molestie&massa=hendrerit&quis=at&augue=vulputate&luctus=vitae&tincidunt=nisl&nulla=aenean&mollis=lectus&molestie=pellentesque&lorem=eget&quisque=nunc&ut=donec&erat=quis&curabitur=orci&gravida=eget&nisi=orci&at=vehicula&nibh=condimentum&in=curabitur&hac=in&habitasse=libero&platea=ut&dictumst=massa&aliquam=volutpat&augue=convallis&quam=morbi&sollicitudin=odio&vitae=odio&consectetuer=elementum&eget=eu&rutrum=interdum&at=eu&lorem=tincidunt&integer=in&tincidunt=leo&ante=maecenas&vel=pulvinar&ipsum=lobortis&praesent=est&blandit=phasellus&lacinia=sit&erat=amet&vestibulum=erat&sed=nulla&magna=tempus&at=vivamus,TRUE
+http://pagesperso-orange.fr/integer/a.jsp?lectus=ac&in=consequat&est=metus&risus=sapien&auctor=ut&sed=nunc&tristique=vestibulum&in=ante&tempus=ipsum&sit=primis&amet=in&sem=faucibus&fusce=orci&consequat=luctus&nulla=et&nisl=ultrices&nunc=posuere&nisl=cubilia&duis=curae&bibendum=mauris&felis=viverra&sed=diam&interdum=vitae&venenatis=quam&turpis=suspendisse&enim=potenti&blandit=nullam&mi=porttitor&in=lacus&porttitor=at&pede=turpis&justo=donec&eu=posuere&massa=metus&donec=vitae&dapibus=ipsum&duis=aliquam&at=non&velit=mauris&eu=morbi&est=non&congue=lectus&elementum=aliquam&in=sit&hac=amet&habitasse=diam&platea=in&dictumst=magna&morbi=bibendum&vestibulum=imperdiet&velit=nullam&id=orci&pretium=pede&iaculis=venenatis&diam=non&erat=sodales&fermentum=sed&justo=tincidunt&nec=eu&condimentum=felis&neque=fusce&sapien=posuere&placerat=felis&ante=sed&nulla=lacus&justo=morbi&aliquam=sem&quis=mauris&turpis=laoreet&eget=ut&elit=rhoncus&sodales=aliquet&scelerisque=pulvinar&mauris=sed&sit=nisl&amet=nunc&eros=rhoncus&suspendisse=dui&accumsan=vel&tortor=sem&quis=sed&turpis=sagittis&sed=nam&ante=congue&vivamus=risus,TRUE
+https://theguardian.com/libero/rutrum/ac/lobortis/vel/dapibus.aspx?aliquet=at&maecenas=velit&leo=eu&odio=est&condimentum=congue&id=elementum&luctus=in&nec=hac&molestie=habitasse&sed=platea&justo=dictumst&pellentesque=morbi&viverra=vestibulum&pede=velit&ac=id&diam=pretium&cras=iaculis&pellentesque=diam&volutpat=erat&dui=fermentum&maecenas=justo&tristique=nec&est=condimentum&et=neque&tempus=sapien,TRUE
+https://aol.com/cubilia.aspx?pellentesque=dui&eget=proin&nunc=leo&donec=odio&quis=porttitor&orci=id&eget=consequat&orci=in,TRUE
+https://statcounter.com/nec.json?orci=augue&vehicula=vestibulum&condimentum=ante&curabitur=ipsum&in=primis&libero=in&ut=faucibus&massa=orci&volutpat=luctus&convallis=et&morbi=ultrices&odio=posuere&odio=cubilia&elementum=curae&eu=donec&interdum=pharetra&eu=magna&tincidunt=vestibulum&in=aliquet&leo=ultrices&maecenas=erat&pulvinar=tortor&lobortis=sollicitudin&est=mi&phasellus=sit&sit=amet&amet=lobortis&erat=sapien&nulla=sapien&tempus=non&vivamus=mi&in=integer&felis=ac&eu=neque&sapien=duis&cursus=bibendum&vestibulum=morbi&proin=non&eu=quam&mi=nec&nulla=dui&ac=luctus&enim=rutrum&in=nulla&tempor=tellus&turpis=in&nec=sagittis&euismod=dui&scelerisque=vel&quam=nisl&turpis=duis&adipiscing=ac&lorem=nibh&vitae=fusce&mattis=lacus&nibh=purus,TRUE
+https://craigslist.org/ut/mauris/eget/massa/tempor/convallis/nulla.js?in=ante&est=ipsum&risus=primis&auctor=in&sed=faucibus&tristique=orci&in=luctus&tempus=et&sit=ultrices&amet=posuere&sem=cubilia&fusce=curae&consequat=mauris&nulla=viverra&nisl=diam&nunc=vitae&nisl=quam&duis=suspendisse&bibendum=potenti&felis=nullam&sed=porttitor&interdum=lacus&venenatis=at&turpis=turpis&enim=donec&blandit=posuere&mi=metus&in=vitae&porttitor=ipsum&pede=aliquam&justo=non&eu=mauris&massa=morbi&donec=non&dapibus=lectus&duis=aliquam&at=sit&velit=amet&eu=diam&est=in&congue=magna&elementum=bibendum&in=imperdiet&hac=nullam&habitasse=orci&platea=pede&dictumst=venenatis&morbi=non&vestibulum=sodales,TRUE
+http://yolasite.com/curae/duis/faucibus/accumsan/odio/curabitur/convallis.aspx?orci=quisque&luctus=erat&et=eros&ultrices=viverra&posuere=eget&cubilia=congue&curae=eget&nulla=semper&dapibus=rutrum&dolor=nulla&vel=nunc&est=purus&donec=phasellus&odio=in&justo=felis&sollicitudin=donec,TRUE
+https://google.de/quam/sapien.jsp?consequat=vel&dui=ipsum&nec=praesent&nisi=blandit&volutpat=lacinia&eleifend=erat&donec=vestibulum&ut=sed&dolor=magna&morbi=at&vel=nunc&lectus=commodo&in=placerat&quam=praesent&fringilla=blandit&rhoncus=nam&mauris=nulla&enim=integer&leo=pede&rhoncus=justo&sed=lacinia&vestibulum=eget&sit=tincidunt&amet=eget&cursus=tempus&id=vel&turpis=pede&integer=morbi&aliquet=porttitor&massa=lorem&id=id&lobortis=ligula&convallis=suspendisse&tortor=ornare&risus=consequat&dapibus=lectus&augue=in&vel=est&accumsan=risus&tellus=auctor&nisi=sed&eu=tristique&orci=in&mauris=tempus&lacinia=sit&sapien=amet&quis=sem,TRUE
+https://bizjournals.com/pede.jsp?ligula=porttitor&vehicula=lacus&consequat=at&morbi=turpis&a=donec&ipsum=posuere&integer=metus&a=vitae&nibh=ipsum&in=aliquam&quis=non&justo=mauris&maecenas=morbi&rhoncus=non&aliquam=lectus&lacus=aliquam&morbi=sit&quis=amet&tortor=diam&id=in&nulla=magna&ultrices=bibendum&aliquet=imperdiet&maecenas=nullam&leo=orci&odio=pede&condimentum=venenatis&id=non&luctus=sodales&nec=sed&molestie=tincidunt&sed=eu&justo=felis&pellentesque=fusce&viverra=posuere&pede=felis&ac=sed&diam=lacus&cras=morbi&pellentesque=sem&volutpat=mauris&dui=laoreet&maecenas=ut&tristique=rhoncus&est=aliquet&et=pulvinar&tempus=sed&semper=nisl&est=nunc&quam=rhoncus&pharetra=dui&magna=vel&ac=sem,TRUE
+https://wisc.edu/eu/massa/donec/dapibus.json?odio=ipsum&cras=dolor&mi=sit&pede=amet&malesuada=consectetuer&in=adipiscing&imperdiet=elit&et=proin&commodo=interdum&vulputate=mauris&justo=non&in=ligula&blandit=pellentesque&ultrices=ultrices&enim=phasellus&lorem=id&ipsum=sapien&dolor=in&sit=sapien&amet=iaculis&consectetuer=congue&adipiscing=vivamus&elit=metus&proin=arcu&interdum=adipiscing&mauris=molestie&non=hendrerit&ligula=at&pellentesque=vulputate&ultrices=vitae&phasellus=nisl&id=aenean&sapien=lectus&in=pellentesque&sapien=eget&iaculis=nunc&congue=donec&vivamus=quis&metus=orci&arcu=eget&adipiscing=orci&molestie=vehicula&hendrerit=condimentum&at=curabitur&vulputate=in&vitae=libero&nisl=ut&aenean=massa&lectus=volutpat&pellentesque=convallis&eget=morbi,TRUE
+http://wordpress.com/in/faucibus/orci.png?nonummy=eleifend&maecenas=donec&tincidunt=ut&lacus=dolor&at=morbi&velit=vel&vivamus=lectus&vel=in&nulla=quam&eget=fringilla&eros=rhoncus&elementum=mauris&pellentesque=enim&quisque=leo&porta=rhoncus&volutpat=sed,TRUE
+https://si.edu/ipsum/primis/in.html?convallis=eros&eget=vestibulum&eleifend=ac&luctus=est&ultricies=lacinia&eu=nisi&nibh=venenatis&quisque=tristique&id=fusce&justo=congue&sit=diam&amet=id&sapien=ornare&dignissim=imperdiet&vestibulum=sapien&vestibulum=urna&ante=pretium&ipsum=nisl&primis=ut,TRUE
+https://icq.com/ullamcorper/augue/a/suscipit/nulla.jpg?curabitur=pede,TRUE
+http://comsenz.com/sed/lacus/morbi/sem/mauris.aspx?diam=eget&in=eleifend&magna=luctus&bibendum=ultricies&imperdiet=eu&nullam=nibh&orci=quisque&pede=id&venenatis=justo&non=sit&sodales=amet&sed=sapien&tincidunt=dignissim&eu=vestibulum&felis=vestibulum&fusce=ante&posuere=ipsum&felis=primis&sed=in&lacus=faucibus&morbi=orci&sem=luctus&mauris=et&laoreet=ultrices&ut=posuere&rhoncus=cubilia&aliquet=curae&pulvinar=nulla&sed=dapibus&nisl=dolor&nunc=vel&rhoncus=est&dui=donec&vel=odio&sem=justo&sed=sollicitudin&sagittis=ut&nam=suscipit&congue=a&risus=feugiat&semper=et&porta=eros&volutpat=vestibulum&quam=ac&pede=est&lobortis=lacinia&ligula=nisi&sit=venenatis&amet=tristique&eleifend=fusce&pede=congue&libero=diam&quis=id&orci=ornare&nullam=imperdiet&molestie=sapien&nibh=urna&in=pretium,TRUE
+https://deviantart.com/in/sapien/iaculis/congue/vivamus/metus/arcu.xml?lorem=id&quisque=justo&ut=sit&erat=amet&curabitur=sapien&gravida=dignissim&nisi=vestibulum&at=vestibulum&nibh=ante&in=ipsum&hac=primis&habitasse=in&platea=faucibus&dictumst=orci&aliquam=luctus&augue=et&quam=ultrices&sollicitudin=posuere&vitae=cubilia&consectetuer=curae&eget=nulla&rutrum=dapibus&at=dolor,TRUE
+http://aol.com/pretium/iaculis/justo/in/hac.js?integer=metus&a=aenean&nibh=fermentum&in=donec&quis=ut&justo=mauris&maecenas=eget&rhoncus=massa&aliquam=tempor&lacus=convallis&morbi=nulla&quis=neque&tortor=libero&id=convallis&nulla=eget&ultrices=eleifend&aliquet=luctus&maecenas=ultricies&leo=eu&odio=nibh&condimentum=quisque&id=id&luctus=justo&nec=sit&molestie=amet&sed=sapien&justo=dignissim&pellentesque=vestibulum&viverra=vestibulum&pede=ante&ac=ipsum&diam=primis&cras=in&pellentesque=faucibus&volutpat=orci&dui=luctus&maecenas=et&tristique=ultrices&est=posuere&et=cubilia&tempus=curae&semper=nulla&est=dapibus&quam=dolor&pharetra=vel&magna=est&ac=donec&consequat=odio&metus=justo&sapien=sollicitudin&ut=ut&nunc=suscipit&vestibulum=a,TRUE
+https://ning.com/ut.js?cursus=aliquam&vestibulum=lacus&proin=morbi&eu=quis&mi=tortor&nulla=id&ac=nulla&enim=ultrices&in=aliquet&tempor=maecenas&turpis=leo&nec=odio&euismod=condimentum&scelerisque=id&quam=luctus&turpis=nec&adipiscing=molestie&lorem=sed&vitae=justo&mattis=pellentesque&nibh=viverra&ligula=pede&nec=ac&sem=diam&duis=cras&aliquam=pellentesque&convallis=volutpat&nunc=dui&proin=maecenas&at=tristique&turpis=est&a=et&pede=tempus&posuere=semper&nonummy=est&integer=quam&non=pharetra&velit=magna&donec=ac&diam=consequat&neque=metus&vestibulum=sapien&eget=ut&vulputate=nunc&ut=vestibulum&ultrices=ante&vel=ipsum&augue=primis&vestibulum=in&ante=faucibus&ipsum=orci&primis=luctus&in=et&faucibus=ultrices&orci=posuere&luctus=cubilia&et=curae&ultrices=mauris&posuere=viverra&cubilia=diam&curae=vitae&donec=quam&pharetra=suspendisse&magna=potenti&vestibulum=nullam&aliquet=porttitor&ultrices=lacus&erat=at&tortor=turpis&sollicitudin=donec&mi=posuere&sit=metus&amet=vitae&lobortis=ipsum&sapien=aliquam&sapien=non&non=mauris&mi=morbi&integer=non&ac=lectus&neque=aliquam&duis=sit&bibendum=amet&morbi=diam&non=in&quam=magna&nec=bibendum&dui=imperdiet&luctus=nullam&rutrum=orci,TRUE
+http://so-net.ne.jp/mattis/egestas/metus/aenean/fermentum.jsp?dui=nulla&maecenas=ut&tristique=erat&est=id&et=mauris&tempus=vulputate&semper=elementum&est=nullam&quam=varius&pharetra=nulla&magna=facilisi&ac=cras&consequat=non&metus=velit&sapien=nec&ut=nisi&nunc=vulputate&vestibulum=nonummy&ante=maecenas&ipsum=tincidunt&primis=lacus&in=at&faucibus=velit&orci=vivamus&luctus=vel&et=nulla&ultrices=eget&posuere=eros&cubilia=elementum&curae=pellentesque&mauris=quisque&viverra=porta&diam=volutpat&vitae=erat&quam=quisque&suspendisse=erat&potenti=eros&nullam=viverra,TRUE
+http://aol.com/in/congue/etiam/justo/etiam/pretium.js?laoreet=volutpat&ut=eleifend&rhoncus=donec&aliquet=ut&pulvinar=dolor&sed=morbi&nisl=vel&nunc=lectus&rhoncus=in&dui=quam&vel=fringilla&sem=rhoncus&sed=mauris&sagittis=enim&nam=leo&congue=rhoncus&risus=sed&semper=vestibulum&porta=sit&volutpat=amet&quam=cursus&pede=id&lobortis=turpis&ligula=integer&sit=aliquet&amet=massa&eleifend=id&pede=lobortis&libero=convallis&quis=tortor&orci=risus&nullam=dapibus&molestie=augue&nibh=vel&in=accumsan&lectus=tellus&pellentesque=nisi&at=eu&nulla=orci,TRUE
+https://latimes.com/id/massa/id/nisl/venenatis/lacinia.xml?cubilia=arcu&curae=adipiscing&duis=molestie&faucibus=hendrerit&accumsan=at&odio=vulputate&curabitur=vitae&convallis=nisl&duis=aenean&consequat=lectus&dui=pellentesque&nec=eget&nisi=nunc&volutpat=donec&eleifend=quis&donec=orci&ut=eget&dolor=orci&morbi=vehicula&vel=condimentum&lectus=curabitur&in=in&quam=libero&fringilla=ut&rhoncus=massa&mauris=volutpat&enim=convallis&leo=morbi,TRUE
+https://vkontakte.ru/at/feugiat/non/pretium.js?morbi=rutrum&vel=ac,TRUE
+http://state.tx.us/quam/suspendisse/potenti.jpg?aliquam=molestie&convallis=sed&nunc=justo&proin=pellentesque&at=viverra&turpis=pede&a=ac&pede=diam&posuere=cras&nonummy=pellentesque&integer=volutpat&non=dui&velit=maecenas&donec=tristique&diam=est&neque=et&vestibulum=tempus&eget=semper&vulputate=est&ut=quam&ultrices=pharetra&vel=magna&augue=ac&vestibulum=consequat&ante=metus&ipsum=sapien&primis=ut&in=nunc&faucibus=vestibulum&orci=ante&luctus=ipsum,TRUE
+https://yelp.com/integer/non/velit/donec/diam/neque/vestibulum.json?in=nulla&purus=eget&eu=eros&magna=elementum&vulputate=pellentesque&luctus=quisque&cum=porta&sociis=volutpat&natoque=erat&penatibus=quisque&et=erat&magnis=eros&dis=viverra&parturient=eget&montes=congue&nascetur=eget&ridiculus=semper&mus=rutrum&vivamus=nulla&vestibulum=nunc&sagittis=purus&sapien=phasellus&cum=in&sociis=felis&natoque=donec&penatibus=semper&et=sapien,TRUE
+http://eepurl.com/dolor.aspx?vel=erat&est=quisque&donec=erat&odio=eros&justo=viverra&sollicitudin=eget&ut=congue&suscipit=eget&a=semper&feugiat=rutrum&et=nulla&eros=nunc&vestibulum=purus&ac=phasellus&est=in&lacinia=felis&nisi=donec&venenatis=semper&tristique=sapien&fusce=a&congue=libero&diam=nam&id=dui&ornare=proin&imperdiet=leo&sapien=odio&urna=porttitor&pretium=id&nisl=consequat&ut=in,TRUE
+https://jiathis.com/molestie/lorem/quisque/ut/erat.json?eget=cubilia&vulputate=curae&ut=donec&ultrices=pharetra&vel=magna&augue=vestibulum&vestibulum=aliquet&ante=ultrices&ipsum=erat&primis=tortor&in=sollicitudin&faucibus=mi&orci=sit&luctus=amet&et=lobortis&ultrices=sapien&posuere=sapien&cubilia=non&curae=mi&donec=integer&pharetra=ac&magna=neque&vestibulum=duis&aliquet=bibendum&ultrices=morbi&erat=non&tortor=quam&sollicitudin=nec&mi=dui,TRUE
+https://merriam-webster.com/fermentum/justo/nec/condimentum/neque/sapien/placerat.png?est=pede&donec=venenatis&odio=non&justo=sodales&sollicitudin=sed&ut=tincidunt&suscipit=eu&a=felis&feugiat=fusce&et=posuere&eros=felis&vestibulum=sed,TRUE
+https://free.fr/eros/suspendisse/accumsan/tortor/quis.jpg?est=diam&quam=vitae&pharetra=quam&magna=suspendisse&ac=potenti&consequat=nullam&metus=porttitor&sapien=lacus&ut=at&nunc=turpis&vestibulum=donec&ante=posuere&ipsum=metus&primis=vitae&in=ipsum&faucibus=aliquam&orci=non&luctus=mauris&et=morbi&ultrices=non&posuere=lectus&cubilia=aliquam&curae=sit&mauris=amet&viverra=diam&diam=in&vitae=magna&quam=bibendum&suspendisse=imperdiet&potenti=nullam&nullam=orci&porttitor=pede&lacus=venenatis&at=non&turpis=sodales&donec=sed&posuere=tincidunt&metus=eu&vitae=felis&ipsum=fusce&aliquam=posuere&non=felis&mauris=sed&morbi=lacus&non=morbi&lectus=sem&aliquam=mauris&sit=laoreet&amet=ut&diam=rhoncus&in=aliquet&magna=pulvinar&bibendum=sed&imperdiet=nisl&nullam=nunc&orci=rhoncus&pede=dui&venenatis=vel&non=sem&sodales=sed&sed=sagittis&tincidunt=nam&eu=congue&felis=risus&fusce=semper&posuere=porta&felis=volutpat&sed=quam&lacus=pede&morbi=lobortis&sem=ligula&mauris=sit&laoreet=amet&ut=eleifend&rhoncus=pede&aliquet=libero&pulvinar=quis&sed=orci&nisl=nullam&nunc=molestie&rhoncus=nibh&dui=in&vel=lectus&sem=pellentesque&sed=at&sagittis=nulla&nam=suspendisse&congue=potenti&risus=cras&semper=in,TRUE
+http://buzzfeed.com/ultrices/posuere/cubilia/curae.aspx?sed=ante&magna=ipsum&at=primis&nunc=in&commodo=faucibus&placerat=orci&praesent=luctus&blandit=et&nam=ultrices&nulla=posuere&integer=cubilia&pede=curae&justo=nulla&lacinia=dapibus&eget=dolor&tincidunt=vel&eget=est&tempus=donec&vel=odio&pede=justo&morbi=sollicitudin&porttitor=ut&lorem=suscipit&id=a&ligula=feugiat&suspendisse=et&ornare=eros&consequat=vestibulum&lectus=ac&in=est&est=lacinia&risus=nisi&auctor=venenatis&sed=tristique&tristique=fusce&in=congue&tempus=diam&sit=id&amet=ornare&sem=imperdiet&fusce=sapien&consequat=urna&nulla=pretium&nisl=nisl&nunc=ut&nisl=volutpat&duis=sapien&bibendum=arcu&felis=sed&sed=augue&interdum=aliquam&venenatis=erat&turpis=volutpat&enim=in&blandit=congue&mi=etiam&in=justo&porttitor=etiam&pede=pretium&justo=iaculis&eu=justo&massa=in&donec=hac&dapibus=habitasse&duis=platea&at=dictumst&velit=etiam&eu=faucibus&est=cursus&congue=urna&elementum=ut&in=tellus&hac=nulla&habitasse=ut&platea=erat&dictumst=id&morbi=mauris&vestibulum=vulputate&velit=elementum&id=nullam&pretium=varius&iaculis=nulla&diam=facilisi&erat=cras&fermentum=non&justo=velit&nec=nec&condimentum=nisi&neque=vulputate&sapien=nonummy&placerat=maecenas&ante=tincidunt&nulla=lacus&justo=at&aliquam=velit&quis=vivamus&turpis=vel&eget=nulla&elit=eget&sodales=eros,TRUE
+https://newsvine.com/et/magnis/dis/parturient/montes/nascetur/ridiculus.json?ut=justo&rhoncus=in&aliquet=blandit&pulvinar=ultrices&sed=enim&nisl=lorem&nunc=ipsum&rhoncus=dolor&dui=sit&vel=amet&sem=consectetuer&sed=adipiscing&sagittis=elit&nam=proin&congue=interdum&risus=mauris&semper=non&porta=ligula&volutpat=pellentesque&quam=ultrices&pede=phasellus,TRUE
+http://ox.ac.uk/convallis/nunc/proin/at/turpis/a.js?curabitur=donec&in=vitae&libero=nisi&ut=nam&massa=ultrices&volutpat=libero&convallis=non&morbi=mattis&odio=pulvinar&odio=nulla&elementum=pede&eu=ullamcorper&interdum=augue&eu=a&tincidunt=suscipit&in=nulla&leo=elit&maecenas=ac&pulvinar=nulla&lobortis=sed&est=vel&phasellus=enim&sit=sit&amet=amet&erat=nunc&nulla=viverra&tempus=dapibus&vivamus=nulla&in=suscipit&felis=ligula&eu=in&sapien=lacus&cursus=curabitur&vestibulum=at&proin=ipsum&eu=ac,TRUE
+http://wikimedia.org/massa/tempor/convallis.aspx?mauris=rhoncus&viverra=dui&diam=vel&vitae=sem&quam=sed&suspendisse=sagittis&potenti=nam&nullam=congue&porttitor=risus&lacus=semper&at=porta&turpis=volutpat&donec=quam&posuere=pede&metus=lobortis&vitae=ligula&ipsum=sit&aliquam=amet&non=eleifend&mauris=pede&morbi=libero&non=quis&lectus=orci&aliquam=nullam&sit=molestie&amet=nibh&diam=in&in=lectus&magna=pellentesque&bibendum=at&imperdiet=nulla&nullam=suspendisse&orci=potenti&pede=cras&venenatis=in&non=purus&sodales=eu&sed=magna&tincidunt=vulputate&eu=luctus&felis=cum&fusce=sociis&posuere=natoque&felis=penatibus&sed=et&lacus=magnis&morbi=dis&sem=parturient&mauris=montes&laoreet=nascetur&ut=ridiculus&rhoncus=mus&aliquet=vivamus&pulvinar=vestibulum&sed=sagittis&nisl=sapien&nunc=cum&rhoncus=sociis&dui=natoque&vel=penatibus&sem=et&sed=magnis&sagittis=dis&nam=parturient&congue=montes&risus=nascetur&semper=ridiculus&porta=mus&volutpat=etiam,TRUE
+http://utexas.edu/sem/fusce/consequat.jpg?lobortis=at&est=nunc&phasellus=commodo&sit=placerat&amet=praesent&erat=blandit&nulla=nam&tempus=nulla&vivamus=integer&in=pede&felis=justo&eu=lacinia&sapien=eget&cursus=tincidunt&vestibulum=eget&proin=tempus&eu=vel&mi=pede&nulla=morbi&ac=porttitor&enim=lorem&in=id&tempor=ligula&turpis=suspendisse&nec=ornare&euismod=consequat&scelerisque=lectus&quam=in&turpis=est&adipiscing=risus&lorem=auctor&vitae=sed&mattis=tristique&nibh=in&ligula=tempus&nec=sit&sem=amet&duis=sem&aliquam=fusce&convallis=consequat&nunc=nulla&proin=nisl&at=nunc&turpis=nisl&a=duis&pede=bibendum&posuere=felis&nonummy=sed&integer=interdum&non=venenatis&velit=turpis&donec=enim&diam=blandit&neque=mi&vestibulum=in&eget=porttitor&vulputate=pede&ut=justo&ultrices=eu&vel=massa&augue=donec&vestibulum=dapibus&ante=duis&ipsum=at&primis=velit&in=eu&faucibus=est&orci=congue&luctus=elementum&et=in&ultrices=hac&posuere=habitasse,TRUE
+http://twitter.com/metus/arcu/adipiscing/molestie/hendrerit/at.jpg?nunc=tincidunt&proin=lacus&at=at&turpis=velit&a=vivamus&pede=vel&posuere=nulla&nonummy=eget&integer=eros&non=elementum&velit=pellentesque&donec=quisque&diam=porta&neque=volutpat&vestibulum=erat&eget=quisque&vulputate=erat&ut=eros&ultrices=viverra&vel=eget&augue=congue&vestibulum=eget&ante=semper&ipsum=rutrum&primis=nulla&in=nunc&faucibus=purus&orci=phasellus&luctus=in,TRUE
+https://wikispaces.com/non/mauris/morbi/non/lectus/aliquam.json?aliquet=amet&at=cursus&feugiat=id&non=turpis&pretium=integer&quis=aliquet&lectus=massa&suspendisse=id&potenti=lobortis&in=convallis&eleifend=tortor&quam=risus&a=dapibus&odio=augue&in=vel&hac=accumsan&habitasse=tellus&platea=nisi&dictumst=eu&maecenas=orci&ut=mauris&massa=lacinia&quis=sapien&augue=quis&luctus=libero&tincidunt=nullam&nulla=sit&mollis=amet&molestie=turpis&lorem=elementum&quisque=ligula&ut=vehicula&erat=consequat&curabitur=morbi&gravida=a&nisi=ipsum&at=integer&nibh=a&in=nibh&hac=in&habitasse=quis&platea=justo&dictumst=maecenas&aliquam=rhoncus&augue=aliquam&quam=lacus&sollicitudin=morbi&vitae=quis&consectetuer=tortor&eget=id&rutrum=nulla,TRUE
+http://51.la/sit/amet/sapien/dignissim/vestibulum/vestibulum.png?sollicitudin=id&mi=consequat&sit=in&amet=consequat&lobortis=ut&sapien=nulla&sapien=sed&non=accumsan&mi=felis&integer=ut&ac=at&neque=dolor&duis=quis&bibendum=odio&morbi=consequat&non=varius&quam=integer&nec=ac&dui=leo&luctus=pellentesque&rutrum=ultrices&nulla=mattis&tellus=odio&in=donec&sagittis=vitae&dui=nisi&vel=nam&nisl=ultrices&duis=libero&ac=non&nibh=mattis&fusce=pulvinar&lacus=nulla&purus=pede&aliquet=ullamcorper&at=augue&feugiat=a&non=suscipit&pretium=nulla&quis=elit&lectus=ac&suspendisse=nulla&potenti=sed&in=vel&eleifend=enim&quam=sit&a=amet&odio=nunc&in=viverra&hac=dapibus&habitasse=nulla&platea=suscipit&dictumst=ligula&maecenas=in&ut=lacus&massa=curabitur&quis=at&augue=ipsum&luctus=ac&tincidunt=tellus&nulla=semper&mollis=interdum,TRUE
+http://ehow.com/sapien/quis/libero/nullam/sit.js?dui=vivamus&maecenas=metus&tristique=arcu&est=adipiscing&et=molestie&tempus=hendrerit&semper=at&est=vulputate&quam=vitae&pharetra=nisl&magna=aenean&ac=lectus&consequat=pellentesque&metus=eget&sapien=nunc&ut=donec&nunc=quis&vestibulum=orci&ante=eget&ipsum=orci&primis=vehicula&in=condimentum&faucibus=curabitur&orci=in&luctus=libero&et=ut&ultrices=massa&posuere=volutpat&cubilia=convallis&curae=morbi&mauris=odio&viverra=odio&diam=elementum&vitae=eu&quam=interdum&suspendisse=eu&potenti=tincidunt&nullam=in&porttitor=leo&lacus=maecenas&at=pulvinar&turpis=lobortis&donec=est&posuere=phasellus&metus=sit&vitae=amet&ipsum=erat&aliquam=nulla&non=tempus&mauris=vivamus&morbi=in&non=felis&lectus=eu&aliquam=sapien&sit=cursus&amet=vestibulum&diam=proin&in=eu&magna=mi&bibendum=nulla&imperdiet=ac&nullam=enim&orci=in&pede=tempor&venenatis=turpis,TRUE
+http://stumbleupon.com/luctus/et/ultrices/posuere/cubilia/curae.aspx?in=ac&blandit=consequat&ultrices=metus&enim=sapien&lorem=ut&ipsum=nunc&dolor=vestibulum&sit=ante&amet=ipsum&consectetuer=primis&adipiscing=in&elit=faucibus&proin=orci&interdum=luctus&mauris=et&non=ultrices&ligula=posuere&pellentesque=cubilia&ultrices=curae&phasellus=mauris,TRUE
+http://narod.ru/montes/nascetur.js?auctor=lacinia&sed=erat&tristique=vestibulum&in=sed&tempus=magna&sit=at&amet=nunc&sem=commodo&fusce=placerat&consequat=praesent&nulla=blandit&nisl=nam&nunc=nulla&nisl=integer&duis=pede&bibendum=justo&felis=lacinia&sed=eget&interdum=tincidunt&venenatis=eget&turpis=tempus&enim=vel&blandit=pede&mi=morbi&in=porttitor&porttitor=lorem&pede=id&justo=ligula&eu=suspendisse&massa=ornare&donec=consequat&dapibus=lectus&duis=in&at=est&velit=risus&eu=auctor&est=sed&congue=tristique&elementum=in&in=tempus&hac=sit&habitasse=amet&platea=sem&dictumst=fusce&morbi=consequat&vestibulum=nulla&velit=nisl&id=nunc&pretium=nisl&iaculis=duis&diam=bibendum&erat=felis&fermentum=sed&justo=interdum&nec=venenatis&condimentum=turpis&neque=enim&sapien=blandit&placerat=mi&ante=in&nulla=porttitor&justo=pede&aliquam=justo&quis=eu&turpis=massa&eget=donec&elit=dapibus&sodales=duis&scelerisque=at&mauris=velit&sit=eu&amet=est&eros=congue&suspendisse=elementum&accumsan=in&tortor=hac,TRUE
+https://parallels.com/massa.js?penatibus=consequat&et=varius&magnis=integer&dis=ac&parturient=leo&montes=pellentesque&nascetur=ultrices&ridiculus=mattis&mus=odio&etiam=donec&vel=vitae&augue=nisi&vestibulum=nam&rutrum=ultrices&rutrum=libero&neque=non&aenean=mattis&auctor=pulvinar&gravida=nulla&sem=pede&praesent=ullamcorper&id=augue&massa=a&id=suscipit&nisl=nulla&venenatis=elit&lacinia=ac&aenean=nulla&sit=sed&amet=vel&justo=enim&morbi=sit&ut=amet&odio=nunc&cras=viverra&mi=dapibus&pede=nulla&malesuada=suscipit&in=ligula&imperdiet=in&et=lacus&commodo=curabitur,TRUE
+http://bravesites.com/amet/lobortis/sapien/sapien/non/mi.html?nunc=quam&nisl=pede&duis=lobortis&bibendum=ligula&felis=sit&sed=amet&interdum=eleifend&venenatis=pede&turpis=libero&enim=quis&blandit=orci&mi=nullam&in=molestie&porttitor=nibh&pede=in&justo=lectus&eu=pellentesque&massa=at&donec=nulla&dapibus=suspendisse&duis=potenti&at=cras&velit=in&eu=purus&est=eu&congue=magna&elementum=vulputate&in=luctus&hac=cum&habitasse=sociis&platea=natoque&dictumst=penatibus&morbi=et&vestibulum=magnis&velit=dis&id=parturient&pretium=montes&iaculis=nascetur&diam=ridiculus&erat=mus&fermentum=vivamus&justo=vestibulum&nec=sagittis&condimentum=sapien&neque=cum&sapien=sociis&placerat=natoque&ante=penatibus&nulla=et&justo=magnis&aliquam=dis&quis=parturient&turpis=montes&eget=nascetur&elit=ridiculus&sodales=mus&scelerisque=etiam&mauris=vel,TRUE
+https://furl.net/phasellus/sit.jpg?quam=vestibulum&turpis=eget&adipiscing=vulputate,TRUE
+https://imgur.com/vestibulum/sed/magna/at/nunc/commodo/placerat.json?convallis=nibh&nulla=fusce&neque=lacus&libero=purus&convallis=aliquet&eget=at&eleifend=feugiat&luctus=non&ultricies=pretium&eu=quis&nibh=lectus&quisque=suspendisse&id=potenti&justo=in&sit=eleifend&amet=quam&sapien=a&dignissim=odio&vestibulum=in&vestibulum=hac&ante=habitasse&ipsum=platea&primis=dictumst&in=maecenas&faucibus=ut&orci=massa&luctus=quis&et=augue&ultrices=luctus&posuere=tincidunt&cubilia=nulla&curae=mollis&nulla=molestie&dapibus=lorem&dolor=quisque&vel=ut&est=erat&donec=curabitur&odio=gravida&justo=nisi&sollicitudin=at&ut=nibh&suscipit=in&a=hac&feugiat=habitasse&et=platea&eros=dictumst&vestibulum=aliquam&ac=augue&est=quam&lacinia=sollicitudin&nisi=vitae&venenatis=consectetuer&tristique=eget&fusce=rutrum&congue=at&diam=lorem&id=integer&ornare=tincidunt&imperdiet=ante&sapien=vel,TRUE
+https://twitpic.com/dapibus/nulla/suscipit/ligula/in/lacus.json?at=justo&velit=sollicitudin&vivamus=ut&vel=suscipit&nulla=a&eget=feugiat&eros=et&elementum=eros&pellentesque=vestibulum&quisque=ac&porta=est&volutpat=lacinia&erat=nisi&quisque=venenatis&erat=tristique,TRUE
+https://taobao.com/in/purus/eu/magna/vulputate/luctus/cum.xml?eu=adipiscing&pede=molestie,TRUE
+http://amazon.co.uk/dui.png?id=cum&nulla=sociis&ultrices=natoque&aliquet=penatibus&maecenas=et&leo=magnis&odio=dis&condimentum=parturient&id=montes&luctus=nascetur&nec=ridiculus&molestie=mus&sed=vivamus&justo=vestibulum&pellentesque=sagittis&viverra=sapien&pede=cum&ac=sociis&diam=natoque&cras=penatibus&pellentesque=et&volutpat=magnis&dui=dis&maecenas=parturient&tristique=montes&est=nascetur&et=ridiculus&tempus=mus&semper=etiam&est=vel&quam=augue&pharetra=vestibulum&magna=rutrum&ac=rutrum&consequat=neque&metus=aenean&sapien=auctor&ut=gravida&nunc=sem&vestibulum=praesent&ante=id&ipsum=massa&primis=id&in=nisl&faucibus=venenatis&orci=lacinia&luctus=aenean&et=sit&ultrices=amet&posuere=justo&cubilia=morbi&curae=ut&mauris=odio,TRUE
+http://sitemeter.com/primis/in/faucibus/orci.jpg?vivamus=ut&metus=massa&arcu=volutpat&adipiscing=convallis&molestie=morbi&hendrerit=odio&at=odio&vulputate=elementum&vitae=eu&nisl=interdum&aenean=eu&lectus=tincidunt&pellentesque=in&eget=leo&nunc=maecenas&donec=pulvinar&quis=lobortis&orci=est&eget=phasellus&orci=sit&vehicula=amet&condimentum=erat&curabitur=nulla&in=tempus&libero=vivamus&ut=in&massa=felis&volutpat=eu&convallis=sapien&morbi=cursus&odio=vestibulum&odio=proin&elementum=eu&eu=mi&interdum=nulla&eu=ac&tincidunt=enim&in=in&leo=tempor&maecenas=turpis&pulvinar=nec&lobortis=euismod&est=scelerisque&phasellus=quam&sit=turpis,TRUE
+https://unesco.org/nisi/at/nibh/in/hac/habitasse/platea.jsp?nulla=sit&facilisi=amet&cras=sem&non=fusce&velit=consequat&nec=nulla&nisi=nisl&vulputate=nunc&nonummy=nisl&maecenas=duis&tincidunt=bibendum&lacus=felis&at=sed&velit=interdum&vivamus=venenatis&vel=turpis&nulla=enim&eget=blandit&eros=mi&elementum=in&pellentesque=porttitor&quisque=pede&porta=justo&volutpat=eu&erat=massa&quisque=donec&erat=dapibus&eros=duis&viverra=at&eget=velit&congue=eu&eget=est&semper=congue&rutrum=elementum&nulla=in&nunc=hac&purus=habitasse&phasellus=platea&in=dictumst&felis=morbi&donec=vestibulum&semper=velit&sapien=id&a=pretium&libero=iaculis&nam=diam&dui=erat&proin=fermentum&leo=justo&odio=nec&porttitor=condimentum&id=neque&consequat=sapien&in=placerat&consequat=ante&ut=nulla&nulla=justo&sed=aliquam&accumsan=quis&felis=turpis&ut=eget&at=elit&dolor=sodales&quis=scelerisque&odio=mauris&consequat=sit&varius=amet&integer=eros&ac=suspendisse&leo=accumsan&pellentesque=tortor&ultrices=quis&mattis=turpis&odio=sed&donec=ante&vitae=vivamus&nisi=tortor&nam=duis&ultrices=mattis&libero=egestas&non=metus&mattis=aenean&pulvinar=fermentum&nulla=donec&pede=ut&ullamcorper=mauris&augue=eget&a=massa&suscipit=tempor&nulla=convallis&elit=nulla&ac=neque&nulla=libero&sed=convallis&vel=eget,TRUE
+https://google.es/curabitur/gravida/nisi.jpg?nisi=justo&vulputate=sollicitudin&nonummy=ut&maecenas=suscipit&tincidunt=a&lacus=feugiat&at=et&velit=eros&vivamus=vestibulum&vel=ac&nulla=est&eget=lacinia&eros=nisi&elementum=venenatis&pellentesque=tristique&quisque=fusce&porta=congue&volutpat=diam&erat=id&quisque=ornare&erat=imperdiet&eros=sapien&viverra=urna&eget=pretium&congue=nisl&eget=ut&semper=volutpat&rutrum=sapien&nulla=arcu&nunc=sed&purus=augue&phasellus=aliquam&in=erat&felis=volutpat&donec=in&semper=congue&sapien=etiam&a=justo&libero=etiam&nam=pretium&dui=iaculis&proin=justo&leo=in&odio=hac&porttitor=habitasse&id=platea,TRUE
+http://amazon.de/eros/viverra/eget/congue/eget/semper.html?pede=posuere&justo=nonummy&lacinia=integer&eget=non&tincidunt=velit&eget=donec&tempus=diam&vel=neque&pede=vestibulum&morbi=eget&porttitor=vulputate&lorem=ut&id=ultrices&ligula=vel&suspendisse=augue&ornare=vestibulum&consequat=ante&lectus=ipsum&in=primis&est=in&risus=faucibus&auctor=orci&sed=luctus&tristique=et&in=ultrices&tempus=posuere&sit=cubilia&amet=curae&sem=donec&fusce=pharetra&consequat=magna&nulla=vestibulum&nisl=aliquet&nunc=ultrices&nisl=erat&duis=tortor&bibendum=sollicitudin&felis=mi&sed=sit&interdum=amet&venenatis=lobortis&turpis=sapien&enim=sapien&blandit=non&mi=mi&in=integer&porttitor=ac&pede=neque&justo=duis&eu=bibendum&massa=morbi&donec=non&dapibus=quam&duis=nec&at=dui&velit=luctus&eu=rutrum&est=nulla&congue=tellus&elementum=in&in=sagittis&hac=dui&habitasse=vel&platea=nisl&dictumst=duis&morbi=ac&vestibulum=nibh&velit=fusce&id=lacus&pretium=purus&iaculis=aliquet&diam=at&erat=feugiat&fermentum=non&justo=pretium&nec=quis&condimentum=lectus&neque=suspendisse&sapien=potenti&placerat=in&ante=eleifend&nulla=quam&justo=a&aliquam=odio&quis=in&turpis=hac,TRUE
+http://google.ca/eu/est/congue/elementum.html?donec=bibendum&vitae=felis&nisi=sed&nam=interdum&ultrices=venenatis&libero=turpis&non=enim&mattis=blandit&pulvinar=mi&nulla=in&pede=porttitor&ullamcorper=pede&augue=justo&a=eu&suscipit=massa&nulla=donec&elit=dapibus&ac=duis&nulla=at&sed=velit&vel=eu&enim=est,TRUE
+http://lulu.com/tortor/quis/turpis/sed/ante/vivamus.png?at=a&nibh=pede&in=posuere&hac=nonummy&habitasse=integer&platea=non&dictumst=velit&aliquam=donec&augue=diam&quam=neque&sollicitudin=vestibulum&vitae=eget&consectetuer=vulputate&eget=ut&rutrum=ultrices&at=vel&lorem=augue&integer=vestibulum&tincidunt=ante&ante=ipsum&vel=primis&ipsum=in&praesent=faucibus&blandit=orci&lacinia=luctus,TRUE
+https://census.gov/duis/mattis/egestas/metus/aenean/fermentum.json?donec=nec&semper=molestie&sapien=sed&a=justo&libero=pellentesque&nam=viverra&dui=pede&proin=ac&leo=diam&odio=cras&porttitor=pellentesque&id=volutpat&consequat=dui&in=maecenas&consequat=tristique&ut=est&nulla=et&sed=tempus&accumsan=semper&felis=est&ut=quam&at=pharetra&dolor=magna&quis=ac&odio=consequat&consequat=metus&varius=sapien&integer=ut&ac=nunc&leo=vestibulum&pellentesque=ante&ultrices=ipsum&mattis=primis&odio=in&donec=faucibus&vitae=orci&nisi=luctus&nam=et&ultrices=ultrices&libero=posuere&non=cubilia&mattis=curae&pulvinar=mauris&nulla=viverra&pede=diam&ullamcorper=vitae&augue=quam&a=suspendisse&suscipit=potenti&nulla=nullam&elit=porttitor&ac=lacus&nulla=at&sed=turpis&vel=donec&enim=posuere&sit=metus&amet=vitae&nunc=ipsum&viverra=aliquam&dapibus=non&nulla=mauris&suscipit=morbi&ligula=non&in=lectus&lacus=aliquam&curabitur=sit&at=amet&ipsum=diam&ac=in&tellus=magna&semper=bibendum&interdum=imperdiet&mauris=nullam&ullamcorper=orci&purus=pede&sit=venenatis&amet=non&nulla=sodales&quisque=sed,TRUE
+https://gmpg.org/platea/dictumst/aliquam/augue.jsp?diam=erat&id=tortor&ornare=sollicitudin&imperdiet=mi&sapien=sit&urna=amet&pretium=lobortis&nisl=sapien&ut=sapien&volutpat=non&sapien=mi&arcu=integer&sed=ac&augue=neque&aliquam=duis&erat=bibendum&volutpat=morbi&in=non&congue=quam&etiam=nec&justo=dui&etiam=luctus&pretium=rutrum&iaculis=nulla&justo=tellus&in=in&hac=sagittis&habitasse=dui&platea=vel&dictumst=nisl,TRUE
+http://nba.com/est/donec/odio.jsp?nascetur=donec&ridiculus=posuere&mus=metus&etiam=vitae&vel=ipsum&augue=aliquam&vestibulum=non&rutrum=mauris&rutrum=morbi&neque=non&aenean=lectus&auctor=aliquam&gravida=sit&sem=amet&praesent=diam&id=in&massa=magna&id=bibendum&nisl=imperdiet&venenatis=nullam&lacinia=orci&aenean=pede&sit=venenatis&amet=non&justo=sodales&morbi=sed&ut=tincidunt&odio=eu&cras=felis&mi=fusce&pede=posuere&malesuada=felis&in=sed,TRUE
+http://youtu.be/purus/eu/magna/vulputate/luctus/cum.json?ultrices=hendrerit&posuere=at&cubilia=vulputate&curae=vitae&duis=nisl&faucibus=aenean&accumsan=lectus&odio=pellentesque&curabitur=eget&convallis=nunc&duis=donec&consequat=quis&dui=orci&nec=eget&nisi=orci&volutpat=vehicula&eleifend=condimentum&donec=curabitur&ut=in&dolor=libero&morbi=ut&vel=massa&lectus=volutpat&in=convallis&quam=morbi&fringilla=odio&rhoncus=odio&mauris=elementum&enim=eu&leo=interdum&rhoncus=eu&sed=tincidunt&vestibulum=in&sit=leo&amet=maecenas&cursus=pulvinar&id=lobortis&turpis=est&integer=phasellus&aliquet=sit&massa=amet&id=erat&lobortis=nulla&convallis=tempus&tortor=vivamus&risus=in&dapibus=felis&augue=eu&vel=sapien&accumsan=cursus&tellus=vestibulum&nisi=proin&eu=eu&orci=mi&mauris=nulla&lacinia=ac&sapien=enim&quis=in&libero=tempor&nullam=turpis&sit=nec&amet=euismod&turpis=scelerisque&elementum=quam&ligula=turpis&vehicula=adipiscing&consequat=lorem&morbi=vitae&a=mattis&ipsum=nibh&integer=ligula&a=nec&nibh=sem&in=duis&quis=aliquam&justo=convallis&maecenas=nunc&rhoncus=proin,TRUE
+https://drupal.org/curabitur.png?cursus=iaculis&id=diam&turpis=erat&integer=fermentum&aliquet=justo&massa=nec&id=condimentum&lobortis=neque&convallis=sapien&tortor=placerat&risus=ante&dapibus=nulla&augue=justo&vel=aliquam&accumsan=quis&tellus=turpis&nisi=eget&eu=elit&orci=sodales&mauris=scelerisque&lacinia=mauris&sapien=sit&quis=amet&libero=eros,TRUE
+https://berkeley.edu/eget/massa.jpg?justo=rutrum&sollicitudin=at&ut=lorem&suscipit=integer&a=tincidunt&feugiat=ante&et=vel&eros=ipsum&vestibulum=praesent&ac=blandit&est=lacinia&lacinia=erat&nisi=vestibulum&venenatis=sed&tristique=magna&fusce=at&congue=nunc&diam=commodo&id=placerat&ornare=praesent,TRUE
+http://bravesites.com/lorem/integer/tincidunt.html?sed=ut&sagittis=tellus&nam=nulla&congue=ut&risus=erat&semper=id,TRUE
+http://delicious.com/cursus/id/turpis/integer/aliquet/massa/id.jsp?nulla=libero&tellus=quis&in=orci&sagittis=nullam&dui=molestie&vel=nibh&nisl=in&duis=lectus&ac=pellentesque&nibh=at&fusce=nulla&lacus=suspendisse&purus=potenti&aliquet=cras&at=in&feugiat=purus&non=eu&pretium=magna&quis=vulputate&lectus=luctus&suspendisse=cum&potenti=sociis&in=natoque&eleifend=penatibus&quam=et&a=magnis&odio=dis&in=parturient&hac=montes&habitasse=nascetur&platea=ridiculus&dictumst=mus&maecenas=vivamus&ut=vestibulum&massa=sagittis&quis=sapien&augue=cum&luctus=sociis&tincidunt=natoque&nulla=penatibus&mollis=et&molestie=magnis&lorem=dis&quisque=parturient&ut=montes&erat=nascetur&curabitur=ridiculus&gravida=mus&nisi=etiam&at=vel&nibh=augue&in=vestibulum&hac=rutrum&habitasse=rutrum&platea=neque&dictumst=aenean&aliquam=auctor&augue=gravida&quam=sem&sollicitudin=praesent&vitae=id&consectetuer=massa&eget=id&rutrum=nisl&at=venenatis&lorem=lacinia&integer=aenean&tincidunt=sit&ante=amet&vel=justo&ipsum=morbi&praesent=ut&blandit=odio&lacinia=cras&erat=mi&vestibulum=pede&sed=malesuada&magna=in&at=imperdiet&nunc=et&commodo=commodo&placerat=vulputate&praesent=justo&blandit=in&nam=blandit&nulla=ultrices&integer=enim&pede=lorem&justo=ipsum&lacinia=dolor&eget=sit&tincidunt=amet&eget=consectetuer,TRUE
+http://tamu.edu/in.png?lorem=ac&vitae=nibh&mattis=fusce&nibh=lacus&ligula=purus&nec=aliquet&sem=at&duis=feugiat&aliquam=non&convallis=pretium&nunc=quis&proin=lectus&at=suspendisse&turpis=potenti&a=in&pede=eleifend&posuere=quam&nonummy=a&integer=odio&non=in&velit=hac&donec=habitasse&diam=platea&neque=dictumst&vestibulum=maecenas&eget=ut&vulputate=massa&ut=quis&ultrices=augue&vel=luctus&augue=tincidunt&vestibulum=nulla&ante=mollis&ipsum=molestie&primis=lorem&in=quisque&faucibus=ut&orci=erat&luctus=curabitur&et=gravida&ultrices=nisi&posuere=at&cubilia=nibh&curae=in&donec=hac&pharetra=habitasse&magna=platea&vestibulum=dictumst&aliquet=aliquam&ultrices=augue&erat=quam&tortor=sollicitudin&sollicitudin=vitae&mi=consectetuer&sit=eget&amet=rutrum&lobortis=at&sapien=lorem&sapien=integer&non=tincidunt&mi=ante&integer=vel&ac=ipsum&neque=praesent&duis=blandit&bibendum=lacinia&morbi=erat&non=vestibulum&quam=sed&nec=magna&dui=at&luctus=nunc&rutrum=commodo&nulla=placerat&tellus=praesent&in=blandit&sagittis=nam&dui=nulla&vel=integer&nisl=pede&duis=justo&ac=lacinia&nibh=eget&fusce=tincidunt&lacus=eget&purus=tempus&aliquet=vel&at=pede&feugiat=morbi&non=porttitor&pretium=lorem,TRUE
+https://state.gov/porttitor/id.js?eros=nisl&vestibulum=nunc&ac=rhoncus&est=dui&lacinia=vel&nisi=sem&venenatis=sed&tristique=sagittis&fusce=nam&congue=congue&diam=risus&id=semper&ornare=porta,TRUE
+http://google.fr/fermentum/donec/ut/mauris.aspx?tincidunt=maecenas&nulla=rhoncus&mollis=aliquam&molestie=lacus&lorem=morbi&quisque=quis&ut=tortor&erat=id&curabitur=nulla&gravida=ultrices,TRUE
+https://odnoklassniki.ru/dapibus/dolor/vel/est/donec.html?sagittis=quisque&dui=erat&vel=eros&nisl=viverra&duis=eget&ac=congue&nibh=eget&fusce=semper&lacus=rutrum&purus=nulla&aliquet=nunc&at=purus&feugiat=phasellus&non=in&pretium=felis&quis=donec&lectus=semper&suspendisse=sapien&potenti=a&in=libero,TRUE
+https://sphinn.com/maecenas/leo/odio.xml?quis=cursus&turpis=vestibulum&eget=proin&elit=eu&sodales=mi&scelerisque=nulla&mauris=ac&sit=enim&amet=in&eros=tempor&suspendisse=turpis&accumsan=nec&tortor=euismod&quis=scelerisque&turpis=quam&sed=turpis&ante=adipiscing&vivamus=lorem&tortor=vitae&duis=mattis&mattis=nibh&egestas=ligula&metus=nec&aenean=sem&fermentum=duis&donec=aliquam&ut=convallis&mauris=nunc&eget=proin&massa=at&tempor=turpis&convallis=a&nulla=pede&neque=posuere&libero=nonummy&convallis=integer&eget=non&eleifend=velit&luctus=donec&ultricies=diam&eu=neque&nibh=vestibulum&quisque=eget&id=vulputate&justo=ut&sit=ultrices&amet=vel&sapien=augue&dignissim=vestibulum&vestibulum=ante&vestibulum=ipsum&ante=primis&ipsum=in&primis=faucibus&in=orci&faucibus=luctus&orci=et&luctus=ultrices&et=posuere&ultrices=cubilia&posuere=curae&cubilia=donec&curae=pharetra&nulla=magna&dapibus=vestibulum&dolor=aliquet&vel=ultrices&est=erat&donec=tortor&odio=sollicitudin&justo=mi&sollicitudin=sit&ut=amet&suscipit=lobortis&a=sapien&feugiat=sapien&et=non&eros=mi&vestibulum=integer&ac=ac&est=neque&lacinia=duis&nisi=bibendum&venenatis=morbi&tristique=non,TRUE
+https://linkedin.com/quis/augue/luctus/tincidunt/nulla/mollis/molestie.html?augue=non&vestibulum=pretium&ante=quis&ipsum=lectus&primis=suspendisse&in=potenti&faucibus=in&orci=eleifend&luctus=quam&et=a&ultrices=odio&posuere=in&cubilia=hac&curae=habitasse&donec=platea&pharetra=dictumst&magna=maecenas&vestibulum=ut&aliquet=massa&ultrices=quis&erat=augue&tortor=luctus&sollicitudin=tincidunt&mi=nulla&sit=mollis&amet=molestie&lobortis=lorem&sapien=quisque&sapien=ut&non=erat&mi=curabitur&integer=gravida&ac=nisi&neque=at&duis=nibh&bibendum=in&morbi=hac&non=habitasse&quam=platea&nec=dictumst&dui=aliquam&luctus=augue&rutrum=quam&nulla=sollicitudin&tellus=vitae&in=consectetuer&sagittis=eget&dui=rutrum&vel=at&nisl=lorem&duis=integer&ac=tincidunt&nibh=ante&fusce=vel&lacus=ipsum&purus=praesent&aliquet=blandit&at=lacinia&feugiat=erat&non=vestibulum&pretium=sed&quis=magna&lectus=at&suspendisse=nunc&potenti=commodo&in=placerat&eleifend=praesent&quam=blandit&a=nam&odio=nulla&in=integer&hac=pede&habitasse=justo&platea=lacinia&dictumst=eget&maecenas=tincidunt&ut=eget&massa=tempus&quis=vel&augue=pede&luctus=morbi&tincidunt=porttitor&nulla=lorem&mollis=id&molestie=ligula&lorem=suspendisse&quisque=ornare&ut=consequat&erat=lectus,TRUE
+https://si.edu/porta/volutpat/quam/pede.json?vivamus=hendrerit&metus=at&arcu=vulputate&adipiscing=vitae&molestie=nisl&hendrerit=aenean&at=lectus&vulputate=pellentesque&vitae=eget&nisl=nunc&aenean=donec&lectus=quis&pellentesque=orci&eget=eget&nunc=orci&donec=vehicula&quis=condimentum&orci=curabitur&eget=in&orci=libero&vehicula=ut&condimentum=massa&curabitur=volutpat&in=convallis&libero=morbi&ut=odio&massa=odio&volutpat=elementum&convallis=eu&morbi=interdum&odio=eu&odio=tincidunt&elementum=in&eu=leo&interdum=maecenas&eu=pulvinar&tincidunt=lobortis&in=est&leo=phasellus&maecenas=sit&pulvinar=amet&lobortis=erat&est=nulla&phasellus=tempus&sit=vivamus&amet=in&erat=felis&nulla=eu&tempus=sapien&vivamus=cursus&in=vestibulum&felis=proin&eu=eu&sapien=mi&cursus=nulla&vestibulum=ac&proin=enim&eu=in&mi=tempor&nulla=turpis&ac=nec&enim=euismod&in=scelerisque&tempor=quam&turpis=turpis&nec=adipiscing&euismod=lorem&scelerisque=vitae&quam=mattis&turpis=nibh&adipiscing=ligula&lorem=nec&vitae=sem&mattis=duis&nibh=aliquam&ligula=convallis&nec=nunc&sem=proin&duis=at&aliquam=turpis&convallis=a&nunc=pede&proin=posuere&at=nonummy&turpis=integer&a=non&pede=velit&posuere=donec&nonummy=diam&integer=neque&non=vestibulum&velit=eget,TRUE
+http://typepad.com/at.aspx?posuere=pede&metus=justo&vitae=eu&ipsum=massa&aliquam=donec&non=dapibus&mauris=duis&morbi=at&non=velit&lectus=eu&aliquam=est&sit=congue&amet=elementum&diam=in&in=hac&magna=habitasse&bibendum=platea&imperdiet=dictumst,TRUE
+http://jigsy.com/molestie/nibh/in.png?erat=nunc&vestibulum=nisl&sed=duis&magna=bibendum&at=felis&nunc=sed&commodo=interdum&placerat=venenatis&praesent=turpis&blandit=enim&nam=blandit&nulla=mi&integer=in&pede=porttitor&justo=pede&lacinia=justo&eget=eu&tincidunt=massa&eget=donec&tempus=dapibus&vel=duis&pede=at&morbi=velit&porttitor=eu&lorem=est&id=congue&ligula=elementum&suspendisse=in&ornare=hac&consequat=habitasse&lectus=platea&in=dictumst&est=morbi&risus=vestibulum&auctor=velit&sed=id&tristique=pretium&in=iaculis&tempus=diam&sit=erat&amet=fermentum&sem=justo&fusce=nec&consequat=condimentum&nulla=neque&nisl=sapien&nunc=placerat&nisl=ante&duis=nulla&bibendum=justo&felis=aliquam&sed=quis&interdum=turpis&venenatis=eget&turpis=elit&enim=sodales&blandit=scelerisque&mi=mauris&in=sit&porttitor=amet&pede=eros&justo=suspendisse&eu=accumsan&massa=tortor&donec=quis&dapibus=turpis&duis=sed&at=ante&velit=vivamus&eu=tortor&est=duis&congue=mattis&elementum=egestas&in=metus&hac=aenean,TRUE
+http://kickstarter.com/justo.aspx?amet=sed&cursus=sagittis&id=nam&turpis=congue&integer=risus&aliquet=semper&massa=porta&id=volutpat&lobortis=quam&convallis=pede&tortor=lobortis&risus=ligula&dapibus=sit&augue=amet&vel=eleifend&accumsan=pede&tellus=libero&nisi=quis&eu=orci&orci=nullam&mauris=molestie&lacinia=nibh&sapien=in&quis=lectus&libero=pellentesque&nullam=at&sit=nulla&amet=suspendisse&turpis=potenti&elementum=cras&ligula=in&vehicula=purus&consequat=eu&morbi=magna&a=vulputate&ipsum=luctus&integer=cum&a=sociis&nibh=natoque&in=penatibus&quis=et&justo=magnis&maecenas=dis&rhoncus=parturient&aliquam=montes&lacus=nascetur&morbi=ridiculus&quis=mus&tortor=vivamus&id=vestibulum&nulla=sagittis&ultrices=sapien&aliquet=cum&maecenas=sociis&leo=natoque&odio=penatibus&condimentum=et&id=magnis&luctus=dis&nec=parturient&molestie=montes&sed=nascetur&justo=ridiculus&pellentesque=mus&viverra=etiam&pede=vel&ac=augue&diam=vestibulum&cras=rutrum&pellentesque=rutrum&volutpat=neque&dui=aenean&maecenas=auctor&tristique=gravida&est=sem&et=praesent&tempus=id&semper=massa&est=id&quam=nisl&pharetra=venenatis&magna=lacinia&ac=aenean&consequat=sit&metus=amet&sapien=justo&ut=morbi&nunc=ut&vestibulum=odio&ante=cras,TRUE
+https://constantcontact.com/quam/pede/lobortis/ligula/sit.html?pretium=eget&nisl=orci&ut=vehicula&volutpat=condimentum&sapien=curabitur&arcu=in&sed=libero&augue=ut&aliquam=massa,TRUE
+https://creativecommons.org/phasellus/in/felis/donec/semper/sapien.js?morbi=turpis&odio=elementum&odio=ligula&elementum=vehicula&eu=consequat&interdum=morbi&eu=a&tincidunt=ipsum&in=integer&leo=a&maecenas=nibh&pulvinar=in&lobortis=quis&est=justo&phasellus=maecenas&sit=rhoncus&amet=aliquam&erat=lacus&nulla=morbi&tempus=quis&vivamus=tortor&in=id&felis=nulla&eu=ultrices&sapien=aliquet,TRUE
+https://aboutads.info/rutrum.xml?volutpat=turpis&sapien=eget&arcu=elit&sed=sodales&augue=scelerisque&aliquam=mauris&erat=sit&volutpat=amet&in=eros&congue=suspendisse&etiam=accumsan&justo=tortor&etiam=quis&pretium=turpis&iaculis=sed&justo=ante&in=vivamus&hac=tortor&habitasse=duis&platea=mattis&dictumst=egestas&etiam=metus&faucibus=aenean&cursus=fermentum&urna=donec&ut=ut&tellus=mauris&nulla=eget&ut=massa&erat=tempor&id=convallis&mauris=nulla&vulputate=neque&elementum=libero&nullam=convallis&varius=eget&nulla=eleifend&facilisi=luctus&cras=ultricies&non=eu&velit=nibh&nec=quisque&nisi=id&vulputate=justo&nonummy=sit&maecenas=amet&tincidunt=sapien&lacus=dignissim&at=vestibulum&velit=vestibulum&vivamus=ante&vel=ipsum&nulla=primis&eget=in&eros=faucibus&elementum=orci&pellentesque=luctus&quisque=et&porta=ultrices&volutpat=posuere&erat=cubilia&quisque=curae&erat=nulla&eros=dapibus,TRUE
+http://ehow.com/vitae/mattis.html?molestie=dolor&hendrerit=quis&at=odio&vulputate=consequat&vitae=varius&nisl=integer&aenean=ac&lectus=leo&pellentesque=pellentesque&eget=ultrices&nunc=mattis&donec=odio&quis=donec&orci=vitae&eget=nisi&orci=nam&vehicula=ultrices&condimentum=libero&curabitur=non&in=mattis&libero=pulvinar&ut=nulla&massa=pede&volutpat=ullamcorper&convallis=augue&morbi=a&odio=suscipit&odio=nulla&elementum=elit&eu=ac&interdum=nulla&eu=sed&tincidunt=vel&in=enim&leo=sit&maecenas=amet&pulvinar=nunc&lobortis=viverra&est=dapibus&phasellus=nulla&sit=suscipit&amet=ligula,TRUE
+https://twitter.com/nullam/porttitor/lacus/at.xml?sit=sed&amet=tristique&justo=in&morbi=tempus&ut=sit,TRUE
+https://slideshare.net/elementum.png?vitae=lectus&nisi=suspendisse&nam=potenti&ultrices=in&libero=eleifend&non=quam&mattis=a&pulvinar=odio&nulla=in&pede=hac&ullamcorper=habitasse&augue=platea&a=dictumst&suscipit=maecenas&nulla=ut&elit=massa&ac=quis&nulla=augue&sed=luctus&vel=tincidunt&enim=nulla&sit=mollis&amet=molestie&nunc=lorem&viverra=quisque&dapibus=ut&nulla=erat&suscipit=curabitur&ligula=gravida&in=nisi&lacus=at&curabitur=nibh&at=in&ipsum=hac&ac=habitasse,TRUE
+https://google.ca/ligula/suspendisse/ornare/consequat.jpg?porttitor=vivamus&pede=tortor&justo=duis&eu=mattis&massa=egestas&donec=metus&dapibus=aenean&duis=fermentum&at=donec&velit=ut&eu=mauris&est=eget&congue=massa&elementum=tempor&in=convallis&hac=nulla&habitasse=neque&platea=libero&dictumst=convallis&morbi=eget&vestibulum=eleifend&velit=luctus&id=ultricies&pretium=eu&iaculis=nibh&diam=quisque&erat=id&fermentum=justo&justo=sit&nec=amet&condimentum=sapien&neque=dignissim&sapien=vestibulum&placerat=vestibulum&ante=ante&nulla=ipsum&justo=primis&aliquam=in&quis=faucibus&turpis=orci&eget=luctus&elit=et&sodales=ultrices&scelerisque=posuere&mauris=cubilia&sit=curae&amet=nulla&eros=dapibus&suspendisse=dolor&accumsan=vel&tortor=est&quis=donec&turpis=odio&sed=justo&ante=sollicitudin&vivamus=ut&tortor=suscipit&duis=a&mattis=feugiat&egestas=et&metus=eros&aenean=vestibulum&fermentum=ac&donec=est&ut=lacinia&mauris=nisi&eget=venenatis&massa=tristique&tempor=fusce&convallis=congue&nulla=diam&neque=id&libero=ornare&convallis=imperdiet&eget=sapien&eleifend=urna&luctus=pretium&ultricies=nisl&eu=ut&nibh=volutpat&quisque=sapien&id=arcu&justo=sed&sit=augue,TRUE
+http://cafepress.com/accumsan/tellus/nisi/eu/orci/mauris.json?suspendisse=vestibulum&potenti=ante&in=ipsum&eleifend=primis&quam=in,TRUE
+http://umich.edu/vivamus/metus/arcu/adipiscing/molestie.jpg?quisque=nam&ut=congue&erat=risus&curabitur=semper&gravida=porta&nisi=volutpat&at=quam,TRUE
+http://ca.gov/sed/augue/aliquam.xml?proin=arcu&interdum=sed&mauris=augue&non=aliquam&ligula=erat&pellentesque=volutpat&ultrices=in&phasellus=congue&id=etiam&sapien=justo&in=etiam&sapien=pretium&iaculis=iaculis&congue=justo&vivamus=in&metus=hac&arcu=habitasse&adipiscing=platea&molestie=dictumst&hendrerit=etiam&at=faucibus&vulputate=cursus&vitae=urna&nisl=ut&aenean=tellus&lectus=nulla&pellentesque=ut&eget=erat&nunc=id&donec=mauris&quis=vulputate&orci=elementum&eget=nullam&orci=varius&vehicula=nulla&condimentum=facilisi&curabitur=cras&in=non&libero=velit&ut=nec&massa=nisi&volutpat=vulputate&convallis=nonummy&morbi=maecenas&odio=tincidunt&odio=lacus&elementum=at&eu=velit&interdum=vivamus&eu=vel&tincidunt=nulla&in=eget&leo=eros&maecenas=elementum&pulvinar=pellentesque&lobortis=quisque&est=porta&phasellus=volutpat&sit=erat&amet=quisque&erat=erat&nulla=eros&tempus=viverra&vivamus=eget,TRUE
+https://bloglovin.com/at/nunc.json?enim=potenti&sit=in&amet=eleifend&nunc=quam&viverra=a&dapibus=odio&nulla=in&suscipit=hac&ligula=habitasse&in=platea&lacus=dictumst&curabitur=maecenas&at=ut&ipsum=massa&ac=quis&tellus=augue&semper=luctus&interdum=tincidunt&mauris=nulla&ullamcorper=mollis&purus=molestie&sit=lorem&amet=quisque&nulla=ut&quisque=erat&arcu=curabitur&libero=gravida&rutrum=nisi&ac=at&lobortis=nibh&vel=in&dapibus=hac&at=habitasse,TRUE
+http://shareasale.com/donec/diam/neque.js?pede=maecenas&malesuada=tincidunt&in=lacus&imperdiet=at&et=velit&commodo=vivamus&vulputate=vel&justo=nulla&in=eget&blandit=eros&ultrices=elementum&enim=pellentesque&lorem=quisque&ipsum=porta&dolor=volutpat&sit=erat&amet=quisque&consectetuer=erat&adipiscing=eros&elit=viverra&proin=eget&interdum=congue&mauris=eget&non=semper&ligula=rutrum&pellentesque=nulla&ultrices=nunc&phasellus=purus&id=phasellus&sapien=in&in=felis,TRUE
+https://harvard.edu/mattis.jpg?eu=libero&sapien=nullam&cursus=sit&vestibulum=amet&proin=turpis&eu=elementum&mi=ligula&nulla=vehicula&ac=consequat&enim=morbi&in=a&tempor=ipsum&turpis=integer&nec=a&euismod=nibh&scelerisque=in&quam=quis&turpis=justo&adipiscing=maecenas&lorem=rhoncus&vitae=aliquam&mattis=lacus&nibh=morbi&ligula=quis&nec=tortor&sem=id&duis=nulla&aliquam=ultrices&convallis=aliquet&nunc=maecenas&proin=leo&at=odio&turpis=condimentum&a=id&pede=luctus&posuere=nec&nonummy=molestie&integer=sed&non=justo&velit=pellentesque&donec=viverra&diam=pede&neque=ac&vestibulum=diam&eget=cras&vulputate=pellentesque&ut=volutpat&ultrices=dui&vel=maecenas&augue=tristique&vestibulum=est&ante=et&ipsum=tempus&primis=semper&in=est&faucibus=quam&orci=pharetra&luctus=magna&et=ac&ultrices=consequat&posuere=metus&cubilia=sapien&curae=ut&donec=nunc&pharetra=vestibulum&magna=ante&vestibulum=ipsum&aliquet=primis&ultrices=in&erat=faucibus&tortor=orci&sollicitudin=luctus&mi=et&sit=ultrices&amet=posuere&lobortis=cubilia&sapien=curae&sapien=mauris&non=viverra&mi=diam&integer=vitae&ac=quam&neque=suspendisse&duis=potenti&bibendum=nullam&morbi=porttitor&non=lacus&quam=at&nec=turpis&dui=donec,TRUE
+https://globo.com/velit/id/pretium/iaculis/diam.xml?accumsan=iaculis&tortor=congue&quis=vivamus&turpis=metus&sed=arcu&ante=adipiscing,TRUE
+https://blogs.com/eu/orci/mauris/lacinia.html?nibh=non&ligula=pretium&nec=quis&sem=lectus&duis=suspendisse&aliquam=potenti&convallis=in&nunc=eleifend&proin=quam&at=a&turpis=odio&a=in&pede=hac&posuere=habitasse&nonummy=platea&integer=dictumst&non=maecenas&velit=ut&donec=massa&diam=quis&neque=augue&vestibulum=luctus&eget=tincidunt&vulputate=nulla&ut=mollis&ultrices=molestie&vel=lorem&augue=quisque&vestibulum=ut&ante=erat&ipsum=curabitur&primis=gravida&in=nisi&faucibus=at&orci=nibh&luctus=in&et=hac&ultrices=habitasse&posuere=platea&cubilia=dictumst&curae=aliquam&donec=augue&pharetra=quam&magna=sollicitudin&vestibulum=vitae&aliquet=consectetuer&ultrices=eget&erat=rutrum&tortor=at&sollicitudin=lorem&mi=integer&sit=tincidunt&amet=ante&lobortis=vel&sapien=ipsum&sapien=praesent&non=blandit&mi=lacinia&integer=erat,TRUE
+http://skype.com/dictumst/morbi/vestibulum/velit.json?sapien=elementum&in=nullam&sapien=varius&iaculis=nulla&congue=facilisi&vivamus=cras&metus=non&arcu=velit&adipiscing=nec&molestie=nisi&hendrerit=vulputate&at=nonummy&vulputate=maecenas&vitae=tincidunt&nisl=lacus&aenean=at&lectus=velit&pellentesque=vivamus&eget=vel&nunc=nulla&donec=eget&quis=eros&orci=elementum&eget=pellentesque&orci=quisque&vehicula=porta&condimentum=volutpat&curabitur=erat&in=quisque&libero=erat&ut=eros&massa=viverra&volutpat=eget&convallis=congue&morbi=eget&odio=semper&odio=rutrum&elementum=nulla&eu=nunc&interdum=purus&eu=phasellus&tincidunt=in&in=felis&leo=donec&maecenas=semper&pulvinar=sapien&lobortis=a&est=libero&phasellus=nam&sit=dui&amet=proin&erat=leo&nulla=odio&tempus=porttitor&vivamus=id&in=consequat&felis=in&eu=consequat&sapien=ut&cursus=nulla&vestibulum=sed&proin=accumsan&eu=felis&mi=ut&nulla=at&ac=dolor&enim=quis&in=odio&tempor=consequat&turpis=varius&nec=integer&euismod=ac&scelerisque=leo&quam=pellentesque&turpis=ultrices&adipiscing=mattis&lorem=odio&vitae=donec&mattis=vitae&nibh=nisi&ligula=nam,TRUE
+https://flickr.com/sapien/cursus.html?ligula=vulputate&pellentesque=luctus&ultrices=cum&phasellus=sociis&id=natoque&sapien=penatibus&in=et&sapien=magnis&iaculis=dis&congue=parturient&vivamus=montes&metus=nascetur&arcu=ridiculus&adipiscing=mus&molestie=vivamus&hendrerit=vestibulum&at=sagittis&vulputate=sapien&vitae=cum&nisl=sociis&aenean=natoque&lectus=penatibus&pellentesque=et&eget=magnis&nunc=dis&donec=parturient&quis=montes&orci=nascetur&eget=ridiculus&orci=mus&vehicula=etiam&condimentum=vel&curabitur=augue&in=vestibulum&libero=rutrum&ut=rutrum&massa=neque&volutpat=aenean&convallis=auctor&morbi=gravida&odio=sem&odio=praesent&elementum=id&eu=massa&interdum=id&eu=nisl&tincidunt=venenatis&in=lacinia&leo=aenean&maecenas=sit&pulvinar=amet&lobortis=justo&est=morbi&phasellus=ut&sit=odio&amet=cras&erat=mi&nulla=pede&tempus=malesuada&vivamus=in&in=imperdiet&felis=et&eu=commodo&sapien=vulputate&cursus=justo&vestibulum=in&proin=blandit&eu=ultrices&mi=enim&nulla=lorem&ac=ipsum&enim=dolor&in=sit&tempor=amet&turpis=consectetuer&nec=adipiscing&euismod=elit&scelerisque=proin&quam=interdum&turpis=mauris&adipiscing=non,TRUE
+http://cnn.com/eleifend/pede/libero/quis/orci/nullam/molestie.js?morbi=lacinia&ut=erat&odio=vestibulum&cras=sed&mi=magna&pede=at&malesuada=nunc&in=commodo&imperdiet=placerat&et=praesent,TRUE
+http://is.gd/fusce.jpg?ac=rutrum&leo=neque&pellentesque=aenean&ultrices=auctor&mattis=gravida&odio=sem&donec=praesent&vitae=id&nisi=massa&nam=id&ultrices=nisl,TRUE
+http://xinhuanet.com/magna/vestibulum/aliquet/ultrices/erat.html?justo=ut&pellentesque=volutpat&viverra=sapien&pede=arcu&ac=sed&diam=augue&cras=aliquam&pellentesque=erat&volutpat=volutpat&dui=in&maecenas=congue&tristique=etiam&est=justo&et=etiam&tempus=pretium&semper=iaculis&est=justo&quam=in&pharetra=hac&magna=habitasse&ac=platea&consequat=dictumst&metus=etiam&sapien=faucibus&ut=cursus&nunc=urna&vestibulum=ut&ante=tellus&ipsum=nulla&primis=ut&in=erat&faucibus=id&orci=mauris&luctus=vulputate&et=elementum&ultrices=nullam&posuere=varius&cubilia=nulla&curae=facilisi&mauris=cras&viverra=non&diam=velit&vitae=nec&quam=nisi&suspendisse=vulputate&potenti=nonummy&nullam=maecenas&porttitor=tincidunt&lacus=lacus&at=at&turpis=velit&donec=vivamus&posuere=vel&metus=nulla&vitae=eget&ipsum=eros&aliquam=elementum&non=pellentesque&mauris=quisque&morbi=porta&non=volutpat&lectus=erat&aliquam=quisque&sit=erat&amet=eros&diam=viverra&in=eget&magna=congue&bibendum=eget&imperdiet=semper&nullam=rutrum&orci=nulla&pede=nunc&venenatis=purus&non=phasellus&sodales=in&sed=felis&tincidunt=donec&eu=semper&felis=sapien&fusce=a&posuere=libero&felis=nam&sed=dui&lacus=proin&morbi=leo&sem=odio&mauris=porttitor&laoreet=id&ut=consequat&rhoncus=in&aliquet=consequat&pulvinar=ut&sed=nulla&nisl=sed&nunc=accumsan&rhoncus=felis&dui=ut&vel=at,TRUE
+https://paypal.com/etiam/faucibus.json?lacus=ipsum&morbi=aliquam&sem=non&mauris=mauris&laoreet=morbi&ut=non&rhoncus=lectus&aliquet=aliquam&pulvinar=sit&sed=amet&nisl=diam&nunc=in&rhoncus=magna&dui=bibendum&vel=imperdiet&sem=nullam&sed=orci&sagittis=pede,TRUE
+http://mashable.com/consequat.json?vel=congue&augue=diam&vestibulum=id&ante=ornare&ipsum=imperdiet&primis=sapien&in=urna&faucibus=pretium&orci=nisl&luctus=ut&et=volutpat&ultrices=sapien&posuere=arcu&cubilia=sed&curae=augue&donec=aliquam&pharetra=erat&magna=volutpat&vestibulum=in&aliquet=congue&ultrices=etiam&erat=justo&tortor=etiam&sollicitudin=pretium&mi=iaculis&sit=justo&amet=in&lobortis=hac&sapien=habitasse&sapien=platea&non=dictumst&mi=etiam&integer=faucibus&ac=cursus&neque=urna&duis=ut&bibendum=tellus&morbi=nulla&non=ut&quam=erat&nec=id&dui=mauris,TRUE
+http://nba.com/mauris/enim.aspx?turpis=posuere&nec=cubilia&euismod=curae&scelerisque=duis&quam=faucibus&turpis=accumsan&adipiscing=odio&lorem=curabitur&vitae=convallis&mattis=duis&nibh=consequat&ligula=dui&nec=nec&sem=nisi&duis=volutpat&aliquam=eleifend&convallis=donec&nunc=ut&proin=dolor&at=morbi&turpis=vel&a=lectus&pede=in&posuere=quam&nonummy=fringilla&integer=rhoncus&non=mauris&velit=enim&donec=leo&diam=rhoncus&neque=sed&vestibulum=vestibulum&eget=sit&vulputate=amet&ut=cursus&ultrices=id&vel=turpis&augue=integer&vestibulum=aliquet&ante=massa&ipsum=id&primis=lobortis&in=convallis&faucibus=tortor&orci=risus&luctus=dapibus&et=augue&ultrices=vel&posuere=accumsan&cubilia=tellus&curae=nisi&donec=eu&pharetra=orci&magna=mauris&vestibulum=lacinia&aliquet=sapien&ultrices=quis&erat=libero&tortor=nullam&sollicitudin=sit,TRUE
+http://ehow.com/aenean/sit/amet/justo/morbi/ut.jsp?tempus=pellentesque&semper=quisque&est=porta&quam=volutpat&pharetra=erat&magna=quisque&ac=erat&consequat=eros&metus=viverra&sapien=eget&ut=congue&nunc=eget&vestibulum=semper&ante=rutrum&ipsum=nulla&primis=nunc&in=purus&faucibus=phasellus&orci=in&luctus=felis&et=donec&ultrices=semper&posuere=sapien&cubilia=a&curae=libero&mauris=nam&viverra=dui&diam=proin&vitae=leo&quam=odio&suspendisse=porttitor&potenti=id&nullam=consequat&porttitor=in&lacus=consequat&at=ut&turpis=nulla&donec=sed&posuere=accumsan&metus=felis&vitae=ut&ipsum=at&aliquam=dolor&non=quis&mauris=odio&morbi=consequat&non=varius&lectus=integer&aliquam=ac&sit=leo&amet=pellentesque&diam=ultrices&in=mattis&magna=odio,TRUE
+http://spotify.com/aliquam/convallis.jpg?sit=ornare&amet=imperdiet&eros=sapien&suspendisse=urna&accumsan=pretium&tortor=nisl&quis=ut&turpis=volutpat&sed=sapien&ante=arcu&vivamus=sed&tortor=augue&duis=aliquam&mattis=erat&egestas=volutpat&metus=in&aenean=congue&fermentum=etiam&donec=justo&ut=etiam&mauris=pretium&eget=iaculis&massa=justo&tempor=in&convallis=hac&nulla=habitasse&neque=platea&libero=dictumst&convallis=etiam&eget=faucibus&eleifend=cursus&luctus=urna&ultricies=ut&eu=tellus&nibh=nulla&quisque=ut&id=erat&justo=id&sit=mauris&amet=vulputate&sapien=elementum&dignissim=nullam&vestibulum=varius&vestibulum=nulla&ante=facilisi&ipsum=cras&primis=non&in=velit&faucibus=nec&orci=nisi&luctus=vulputate&et=nonummy&ultrices=maecenas&posuere=tincidunt&cubilia=lacus&curae=at&nulla=velit&dapibus=vivamus,TRUE
+http://ycombinator.com/nunc/rhoncus/dui/vel.js?potenti=vestibulum&nullam=aliquet&porttitor=ultrices&lacus=erat&at=tortor&turpis=sollicitudin&donec=mi&posuere=sit&metus=amet&vitae=lobortis&ipsum=sapien&aliquam=sapien&non=non&mauris=mi&morbi=integer&non=ac&lectus=neque&aliquam=duis&sit=bibendum&amet=morbi&diam=non&in=quam&magna=nec&bibendum=dui&imperdiet=luctus&nullam=rutrum&orci=nulla&pede=tellus&venenatis=in&non=sagittis&sodales=dui&sed=vel&tincidunt=nisl&eu=duis&felis=ac&fusce=nibh&posuere=fusce&felis=lacus&sed=purus&lacus=aliquet&morbi=at&sem=feugiat&mauris=non&laoreet=pretium&ut=quis&rhoncus=lectus&aliquet=suspendisse&pulvinar=potenti&sed=in&nisl=eleifend&nunc=quam&rhoncus=a&dui=odio&vel=in&sem=hac&sed=habitasse&sagittis=platea&nam=dictumst&congue=maecenas&risus=ut&semper=massa&porta=quis&volutpat=augue&quam=luctus&pede=tincidunt&lobortis=nulla&ligula=mollis&sit=molestie&amet=lorem&eleifend=quisque&pede=ut&libero=erat&quis=curabitur&orci=gravida&nullam=nisi&molestie=at&nibh=nibh&in=in&lectus=hac&pellentesque=habitasse&at=platea&nulla=dictumst&suspendisse=aliquam&potenti=augue&cras=quam&in=sollicitudin&purus=vitae&eu=consectetuer,TRUE
+https://army.mil/hendrerit/at/vulputate/vitae/nisl.xml?cubilia=ante&curae=nulla&duis=justo&faucibus=aliquam&accumsan=quis&odio=turpis&curabitur=eget&convallis=elit&duis=sodales&consequat=scelerisque&dui=mauris&nec=sit&nisi=amet&volutpat=eros&eleifend=suspendisse&donec=accumsan&ut=tortor&dolor=quis&morbi=turpis&vel=sed&lectus=ante&in=vivamus&quam=tortor&fringilla=duis&rhoncus=mattis,TRUE
+https://auda.org.au/pede/morbi/porttitor/lorem.png?mus=justo&vivamus=pellentesque&vestibulum=viverra&sagittis=pede&sapien=ac&cum=diam&sociis=cras&natoque=pellentesque&penatibus=volutpat&et=dui&magnis=maecenas&dis=tristique&parturient=est&montes=et&nascetur=tempus&ridiculus=semper&mus=est&etiam=quam&vel=pharetra&augue=magna&vestibulum=ac&rutrum=consequat&rutrum=metus&neque=sapien&aenean=ut&auctor=nunc&gravida=vestibulum&sem=ante&praesent=ipsum&id=primis&massa=in&id=faucibus&nisl=orci&venenatis=luctus&lacinia=et&aenean=ultrices&sit=posuere&amet=cubilia&justo=curae&morbi=mauris&ut=viverra&odio=diam&cras=vitae&mi=quam&pede=suspendisse&malesuada=potenti&in=nullam&imperdiet=porttitor&et=lacus&commodo=at&vulputate=turpis&justo=donec&in=posuere&blandit=metus&ultrices=vitae&enim=ipsum&lorem=aliquam&ipsum=non&dolor=mauris&sit=morbi&amet=non&consectetuer=lectus&adipiscing=aliquam&elit=sit,TRUE
+https://auda.org.au/quis/tortor/id/nulla/ultrices/aliquet/maecenas.png?aliquam=aliquam&erat=erat&volutpat=volutpat&in=in&congue=congue&etiam=etiam&justo=justo&etiam=etiam&pretium=pretium&iaculis=iaculis&justo=justo&in=in&hac=hac&habitasse=habitasse&platea=platea&dictumst=dictumst&etiam=etiam&faucibus=faucibus&cursus=cursus&urna=urna&ut=ut&tellus=tellus&nulla=nulla&ut=ut&erat=erat&id=id&mauris=mauris&vulputate=vulputate&elementum=elementum&nullam=nullam&varius=varius&nulla=nulla&facilisi=facilisi&cras=cras&non=non&velit=velit&nec=nec&nisi=nisi&vulputate=vulputate&nonummy=nonummy&maecenas=maecenas&tincidunt=tincidunt&lacus=lacus&at=at&velit=velit&vivamus=vivamus&vel=vel&nulla=nulla&eget=eget&eros=eros&elementum=elementum,TRUE
+http://arizona.edu/leo/maecenas/pulvinar/lobortis.html?eu=molestie&est=nibh&congue=in&elementum=lectus&in=pellentesque&hac=at&habitasse=nulla&platea=suspendisse&dictumst=potenti&morbi=cras&vestibulum=in&velit=purus&id=eu&pretium=magna&iaculis=vulputate,TRUE
+http://addthis.com/nulla/nunc/purus/phasellus/in/felis/donec.jpg?fusce=odio&lacus=elementum&purus=eu&aliquet=interdum&at=eu&feugiat=tincidunt&non=in&pretium=leo&quis=maecenas&lectus=pulvinar&suspendisse=lobortis&potenti=est&in=phasellus&eleifend=sit&quam=amet&a=erat&odio=nulla&in=tempus&hac=vivamus&habitasse=in&platea=felis&dictumst=eu&maecenas=sapien&ut=cursus,TRUE
+https://wp.com/ipsum/primis/in/faucibus/orci/luctus.jpg?egestas=proin&metus=eu&aenean=mi&fermentum=nulla&donec=ac&ut=enim&mauris=in&eget=tempor&massa=turpis&tempor=nec&convallis=euismod&nulla=scelerisque&neque=quam&libero=turpis&convallis=adipiscing&eget=lorem&eleifend=vitae&luctus=mattis&ultricies=nibh&eu=ligula&nibh=nec&quisque=sem&id=duis&justo=aliquam&sit=convallis&amet=nunc&sapien=proin&dignissim=at&vestibulum=turpis&vestibulum=a&ante=pede&ipsum=posuere&primis=nonummy&in=integer&faucibus=non&orci=velit&luctus=donec&et=diam&ultrices=neque&posuere=vestibulum&cubilia=eget&curae=vulputate&nulla=ut&dapibus=ultrices&dolor=vel&vel=augue&est=vestibulum&donec=ante&odio=ipsum&justo=primis&sollicitudin=in&ut=faucibus&suscipit=orci&a=luctus&feugiat=et&et=ultrices&eros=posuere&vestibulum=cubilia&ac=curae&est=donec&lacinia=pharetra&nisi=magna&venenatis=vestibulum&tristique=aliquet&fusce=ultrices&congue=erat&diam=tortor&id=sollicitudin&ornare=mi&imperdiet=sit&sapien=amet&urna=lobortis&pretium=sapien&nisl=sapien&ut=non&volutpat=mi&sapien=integer&arcu=ac,TRUE
+http://amazon.com/id.js?accumsan=suspendisse&felis=potenti&ut=in&at=eleifend&dolor=quam&quis=a&odio=odio&consequat=in&varius=hac&integer=habitasse&ac=platea&leo=dictumst&pellentesque=maecenas&ultrices=ut&mattis=massa&odio=quis&donec=augue&vitae=luctus&nisi=tincidunt&nam=nulla&ultrices=mollis&libero=molestie&non=lorem,TRUE
+http://boston.com/suspendisse/potenti/cras/in/purus/eu/magna.aspx?ac=eu&consequat=est&metus=congue&sapien=elementum&ut=in&nunc=hac&vestibulum=habitasse&ante=platea&ipsum=dictumst&primis=morbi&in=vestibulum&faucibus=velit&orci=id&luctus=pretium&et=iaculis&ultrices=diam&posuere=erat&cubilia=fermentum&curae=justo&mauris=nec&viverra=condimentum&diam=neque&vitae=sapien&quam=placerat&suspendisse=ante&potenti=nulla&nullam=justo&porttitor=aliquam&lacus=quis&at=turpis&turpis=eget&donec=elit&posuere=sodales&metus=scelerisque&vitae=mauris&ipsum=sit&aliquam=amet&non=eros&mauris=suspendisse&morbi=accumsan&non=tortor&lectus=quis&aliquam=turpis&sit=sed&amet=ante&diam=vivamus&in=tortor&magna=duis&bibendum=mattis&imperdiet=egestas&nullam=metus&orci=aenean&pede=fermentum&venenatis=donec&non=ut&sodales=mauris&sed=eget&tincidunt=massa&eu=tempor&felis=convallis&fusce=nulla&posuere=neque&felis=libero&sed=convallis&lacus=eget&morbi=eleifend&sem=luctus&mauris=ultricies&laoreet=eu&ut=nibh&rhoncus=quisque&aliquet=id&pulvinar=justo&sed=sit&nisl=amet&nunc=sapien&rhoncus=dignissim&dui=vestibulum&vel=vestibulum&sem=ante&sed=ipsum&sagittis=primis&nam=in&congue=faucibus&risus=orci&semper=luctus&porta=et&volutpat=ultrices&quam=posuere&pede=cubilia&lobortis=curae&ligula=nulla&sit=dapibus,TRUE
+https://amazon.de/tortor/sollicitudin/mi/sit.jsp?eu=phasellus&interdum=sit&eu=amet&tincidunt=erat&in=nulla&leo=tempus&maecenas=vivamus&pulvinar=in&lobortis=felis&est=eu&phasellus=sapien&sit=cursus&amet=vestibulum&erat=proin&nulla=eu&tempus=mi&vivamus=nulla&in=ac&felis=enim&eu=in&sapien=tempor&cursus=turpis&vestibulum=nec&proin=euismod&eu=scelerisque&mi=quam&nulla=turpis&ac=adipiscing&enim=lorem&in=vitae&tempor=mattis&turpis=nibh&nec=ligula&euismod=nec&scelerisque=sem&quam=duis&turpis=aliquam&adipiscing=convallis&lorem=nunc&vitae=proin&mattis=at&nibh=turpis&ligula=a&nec=pede&sem=posuere&duis=nonummy&aliquam=integer&convallis=non&nunc=velit&proin=donec&at=diam&turpis=neque&a=vestibulum&pede=eget&posuere=vulputate&nonummy=ut&integer=ultrices&non=vel&velit=augue&donec=vestibulum&diam=ante&neque=ipsum&vestibulum=primis&eget=in&vulputate=faucibus&ut=orci&ultrices=luctus&vel=et&augue=ultrices&vestibulum=posuere&ante=cubilia&ipsum=curae&primis=donec&in=pharetra&faucibus=magna&orci=vestibulum&luctus=aliquet&et=ultrices&ultrices=erat&posuere=tortor&cubilia=sollicitudin&curae=mi&donec=sit&pharetra=amet&magna=lobortis&vestibulum=sapien&aliquet=sapien&ultrices=non&erat=mi&tortor=integer&sollicitudin=ac&mi=neque&sit=duis&amet=bibendum&lobortis=morbi&sapien=non&sapien=quam,TRUE
+http://seesaa.net/eget/eros/elementum.aspx?fusce=enim&lacus=lorem&purus=ipsum&aliquet=dolor&at=sit&feugiat=amet&non=consectetuer&pretium=adipiscing&quis=elit&lectus=proin&suspendisse=interdum&potenti=mauris&in=non&eleifend=ligula&quam=pellentesque&a=ultrices&odio=phasellus&in=id&hac=sapien&habitasse=in&platea=sapien&dictumst=iaculis&maecenas=congue&ut=vivamus&massa=metus&quis=arcu&augue=adipiscing&luctus=molestie&tincidunt=hendrerit&nulla=at&mollis=vulputate&molestie=vitae&lorem=nisl&quisque=aenean&ut=lectus&erat=pellentesque&curabitur=eget&gravida=nunc&nisi=donec&at=quis&nibh=orci&in=eget&hac=orci&habitasse=vehicula&platea=condimentum&dictumst=curabitur&aliquam=in&augue=libero&quam=ut&sollicitudin=massa&vitae=volutpat&consectetuer=convallis&eget=morbi&rutrum=odio&at=odio&lorem=elementum&integer=eu&tincidunt=interdum&ante=eu&vel=tincidunt&ipsum=in&praesent=leo&blandit=maecenas&lacinia=pulvinar&erat=lobortis&vestibulum=est&sed=phasellus&magna=sit&at=amet&nunc=erat&commodo=nulla&placerat=tempus&praesent=vivamus&blandit=in&nam=felis&nulla=eu&integer=sapien&pede=cursus&justo=vestibulum&lacinia=proin&eget=eu&tincidunt=mi&eget=nulla&tempus=ac&vel=enim&pede=in&morbi=tempor,TRUE
+https://liveinternet.ru/in.aspx?integer=enim&non=blandit&velit=mi&donec=in&diam=porttitor&neque=pede&vestibulum=justo&eget=eu&vulputate=massa&ut=donec&ultrices=dapibus&vel=duis&augue=at&vestibulum=velit&ante=eu&ipsum=est&primis=congue&in=elementum&faucibus=in&orci=hac&luctus=habitasse&et=platea&ultrices=dictumst&posuere=morbi&cubilia=vestibulum&curae=velit&donec=id&pharetra=pretium&magna=iaculis&vestibulum=diam&aliquet=erat&ultrices=fermentum&erat=justo&tortor=nec&sollicitudin=condimentum&mi=neque&sit=sapien&amet=placerat&lobortis=ante&sapien=nulla&sapien=justo&non=aliquam&mi=quis&integer=turpis&ac=eget&neque=elit&duis=sodales&bibendum=scelerisque&morbi=mauris&non=sit&quam=amet&nec=eros&dui=suspendisse&luctus=accumsan&rutrum=tortor&nulla=quis&tellus=turpis&in=sed&sagittis=ante&dui=vivamus&vel=tortor&nisl=duis&duis=mattis&ac=egestas&nibh=metus&fusce=aenean&lacus=fermentum&purus=donec&aliquet=ut&at=mauris&feugiat=eget&non=massa,TRUE
+https://biglobe.ne.jp/tincidunt/eu/felis.jsp?erat=integer&quisque=ac&erat=leo&eros=pellentesque&viverra=ultrices&eget=mattis&congue=odio&eget=donec&semper=vitae&rutrum=nisi&nulla=nam&nunc=ultrices&purus=libero&phasellus=non&in=mattis&felis=pulvinar&donec=nulla&semper=pede&sapien=ullamcorper&a=augue&libero=a&nam=suscipit&dui=nulla&proin=elit&leo=ac&odio=nulla&porttitor=sed&id=vel&consequat=enim&in=sit&consequat=amet&ut=nunc&nulla=viverra&sed=dapibus&accumsan=nulla&felis=suscipit&ut=ligula&at=in&dolor=lacus&quis=curabitur&odio=at&consequat=ipsum&varius=ac&integer=tellus&ac=semper&leo=interdum&pellentesque=mauris&ultrices=ullamcorper&mattis=purus&odio=sit&donec=amet&vitae=nulla,TRUE
+http://guardian.co.uk/scelerisque/quam/turpis/adipiscing.aspx?vel=imperdiet&est=nullam&donec=orci&odio=pede&justo=venenatis&sollicitudin=non&ut=sodales&suscipit=sed&a=tincidunt&feugiat=eu&et=felis&eros=fusce&vestibulum=posuere&ac=felis&est=sed&lacinia=lacus&nisi=morbi&venenatis=sem&tristique=mauris&fusce=laoreet&congue=ut&diam=rhoncus&id=aliquet&ornare=pulvinar&imperdiet=sed&sapien=nisl&urna=nunc&pretium=rhoncus&nisl=dui&ut=vel&volutpat=sem&sapien=sed&arcu=sagittis&sed=nam&augue=congue&aliquam=risus&erat=semper&volutpat=porta&in=volutpat&congue=quam&etiam=pede&justo=lobortis&etiam=ligula,TRUE
+http://typepad.com/vehicula.js?habitasse=eget&platea=semper&dictumst=rutrum&etiam=nulla&faucibus=nunc&cursus=purus,TRUE
+http://exblog.jp/eget/semper/rutrum.jpg?venenatis=eget&non=eros&sodales=elementum&sed=pellentesque&tincidunt=quisque&eu=porta&felis=volutpat&fusce=erat&posuere=quisque&felis=erat&sed=eros&lacus=viverra&morbi=eget&sem=congue&mauris=eget&laoreet=semper,TRUE
+http://google.pl/maecenas/rhoncus/aliquam.json?neque=eros&duis=viverra&bibendum=eget&morbi=congue&non=eget&quam=semper&nec=rutrum&dui=nulla&luctus=nunc&rutrum=purus&nulla=phasellus&tellus=in&in=felis&sagittis=donec,TRUE
+http://icq.com/volutpat/eleifend/donec/ut/dolor.html?aliquet=sapien&at=dignissim&feugiat=vestibulum&non=vestibulum&pretium=ante&quis=ipsum&lectus=primis&suspendisse=in&potenti=faucibus&in=orci&eleifend=luctus&quam=et&a=ultrices&odio=posuere&in=cubilia&hac=curae&habitasse=nulla&platea=dapibus&dictumst=dolor&maecenas=vel&ut=est&massa=donec&quis=odio&augue=justo&luctus=sollicitudin&tincidunt=ut&nulla=suscipit&mollis=a&molestie=feugiat&lorem=et&quisque=eros&ut=vestibulum&erat=ac&curabitur=est&gravida=lacinia&nisi=nisi&at=venenatis&nibh=tristique&in=fusce&hac=congue&habitasse=diam&platea=id&dictumst=ornare&aliquam=imperdiet&augue=sapien&quam=urna&sollicitudin=pretium&vitae=nisl&consectetuer=ut&eget=volutpat&rutrum=sapien&at=arcu&lorem=sed&integer=augue&tincidunt=aliquam&ante=erat&vel=volutpat&ipsum=in&praesent=congue&blandit=etiam&lacinia=justo&erat=etiam&vestibulum=pretium&sed=iaculis&magna=justo&at=in&nunc=hac&commodo=habitasse&placerat=platea&praesent=dictumst&blandit=etiam&nam=faucibus&nulla=cursus&integer=urna&pede=ut&justo=tellus&lacinia=nulla&eget=ut&tincidunt=erat&eget=id&tempus=mauris&vel=vulputate&pede=elementum&morbi=nullam&porttitor=varius&lorem=nulla&id=facilisi&ligula=cras&suspendisse=non&ornare=velit&consequat=nec&lectus=nisi&in=vulputate&est=nonummy&risus=maecenas&auctor=tincidunt,TRUE
+https://nytimes.com/nullam/sit/amet/turpis.js?mattis=nulla&nibh=dapibus&ligula=dolor&nec=vel&sem=est&duis=donec&aliquam=odio&convallis=justo&nunc=sollicitudin&proin=ut&at=suscipit&turpis=a&a=feugiat&pede=et&posuere=eros&nonummy=vestibulum&integer=ac&non=est&velit=lacinia&donec=nisi&diam=venenatis&neque=tristique&vestibulum=fusce&eget=congue&vulputate=diam&ut=id&ultrices=ornare&vel=imperdiet&augue=sapien&vestibulum=urna&ante=pretium&ipsum=nisl&primis=ut&in=volutpat&faucibus=sapien&orci=arcu&luctus=sed&et=augue&ultrices=aliquam&posuere=erat&cubilia=volutpat&curae=in&donec=congue&pharetra=etiam&magna=justo&vestibulum=etiam&aliquet=pretium&ultrices=iaculis&erat=justo&tortor=in&sollicitudin=hac&mi=habitasse&sit=platea&amet=dictumst&lobortis=etiam&sapien=faucibus&sapien=cursus&non=urna&mi=ut&integer=tellus&ac=nulla&neque=ut&duis=erat&bibendum=id&morbi=mauris&non=vulputate&quam=elementum&nec=nullam&dui=varius&luctus=nulla&rutrum=facilisi&nulla=cras&tellus=non&in=velit&sagittis=nec&dui=nisi&vel=vulputate&nisl=nonummy&duis=maecenas&ac=tincidunt&nibh=lacus&fusce=at&lacus=velit&purus=vivamus&aliquet=vel&at=nulla&feugiat=eget&non=eros&pretium=elementum&quis=pellentesque&lectus=quisque&suspendisse=porta,TRUE
+https://youku.com/etiam/justo/etiam/pretium/iaculis/justo.xml?volutpat=maecenas&quam=tristique&pede=est&lobortis=et&ligula=tempus&sit=semper&amet=est&eleifend=quam&pede=pharetra&libero=magna&quis=ac&orci=consequat&nullam=metus&molestie=sapien&nibh=ut&in=nunc&lectus=vestibulum&pellentesque=ante&at=ipsum&nulla=primis&suspendisse=in&potenti=faucibus&cras=orci&in=luctus&purus=et&eu=ultrices&magna=posuere&vulputate=cubilia&luctus=curae&cum=mauris&sociis=viverra&natoque=diam&penatibus=vitae&et=quam&magnis=suspendisse&dis=potenti,TRUE
+https://amazon.com/quam/nec/dui/luctus/rutrum/nulla/tellus.jsp?sit=potenti&amet=in&turpis=eleifend&elementum=quam&ligula=a&vehicula=odio&consequat=in&morbi=hac&a=habitasse&ipsum=platea&integer=dictumst&a=maecenas&nibh=ut&in=massa&quis=quis&justo=augue&maecenas=luctus&rhoncus=tincidunt&aliquam=nulla&lacus=mollis&morbi=molestie&quis=lorem&tortor=quisque&id=ut&nulla=erat&ultrices=curabitur&aliquet=gravida&maecenas=nisi&leo=at&odio=nibh&condimentum=in&id=hac&luctus=habitasse&nec=platea&molestie=dictumst&sed=aliquam&justo=augue&pellentesque=quam&viverra=sollicitudin&pede=vitae&ac=consectetuer&diam=eget&cras=rutrum&pellentesque=at&volutpat=lorem&dui=integer&maecenas=tincidunt&tristique=ante&est=vel&et=ipsum&tempus=praesent&semper=blandit&est=lacinia&quam=erat&pharetra=vestibulum&magna=sed&ac=magna&consequat=at&metus=nunc&sapien=commodo&ut=placerat&nunc=praesent&vestibulum=blandit&ante=nam&ipsum=nulla&primis=integer&in=pede&faucibus=justo&orci=lacinia&luctus=eget&et=tincidunt&ultrices=eget&posuere=tempus&cubilia=vel&curae=pede&mauris=morbi&viverra=porttitor&diam=lorem&vitae=id&quam=ligula&suspendisse=suspendisse&potenti=ornare&nullam=consequat&porttitor=lectus,TRUE
+http://moonfruit.com/eu/mi.html?rhoncus=libero&dui=quis&vel=orci&sem=nullam&sed=molestie&sagittis=nibh&nam=in&congue=lectus&risus=pellentesque&semper=at&porta=nulla&volutpat=suspendisse&quam=potenti&pede=cras&lobortis=in&ligula=purus&sit=eu&amet=magna&eleifend=vulputate&pede=luctus&libero=cum&quis=sociis&orci=natoque&nullam=penatibus&molestie=et&nibh=magnis&in=dis&lectus=parturient&pellentesque=montes&at=nascetur&nulla=ridiculus&suspendisse=mus&potenti=vivamus&cras=vestibulum&in=sagittis&purus=sapien&eu=cum&magna=sociis&vulputate=natoque&luctus=penatibus&cum=et&sociis=magnis&natoque=dis&penatibus=parturient&et=montes&magnis=nascetur&dis=ridiculus&parturient=mus&montes=etiam&nascetur=vel&ridiculus=augue&mus=vestibulum&vivamus=rutrum&vestibulum=rutrum&sagittis=neque&sapien=aenean&cum=auctor&sociis=gravida&natoque=sem&penatibus=praesent&et=id&magnis=massa&dis=id&parturient=nisl&montes=venenatis&nascetur=lacinia&ridiculus=aenean&mus=sit&etiam=amet&vel=justo&augue=morbi&vestibulum=ut&rutrum=odio&rutrum=cras&neque=mi&aenean=pede&auctor=malesuada&gravida=in&sem=imperdiet&praesent=et&id=commodo&massa=vulputate,TRUE
+http://yellowbook.com/curae/nulla/dapibus/dolor/vel/est.xml?vel=massa&est=donec&donec=dapibus&odio=duis&justo=at&sollicitudin=velit&ut=eu&suscipit=est&a=congue&feugiat=elementum&et=in&eros=hac&vestibulum=habitasse&ac=platea&est=dictumst&lacinia=morbi&nisi=vestibulum&venenatis=velit&tristique=id&fusce=pretium&congue=iaculis&diam=diam&id=erat&ornare=fermentum&imperdiet=justo&sapien=nec&urna=condimentum&pretium=neque&nisl=sapien&ut=placerat&volutpat=ante&sapien=nulla&arcu=justo&sed=aliquam&augue=quis&aliquam=turpis&erat=eget&volutpat=elit&in=sodales&congue=scelerisque&etiam=mauris&justo=sit&etiam=amet&pretium=eros&iaculis=suspendisse&justo=accumsan&in=tortor&hac=quis&habitasse=turpis&platea=sed&dictumst=ante&etiam=vivamus&faucibus=tortor&cursus=duis&urna=mattis&ut=egestas&tellus=metus&nulla=aenean&ut=fermentum&erat=donec&id=ut&mauris=mauris&vulputate=eget&elementum=massa&nullam=tempor&varius=convallis&nulla=nulla&facilisi=neque&cras=libero&non=convallis&velit=eget&nec=eleifend&nisi=luctus&vulputate=ultricies&nonummy=eu&maecenas=nibh&tincidunt=quisque&lacus=id&at=justo&velit=sit&vivamus=amet&vel=sapien&nulla=dignissim,TRUE
+https://google.nl/morbi/non/quam/nec/dui/luctus/rutrum.jsp?dolor=nam&sit=dui&amet=proin&consectetuer=leo,TRUE
+https://nhs.uk/donec/vitae.js?mattis=orci&odio=mauris&donec=lacinia&vitae=sapien&nisi=quis&nam=libero&ultrices=nullam&libero=sit&non=amet&mattis=turpis&pulvinar=elementum&nulla=ligula&pede=vehicula&ullamcorper=consequat&augue=morbi&a=a&suscipit=ipsum&nulla=integer&elit=a&ac=nibh&nulla=in&sed=quis&vel=justo&enim=maecenas&sit=rhoncus&amet=aliquam&nunc=lacus&viverra=morbi&dapibus=quis&nulla=tortor&suscipit=id&ligula=nulla&in=ultrices&lacus=aliquet&curabitur=maecenas&at=leo&ipsum=odio&ac=condimentum&tellus=id&semper=luctus&interdum=nec&mauris=molestie&ullamcorper=sed&purus=justo&sit=pellentesque&amet=viverra&nulla=pede,TRUE
+https://nps.gov/volutpat/quam/pede/lobortis/ligula.aspx?curabitur=ultrices&gravida=erat&nisi=tortor&at=sollicitudin&nibh=mi&in=sit&hac=amet&habitasse=lobortis&platea=sapien&dictumst=sapien&aliquam=non&augue=mi&quam=integer&sollicitudin=ac&vitae=neque&consectetuer=duis&eget=bibendum&rutrum=morbi&at=non&lorem=quam&integer=nec&tincidunt=dui&ante=luctus&vel=rutrum&ipsum=nulla&praesent=tellus&blandit=in&lacinia=sagittis&erat=dui&vestibulum=vel&sed=nisl&magna=duis&at=ac&nunc=nibh&commodo=fusce&placerat=lacus&praesent=purus&blandit=aliquet&nam=at&nulla=feugiat&integer=non&pede=pretium&justo=quis&lacinia=lectus&eget=suspendisse&tincidunt=potenti&eget=in&tempus=eleifend&vel=quam&pede=a&morbi=odio&porttitor=in&lorem=hac&id=habitasse&ligula=platea&suspendisse=dictumst&ornare=maecenas&consequat=ut&lectus=massa&in=quis,TRUE
+https://umich.edu/lobortis/ligula/sit/amet/eleifend/pede.js?id=rutrum&pretium=neque&iaculis=aenean&diam=auctor&erat=gravida&fermentum=sem&justo=praesent&nec=id&condimentum=massa&neque=id&sapien=nisl&placerat=venenatis&ante=lacinia&nulla=aenean&justo=sit,TRUE
+http://goo.ne.jp/quisque/erat.json?fusce=ipsum&posuere=primis&felis=in&sed=faucibus&lacus=orci&morbi=luctus&sem=et&mauris=ultrices&laoreet=posuere&ut=cubilia&rhoncus=curae&aliquet=donec&pulvinar=pharetra&sed=magna&nisl=vestibulum&nunc=aliquet&rhoncus=ultrices&dui=erat&vel=tortor&sem=sollicitudin&sed=mi&sagittis=sit&nam=amet&congue=lobortis&risus=sapien&semper=sapien&porta=non&volutpat=mi&quam=integer&pede=ac&lobortis=neque&ligula=duis&sit=bibendum&amet=morbi&eleifend=non&pede=quam&libero=nec&quis=dui&orci=luctus&nullam=rutrum&molestie=nulla&nibh=tellus&in=in&lectus=sagittis&pellentesque=dui&at=vel&nulla=nisl&suspendisse=duis&potenti=ac&cras=nibh&in=fusce&purus=lacus&eu=purus&magna=aliquet&vulputate=at&luctus=feugiat&cum=non&sociis=pretium,TRUE
+http://free.fr/eget/orci/vehicula.jpg?sollicitudin=venenatis&ut=lacinia&suscipit=aenean&a=sit&feugiat=amet&et=justo&eros=morbi&vestibulum=ut&ac=odio&est=cras&lacinia=mi&nisi=pede&venenatis=malesuada&tristique=in&fusce=imperdiet&congue=et&diam=commodo&id=vulputate&ornare=justo&imperdiet=in&sapien=blandit&urna=ultrices&pretium=enim&nisl=lorem&ut=ipsum&volutpat=dolor&sapien=sit&arcu=amet&sed=consectetuer&augue=adipiscing&aliquam=elit&erat=proin&volutpat=interdum&in=mauris&congue=non&etiam=ligula&justo=pellentesque&etiam=ultrices&pretium=phasellus&iaculis=id&justo=sapien&in=in&hac=sapien&habitasse=iaculis&platea=congue&dictumst=vivamus&etiam=metus&faucibus=arcu&cursus=adipiscing&urna=molestie&ut=hendrerit&tellus=at,TRUE
+http://histats.com/ultrices/posuere/cubilia/curae/mauris/viverra.html?amet=amet&sem=consectetuer&fusce=adipiscing&consequat=elit&nulla=proin&nisl=risus&nunc=praesent&nisl=lectus&duis=vestibulum&bibendum=quam&felis=sapien&sed=varius&interdum=ut&venenatis=blandit&turpis=non&enim=interdum&blandit=in&mi=ante&in=vestibulum&porttitor=ante&pede=ipsum&justo=primis&eu=in&massa=faucibus&donec=orci&dapibus=luctus&duis=et&at=ultrices&velit=posuere&eu=cubilia&est=curae&congue=duis&elementum=faucibus&in=accumsan&hac=odio&habitasse=curabitur&platea=convallis&dictumst=duis&morbi=consequat&vestibulum=dui&velit=nec&id=nisi&pretium=volutpat&iaculis=eleifend&diam=donec&erat=ut&fermentum=dolor&justo=morbi&nec=vel&condimentum=lectus,TRUE
+https://ft.com/semper.js?cubilia=mi&curae=pede&mauris=malesuada&viverra=in&diam=imperdiet&vitae=et&quam=commodo&suspendisse=vulputate&potenti=justo&nullam=in&porttitor=blandit&lacus=ultrices&at=enim&turpis=lorem&donec=ipsum&posuere=dolor&metus=sit&vitae=amet&ipsum=consectetuer&aliquam=adipiscing&non=elit&mauris=proin&morbi=interdum&non=mauris&lectus=non&aliquam=ligula&sit=pellentesque&amet=ultrices&diam=phasellus&in=id&magna=sapien&bibendum=in&imperdiet=sapien&nullam=iaculis&orci=congue&pede=vivamus&venenatis=metus&non=arcu&sodales=adipiscing&sed=molestie&tincidunt=hendrerit&eu=at&felis=vulputate&fusce=vitae&posuere=nisl&felis=aenean&sed=lectus&lacus=pellentesque&morbi=eget&sem=nunc&mauris=donec&laoreet=quis&ut=orci&rhoncus=eget&aliquet=orci&pulvinar=vehicula&sed=condimentum&nisl=curabitur&nunc=in&rhoncus=libero&dui=ut&vel=massa&sem=volutpat&sed=convallis&sagittis=morbi&nam=odio&congue=odio&risus=elementum&semper=eu&porta=interdum&volutpat=eu&quam=tincidunt&pede=in&lobortis=leo&ligula=maecenas&sit=pulvinar&amet=lobortis&eleifend=est&pede=phasellus&libero=sit&quis=amet&orci=erat,TRUE
+https://bloglovin.com/in/hac.html?sit=odio&amet=porttitor&eros=id&suspendisse=consequat&accumsan=in&tortor=consequat&quis=ut&turpis=nulla&sed=sed&ante=accumsan&vivamus=felis&tortor=ut&duis=at&mattis=dolor&egestas=quis&metus=odio&aenean=consequat&fermentum=varius&donec=integer&ut=ac&mauris=leo&eget=pellentesque&massa=ultrices&tempor=mattis&convallis=odio&nulla=donec&neque=vitae&libero=nisi&convallis=nam&eget=ultrices&eleifend=libero&luctus=non&ultricies=mattis&eu=pulvinar&nibh=nulla&quisque=pede&id=ullamcorper&justo=augue&sit=a&amet=suscipit&sapien=nulla&dignissim=elit&vestibulum=ac&vestibulum=nulla&ante=sed&ipsum=vel&primis=enim,TRUE
+https://sbwire.com/mauris.js?duis=id&bibendum=luctus&morbi=nec&non=molestie&quam=sed&nec=justo&dui=pellentesque&luctus=viverra&rutrum=pede&nulla=ac&tellus=diam&in=cras&sagittis=pellentesque&dui=volutpat&vel=dui&nisl=maecenas&duis=tristique&ac=est&nibh=et&fusce=tempus&lacus=semper&purus=est&aliquet=quam&at=pharetra&feugiat=magna&non=ac&pretium=consequat&quis=metus&lectus=sapien&suspendisse=ut&potenti=nunc&in=vestibulum&eleifend=ante&quam=ipsum&a=primis&odio=in,TRUE
+http://eventbrite.com/sagittis/nam/congue/risus.xml?morbi=at&a=feugiat&ipsum=non&integer=pretium&a=quis&nibh=lectus&in=suspendisse&quis=potenti&justo=in&maecenas=eleifend&rhoncus=quam&aliquam=a&lacus=odio&morbi=in,TRUE
+http://usnews.com/libero.aspx?cras=neque&in=duis&purus=bibendum&eu=morbi&magna=non&vulputate=quam&luctus=nec&cum=dui&sociis=luctus&natoque=rutrum&penatibus=nulla&et=tellus&magnis=in&dis=sagittis&parturient=dui&montes=vel&nascetur=nisl&ridiculus=duis&mus=ac&vivamus=nibh&vestibulum=fusce&sagittis=lacus&sapien=purus&cum=aliquet&sociis=at&natoque=feugiat&penatibus=non&et=pretium&magnis=quis&dis=lectus&parturient=suspendisse&montes=potenti&nascetur=in&ridiculus=eleifend&mus=quam&etiam=a&vel=odio&augue=in&vestibulum=hac&rutrum=habitasse&rutrum=platea&neque=dictumst&aenean=maecenas&auctor=ut&gravida=massa&sem=quis&praesent=augue&id=luctus&massa=tincidunt&id=nulla&nisl=mollis&venenatis=molestie&lacinia=lorem&aenean=quisque&sit=ut&amet=erat&justo=curabitur&morbi=gravida&ut=nisi&odio=at,TRUE
+http://biblegateway.com/vulputate/luctus/cum/sociis/natoque/penatibus.json?interdum=orci&eu=mauris&tincidunt=lacinia&in=sapien&leo=quis&maecenas=libero&pulvinar=nullam&lobortis=sit&est=amet&phasellus=turpis&sit=elementum&amet=ligula&erat=vehicula&nulla=consequat&tempus=morbi&vivamus=a&in=ipsum&felis=integer&eu=a&sapien=nibh&cursus=in&vestibulum=quis&proin=justo&eu=maecenas&mi=rhoncus&nulla=aliquam&ac=lacus&enim=morbi&in=quis&tempor=tortor&turpis=id&nec=nulla&euismod=ultrices&scelerisque=aliquet&quam=maecenas&turpis=leo&adipiscing=odio&lorem=condimentum&vitae=id&mattis=luctus&nibh=nec&ligula=molestie&nec=sed&sem=justo&duis=pellentesque&aliquam=viverra&convallis=pede&nunc=ac&proin=diam&at=cras,TRUE
+https://skyrock.com/nulla/suspendisse/potenti.aspx?sit=justo&amet=morbi&erat=ut&nulla=odio&tempus=cras&vivamus=mi&in=pede&felis=malesuada&eu=in&sapien=imperdiet&cursus=et&vestibulum=commodo&proin=vulputate&eu=justo&mi=in&nulla=blandit&ac=ultrices&enim=enim&in=lorem&tempor=ipsum&turpis=dolor&nec=sit&euismod=amet&scelerisque=consectetuer&quam=adipiscing&turpis=elit&adipiscing=proin&lorem=interdum&vitae=mauris&mattis=non&nibh=ligula&ligula=pellentesque&nec=ultrices&sem=phasellus&duis=id&aliquam=sapien&convallis=in&nunc=sapien&proin=iaculis&at=congue&turpis=vivamus&a=metus&pede=arcu&posuere=adipiscing&nonummy=molestie&integer=hendrerit&non=at&velit=vulputate&donec=vitae&diam=nisl&neque=aenean&vestibulum=lectus&eget=pellentesque&vulputate=eget&ut=nunc&ultrices=donec&vel=quis&augue=orci&vestibulum=eget&ante=orci&ipsum=vehicula&primis=condimentum&in=curabitur&faucibus=in&orci=libero&luctus=ut&et=massa&ultrices=volutpat&posuere=convallis&cubilia=morbi&curae=odio,TRUE
+http://craigslist.org/orci/luctus/et.aspx?eget=sagittis&nunc=dui&donec=vel&quis=nisl&orci=duis&eget=ac&orci=nibh&vehicula=fusce&condimentum=lacus&curabitur=purus&in=aliquet&libero=at&ut=feugiat&massa=non&volutpat=pretium&convallis=quis&morbi=lectus&odio=suspendisse&odio=potenti&elementum=in&eu=eleifend&interdum=quam&eu=a&tincidunt=odio&in=in&leo=hac&maecenas=habitasse&pulvinar=platea&lobortis=dictumst&est=maecenas&phasellus=ut&sit=massa&amet=quis&erat=augue&nulla=luctus&tempus=tincidunt&vivamus=nulla&in=mollis&felis=molestie&eu=lorem&sapien=quisque&cursus=ut&vestibulum=erat&proin=curabitur&eu=gravida&mi=nisi&nulla=at&ac=nibh&enim=in&in=hac&tempor=habitasse&turpis=platea&nec=dictumst&euismod=aliquam&scelerisque=augue&quam=quam&turpis=sollicitudin&adipiscing=vitae&lorem=consectetuer&vitae=eget&mattis=rutrum&nibh=at&ligula=lorem&nec=integer&sem=tincidunt&duis=ante&aliquam=vel&convallis=ipsum&nunc=praesent&proin=blandit&at=lacinia&turpis=erat&a=vestibulum,TRUE
+http://redcross.org/aliquet/pulvinar.js?vivamus=sollicitudin&vestibulum=vitae&sagittis=consectetuer&sapien=eget&cum=rutrum&sociis=at&natoque=lorem&penatibus=integer&et=tincidunt&magnis=ante&dis=vel&parturient=ipsum&montes=praesent&nascetur=blandit&ridiculus=lacinia&mus=erat&etiam=vestibulum&vel=sed&augue=magna&vestibulum=at&rutrum=nunc&rutrum=commodo&neque=placerat&aenean=praesent&auctor=blandit&gravida=nam&sem=nulla&praesent=integer&id=pede&massa=justo&id=lacinia&nisl=eget&venenatis=tincidunt&lacinia=eget&aenean=tempus&sit=vel&amet=pede&justo=morbi&morbi=porttitor&ut=lorem&odio=id&cras=ligula&mi=suspendisse&pede=ornare&malesuada=consequat&in=lectus&imperdiet=in&et=est&commodo=risus&vulputate=auctor&justo=sed&in=tristique&blandit=in&ultrices=tempus&enim=sit&lorem=amet&ipsum=sem&dolor=fusce&sit=consequat&amet=nulla&consectetuer=nisl&adipiscing=nunc&elit=nisl&proin=duis&interdum=bibendum&mauris=felis&non=sed&ligula=interdum&pellentesque=venenatis&ultrices=turpis&phasellus=enim&id=blandit&sapien=mi&in=in&sapien=porttitor&iaculis=pede&congue=justo&vivamus=eu&metus=massa&arcu=donec&adipiscing=dapibus&molestie=duis&hendrerit=at&at=velit&vulputate=eu&vitae=est&nisl=congue&aenean=elementum&lectus=in&pellentesque=hac&eget=habitasse&nunc=platea&donec=dictumst&quis=morbi&orci=vestibulum&eget=velit&orci=id&vehicula=pretium&condimentum=iaculis&curabitur=diam,TRUE
+https://cdbaby.com/laoreet/ut/rhoncus/aliquet/pulvinar.xml?aliquam=ipsum&lacus=dolor&morbi=sit&quis=amet&tortor=consectetuer&id=adipiscing&nulla=elit&ultrices=proin&aliquet=risus&maecenas=praesent&leo=lectus&odio=vestibulum&condimentum=quam&id=sapien,TRUE
+http://reddit.com/integer/tincidunt/ante/vel/ipsum/praesent.html?vitae=et&nisi=magnis&nam=dis&ultrices=parturient&libero=montes&non=nascetur&mattis=ridiculus&pulvinar=mus&nulla=vivamus&pede=vestibulum&ullamcorper=sagittis&augue=sapien&a=cum&suscipit=sociis&nulla=natoque&elit=penatibus&ac=et&nulla=magnis&sed=dis&vel=parturient&enim=montes,TRUE
+https://wikispaces.com/magna/bibendum/imperdiet/nullam.json?fermentum=lorem&donec=ipsum&ut=dolor&mauris=sit&eget=amet&massa=consectetuer&tempor=adipiscing&convallis=elit&nulla=proin&neque=risus&libero=praesent&convallis=lectus&eget=vestibulum&eleifend=quam&luctus=sapien&ultricies=varius&eu=ut&nibh=blandit&quisque=non&id=interdum&justo=in&sit=ante&amet=vestibulum&sapien=ante&dignissim=ipsum&vestibulum=primis&vestibulum=in&ante=faucibus&ipsum=orci&primis=luctus&in=et&faucibus=ultrices&orci=posuere&luctus=cubilia&et=curae&ultrices=duis&posuere=faucibus&cubilia=accumsan&curae=odio&nulla=curabitur&dapibus=convallis&dolor=duis&vel=consequat&est=dui&donec=nec&odio=nisi&justo=volutpat&sollicitudin=eleifend&ut=donec&suscipit=ut&a=dolor&feugiat=morbi&et=vel&eros=lectus&vestibulum=in&ac=quam&est=fringilla&lacinia=rhoncus&nisi=mauris&venenatis=enim&tristique=leo&fusce=rhoncus&congue=sed&diam=vestibulum&id=sit&ornare=amet&imperdiet=cursus&sapien=id&urna=turpis&pretium=integer&nisl=aliquet&ut=massa&volutpat=id&sapien=lobortis&arcu=convallis&sed=tortor&augue=risus&aliquam=dapibus&erat=augue&volutpat=vel&in=accumsan&congue=tellus&etiam=nisi&justo=eu&etiam=orci&pretium=mauris&iaculis=lacinia&justo=sapien&in=quis&hac=libero&habitasse=nullam&platea=sit&dictumst=amet&etiam=turpis,TRUE
+http://cyberchimps.com/dolor/sit/amet/consectetuer/adipiscing.aspx?vel=platea&pede=dictumst&morbi=morbi&porttitor=vestibulum&lorem=velit&id=id&ligula=pretium&suspendisse=iaculis&ornare=diam&consequat=erat&lectus=fermentum&in=justo&est=nec&risus=condimentum&auctor=neque&sed=sapien&tristique=placerat&in=ante&tempus=nulla&sit=justo&amet=aliquam&sem=quis&fusce=turpis&consequat=eget&nulla=elit&nisl=sodales&nunc=scelerisque&nisl=mauris&duis=sit&bibendum=amet&felis=eros&sed=suspendisse&interdum=accumsan&venenatis=tortor&turpis=quis&enim=turpis&blandit=sed&mi=ante&in=vivamus&porttitor=tortor&pede=duis&justo=mattis&eu=egestas&massa=metus&donec=aenean&dapibus=fermentum&duis=donec&at=ut&velit=mauris&eu=eget&est=massa&congue=tempor,TRUE
+https://behance.net/sed/augue/aliquam/erat.json?mus=varius&vivamus=integer&vestibulum=ac&sagittis=leo&sapien=pellentesque&cum=ultrices&sociis=mattis&natoque=odio&penatibus=donec&et=vitae&magnis=nisi&dis=nam&parturient=ultrices&montes=libero&nascetur=non&ridiculus=mattis&mus=pulvinar&etiam=nulla&vel=pede&augue=ullamcorper&vestibulum=augue&rutrum=a&rutrum=suscipit&neque=nulla&aenean=elit&auctor=ac&gravida=nulla&sem=sed&praesent=vel&id=enim&massa=sit&id=amet&nisl=nunc,TRUE
+https://economist.com/donec.html?eros=vulputate&viverra=elementum&eget=nullam&congue=varius&eget=nulla&semper=facilisi&rutrum=cras&nulla=non&nunc=velit&purus=nec&phasellus=nisi&in=vulputate&felis=nonummy&donec=maecenas&semper=tincidunt&sapien=lacus&a=at&libero=velit&nam=vivamus&dui=vel&proin=nulla&leo=eget&odio=eros&porttitor=elementum&id=pellentesque&consequat=quisque&in=porta&consequat=volutpat&ut=erat&nulla=quisque&sed=erat&accumsan=eros&felis=viverra&ut=eget&at=congue&dolor=eget&quis=semper&odio=rutrum&consequat=nulla&varius=nunc&integer=purus&ac=phasellus&leo=in&pellentesque=felis&ultrices=donec&mattis=semper&odio=sapien&donec=a&vitae=libero&nisi=nam&nam=dui&ultrices=proin&libero=leo&non=odio&mattis=porttitor&pulvinar=id&nulla=consequat&pede=in&ullamcorper=consequat&augue=ut&a=nulla&suscipit=sed&nulla=accumsan&elit=felis&ac=ut&nulla=at&sed=dolor&vel=quis&enim=odio&sit=consequat&amet=varius&nunc=integer&viverra=ac&dapibus=leo&nulla=pellentesque&suscipit=ultrices&ligula=mattis&in=odio&lacus=donec&curabitur=vitae&at=nisi,TRUE
+https://dmoz.org/aenean/lectus/pellentesque.jpg?bibendum=nam&felis=ultrices&sed=libero&interdum=non&venenatis=mattis&turpis=pulvinar&enim=nulla&blandit=pede&mi=ullamcorper&in=augue&porttitor=a&pede=suscipit&justo=nulla&eu=elit&massa=ac&donec=nulla&dapibus=sed&duis=vel&at=enim&velit=sit&eu=amet&est=nunc,TRUE
+http://bloglovin.com/volutpat/sapien/arcu/sed/augue.jpg?lorem=ut&quisque=dolor&ut=morbi&erat=vel&curabitur=lectus&gravida=in&nisi=quam&at=fringilla&nibh=rhoncus&in=mauris&hac=enim&habitasse=leo&platea=rhoncus&dictumst=sed&aliquam=vestibulum&augue=sit&quam=amet&sollicitudin=cursus,TRUE
+https://tamu.edu/lobortis/sapien.json?rutrum=odio,TRUE
+https://yellowpages.com/curae.jpg?consequat=sagittis&nulla=nam&nisl=congue&nunc=risus&nisl=semper&duis=porta&bibendum=volutpat&felis=quam&sed=pede&interdum=lobortis&venenatis=ligula&turpis=sit&enim=amet&blandit=eleifend&mi=pede&in=libero&porttitor=quis&pede=orci&justo=nullam&eu=molestie&massa=nibh&donec=in&dapibus=lectus&duis=pellentesque&at=at&velit=nulla&eu=suspendisse&est=potenti&congue=cras&elementum=in&in=purus&hac=eu&habitasse=magna&platea=vulputate&dictumst=luctus&morbi=cum&vestibulum=sociis&velit=natoque&id=penatibus&pretium=et&iaculis=magnis&diam=dis&erat=parturient&fermentum=montes&justo=nascetur&nec=ridiculus&condimentum=mus&neque=vivamus&sapien=vestibulum&placerat=sagittis&ante=sapien&nulla=cum&justo=sociis&aliquam=natoque&quis=penatibus&turpis=et&eget=magnis&elit=dis&sodales=parturient&scelerisque=montes&mauris=nascetur&sit=ridiculus&amet=mus&eros=etiam&suspendisse=vel&accumsan=augue&tortor=vestibulum&quis=rutrum&turpis=rutrum&sed=neque&ante=aenean&vivamus=auctor&tortor=gravida&duis=sem&mattis=praesent&egestas=id&metus=massa&aenean=id&fermentum=nisl&donec=venenatis&ut=lacinia&mauris=aenean&eget=sit&massa=amet&tempor=justo&convallis=morbi&nulla=ut&neque=odio&libero=cras&convallis=mi&eget=pede&eleifend=malesuada&luctus=in&ultricies=imperdiet&eu=et&nibh=commodo,TRUE
+http://blog.com/sagittis/sapien/cum/sociis.xml?sapien=enim&varius=in&ut=tempor&blandit=turpis&non=nec&interdum=euismod&in=scelerisque&ante=quam&vestibulum=turpis&ante=adipiscing&ipsum=lorem&primis=vitae&in=mattis&faucibus=nibh&orci=ligula&luctus=nec&et=sem&ultrices=duis&posuere=aliquam&cubilia=convallis&curae=nunc&duis=proin&faucibus=at&accumsan=turpis&odio=a&curabitur=pede&convallis=posuere&duis=nonummy&consequat=integer&dui=non&nec=velit&nisi=donec&volutpat=diam&eleifend=neque,TRUE
+https://dion.ne.jp/curabitur/gravida/nisi/at/nibh/in/hac.js?odio=lacus&consequat=purus&varius=aliquet,TRUE
+http://mlb.com/enim/lorem.html?eget=congue&eros=risus&elementum=semper&pellentesque=porta&quisque=volutpat&porta=quam&volutpat=pede&erat=lobortis&quisque=ligula&erat=sit&eros=amet&viverra=eleifend&eget=pede&congue=libero&eget=quis&semper=orci&rutrum=nullam&nulla=molestie&nunc=nibh&purus=in&phasellus=lectus&in=pellentesque&felis=at&donec=nulla&semper=suspendisse&sapien=potenti&a=cras&libero=in&nam=purus&dui=eu&proin=magna&leo=vulputate&odio=luctus&porttitor=cum&id=sociis&consequat=natoque&in=penatibus&consequat=et&ut=magnis&nulla=dis&sed=parturient&accumsan=montes&felis=nascetur&ut=ridiculus&at=mus&dolor=vivamus&quis=vestibulum&odio=sagittis&consequat=sapien&varius=cum&integer=sociis&ac=natoque&leo=penatibus&pellentesque=et&ultrices=magnis&mattis=dis&odio=parturient&donec=montes&vitae=nascetur&nisi=ridiculus&nam=mus&ultrices=etiam&libero=vel&non=augue&mattis=vestibulum&pulvinar=rutrum&nulla=rutrum&pede=neque&ullamcorper=aenean&augue=auctor&a=gravida&suscipit=sem&nulla=praesent&elit=id&ac=massa&nulla=id&sed=nisl&vel=venenatis&enim=lacinia&sit=aenean&amet=sit,TRUE
+https://booking.com/tellus/nisi.jpg?cubilia=integer&curae=pede&mauris=justo&viverra=lacinia&diam=eget&vitae=tincidunt&quam=eget&suspendisse=tempus&potenti=vel&nullam=pede&porttitor=morbi&lacus=porttitor&at=lorem&turpis=id&donec=ligula&posuere=suspendisse&metus=ornare&vitae=consequat&ipsum=lectus&aliquam=in&non=est&mauris=risus&morbi=auctor&non=sed&lectus=tristique&aliquam=in&sit=tempus&amet=sit&diam=amet&in=sem&magna=fusce&bibendum=consequat&imperdiet=nulla&nullam=nisl&orci=nunc&pede=nisl&venenatis=duis&non=bibendum&sodales=felis&sed=sed&tincidunt=interdum&eu=venenatis&felis=turpis&fusce=enim&posuere=blandit&felis=mi&sed=in&lacus=porttitor&morbi=pede&sem=justo&mauris=eu&laoreet=massa&ut=donec&rhoncus=dapibus&aliquet=duis&pulvinar=at&sed=velit&nisl=eu&nunc=est&rhoncus=congue&dui=elementum&vel=in&sem=hac&sed=habitasse&sagittis=platea&nam=dictumst&congue=morbi&risus=vestibulum,TRUE
+https://netlog.com/vestibulum.xml?fermentum=justo&justo=sollicitudin&nec=ut&condimentum=suscipit&neque=a&sapien=feugiat&placerat=et&ante=eros&nulla=vestibulum&justo=ac&aliquam=est&quis=lacinia&turpis=nisi&eget=venenatis&elit=tristique&sodales=fusce&scelerisque=congue&mauris=diam&sit=id&amet=ornare&eros=imperdiet&suspendisse=sapien&accumsan=urna&tortor=pretium&quis=nisl&turpis=ut&sed=volutpat&ante=sapien&vivamus=arcu&tortor=sed&duis=augue&mattis=aliquam&egestas=erat&metus=volutpat&aenean=in&fermentum=congue&donec=etiam&ut=justo&mauris=etiam&eget=pretium&massa=iaculis&tempor=justo&convallis=in&nulla=hac&neque=habitasse&libero=platea&convallis=dictumst&eget=etiam&eleifend=faucibus&luctus=cursus&ultricies=urna&eu=ut&nibh=tellus&quisque=nulla&id=ut&justo=erat&sit=id&amet=mauris&sapien=vulputate&dignissim=elementum&vestibulum=nullam&vestibulum=varius&ante=nulla&ipsum=facilisi&primis=cras&in=non&faucibus=velit&orci=nec&luctus=nisi&et=vulputate&ultrices=nonummy&posuere=maecenas&cubilia=tincidunt&curae=lacus&nulla=at&dapibus=velit&dolor=vivamus&vel=vel&est=nulla&donec=eget&odio=eros&justo=elementum&sollicitudin=pellentesque&ut=quisque&suscipit=porta,TRUE
+https://thetimes.co.uk/nullam/orci/pede/venenatis/non.html?quis=sed&justo=justo&maecenas=pellentesque&rhoncus=viverra&aliquam=pede&lacus=ac&morbi=diam&quis=cras&tortor=pellentesque&id=volutpat&nulla=dui&ultrices=maecenas&aliquet=tristique&maecenas=est&leo=et&odio=tempus&condimentum=semper&id=est&luctus=quam&nec=pharetra&molestie=magna,TRUE
+https://fotki.com/quam/pharetra/magna/ac/consequat.js?posuere=leo&cubilia=odio&curae=porttitor&mauris=id&viverra=consequat&diam=in&vitae=consequat&quam=ut&suspendisse=nulla&potenti=sed&nullam=accumsan&porttitor=felis&lacus=ut&at=at&turpis=dolor&donec=quis&posuere=odio&metus=consequat&vitae=varius&ipsum=integer&aliquam=ac&non=leo&mauris=pellentesque&morbi=ultrices&non=mattis&lectus=odio&aliquam=donec&sit=vitae&amet=nisi&diam=nam&in=ultrices&magna=libero&bibendum=non&imperdiet=mattis&nullam=pulvinar&orci=nulla&pede=pede&venenatis=ullamcorper&non=augue&sodales=a&sed=suscipit&tincidunt=nulla&eu=elit&felis=ac&fusce=nulla&posuere=sed&felis=vel&sed=enim&lacus=sit,TRUE
+http://icq.com/quis/orci/eget/orci.jpg?aliquet=eget&pulvinar=tempus&sed=vel&nisl=pede&nunc=morbi&rhoncus=porttitor&dui=lorem&vel=id&sem=ligula&sed=suspendisse&sagittis=ornare&nam=consequat&congue=lectus&risus=in&semper=est&porta=risus&volutpat=auctor&quam=sed&pede=tristique&lobortis=in&ligula=tempus&sit=sit&amet=amet&eleifend=sem,TRUE
+http://slideshare.net/mi/nulla/ac/enim/in/tempor.aspx?pede=dapibus&venenatis=dolor&non=vel&sodales=est&sed=donec&tincidunt=odio&eu=justo&felis=sollicitudin&fusce=ut&posuere=suscipit&felis=a&sed=feugiat&lacus=et&morbi=eros&sem=vestibulum&mauris=ac&laoreet=est&ut=lacinia&rhoncus=nisi&aliquet=venenatis&pulvinar=tristique&sed=fusce&nisl=congue&nunc=diam&rhoncus=id&dui=ornare&vel=imperdiet&sem=sapien&sed=urna&sagittis=pretium&nam=nisl&congue=ut&risus=volutpat&semper=sapien&porta=arcu&volutpat=sed&quam=augue&pede=aliquam&lobortis=erat&ligula=volutpat&sit=in&amet=congue&eleifend=etiam&pede=justo&libero=etiam&quis=pretium&orci=iaculis&nullam=justo&molestie=in&nibh=hac&in=habitasse&lectus=platea&pellentesque=dictumst&at=etiam&nulla=faucibus,TRUE
+http://4shared.com/aenean/sit/amet/justo.html?ante=id&vel=nisl&ipsum=venenatis&praesent=lacinia&blandit=aenean&lacinia=sit&erat=amet&vestibulum=justo&sed=morbi&magna=ut&at=odio&nunc=cras&commodo=mi&placerat=pede&praesent=malesuada&blandit=in&nam=imperdiet&nulla=et&integer=commodo&pede=vulputate&justo=justo&lacinia=in&eget=blandit&tincidunt=ultrices&eget=enim&tempus=lorem&vel=ipsum&pede=dolor&morbi=sit&porttitor=amet&lorem=consectetuer&id=adipiscing&ligula=elit&suspendisse=proin&ornare=interdum&consequat=mauris&lectus=non&in=ligula&est=pellentesque&risus=ultrices&auctor=phasellus&sed=id&tristique=sapien&in=in&tempus=sapien&sit=iaculis&amet=congue&sem=vivamus&fusce=metus&consequat=arcu,TRUE
+https://canalblog.com/aliquam/convallis/nunc/proin/at.json?risus=platea&praesent=dictumst&lectus=etiam&vestibulum=faucibus&quam=cursus&sapien=urna&varius=ut&ut=tellus&blandit=nulla&non=ut&interdum=erat&in=id&ante=mauris&vestibulum=vulputate&ante=elementum&ipsum=nullam&primis=varius,TRUE
+http://51.la/eu/orci/mauris/lacinia.html?convallis=amet&eget=lobortis&eleifend=sapien&luctus=sapien&ultricies=non&eu=mi&nibh=integer&quisque=ac&id=neque&justo=duis&sit=bibendum&amet=morbi&sapien=non&dignissim=quam&vestibulum=nec&vestibulum=dui&ante=luctus&ipsum=rutrum&primis=nulla&in=tellus&faucibus=in&orci=sagittis&luctus=dui&et=vel&ultrices=nisl&posuere=duis&cubilia=ac&curae=nibh&nulla=fusce&dapibus=lacus&dolor=purus&vel=aliquet&est=at&donec=feugiat&odio=non&justo=pretium&sollicitudin=quis&ut=lectus&suscipit=suspendisse&a=potenti&feugiat=in&et=eleifend&eros=quam&vestibulum=a&ac=odio&est=in&lacinia=hac&nisi=habitasse&venenatis=platea&tristique=dictumst&fusce=maecenas&congue=ut&diam=massa&id=quis&ornare=augue&imperdiet=luctus&sapien=tincidunt,TRUE
+https://psu.edu/nulla/integer/pede/justo/lacinia/eget/tincidunt.jpg?non=blandit&velit=nam&donec=nulla&diam=integer&neque=pede&vestibulum=justo&eget=lacinia&vulputate=eget&ut=tincidunt&ultrices=eget&vel=tempus&augue=vel&vestibulum=pede&ante=morbi&ipsum=porttitor&primis=lorem&in=id&faucibus=ligula&orci=suspendisse&luctus=ornare&et=consequat&ultrices=lectus&posuere=in&cubilia=est&curae=risus&donec=auctor&pharetra=sed&magna=tristique&vestibulum=in&aliquet=tempus&ultrices=sit&erat=amet&tortor=sem&sollicitudin=fusce&mi=consequat&sit=nulla&amet=nisl&lobortis=nunc&sapien=nisl&sapien=duis&non=bibendum&mi=felis&integer=sed&ac=interdum&neque=venenatis&duis=turpis&bibendum=enim&morbi=blandit&non=mi&quam=in&nec=porttitor&dui=pede&luctus=justo&rutrum=eu&nulla=massa&tellus=donec&in=dapibus&sagittis=duis&dui=at&vel=velit&nisl=eu&duis=est&ac=congue&nibh=elementum&fusce=in&lacus=hac&purus=habitasse&aliquet=platea&at=dictumst&feugiat=morbi&non=vestibulum&pretium=velit&quis=id&lectus=pretium&suspendisse=iaculis&potenti=diam&in=erat&eleifend=fermentum&quam=justo&a=nec&odio=condimentum&in=neque&hac=sapien&habitasse=placerat,TRUE
+http://networksolutions.com/in/hac/habitasse/platea/dictumst/morbi/vestibulum.jsp?eget=morbi&tincidunt=porttitor&eget=lorem&tempus=id&vel=ligula&pede=suspendisse&morbi=ornare&porttitor=consequat&lorem=lectus&id=in&ligula=est&suspendisse=risus&ornare=auctor&consequat=sed&lectus=tristique&in=in&est=tempus&risus=sit&auctor=amet&sed=sem&tristique=fusce&in=consequat&tempus=nulla&sit=nisl&amet=nunc&sem=nisl&fusce=duis&consequat=bibendum&nulla=felis&nisl=sed&nunc=interdum&nisl=venenatis&duis=turpis&bibendum=enim&felis=blandit&sed=mi&interdum=in&venenatis=porttitor&turpis=pede&enim=justo&blandit=eu&mi=massa&in=donec&porttitor=dapibus&pede=duis&justo=at&eu=velit&massa=eu&donec=est&dapibus=congue&duis=elementum&at=in&velit=hac&eu=habitasse&est=platea&congue=dictumst&elementum=morbi&in=vestibulum&hac=velit&habitasse=id&platea=pretium&dictumst=iaculis&morbi=diam&vestibulum=erat&velit=fermentum&id=justo&pretium=nec&iaculis=condimentum&diam=neque&erat=sapien&fermentum=placerat&justo=ante&nec=nulla&condimentum=justo&neque=aliquam&sapien=quis&placerat=turpis&ante=eget&nulla=elit&justo=sodales&aliquam=scelerisque&quis=mauris,TRUE
+https://nifty.com/vestibulum/sit/amet/cursus.html?ipsum=eu&integer=sapien&a=cursus&nibh=vestibulum&in=proin&quis=eu&justo=mi&maecenas=nulla&rhoncus=ac&aliquam=enim&lacus=in&morbi=tempor&quis=turpis&tortor=nec&id=euismod&nulla=scelerisque&ultrices=quam&aliquet=turpis&maecenas=adipiscing&leo=lorem&odio=vitae&condimentum=mattis&id=nibh&luctus=ligula&nec=nec&molestie=sem&sed=duis&justo=aliquam&pellentesque=convallis&viverra=nunc&pede=proin&ac=at&diam=turpis&cras=a&pellentesque=pede&volutpat=posuere&dui=nonummy&maecenas=integer&tristique=non&est=velit&et=donec&tempus=diam&semper=neque&est=vestibulum&quam=eget&pharetra=vulputate&magna=ut,TRUE
+http://networkadvertising.org/neque/sapien/placerat/ante.xml?nulla=viverra&mollis=eget&molestie=congue&lorem=eget&quisque=semper&ut=rutrum&erat=nulla&curabitur=nunc&gravida=purus&nisi=phasellus&at=in&nibh=felis&in=donec&hac=semper&habitasse=sapien&platea=a&dictumst=libero&aliquam=nam&augue=dui&quam=proin&sollicitudin=leo&vitae=odio&consectetuer=porttitor&eget=id&rutrum=consequat&at=in&lorem=consequat&integer=ut&tincidunt=nulla&ante=sed&vel=accumsan&ipsum=felis&praesent=ut&blandit=at&lacinia=dolor&erat=quis&vestibulum=odio&sed=consequat&magna=varius&at=integer&nunc=ac&commodo=leo&placerat=pellentesque&praesent=ultrices&blandit=mattis&nam=odio&nulla=donec&integer=vitae&pede=nisi&justo=nam&lacinia=ultrices&eget=libero&tincidunt=non&eget=mattis&tempus=pulvinar&vel=nulla&pede=pede&morbi=ullamcorper&porttitor=augue&lorem=a&id=suscipit&ligula=nulla&suspendisse=elit&ornare=ac&consequat=nulla&lectus=sed&in=vel&est=enim&risus=sit&auctor=amet&sed=nunc&tristique=viverra&in=dapibus&tempus=nulla&sit=suscipit&amet=ligula&sem=in&fusce=lacus&consequat=curabitur&nulla=at&nisl=ipsum&nunc=ac&nisl=tellus&duis=semper&bibendum=interdum&felis=mauris&sed=ullamcorper&interdum=purus&venenatis=sit&turpis=amet&enim=nulla&blandit=quisque&mi=arcu&in=libero&porttitor=rutrum&pede=ac,TRUE
+https://fotki.com/dui/vel/sem/sed/sagittis.json?nisl=enim&nunc=blandit&nisl=mi&duis=in&bibendum=porttitor&felis=pede&sed=justo&interdum=eu&venenatis=massa&turpis=donec&enim=dapibus&blandit=duis&mi=at&in=velit&porttitor=eu&pede=est&justo=congue&eu=elementum&massa=in&donec=hac&dapibus=habitasse&duis=platea&at=dictumst&velit=morbi&eu=vestibulum&est=velit&congue=id&elementum=pretium&in=iaculis&hac=diam&habitasse=erat&platea=fermentum&dictumst=justo,TRUE
+http://ehow.com/ut/erat.aspx?sit=augue&amet=aliquam,TRUE
+http://yahoo.co.jp/nisi/volutpat/eleifend.jpg?eget=quam&nunc=suspendisse&donec=potenti&quis=nullam&orci=porttitor&eget=lacus&orci=at&vehicula=turpis&condimentum=donec&curabitur=posuere&in=metus&libero=vitae&ut=ipsum&massa=aliquam&volutpat=non&convallis=mauris&morbi=morbi&odio=non&odio=lectus&elementum=aliquam&eu=sit&interdum=amet&eu=diam&tincidunt=in&in=magna&leo=bibendum&maecenas=imperdiet&pulvinar=nullam&lobortis=orci&est=pede&phasellus=venenatis&sit=non&amet=sodales&erat=sed&nulla=tincidunt&tempus=eu&vivamus=felis&in=fusce&felis=posuere&eu=felis&sapien=sed&cursus=lacus&vestibulum=morbi&proin=sem&eu=mauris&mi=laoreet&nulla=ut&ac=rhoncus&enim=aliquet&in=pulvinar&tempor=sed&turpis=nisl&nec=nunc&euismod=rhoncus&scelerisque=dui&quam=vel&turpis=sem&adipiscing=sed&lorem=sagittis&vitae=nam&mattis=congue&nibh=risus&ligula=semper&nec=porta&sem=volutpat&duis=quam&aliquam=pede&convallis=lobortis&nunc=ligula&proin=sit&at=amet&turpis=eleifend&a=pede,TRUE
+https://amazon.de/a/suscipit/nulla.jpg?malesuada=cubilia&in=curae&imperdiet=donec&et=pharetra&commodo=magna&vulputate=vestibulum&justo=aliquet&in=ultrices&blandit=erat&ultrices=tortor&enim=sollicitudin&lorem=mi&ipsum=sit&dolor=amet&sit=lobortis,TRUE
+https://flickr.com/id/ligula/suspendisse/ornare/consequat.aspx?scelerisque=proin&quam=eu&turpis=mi&adipiscing=nulla&lorem=ac&vitae=enim&mattis=in&nibh=tempor&ligula=turpis&nec=nec&sem=euismod&duis=scelerisque&aliquam=quam&convallis=turpis&nunc=adipiscing&proin=lorem&at=vitae&turpis=mattis&a=nibh&pede=ligula&posuere=nec&nonummy=sem&integer=duis&non=aliquam&velit=convallis&donec=nunc&diam=proin&neque=at&vestibulum=turpis&eget=a&vulputate=pede&ut=posuere&ultrices=nonummy&vel=integer&augue=non&vestibulum=velit&ante=donec&ipsum=diam&primis=neque&in=vestibulum,TRUE
+https://state.gov/libero/ut/massa.js?in=sapien&porttitor=varius&pede=ut&justo=blandit&eu=non&massa=interdum&donec=in&dapibus=ante&duis=vestibulum&at=ante&velit=ipsum&eu=primis&est=in&congue=faucibus&elementum=orci&in=luctus&hac=et&habitasse=ultrices&platea=posuere&dictumst=cubilia&morbi=curae&vestibulum=duis&velit=faucibus&id=accumsan&pretium=odio&iaculis=curabitur&diam=convallis&erat=duis&fermentum=consequat&justo=dui&nec=nec&condimentum=nisi&neque=volutpat&sapien=eleifend&placerat=donec&ante=ut&nulla=dolor&justo=morbi&aliquam=vel&quis=lectus&turpis=in&eget=quam&elit=fringilla&sodales=rhoncus&scelerisque=mauris&mauris=enim&sit=leo&amet=rhoncus&eros=sed&suspendisse=vestibulum&accumsan=sit&tortor=amet&quis=cursus&turpis=id&sed=turpis,TRUE
+https://storify.com/vel/ipsum/praesent/blandit/lacinia/erat/vestibulum.xml?aliquam=consequat&convallis=morbi&nunc=a&proin=ipsum&at=integer&turpis=a&a=nibh&pede=in&posuere=quis&nonummy=justo&integer=maecenas&non=rhoncus&velit=aliquam&donec=lacus&diam=morbi&neque=quis&vestibulum=tortor&eget=id&vulputate=nulla&ut=ultrices&ultrices=aliquet&vel=maecenas&augue=leo&vestibulum=odio&ante=condimentum&ipsum=id&primis=luctus&in=nec&faucibus=molestie&orci=sed&luctus=justo&et=pellentesque&ultrices=viverra&posuere=pede&cubilia=ac&curae=diam&donec=cras&pharetra=pellentesque&magna=volutpat&vestibulum=dui&aliquet=maecenas&ultrices=tristique&erat=est&tortor=et&sollicitudin=tempus&mi=semper&sit=est&amet=quam&lobortis=pharetra&sapien=magna&sapien=ac&non=consequat&mi=metus&integer=sapien&ac=ut&neque=nunc&duis=vestibulum&bibendum=ante&morbi=ipsum&non=primis&quam=in&nec=faucibus&dui=orci&luctus=luctus&rutrum=et&nulla=ultrices,TRUE
+https://cargocollective.com/eget/congue/eget/semper/rutrum/nulla.jpg?interdum=justo&in=sit&ante=amet&vestibulum=sapien&ante=dignissim&ipsum=vestibulum&primis=vestibulum&in=ante&faucibus=ipsum&orci=primis&luctus=in&et=faucibus&ultrices=orci&posuere=luctus&cubilia=et&curae=ultrices&duis=posuere&faucibus=cubilia&accumsan=curae&odio=nulla&curabitur=dapibus&convallis=dolor&duis=vel&consequat=est&dui=donec&nec=odio&nisi=justo&volutpat=sollicitudin&eleifend=ut&donec=suscipit&ut=a&dolor=feugiat&morbi=et&vel=eros&lectus=vestibulum&in=ac&quam=est&fringilla=lacinia&rhoncus=nisi&mauris=venenatis&enim=tristique&leo=fusce&rhoncus=congue&sed=diam,TRUE
+http://usgs.gov/ligula/sit/amet/eleifend.json?molestie=nulla&hendrerit=justo&at=aliquam&vulputate=quis&vitae=turpis&nisl=eget&aenean=elit&lectus=sodales&pellentesque=scelerisque&eget=mauris&nunc=sit&donec=amet&quis=eros&orci=suspendisse&eget=accumsan&orci=tortor&vehicula=quis&condimentum=turpis&curabitur=sed&in=ante&libero=vivamus&ut=tortor&massa=duis&volutpat=mattis&convallis=egestas&morbi=metus&odio=aenean&odio=fermentum&elementum=donec&eu=ut,TRUE
+https://list-manage.com/nisl/ut/volutpat/sapien.json?nulla=nisi&integer=eu&pede=orci&justo=mauris&lacinia=lacinia&eget=sapien&tincidunt=quis&eget=libero&tempus=nullam&vel=sit&pede=amet&morbi=turpis&porttitor=elementum&lorem=ligula&id=vehicula&ligula=consequat&suspendisse=morbi&ornare=a&consequat=ipsum&lectus=integer&in=a&est=nibh&risus=in&auctor=quis&sed=justo&tristique=maecenas&in=rhoncus&tempus=aliquam&sit=lacus&amet=morbi&sem=quis&fusce=tortor&consequat=id&nulla=nulla&nisl=ultrices&nunc=aliquet&nisl=maecenas&duis=leo&bibendum=odio&felis=condimentum&sed=id&interdum=luctus&venenatis=nec&turpis=molestie&enim=sed&blandit=justo,TRUE
+http://tumblr.com/ligula/sit.jsp?molestie=vestibulum&nibh=velit&in=id&lectus=pretium&pellentesque=iaculis&at=diam&nulla=erat&suspendisse=fermentum&potenti=justo&cras=nec&in=condimentum&purus=neque&eu=sapien&magna=placerat&vulputate=ante&luctus=nulla&cum=justo&sociis=aliquam&natoque=quis&penatibus=turpis&et=eget&magnis=elit&dis=sodales&parturient=scelerisque&montes=mauris&nascetur=sit&ridiculus=amet&mus=eros&vivamus=suspendisse&vestibulum=accumsan&sagittis=tortor&sapien=quis&cum=turpis&sociis=sed&natoque=ante&penatibus=vivamus&et=tortor&magnis=duis&dis=mattis&parturient=egestas&montes=metus&nascetur=aenean&ridiculus=fermentum&mus=donec&etiam=ut&vel=mauris&augue=eget&vestibulum=massa&rutrum=tempor&rutrum=convallis&neque=nulla&aenean=neque&auctor=libero&gravida=convallis&sem=eget&praesent=eleifend&id=luctus&massa=ultricies&id=eu&nisl=nibh&venenatis=quisque&lacinia=id&aenean=justo&sit=sit&amet=amet&justo=sapien&morbi=dignissim&ut=vestibulum&odio=vestibulum&cras=ante,TRUE
+https://t-online.de/quisque/id.aspx?suspendisse=erat&ornare=volutpat&consequat=in&lectus=congue&in=etiam&est=justo&risus=etiam&auctor=pretium&sed=iaculis&tristique=justo&in=in&tempus=hac&sit=habitasse&amet=platea&sem=dictumst&fusce=etiam&consequat=faucibus&nulla=cursus&nisl=urna&nunc=ut&nisl=tellus&duis=nulla&bibendum=ut&felis=erat&sed=id&interdum=mauris&venenatis=vulputate&turpis=elementum&enim=nullam&blandit=varius&mi=nulla&in=facilisi&porttitor=cras&pede=non&justo=velit,TRUE
+https://over-blog.com/eu/felis/fusce/posuere/felis/sed/lacus.html?cursus=habitasse&urna=platea&ut=dictumst&tellus=etiam&nulla=faucibus&ut=cursus&erat=urna&id=ut&mauris=tellus&vulputate=nulla&elementum=ut&nullam=erat&varius=id&nulla=mauris&facilisi=vulputate&cras=elementum&non=nullam&velit=varius&nec=nulla&nisi=facilisi&vulputate=cras&nonummy=non&maecenas=velit&tincidunt=nec&lacus=nisi&at=vulputate&velit=nonummy&vivamus=maecenas&vel=tincidunt&nulla=lacus&eget=at&eros=velit&elementum=vivamus&pellentesque=vel&quisque=nulla&porta=eget&volutpat=eros&erat=elementum&quisque=pellentesque&erat=quisque&eros=porta&viverra=volutpat&eget=erat&congue=quisque&eget=erat&semper=eros&rutrum=viverra&nulla=eget&nunc=congue&purus=eget&phasellus=semper&in=rutrum&felis=nulla&donec=nunc&semper=purus&sapien=phasellus&a=in&libero=felis&nam=donec&dui=semper&proin=sapien&leo=a&odio=libero&porttitor=nam&id=dui&consequat=proin&in=leo&consequat=odio&ut=porttitor&nulla=id&sed=consequat&accumsan=in&felis=consequat&ut=ut&at=nulla&dolor=sed&quis=accumsan&odio=felis&consequat=ut&varius=at&integer=dolor&ac=quis&leo=odio&pellentesque=consequat&ultrices=varius&mattis=integer&odio=ac&donec=leo&vitae=pellentesque&nisi=ultrices&nam=mattis&ultrices=odio&libero=donec&non=vitae&mattis=nisi&pulvinar=nam&nulla=ultrices&pede=libero,TRUE
+http://trellian.com/ut.png?vestibulum=neque&ante=duis&ipsum=bibendum&primis=morbi&in=non&faucibus=quam&orci=nec&luctus=dui&et=luctus&ultrices=rutrum&posuere=nulla&cubilia=tellus&curae=in&duis=sagittis&faucibus=dui&accumsan=vel&odio=nisl&curabitur=duis&convallis=ac&duis=nibh&consequat=fusce&dui=lacus&nec=purus&nisi=aliquet&volutpat=at&eleifend=feugiat&donec=non&ut=pretium&dolor=quis&morbi=lectus&vel=suspendisse&lectus=potenti&in=in&quam=eleifend&fringilla=quam&rhoncus=a&mauris=odio&enim=in&leo=hac&rhoncus=habitasse&sed=platea&vestibulum=dictumst&sit=maecenas&amet=ut&cursus=massa&id=quis&turpis=augue&integer=luctus&aliquet=tincidunt&massa=nulla&id=mollis&lobortis=molestie&convallis=lorem&tortor=quisque&risus=ut&dapibus=erat&augue=curabitur&vel=gravida&accumsan=nisi&tellus=at&nisi=nibh&eu=in&orci=hac&mauris=habitasse&lacinia=platea&sapien=dictumst&quis=aliquam,TRUE
+https://pcworld.com/tincidunt.aspx?vel=at&pede=lorem&morbi=integer&porttitor=tincidunt&lorem=ante&id=vel&ligula=ipsum&suspendisse=praesent&ornare=blandit&consequat=lacinia&lectus=erat&in=vestibulum&est=sed&risus=magna&auctor=at&sed=nunc&tristique=commodo&in=placerat&tempus=praesent&sit=blandit&amet=nam&sem=nulla&fusce=integer&consequat=pede&nulla=justo&nisl=lacinia&nunc=eget&nisl=tincidunt&duis=eget&bibendum=tempus&felis=vel&sed=pede&interdum=morbi&venenatis=porttitor&turpis=lorem&enim=id&blandit=ligula&mi=suspendisse&in=ornare&porttitor=consequat&pede=lectus&justo=in&eu=est&massa=risus&donec=auctor&dapibus=sed&duis=tristique&at=in&velit=tempus&eu=sit,TRUE
+http://discovery.com/convallis/tortor/risus/dapibus/augue.jsp?cras=elementum&non=pellentesque&velit=quisque&nec=porta&nisi=volutpat&vulputate=erat&nonummy=quisque&maecenas=erat&tincidunt=eros&lacus=viverra&at=eget&velit=congue&vivamus=eget&vel=semper&nulla=rutrum&eget=nulla&eros=nunc&elementum=purus&pellentesque=phasellus&quisque=in&porta=felis&volutpat=donec&erat=semper&quisque=sapien&erat=a&eros=libero&viverra=nam&eget=dui&congue=proin&eget=leo&semper=odio&rutrum=porttitor&nulla=id&nunc=consequat&purus=in&phasellus=consequat&in=ut&felis=nulla&donec=sed&semper=accumsan&sapien=felis&a=ut&libero=at&nam=dolor&dui=quis&proin=odio&leo=consequat&odio=varius&porttitor=integer&id=ac&consequat=leo&in=pellentesque&consequat=ultrices&ut=mattis&nulla=odio&sed=donec&accumsan=vitae&felis=nisi&ut=nam&at=ultrices&dolor=libero&quis=non&odio=mattis&consequat=pulvinar&varius=nulla&integer=pede&ac=ullamcorper&leo=augue&pellentesque=a&ultrices=suscipit&mattis=nulla&odio=elit&donec=ac,TRUE
+https://cdc.gov/tempor.xml?lectus=luctus&suspendisse=et&potenti=ultrices&in=posuere&eleifend=cubilia&quam=curae&a=donec&odio=pharetra&in=magna&hac=vestibulum&habitasse=aliquet&platea=ultrices&dictumst=erat&maecenas=tortor&ut=sollicitudin&massa=mi&quis=sit&augue=amet&luctus=lobortis&tincidunt=sapien&nulla=sapien&mollis=non&molestie=mi&lorem=integer&quisque=ac&ut=neque&erat=duis&curabitur=bibendum&gravida=morbi&nisi=non&at=quam&nibh=nec&in=dui&hac=luctus&habitasse=rutrum&platea=nulla&dictumst=tellus&aliquam=in&augue=sagittis&quam=dui&sollicitudin=vel&vitae=nisl&consectetuer=duis&eget=ac&rutrum=nibh&at=fusce&lorem=lacus&integer=purus&tincidunt=aliquet&ante=at&vel=feugiat&ipsum=non&praesent=pretium&blandit=quis&lacinia=lectus&erat=suspendisse&vestibulum=potenti&sed=in&magna=eleifend&at=quam&nunc=a&commodo=odio&placerat=in&praesent=hac&blandit=habitasse&nam=platea&nulla=dictumst&integer=maecenas&pede=ut&justo=massa&lacinia=quis&eget=augue&tincidunt=luctus&eget=tincidunt&tempus=nulla&vel=mollis&pede=molestie&morbi=lorem,TRUE
+https://ovh.net/enim/lorem/ipsum.js?tincidunt=non&eu=sodales&felis=sed&fusce=tincidunt&posuere=eu&felis=felis&sed=fusce,TRUE
+https://yahoo.co.jp/quis/lectus/suspendisse/potenti/in/eleifend/quam.jpg?diam=sit&neque=amet&vestibulum=eros&eget=suspendisse&vulputate=accumsan&ut=tortor&ultrices=quis&vel=turpis&augue=sed&vestibulum=ante&ante=vivamus&ipsum=tortor&primis=duis&in=mattis&faucibus=egestas&orci=metus&luctus=aenean&et=fermentum&ultrices=donec&posuere=ut&cubilia=mauris&curae=eget&donec=massa&pharetra=tempor&magna=convallis&vestibulum=nulla&aliquet=neque&ultrices=libero&erat=convallis&tortor=eget&sollicitudin=eleifend&mi=luctus&sit=ultricies&amet=eu&lobortis=nibh&sapien=quisque&sapien=id&non=justo&mi=sit&integer=amet&ac=sapien&neque=dignissim&duis=vestibulum&bibendum=vestibulum&morbi=ante&non=ipsum&quam=primis&nec=in&dui=faucibus&luctus=orci&rutrum=luctus&nulla=et&tellus=ultrices&in=posuere&sagittis=cubilia&dui=curae&vel=nulla&nisl=dapibus&duis=dolor&ac=vel&nibh=est&fusce=donec&lacus=odio&purus=justo&aliquet=sollicitudin&at=ut&feugiat=suscipit&non=a&pretium=feugiat&quis=et&lectus=eros&suspendisse=vestibulum&potenti=ac&in=est&eleifend=lacinia&quam=nisi&a=venenatis,TRUE
+https://jugem.jp/eu/tincidunt/in.aspx?ornare=fusce&imperdiet=lacus&sapien=purus&urna=aliquet&pretium=at&nisl=feugiat&ut=non&volutpat=pretium&sapien=quis&arcu=lectus&sed=suspendisse&augue=potenti&aliquam=in&erat=eleifend&volutpat=quam&in=a&congue=odio&etiam=in&justo=hac&etiam=habitasse&pretium=platea&iaculis=dictumst&justo=maecenas&in=ut&hac=massa&habitasse=quis&platea=augue&dictumst=luctus&etiam=tincidunt&faucibus=nulla&cursus=mollis&urna=molestie&ut=lorem&tellus=quisque&nulla=ut&ut=erat&erat=curabitur&id=gravida&mauris=nisi&vulputate=at&elementum=nibh&nullam=in&varius=hac&nulla=habitasse&facilisi=platea&cras=dictumst&non=aliquam&velit=augue&nec=quam&nisi=sollicitudin&vulputate=vitae&nonummy=consectetuer&maecenas=eget&tincidunt=rutrum&lacus=at&at=lorem&velit=integer&vivamus=tincidunt&vel=ante&nulla=vel,TRUE
+https://cyberchimps.com/sed/augue/aliquam/erat/volutpat/in/congue.png?suspendisse=adipiscing&ornare=lorem&consequat=vitae&lectus=mattis&in=nibh,TRUE
+https://studiopress.com/phasellus/in/felis.aspx?lorem=turpis&integer=enim&tincidunt=blandit&ante=mi&vel=in&ipsum=porttitor&praesent=pede&blandit=justo&lacinia=eu&erat=massa&vestibulum=donec&sed=dapibus&magna=duis&at=at&nunc=velit&commodo=eu&placerat=est&praesent=congue&blandit=elementum&nam=in,TRUE
+https://yellowbook.com/suspendisse.xml?libero=mi&quis=integer&orci=ac&nullam=neque&molestie=duis&nibh=bibendum&in=morbi&lectus=non&pellentesque=quam&at=nec&nulla=dui&suspendisse=luctus&potenti=rutrum&cras=nulla&in=tellus&purus=in&eu=sagittis&magna=dui&vulputate=vel&luctus=nisl,TRUE
+http://washington.edu/tincidunt/nulla/mollis/molestie/lorem/quisque.json?molestie=blandit&hendrerit=lacinia&at=erat&vulputate=vestibulum&vitae=sed&nisl=magna&aenean=at&lectus=nunc&pellentesque=commodo&eget=placerat&nunc=praesent&donec=blandit&quis=nam&orci=nulla&eget=integer&orci=pede&vehicula=justo&condimentum=lacinia&curabitur=eget&in=tincidunt&libero=eget&ut=tempus&massa=vel&volutpat=pede&convallis=morbi&morbi=porttitor&odio=lorem&odio=id&elementum=ligula&eu=suspendisse&interdum=ornare&eu=consequat&tincidunt=lectus&in=in&leo=est&maecenas=risus&pulvinar=auctor&lobortis=sed&est=tristique&phasellus=in&sit=tempus&amet=sit&erat=amet&nulla=sem&tempus=fusce&vivamus=consequat&in=nulla&felis=nisl&eu=nunc&sapien=nisl&cursus=duis&vestibulum=bibendum&proin=felis&eu=sed&mi=interdum&nulla=venenatis&ac=turpis&enim=enim&in=blandit&tempor=mi&turpis=in&nec=porttitor&euismod=pede&scelerisque=justo&quam=eu&turpis=massa&adipiscing=donec&lorem=dapibus&vitae=duis&mattis=at&nibh=velit&ligula=eu&nec=est&sem=congue&duis=elementum&aliquam=in&convallis=hac&nunc=habitasse&proin=platea&at=dictumst&turpis=morbi&a=vestibulum&pede=velit&posuere=id&nonummy=pretium&integer=iaculis&non=diam&velit=erat&donec=fermentum&diam=justo,TRUE
+https://nationalgeographic.com/dapibus.png?eu=commodo&interdum=vulputate&eu=justo&tincidunt=in&in=blandit&leo=ultrices&maecenas=enim&pulvinar=lorem&lobortis=ipsum&est=dolor&phasellus=sit&sit=amet&amet=consectetuer&erat=adipiscing&nulla=elit&tempus=proin&vivamus=interdum&in=mauris&felis=non&eu=ligula&sapien=pellentesque&cursus=ultrices&vestibulum=phasellus&proin=id&eu=sapien&mi=in&nulla=sapien&ac=iaculis&enim=congue&in=vivamus&tempor=metus&turpis=arcu&nec=adipiscing&euismod=molestie&scelerisque=hendrerit&quam=at&turpis=vulputate&adipiscing=vitae&lorem=nisl&vitae=aenean&mattis=lectus&nibh=pellentesque&ligula=eget&nec=nunc&sem=donec&duis=quis&aliquam=orci&convallis=eget&nunc=orci&proin=vehicula&at=condimentum&turpis=curabitur&a=in&pede=libero&posuere=ut&nonummy=massa&integer=volutpat&non=convallis&velit=morbi&donec=odio,TRUE
+http://i2i.jp/lectus.jsp?amet=augue&eleifend=vestibulum&pede=ante&libero=ipsum&quis=primis&orci=in&nullam=faucibus&molestie=orci&nibh=luctus&in=et&lectus=ultrices&pellentesque=posuere&at=cubilia&nulla=curae&suspendisse=donec&potenti=pharetra&cras=magna&in=vestibulum&purus=aliquet&eu=ultrices&magna=erat&vulputate=tortor&luctus=sollicitudin&cum=mi&sociis=sit&natoque=amet&penatibus=lobortis&et=sapien&magnis=sapien&dis=non&parturient=mi&montes=integer&nascetur=ac&ridiculus=neque&mus=duis&vivamus=bibendum&vestibulum=morbi&sagittis=non&sapien=quam&cum=nec&sociis=dui&natoque=luctus&penatibus=rutrum&et=nulla&magnis=tellus&dis=in&parturient=sagittis&montes=dui&nascetur=vel&ridiculus=nisl&mus=duis&etiam=ac&vel=nibh&augue=fusce&vestibulum=lacus&rutrum=purus&rutrum=aliquet&neque=at&aenean=feugiat&auctor=non&gravida=pretium&sem=quis,TRUE
+https://odnoklassniki.ru/venenatis/tristique/fusce/congue/diam/id/ornare.xml?congue=congue&etiam=etiam&justo=justo&etiam=etiam&pretium=pretium&iaculis=iaculis&justo=justo&in=in&hac=hac&habitasse=habitasse&platea=platea&dictumst=dictumst&etiam=etiam&faucibus=faucibus&cursus=cursus&urna=urna&ut=ut&tellus=tellus&nulla=nulla&ut=ut&erat=erat&id=id&mauris=mauris&vulputate=vulputate&elementum=elementum&nullam=nullam&varius=varius&nulla=nulla&facilisi=facilisi&cras=cras&non=non&velit=velit&nec=nec&nisi=nisi&vulputate=vulputate&nonummy=nonummy&maecenas=maecenas&tincidunt=tincidunt&lacus=lacus&at=at&velit=velit&vivamus=vivamus&vel=vel&nulla=nulla&eget=eget&eros=eros&elementum=elementum&pellentesque=pellentesque&quisque=quisque&porta=porta&volutpat=volutpat&erat=erat&quisque=quisque&erat=erat&eros=eros&viverra=viverra&eget=eget&congue=congue&eget=eget&semper=semper&rutrum=rutrum&nulla=nulla&nunc=nunc&purus=purus&phasellus=phasellus&in=in&felis=felis&donec=donec&semper=semper&sapien=sapien&a=a&libero=libero&nam=nam&dui=dui&proin=proin&leo=leo&odio=odio&porttitor=porttitor&id=id&consequat=consequat&in=in&consequat=consequat&ut=ut&nulla=nulla&sed=sed&accumsan=accumsan&felis=felis,TRUE
+https://walmart.com/in/hac/habitasse/platea/dictumst/morbi.jpg?augue=est&vel=phasellus&accumsan=sit&tellus=amet&nisi=erat&eu=nulla&orci=tempus&mauris=vivamus&lacinia=in&sapien=felis&quis=eu&libero=sapien&nullam=cursus&sit=vestibulum&amet=proin&turpis=eu&elementum=mi&ligula=nulla&vehicula=ac&consequat=enim&morbi=in&a=tempor&ipsum=turpis&integer=nec&a=euismod&nibh=scelerisque&in=quam&quis=turpis&justo=adipiscing&maecenas=lorem&rhoncus=vitae&aliquam=mattis&lacus=nibh&morbi=ligula&quis=nec&tortor=sem&id=duis&nulla=aliquam&ultrices=convallis&aliquet=nunc&maecenas=proin&leo=at&odio=turpis&condimentum=a&id=pede&luctus=posuere&nec=nonummy&molestie=integer&sed=non&justo=velit&pellentesque=donec&viverra=diam&pede=neque&ac=vestibulum&diam=eget&cras=vulputate&pellentesque=ut&volutpat=ultrices&dui=vel&maecenas=augue&tristique=vestibulum&est=ante&et=ipsum&tempus=primis&semper=in&est=faucibus&quam=orci&pharetra=luctus&magna=et&ac=ultrices&consequat=posuere&metus=cubilia&sapien=curae,TRUE
+https://jimdo.com/donec/semper/sapien/a/libero.js?erat=cum&tortor=sociis&sollicitudin=natoque&mi=penatibus&sit=et&amet=magnis&lobortis=dis&sapien=parturient&sapien=montes&non=nascetur&mi=ridiculus&integer=mus&ac=etiam&neque=vel&duis=augue&bibendum=vestibulum&morbi=rutrum&non=rutrum&quam=neque&nec=aenean&dui=auctor&luctus=gravida&rutrum=sem&nulla=praesent&tellus=id&in=massa&sagittis=id&dui=nisl&vel=venenatis&nisl=lacinia&duis=aenean&ac=sit&nibh=amet&fusce=justo&lacus=morbi&purus=ut&aliquet=odio&at=cras&feugiat=mi&non=pede&pretium=malesuada&quis=in&lectus=imperdiet&suspendisse=et&potenti=commodo&in=vulputate&eleifend=justo&quam=in&a=blandit&odio=ultrices&in=enim&hac=lorem&habitasse=ipsum&platea=dolor&dictumst=sit&maecenas=amet&ut=consectetuer&massa=adipiscing&quis=elit&augue=proin&luctus=interdum&tincidunt=mauris&nulla=non&mollis=ligula&molestie=pellentesque&lorem=ultrices&quisque=phasellus&ut=id&erat=sapien&curabitur=in&gravida=sapien&nisi=iaculis&at=congue&nibh=vivamus&in=metus&hac=arcu&habitasse=adipiscing&platea=molestie&dictumst=hendrerit&aliquam=at&augue=vulputate&quam=vitae&sollicitudin=nisl&vitae=aenean&consectetuer=lectus&eget=pellentesque&rutrum=eget&at=nunc,TRUE
+http://fda.gov/curae/duis/faucibus/accumsan.js?eleifend=eu&luctus=est&ultricies=congue&eu=elementum&nibh=in&quisque=hac&id=habitasse&justo=platea&sit=dictumst&amet=morbi&sapien=vestibulum&dignissim=velit&vestibulum=id&vestibulum=pretium&ante=iaculis&ipsum=diam&primis=erat&in=fermentum&faucibus=justo&orci=nec&luctus=condimentum&et=neque&ultrices=sapien&posuere=placerat&cubilia=ante&curae=nulla&nulla=justo&dapibus=aliquam&dolor=quis&vel=turpis&est=eget&donec=elit&odio=sodales&justo=scelerisque&sollicitudin=mauris&ut=sit&suscipit=amet&a=eros&feugiat=suspendisse&et=accumsan&eros=tortor&vestibulum=quis&ac=turpis&est=sed&lacinia=ante&nisi=vivamus&venenatis=tortor&tristique=duis&fusce=mattis&congue=egestas&diam=metus&id=aenean&ornare=fermentum&imperdiet=donec&sapien=ut&urna=mauris&pretium=eget&nisl=massa&ut=tempor&volutpat=convallis&sapien=nulla&arcu=neque&sed=libero&augue=convallis&aliquam=eget&erat=eleifend&volutpat=luctus&in=ultricies&congue=eu&etiam=nibh&justo=quisque&etiam=id&pretium=justo&iaculis=sit&justo=amet&in=sapien,TRUE
+http://usgs.gov/erat/id/mauris/vulputate.png?lobortis=ultrices&est=phasellus&phasellus=id&sit=sapien&amet=in&erat=sapien&nulla=iaculis&tempus=congue&vivamus=vivamus&in=metus&felis=arcu&eu=adipiscing&sapien=molestie&cursus=hendrerit&vestibulum=at&proin=vulputate&eu=vitae&mi=nisl&nulla=aenean&ac=lectus&enim=pellentesque&in=eget&tempor=nunc&turpis=donec&nec=quis&euismod=orci&scelerisque=eget&quam=orci&turpis=vehicula&adipiscing=condimentum&lorem=curabitur&vitae=in&mattis=libero&nibh=ut&ligula=massa&nec=volutpat&sem=convallis&duis=morbi&aliquam=odio&convallis=odio&nunc=elementum&proin=eu&at=interdum&turpis=eu&a=tincidunt&pede=in&posuere=leo&nonummy=maecenas&integer=pulvinar&non=lobortis&velit=est&donec=phasellus&diam=sit&neque=amet&vestibulum=erat&eget=nulla&vulputate=tempus&ut=vivamus&ultrices=in&vel=felis&augue=eu&vestibulum=sapien&ante=cursus&ipsum=vestibulum&primis=proin&in=eu&faucibus=mi&orci=nulla&luctus=ac&et=enim&ultrices=in&posuere=tempor&cubilia=turpis&curae=nec&donec=euismod&pharetra=scelerisque&magna=quam&vestibulum=turpis&aliquet=adipiscing&ultrices=lorem&erat=vitae&tortor=mattis&sollicitudin=nibh&mi=ligula&sit=nec,TRUE
+https://g.co/in/tempus/sit/amet/sem.jsp?amet=justo&justo=morbi&morbi=ut&ut=odio&odio=cras&cras=mi&mi=pede&pede=malesuada&malesuada=in&in=imperdiet&imperdiet=et&et=commodo&commodo=vulputate&vulputate=justo&justo=in&in=blandit&blandit=ultrices&ultrices=enim&enim=lorem&lorem=ipsum&ipsum=dolor&dolor=sit&sit=amet&amet=consectetuer&consectetuer=adipiscing&adipiscing=elit&elit=proin&proin=interdum&interdum=mauris&mauris=non&non=ligula&ligula=pellentesque&pellentesque=ultrices&ultrices=phasellus&phasellus=id&id=sapien&sapien=in&in=sapien&sapien=iaculis&iaculis=congue&congue=vivamus&vivamus=metus&metus=arcu&arcu=adipiscing&adipiscing=molestie&molestie=hendrerit&hendrerit=at&at=vulputate&vulputate=vitae&vitae=nisl&nisl=aenean&aenean=lectus&lectus=pellentesque&pellentesque=eget&eget=nunc&nunc=donec&donec=quis&quis=orci&orci=eget&eget=orci&orci=vehicula&vehicula=condimentum&condimentum=curabitur&curabitur=in&in=libero&libero=ut&ut=massa&massa=volutpat&volutpat=convallis&convallis=morbi&morbi=odio&odio=odio&odio=elementum&elementum=eu&eu=interdum,TRUE
+http://un.org/eget/congue/eget/semper.jsp?id=justo&ligula=morbi&suspendisse=ut&ornare=odio&consequat=cras&lectus=mi&in=pede&est=malesuada&risus=in&auctor=imperdiet,TRUE
+http://ocn.ne.jp/vestibulum/rutrum/rutrum/neque/aenean.jpg?nunc=eget&proin=congue&at=eget&turpis=semper&a=rutrum&pede=nulla&posuere=nunc&nonummy=purus&integer=phasellus&non=in&velit=felis&donec=donec&diam=semper&neque=sapien&vestibulum=a&eget=libero&vulputate=nam&ut=dui&ultrices=proin&vel=leo&augue=odio&vestibulum=porttitor&ante=id&ipsum=consequat&primis=in&in=consequat&faucibus=ut&orci=nulla&luctus=sed&et=accumsan&ultrices=felis&posuere=ut&cubilia=at&curae=dolor&donec=quis&pharetra=odio&magna=consequat&vestibulum=varius&aliquet=integer&ultrices=ac&erat=leo&tortor=pellentesque&sollicitudin=ultrices&mi=mattis&sit=odio&amet=donec&lobortis=vitae&sapien=nisi&sapien=nam&non=ultrices&mi=libero&integer=non&ac=mattis&neque=pulvinar&duis=nulla&bibendum=pede&morbi=ullamcorper&non=augue&quam=a&nec=suscipit&dui=nulla&luctus=elit&rutrum=ac&nulla=nulla&tellus=sed&in=vel&sagittis=enim&dui=sit&vel=amet&nisl=nunc&duis=viverra&ac=dapibus&nibh=nulla&fusce=suscipit&lacus=ligula&purus=in&aliquet=lacus&at=curabitur&feugiat=at&non=ipsum&pretium=ac,TRUE
+http://walmart.com/neque.aspx?duis=maecenas&bibendum=leo&morbi=odio&non=condimentum&quam=id&nec=luctus&dui=nec&luctus=molestie&rutrum=sed&nulla=justo&tellus=pellentesque&in=viverra&sagittis=pede&dui=ac&vel=diam&nisl=cras&duis=pellentesque&ac=volutpat&nibh=dui&fusce=maecenas&lacus=tristique&purus=est&aliquet=et&at=tempus&feugiat=semper&non=est&pretium=quam&quis=pharetra,TRUE
+http://edublogs.org/porta/volutpat/quam/pede.jpg?tincidunt=donec&eget=dapibus&tempus=duis&vel=at&pede=velit&morbi=eu&porttitor=est&lorem=congue&id=elementum&ligula=in&suspendisse=hac&ornare=habitasse&consequat=platea&lectus=dictumst&in=morbi&est=vestibulum&risus=velit&auctor=id&sed=pretium&tristique=iaculis&in=diam&tempus=erat&sit=fermentum&amet=justo&sem=nec&fusce=condimentum&consequat=neque&nulla=sapien&nisl=placerat&nunc=ante&nisl=nulla&duis=justo&bibendum=aliquam&felis=quis&sed=turpis&interdum=eget&venenatis=elit&turpis=sodales&enim=scelerisque&blandit=mauris&mi=sit&in=amet&porttitor=eros&pede=suspendisse&justo=accumsan&eu=tortor&massa=quis&donec=turpis&dapibus=sed&duis=ante&at=vivamus&velit=tortor&eu=duis&est=mattis&congue=egestas&elementum=metus&in=aenean&hac=fermentum&habitasse=donec&platea=ut&dictumst=mauris&morbi=eget&vestibulum=massa&velit=tempor&id=convallis&pretium=nulla&iaculis=neque&diam=libero&erat=convallis&fermentum=eget&justo=eleifend&nec=luctus&condimentum=ultricies&neque=eu&sapien=nibh&placerat=quisque&ante=id&nulla=justo&justo=sit&aliquam=amet&quis=sapien&turpis=dignissim&eget=vestibulum&elit=vestibulum&sodales=ante&scelerisque=ipsum&mauris=primis&sit=in&amet=faucibus&eros=orci&suspendisse=luctus&accumsan=et,TRUE
+http://geocities.com/tristique/est/et.js?eros=integer&vestibulum=aliquet&ac=massa&est=id&lacinia=lobortis&nisi=convallis&venenatis=tortor&tristique=risus&fusce=dapibus&congue=augue&diam=vel&id=accumsan&ornare=tellus&imperdiet=nisi&sapien=eu&urna=orci&pretium=mauris&nisl=lacinia&ut=sapien&volutpat=quis&sapien=libero&arcu=nullam&sed=sit&augue=amet&aliquam=turpis&erat=elementum&volutpat=ligula&in=vehicula&congue=consequat&etiam=morbi&justo=a&etiam=ipsum&pretium=integer&iaculis=a&justo=nibh&in=in&hac=quis&habitasse=justo&platea=maecenas&dictumst=rhoncus&etiam=aliquam&faucibus=lacus&cursus=morbi&urna=quis&ut=tortor&tellus=id&nulla=nulla&ut=ultrices&erat=aliquet&id=maecenas&mauris=leo&vulputate=odio&elementum=condimentum&nullam=id&varius=luctus&nulla=nec&facilisi=molestie&cras=sed&non=justo&velit=pellentesque&nec=viverra&nisi=pede&vulputate=ac&nonummy=diam&maecenas=cras&tincidunt=pellentesque&lacus=volutpat&at=dui&velit=maecenas&vivamus=tristique&vel=est&nulla=et&eget=tempus,TRUE
+http://miitbeian.gov.cn/leo/maecenas/pulvinar/lobortis/est/phasellus/sit.jpg?lorem=venenatis&integer=tristique&tincidunt=fusce&ante=congue&vel=diam&ipsum=id&praesent=ornare&blandit=imperdiet&lacinia=sapien&erat=urna&vestibulum=pretium&sed=nisl&magna=ut&at=volutpat&nunc=sapien&commodo=arcu&placerat=sed&praesent=augue&blandit=aliquam&nam=erat&nulla=volutpat&integer=in&pede=congue&justo=etiam&lacinia=justo&eget=etiam&tincidunt=pretium&eget=iaculis&tempus=justo&vel=in,TRUE
+https://smugmug.com/nullam/orci/pede/venenatis/non/sodales.png?orci=amet&mauris=consectetuer&lacinia=adipiscing&sapien=elit,TRUE
+https://desdev.cn/aliquet/at/feugiat/non.json?ridiculus=proin&mus=interdum&etiam=mauris&vel=non&augue=ligula&vestibulum=pellentesque&rutrum=ultrices&rutrum=phasellus&neque=id&aenean=sapien&auctor=in&gravida=sapien&sem=iaculis&praesent=congue&id=vivamus&massa=metus&id=arcu&nisl=adipiscing&venenatis=molestie&lacinia=hendrerit&aenean=at&sit=vulputate&amet=vitae&justo=nisl&morbi=aenean&ut=lectus&odio=pellentesque&cras=eget&mi=nunc&pede=donec&malesuada=quis&in=orci&imperdiet=eget&et=orci&commodo=vehicula&vulputate=condimentum&justo=curabitur&in=in&blandit=libero&ultrices=ut&enim=massa,TRUE
+https://nymag.com/nisi.js?augue=nam&vel=dui&accumsan=proin&tellus=leo&nisi=odio&eu=porttitor&orci=id&mauris=consequat&lacinia=in&sapien=consequat&quis=ut&libero=nulla&nullam=sed&sit=accumsan&amet=felis&turpis=ut&elementum=at&ligula=dolor&vehicula=quis&consequat=odio&morbi=consequat&a=varius&ipsum=integer&integer=ac&a=leo&nibh=pellentesque&in=ultrices&quis=mattis&justo=odio&maecenas=donec&rhoncus=vitae&aliquam=nisi&lacus=nam&morbi=ultrices&quis=libero&tortor=non&id=mattis&nulla=pulvinar&ultrices=nulla&aliquet=pede&maecenas=ullamcorper&leo=augue&odio=a&condimentum=suscipit&id=nulla&luctus=elit&nec=ac&molestie=nulla&sed=sed&justo=vel&pellentesque=enim&viverra=sit&pede=amet&ac=nunc&diam=viverra&cras=dapibus&pellentesque=nulla&volutpat=suscipit&dui=ligula&maecenas=in&tristique=lacus&est=curabitur&et=at&tempus=ipsum&semper=ac&est=tellus&quam=semper&pharetra=interdum&magna=mauris&ac=ullamcorper&consequat=purus&metus=sit&sapien=amet&ut=nulla&nunc=quisque&vestibulum=arcu&ante=libero&ipsum=rutrum&primis=ac&in=lobortis&faucibus=vel&orci=dapibus&luctus=at&et=diam&ultrices=nam&posuere=tristique,TRUE
+http://hao123.com/lacinia/aenean/sit/amet.jsp?justo=nec&eu=nisi&massa=vulputate&donec=nonummy&dapibus=maecenas&duis=tincidunt&at=lacus&velit=at&eu=velit&est=vivamus&congue=vel&elementum=nulla&in=eget&hac=eros&habitasse=elementum&platea=pellentesque&dictumst=quisque&morbi=porta&vestibulum=volutpat&velit=erat&id=quisque&pretium=erat,TRUE
+https://rediff.com/sapien/varius.json?id=nibh&turpis=ligula&integer=nec&aliquet=sem&massa=duis&id=aliquam&lobortis=convallis&convallis=nunc&tortor=proin&risus=at&dapibus=turpis&augue=a&vel=pede&accumsan=posuere&tellus=nonummy&nisi=integer&eu=non&orci=velit&mauris=donec&lacinia=diam&sapien=neque&quis=vestibulum&libero=eget&nullam=vulputate&sit=ut&amet=ultrices&turpis=vel&elementum=augue&ligula=vestibulum&vehicula=ante&consequat=ipsum&morbi=primis&a=in&ipsum=faucibus&integer=orci&a=luctus&nibh=et&in=ultrices&quis=posuere&justo=cubilia&maecenas=curae&rhoncus=donec&aliquam=pharetra&lacus=magna&morbi=vestibulum&quis=aliquet&tortor=ultrices&id=erat&nulla=tortor&ultrices=sollicitudin&aliquet=mi&maecenas=sit&leo=amet&odio=lobortis&condimentum=sapien&id=sapien&luctus=non&nec=mi&molestie=integer&sed=ac,TRUE
+http://google.com/pede/lobortis/ligula/sit.html?pulvinar=ultrices&sed=posuere&nisl=cubilia&nunc=curae&rhoncus=donec&dui=pharetra&vel=magna&sem=vestibulum&sed=aliquet&sagittis=ultrices&nam=erat&congue=tortor&risus=sollicitudin&semper=mi&porta=sit&volutpat=amet&quam=lobortis&pede=sapien&lobortis=sapien&ligula=non&sit=mi&amet=integer&eleifend=ac&pede=neque&libero=duis&quis=bibendum&orci=morbi&nullam=non&molestie=quam&nibh=nec&in=dui&lectus=luctus&pellentesque=rutrum&at=nulla&nulla=tellus&suspendisse=in&potenti=sagittis&cras=dui&in=vel&purus=nisl&eu=duis&magna=ac&vulputate=nibh&luctus=fusce&cum=lacus&sociis=purus&natoque=aliquet&penatibus=at&et=feugiat&magnis=non&dis=pretium&parturient=quis&montes=lectus&nascetur=suspendisse&ridiculus=potenti&mus=in&vivamus=eleifend&vestibulum=quam&sagittis=a&sapien=odio&cum=in&sociis=hac&natoque=habitasse&penatibus=platea&et=dictumst&magnis=maecenas,TRUE
+http://thetimes.co.uk/eu.jsp?aliquam=eros&lacus=vestibulum&morbi=ac&quis=est&tortor=lacinia&id=nisi&nulla=venenatis&ultrices=tristique&aliquet=fusce&maecenas=congue&leo=diam&odio=id&condimentum=ornare&id=imperdiet&luctus=sapien&nec=urna&molestie=pretium&sed=nisl&justo=ut&pellentesque=volutpat&viverra=sapien&pede=arcu&ac=sed&diam=augue&cras=aliquam&pellentesque=erat&volutpat=volutpat&dui=in&maecenas=congue&tristique=etiam&est=justo&et=etiam&tempus=pretium&semper=iaculis&est=justo&quam=in&pharetra=hac&magna=habitasse&ac=platea&consequat=dictumst&metus=etiam&sapien=faucibus&ut=cursus&nunc=urna&vestibulum=ut&ante=tellus&ipsum=nulla&primis=ut&in=erat&faucibus=id&orci=mauris&luctus=vulputate&et=elementum&ultrices=nullam&posuere=varius&cubilia=nulla&curae=facilisi&mauris=cras&viverra=non&diam=velit&vitae=nec&quam=nisi&suspendisse=vulputate&potenti=nonummy&nullam=maecenas&porttitor=tincidunt&lacus=lacus&at=at&turpis=velit&donec=vivamus&posuere=vel&metus=nulla&vitae=eget&ipsum=eros&aliquam=elementum&non=pellentesque&mauris=quisque&morbi=porta&non=volutpat&lectus=erat&aliquam=quisque&sit=erat&amet=eros&diam=viverra&in=eget&magna=congue&bibendum=eget&imperdiet=semper&nullam=rutrum&orci=nulla&pede=nunc&venenatis=purus&non=phasellus&sodales=in&sed=felis&tincidunt=donec&eu=semper&felis=sapien&fusce=a&posuere=libero,TRUE
+https://oaic.gov.au/ante/ipsum/primis/in/faucibus/orci/luctus.aspx?magna=eget&vulputate=eros&luctus=elementum&cum=pellentesque&sociis=quisque&natoque=porta&penatibus=volutpat&et=erat&magnis=quisque&dis=erat&parturient=eros&montes=viverra&nascetur=eget&ridiculus=congue&mus=eget&vivamus=semper&vestibulum=rutrum&sagittis=nulla&sapien=nunc&cum=purus&sociis=phasellus&natoque=in&penatibus=felis&et=donec&magnis=semper&dis=sapien&parturient=a&montes=libero&nascetur=nam&ridiculus=dui&mus=proin&etiam=leo&vel=odio&augue=porttitor&vestibulum=id&rutrum=consequat&rutrum=in&neque=consequat&aenean=ut&auctor=nulla&gravida=sed&sem=accumsan&praesent=felis&id=ut&massa=at&id=dolor&nisl=quis&venenatis=odio&lacinia=consequat&aenean=varius&sit=integer&amet=ac&justo=leo&morbi=pellentesque&ut=ultrices&odio=mattis&cras=odio&mi=donec&pede=vitae&malesuada=nisi&in=nam&imperdiet=ultrices&et=libero&commodo=non&vulputate=mattis&justo=pulvinar&in=nulla&blandit=pede&ultrices=ullamcorper&enim=augue&lorem=a&ipsum=suscipit&dolor=nulla&sit=elit&amet=ac&consectetuer=nulla,TRUE
+http://imageshack.us/primis.js?in=nulla&congue=tellus&etiam=in&justo=sagittis&etiam=dui&pretium=vel&iaculis=nisl&justo=duis&in=ac&hac=nibh&habitasse=fusce&platea=lacus,TRUE
+https://cdc.gov/lorem/ipsum/dolor/sit/amet.jpg?sollicitudin=fringilla&mi=rhoncus&sit=mauris&amet=enim&lobortis=leo&sapien=rhoncus&sapien=sed&non=vestibulum&mi=sit&integer=amet&ac=cursus&neque=id&duis=turpis&bibendum=integer&morbi=aliquet&non=massa&quam=id&nec=lobortis&dui=convallis&luctus=tortor&rutrum=risus&nulla=dapibus&tellus=augue&in=vel&sagittis=accumsan&dui=tellus&vel=nisi&nisl=eu&duis=orci&ac=mauris&nibh=lacinia&fusce=sapien&lacus=quis&purus=libero,TRUE
+https://census.gov/sit/amet.png?rhoncus=quam&dui=fringilla&vel=rhoncus&sem=mauris&sed=enim&sagittis=leo&nam=rhoncus&congue=sed&risus=vestibulum&semper=sit&porta=amet&volutpat=cursus&quam=id&pede=turpis&lobortis=integer&ligula=aliquet&sit=massa&amet=id&eleifend=lobortis&pede=convallis&libero=tortor&quis=risus&orci=dapibus&nullam=augue&molestie=vel&nibh=accumsan&in=tellus&lectus=nisi&pellentesque=eu&at=orci&nulla=mauris&suspendisse=lacinia&potenti=sapien&cras=quis&in=libero&purus=nullam&eu=sit&magna=amet,TRUE
+https://chron.com/nulla.json?ac=amet&enim=consectetuer&in=adipiscing&tempor=elit&turpis=proin&nec=interdum&euismod=mauris&scelerisque=non&quam=ligula&turpis=pellentesque&adipiscing=ultrices&lorem=phasellus&vitae=id&mattis=sapien&nibh=in&ligula=sapien&nec=iaculis&sem=congue&duis=vivamus&aliquam=metus&convallis=arcu&nunc=adipiscing&proin=molestie&at=hendrerit&turpis=at&a=vulputate&pede=vitae&posuere=nisl&nonummy=aenean&integer=lectus&non=pellentesque&velit=eget&donec=nunc&diam=donec&neque=quis&vestibulum=orci&eget=eget&vulputate=orci&ut=vehicula&ultrices=condimentum&vel=curabitur&augue=in&vestibulum=libero&ante=ut&ipsum=massa&primis=volutpat&in=convallis&faucibus=morbi&orci=odio&luctus=odio&et=elementum&ultrices=eu&posuere=interdum&cubilia=eu&curae=tincidunt&donec=in&pharetra=leo&magna=maecenas&vestibulum=pulvinar&aliquet=lobortis&ultrices=est&erat=phasellus&tortor=sit&sollicitudin=amet&mi=erat&sit=nulla&amet=tempus&lobortis=vivamus&sapien=in&sapien=felis&non=eu&mi=sapien&integer=cursus&ac=vestibulum&neque=proin&duis=eu&bibendum=mi&morbi=nulla&non=ac&quam=enim&nec=in&dui=tempor&luctus=turpis&rutrum=nec&nulla=euismod&tellus=scelerisque&in=quam&sagittis=turpis&dui=adipiscing&vel=lorem&nisl=vitae&duis=mattis&ac=nibh&nibh=ligula&fusce=nec&lacus=sem&purus=duis&aliquet=aliquam&at=convallis&feugiat=nunc,TRUE
+https://ed.gov/sociis.aspx?nulla=in&nunc=felis&purus=eu&phasellus=sapien&in=cursus&felis=vestibulum&donec=proin&semper=eu&sapien=mi&a=nulla&libero=ac&nam=enim&dui=in&proin=tempor&leo=turpis&odio=nec&porttitor=euismod&id=scelerisque&consequat=quam&in=turpis&consequat=adipiscing&ut=lorem&nulla=vitae&sed=mattis&accumsan=nibh&felis=ligula&ut=nec&at=sem&dolor=duis&quis=aliquam&odio=convallis&consequat=nunc&varius=proin&integer=at&ac=turpis&leo=a&pellentesque=pede&ultrices=posuere&mattis=nonummy&odio=integer&donec=non&vitae=velit&nisi=donec&nam=diam&ultrices=neque&libero=vestibulum&non=eget&mattis=vulputate&pulvinar=ut&nulla=ultrices&pede=vel&ullamcorper=augue&augue=vestibulum&a=ante&suscipit=ipsum&nulla=primis&elit=in&ac=faucibus&nulla=orci&sed=luctus&vel=et&enim=ultrices&sit=posuere,TRUE
+https://etsy.com/nisl/duis.aspx?sapien=rhoncus&sapien=mauris&non=enim&mi=leo&integer=rhoncus&ac=sed&neque=vestibulum&duis=sit&bibendum=amet&morbi=cursus&non=id&quam=turpis&nec=integer&dui=aliquet&luctus=massa&rutrum=id&nulla=lobortis&tellus=convallis&in=tortor&sagittis=risus&dui=dapibus&vel=augue&nisl=vel&duis=accumsan&ac=tellus&nibh=nisi&fusce=eu&lacus=orci&purus=mauris&aliquet=lacinia&at=sapien&feugiat=quis&non=libero&pretium=nullam&quis=sit&lectus=amet&suspendisse=turpis&potenti=elementum&in=ligula&eleifend=vehicula&quam=consequat&a=morbi&odio=a&in=ipsum&hac=integer,TRUE
+https://yale.edu/duis.xml?a=eu&ipsum=magna&integer=vulputate&a=luctus&nibh=cum&in=sociis&quis=natoque&justo=penatibus&maecenas=et&rhoncus=magnis&aliquam=dis&lacus=parturient&morbi=montes&quis=nascetur&tortor=ridiculus&id=mus&nulla=vivamus&ultrices=vestibulum&aliquet=sagittis&maecenas=sapien&leo=cum&odio=sociis&condimentum=natoque&id=penatibus&luctus=et&nec=magnis&molestie=dis&sed=parturient&justo=montes&pellentesque=nascetur&viverra=ridiculus&pede=mus&ac=etiam&diam=vel&cras=augue&pellentesque=vestibulum&volutpat=rutrum&dui=rutrum&maecenas=neque&tristique=aenean&est=auctor&et=gravida&tempus=sem&semper=praesent&est=id&quam=massa&pharetra=id&magna=nisl&ac=venenatis&consequat=lacinia&metus=aenean&sapien=sit&ut=amet&nunc=justo&vestibulum=morbi&ante=ut&ipsum=odio&primis=cras&in=mi&faucibus=pede&orci=malesuada&luctus=in&et=imperdiet&ultrices=et&posuere=commodo,TRUE
+http://odnoklassniki.ru/tortor/sollicitudin/mi/sit/amet/lobortis/sapien.jsp?sodales=venenatis&scelerisque=tristique&mauris=fusce&sit=congue&amet=diam&eros=id&suspendisse=ornare&accumsan=imperdiet&tortor=sapien&quis=urna&turpis=pretium&sed=nisl&ante=ut&vivamus=volutpat&tortor=sapien&duis=arcu&mattis=sed&egestas=augue&metus=aliquam&aenean=erat&fermentum=volutpat&donec=in&ut=congue&mauris=etiam&eget=justo&massa=etiam&tempor=pretium&convallis=iaculis&nulla=justo&neque=in&libero=hac&convallis=habitasse&eget=platea&eleifend=dictumst&luctus=etiam&ultricies=faucibus&eu=cursus&nibh=urna&quisque=ut&id=tellus&justo=nulla&sit=ut&amet=erat&sapien=id&dignissim=mauris&vestibulum=vulputate&vestibulum=elementum&ante=nullam&ipsum=varius&primis=nulla&in=facilisi&faucibus=cras&orci=non&luctus=velit&et=nec&ultrices=nisi&posuere=vulputate,TRUE
+https://cmu.edu/lacinia/aenean/sit/amet.jsp?felis=donec&eu=semper&sapien=sapien&cursus=a&vestibulum=libero&proin=nam&eu=dui&mi=proin&nulla=leo&ac=odio&enim=porttitor&in=id&tempor=consequat&turpis=in&nec=consequat&euismod=ut&scelerisque=nulla&quam=sed&turpis=accumsan&adipiscing=felis&lorem=ut&vitae=at&mattis=dolor&nibh=quis&ligula=odio&nec=consequat&sem=varius&duis=integer&aliquam=ac&convallis=leo&nunc=pellentesque&proin=ultrices&at=mattis&turpis=odio&a=donec&pede=vitae&posuere=nisi&nonummy=nam&integer=ultrices&non=libero&velit=non&donec=mattis&diam=pulvinar&neque=nulla&vestibulum=pede&eget=ullamcorper&vulputate=augue&ut=a&ultrices=suscipit&vel=nulla&augue=elit&vestibulum=ac&ante=nulla&ipsum=sed&primis=vel&in=enim&faucibus=sit&orci=amet&luctus=nunc&et=viverra&ultrices=dapibus&posuere=nulla&cubilia=suscipit&curae=ligula&donec=in&pharetra=lacus&magna=curabitur&vestibulum=at&aliquet=ipsum&ultrices=ac&erat=tellus&tortor=semper&sollicitudin=interdum&mi=mauris&sit=ullamcorper&amet=purus&lobortis=sit&sapien=amet&sapien=nulla&non=quisque&mi=arcu&integer=libero&ac=rutrum&neque=ac&duis=lobortis&bibendum=vel&morbi=dapibus&non=at&quam=diam&nec=nam&dui=tristique&luctus=tortor,TRUE
+http://edublogs.org/eu/massa/donec/dapibus.aspx?molestie=lacinia&hendrerit=aenean&at=sit&vulputate=amet&vitae=justo&nisl=morbi&aenean=ut&lectus=odio&pellentesque=cras&eget=mi&nunc=pede&donec=malesuada&quis=in&orci=imperdiet&eget=et&orci=commodo&vehicula=vulputate&condimentum=justo&curabitur=in&in=blandit&libero=ultrices&ut=enim&massa=lorem&volutpat=ipsum&convallis=dolor&morbi=sit&odio=amet&odio=consectetuer&elementum=adipiscing&eu=elit&interdum=proin&eu=interdum&tincidunt=mauris&in=non&leo=ligula&maecenas=pellentesque&pulvinar=ultrices&lobortis=phasellus&est=id&phasellus=sapien&sit=in&amet=sapien&erat=iaculis&nulla=congue&tempus=vivamus&vivamus=metus&in=arcu&felis=adipiscing&eu=molestie&sapien=hendrerit&cursus=at&vestibulum=vulputate&proin=vitae&eu=nisl&mi=aenean&nulla=lectus&ac=pellentesque&enim=eget&in=nunc&tempor=donec&turpis=quis&nec=orci&euismod=eget&scelerisque=orci&quam=vehicula&turpis=condimentum&adipiscing=curabitur&lorem=in&vitae=libero&mattis=ut&nibh=massa&ligula=volutpat&nec=convallis&sem=morbi&duis=odio&aliquam=odio&convallis=elementum&nunc=eu&proin=interdum&at=eu&turpis=tincidunt&a=in&pede=leo&posuere=maecenas,TRUE
+https://pen.io/placerat/ante/nulla/justo.jsp?diam=aliquam&neque=sit&vestibulum=amet&eget=diam&vulputate=in&ut=magna&ultrices=bibendum&vel=imperdiet&augue=nullam&vestibulum=orci&ante=pede&ipsum=venenatis&primis=non&in=sodales&faucibus=sed&orci=tincidunt&luctus=eu&et=felis&ultrices=fusce&posuere=posuere&cubilia=felis&curae=sed&donec=lacus&pharetra=morbi&magna=sem&vestibulum=mauris&aliquet=laoreet&ultrices=ut&erat=rhoncus&tortor=aliquet&sollicitudin=pulvinar&mi=sed&sit=nisl&amet=nunc&lobortis=rhoncus&sapien=dui&sapien=vel&non=sem&mi=sed&integer=sagittis&ac=nam&neque=congue&duis=risus&bibendum=semper&morbi=porta&non=volutpat&quam=quam&nec=pede&dui=lobortis&luctus=ligula,TRUE
+https://vimeo.com/et/tempus/semper/est/quam/pharetra.jpg?vulputate=viverra&vitae=eget&nisl=congue&aenean=eget&lectus=semper&pellentesque=rutrum&eget=nulla&nunc=nunc&donec=purus&quis=phasellus&orci=in&eget=felis&orci=donec&vehicula=semper&condimentum=sapien&curabitur=a&in=libero&libero=nam&ut=dui&massa=proin&volutpat=leo&convallis=odio&morbi=porttitor&odio=id&odio=consequat&elementum=in&eu=consequat&interdum=ut&eu=nulla&tincidunt=sed&in=accumsan&leo=felis&maecenas=ut&pulvinar=at&lobortis=dolor&est=quis&phasellus=odio&sit=consequat&amet=varius&erat=integer&nulla=ac&tempus=leo&vivamus=pellentesque&in=ultrices&felis=mattis&eu=odio&sapien=donec&cursus=vitae&vestibulum=nisi&proin=nam&eu=ultrices&mi=libero&nulla=non&ac=mattis&enim=pulvinar&in=nulla&tempor=pede&turpis=ullamcorper&nec=augue&euismod=a&scelerisque=suscipit&quam=nulla&turpis=elit&adipiscing=ac&lorem=nulla&vitae=sed&mattis=vel,TRUE
+https://slideshare.net/nec.jpg?praesent=morbi&blandit=a&lacinia=ipsum&erat=integer&vestibulum=a&sed=nibh&magna=in&at=quis&nunc=justo&commodo=maecenas&placerat=rhoncus&praesent=aliquam&blandit=lacus&nam=morbi&nulla=quis&integer=tortor&pede=id&justo=nulla&lacinia=ultrices&eget=aliquet&tincidunt=maecenas&eget=leo&tempus=odio&vel=condimentum&pede=id&morbi=luctus&porttitor=nec&lorem=molestie&id=sed&ligula=justo&suspendisse=pellentesque&ornare=viverra&consequat=pede&lectus=ac&in=diam&est=cras&risus=pellentesque&auctor=volutpat&sed=dui&tristique=maecenas&in=tristique&tempus=est&sit=et&amet=tempus&sem=semper&fusce=est&consequat=quam&nulla=pharetra&nisl=magna&nunc=ac&nisl=consequat&duis=metus&bibendum=sapien&felis=ut&sed=nunc&interdum=vestibulum&venenatis=ante&turpis=ipsum&enim=primis&blandit=in&mi=faucibus&in=orci&porttitor=luctus&pede=et&justo=ultrices&eu=posuere&massa=cubilia&donec=curae&dapibus=mauris,TRUE
+https://hibu.com/odio/donec/vitae.jpg?nisl=cubilia&venenatis=curae&lacinia=mauris&aenean=viverra&sit=diam&amet=vitae&justo=quam&morbi=suspendisse&ut=potenti&odio=nullam&cras=porttitor&mi=lacus&pede=at&malesuada=turpis&in=donec&imperdiet=posuere&et=metus&commodo=vitae&vulputate=ipsum&justo=aliquam&in=non&blandit=mauris&ultrices=morbi&enim=non&lorem=lectus&ipsum=aliquam&dolor=sit&sit=amet&amet=diam&consectetuer=in&adipiscing=magna&elit=bibendum&proin=imperdiet&interdum=nullam&mauris=orci&non=pede&ligula=venenatis&pellentesque=non&ultrices=sodales&phasellus=sed&id=tincidunt&sapien=eu&in=felis&sapien=fusce&iaculis=posuere&congue=felis&vivamus=sed&metus=lacus&arcu=morbi&adipiscing=sem&molestie=mauris&hendrerit=laoreet&at=ut&vulputate=rhoncus&vitae=aliquet&nisl=pulvinar&aenean=sed&lectus=nisl&pellentesque=nunc&eget=rhoncus&nunc=dui&donec=vel&quis=sem&orci=sed&eget=sagittis&orci=nam&vehicula=congue&condimentum=risus&curabitur=semper&in=porta&libero=volutpat&ut=quam&massa=pede&volutpat=lobortis&convallis=ligula&morbi=sit&odio=amet&odio=eleifend&elementum=pede&eu=libero&interdum=quis&eu=orci&tincidunt=nullam&in=molestie&leo=nibh&maecenas=in&pulvinar=lectus&lobortis=pellentesque,TRUE
+http://tripod.com/elementum/eu/interdum/eu/tincidunt.xml?quisque=vulputate&porta=luctus&volutpat=cum&erat=sociis&quisque=natoque&erat=penatibus&eros=et&viverra=magnis&eget=dis&congue=parturient&eget=montes&semper=nascetur&rutrum=ridiculus&nulla=mus&nunc=vivamus&purus=vestibulum&phasellus=sagittis&in=sapien&felis=cum&donec=sociis&semper=natoque&sapien=penatibus&a=et&libero=magnis&nam=dis&dui=parturient&proin=montes&leo=nascetur&odio=ridiculus&porttitor=mus&id=etiam&consequat=vel&in=augue&consequat=vestibulum&ut=rutrum&nulla=rutrum&sed=neque&accumsan=aenean&felis=auctor&ut=gravida&at=sem&dolor=praesent&quis=id,TRUE
+https://nsw.gov.au/dui/nec/nisi.xml?phasellus=velit&id=nec&sapien=nisi&in=vulputate&sapien=nonummy&iaculis=maecenas&congue=tincidunt&vivamus=lacus&metus=at&arcu=velit&adipiscing=vivamus&molestie=vel&hendrerit=nulla&at=eget&vulputate=eros&vitae=elementum&nisl=pellentesque&aenean=quisque&lectus=porta&pellentesque=volutpat&eget=erat&nunc=quisque&donec=erat&quis=eros&orci=viverra&eget=eget&orci=congue&vehicula=eget&condimentum=semper&curabitur=rutrum&in=nulla&libero=nunc&ut=purus&massa=phasellus&volutpat=in&convallis=felis&morbi=donec&odio=semper&odio=sapien&elementum=a&eu=libero&interdum=nam&eu=dui&tincidunt=proin&in=leo&leo=odio&maecenas=porttitor&pulvinar=id&lobortis=consequat&est=in&phasellus=consequat&sit=ut&amet=nulla&erat=sed&nulla=accumsan&tempus=felis&vivamus=ut&in=at&felis=dolor&eu=quis&sapien=odio&cursus=consequat&vestibulum=varius&proin=integer&eu=ac&mi=leo&nulla=pellentesque&ac=ultrices&enim=mattis&in=odio&tempor=donec&turpis=vitae&nec=nisi,TRUE
+http://meetup.com/mauris.js?quam=aliquam&sollicitudin=augue&vitae=quam&consectetuer=sollicitudin&eget=vitae&rutrum=consectetuer&at=eget&lorem=rutrum&integer=at&tincidunt=lorem&ante=integer&vel=tincidunt&ipsum=ante&praesent=vel&blandit=ipsum&lacinia=praesent&erat=blandit&vestibulum=lacinia&sed=erat&magna=vestibulum&at=sed&nunc=magna&commodo=at&placerat=nunc&praesent=commodo&blandit=placerat&nam=praesent&nulla=blandit&integer=nam&pede=nulla&justo=integer&lacinia=pede&eget=justo&tincidunt=lacinia&eget=eget&tempus=tincidunt&vel=eget&pede=tempus&morbi=vel&porttitor=pede&lorem=morbi&id=porttitor&ligula=lorem&suspendisse=id&ornare=ligula&consequat=suspendisse&lectus=ornare&in=consequat&est=lectus&risus=in&auctor=est&sed=risus&tristique=auctor&in=sed&tempus=tristique&sit=in&amet=tempus&sem=sit&fusce=amet&consequat=sem&nulla=fusce&nisl=consequat&nunc=nulla&nisl=nisl&duis=nunc&bibendum=nisl&felis=duis&sed=bibendum&interdum=felis,TRUE
+https://ox.ac.uk/sit/amet.jpg?purus=rutrum&eu=rutrum&magna=neque&vulputate=aenean&luctus=auctor&cum=gravida&sociis=sem&natoque=praesent&penatibus=id&et=massa&magnis=id&dis=nisl&parturient=venenatis&montes=lacinia&nascetur=aenean&ridiculus=sit&mus=amet&vivamus=justo&vestibulum=morbi&sagittis=ut&sapien=odio&cum=cras&sociis=mi&natoque=pede&penatibus=malesuada&et=in&magnis=imperdiet&dis=et&parturient=commodo&montes=vulputate&nascetur=justo&ridiculus=in&mus=blandit&etiam=ultrices&vel=enim&augue=lorem&vestibulum=ipsum&rutrum=dolor&rutrum=sit&neque=amet&aenean=consectetuer&auctor=adipiscing&gravida=elit&sem=proin&praesent=interdum&id=mauris&massa=non&id=ligula&nisl=pellentesque&venenatis=ultrices&lacinia=phasellus&aenean=id&sit=sapien&amet=in&justo=sapien&morbi=iaculis&ut=congue,TRUE
+http://sakura.ne.jp/eu/est/congue/elementum.jsp?viverra=nullam&eget=molestie&congue=nibh&eget=in&semper=lectus&rutrum=pellentesque&nulla=at&nunc=nulla&purus=suspendisse&phasellus=potenti&in=cras&felis=in&donec=purus&semper=eu&sapien=magna&a=vulputate&libero=luctus&nam=cum&dui=sociis&proin=natoque&leo=penatibus&odio=et&porttitor=magnis&id=dis&consequat=parturient&in=montes&consequat=nascetur&ut=ridiculus&nulla=mus&sed=vivamus&accumsan=vestibulum&felis=sagittis&ut=sapien&at=cum&dolor=sociis&quis=natoque&odio=penatibus&consequat=et&varius=magnis&integer=dis&ac=parturient&leo=montes&pellentesque=nascetur&ultrices=ridiculus&mattis=mus&odio=etiam&donec=vel&vitae=augue&nisi=vestibulum&nam=rutrum&ultrices=rutrum&libero=neque&non=aenean&mattis=auctor&pulvinar=gravida&nulla=sem&pede=praesent&ullamcorper=id&augue=massa&a=id&suscipit=nisl&nulla=venenatis&elit=lacinia&ac=aenean&nulla=sit&sed=amet&vel=justo&enim=morbi&sit=ut&amet=odio&nunc=cras&viverra=mi&dapibus=pede&nulla=malesuada&suscipit=in&ligula=imperdiet&in=et&lacus=commodo&curabitur=vulputate&at=justo&ipsum=in&ac=blandit&tellus=ultrices&semper=enim&interdum=lorem&mauris=ipsum&ullamcorper=dolor&purus=sit&sit=amet&amet=consectetuer&nulla=adipiscing&quisque=elit&arcu=proin&libero=interdum,TRUE
+http://infoseek.co.jp/sit/amet/diam/in/magna/bibendum/imperdiet.jsp?in=lorem&tempus=vitae&sit=mattis&amet=nibh&sem=ligula&fusce=nec&consequat=sem&nulla=duis&nisl=aliquam&nunc=convallis&nisl=nunc&duis=proin&bibendum=at&felis=turpis&sed=a,TRUE
+https://usatoday.com/luctus/et/ultrices.js?libero=dictumst&quis=morbi&orci=vestibulum&nullam=velit&molestie=id&nibh=pretium&in=iaculis&lectus=diam&pellentesque=erat&at=fermentum&nulla=justo&suspendisse=nec&potenti=condimentum&cras=neque&in=sapien&purus=placerat&eu=ante&magna=nulla&vulputate=justo&luctus=aliquam&cum=quis&sociis=turpis&natoque=eget,TRUE
+https://cnet.com/pellentesque/eget/nunc/donec/quis.js?arcu=nisl&sed=aenean&augue=lectus&aliquam=pellentesque&erat=eget&volutpat=nunc&in=donec&congue=quis&etiam=orci&justo=eget&etiam=orci&pretium=vehicula&iaculis=condimentum&justo=curabitur&in=in&hac=libero&habitasse=ut&platea=massa&dictumst=volutpat&etiam=convallis&faucibus=morbi&cursus=odio&urna=odio&ut=elementum&tellus=eu&nulla=interdum&ut=eu&erat=tincidunt&id=in&mauris=leo&vulputate=maecenas&elementum=pulvinar&nullam=lobortis&varius=est&nulla=phasellus&facilisi=sit&cras=amet&non=erat&velit=nulla&nec=tempus&nisi=vivamus&vulputate=in&nonummy=felis&maecenas=eu&tincidunt=sapien&lacus=cursus&at=vestibulum&velit=proin&vivamus=eu&vel=mi&nulla=nulla&eget=ac,TRUE
+https://yahoo.co.jp/mauris/viverra/diam/vitae/quam.html?consequat=justo,TRUE
+http://pinterest.com/massa/quis/augue/luctus/tincidunt/nulla/mollis.xml?amet=ac&justo=est&morbi=lacinia&ut=nisi&odio=venenatis&cras=tristique&mi=fusce&pede=congue&malesuada=diam&in=id&imperdiet=ornare&et=imperdiet&commodo=sapien&vulputate=urna&justo=pretium&in=nisl&blandit=ut&ultrices=volutpat&enim=sapien&lorem=arcu&ipsum=sed&dolor=augue&sit=aliquam&amet=erat&consectetuer=volutpat&adipiscing=in&elit=congue&proin=etiam&interdum=justo&mauris=etiam,TRUE
+https://arizona.edu/sapien/in/sapien/iaculis/congue/vivamus/metus.js?leo=nunc&pellentesque=viverra&ultrices=dapibus&mattis=nulla&odio=suscipit&donec=ligula,TRUE
+https://vinaora.com/a/libero/nam/dui/proin/leo/odio.xml?integer=potenti&aliquet=in&massa=eleifend&id=quam&lobortis=a&convallis=odio&tortor=in&risus=hac&dapibus=habitasse&augue=platea&vel=dictumst&accumsan=maecenas&tellus=ut&nisi=massa&eu=quis&orci=augue&mauris=luctus&lacinia=tincidunt&sapien=nulla&quis=mollis&libero=molestie&nullam=lorem&sit=quisque&amet=ut&turpis=erat&elementum=curabitur&ligula=gravida&vehicula=nisi&consequat=at&morbi=nibh&a=in&ipsum=hac&integer=habitasse&a=platea&nibh=dictumst&in=aliquam&quis=augue&justo=quam&maecenas=sollicitudin&rhoncus=vitae&aliquam=consectetuer&lacus=eget&morbi=rutrum&quis=at&tortor=lorem&id=integer&nulla=tincidunt&ultrices=ante&aliquet=vel&maecenas=ipsum&leo=praesent,TRUE
+http://army.mil/mauris/morbi/non/lectus.aspx?vestibulum=amet&quam=cursus&sapien=id&varius=turpis&ut=integer&blandit=aliquet&non=massa&interdum=id&in=lobortis&ante=convallis&vestibulum=tortor&ante=risus&ipsum=dapibus&primis=augue&in=vel&faucibus=accumsan&orci=tellus&luctus=nisi&et=eu&ultrices=orci&posuere=mauris&cubilia=lacinia&curae=sapien&duis=quis&faucibus=libero&accumsan=nullam&odio=sit&curabitur=amet&convallis=turpis&duis=elementum&consequat=ligula&dui=vehicula&nec=consequat&nisi=morbi&volutpat=a&eleifend=ipsum&donec=integer&ut=a&dolor=nibh&morbi=in&vel=quis&lectus=justo&in=maecenas&quam=rhoncus&fringilla=aliquam&rhoncus=lacus&mauris=morbi&enim=quis&leo=tortor&rhoncus=id&sed=nulla&vestibulum=ultrices&sit=aliquet&amet=maecenas&cursus=leo&id=odio&turpis=condimentum&integer=id&aliquet=luctus&massa=nec&id=molestie&lobortis=sed&convallis=justo&tortor=pellentesque&risus=viverra&dapibus=pede&augue=ac&vel=diam&accumsan=cras&tellus=pellentesque&nisi=volutpat&eu=dui&orci=maecenas&mauris=tristique&lacinia=est&sapien=et&quis=tempus&libero=semper&nullam=est&sit=quam&amet=pharetra&turpis=magna&elementum=ac&ligula=consequat&vehicula=metus&consequat=sapien&morbi=ut,TRUE
+https://tripadvisor.com/cras/pellentesque.js?ante=eu&ipsum=est&primis=congue&in=elementum&faucibus=in&orci=hac&luctus=habitasse&et=platea&ultrices=dictumst&posuere=morbi&cubilia=vestibulum&curae=velit&duis=id&faucibus=pretium&accumsan=iaculis&odio=diam&curabitur=erat&convallis=fermentum&duis=justo&consequat=nec&dui=condimentum&nec=neque&nisi=sapien&volutpat=placerat&eleifend=ante&donec=nulla&ut=justo,TRUE
+http://xrea.com/nibh/fusce/lacus.aspx?nam=ut&nulla=erat&integer=id&pede=mauris&justo=vulputate&lacinia=elementum&eget=nullam&tincidunt=varius,TRUE
+http://harvard.edu/nascetur/ridiculus/mus/etiam.aspx?amet=sit&erat=amet&nulla=consectetuer&tempus=adipiscing&vivamus=elit&in=proin&felis=risus&eu=praesent&sapien=lectus&cursus=vestibulum&vestibulum=quam&proin=sapien&eu=varius&mi=ut&nulla=blandit&ac=non&enim=interdum&in=in&tempor=ante&turpis=vestibulum&nec=ante&euismod=ipsum&scelerisque=primis&quam=in&turpis=faucibus&adipiscing=orci&lorem=luctus&vitae=et&mattis=ultrices&nibh=posuere&ligula=cubilia&nec=curae&sem=duis&duis=faucibus&aliquam=accumsan&convallis=odio&nunc=curabitur&proin=convallis&at=duis&turpis=consequat&a=dui&pede=nec&posuere=nisi&nonummy=volutpat&integer=eleifend&non=donec&velit=ut&donec=dolor&diam=morbi&neque=vel&vestibulum=lectus,TRUE
+https://google.pl/erat/fermentum/justo/nec/condimentum.jsp?vestibulum=ut&quam=odio&sapien=cras&varius=mi&ut=pede&blandit=malesuada&non=in&interdum=imperdiet&in=et&ante=commodo&vestibulum=vulputate&ante=justo&ipsum=in&primis=blandit&in=ultrices&faucibus=enim&orci=lorem&luctus=ipsum&et=dolor&ultrices=sit&posuere=amet,TRUE
+http://hexun.com/in/hac/habitasse/platea/dictumst/maecenas.html?curae=cras&mauris=mi&viverra=pede&diam=malesuada&vitae=in&quam=imperdiet&suspendisse=et&potenti=commodo&nullam=vulputate&porttitor=justo&lacus=in&at=blandit&turpis=ultrices&donec=enim&posuere=lorem&metus=ipsum&vitae=dolor&ipsum=sit&aliquam=amet&non=consectetuer&mauris=adipiscing&morbi=elit&non=proin&lectus=interdum&aliquam=mauris&sit=non&amet=ligula&diam=pellentesque&in=ultrices&magna=phasellus,TRUE
+https://wikimedia.org/placerat/ante/nulla/justo/aliquam/quis.xml?tortor=tristique&id=fusce&nulla=congue&ultrices=diam&aliquet=id&maecenas=ornare&leo=imperdiet&odio=sapien&condimentum=urna&id=pretium&luctus=nisl&nec=ut&molestie=volutpat&sed=sapien&justo=arcu&pellentesque=sed&viverra=augue&pede=aliquam&ac=erat&diam=volutpat&cras=in&pellentesque=congue&volutpat=etiam&dui=justo&maecenas=etiam,TRUE
+http://purevolume.com/nisl/duis/ac/nibh/fusce.js?tristique=penatibus&est=et&et=magnis&tempus=dis&semper=parturient&est=montes&quam=nascetur&pharetra=ridiculus&magna=mus&ac=etiam,TRUE
+http://baidu.com/augue/vestibulum.png?lorem=in&vitae=hac&mattis=habitasse&nibh=platea&ligula=dictumst&nec=morbi&sem=vestibulum&duis=velit&aliquam=id&convallis=pretium&nunc=iaculis&proin=diam&at=erat&turpis=fermentum&a=justo&pede=nec&posuere=condimentum&nonummy=neque&integer=sapien&non=placerat&velit=ante&donec=nulla&diam=justo&neque=aliquam&vestibulum=quis&eget=turpis&vulputate=eget&ut=elit&ultrices=sodales&vel=scelerisque&augue=mauris&vestibulum=sit&ante=amet&ipsum=eros&primis=suspendisse&in=accumsan&faucibus=tortor&orci=quis&luctus=turpis&et=sed&ultrices=ante&posuere=vivamus&cubilia=tortor&curae=duis&donec=mattis&pharetra=egestas&magna=metus&vestibulum=aenean&aliquet=fermentum&ultrices=donec&erat=ut&tortor=mauris&sollicitudin=eget&mi=massa&sit=tempor&amet=convallis&lobortis=nulla&sapien=neque,TRUE
+http://ucsd.edu/nunc/viverra/dapibus/nulla/suscipit/ligula.json?justo=arcu&lacinia=adipiscing&eget=molestie&tincidunt=hendrerit&eget=at&tempus=vulputate&vel=vitae&pede=nisl&morbi=aenean&porttitor=lectus&lorem=pellentesque&id=eget&ligula=nunc&suspendisse=donec&ornare=quis&consequat=orci&lectus=eget&in=orci&est=vehicula&risus=condimentum&auctor=curabitur&sed=in&tristique=libero&in=ut&tempus=massa&sit=volutpat&amet=convallis&sem=morbi&fusce=odio&consequat=odio&nulla=elementum&nisl=eu&nunc=interdum&nisl=eu&duis=tincidunt&bibendum=in&felis=leo&sed=maecenas&interdum=pulvinar&venenatis=lobortis&turpis=est&enim=phasellus&blandit=sit&mi=amet&in=erat&porttitor=nulla&pede=tempus&justo=vivamus&eu=in&massa=felis&donec=eu&dapibus=sapien&duis=cursus&at=vestibulum&velit=proin&eu=eu&est=mi&congue=nulla&elementum=ac&in=enim&hac=in&habitasse=tempor&platea=turpis&dictumst=nec&morbi=euismod&vestibulum=scelerisque&velit=quam&id=turpis&pretium=adipiscing&iaculis=lorem&diam=vitae&erat=mattis&fermentum=nibh&justo=ligula&nec=nec&condimentum=sem&neque=duis&sapien=aliquam&placerat=convallis&ante=nunc&nulla=proin&justo=at&aliquam=turpis&quis=a&turpis=pede&eget=posuere&elit=nonummy&sodales=integer&scelerisque=non&mauris=velit&sit=donec&amet=diam&eros=neque&suspendisse=vestibulum&accumsan=eget&tortor=vulputate&quis=ut&turpis=ultrices&sed=vel,TRUE
+http://virginia.edu/ultrices/posuere/cubilia/curae.js?felis=sapien&sed=non&lacus=mi&morbi=integer&sem=ac&mauris=neque&laoreet=duis&ut=bibendum&rhoncus=morbi&aliquet=non&pulvinar=quam&sed=nec&nisl=dui&nunc=luctus&rhoncus=rutrum&dui=nulla&vel=tellus&sem=in&sed=sagittis&sagittis=dui&nam=vel&congue=nisl&risus=duis&semper=ac&porta=nibh&volutpat=fusce&quam=lacus&pede=purus&lobortis=aliquet&ligula=at&sit=feugiat&amet=non&eleifend=pretium&pede=quis&libero=lectus&quis=suspendisse&orci=potenti&nullam=in&molestie=eleifend&nibh=quam&in=a&lectus=odio&pellentesque=in&at=hac&nulla=habitasse&suspendisse=platea&potenti=dictumst&cras=maecenas&in=ut&purus=massa&eu=quis&magna=augue&vulputate=luctus&luctus=tincidunt&cum=nulla&sociis=mollis&natoque=molestie&penatibus=lorem&et=quisque&magnis=ut&dis=erat&parturient=curabitur&montes=gravida&nascetur=nisi&ridiculus=at&mus=nibh&vivamus=in&vestibulum=hac&sagittis=habitasse&sapien=platea,TRUE
+https://vimeo.com/et/eros/vestibulum/ac.html?justo=luctus&pellentesque=et&viverra=ultrices&pede=posuere&ac=cubilia&diam=curae&cras=mauris&pellentesque=viverra&volutpat=diam&dui=vitae&maecenas=quam&tristique=suspendisse&est=potenti&et=nullam&tempus=porttitor&semper=lacus&est=at&quam=turpis&pharetra=donec&magna=posuere&ac=metus&consequat=vitae&metus=ipsum&sapien=aliquam&ut=non&nunc=mauris&vestibulum=morbi&ante=non&ipsum=lectus&primis=aliquam&in=sit&faucibus=amet&orci=diam&luctus=in&et=magna&ultrices=bibendum&posuere=imperdiet&cubilia=nullam&curae=orci&mauris=pede&viverra=venenatis&diam=non&vitae=sodales&quam=sed&suspendisse=tincidunt&potenti=eu&nullam=felis&porttitor=fusce&lacus=posuere&at=felis&turpis=sed&donec=lacus&posuere=morbi&metus=sem&vitae=mauris&ipsum=laoreet&aliquam=ut&non=rhoncus&mauris=aliquet&morbi=pulvinar&non=sed&lectus=nisl&aliquam=nunc&sit=rhoncus&amet=dui&diam=vel&in=sem&magna=sed&bibendum=sagittis&imperdiet=nam&nullam=congue&orci=risus&pede=semper&venenatis=porta&non=volutpat&sodales=quam&sed=pede&tincidunt=lobortis&eu=ligula&felis=sit&fusce=amet&posuere=eleifend&felis=pede&sed=libero&lacus=quis&morbi=orci&sem=nullam&mauris=molestie&laoreet=nibh&ut=in&rhoncus=lectus&aliquet=pellentesque&pulvinar=at&sed=nulla&nisl=suspendisse&nunc=potenti&rhoncus=cras,TRUE
+https://sohu.com/in/sagittis/dui/vel/nisl.jpg?mattis=eget&nibh=nunc&ligula=donec&nec=quis&sem=orci&duis=eget&aliquam=orci&convallis=vehicula&nunc=condimentum&proin=curabitur&at=in&turpis=libero&a=ut&pede=massa&posuere=volutpat&nonummy=convallis&integer=morbi&non=odio&velit=odio&donec=elementum&diam=eu&neque=interdum,TRUE
+https://yahoo.co.jp/amet/consectetuer.jpg?cras=pretium&pellentesque=nisl&volutpat=ut&dui=volutpat&maecenas=sapien&tristique=arcu&est=sed&et=augue&tempus=aliquam&semper=erat&est=volutpat&quam=in&pharetra=congue&magna=etiam&ac=justo&consequat=etiam&metus=pretium&sapien=iaculis&ut=justo&nunc=in&vestibulum=hac&ante=habitasse&ipsum=platea&primis=dictumst&in=etiam&faucibus=faucibus&orci=cursus&luctus=urna&et=ut&ultrices=tellus&posuere=nulla&cubilia=ut&curae=erat&mauris=id&viverra=mauris&diam=vulputate&vitae=elementum&quam=nullam&suspendisse=varius&potenti=nulla&nullam=facilisi&porttitor=cras&lacus=non&at=velit&turpis=nec&donec=nisi&posuere=vulputate&metus=nonummy&vitae=maecenas&ipsum=tincidunt&aliquam=lacus&non=at&mauris=velit,TRUE
+http://shinystat.com/etiam/faucibus.js?hac=mattis&habitasse=nibh&platea=ligula&dictumst=nec&morbi=sem&vestibulum=duis&velit=aliquam&id=convallis&pretium=nunc&iaculis=proin&diam=at&erat=turpis&fermentum=a&justo=pede&nec=posuere&condimentum=nonummy&neque=integer&sapien=non&placerat=velit&ante=donec&nulla=diam&justo=neque,TRUE
+https://last.fm/vestibulum/eget/vulputate/ut/ultrices.jsp?orci=pulvinar&luctus=lobortis&et=est&ultrices=phasellus&posuere=sit&cubilia=amet&curae=erat&duis=nulla&faucibus=tempus&accumsan=vivamus&odio=in&curabitur=felis&convallis=eu&duis=sapien&consequat=cursus&dui=vestibulum&nec=proin&nisi=eu&volutpat=mi&eleifend=nulla&donec=ac&ut=enim&dolor=in&morbi=tempor&vel=turpis&lectus=nec&in=euismod&quam=scelerisque&fringilla=quam&rhoncus=turpis&mauris=adipiscing&enim=lorem&leo=vitae&rhoncus=mattis&sed=nibh&vestibulum=ligula&sit=nec&amet=sem&cursus=duis&id=aliquam&turpis=convallis&integer=nunc&aliquet=proin&massa=at&id=turpis&lobortis=a&convallis=pede&tortor=posuere&risus=nonummy&dapibus=integer&augue=non&vel=velit&accumsan=donec&tellus=diam&nisi=neque&eu=vestibulum&orci=eget&mauris=vulputate&lacinia=ut&sapien=ultrices&quis=vel&libero=augue&nullam=vestibulum&sit=ante&amet=ipsum&turpis=primis&elementum=in&ligula=faucibus&vehicula=orci&consequat=luctus&morbi=et&a=ultrices&ipsum=posuere&integer=cubilia&a=curae&nibh=donec&in=pharetra&quis=magna&justo=vestibulum&maecenas=aliquet,TRUE
+https://eepurl.com/consequat/nulla.jsp?porttitor=aliquam&id=lacus&consequat=morbi&in=quis&consequat=tortor&ut=id&nulla=nulla&sed=ultrices&accumsan=aliquet&felis=maecenas&ut=leo&at=odio&dolor=condimentum,TRUE
+http://thetimes.co.uk/enim/in.xml?donec=et&ut=tempus&dolor=semper&morbi=est&vel=quam&lectus=pharetra&in=magna&quam=ac&fringilla=consequat&rhoncus=metus&mauris=sapien&enim=ut&leo=nunc&rhoncus=vestibulum&sed=ante&vestibulum=ipsum&sit=primis&amet=in&cursus=faucibus&id=orci&turpis=luctus&integer=et&aliquet=ultrices&massa=posuere&id=cubilia&lobortis=curae&convallis=mauris&tortor=viverra&risus=diam&dapibus=vitae&augue=quam&vel=suspendisse&accumsan=potenti&tellus=nullam,TRUE
+http://google.it/aliquam/non/mauris/morbi/non/lectus.json?sed=lacus&magna=at&at=velit&nunc=vivamus&commodo=vel&placerat=nulla&praesent=eget&blandit=eros&nam=elementum&nulla=pellentesque&integer=quisque&pede=porta&justo=volutpat&lacinia=erat&eget=quisque&tincidunt=erat&eget=eros&tempus=viverra&vel=eget&pede=congue&morbi=eget&porttitor=semper&lorem=rutrum&id=nulla&ligula=nunc&suspendisse=purus&ornare=phasellus&consequat=in&lectus=felis&in=donec&est=semper&risus=sapien&auctor=a&sed=libero&tristique=nam&in=dui&tempus=proin&sit=leo&amet=odio&sem=porttitor&fusce=id&consequat=consequat&nulla=in&nisl=consequat&nunc=ut&nisl=nulla&duis=sed&bibendum=accumsan&felis=felis&sed=ut&interdum=at&venenatis=dolor&turpis=quis&enim=odio&blandit=consequat&mi=varius&in=integer&porttitor=ac&pede=leo&justo=pellentesque&eu=ultrices&massa=mattis&donec=odio&dapibus=donec&duis=vitae&at=nisi&velit=nam&eu=ultrices&est=libero&congue=non&elementum=mattis&in=pulvinar&hac=nulla&habitasse=pede&platea=ullamcorper&dictumst=augue&morbi=a&vestibulum=suscipit,TRUE
+https://ed.gov/felis/ut.js?metus=nulla&sapien=neque&ut=libero&nunc=convallis&vestibulum=eget&ante=eleifend&ipsum=luctus&primis=ultricies&in=eu&faucibus=nibh&orci=quisque&luctus=id&et=justo&ultrices=sit&posuere=amet&cubilia=sapien&curae=dignissim&mauris=vestibulum&viverra=vestibulum&diam=ante&vitae=ipsum&quam=primis&suspendisse=in&potenti=faucibus&nullam=orci&porttitor=luctus&lacus=et&at=ultrices&turpis=posuere&donec=cubilia&posuere=curae&metus=nulla&vitae=dapibus&ipsum=dolor&aliquam=vel&non=est&mauris=donec&morbi=odio&non=justo&lectus=sollicitudin&aliquam=ut&sit=suscipit&amet=a&diam=feugiat&in=et&magna=eros&bibendum=vestibulum&imperdiet=ac&nullam=est&orci=lacinia&pede=nisi&venenatis=venenatis&non=tristique&sodales=fusce&sed=congue&tincidunt=diam&eu=id&felis=ornare&fusce=imperdiet&posuere=sapien&felis=urna&sed=pretium&lacus=nisl&morbi=ut&sem=volutpat&mauris=sapien&laoreet=arcu&ut=sed&rhoncus=augue&aliquet=aliquam&pulvinar=erat&sed=volutpat&nisl=in&nunc=congue&rhoncus=etiam&dui=justo&vel=etiam&sem=pretium&sed=iaculis&sagittis=justo&nam=in&congue=hac&risus=habitasse&semper=platea&porta=dictumst&volutpat=etiam,TRUE
+http://dyndns.org/luctus/cum.jpg?ultrices=elit&posuere=sodales&cubilia=scelerisque&curae=mauris&duis=sit&faucibus=amet&accumsan=eros&odio=suspendisse&curabitur=accumsan&convallis=tortor&duis=quis&consequat=turpis&dui=sed&nec=ante&nisi=vivamus&volutpat=tortor&eleifend=duis&donec=mattis&ut=egestas&dolor=metus&morbi=aenean&vel=fermentum&lectus=donec&in=ut&quam=mauris&fringilla=eget&rhoncus=massa&mauris=tempor&enim=convallis&leo=nulla&rhoncus=neque&sed=libero&vestibulum=convallis&sit=eget&amet=eleifend&cursus=luctus,TRUE
+https://narod.ru/diam/neque/vestibulum/eget/vulputate/ut/ultrices.html?quam=ultrices&nec=phasellus&dui=id&luctus=sapien&rutrum=in&nulla=sapien&tellus=iaculis&in=congue&sagittis=vivamus&dui=metus&vel=arcu&nisl=adipiscing&duis=molestie&ac=hendrerit&nibh=at&fusce=vulputate&lacus=vitae&purus=nisl&aliquet=aenean&at=lectus&feugiat=pellentesque&non=eget&pretium=nunc&quis=donec&lectus=quis&suspendisse=orci&potenti=eget&in=orci&eleifend=vehicula&quam=condimentum&a=curabitur&odio=in&in=libero&hac=ut&habitasse=massa&platea=volutpat&dictumst=convallis&maecenas=morbi&ut=odio&massa=odio&quis=elementum&augue=eu&luctus=interdum&tincidunt=eu&nulla=tincidunt&mollis=in&molestie=leo,TRUE
+http://deviantart.com/convallis/morbi/odio.xml?congue=interdum&diam=mauris&id=non&ornare=ligula&imperdiet=pellentesque&sapien=ultrices&urna=phasellus&pretium=id&nisl=sapien&ut=in&volutpat=sapien&sapien=iaculis&arcu=congue&sed=vivamus&augue=metus&aliquam=arcu&erat=adipiscing&volutpat=molestie&in=hendrerit&congue=at&etiam=vulputate&justo=vitae&etiam=nisl&pretium=aenean&iaculis=lectus&justo=pellentesque&in=eget&hac=nunc&habitasse=donec&platea=quis&dictumst=orci&etiam=eget&faucibus=orci&cursus=vehicula&urna=condimentum&ut=curabitur&tellus=in&nulla=libero&ut=ut&erat=massa,TRUE
+https://google.de/eget.json?justo=sed&pellentesque=ante&viverra=vivamus&pede=tortor&ac=duis&diam=mattis&cras=egestas&pellentesque=metus&volutpat=aenean&dui=fermentum&maecenas=donec&tristique=ut&est=mauris&et=eget&tempus=massa&semper=tempor&est=convallis&quam=nulla&pharetra=neque&magna=libero&ac=convallis&consequat=eget&metus=eleifend&sapien=luctus&ut=ultricies&nunc=eu&vestibulum=nibh&ante=quisque&ipsum=id&primis=justo&in=sit&faucibus=amet&orci=sapien&luctus=dignissim&et=vestibulum&ultrices=vestibulum&posuere=ante&cubilia=ipsum&curae=primis&mauris=in&viverra=faucibus&diam=orci&vitae=luctus&quam=et,TRUE
+http://feedburner.com/orci/vehicula.jpg?convallis=orci&duis=eget&consequat=orci&dui=vehicula&nec=condimentum&nisi=curabitur&volutpat=in&eleifend=libero,TRUE
+http://netvibes.com/lacus/morbi/sem/mauris/laoreet.json?ultrices=sapien&posuere=sapien&cubilia=non&curae=mi&donec=integer&pharetra=ac&magna=neque&vestibulum=duis&aliquet=bibendum&ultrices=morbi&erat=non&tortor=quam&sollicitudin=nec&mi=dui&sit=luctus&amet=rutrum&lobortis=nulla&sapien=tellus&sapien=in&non=sagittis&mi=dui&integer=vel&ac=nisl&neque=duis&duis=ac&bibendum=nibh&morbi=fusce&non=lacus&quam=purus&nec=aliquet&dui=at&luctus=feugiat&rutrum=non&nulla=pretium&tellus=quis&in=lectus&sagittis=suspendisse&dui=potenti&vel=in&nisl=eleifend&duis=quam&ac=a&nibh=odio&fusce=in&lacus=hac&purus=habitasse&aliquet=platea&at=dictumst&feugiat=maecenas&non=ut&pretium=massa&quis=quis&lectus=augue&suspendisse=luctus&potenti=tincidunt&in=nulla&eleifend=mollis&quam=molestie&a=lorem&odio=quisque&in=ut&hac=erat&habitasse=curabitur&platea=gravida&dictumst=nisi&maecenas=at&ut=nibh&massa=in&quis=hac&augue=habitasse&luctus=platea&tincidunt=dictumst&nulla=aliquam&mollis=augue&molestie=quam&lorem=sollicitudin&quisque=vitae&ut=consectetuer&erat=eget&curabitur=rutrum&gravida=at&nisi=lorem&at=integer&nibh=tincidunt,TRUE
+http://xinhuanet.com/quam/a/odio/in/hac.jsp?ante=in&vestibulum=blandit&ante=ultrices&ipsum=enim&primis=lorem&in=ipsum&faucibus=dolor&orci=sit&luctus=amet&et=consectetuer&ultrices=adipiscing&posuere=elit&cubilia=proin&curae=interdum&duis=mauris&faucibus=non&accumsan=ligula&odio=pellentesque&curabitur=ultrices&convallis=phasellus&duis=id&consequat=sapien&dui=in&nec=sapien&nisi=iaculis&volutpat=congue&eleifend=vivamus&donec=metus&ut=arcu,TRUE
+http://themeforest.net/nunc/vestibulum/ante/ipsum.png?ipsum=viverra&primis=diam&in=vitae&faucibus=quam&orci=suspendisse&luctus=potenti&et=nullam&ultrices=porttitor&posuere=lacus&cubilia=at&curae=turpis&duis=donec&faucibus=posuere&accumsan=metus&odio=vitae&curabitur=ipsum&convallis=aliquam&duis=non&consequat=mauris&dui=morbi&nec=non&nisi=lectus&volutpat=aliquam&eleifend=sit&donec=amet&ut=diam&dolor=in&morbi=magna&vel=bibendum&lectus=imperdiet&in=nullam&quam=orci&fringilla=pede&rhoncus=venenatis&mauris=non&enim=sodales&leo=sed&rhoncus=tincidunt&sed=eu&vestibulum=felis&sit=fusce&amet=posuere&cursus=felis&id=sed&turpis=lacus&integer=morbi&aliquet=sem&massa=mauris&id=laoreet&lobortis=ut&convallis=rhoncus&tortor=aliquet&risus=pulvinar&dapibus=sed&augue=nisl&vel=nunc&accumsan=rhoncus,TRUE
+https://studiopress.com/magnis/dis/parturient/montes/nascetur/ridiculus.jpg?et=nulla&ultrices=sed&posuere=vel&cubilia=enim&curae=sit&nulla=amet&dapibus=nunc&dolor=viverra&vel=dapibus&est=nulla&donec=suscipit&odio=ligula&justo=in&sollicitudin=lacus&ut=curabitur&suscipit=at&a=ipsum&feugiat=ac&et=tellus&eros=semper&vestibulum=interdum&ac=mauris&est=ullamcorper&lacinia=purus&nisi=sit&venenatis=amet&tristique=nulla&fusce=quisque&congue=arcu&diam=libero&id=rutrum&ornare=ac&imperdiet=lobortis&sapien=vel&urna=dapibus&pretium=at&nisl=diam,TRUE
+https://domainmarket.com/dictumst/aliquam/augue.png?rhoncus=pellentesque&aliquam=quisque&lacus=porta&morbi=volutpat&quis=erat&tortor=quisque&id=erat&nulla=eros&ultrices=viverra&aliquet=eget&maecenas=congue&leo=eget&odio=semper&condimentum=rutrum&id=nulla&luctus=nunc&nec=purus&molestie=phasellus&sed=in&justo=felis&pellentesque=donec&viverra=semper,TRUE
+http://devhub.com/nibh/fusce.aspx?quisque=eleifend&porta=pede&volutpat=libero&erat=quis&quisque=orci&erat=nullam&eros=molestie&viverra=nibh&eget=in&congue=lectus&eget=pellentesque&semper=at&rutrum=nulla,TRUE
+http://unc.edu/ligula/suspendisse/ornare/consequat/lectus.html?donec=pretium&ut=iaculis&dolor=diam&morbi=erat&vel=fermentum&lectus=justo&in=nec&quam=condimentum&fringilla=neque&rhoncus=sapien&mauris=placerat&enim=ante&leo=nulla&rhoncus=justo&sed=aliquam&vestibulum=quis&sit=turpis&amet=eget&cursus=elit&id=sodales&turpis=scelerisque&integer=mauris&aliquet=sit&massa=amet&id=eros&lobortis=suspendisse&convallis=accumsan,TRUE
+https://bloglines.com/justo/sollicitudin/ut/suscipit/a/feugiat/et.aspx?penatibus=auctor&et=gravida&magnis=sem&dis=praesent&parturient=id&montes=massa&nascetur=id&ridiculus=nisl&mus=venenatis&etiam=lacinia&vel=aenean&augue=sit&vestibulum=amet&rutrum=justo&rutrum=morbi&neque=ut&aenean=odio&auctor=cras&gravida=mi&sem=pede&praesent=malesuada&id=in&massa=imperdiet&id=et&nisl=commodo&venenatis=vulputate&lacinia=justo&aenean=in&sit=blandit&amet=ultrices&justo=enim&morbi=lorem&ut=ipsum&odio=dolor&cras=sit&mi=amet&pede=consectetuer&malesuada=adipiscing&in=elit&imperdiet=proin&et=interdum&commodo=mauris&vulputate=non,TRUE
+https://dagondesign.com/tincidunt/eget/tempus.jsp?elit=sollicitudin&proin=vitae&interdum=consectetuer&mauris=eget&non=rutrum&ligula=at&pellentesque=lorem&ultrices=integer&phasellus=tincidunt&id=ante&sapien=vel&in=ipsum&sapien=praesent&iaculis=blandit&congue=lacinia&vivamus=erat&metus=vestibulum&arcu=sed&adipiscing=magna&molestie=at&hendrerit=nunc&at=commodo&vulputate=placerat&vitae=praesent&nisl=blandit&aenean=nam,TRUE
+https://about.me/a/feugiat/et/eros/vestibulum/ac.jsp?in=duis&congue=bibendum&etiam=felis&justo=sed&etiam=interdum&pretium=venenatis&iaculis=turpis&justo=enim&in=blandit&hac=mi&habitasse=in&platea=porttitor&dictumst=pede&etiam=justo&faucibus=eu&cursus=massa&urna=donec&ut=dapibus&tellus=duis&nulla=at&ut=velit&erat=eu&id=est&mauris=congue&vulputate=elementum&elementum=in&nullam=hac&varius=habitasse&nulla=platea&facilisi=dictumst&cras=morbi&non=vestibulum&velit=velit&nec=id&nisi=pretium&vulputate=iaculis&nonummy=diam&maecenas=erat&tincidunt=fermentum&lacus=justo&at=nec&velit=condimentum&vivamus=neque&vel=sapien&nulla=placerat&eget=ante&eros=nulla&elementum=justo&pellentesque=aliquam&quisque=quis,TRUE
+https://zdnet.com/erat/nulla/tempus/vivamus.jsp?etiam=etiam&vel=vel&augue=augue&vestibulum=vestibulum&rutrum=rutrum&rutrum=rutrum&neque=neque&aenean=aenean&auctor=auctor&gravida=gravida&sem=sem&praesent=praesent&id=id&massa=massa&id=id&nisl=nisl&venenatis=venenatis&lacinia=lacinia&aenean=aenean&sit=sit&amet=amet&justo=justo&morbi=morbi&ut=ut&odio=odio&cras=cras&mi=mi&pede=pede&malesuada=malesuada&in=in&imperdiet=imperdiet&et=et&commodo=commodo&vulputate=vulputate&justo=justo&in=in&blandit=blandit&ultrices=ultrices&enim=enim&lorem=lorem&ipsum=ipsum&dolor=dolor&sit=sit&amet=amet&consectetuer=consectetuer&adipiscing=adipiscing&elit=elit&proin=proin&interdum=interdum&mauris=mauris&non=non&ligula=ligula&pellentesque=pellentesque&ultrices=ultrices&phasellus=phasellus&id=id&sapien=sapien&in=in&sapien=sapien&iaculis=iaculis&congue=congue&vivamus=vivamus&metus=metus&arcu=arcu&adipiscing=adipiscing&molestie=molestie&hendrerit=hendrerit&at=at&vulputate=vulputate&vitae=vitae&nisl=nisl&aenean=aenean&lectus=lectus&pellentesque=pellentesque&eget=eget,TRUE
+http://spiegel.de/pretium/nisl/ut/volutpat/sapien/arcu.js?volutpat=tellus&in=in&congue=sagittis&etiam=dui&justo=vel&etiam=nisl&pretium=duis&iaculis=ac&justo=nibh&in=fusce&hac=lacus&habitasse=purus&platea=aliquet&dictumst=at&etiam=feugiat&faucibus=non&cursus=pretium&urna=quis&ut=lectus&tellus=suspendisse&nulla=potenti&ut=in&erat=eleifend&id=quam&mauris=a&vulputate=odio&elementum=in&nullam=hac&varius=habitasse&nulla=platea&facilisi=dictumst&cras=maecenas&non=ut&velit=massa&nec=quis&nisi=augue&vulputate=luctus&nonummy=tincidunt&maecenas=nulla&tincidunt=mollis&lacus=molestie&at=lorem&velit=quisque&vivamus=ut&vel=erat&nulla=curabitur&eget=gravida&eros=nisi&elementum=at&pellentesque=nibh&quisque=in&porta=hac&volutpat=habitasse&erat=platea&quisque=dictumst&erat=aliquam&eros=augue&viverra=quam&eget=sollicitudin&congue=vitae&eget=consectetuer&semper=eget&rutrum=rutrum,TRUE
+http://blogtalkradio.com/nisi/eu/orci/mauris/lacinia.jpg?tristique=eleifend&tortor=luctus&eu=ultricies&pede=eu,TRUE
+https://cnn.com/nulla.xml?nec=turpis&condimentum=donec&neque=posuere&sapien=metus&placerat=vitae&ante=ipsum&nulla=aliquam&justo=non&aliquam=mauris&quis=morbi&turpis=non&eget=lectus&elit=aliquam&sodales=sit&scelerisque=amet&mauris=diam&sit=in&amet=magna&eros=bibendum&suspendisse=imperdiet&accumsan=nullam&tortor=orci&quis=pede&turpis=venenatis&sed=non&ante=sodales,TRUE
+http://rakuten.co.jp/fermentum/justo/nec/condimentum/neque.xml?feugiat=maecenas&et=tristique&eros=est&vestibulum=et&ac=tempus&est=semper&lacinia=est&nisi=quam&venenatis=pharetra&tristique=magna&fusce=ac&congue=consequat&diam=metus&id=sapien&ornare=ut&imperdiet=nunc&sapien=vestibulum&urna=ante&pretium=ipsum&nisl=primis&ut=in&volutpat=faucibus&sapien=orci&arcu=luctus,TRUE
+https://soundcloud.com/ultrices/posuere/cubilia/curae/mauris.xml?quam=velit&sollicitudin=nec&vitae=nisi&consectetuer=vulputate&eget=nonummy&rutrum=maecenas&at=tincidunt&lorem=lacus&integer=at&tincidunt=velit&ante=vivamus&vel=vel&ipsum=nulla&praesent=eget&blandit=eros&lacinia=elementum&erat=pellentesque&vestibulum=quisque&sed=porta&magna=volutpat&at=erat&nunc=quisque&commodo=erat&placerat=eros&praesent=viverra&blandit=eget&nam=congue&nulla=eget&integer=semper&pede=rutrum&justo=nulla&lacinia=nunc&eget=purus&tincidunt=phasellus&eget=in&tempus=felis&vel=donec,TRUE
+http://example.com/habitasse/platea/dictumst.html?accumsan=amet&tellus=cursus&nisi=id&eu=turpis&orci=integer&mauris=aliquet&lacinia=massa&sapien=id&quis=lobortis&libero=convallis&nullam=tortor&sit=risus&amet=dapibus&turpis=augue&elementum=vel,TRUE
+https://businessinsider.com/ante/ipsum/primis.png?sed=etiam&ante=justo&vivamus=etiam&tortor=pretium&duis=iaculis&mattis=justo&egestas=in&metus=hac&aenean=habitasse&fermentum=platea&donec=dictumst&ut=etiam&mauris=faucibus&eget=cursus&massa=urna&tempor=ut&convallis=tellus&nulla=nulla&neque=ut&libero=erat&convallis=id&eget=mauris&eleifend=vulputate&luctus=elementum&ultricies=nullam&eu=varius&nibh=nulla&quisque=facilisi&id=cras&justo=non&sit=velit&amet=nec&sapien=nisi&dignissim=vulputate&vestibulum=nonummy&vestibulum=maecenas&ante=tincidunt&ipsum=lacus&primis=at&in=velit&faucibus=vivamus&orci=vel&luctus=nulla&et=eget&ultrices=eros&posuere=elementum&cubilia=pellentesque&curae=quisque&nulla=porta&dapibus=volutpat&dolor=erat&vel=quisque&est=erat&donec=eros&odio=viverra&justo=eget&sollicitudin=congue&ut=eget&suscipit=semper&a=rutrum&feugiat=nulla&et=nunc&eros=purus&vestibulum=phasellus&ac=in&est=felis&lacinia=donec&nisi=semper&venenatis=sapien&tristique=a&fusce=libero&congue=nam&diam=dui&id=proin&ornare=leo&imperdiet=odio&sapien=porttitor&urna=id&pretium=consequat&nisl=in&ut=consequat&volutpat=ut&sapien=nulla&arcu=sed&sed=accumsan&augue=felis&aliquam=ut,TRUE
+http://mac.com/in/faucibus/orci/luctus.jsp?tempor=ante&convallis=vivamus&nulla=tortor&neque=duis&libero=mattis&convallis=egestas&eget=metus&eleifend=aenean&luctus=fermentum&ultricies=donec&eu=ut&nibh=mauris&quisque=eget&id=massa&justo=tempor&sit=convallis&amet=nulla&sapien=neque&dignissim=libero&vestibulum=convallis&vestibulum=eget&ante=eleifend&ipsum=luctus&primis=ultricies&in=eu&faucibus=nibh&orci=quisque&luctus=id&et=justo&ultrices=sit&posuere=amet&cubilia=sapien&curae=dignissim&nulla=vestibulum,TRUE
+http://illinois.edu/luctus/nec/molestie/sed/justo/pellentesque/viverra.aspx?consequat=a&nulla=libero&nisl=nam&nunc=dui&nisl=proin&duis=leo&bibendum=odio&felis=porttitor&sed=id&interdum=consequat&venenatis=in&turpis=consequat&enim=ut&blandit=nulla&mi=sed&in=accumsan&porttitor=felis&pede=ut&justo=at&eu=dolor&massa=quis&donec=odio&dapibus=consequat&duis=varius&at=integer&velit=ac&eu=leo&est=pellentesque&congue=ultrices&elementum=mattis&in=odio&hac=donec&habitasse=vitae&platea=nisi&dictumst=nam&morbi=ultrices&vestibulum=libero&velit=non&id=mattis&pretium=pulvinar&iaculis=nulla&diam=pede&erat=ullamcorper&fermentum=augue&justo=a&nec=suscipit&condimentum=nulla&neque=elit&sapien=ac&placerat=nulla&ante=sed&nulla=vel&justo=enim&aliquam=sit&quis=amet&turpis=nunc&eget=viverra&elit=dapibus&sodales=nulla&scelerisque=suscipit&mauris=ligula&sit=in&amet=lacus&eros=curabitur&suspendisse=at&accumsan=ipsum&tortor=ac&quis=tellus&turpis=semper&sed=interdum&ante=mauris&vivamus=ullamcorper&tortor=purus&duis=sit&mattis=amet&egestas=nulla&metus=quisque,TRUE
+http://lulu.com/congue/diam.png?luctus=ac&et=consequat&ultrices=metus&posuere=sapien&cubilia=ut&curae=nunc&donec=vestibulum&pharetra=ante&magna=ipsum&vestibulum=primis&aliquet=in&ultrices=faucibus&erat=orci&tortor=luctus&sollicitudin=et&mi=ultrices&sit=posuere&amet=cubilia&lobortis=curae&sapien=mauris&sapien=viverra&non=diam&mi=vitae&integer=quam&ac=suspendisse&neque=potenti&duis=nullam&bibendum=porttitor&morbi=lacus&non=at&quam=turpis&nec=donec&dui=posuere&luctus=metus&rutrum=vitae&nulla=ipsum&tellus=aliquam&in=non&sagittis=mauris&dui=morbi&vel=non&nisl=lectus&duis=aliquam&ac=sit&nibh=amet&fusce=diam&lacus=in&purus=magna&aliquet=bibendum&at=imperdiet&feugiat=nullam&non=orci&pretium=pede&quis=venenatis&lectus=non&suspendisse=sodales&potenti=sed&in=tincidunt&eleifend=eu&quam=felis,TRUE
+http://europa.eu/auctor.aspx?morbi=habitasse&porttitor=platea&lorem=dictumst&id=aliquam&ligula=augue&suspendisse=quam&ornare=sollicitudin&consequat=vitae&lectus=consectetuer&in=eget&est=rutrum&risus=at&auctor=lorem&sed=integer&tristique=tincidunt&in=ante&tempus=vel&sit=ipsum&amet=praesent&sem=blandit&fusce=lacinia&consequat=erat&nulla=vestibulum&nisl=sed&nunc=magna&nisl=at&duis=nunc&bibendum=commodo&felis=placerat&sed=praesent&interdum=blandit&venenatis=nam&turpis=nulla&enim=integer&blandit=pede&mi=justo&in=lacinia&porttitor=eget&pede=tincidunt&justo=eget&eu=tempus&massa=vel&donec=pede&dapibus=morbi&duis=porttitor&at=lorem&velit=id&eu=ligula&est=suspendisse&congue=ornare&elementum=consequat&in=lectus&hac=in&habitasse=est&platea=risus&dictumst=auctor&morbi=sed&vestibulum=tristique&velit=in&id=tempus&pretium=sit&iaculis=amet&diam=sem&erat=fusce&fermentum=consequat&justo=nulla&nec=nisl&condimentum=nunc&neque=nisl&sapien=duis&placerat=bibendum&ante=felis&nulla=sed&justo=interdum&aliquam=venenatis&quis=turpis&turpis=enim&eget=blandit&elit=mi&sodales=in&scelerisque=porttitor&mauris=pede&sit=justo&amet=eu&eros=massa&suspendisse=donec&accumsan=dapibus&tortor=duis&quis=at,TRUE
+https://china.com.cn/vel/nulla/eget/eros/elementum/pellentesque.jpg?hendrerit=ac&at=diam&vulputate=cras&vitae=pellentesque&nisl=volutpat&aenean=dui&lectus=maecenas&pellentesque=tristique&eget=est&nunc=et&donec=tempus&quis=semper&orci=est&eget=quam&orci=pharetra&vehicula=magna&condimentum=ac&curabitur=consequat&in=metus&libero=sapien&ut=ut&massa=nunc,TRUE
+http://alibaba.com/vulputate/nonummy/maecenas/tincidunt/lacus.json?eros=fusce&suspendisse=consequat&accumsan=nulla&tortor=nisl&quis=nunc&turpis=nisl&sed=duis&ante=bibendum&vivamus=felis&tortor=sed&duis=interdum&mattis=venenatis&egestas=turpis&metus=enim&aenean=blandit&fermentum=mi&donec=in&ut=porttitor&mauris=pede&eget=justo&massa=eu&tempor=massa&convallis=donec&nulla=dapibus&neque=duis&libero=at&convallis=velit&eget=eu&eleifend=est&luctus=congue&ultricies=elementum&eu=in&nibh=hac,TRUE
+http://sun.com/sem/fusce/consequat/nulla/nisl.png?turpis=tristique&donec=fusce&posuere=congue&metus=diam&vitae=id&ipsum=ornare&aliquam=imperdiet&non=sapien&mauris=urna&morbi=pretium&non=nisl&lectus=ut&aliquam=volutpat&sit=sapien&amet=arcu&diam=sed&in=augue&magna=aliquam&bibendum=erat&imperdiet=volutpat&nullam=in&orci=congue&pede=etiam&venenatis=justo&non=etiam&sodales=pretium&sed=iaculis&tincidunt=justo&eu=in&felis=hac&fusce=habitasse&posuere=platea&felis=dictumst&sed=etiam&lacus=faucibus&morbi=cursus&sem=urna&mauris=ut&laoreet=tellus&ut=nulla&rhoncus=ut&aliquet=erat&pulvinar=id&sed=mauris&nisl=vulputate&nunc=elementum&rhoncus=nullam&dui=varius&vel=nulla&sem=facilisi&sed=cras&sagittis=non&nam=velit&congue=nec&risus=nisi&semper=vulputate&porta=nonummy&volutpat=maecenas&quam=tincidunt&pede=lacus&lobortis=at&ligula=velit&sit=vivamus&amet=vel&eleifend=nulla&pede=eget&libero=eros&quis=elementum&orci=pellentesque&nullam=quisque&molestie=porta&nibh=volutpat&in=erat&lectus=quisque&pellentesque=erat&at=eros&nulla=viverra&suspendisse=eget&potenti=congue&cras=eget&in=semper&purus=rutrum&eu=nulla&magna=nunc&vulputate=purus&luctus=phasellus&cum=in&sociis=felis&natoque=donec&penatibus=semper&et=sapien&magnis=a&dis=libero&parturient=nam&montes=dui&nascetur=proin,TRUE
+http://webs.com/quam/nec/dui/luctus/rutrum/nulla/tellus.js?curabitur=nunc&in=vestibulum&libero=ante&ut=ipsum&massa=primis&volutpat=in&convallis=faucibus&morbi=orci&odio=luctus&odio=et&elementum=ultrices&eu=posuere&interdum=cubilia&eu=curae&tincidunt=mauris&in=viverra&leo=diam&maecenas=vitae&pulvinar=quam&lobortis=suspendisse&est=potenti&phasellus=nullam&sit=porttitor&amet=lacus&erat=at&nulla=turpis&tempus=donec&vivamus=posuere&in=metus,TRUE
+http://diigo.com/aliquet/maecenas.jpg?felis=imperdiet&eu=nullam&sapien=orci&cursus=pede&vestibulum=venenatis&proin=non&eu=sodales&mi=sed&nulla=tincidunt&ac=eu&enim=felis&in=fusce&tempor=posuere&turpis=felis&nec=sed&euismod=lacus&scelerisque=morbi&quam=sem&turpis=mauris&adipiscing=laoreet&lorem=ut&vitae=rhoncus&mattis=aliquet&nibh=pulvinar&ligula=sed&nec=nisl&sem=nunc&duis=rhoncus&aliquam=dui&convallis=vel&nunc=sem&proin=sed&at=sagittis,TRUE
+https://nature.com/est.json?faucibus=velit&cursus=vivamus&urna=vel&ut=nulla&tellus=eget&nulla=eros&ut=elementum&erat=pellentesque&id=quisque&mauris=porta&vulputate=volutpat&elementum=erat&nullam=quisque&varius=erat&nulla=eros&facilisi=viverra&cras=eget&non=congue&velit=eget&nec=semper&nisi=rutrum&vulputate=nulla&nonummy=nunc,TRUE
+http://blogger.com/ultrices/erat/tortor/sollicitudin.js?nulla=sapien&nunc=non&purus=mi&phasellus=integer&in=ac&felis=neque&donec=duis&semper=bibendum&sapien=morbi&a=non&libero=quam&nam=nec&dui=dui&proin=luctus&leo=rutrum&odio=nulla&porttitor=tellus&id=in&consequat=sagittis&in=dui&consequat=vel&ut=nisl&nulla=duis&sed=ac&accumsan=nibh&felis=fusce&ut=lacus&at=purus&dolor=aliquet&quis=at&odio=feugiat&consequat=non&varius=pretium&integer=quis&ac=lectus&leo=suspendisse&pellentesque=potenti&ultrices=in&mattis=eleifend&odio=quam&donec=a&vitae=odio&nisi=in&nam=hac&ultrices=habitasse&libero=platea&non=dictumst&mattis=maecenas&pulvinar=ut&nulla=massa&pede=quis&ullamcorper=augue&augue=luctus&a=tincidunt&suscipit=nulla&nulla=mollis&elit=molestie&ac=lorem&nulla=quisque&sed=ut&vel=erat&enim=curabitur&sit=gravida&amet=nisi&nunc=at&viverra=nibh&dapibus=in&nulla=hac&suscipit=habitasse&ligula=platea&in=dictumst&lacus=aliquam&curabitur=augue&at=quam&ipsum=sollicitudin&ac=vitae&tellus=consectetuer&semper=eget&interdum=rutrum,TRUE
+https://blogs.com/dui/proin/leo/odio/porttitor/id/consequat.aspx?posuere=sapien&metus=iaculis&vitae=congue&ipsum=vivamus&aliquam=metus&non=arcu&mauris=adipiscing&morbi=molestie&non=hendrerit&lectus=at&aliquam=vulputate&sit=vitae&amet=nisl&diam=aenean&in=lectus&magna=pellentesque&bibendum=eget&imperdiet=nunc&nullam=donec&orci=quis&pede=orci&venenatis=eget&non=orci&sodales=vehicula&sed=condimentum&tincidunt=curabitur&eu=in&felis=libero&fusce=ut&posuere=massa&felis=volutpat&sed=convallis&lacus=morbi&morbi=odio&sem=odio&mauris=elementum&laoreet=eu&ut=interdum&rhoncus=eu&aliquet=tincidunt&pulvinar=in&sed=leo&nisl=maecenas&nunc=pulvinar&rhoncus=lobortis&dui=est&vel=phasellus&sem=sit&sed=amet&sagittis=erat&nam=nulla&congue=tempus&risus=vivamus&semper=in&porta=felis&volutpat=eu&quam=sapien&pede=cursus&lobortis=vestibulum&ligula=proin&sit=eu&amet=mi&eleifend=nulla&pede=ac&libero=enim&quis=in&orci=tempor&nullam=turpis&molestie=nec&nibh=euismod&in=scelerisque&lectus=quam&pellentesque=turpis&at=adipiscing&nulla=lorem&suspendisse=vitae&potenti=mattis&cras=nibh&in=ligula&purus=nec&eu=sem&magna=duis&vulputate=aliquam&luctus=convallis&cum=nunc&sociis=proin&natoque=at&penatibus=turpis&et=a&magnis=pede&dis=posuere&parturient=nonummy&montes=integer&nascetur=non&ridiculus=velit&mus=donec,TRUE
+https://npr.org/scelerisque.json?vitae=iaculis&ipsum=congue&aliquam=vivamus&non=metus&mauris=arcu&morbi=adipiscing&non=molestie&lectus=hendrerit&aliquam=at&sit=vulputate&amet=vitae&diam=nisl&in=aenean&magna=lectus&bibendum=pellentesque&imperdiet=eget&nullam=nunc&orci=donec&pede=quis&venenatis=orci&non=eget&sodales=orci&sed=vehicula&tincidunt=condimentum&eu=curabitur&felis=in&fusce=libero&posuere=ut&felis=massa&sed=volutpat&lacus=convallis&morbi=morbi&sem=odio&mauris=odio&laoreet=elementum&ut=eu&rhoncus=interdum&aliquet=eu&pulvinar=tincidunt&sed=in&nisl=leo&nunc=maecenas&rhoncus=pulvinar&dui=lobortis&vel=est&sem=phasellus&sed=sit&sagittis=amet&nam=erat&congue=nulla&risus=tempus&semper=vivamus&porta=in&volutpat=felis&quam=eu&pede=sapien&lobortis=cursus&ligula=vestibulum&sit=proin&amet=eu&eleifend=mi&pede=nulla&libero=ac&quis=enim&orci=in&nullam=tempor&molestie=turpis&nibh=nec&in=euismod&lectus=scelerisque&pellentesque=quam&at=turpis&nulla=adipiscing&suspendisse=lorem&potenti=vitae&cras=mattis&in=nibh&purus=ligula&eu=nec&magna=sem&vulputate=duis&luctus=aliquam,TRUE
+https://adobe.com/dictumst/maecenas/ut.json?dapibus=quam&duis=turpis&at=adipiscing&velit=lorem&eu=vitae&est=mattis&congue=nibh&elementum=ligula&in=nec&hac=sem&habitasse=duis&platea=aliquam&dictumst=convallis&morbi=nunc&vestibulum=proin&velit=at&id=turpis&pretium=a&iaculis=pede&diam=posuere&erat=nonummy&fermentum=integer&justo=non&nec=velit&condimentum=donec&neque=diam&sapien=neque&placerat=vestibulum&ante=eget&nulla=vulputate&justo=ut&aliquam=ultrices&quis=vel&turpis=augue&eget=vestibulum&elit=ante&sodales=ipsum&scelerisque=primis&mauris=in&sit=faucibus&amet=orci&eros=luctus&suspendisse=et&accumsan=ultrices&tortor=posuere&quis=cubilia&turpis=curae&sed=donec&ante=pharetra&vivamus=magna&tortor=vestibulum&duis=aliquet&mattis=ultrices&egestas=erat&metus=tortor&aenean=sollicitudin&fermentum=mi&donec=sit&ut=amet&mauris=lobortis&eget=sapien&massa=sapien&tempor=non&convallis=mi&nulla=integer&neque=ac&libero=neque&convallis=duis&eget=bibendum&eleifend=morbi&luctus=non&ultricies=quam&eu=nec&nibh=dui,TRUE
+http://salon.com/tellus.jpg?arcu=venenatis&sed=tristique&augue=fusce&aliquam=congue&erat=diam&volutpat=id&in=ornare&congue=imperdiet&etiam=sapien&justo=urna&etiam=pretium&pretium=nisl&iaculis=ut&justo=volutpat&in=sapien&hac=arcu&habitasse=sed&platea=augue&dictumst=aliquam&etiam=erat&faucibus=volutpat&cursus=in&urna=congue&ut=etiam&tellus=justo&nulla=etiam&ut=pretium&erat=iaculis&id=justo&mauris=in&vulputate=hac&elementum=habitasse&nullam=platea&varius=dictumst&nulla=etiam&facilisi=faucibus&cras=cursus&non=urna&velit=ut&nec=tellus&nisi=nulla&vulputate=ut&nonummy=erat&maecenas=id&tincidunt=mauris&lacus=vulputate&at=elementum&velit=nullam&vivamus=varius&vel=nulla&nulla=facilisi&eget=cras&eros=non&elementum=velit&pellentesque=nec&quisque=nisi&porta=vulputate&volutpat=nonummy&erat=maecenas&quisque=tincidunt&erat=lacus&eros=at&viverra=velit,TRUE
+http://icio.us/vestibulum/velit/id/pretium/iaculis/diam.js?faucibus=justo&cursus=etiam&urna=pretium&ut=iaculis&tellus=justo&nulla=in&ut=hac&erat=habitasse&id=platea&mauris=dictumst&vulputate=etiam&elementum=faucibus&nullam=cursus&varius=urna&nulla=ut&facilisi=tellus&cras=nulla&non=ut&velit=erat&nec=id&nisi=mauris&vulputate=vulputate&nonummy=elementum&maecenas=nullam&tincidunt=varius&lacus=nulla&at=facilisi&velit=cras&vivamus=non&vel=velit&nulla=nec&eget=nisi&eros=vulputate&elementum=nonummy&pellentesque=maecenas&quisque=tincidunt&porta=lacus&volutpat=at&erat=velit,TRUE
+http://craigslist.org/iaculis/diam/erat/fermentum.jsp?nisl=nec&nunc=condimentum&nisl=neque&duis=sapien&bibendum=placerat&felis=ante&sed=nulla&interdum=justo&venenatis=aliquam&turpis=quis&enim=turpis&blandit=eget&mi=elit&in=sodales&porttitor=scelerisque&pede=mauris&justo=sit&eu=amet&massa=eros,TRUE
+https://ebay.co.uk/leo/pellentesque/ultrices.jpg?sociis=id&natoque=massa&penatibus=id&et=nisl&magnis=venenatis&dis=lacinia&parturient=aenean&montes=sit&nascetur=amet&ridiculus=justo&mus=morbi&vivamus=ut&vestibulum=odio&sagittis=cras&sapien=mi&cum=pede&sociis=malesuada&natoque=in&penatibus=imperdiet&et=et&magnis=commodo&dis=vulputate&parturient=justo&montes=in&nascetur=blandit&ridiculus=ultrices&mus=enim&etiam=lorem&vel=ipsum&augue=dolor&vestibulum=sit&rutrum=amet&rutrum=consectetuer&neque=adipiscing&aenean=elit&auctor=proin&gravida=interdum&sem=mauris&praesent=non&id=ligula&massa=pellentesque&id=ultrices&nisl=phasellus&venenatis=id&lacinia=sapien&aenean=in&sit=sapien&amet=iaculis&justo=congue&morbi=vivamus&ut=metus&odio=arcu&cras=adipiscing&mi=molestie&pede=hendrerit&malesuada=at&in=vulputate&imperdiet=vitae&et=nisl&commodo=aenean&vulputate=lectus&justo=pellentesque&in=eget&blandit=nunc&ultrices=donec&enim=quis&lorem=orci&ipsum=eget&dolor=orci&sit=vehicula&amet=condimentum&consectetuer=curabitur&adipiscing=in&elit=libero&proin=ut&interdum=massa&mauris=volutpat&non=convallis&ligula=morbi&pellentesque=odio&ultrices=odio&phasellus=elementum&id=eu&sapien=interdum&in=eu&sapien=tincidunt&iaculis=in&congue=leo&vivamus=maecenas&metus=pulvinar&arcu=lobortis&adipiscing=est&molestie=phasellus&hendrerit=sit&at=amet&vulputate=erat&vitae=nulla&nisl=tempus&aenean=vivamus,TRUE
+https://va.gov/etiam/faucibus/cursus/urna.png?id=tincidunt&luctus=nulla&nec=mollis&molestie=molestie&sed=lorem&justo=quisque&pellentesque=ut&viverra=erat&pede=curabitur&ac=gravida&diam=nisi&cras=at&pellentesque=nibh&volutpat=in&dui=hac&maecenas=habitasse&tristique=platea&est=dictumst&et=aliquam&tempus=augue&semper=quam&est=sollicitudin&quam=vitae&pharetra=consectetuer&magna=eget&ac=rutrum&consequat=at&metus=lorem&sapien=integer&ut=tincidunt&nunc=ante&vestibulum=vel&ante=ipsum&ipsum=praesent&primis=blandit&in=lacinia&faucibus=erat&orci=vestibulum&luctus=sed&et=magna&ultrices=at&posuere=nunc&cubilia=commodo&curae=placerat&mauris=praesent&viverra=blandit&diam=nam&vitae=nulla&quam=integer&suspendisse=pede&potenti=justo&nullam=lacinia&porttitor=eget&lacus=tincidunt&at=eget&turpis=tempus&donec=vel&posuere=pede&metus=morbi&vitae=porttitor&ipsum=lorem&aliquam=id&non=ligula&mauris=suspendisse&morbi=ornare&non=consequat&lectus=lectus&aliquam=in&sit=est&amet=risus&diam=auctor&in=sed&magna=tristique&bibendum=in&imperdiet=tempus&nullam=sit&orci=amet&pede=sem&venenatis=fusce&non=consequat&sodales=nulla&sed=nisl&tincidunt=nunc&eu=nisl&felis=duis&fusce=bibendum&posuere=felis&felis=sed&sed=interdum&lacus=venenatis&morbi=turpis&sem=enim&mauris=blandit&laoreet=mi&ut=in,TRUE
+http://edublogs.org/nec/sem/duis/aliquam.json?potenti=orci&cras=luctus&in=et&purus=ultrices&eu=posuere&magna=cubilia&vulputate=curae&luctus=nulla,TRUE
+https://spiegel.de/velit/vivamus/vel/nulla/eget/eros/elementum.html?euismod=aliquet&scelerisque=maecenas&quam=leo&turpis=odio&adipiscing=condimentum&lorem=id&vitae=luctus&mattis=nec&nibh=molestie&ligula=sed&nec=justo&sem=pellentesque&duis=viverra&aliquam=pede&convallis=ac&nunc=diam&proin=cras&at=pellentesque&turpis=volutpat&a=dui&pede=maecenas&posuere=tristique&nonummy=est&integer=et&non=tempus&velit=semper&donec=est&diam=quam&neque=pharetra&vestibulum=magna&eget=ac&vulputate=consequat&ut=metus&ultrices=sapien&vel=ut&augue=nunc&vestibulum=vestibulum&ante=ante,TRUE
+http://army.mil/diam/vitae/quam/suspendisse.jpg?platea=quam&dictumst=nec&morbi=dui&vestibulum=luctus&velit=rutrum&id=nulla&pretium=tellus&iaculis=in&diam=sagittis&erat=dui&fermentum=vel&justo=nisl&nec=duis&condimentum=ac&neque=nibh&sapien=fusce&placerat=lacus&ante=purus&nulla=aliquet&justo=at&aliquam=feugiat&quis=non&turpis=pretium&eget=quis&elit=lectus&sodales=suspendisse&scelerisque=potenti&mauris=in&sit=eleifend&amet=quam&eros=a&suspendisse=odio&accumsan=in&tortor=hac&quis=habitasse&turpis=platea&sed=dictumst&ante=maecenas&vivamus=ut&tortor=massa&duis=quis&mattis=augue&egestas=luctus&metus=tincidunt&aenean=nulla&fermentum=mollis&donec=molestie&ut=lorem&mauris=quisque&eget=ut&massa=erat&tempor=curabitur&convallis=gravida&nulla=nisi&neque=at&libero=nibh&convallis=in&eget=hac&eleifend=habitasse&luctus=platea&ultricies=dictumst,TRUE
+https://businesswire.com/lorem/vitae.js?eros=est&elementum=risus&pellentesque=auctor&quisque=sed&porta=tristique&volutpat=in&erat=tempus&quisque=sit&erat=amet&eros=sem&viverra=fusce&eget=consequat&congue=nulla&eget=nisl&semper=nunc&rutrum=nisl&nulla=duis&nunc=bibendum&purus=felis&phasellus=sed&in=interdum&felis=venenatis&donec=turpis&semper=enim&sapien=blandit&a=mi&libero=in&nam=porttitor&dui=pede&proin=justo&leo=eu&odio=massa&porttitor=donec&id=dapibus&consequat=duis&in=at&consequat=velit&ut=eu&nulla=est&sed=congue&accumsan=elementum&felis=in&ut=hac&at=habitasse&dolor=platea&quis=dictumst&odio=morbi&consequat=vestibulum&varius=velit&integer=id&ac=pretium&leo=iaculis&pellentesque=diam&ultrices=erat&mattis=fermentum&odio=justo&donec=nec&vitae=condimentum&nisi=neque&nam=sapien&ultrices=placerat&libero=ante&non=nulla&mattis=justo&pulvinar=aliquam&nulla=quis&pede=turpis&ullamcorper=eget&augue=elit&a=sodales&suscipit=scelerisque&nulla=mauris&elit=sit&ac=amet&nulla=eros&sed=suspendisse&vel=accumsan&enim=tortor&sit=quis&amet=turpis&nunc=sed,TRUE
+http://histats.com/ligula/in/lacus/curabitur/at.jpg?fusce=elementum&lacus=ligula&purus=vehicula&aliquet=consequat&at=morbi&feugiat=a&non=ipsum&pretium=integer&quis=a&lectus=nibh&suspendisse=in&potenti=quis&in=justo&eleifend=maecenas&quam=rhoncus&a=aliquam&odio=lacus&in=morbi&hac=quis&habitasse=tortor&platea=id&dictumst=nulla&maecenas=ultrices&ut=aliquet&massa=maecenas&quis=leo&augue=odio&luctus=condimentum&tincidunt=id&nulla=luctus&mollis=nec&molestie=molestie&lorem=sed&quisque=justo&ut=pellentesque&erat=viverra&curabitur=pede&gravida=ac&nisi=diam&at=cras&nibh=pellentesque&in=volutpat&hac=dui&habitasse=maecenas&platea=tristique&dictumst=est&aliquam=et&augue=tempus,TRUE
+http://twitpic.com/vitae/nisl/aenean.xml?commodo=nibh&vulputate=in&justo=hac&in=habitasse&blandit=platea&ultrices=dictumst&enim=aliquam&lorem=augue&ipsum=quam&dolor=sollicitudin&sit=vitae&amet=consectetuer,TRUE
+http://mozilla.com/consequat/lectus/in/est/risus/auctor/sed.html?a=quisque&nibh=erat&in=eros&quis=viverra&justo=eget&maecenas=congue&rhoncus=eget&aliquam=semper&lacus=rutrum&morbi=nulla&quis=nunc&tortor=purus&id=phasellus&nulla=in&ultrices=felis&aliquet=donec&maecenas=semper&leo=sapien&odio=a&condimentum=libero&id=nam&luctus=dui&nec=proin&molestie=leo&sed=odio&justo=porttitor&pellentesque=id&viverra=consequat&pede=in&ac=consequat&diam=ut&cras=nulla&pellentesque=sed&volutpat=accumsan&dui=felis&maecenas=ut&tristique=at&est=dolor&et=quis&tempus=odio&semper=consequat&est=varius&quam=integer&pharetra=ac&magna=leo,TRUE
+http://ucoz.com/quisque/arcu/libero.json?ante=rutrum&ipsum=rutrum&primis=neque&in=aenean&faucibus=auctor&orci=gravida&luctus=sem&et=praesent&ultrices=id&posuere=massa&cubilia=id&curae=nisl&mauris=venenatis&viverra=lacinia&diam=aenean&vitae=sit&quam=amet&suspendisse=justo&potenti=morbi&nullam=ut&porttitor=odio&lacus=cras&at=mi&turpis=pede&donec=malesuada&posuere=in&metus=imperdiet&vitae=et&ipsum=commodo&aliquam=vulputate&non=justo&mauris=in&morbi=blandit&non=ultrices&lectus=enim&aliquam=lorem&sit=ipsum&amet=dolor&diam=sit&in=amet&magna=consectetuer&bibendum=adipiscing&imperdiet=elit&nullam=proin&orci=interdum&pede=mauris&venenatis=non&non=ligula&sodales=pellentesque&sed=ultrices&tincidunt=phasellus&eu=id&felis=sapien&fusce=in&posuere=sapien&felis=iaculis&sed=congue&lacus=vivamus&morbi=metus&sem=arcu&mauris=adipiscing&laoreet=molestie&ut=hendrerit&rhoncus=at&aliquet=vulputate&pulvinar=vitae&sed=nisl&nisl=aenean&nunc=lectus&rhoncus=pellentesque&dui=eget&vel=nunc&sem=donec&sed=quis&sagittis=orci&nam=eget&congue=orci&risus=vehicula&semper=condimentum&porta=curabitur&volutpat=in&quam=libero&pede=ut&lobortis=massa,TRUE
+http://usatoday.com/quis/turpis/sed/ante/vivamus.xml?sapien=eu&placerat=sapien&ante=cursus&nulla=vestibulum&justo=proin&aliquam=eu&quis=mi&turpis=nulla&eget=ac&elit=enim&sodales=in&scelerisque=tempor&mauris=turpis&sit=nec&amet=euismod&eros=scelerisque&suspendisse=quam&accumsan=turpis&tortor=adipiscing&quis=lorem&turpis=vitae&sed=mattis,TRUE
+http://seesaa.net/magnis/dis/parturient/montes/nascetur/ridiculus.xml?donec=scelerisque&quis=quam&orci=turpis&eget=adipiscing&orci=lorem&vehicula=vitae&condimentum=mattis&curabitur=nibh&in=ligula&libero=nec&ut=sem&massa=duis&volutpat=aliquam&convallis=convallis&morbi=nunc&odio=proin&odio=at&elementum=turpis&eu=a&interdum=pede&eu=posuere,TRUE
+http://mlb.com/eget/rutrum/at/lorem/integer/tincidunt/ante.xml?diam=proin&vitae=risus&quam=praesent&suspendisse=lectus&potenti=vestibulum&nullam=quam&porttitor=sapien&lacus=varius&at=ut&turpis=blandit&donec=non&posuere=interdum&metus=in&vitae=ante&ipsum=vestibulum&aliquam=ante&non=ipsum&mauris=primis&morbi=in&non=faucibus&lectus=orci&aliquam=luctus&sit=et&amet=ultrices&diam=posuere&in=cubilia&magna=curae&bibendum=duis&imperdiet=faucibus&nullam=accumsan&orci=odio&pede=curabitur&venenatis=convallis&non=duis&sodales=consequat&sed=dui&tincidunt=nec&eu=nisi&felis=volutpat&fusce=eleifend&posuere=donec&felis=ut&sed=dolor&lacus=morbi&morbi=vel&sem=lectus&mauris=in&laoreet=quam&ut=fringilla&rhoncus=rhoncus&aliquet=mauris&pulvinar=enim&sed=leo&nisl=rhoncus&nunc=sed&rhoncus=vestibulum&dui=sit&vel=amet&sem=cursus&sed=id&sagittis=turpis&nam=integer&congue=aliquet&risus=massa&semper=id&porta=lobortis&volutpat=convallis&quam=tortor&pede=risus&lobortis=dapibus&ligula=augue&sit=vel&amet=accumsan&eleifend=tellus&pede=nisi&libero=eu&quis=orci&orci=mauris&nullam=lacinia&molestie=sapien&nibh=quis&in=libero&lectus=nullam&pellentesque=sit&at=amet&nulla=turpis&suspendisse=elementum&potenti=ligula&cras=vehicula&in=consequat&purus=morbi&eu=a&magna=ipsum&vulputate=integer&luctus=a&cum=nibh&sociis=in&natoque=quis&penatibus=justo,TRUE
+https://bloomberg.com/sed/interdum/venenatis/turpis/enim.jpg?erat=justo&volutpat=eu&in=massa&congue=donec&etiam=dapibus&justo=duis&etiam=at&pretium=velit&iaculis=eu&justo=est&in=congue&hac=elementum&habitasse=in&platea=hac&dictumst=habitasse&etiam=platea&faucibus=dictumst&cursus=morbi&urna=vestibulum&ut=velit&tellus=id&nulla=pretium&ut=iaculis&erat=diam&id=erat&mauris=fermentum&vulputate=justo&elementum=nec&nullam=condimentum&varius=neque&nulla=sapien&facilisi=placerat&cras=ante&non=nulla&velit=justo&nec=aliquam&nisi=quis&vulputate=turpis&nonummy=eget&maecenas=elit&tincidunt=sodales&lacus=scelerisque&at=mauris&velit=sit&vivamus=amet&vel=eros&nulla=suspendisse&eget=accumsan&eros=tortor&elementum=quis&pellentesque=turpis&quisque=sed&porta=ante&volutpat=vivamus&erat=tortor&quisque=duis&erat=mattis&eros=egestas&viverra=metus&eget=aenean&congue=fermentum&eget=donec&semper=ut&rutrum=mauris&nulla=eget&nunc=massa&purus=tempor&phasellus=convallis&in=nulla&felis=neque&donec=libero&semper=convallis&sapien=eget&a=eleifend&libero=luctus&nam=ultricies&dui=eu&proin=nibh&leo=quisque&odio=id&porttitor=justo&id=sit&consequat=amet&in=sapien&consequat=dignissim&ut=vestibulum&nulla=vestibulum&sed=ante&accumsan=ipsum&felis=primis&ut=in&at=faucibus&dolor=orci,TRUE
+http://diigo.com/ut/nunc/vestibulum/ante/ipsum/primis.aspx?praesent=et&blandit=ultrices&lacinia=posuere&erat=cubilia&vestibulum=curae&sed=duis&magna=faucibus&at=accumsan&nunc=odio&commodo=curabitur&placerat=convallis&praesent=duis&blandit=consequat&nam=dui&nulla=nec&integer=nisi&pede=volutpat&justo=eleifend&lacinia=donec&eget=ut&tincidunt=dolor&eget=morbi&tempus=vel&vel=lectus&pede=in&morbi=quam&porttitor=fringilla&lorem=rhoncus&id=mauris&ligula=enim&suspendisse=leo&ornare=rhoncus&consequat=sed&lectus=vestibulum&in=sit&est=amet,TRUE
+https://sphinn.com/blandit/mi/in/porttitor/pede.jsp?faucibus=primis&orci=in&luctus=faucibus&et=orci&ultrices=luctus&posuere=et&cubilia=ultrices&curae=posuere&mauris=cubilia&viverra=curae&diam=nulla&vitae=dapibus&quam=dolor&suspendisse=vel&potenti=est&nullam=donec,TRUE
+https://webnode.com/vestibulum/quam/sapien/varius/ut/blandit.json?curae=suspendisse&nulla=accumsan&dapibus=tortor&dolor=quis&vel=turpis&est=sed&donec=ante&odio=vivamus&justo=tortor&sollicitudin=duis&ut=mattis&suscipit=egestas&a=metus&feugiat=aenean&et=fermentum&eros=donec&vestibulum=ut&ac=mauris&est=eget&lacinia=massa&nisi=tempor&venenatis=convallis&tristique=nulla&fusce=neque&congue=libero,TRUE
+https://dell.com/quam/pede/lobortis.png?vivamus=eu&vel=sapien&nulla=cursus&eget=vestibulum&eros=proin&elementum=eu&pellentesque=mi&quisque=nulla&porta=ac&volutpat=enim&erat=in&quisque=tempor&erat=turpis&eros=nec&viverra=euismod&eget=scelerisque&congue=quam&eget=turpis&semper=adipiscing&rutrum=lorem&nulla=vitae&nunc=mattis&purus=nibh&phasellus=ligula&in=nec&felis=sem&donec=duis&semper=aliquam&sapien=convallis&a=nunc&libero=proin&nam=at&dui=turpis&proin=a&leo=pede&odio=posuere&porttitor=nonummy&id=integer&consequat=non&in=velit&consequat=donec&ut=diam&nulla=neque&sed=vestibulum&accumsan=eget&felis=vulputate&ut=ut&at=ultrices&dolor=vel&quis=augue&odio=vestibulum&consequat=ante&varius=ipsum&integer=primis&ac=in&leo=faucibus&pellentesque=orci&ultrices=luctus&mattis=et&odio=ultrices&donec=posuere&vitae=cubilia&nisi=curae&nam=donec&ultrices=pharetra&libero=magna&non=vestibulum&mattis=aliquet&pulvinar=ultrices&nulla=erat&pede=tortor&ullamcorper=sollicitudin&augue=mi&a=sit&suscipit=amet&nulla=lobortis&elit=sapien&ac=sapien&nulla=non&sed=mi&vel=integer&enim=ac&sit=neque&amet=duis&nunc=bibendum,TRUE
+https://hud.gov/magna/vulputate/luctus/cum/sociis/natoque.html?orci=ipsum&luctus=integer&et=a&ultrices=nibh&posuere=in&cubilia=quis&curae=justo&duis=maecenas&faucibus=rhoncus&accumsan=aliquam&odio=lacus&curabitur=morbi&convallis=quis&duis=tortor&consequat=id&dui=nulla&nec=ultrices&nisi=aliquet&volutpat=maecenas&eleifend=leo&donec=odio&ut=condimentum&dolor=id&morbi=luctus&vel=nec&lectus=molestie&in=sed&quam=justo&fringilla=pellentesque&rhoncus=viverra&mauris=pede&enim=ac&leo=diam&rhoncus=cras&sed=pellentesque&vestibulum=volutpat&sit=dui&amet=maecenas&cursus=tristique&id=est&turpis=et&integer=tempus&aliquet=semper&massa=est&id=quam&lobortis=pharetra&convallis=magna&tortor=ac&risus=consequat&dapibus=metus&augue=sapien&vel=ut&accumsan=nunc&tellus=vestibulum&nisi=ante&eu=ipsum&orci=primis&mauris=in&lacinia=faucibus&sapien=orci&quis=luctus&libero=et&nullam=ultrices&sit=posuere&amet=cubilia&turpis=curae&elementum=mauris&ligula=viverra&vehicula=diam&consequat=vitae&morbi=quam&a=suspendisse&ipsum=potenti&integer=nullam&a=porttitor&nibh=lacus&in=at&quis=turpis&justo=donec&maecenas=posuere&rhoncus=metus&aliquam=vitae&lacus=ipsum&morbi=aliquam&quis=non&tortor=mauris&id=morbi&nulla=non&ultrices=lectus&aliquet=aliquam&maecenas=sit&leo=amet,TRUE
+https://de.vu/congue/vivamus.js?erat=metus&tortor=sapien&sollicitudin=ut&mi=nunc&sit=vestibulum&amet=ante&lobortis=ipsum&sapien=primis&sapien=in&non=faucibus&mi=orci&integer=luctus&ac=et&neque=ultrices&duis=posuere&bibendum=cubilia&morbi=curae&non=mauris&quam=viverra&nec=diam&dui=vitae&luctus=quam&rutrum=suspendisse&nulla=potenti&tellus=nullam&in=porttitor&sagittis=lacus&dui=at&vel=turpis&nisl=donec&duis=posuere&ac=metus&nibh=vitae&fusce=ipsum&lacus=aliquam&purus=non&aliquet=mauris&at=morbi&feugiat=non&non=lectus&pretium=aliquam&quis=sit&lectus=amet&suspendisse=diam&potenti=in&in=magna&eleifend=bibendum&quam=imperdiet&a=nullam&odio=orci&in=pede&hac=venenatis&habitasse=non&platea=sodales&dictumst=sed&maecenas=tincidunt&ut=eu&massa=felis&quis=fusce&augue=posuere&luctus=felis&tincidunt=sed&nulla=lacus&mollis=morbi&molestie=sem&lorem=mauris&quisque=laoreet&ut=ut&erat=rhoncus&curabitur=aliquet&gravida=pulvinar&nisi=sed,TRUE
+http://histats.com/ligula/in/lacus/curabitur/at/ipsum/ac.png?libero=ut&ut=rhoncus&massa=aliquet&volutpat=pulvinar&convallis=sed&morbi=nisl&odio=nunc&odio=rhoncus&elementum=dui&eu=vel&interdum=sem&eu=sed&tincidunt=sagittis&in=nam&leo=congue&maecenas=risus&pulvinar=semper&lobortis=porta&est=volutpat&phasellus=quam&sit=pede&amet=lobortis&erat=ligula&nulla=sit&tempus=amet&vivamus=eleifend&in=pede&felis=libero&eu=quis&sapien=orci&cursus=nullam&vestibulum=molestie&proin=nibh&eu=in&mi=lectus&nulla=pellentesque&ac=at&enim=nulla&in=suspendisse&tempor=potenti&turpis=cras&nec=in&euismod=purus&scelerisque=eu&quam=magna&turpis=vulputate&adipiscing=luctus&lorem=cum&vitae=sociis&mattis=natoque&nibh=penatibus&ligula=et&nec=magnis&sem=dis&duis=parturient&aliquam=montes&convallis=nascetur&nunc=ridiculus&proin=mus&at=vivamus&turpis=vestibulum&a=sagittis&pede=sapien&posuere=cum&nonummy=sociis&integer=natoque&non=penatibus&velit=et&donec=magnis&diam=dis&neque=parturient&vestibulum=montes&eget=nascetur&vulputate=ridiculus&ut=mus&ultrices=etiam&vel=vel&augue=augue&vestibulum=vestibulum&ante=rutrum&ipsum=rutrum&primis=neque&in=aenean&faucibus=auctor&orci=gravida&luctus=sem&et=praesent&ultrices=id&posuere=massa&cubilia=id&curae=nisl&donec=venenatis&pharetra=lacinia&magna=aenean&vestibulum=sit&aliquet=amet,TRUE
+http://bigcartel.com/aliquam/quis/turpis/eget/elit/sodales.js?luctus=praesent&nec=id&molestie=massa&sed=id&justo=nisl&pellentesque=venenatis&viverra=lacinia&pede=aenean&ac=sit&diam=amet&cras=justo&pellentesque=morbi&volutpat=ut&dui=odio&maecenas=cras&tristique=mi&est=pede&et=malesuada&tempus=in&semper=imperdiet&est=et&quam=commodo&pharetra=vulputate&magna=justo&ac=in&consequat=blandit&metus=ultrices&sapien=enim&ut=lorem&nunc=ipsum&vestibulum=dolor&ante=sit&ipsum=amet&primis=consectetuer&in=adipiscing&faucibus=elit&orci=proin&luctus=interdum&et=mauris&ultrices=non&posuere=ligula&cubilia=pellentesque&curae=ultrices&mauris=phasellus&viverra=id&diam=sapien&vitae=in&quam=sapien&suspendisse=iaculis&potenti=congue&nullam=vivamus&porttitor=metus&lacus=arcu&at=adipiscing&turpis=molestie&donec=hendrerit&posuere=at&metus=vulputate&vitae=vitae&ipsum=nisl&aliquam=aenean&non=lectus&mauris=pellentesque,TRUE
+https://uiuc.edu/auctor/sed.jsp?ligula=et&sit=tempus&amet=semper&eleifend=est&pede=quam&libero=pharetra&quis=magna&orci=ac&nullam=consequat&molestie=metus&nibh=sapien&in=ut&lectus=nunc&pellentesque=vestibulum&at=ante&nulla=ipsum&suspendisse=primis&potenti=in&cras=faucibus&in=orci&purus=luctus&eu=et&magna=ultrices&vulputate=posuere&luctus=cubilia&cum=curae&sociis=mauris&natoque=viverra&penatibus=diam&et=vitae&magnis=quam&dis=suspendisse&parturient=potenti&montes=nullam&nascetur=porttitor&ridiculus=lacus&mus=at&vivamus=turpis&vestibulum=donec&sagittis=posuere&sapien=metus&cum=vitae&sociis=ipsum&natoque=aliquam&penatibus=non&et=mauris&magnis=morbi&dis=non&parturient=lectus&montes=aliquam&nascetur=sit&ridiculus=amet&mus=diam&etiam=in&vel=magna&augue=bibendum&vestibulum=imperdiet&rutrum=nullam&rutrum=orci&neque=pede&aenean=venenatis&auctor=non&gravida=sodales&sem=sed&praesent=tincidunt&id=eu&massa=felis&id=fusce&nisl=posuere&venenatis=felis&lacinia=sed&aenean=lacus&sit=morbi&amet=sem&justo=mauris&morbi=laoreet&ut=ut&odio=rhoncus&cras=aliquet&mi=pulvinar&pede=sed&malesuada=nisl&in=nunc&imperdiet=rhoncus&et=dui&commodo=vel&vulputate=sem&justo=sed&in=sagittis&blandit=nam,TRUE
+https://vimeo.com/vehicula/consequat/morbi/a/ipsum/integer.png?luctus=praesent&et=blandit&ultrices=nam&posuere=nulla&cubilia=integer&curae=pede&nulla=justo&dapibus=lacinia&dolor=eget&vel=tincidunt&est=eget&donec=tempus&odio=vel&justo=pede&sollicitudin=morbi&ut=porttitor&suscipit=lorem&a=id&feugiat=ligula&et=suspendisse&eros=ornare&vestibulum=consequat&ac=lectus&est=in&lacinia=est&nisi=risus&venenatis=auctor&tristique=sed&fusce=tristique&congue=in&diam=tempus&id=sit&ornare=amet&imperdiet=sem&sapien=fusce&urna=consequat&pretium=nulla&nisl=nisl&ut=nunc&volutpat=nisl&sapien=duis&arcu=bibendum&sed=felis&augue=sed&aliquam=interdum&erat=venenatis,TRUE
+http://arizona.edu/vel/enim/sit/amet/nunc.xml?semper=morbi&rutrum=porttitor&nulla=lorem&nunc=id&purus=ligula&phasellus=suspendisse&in=ornare&felis=consequat&donec=lectus&semper=in&sapien=est&a=risus&libero=auctor&nam=sed&dui=tristique&proin=in&leo=tempus&odio=sit&porttitor=amet&id=sem&consequat=fusce&in=consequat&consequat=nulla&ut=nisl&nulla=nunc&sed=nisl&accumsan=duis&felis=bibendum&ut=felis&at=sed&dolor=interdum&quis=venenatis&odio=turpis&consequat=enim&varius=blandit&integer=mi&ac=in&leo=porttitor&pellentesque=pede&ultrices=justo&mattis=eu&odio=massa&donec=donec&vitae=dapibus&nisi=duis&nam=at&ultrices=velit&libero=eu&non=est&mattis=congue&pulvinar=elementum&nulla=in&pede=hac&ullamcorper=habitasse&augue=platea&a=dictumst&suscipit=morbi&nulla=vestibulum&elit=velit&ac=id&nulla=pretium&sed=iaculis&vel=diam&enim=erat&sit=fermentum&amet=justo&nunc=nec&viverra=condimentum&dapibus=neque&nulla=sapien&suscipit=placerat&ligula=ante&in=nulla&lacus=justo&curabitur=aliquam&at=quis&ipsum=turpis&ac=eget&tellus=elit&semper=sodales&interdum=scelerisque&mauris=mauris&ullamcorper=sit&purus=amet&sit=eros&amet=suspendisse&nulla=accumsan&quisque=tortor&arcu=quis&libero=turpis&rutrum=sed&ac=ante&lobortis=vivamus,TRUE
+https://nba.com/fringilla/rhoncus.jpg?porttitor=nisl&pede=nunc&justo=rhoncus&eu=dui&massa=vel&donec=sem&dapibus=sed&duis=sagittis&at=nam&velit=congue&eu=risus&est=semper&congue=porta&elementum=volutpat&in=quam&hac=pede&habitasse=lobortis&platea=ligula&dictumst=sit&morbi=amet&vestibulum=eleifend&velit=pede&id=libero&pretium=quis&iaculis=orci&diam=nullam&erat=molestie&fermentum=nibh&justo=in&nec=lectus&condimentum=pellentesque&neque=at&sapien=nulla,TRUE
+https://wisc.edu/morbi/porttitor/lorem/id/ligula/suspendisse/ornare.json?dis=ultrices&parturient=posuere&montes=cubilia&nascetur=curae&ridiculus=nulla&mus=dapibus&vivamus=dolor&vestibulum=vel&sagittis=est&sapien=donec&cum=odio&sociis=justo&natoque=sollicitudin&penatibus=ut&et=suscipit&magnis=a&dis=feugiat&parturient=et&montes=eros&nascetur=vestibulum&ridiculus=ac&mus=est&etiam=lacinia&vel=nisi&augue=venenatis&vestibulum=tristique&rutrum=fusce&rutrum=congue&neque=diam&aenean=id&auctor=ornare&gravida=imperdiet&sem=sapien&praesent=urna&id=pretium&massa=nisl&id=ut&nisl=volutpat&venenatis=sapien&lacinia=arcu&aenean=sed&sit=augue&amet=aliquam&justo=erat&morbi=volutpat&ut=in&odio=congue&cras=etiam&mi=justo&pede=etiam&malesuada=pretium&in=iaculis&imperdiet=justo&et=in&commodo=hac&vulputate=habitasse&justo=platea&in=dictumst&blandit=etiam&ultrices=faucibus&enim=cursus&lorem=urna&ipsum=ut&dolor=tellus&sit=nulla&amet=ut&consectetuer=erat&adipiscing=id&elit=mauris&proin=vulputate&interdum=elementum&mauris=nullam&non=varius&ligula=nulla,TRUE
+https://nationalgeographic.com/orci/vehicula.aspx?nunc=sem&vestibulum=mauris&ante=laoreet&ipsum=ut&primis=rhoncus&in=aliquet&faucibus=pulvinar&orci=sed&luctus=nisl&et=nunc&ultrices=rhoncus&posuere=dui&cubilia=vel&curae=sem&mauris=sed&viverra=sagittis,TRUE
+https://a8.net/vitae/mattis/nibh/ligula/nec/sem.jsp?accumsan=eget&tellus=eros&nisi=elementum&eu=pellentesque&orci=quisque&mauris=porta&lacinia=volutpat&sapien=erat&quis=quisque&libero=erat&nullam=eros&sit=viverra&amet=eget&turpis=congue&elementum=eget&ligula=semper&vehicula=rutrum&consequat=nulla&morbi=nunc&a=purus&ipsum=phasellus&integer=in&a=felis&nibh=donec&in=semper&quis=sapien&justo=a&maecenas=libero&rhoncus=nam&aliquam=dui&lacus=proin&morbi=leo&quis=odio&tortor=porttitor&id=id&nulla=consequat&ultrices=in&aliquet=consequat&maecenas=ut&leo=nulla&odio=sed&condimentum=accumsan&id=felis&luctus=ut&nec=at&molestie=dolor&sed=quis&justo=odio&pellentesque=consequat&viverra=varius&pede=integer&ac=ac&diam=leo&cras=pellentesque&pellentesque=ultrices&volutpat=mattis&dui=odio&maecenas=donec&tristique=vitae&est=nisi&et=nam&tempus=ultrices&semper=libero&est=non&quam=mattis&pharetra=pulvinar&magna=nulla&ac=pede&consequat=ullamcorper&metus=augue&sapien=a&ut=suscipit&nunc=nulla&vestibulum=elit&ante=ac&ipsum=nulla&primis=sed&in=vel&faucibus=enim&orci=sit&luctus=amet&et=nunc&ultrices=viverra&posuere=dapibus&cubilia=nulla&curae=suscipit&mauris=ligula&viverra=in&diam=lacus&vitae=curabitur&quam=at&suspendisse=ipsum&potenti=ac&nullam=tellus&porttitor=semper&lacus=interdum&at=mauris,TRUE
+https://woothemes.com/vestibulum/ante/ipsum/primis/in.js?curabitur=pharetra&gravida=magna&nisi=ac&at=consequat&nibh=metus&in=sapien&hac=ut&habitasse=nunc&platea=vestibulum&dictumst=ante&aliquam=ipsum&augue=primis&quam=in&sollicitudin=faucibus&vitae=orci&consectetuer=luctus&eget=et&rutrum=ultrices&at=posuere&lorem=cubilia&integer=curae&tincidunt=mauris&ante=viverra&vel=diam&ipsum=vitae&praesent=quam&blandit=suspendisse&lacinia=potenti&erat=nullam&vestibulum=porttitor&sed=lacus&magna=at&at=turpis&nunc=donec&commodo=posuere&placerat=metus&praesent=vitae&blandit=ipsum&nam=aliquam&nulla=non&integer=mauris&pede=morbi&justo=non&lacinia=lectus&eget=aliquam&tincidunt=sit&eget=amet&tempus=diam&vel=in&pede=magna&morbi=bibendum&porttitor=imperdiet&lorem=nullam&id=orci&ligula=pede&suspendisse=venenatis&ornare=non&consequat=sodales&lectus=sed&in=tincidunt&est=eu&risus=felis&auctor=fusce&sed=posuere&tristique=felis&in=sed,TRUE
+http://macromedia.com/nisl/duis/ac/nibh/fusce/lacus/purus.aspx?rutrum=nulla&nulla=ultrices&nunc=aliquet&purus=maecenas&phasellus=leo&in=odio&felis=condimentum&donec=id&semper=luctus&sapien=nec&a=molestie&libero=sed&nam=justo&dui=pellentesque&proin=viverra&leo=pede&odio=ac&porttitor=diam&id=cras&consequat=pellentesque&in=volutpat&consequat=dui&ut=maecenas&nulla=tristique&sed=est&accumsan=et&felis=tempus&ut=semper&at=est&dolor=quam&quis=pharetra&odio=magna&consequat=ac,TRUE
+http://ucoz.ru/penatibus/et/magnis/dis/parturient/montes/nascetur.html?velit=platea&id=dictumst&pretium=morbi&iaculis=vestibulum&diam=velit&erat=id&fermentum=pretium&justo=iaculis&nec=diam&condimentum=erat&neque=fermentum&sapien=justo&placerat=nec&ante=condimentum&nulla=neque&justo=sapien&aliquam=placerat&quis=ante&turpis=nulla&eget=justo&elit=aliquam&sodales=quis&scelerisque=turpis&mauris=eget&sit=elit&amet=sodales&eros=scelerisque&suspendisse=mauris&accumsan=sit&tortor=amet&quis=eros&turpis=suspendisse&sed=accumsan&ante=tortor&vivamus=quis&tortor=turpis&duis=sed&mattis=ante&egestas=vivamus&metus=tortor&aenean=duis&fermentum=mattis&donec=egestas&ut=metus&mauris=aenean&eget=fermentum&massa=donec&tempor=ut&convallis=mauris&nulla=eget&neque=massa&libero=tempor&convallis=convallis&eget=nulla,TRUE
+http://goodreads.com/nec/sem.jsp?ultrices=sed&erat=sagittis&tortor=nam&sollicitudin=congue&mi=risus&sit=semper&amet=porta&lobortis=volutpat&sapien=quam&sapien=pede&non=lobortis&mi=ligula&integer=sit&ac=amet&neque=eleifend&duis=pede&bibendum=libero&morbi=quis&non=orci&quam=nullam&nec=molestie&dui=nibh&luctus=in&rutrum=lectus&nulla=pellentesque&tellus=at&in=nulla&sagittis=suspendisse&dui=potenti&vel=cras&nisl=in&duis=purus&ac=eu&nibh=magna&fusce=vulputate&lacus=luctus&purus=cum&aliquet=sociis&at=natoque&feugiat=penatibus&non=et&pretium=magnis&quis=dis&lectus=parturient&suspendisse=montes&potenti=nascetur&in=ridiculus&eleifend=mus&quam=vivamus&a=vestibulum&odio=sagittis&in=sapien&hac=cum&habitasse=sociis&platea=natoque&dictumst=penatibus&maecenas=et&ut=magnis&massa=dis&quis=parturient&augue=montes&luctus=nascetur&tincidunt=ridiculus&nulla=mus&mollis=etiam&molestie=vel&lorem=augue&quisque=vestibulum&ut=rutrum&erat=rutrum&curabitur=neque&gravida=aenean&nisi=auctor&at=gravida,TRUE
+http://home.pl/cubilia/curae/duis/faucibus.js?nam=vestibulum&congue=ante&risus=ipsum&semper=primis&porta=in&volutpat=faucibus&quam=orci&pede=luctus&lobortis=et&ligula=ultrices&sit=posuere&amet=cubilia&eleifend=curae&pede=duis&libero=faucibus&quis=accumsan&orci=odio&nullam=curabitur&molestie=convallis&nibh=duis&in=consequat&lectus=dui&pellentesque=nec&at=nisi&nulla=volutpat&suspendisse=eleifend&potenti=donec&cras=ut&in=dolor&purus=morbi&eu=vel&magna=lectus&vulputate=in,TRUE
+http://forbes.com/tellus/semper/interdum/mauris.aspx?scelerisque=faucibus&quam=orci&turpis=luctus&adipiscing=et&lorem=ultrices&vitae=posuere&mattis=cubilia&nibh=curae&ligula=mauris&nec=viverra&sem=diam&duis=vitae&aliquam=quam&convallis=suspendisse&nunc=potenti&proin=nullam&at=porttitor&turpis=lacus&a=at&pede=turpis&posuere=donec&nonummy=posuere&integer=metus&non=vitae&velit=ipsum&donec=aliquam&diam=non&neque=mauris&vestibulum=morbi&eget=non&vulputate=lectus&ut=aliquam,TRUE
+https://army.mil/suscipit/ligula/in/lacus.html?ut=convallis&erat=tortor&id=risus&mauris=dapibus&vulputate=augue&elementum=vel&nullam=accumsan&varius=tellus&nulla=nisi&facilisi=eu&cras=orci&non=mauris&velit=lacinia&nec=sapien&nisi=quis&vulputate=libero&nonummy=nullam&maecenas=sit&tincidunt=amet&lacus=turpis&at=elementum&velit=ligula&vivamus=vehicula&vel=consequat&nulla=morbi&eget=a&eros=ipsum&elementum=integer&pellentesque=a&quisque=nibh&porta=in&volutpat=quis&erat=justo&quisque=maecenas&erat=rhoncus&eros=aliquam&viverra=lacus&eget=morbi&congue=quis&eget=tortor&semper=id&rutrum=nulla&nulla=ultrices&nunc=aliquet&purus=maecenas&phasellus=leo&in=odio&felis=condimentum&donec=id,TRUE
+https://theglobeandmail.com/est.json?platea=ut&dictumst=odio&etiam=cras&faucibus=mi&cursus=pede&urna=malesuada&ut=in&tellus=imperdiet&nulla=et&ut=commodo&erat=vulputate&id=justo&mauris=in&vulputate=blandit&elementum=ultrices&nullam=enim&varius=lorem&nulla=ipsum&facilisi=dolor&cras=sit&non=amet&velit=consectetuer&nec=adipiscing&nisi=elit&vulputate=proin&nonummy=interdum&maecenas=mauris&tincidunt=non&lacus=ligula&at=pellentesque&velit=ultrices&vivamus=phasellus&vel=id&nulla=sapien&eget=in&eros=sapien&elementum=iaculis&pellentesque=congue&quisque=vivamus&porta=metus&volutpat=arcu&erat=adipiscing&quisque=molestie&erat=hendrerit&eros=at&viverra=vulputate&eget=vitae&congue=nisl&eget=aenean&semper=lectus&rutrum=pellentesque&nulla=eget&nunc=nunc&purus=donec,TRUE
+http://technorati.com/tempus/vivamus/in.png?lacus=ut&morbi=rhoncus&sem=aliquet&mauris=pulvinar&laoreet=sed&ut=nisl&rhoncus=nunc&aliquet=rhoncus&pulvinar=dui&sed=vel&nisl=sem&nunc=sed&rhoncus=sagittis&dui=nam&vel=congue&sem=risus&sed=semper&sagittis=porta&nam=volutpat&congue=quam&risus=pede&semper=lobortis&porta=ligula&volutpat=sit&quam=amet&pede=eleifend&lobortis=pede&ligula=libero&sit=quis&amet=orci&eleifend=nullam&pede=molestie&libero=nibh&quis=in&orci=lectus&nullam=pellentesque&molestie=at&nibh=nulla&in=suspendisse&lectus=potenti&pellentesque=cras&at=in&nulla=purus&suspendisse=eu&potenti=magna&cras=vulputate&in=luctus&purus=cum&eu=sociis&magna=natoque&vulputate=penatibus&luctus=et&cum=magnis&sociis=dis,TRUE
+https://umich.edu/dolor/sit/amet/consectetuer/adipiscing.aspx?ipsum=porttitor&integer=lacus&a=at&nibh=turpis&in=donec&quis=posuere&justo=metus&maecenas=vitae&rhoncus=ipsum&aliquam=aliquam&lacus=non&morbi=mauris&quis=morbi&tortor=non&id=lectus&nulla=aliquam&ultrices=sit&aliquet=amet&maecenas=diam&leo=in&odio=magna&condimentum=bibendum&id=imperdiet&luctus=nullam&nec=orci&molestie=pede&sed=venenatis&justo=non&pellentesque=sodales&viverra=sed&pede=tincidunt&ac=eu&diam=felis&cras=fusce&pellentesque=posuere&volutpat=felis&dui=sed&maecenas=lacus&tristique=morbi&est=sem&et=mauris&tempus=laoreet&semper=ut&est=rhoncus&quam=aliquet&pharetra=pulvinar,TRUE
+http://biglobe.ne.jp/at/diam/nam/tristique/tortor/eu.jsp?proin=ac&eu=diam&mi=cras&nulla=pellentesque&ac=volutpat&enim=dui&in=maecenas&tempor=tristique&turpis=est&nec=et&euismod=tempus&scelerisque=semper&quam=est&turpis=quam,TRUE
+https://studiopress.com/non/ligula/pellentesque/ultrices/phasellus/id/sapien.xml?vitae=rutrum&ipsum=rutrum&aliquam=neque&non=aenean&mauris=auctor&morbi=gravida&non=sem&lectus=praesent&aliquam=id&sit=massa&amet=id&diam=nisl&in=venenatis&magna=lacinia&bibendum=aenean&imperdiet=sit&nullam=amet&orci=justo&pede=morbi&venenatis=ut&non=odio&sodales=cras&sed=mi&tincidunt=pede&eu=malesuada&felis=in&fusce=imperdiet&posuere=et&felis=commodo&sed=vulputate&lacus=justo&morbi=in&sem=blandit&mauris=ultrices&laoreet=enim&ut=lorem&rhoncus=ipsum&aliquet=dolor&pulvinar=sit&sed=amet&nisl=consectetuer&nunc=adipiscing&rhoncus=elit&dui=proin&vel=interdum&sem=mauris&sed=non&sagittis=ligula&nam=pellentesque&congue=ultrices&risus=phasellus&semper=id&porta=sapien&volutpat=in&quam=sapien&pede=iaculis&lobortis=congue&ligula=vivamus&sit=metus&amet=arcu&eleifend=adipiscing&pede=molestie&libero=hendrerit&quis=at&orci=vulputate&nullam=vitae&molestie=nisl&nibh=aenean&in=lectus&lectus=pellentesque,TRUE
+https://bloglines.com/orci/luctus/et/ultrices/posuere.jsp?accumsan=fermentum&tortor=justo&quis=nec&turpis=condimentum&sed=neque&ante=sapien&vivamus=placerat&tortor=ante&duis=nulla&mattis=justo&egestas=aliquam&metus=quis&aenean=turpis&fermentum=eget&donec=elit&ut=sodales&mauris=scelerisque&eget=mauris&massa=sit&tempor=amet&convallis=eros&nulla=suspendisse&neque=accumsan&libero=tortor&convallis=quis&eget=turpis&eleifend=sed&luctus=ante&ultricies=vivamus&eu=tortor&nibh=duis&quisque=mattis&id=egestas&justo=metus&sit=aenean&amet=fermentum&sapien=donec&dignissim=ut&vestibulum=mauris&vestibulum=eget&ante=massa,TRUE
+http://istockphoto.com/vel/dapibus/at/diam.xml?nonummy=a&maecenas=libero&tincidunt=nam&lacus=dui&at=proin&velit=leo&vivamus=odio&vel=porttitor&nulla=id&eget=consequat&eros=in&elementum=consequat&pellentesque=ut&quisque=nulla&porta=sed&volutpat=accumsan&erat=felis&quisque=ut&erat=at&eros=dolor&viverra=quis&eget=odio&congue=consequat&eget=varius&semper=integer&rutrum=ac&nulla=leo&nunc=pellentesque&purus=ultrices&phasellus=mattis&in=odio&felis=donec&donec=vitae&semper=nisi&sapien=nam&a=ultrices&libero=libero&nam=non&dui=mattis&proin=pulvinar&leo=nulla&odio=pede&porttitor=ullamcorper&id=augue&consequat=a&in=suscipit&consequat=nulla&ut=elit&nulla=ac&sed=nulla&accumsan=sed&felis=vel&ut=enim&at=sit&dolor=amet&quis=nunc&odio=viverra&consequat=dapibus&varius=nulla&integer=suscipit&ac=ligula&leo=in&pellentesque=lacus&ultrices=curabitur&mattis=at&odio=ipsum&donec=ac&vitae=tellus&nisi=semper&nam=interdum&ultrices=mauris&libero=ullamcorper&non=purus&mattis=sit&pulvinar=amet&nulla=nulla&pede=quisque&ullamcorper=arcu&augue=libero&a=rutrum&suscipit=ac&nulla=lobortis&elit=vel&ac=dapibus&nulla=at&sed=diam&vel=nam&enim=tristique&sit=tortor,TRUE
+https://techcrunch.com/ipsum/primis/in/faucibus/orci/luctus.jsp?in=tincidunt&libero=nulla&ut=mollis&massa=molestie&volutpat=lorem&convallis=quisque&morbi=ut&odio=erat&odio=curabitur&elementum=gravida&eu=nisi&interdum=at&eu=nibh&tincidunt=in&in=hac&leo=habitasse&maecenas=platea&pulvinar=dictumst&lobortis=aliquam&est=augue&phasellus=quam&sit=sollicitudin&amet=vitae&erat=consectetuer&nulla=eget&tempus=rutrum&vivamus=at&in=lorem&felis=integer&eu=tincidunt&sapien=ante&cursus=vel&vestibulum=ipsum&proin=praesent&eu=blandit&mi=lacinia&nulla=erat&ac=vestibulum&enim=sed&in=magna,TRUE
+http://house.gov/et/ultrices/posuere.jsp?primis=vestibulum&in=proin&faucibus=eu&orci=mi&luctus=nulla&et=ac&ultrices=enim&posuere=in&cubilia=tempor&curae=turpis&donec=nec&pharetra=euismod&magna=scelerisque&vestibulum=quam&aliquet=turpis&ultrices=adipiscing&erat=lorem&tortor=vitae&sollicitudin=mattis&mi=nibh&sit=ligula&amet=nec&lobortis=sem&sapien=duis&sapien=aliquam&non=convallis&mi=nunc&integer=proin&ac=at&neque=turpis&duis=a&bibendum=pede&morbi=posuere&non=nonummy&quam=integer&nec=non&dui=velit&luctus=donec&rutrum=diam&nulla=neque&tellus=vestibulum&in=eget&sagittis=vulputate&dui=ut&vel=ultrices&nisl=vel&duis=augue&ac=vestibulum&nibh=ante&fusce=ipsum&lacus=primis&purus=in&aliquet=faucibus&at=orci&feugiat=luctus&non=et&pretium=ultrices&quis=posuere&lectus=cubilia&suspendisse=curae&potenti=donec&in=pharetra&eleifend=magna&quam=vestibulum&a=aliquet&odio=ultrices&in=erat&hac=tortor&habitasse=sollicitudin&platea=mi&dictumst=sit&maecenas=amet&ut=lobortis&massa=sapien&quis=sapien&augue=non&luctus=mi&tincidunt=integer&nulla=ac&mollis=neque&molestie=duis&lorem=bibendum&quisque=morbi&ut=non&erat=quam&curabitur=nec&gravida=dui&nisi=luctus&at=rutrum&nibh=nulla&in=tellus&hac=in&habitasse=sagittis&platea=dui,TRUE
+https://mediafire.com/in/purus/eu/magna/vulputate/luctus/cum.aspx?quis=dui&libero=vel&nullam=nisl&sit=duis&amet=ac&turpis=nibh&elementum=fusce&ligula=lacus&vehicula=purus&consequat=aliquet&morbi=at&a=feugiat&ipsum=non&integer=pretium&a=quis&nibh=lectus&in=suspendisse&quis=potenti&justo=in&maecenas=eleifend&rhoncus=quam&aliquam=a&lacus=odio&morbi=in&quis=hac&tortor=habitasse&id=platea&nulla=dictumst&ultrices=maecenas&aliquet=ut&maecenas=massa&leo=quis&odio=augue&condimentum=luctus&id=tincidunt&luctus=nulla&nec=mollis&molestie=molestie&sed=lorem&justo=quisque&pellentesque=ut&viverra=erat&pede=curabitur&ac=gravida&diam=nisi&cras=at&pellentesque=nibh&volutpat=in&dui=hac&maecenas=habitasse&tristique=platea&est=dictumst&et=aliquam&tempus=augue&semper=quam&est=sollicitudin&quam=vitae&pharetra=consectetuer&magna=eget&ac=rutrum&consequat=at&metus=lorem&sapien=integer&ut=tincidunt&nunc=ante&vestibulum=vel&ante=ipsum&ipsum=praesent&primis=blandit&in=lacinia&faucibus=erat&orci=vestibulum&luctus=sed&et=magna&ultrices=at&posuere=nunc&cubilia=commodo&curae=placerat&mauris=praesent&viverra=blandit&diam=nam&vitae=nulla&quam=integer&suspendisse=pede&potenti=justo&nullam=lacinia&porttitor=eget&lacus=tincidunt&at=eget&turpis=tempus&donec=vel&posuere=pede&metus=morbi&vitae=porttitor,TRUE
+https://4shared.com/at/velit/vivamus/vel.xml?quis=vel&lectus=pede&suspendisse=morbi&potenti=porttitor&in=lorem&eleifend=id&quam=ligula&a=suspendisse&odio=ornare&in=consequat&hac=lectus&habitasse=in&platea=est&dictumst=risus&maecenas=auctor&ut=sed&massa=tristique&quis=in&augue=tempus&luctus=sit&tincidunt=amet&nulla=sem&mollis=fusce&molestie=consequat&lorem=nulla&quisque=nisl&ut=nunc&erat=nisl&curabitur=duis&gravida=bibendum&nisi=felis,TRUE
+https://cargocollective.com/massa/id/lobortis/convallis/tortor/risus/dapibus.json?odio=luctus&curabitur=nec&convallis=molestie&duis=sed&consequat=justo&dui=pellentesque&nec=viverra&nisi=pede&volutpat=ac&eleifend=diam&donec=cras&ut=pellentesque&dolor=volutpat&morbi=dui&vel=maecenas&lectus=tristique&in=est&quam=et&fringilla=tempus&rhoncus=semper&mauris=est&enim=quam&leo=pharetra&rhoncus=magna&sed=ac&vestibulum=consequat&sit=metus&amet=sapien&cursus=ut&id=nunc&turpis=vestibulum&integer=ante&aliquet=ipsum&massa=primis&id=in&lobortis=faucibus&convallis=orci&tortor=luctus&risus=et&dapibus=ultrices&augue=posuere&vel=cubilia&accumsan=curae&tellus=mauris&nisi=viverra&eu=diam&orci=vitae&mauris=quam&lacinia=suspendisse&sapien=potenti&quis=nullam&libero=porttitor&nullam=lacus&sit=at&amet=turpis&turpis=donec&elementum=posuere&ligula=metus&vehicula=vitae&consequat=ipsum&morbi=aliquam&a=non&ipsum=mauris&integer=morbi&a=non&nibh=lectus&in=aliquam&quis=sit&justo=amet&maecenas=diam&rhoncus=in&aliquam=magna&lacus=bibendum&morbi=imperdiet&quis=nullam&tortor=orci,TRUE
+https://hibu.com/pede/malesuada/in/imperdiet.html?sem=amet&praesent=sem&id=fusce&massa=consequat&id=nulla&nisl=nisl&venenatis=nunc&lacinia=nisl&aenean=duis&sit=bibendum&amet=felis&justo=sed&morbi=interdum&ut=venenatis&odio=turpis&cras=enim&mi=blandit&pede=mi&malesuada=in&in=porttitor&imperdiet=pede&et=justo&commodo=eu&vulputate=massa&justo=donec&in=dapibus&blandit=duis&ultrices=at&enim=velit&lorem=eu&ipsum=est&dolor=congue&sit=elementum&amet=in&consectetuer=hac&adipiscing=habitasse&elit=platea&proin=dictumst&interdum=morbi&mauris=vestibulum&non=velit&ligula=id&pellentesque=pretium&ultrices=iaculis&phasellus=diam&id=erat&sapien=fermentum&in=justo&sapien=nec&iaculis=condimentum&congue=neque&vivamus=sapien&metus=placerat&arcu=ante&adipiscing=nulla&molestie=justo&hendrerit=aliquam&at=quis&vulputate=turpis&vitae=eget&nisl=elit&aenean=sodales&lectus=scelerisque&pellentesque=mauris&eget=sit&nunc=amet&donec=eros&quis=suspendisse&orci=accumsan&eget=tortor&orci=quis&vehicula=turpis&condimentum=sed&curabitur=ante&in=vivamus,TRUE
+http://bravesites.com/augue/quam/sollicitudin/vitae.jsp?at=non&nulla=velit&suspendisse=donec&potenti=diam&cras=neque&in=vestibulum&purus=eget&eu=vulputate&magna=ut&vulputate=ultrices&luctus=vel&cum=augue&sociis=vestibulum&natoque=ante&penatibus=ipsum&et=primis&magnis=in&dis=faucibus&parturient=orci&montes=luctus&nascetur=et&ridiculus=ultrices&mus=posuere&vivamus=cubilia&vestibulum=curae&sagittis=donec&sapien=pharetra&cum=magna&sociis=vestibulum&natoque=aliquet&penatibus=ultrices&et=erat&magnis=tortor&dis=sollicitudin&parturient=mi&montes=sit&nascetur=amet&ridiculus=lobortis&mus=sapien&etiam=sapien&vel=non&augue=mi&vestibulum=integer&rutrum=ac&rutrum=neque&neque=duis&aenean=bibendum&auctor=morbi&gravida=non&sem=quam&praesent=nec&id=dui&massa=luctus&id=rutrum&nisl=nulla&venenatis=tellus&lacinia=in&aenean=sagittis&sit=dui&amet=vel&justo=nisl&morbi=duis&ut=ac&odio=nibh&cras=fusce&mi=lacus&pede=purus&malesuada=aliquet&in=at&imperdiet=feugiat&et=non&commodo=pretium&vulputate=quis&justo=lectus,TRUE
+http://google.it/sit/amet/lobortis/sapien/sapien.aspx?augue=in&vel=felis&accumsan=donec&tellus=semper&nisi=sapien&eu=a&orci=libero&mauris=nam&lacinia=dui&sapien=proin&quis=leo,TRUE
+https://boston.com/justo/morbi/ut/odio/cras/mi.xml?vel=ligula&augue=vehicula&vestibulum=consequat&rutrum=morbi&rutrum=a&neque=ipsum&aenean=integer&auctor=a&gravida=nibh&sem=in&praesent=quis&id=justo&massa=maecenas&id=rhoncus&nisl=aliquam&venenatis=lacus&lacinia=morbi&aenean=quis&sit=tortor&amet=id&justo=nulla&morbi=ultrices&ut=aliquet&odio=maecenas&cras=leo&mi=odio&pede=condimentum&malesuada=id&in=luctus&imperdiet=nec&et=molestie&commodo=sed&vulputate=justo&justo=pellentesque&in=viverra&blandit=pede&ultrices=ac&enim=diam&lorem=cras&ipsum=pellentesque&dolor=volutpat&sit=dui&amet=maecenas&consectetuer=tristique&adipiscing=est&elit=et&proin=tempus&interdum=semper&mauris=est&non=quam&ligula=pharetra&pellentesque=magna&ultrices=ac&phasellus=consequat&id=metus&sapien=sapien&in=ut&sapien=nunc&iaculis=vestibulum&congue=ante&vivamus=ipsum&metus=primis&arcu=in&adipiscing=faucibus&molestie=orci&hendrerit=luctus&at=et&vulputate=ultrices&vitae=posuere&nisl=cubilia&aenean=curae&lectus=mauris&pellentesque=viverra&eget=diam&nunc=vitae&donec=quam&quis=suspendisse&orci=potenti&eget=nullam&orci=porttitor&vehicula=lacus&condimentum=at&curabitur=turpis&in=donec&libero=posuere&ut=metus&massa=vitae&volutpat=ipsum&convallis=aliquam&morbi=non&odio=mauris&odio=morbi&elementum=non&eu=lectus&interdum=aliquam&eu=sit&tincidunt=amet,TRUE
+https://vk.com/pharetra.jpg?posuere=proin&cubilia=eu&curae=mi&donec=nulla&pharetra=ac&magna=enim&vestibulum=in&aliquet=tempor&ultrices=turpis&erat=nec&tortor=euismod&sollicitudin=scelerisque&mi=quam&sit=turpis&amet=adipiscing&lobortis=lorem&sapien=vitae&sapien=mattis&non=nibh&mi=ligula&integer=nec&ac=sem&neque=duis&duis=aliquam&bibendum=convallis&morbi=nunc&non=proin,TRUE
+http://phpbb.com/lacus/at/turpis.png?duis=sit&bibendum=amet&morbi=sapien&non=dignissim&quam=vestibulum&nec=vestibulum&dui=ante&luctus=ipsum&rutrum=primis&nulla=in&tellus=faucibus&in=orci&sagittis=luctus&dui=et&vel=ultrices&nisl=posuere&duis=cubilia&ac=curae&nibh=nulla&fusce=dapibus&lacus=dolor,TRUE
+https://twitter.com/adipiscing/elit/proin/risus/praesent/lectus/vestibulum.html?felis=justo&donec=morbi&semper=ut&sapien=odio&a=cras&libero=mi&nam=pede&dui=malesuada&proin=in&leo=imperdiet&odio=et&porttitor=commodo&id=vulputate&consequat=justo&in=in&consequat=blandit&ut=ultrices&nulla=enim&sed=lorem&accumsan=ipsum&felis=dolor&ut=sit&at=amet&dolor=consectetuer&quis=adipiscing&odio=elit&consequat=proin&varius=interdum&integer=mauris&ac=non&leo=ligula&pellentesque=pellentesque&ultrices=ultrices&mattis=phasellus&odio=id&donec=sapien&vitae=in&nisi=sapien&nam=iaculis&ultrices=congue&libero=vivamus&non=metus&mattis=arcu&pulvinar=adipiscing&nulla=molestie&pede=hendrerit&ullamcorper=at&augue=vulputate&a=vitae&suscipit=nisl&nulla=aenean&elit=lectus&ac=pellentesque&nulla=eget&sed=nunc&vel=donec&enim=quis&sit=orci&amet=eget&nunc=orci&viverra=vehicula&dapibus=condimentum&nulla=curabitur&suscipit=in&ligula=libero&in=ut&lacus=massa&curabitur=volutpat&at=convallis&ipsum=morbi&ac=odio&tellus=odio&semper=elementum&interdum=eu&mauris=interdum&ullamcorper=eu&purus=tincidunt&sit=in&amet=leo&nulla=maecenas&quisque=pulvinar&arcu=lobortis&libero=est&rutrum=phasellus&ac=sit&lobortis=amet&vel=erat&dapibus=nulla&at=tempus&diam=vivamus&nam=in&tristique=felis&tortor=eu&eu=sapien&pede=cursus,TRUE
+http://nationalgeographic.com/eros/suspendisse.jpg?in=iaculis&quam=justo&fringilla=in&rhoncus=hac&mauris=habitasse&enim=platea&leo=dictumst&rhoncus=etiam&sed=faucibus&vestibulum=cursus,TRUE
+https://posterous.com/porttitor.xml?vestibulum=posuere&sagittis=felis&sapien=sed&cum=lacus&sociis=morbi&natoque=sem&penatibus=mauris&et=laoreet&magnis=ut&dis=rhoncus&parturient=aliquet&montes=pulvinar&nascetur=sed&ridiculus=nisl&mus=nunc&etiam=rhoncus&vel=dui&augue=vel&vestibulum=sem&rutrum=sed&rutrum=sagittis&neque=nam&aenean=congue&auctor=risus&gravida=semper&sem=porta&praesent=volutpat&id=quam&massa=pede&id=lobortis&nisl=ligula&venenatis=sit&lacinia=amet&aenean=eleifend&sit=pede&amet=libero&justo=quis&morbi=orci&ut=nullam&odio=molestie&cras=nibh&mi=in&pede=lectus,TRUE
+https://ted.com/non/quam/nec/dui/luctus/rutrum/nulla.js?in=elementum&faucibus=eu&orci=interdum&luctus=eu&et=tincidunt&ultrices=in&posuere=leo&cubilia=maecenas&curae=pulvinar&nulla=lobortis&dapibus=est&dolor=phasellus&vel=sit&est=amet&donec=erat&odio=nulla&justo=tempus&sollicitudin=vivamus&ut=in&suscipit=felis&a=eu&feugiat=sapien&et=cursus&eros=vestibulum&vestibulum=proin&ac=eu&est=mi&lacinia=nulla&nisi=ac&venenatis=enim&tristique=in&fusce=tempor&congue=turpis,TRUE
+http://nbcnews.com/pulvinar/nulla/pede/ullamcorper.jsp?proin=varius&at=ut&turpis=blandit&a=non&pede=interdum&posuere=in&nonummy=ante&integer=vestibulum&non=ante&velit=ipsum&donec=primis&diam=in&neque=faucibus&vestibulum=orci&eget=luctus&vulputate=et&ut=ultrices&ultrices=posuere&vel=cubilia&augue=curae&vestibulum=duis&ante=faucibus&ipsum=accumsan&primis=odio&in=curabitur&faucibus=convallis&orci=duis&luctus=consequat,TRUE
+http://comcast.net/eget/rutrum/at/lorem.jsp?eros=orci&viverra=luctus&eget=et&congue=ultrices&eget=posuere&semper=cubilia&rutrum=curae&nulla=mauris&nunc=viverra&purus=diam&phasellus=vitae&in=quam&felis=suspendisse&donec=potenti&semper=nullam&sapien=porttitor&a=lacus&libero=at&nam=turpis&dui=donec&proin=posuere&leo=metus&odio=vitae&porttitor=ipsum&id=aliquam&consequat=non&in=mauris&consequat=morbi&ut=non&nulla=lectus&sed=aliquam&accumsan=sit&felis=amet&ut=diam&at=in&dolor=magna&quis=bibendum&odio=imperdiet&consequat=nullam&varius=orci&integer=pede&ac=venenatis&leo=non&pellentesque=sodales&ultrices=sed&mattis=tincidunt&odio=eu&donec=felis&vitae=fusce&nisi=posuere&nam=felis&ultrices=sed&libero=lacus&non=morbi&mattis=sem&pulvinar=mauris&nulla=laoreet&pede=ut&ullamcorper=rhoncus&augue=aliquet&a=pulvinar&suscipit=sed&nulla=nisl&elit=nunc&ac=rhoncus&nulla=dui&sed=vel&vel=sem&enim=sed&sit=sagittis&amet=nam&nunc=congue&viverra=risus&dapibus=semper&nulla=porta&suscipit=volutpat&ligula=quam&in=pede&lacus=lobortis&curabitur=ligula&at=sit&ipsum=amet&ac=eleifend&tellus=pede&semper=libero&interdum=quis&mauris=orci&ullamcorper=nullam&purus=molestie&sit=nibh&amet=in&nulla=lectus&quisque=pellentesque&arcu=at&libero=nulla&rutrum=suspendisse,TRUE
+http://wix.com/vel/dapibus/at/diam/nam.jsp?vel=hendrerit&nisl=at&duis=vulputate&ac=vitae&nibh=nisl&fusce=aenean&lacus=lectus&purus=pellentesque&aliquet=eget&at=nunc&feugiat=donec&non=quis&pretium=orci&quis=eget&lectus=orci&suspendisse=vehicula&potenti=condimentum&in=curabitur&eleifend=in&quam=libero&a=ut&odio=massa&in=volutpat&hac=convallis&habitasse=morbi&platea=odio&dictumst=odio&maecenas=elementum&ut=eu,TRUE
+http://twitpic.com/lacus/at/velit/vivamus/vel/nulla.png?iaculis=vestibulum&justo=ante&in=ipsum&hac=primis&habitasse=in&platea=faucibus&dictumst=orci&etiam=luctus&faucibus=et&cursus=ultrices&urna=posuere&ut=cubilia&tellus=curae&nulla=duis&ut=faucibus&erat=accumsan&id=odio&mauris=curabitur&vulputate=convallis&elementum=duis&nullam=consequat&varius=dui&nulla=nec&facilisi=nisi&cras=volutpat&non=eleifend&velit=donec&nec=ut&nisi=dolor&vulputate=morbi&nonummy=vel&maecenas=lectus&tincidunt=in&lacus=quam&at=fringilla&velit=rhoncus&vivamus=mauris&vel=enim&nulla=leo&eget=rhoncus&eros=sed&elementum=vestibulum&pellentesque=sit&quisque=amet&porta=cursus&volutpat=id&erat=turpis&quisque=integer&erat=aliquet&eros=massa&viverra=id&eget=lobortis&congue=convallis&eget=tortor&semper=risus&rutrum=dapibus&nulla=augue&nunc=vel&purus=accumsan&phasellus=tellus&in=nisi&felis=eu&donec=orci&semper=mauris&sapien=lacinia&a=sapien&libero=quis&nam=libero&dui=nullam&proin=sit&leo=amet&odio=turpis&porttitor=elementum&id=ligula&consequat=vehicula&in=consequat&consequat=morbi&ut=a&nulla=ipsum&sed=integer&accumsan=a&felis=nibh&ut=in&at=quis&dolor=justo&quis=maecenas&odio=rhoncus&consequat=aliquam&varius=lacus&integer=morbi&ac=quis&leo=tortor&pellentesque=id,TRUE
+https://foxnews.com/turpis/adipiscing/lorem/vitae/mattis/nibh.json?vestibulum=nunc&sagittis=nisl&sapien=duis&cum=bibendum&sociis=felis&natoque=sed&penatibus=interdum&et=venenatis&magnis=turpis&dis=enim&parturient=blandit&montes=mi&nascetur=in&ridiculus=porttitor&mus=pede&etiam=justo&vel=eu&augue=massa&vestibulum=donec&rutrum=dapibus&rutrum=duis&neque=at&aenean=velit&auctor=eu&gravida=est&sem=congue&praesent=elementum&id=in&massa=hac&id=habitasse&nisl=platea&venenatis=dictumst&lacinia=morbi&aenean=vestibulum&sit=velit&amet=id&justo=pretium&morbi=iaculis&ut=diam&odio=erat&cras=fermentum&mi=justo&pede=nec&malesuada=condimentum&in=neque&imperdiet=sapien&et=placerat&commodo=ante&vulputate=nulla&justo=justo&in=aliquam&blandit=quis,TRUE
+http://nih.gov/nisi/vulputate/nonummy/maecenas/tincidunt.json?aliquet=aliquet&pulvinar=massa&sed=id&nisl=lobortis&nunc=convallis&rhoncus=tortor&dui=risus&vel=dapibus&sem=augue&sed=vel&sagittis=accumsan&nam=tellus&congue=nisi&risus=eu&semper=orci&porta=mauris&volutpat=lacinia&quam=sapien&pede=quis&lobortis=libero&ligula=nullam&sit=sit&amet=amet&eleifend=turpis&pede=elementum&libero=ligula&quis=vehicula&orci=consequat&nullam=morbi&molestie=a&nibh=ipsum&in=integer&lectus=a&pellentesque=nibh&at=in&nulla=quis&suspendisse=justo&potenti=maecenas&cras=rhoncus&in=aliquam&purus=lacus&eu=morbi&magna=quis&vulputate=tortor&luctus=id&cum=nulla&sociis=ultrices&natoque=aliquet&penatibus=maecenas&et=leo&magnis=odio&dis=condimentum&parturient=id&montes=luctus&nascetur=nec&ridiculus=molestie&mus=sed&vivamus=justo&vestibulum=pellentesque&sagittis=viverra&sapien=pede&cum=ac&sociis=diam&natoque=cras&penatibus=pellentesque&et=volutpat&magnis=dui&dis=maecenas&parturient=tristique&montes=est&nascetur=et,TRUE
+https://umich.edu/hendrerit/at/vulputate.html?pede=nunc&posuere=commodo&nonummy=placerat&integer=praesent&non=blandit&velit=nam&donec=nulla&diam=integer&neque=pede&vestibulum=justo&eget=lacinia&vulputate=eget&ut=tincidunt&ultrices=eget&vel=tempus&augue=vel&vestibulum=pede&ante=morbi&ipsum=porttitor&primis=lorem&in=id&faucibus=ligula&orci=suspendisse&luctus=ornare&et=consequat&ultrices=lectus&posuere=in&cubilia=est&curae=risus&donec=auctor&pharetra=sed&magna=tristique&vestibulum=in&aliquet=tempus&ultrices=sit&erat=amet&tortor=sem&sollicitudin=fusce&mi=consequat&sit=nulla&amet=nisl&lobortis=nunc&sapien=nisl&sapien=duis&non=bibendum&mi=felis&integer=sed&ac=interdum&neque=venenatis&duis=turpis&bibendum=enim&morbi=blandit&non=mi&quam=in&nec=porttitor&dui=pede&luctus=justo&rutrum=eu&nulla=massa&tellus=donec&in=dapibus&sagittis=duis&dui=at&vel=velit&nisl=eu&duis=est&ac=congue&nibh=elementum&fusce=in&lacus=hac&purus=habitasse&aliquet=platea&at=dictumst&feugiat=morbi&non=vestibulum&pretium=velit&quis=id&lectus=pretium&suspendisse=iaculis&potenti=diam&in=erat&eleifend=fermentum&quam=justo&a=nec&odio=condimentum&in=neque&hac=sapien&habitasse=placerat&platea=ante&dictumst=nulla&maecenas=justo&ut=aliquam&massa=quis&quis=turpis&augue=eget&luctus=elit,TRUE
+https://reverbnation.com/ligula/suspendisse/ornare/consequat.html?porttitor=erat&id=vestibulum&consequat=sed&in=magna&consequat=at&ut=nunc&nulla=commodo,TRUE
+https://elegantthemes.com/risus/dapibus.jpg?quis=dis&orci=parturient&eget=montes&orci=nascetur&vehicula=ridiculus&condimentum=mus&curabitur=vivamus&in=vestibulum&libero=sagittis&ut=sapien&massa=cum&volutpat=sociis&convallis=natoque&morbi=penatibus&odio=et&odio=magnis&elementum=dis&eu=parturient&interdum=montes&eu=nascetur&tincidunt=ridiculus&in=mus&leo=etiam&maecenas=vel&pulvinar=augue&lobortis=vestibulum&est=rutrum&phasellus=rutrum&sit=neque&amet=aenean&erat=auctor&nulla=gravida&tempus=sem&vivamus=praesent&in=id&felis=massa,TRUE
+http://bandcamp.com/erat/eros/viverra/eget/congue.jsp?libero=dui&quis=nec&orci=nisi&nullam=volutpat&molestie=eleifend&nibh=donec&in=ut&lectus=dolor&pellentesque=morbi&at=vel&nulla=lectus&suspendisse=in&potenti=quam&cras=fringilla&in=rhoncus&purus=mauris&eu=enim&magna=leo&vulputate=rhoncus&luctus=sed&cum=vestibulum&sociis=sit&natoque=amet&penatibus=cursus&et=id&magnis=turpis&dis=integer&parturient=aliquet&montes=massa&nascetur=id&ridiculus=lobortis&mus=convallis&vivamus=tortor&vestibulum=risus&sagittis=dapibus&sapien=augue&cum=vel&sociis=accumsan&natoque=tellus&penatibus=nisi&et=eu&magnis=orci&dis=mauris&parturient=lacinia&montes=sapien&nascetur=quis&ridiculus=libero&mus=nullam&etiam=sit&vel=amet&augue=turpis&vestibulum=elementum&rutrum=ligula&rutrum=vehicula&neque=consequat&aenean=morbi&auctor=a&gravida=ipsum&sem=integer&praesent=a&id=nibh&massa=in&id=quis&nisl=justo&venenatis=maecenas&lacinia=rhoncus&aenean=aliquam&sit=lacus&amet=morbi&justo=quis&morbi=tortor&ut=id&odio=nulla&cras=ultrices&mi=aliquet&pede=maecenas&malesuada=leo&in=odio&imperdiet=condimentum&et=id&commodo=luctus&vulputate=nec&justo=molestie&in=sed&blandit=justo&ultrices=pellentesque&enim=viverra&lorem=pede&ipsum=ac&dolor=diam&sit=cras&amet=pellentesque&consectetuer=volutpat&adipiscing=dui&elit=maecenas&proin=tristique,TRUE
+http://seattletimes.com/ligula/sit/amet/eleifend/pede.aspx?in=faucibus&faucibus=orci&orci=luctus&luctus=et&et=ultrices&ultrices=posuere&posuere=cubilia&cubilia=curae&curae=mauris&nulla=viverra&dapibus=diam&dolor=vitae&vel=quam&est=suspendisse&donec=potenti&odio=nullam&justo=porttitor&sollicitudin=lacus&ut=at&suscipit=turpis&a=donec&feugiat=posuere&et=metus&eros=vitae&vestibulum=ipsum&ac=aliquam&est=non,TRUE
+http://drupal.org/vestibulum/ante/ipsum/primis/in.aspx?nisl=turpis&ut=nec&volutpat=euismod&sapien=scelerisque&arcu=quam&sed=turpis&augue=adipiscing&aliquam=lorem&erat=vitae&volutpat=mattis&in=nibh&congue=ligula&etiam=nec&justo=sem&etiam=duis&pretium=aliquam&iaculis=convallis&justo=nunc&in=proin&hac=at&habitasse=turpis&platea=a&dictumst=pede&etiam=posuere&faucibus=nonummy&cursus=integer&urna=non&ut=velit&tellus=donec&nulla=diam&ut=neque&erat=vestibulum&id=eget&mauris=vulputate&vulputate=ut&elementum=ultrices&nullam=vel&varius=augue&nulla=vestibulum&facilisi=ante&cras=ipsum&non=primis&velit=in&nec=faucibus&nisi=orci&vulputate=luctus&nonummy=et&maecenas=ultrices&tincidunt=posuere&lacus=cubilia&at=curae&velit=donec&vivamus=pharetra&vel=magna&nulla=vestibulum&eget=aliquet&eros=ultrices&elementum=erat&pellentesque=tortor&quisque=sollicitudin&porta=mi&volutpat=sit&erat=amet&quisque=lobortis&erat=sapien&eros=sapien&viverra=non&eget=mi&congue=integer&eget=ac&semper=neque&rutrum=duis&nulla=bibendum&nunc=morbi&purus=non&phasellus=quam&in=nec&felis=dui&donec=luctus&semper=rutrum&sapien=nulla&a=tellus&libero=in,TRUE
+https://newyorker.com/eu/orci/mauris/lacinia.html?erat=eros&tortor=suspendisse&sollicitudin=accumsan&mi=tortor&sit=quis&amet=turpis&lobortis=sed&sapien=ante&sapien=vivamus&non=tortor&mi=duis&integer=mattis&ac=egestas&neque=metus&duis=aenean&bibendum=fermentum&morbi=donec&non=ut&quam=mauris&nec=eget,TRUE
+http://alexa.com/vehicula/condimentum/curabitur/in/libero.json?cubilia=vel&curae=nulla&donec=eget&pharetra=eros&magna=elementum&vestibulum=pellentesque&aliquet=quisque&ultrices=porta&erat=volutpat&tortor=erat&sollicitudin=quisque&mi=erat&sit=eros&amet=viverra&lobortis=eget&sapien=congue&sapien=eget&non=semper&mi=rutrum&integer=nulla&ac=nunc&neque=purus&duis=phasellus&bibendum=in&morbi=felis&non=donec&quam=semper&nec=sapien&dui=a&luctus=libero&rutrum=nam&nulla=dui&tellus=proin&in=leo&sagittis=odio&dui=porttitor&vel=id&nisl=consequat&duis=in&ac=consequat&nibh=ut&fusce=nulla&lacus=sed&purus=accumsan&aliquet=felis&at=ut&feugiat=at&non=dolor&pretium=quis&quis=odio&lectus=consequat&suspendisse=varius&potenti=integer&in=ac&eleifend=leo&quam=pellentesque&a=ultrices&odio=mattis&in=odio&hac=donec&habitasse=vitae&platea=nisi&dictumst=nam&maecenas=ultrices&ut=libero&massa=non&quis=mattis&augue=pulvinar&luctus=nulla&tincidunt=pede&nulla=ullamcorper&mollis=augue&molestie=a&lorem=suscipit&quisque=nulla&ut=elit&erat=ac,TRUE
+http://linkedin.com/massa/id/lobortis/convallis/tortor.jsp?vitae=justo&consectetuer=nec&eget=condimentum&rutrum=neque&at=sapien&lorem=placerat&integer=ante&tincidunt=nulla&ante=justo&vel=aliquam&ipsum=quis&praesent=turpis&blandit=eget&lacinia=elit&erat=sodales&vestibulum=scelerisque&sed=mauris&magna=sit&at=amet&nunc=eros&commodo=suspendisse&placerat=accumsan&praesent=tortor&blandit=quis&nam=turpis&nulla=sed&integer=ante&pede=vivamus&justo=tortor&lacinia=duis&eget=mattis&tincidunt=egestas&eget=metus&tempus=aenean&vel=fermentum&pede=donec&morbi=ut&porttitor=mauris&lorem=eget&id=massa&ligula=tempor&suspendisse=convallis&ornare=nulla&consequat=neque&lectus=libero&in=convallis&est=eget&risus=eleifend&auctor=luctus&sed=ultricies&tristique=eu&in=nibh&tempus=quisque&sit=id&amet=justo&sem=sit&fusce=amet&consequat=sapien&nulla=dignissim&nisl=vestibulum&nunc=vestibulum&nisl=ante&duis=ipsum&bibendum=primis&felis=in&sed=faucibus&interdum=orci&venenatis=luctus&turpis=et&enim=ultrices&blandit=posuere&mi=cubilia&in=curae&porttitor=nulla&pede=dapibus&justo=dolor&eu=vel&massa=est&donec=donec&dapibus=odio&duis=justo&at=sollicitudin&velit=ut&eu=suscipit,TRUE
+http://loc.gov/cursus/urna/ut/tellus.html?sagittis=orci&sapien=luctus&cum=et&sociis=ultrices&natoque=posuere&penatibus=cubilia&et=curae&magnis=nulla&dis=dapibus&parturient=dolor&montes=vel&nascetur=est&ridiculus=donec&mus=odio&etiam=justo&vel=sollicitudin&augue=ut&vestibulum=suscipit&rutrum=a&rutrum=feugiat&neque=et&aenean=eros&auctor=vestibulum&gravida=ac&sem=est&praesent=lacinia&id=nisi&massa=venenatis&id=tristique&nisl=fusce&venenatis=congue&lacinia=diam&aenean=id&sit=ornare&amet=imperdiet&justo=sapien,TRUE
+https://topsy.com/urna/pretium/nisl.jpg?lobortis=proin&est=interdum&phasellus=mauris&sit=non&amet=ligula&erat=pellentesque&nulla=ultrices&tempus=phasellus&vivamus=id&in=sapien&felis=in&eu=sapien&sapien=iaculis&cursus=congue&vestibulum=vivamus&proin=metus&eu=arcu&mi=adipiscing&nulla=molestie&ac=hendrerit&enim=at&in=vulputate&tempor=vitae&turpis=nisl&nec=aenean&euismod=lectus&scelerisque=pellentesque&quam=eget&turpis=nunc&adipiscing=donec&lorem=quis&vitae=orci&mattis=eget&nibh=orci&ligula=vehicula&nec=condimentum&sem=curabitur&duis=in&aliquam=libero&convallis=ut&nunc=massa&proin=volutpat&at=convallis&turpis=morbi&a=odio&pede=odio&posuere=elementum&nonummy=eu&integer=interdum&non=eu&velit=tincidunt&donec=in&diam=leo&neque=maecenas&vestibulum=pulvinar&eget=lobortis&vulputate=est&ut=phasellus&ultrices=sit&vel=amet&augue=erat&vestibulum=nulla&ante=tempus&ipsum=vivamus&primis=in&in=felis&faucibus=eu&orci=sapien&luctus=cursus&et=vestibulum&ultrices=proin&posuere=eu&cubilia=mi&curae=nulla&donec=ac&pharetra=enim&magna=in&vestibulum=tempor&aliquet=turpis&ultrices=nec&erat=euismod&tortor=scelerisque&sollicitudin=quam&mi=turpis&sit=adipiscing&amet=lorem&lobortis=vitae&sapien=mattis&sapien=nibh&non=ligula&mi=nec&integer=sem&ac=duis&neque=aliquam,TRUE
+https://army.mil/felis/eu/sapien/cursus/vestibulum/proin.xml?id=a&turpis=odio,TRUE
+http://wordpress.com/volutpat/quam/pede.js?scelerisque=primis&mauris=in&sit=faucibus&amet=orci&eros=luctus&suspendisse=et&accumsan=ultrices&tortor=posuere&quis=cubilia&turpis=curae&sed=mauris&ante=viverra&vivamus=diam&tortor=vitae&duis=quam&mattis=suspendisse&egestas=potenti&metus=nullam&aenean=porttitor&fermentum=lacus&donec=at&ut=turpis&mauris=donec&eget=posuere&massa=metus&tempor=vitae&convallis=ipsum&nulla=aliquam&neque=non&libero=mauris&convallis=morbi&eget=non&eleifend=lectus&luctus=aliquam&ultricies=sit&eu=amet&nibh=diam&quisque=in&id=magna&justo=bibendum&sit=imperdiet&amet=nullam&sapien=orci&dignissim=pede&vestibulum=venenatis&vestibulum=non&ante=sodales&ipsum=sed&primis=tincidunt&in=eu&faucibus=felis&orci=fusce&luctus=posuere&et=felis&ultrices=sed&posuere=lacus&cubilia=morbi&curae=sem&nulla=mauris&dapibus=laoreet&dolor=ut&vel=rhoncus&est=aliquet&donec=pulvinar&odio=sed&justo=nisl&sollicitudin=nunc&ut=rhoncus&suscipit=dui&a=vel&feugiat=sem&et=sed&eros=sagittis&vestibulum=nam&ac=congue&est=risus&lacinia=semper&nisi=porta&venenatis=volutpat&tristique=quam&fusce=pede&congue=lobortis&diam=ligula&id=sit&ornare=amet&imperdiet=eleifend&sapien=pede&urna=libero&pretium=quis&nisl=orci&ut=nullam&volutpat=molestie,TRUE
+http://army.mil/pellentesque/ultrices.png?euismod=tempus&scelerisque=vivamus&quam=in,TRUE
+http://ucoz.ru/diam/erat/fermentum/justo.html?et=at&ultrices=turpis&posuere=a&cubilia=pede&curae=posuere&donec=nonummy&pharetra=integer&magna=non&vestibulum=velit&aliquet=donec&ultrices=diam&erat=neque&tortor=vestibulum&sollicitudin=eget&mi=vulputate&sit=ut&amet=ultrices&lobortis=vel&sapien=augue&sapien=vestibulum&non=ante&mi=ipsum&integer=primis&ac=in,TRUE
+https://java.com/maecenas/tincidunt/lacus/at/velit.xml?facilisi=amet&cras=eleifend,TRUE
+http://google.es/in/sapien.aspx?pede=donec&justo=ut&lacinia=mauris&eget=eget&tincidunt=massa&eget=tempor&tempus=convallis&vel=nulla&pede=neque&morbi=libero&porttitor=convallis&lorem=eget&id=eleifend&ligula=luctus&suspendisse=ultricies&ornare=eu&consequat=nibh&lectus=quisque&in=id&est=justo&risus=sit&auctor=amet&sed=sapien&tristique=dignissim,TRUE
+https://rambler.ru/pede.aspx?mauris=nullam&laoreet=porttitor&ut=lacus&rhoncus=at&aliquet=turpis&pulvinar=donec&sed=posuere&nisl=metus&nunc=vitae&rhoncus=ipsum&dui=aliquam&vel=non&sem=mauris&sed=morbi&sagittis=non&nam=lectus&congue=aliquam&risus=sit&semper=amet&porta=diam&volutpat=in&quam=magna&pede=bibendum&lobortis=imperdiet&ligula=nullam&sit=orci&amet=pede&eleifend=venenatis&pede=non&libero=sodales&quis=sed&orci=tincidunt&nullam=eu&molestie=felis&nibh=fusce&in=posuere&lectus=felis&pellentesque=sed&at=lacus&nulla=morbi&suspendisse=sem&potenti=mauris&cras=laoreet&in=ut&purus=rhoncus&eu=aliquet&magna=pulvinar&vulputate=sed&luctus=nisl&cum=nunc&sociis=rhoncus&natoque=dui&penatibus=vel&et=sem&magnis=sed&dis=sagittis&parturient=nam&montes=congue&nascetur=risus&ridiculus=semper&mus=porta&vivamus=volutpat&vestibulum=quam&sagittis=pede&sapien=lobortis&cum=ligula&sociis=sit&natoque=amet&penatibus=eleifend&et=pede&magnis=libero&dis=quis&parturient=orci&montes=nullam&nascetur=molestie&ridiculus=nibh&mus=in&etiam=lectus&vel=pellentesque&augue=at&vestibulum=nulla&rutrum=suspendisse&rutrum=potenti&neque=cras&aenean=in&auctor=purus&gravida=eu&sem=magna&praesent=vulputate&id=luctus&massa=cum&id=sociis&nisl=natoque&venenatis=penatibus&lacinia=et&aenean=magnis,TRUE
+https://simplemachines.org/cubilia/curae.html?fringilla=integer&rhoncus=non&mauris=velit&enim=donec&leo=diam&rhoncus=neque&sed=vestibulum&vestibulum=eget&sit=vulputate&amet=ut&cursus=ultrices&id=vel&turpis=augue&integer=vestibulum&aliquet=ante&massa=ipsum&id=primis&lobortis=in&convallis=faucibus&tortor=orci&risus=luctus&dapibus=et&augue=ultrices&vel=posuere&accumsan=cubilia&tellus=curae&nisi=donec&eu=pharetra&orci=magna&mauris=vestibulum&lacinia=aliquet&sapien=ultrices&quis=erat&libero=tortor&nullam=sollicitudin&sit=mi&amet=sit&turpis=amet&elementum=lobortis&ligula=sapien&vehicula=sapien&consequat=non&morbi=mi&a=integer&ipsum=ac&integer=neque&a=duis&nibh=bibendum&in=morbi&quis=non&justo=quam&maecenas=nec&rhoncus=dui&aliquam=luctus&lacus=rutrum&morbi=nulla&quis=tellus&tortor=in&id=sagittis&nulla=dui&ultrices=vel&aliquet=nisl&maecenas=duis&leo=ac&odio=nibh&condimentum=fusce&id=lacus&luctus=purus&nec=aliquet&molestie=at&sed=feugiat&justo=non&pellentesque=pretium&viverra=quis&pede=lectus&ac=suspendisse&diam=potenti&cras=in&pellentesque=eleifend&volutpat=quam&dui=a&maecenas=odio&tristique=in&est=hac&et=habitasse&tempus=platea&semper=dictumst&est=maecenas&quam=ut&pharetra=massa&magna=quis&ac=augue&consequat=luctus&metus=tincidunt,TRUE
+https://ifeng.com/parturient/montes/nascetur/ridiculus/mus/etiam.jsp?amet=vehicula&sapien=condimentum&dignissim=curabitur&vestibulum=in&vestibulum=libero&ante=ut&ipsum=massa&primis=volutpat&in=convallis&faucibus=morbi&orci=odio&luctus=odio&et=elementum&ultrices=eu&posuere=interdum&cubilia=eu&curae=tincidunt&nulla=in&dapibus=leo&dolor=maecenas&vel=pulvinar&est=lobortis&donec=est&odio=phasellus&justo=sit&sollicitudin=amet&ut=erat&suscipit=nulla&a=tempus&feugiat=vivamus&et=in&eros=felis&vestibulum=eu&ac=sapien&est=cursus&lacinia=vestibulum&nisi=proin&venenatis=eu&tristique=mi&fusce=nulla&congue=ac&diam=enim&id=in&ornare=tempor&imperdiet=turpis&sapien=nec&urna=euismod&pretium=scelerisque&nisl=quam&ut=turpis&volutpat=adipiscing&sapien=lorem&arcu=vitae&sed=mattis&augue=nibh&aliquam=ligula&erat=nec&volutpat=sem&in=duis&congue=aliquam&etiam=convallis&justo=nunc&etiam=proin&pretium=at&iaculis=turpis&justo=a&in=pede&hac=posuere&habitasse=nonummy&platea=integer&dictumst=non&etiam=velit&faucibus=donec&cursus=diam&urna=neque&ut=vestibulum&tellus=eget&nulla=vulputate&ut=ut&erat=ultrices&id=vel,TRUE
+http://apple.com/pellentesque/viverra/pede/ac/diam.json?sollicitudin=auctor&ut=sed&suscipit=tristique&a=in&feugiat=tempus&et=sit&eros=amet&vestibulum=sem&ac=fusce&est=consequat&lacinia=nulla&nisi=nisl&venenatis=nunc&tristique=nisl&fusce=duis&congue=bibendum&diam=felis&id=sed&ornare=interdum&imperdiet=venenatis&sapien=turpis&urna=enim&pretium=blandit&nisl=mi&ut=in&volutpat=porttitor&sapien=pede&arcu=justo&sed=eu&augue=massa&aliquam=donec&erat=dapibus&volutpat=duis&in=at&congue=velit&etiam=eu&justo=est&etiam=congue&pretium=elementum&iaculis=in&justo=hac&in=habitasse&hac=platea&habitasse=dictumst&platea=morbi&dictumst=vestibulum&etiam=velit&faucibus=id&cursus=pretium&urna=iaculis&ut=diam&tellus=erat&nulla=fermentum&ut=justo&erat=nec&id=condimentum&mauris=neque&vulputate=sapien&elementum=placerat&nullam=ante&varius=nulla&nulla=justo&facilisi=aliquam&cras=quis&non=turpis&velit=eget&nec=elit&nisi=sodales&vulputate=scelerisque&nonummy=mauris&maecenas=sit&tincidunt=amet&lacus=eros&at=suspendisse&velit=accumsan&vivamus=tortor&vel=quis&nulla=turpis&eget=sed&eros=ante&elementum=vivamus&pellentesque=tortor,TRUE
+http://independent.co.uk/dapibus/augue/vel/accumsan/tellus/nisi/eu.js?in=aliquet&magna=pulvinar&bibendum=sed&imperdiet=nisl&nullam=nunc&orci=rhoncus&pede=dui&venenatis=vel&non=sem&sodales=sed&sed=sagittis&tincidunt=nam&eu=congue&felis=risus&fusce=semper&posuere=porta&felis=volutpat&sed=quam,TRUE
+http://virginia.edu/duis/aliquam/convallis.jpg?accumsan=interdum&odio=eu&curabitur=tincidunt&convallis=in&duis=leo&consequat=maecenas&dui=pulvinar&nec=lobortis&nisi=est&volutpat=phasellus&eleifend=sit&donec=amet&ut=erat&dolor=nulla&morbi=tempus&vel=vivamus&lectus=in&in=felis&quam=eu&fringilla=sapien&rhoncus=cursus&mauris=vestibulum&enim=proin&leo=eu&rhoncus=mi&sed=nulla&vestibulum=ac&sit=enim&amet=in&cursus=tempor&id=turpis&turpis=nec&integer=euismod&aliquet=scelerisque&massa=quam&id=turpis&lobortis=adipiscing&convallis=lorem&tortor=vitae&risus=mattis&dapibus=nibh&augue=ligula&vel=nec&accumsan=sem&tellus=duis&nisi=aliquam&eu=convallis,TRUE
+https://sciencedaily.com/mattis/odio/donec/vitae/nisi.js?ante=curae&vestibulum=mauris&ante=viverra&ipsum=diam&primis=vitae&in=quam&faucibus=suspendisse&orci=potenti&luctus=nullam&et=porttitor&ultrices=lacus&posuere=at&cubilia=turpis&curae=donec&duis=posuere&faucibus=metus&accumsan=vitae&odio=ipsum&curabitur=aliquam&convallis=non&duis=mauris&consequat=morbi&dui=non&nec=lectus&nisi=aliquam&volutpat=sit&eleifend=amet&donec=diam&ut=in&dolor=magna&morbi=bibendum&vel=imperdiet&lectus=nullam&in=orci&quam=pede&fringilla=venenatis&rhoncus=non&mauris=sodales&enim=sed&leo=tincidunt&rhoncus=eu&sed=felis&vestibulum=fusce&sit=posuere&amet=felis&cursus=sed&id=lacus&turpis=morbi&integer=sem&aliquet=mauris&massa=laoreet&id=ut&lobortis=rhoncus&convallis=aliquet&tortor=pulvinar&risus=sed&dapibus=nisl&augue=nunc&vel=rhoncus&accumsan=dui&tellus=vel&nisi=sem&eu=sed&orci=sagittis&mauris=nam&lacinia=congue&sapien=risus&quis=semper&libero=porta&nullam=volutpat&sit=quam&amet=pede&turpis=lobortis&elementum=ligula&ligula=sit&vehicula=amet&consequat=eleifend&morbi=pede&a=libero&ipsum=quis&integer=orci&a=nullam&nibh=molestie&in=nibh&quis=in&justo=lectus&maecenas=pellentesque&rhoncus=at&aliquam=nulla&lacus=suspendisse&morbi=potenti&quis=cras&tortor=in,TRUE
+https://i2i.jp/nisl/aenean/lectus/pellentesque/eget.aspx?aliquam=parturient&erat=montes&volutpat=nascetur&in=ridiculus&congue=mus&etiam=vivamus&justo=vestibulum&etiam=sagittis&pretium=sapien&iaculis=cum&justo=sociis&in=natoque&hac=penatibus&habitasse=et&platea=magnis&dictumst=dis&etiam=parturient&faucibus=montes&cursus=nascetur&urna=ridiculus&ut=mus&tellus=etiam&nulla=vel&ut=augue&erat=vestibulum&id=rutrum&mauris=rutrum&vulputate=neque&elementum=aenean&nullam=auctor&varius=gravida&nulla=sem&facilisi=praesent&cras=id&non=massa&velit=id&nec=nisl&nisi=venenatis&vulputate=lacinia&nonummy=aenean&maecenas=sit&tincidunt=amet&lacus=justo,TRUE
+https://163.com/accumsan/tellus/nisi/eu.json?metus=mi,TRUE
+https://columbia.edu/felis/donec/semper/sapien/a.aspx?dis=proin&parturient=eu&montes=mi&nascetur=nulla&ridiculus=ac&mus=enim&vivamus=in&vestibulum=tempor&sagittis=turpis&sapien=nec&cum=euismod&sociis=scelerisque&natoque=quam&penatibus=turpis&et=adipiscing&magnis=lorem&dis=vitae&parturient=mattis&montes=nibh&nascetur=ligula&ridiculus=nec&mus=sem&etiam=duis&vel=aliquam&augue=convallis&vestibulum=nunc&rutrum=proin&rutrum=at&neque=turpis&aenean=a&auctor=pede&gravida=posuere&sem=nonummy&praesent=integer&id=non&massa=velit&id=donec&nisl=diam&venenatis=neque&lacinia=vestibulum&aenean=eget&sit=vulputate&amet=ut&justo=ultrices&morbi=vel&ut=augue&odio=vestibulum&cras=ante&mi=ipsum&pede=primis&malesuada=in&in=faucibus&imperdiet=orci&et=luctus&commodo=et&vulputate=ultrices&justo=posuere&in=cubilia&blandit=curae&ultrices=donec&enim=pharetra&lorem=magna&ipsum=vestibulum&dolor=aliquet&sit=ultrices&amet=erat,TRUE
+https://theglobeandmail.com/justo/lacinia/eget/tincidunt.jsp?luctus=non&et=velit,TRUE
+http://dailymotion.com/pede/libero.aspx?ut=sit&erat=amet&curabitur=lobortis&gravida=sapien&nisi=sapien&at=non&nibh=mi&in=integer&hac=ac&habitasse=neque&platea=duis&dictumst=bibendum&aliquam=morbi&augue=non&quam=quam&sollicitudin=nec&vitae=dui&consectetuer=luctus&eget=rutrum&rutrum=nulla&at=tellus&lorem=in&integer=sagittis&tincidunt=dui&ante=vel&vel=nisl&ipsum=duis&praesent=ac&blandit=nibh&lacinia=fusce,TRUE
+http://cnn.com/dis/parturient/montes/nascetur/ridiculus.jsp?nibh=nonummy&in=maecenas&hac=tincidunt&habitasse=lacus&platea=at&dictumst=velit&aliquam=vivamus&augue=vel&quam=nulla&sollicitudin=eget&vitae=eros&consectetuer=elementum&eget=pellentesque&rutrum=quisque&at=porta&lorem=volutpat&integer=erat&tincidunt=quisque&ante=erat&vel=eros&ipsum=viverra&praesent=eget&blandit=congue&lacinia=eget&erat=semper&vestibulum=rutrum&sed=nulla&magna=nunc&at=purus&nunc=phasellus&commodo=in&placerat=felis&praesent=donec&blandit=semper&nam=sapien&nulla=a&integer=libero&pede=nam&justo=dui&lacinia=proin&eget=leo&tincidunt=odio&eget=porttitor&tempus=id&vel=consequat&pede=in&morbi=consequat&porttitor=ut&lorem=nulla&id=sed&ligula=accumsan&suspendisse=felis&ornare=ut&consequat=at&lectus=dolor,TRUE
+https://github.io/vehicula/condimentum/curabitur/in.jpg?lectus=proin&in=risus&est=praesent&risus=lectus&auctor=vestibulum&sed=quam&tristique=sapien&in=varius&tempus=ut&sit=blandit&amet=non&sem=interdum&fusce=in&consequat=ante&nulla=vestibulum&nisl=ante,TRUE
+https://hostgator.com/magna/vestibulum.js?integer=convallis&ac=eget&leo=eleifend&pellentesque=luctus&ultrices=ultricies&mattis=eu&odio=nibh&donec=quisque&vitae=id&nisi=justo&nam=sit&ultrices=amet&libero=sapien&non=dignissim&mattis=vestibulum&pulvinar=vestibulum&nulla=ante&pede=ipsum&ullamcorper=primis&augue=in&a=faucibus&suscipit=orci&nulla=luctus&elit=et&ac=ultrices&nulla=posuere&sed=cubilia&vel=curae&enim=nulla&sit=dapibus&amet=dolor&nunc=vel&viverra=est&dapibus=donec&nulla=odio&suscipit=justo&ligula=sollicitudin&in=ut&lacus=suscipit&curabitur=a&at=feugiat&ipsum=et&ac=eros&tellus=vestibulum&semper=ac&interdum=est&mauris=lacinia,TRUE
+https://accuweather.com/risus/semper/porta/volutpat/quam.jpg?nulla=eget&suspendisse=nunc&potenti=donec&cras=quis&in=orci&purus=eget&eu=orci&magna=vehicula&vulputate=condimentum&luctus=curabitur&cum=in&sociis=libero&natoque=ut&penatibus=massa&et=volutpat&magnis=convallis&dis=morbi&parturient=odio&montes=odio&nascetur=elementum&ridiculus=eu&mus=interdum&vivamus=eu&vestibulum=tincidunt&sagittis=in&sapien=leo&cum=maecenas&sociis=pulvinar&natoque=lobortis&penatibus=est&et=phasellus&magnis=sit&dis=amet&parturient=erat&montes=nulla&nascetur=tempus&ridiculus=vivamus&mus=in&etiam=felis&vel=eu&augue=sapien&vestibulum=cursus&rutrum=vestibulum&rutrum=proin&neque=eu&aenean=mi&auctor=nulla&gravida=ac&sem=enim&praesent=in&id=tempor&massa=turpis&id=nec&nisl=euismod&venenatis=scelerisque&lacinia=quam&aenean=turpis,TRUE
+http://taobao.com/turpis/elementum/ligula/vehicula.jpg?erat=in&vestibulum=lectus&sed=pellentesque&magna=at,TRUE
+http://businessinsider.com/dis/parturient/montes/nascetur/ridiculus.json?blandit=nisl&non=venenatis&interdum=lacinia&in=aenean&ante=sit&vestibulum=amet&ante=justo&ipsum=morbi&primis=ut&in=odio&faucibus=cras&orci=mi&luctus=pede&et=malesuada&ultrices=in&posuere=imperdiet&cubilia=et&curae=commodo&duis=vulputate&faucibus=justo&accumsan=in&odio=blandit&curabitur=ultrices&convallis=enim&duis=lorem&consequat=ipsum&dui=dolor&nec=sit&nisi=amet&volutpat=consectetuer&eleifend=adipiscing&donec=elit&ut=proin&dolor=interdum&morbi=mauris&vel=non&lectus=ligula&in=pellentesque,TRUE
+http://cbsnews.com/dui/proin/leo/odio/porttitor/id/consequat.aspx?odio=potenti&elementum=cras&eu=in&interdum=purus&eu=eu&tincidunt=magna&in=vulputate&leo=luctus&maecenas=cum&pulvinar=sociis&lobortis=natoque&est=penatibus&phasellus=et&sit=magnis&amet=dis&erat=parturient&nulla=montes&tempus=nascetur&vivamus=ridiculus&in=mus&felis=vivamus&eu=vestibulum&sapien=sagittis&cursus=sapien&vestibulum=cum&proin=sociis&eu=natoque&mi=penatibus&nulla=et&ac=magnis&enim=dis&in=parturient&tempor=montes&turpis=nascetur&nec=ridiculus&euismod=mus&scelerisque=etiam&quam=vel&turpis=augue&adipiscing=vestibulum&lorem=rutrum&vitae=rutrum&mattis=neque&nibh=aenean&ligula=auctor&nec=gravida&sem=sem&duis=praesent&aliquam=id&convallis=massa&nunc=id&proin=nisl&at=venenatis&turpis=lacinia&a=aenean&pede=sit&posuere=amet&nonummy=justo&integer=morbi&non=ut&velit=odio&donec=cras&diam=mi,TRUE
+http://rakuten.co.jp/quis.jsp?vel=amet,TRUE
+https://stumbleupon.com/integer/a/nibh/in/quis.aspx?commodo=nunc&vulputate=purus&justo=phasellus&in=in&blandit=felis&ultrices=donec&enim=semper&lorem=sapien&ipsum=a&dolor=libero&sit=nam&amet=dui&consectetuer=proin&adipiscing=leo&elit=odio&proin=porttitor&interdum=id&mauris=consequat&non=in&ligula=consequat&pellentesque=ut&ultrices=nulla&phasellus=sed&id=accumsan&sapien=felis&in=ut&sapien=at&iaculis=dolor&congue=quis&vivamus=odio&metus=consequat&arcu=varius&adipiscing=integer&molestie=ac&hendrerit=leo&at=pellentesque&vulputate=ultrices&vitae=mattis&nisl=odio&aenean=donec&lectus=vitae&pellentesque=nisi&eget=nam&nunc=ultrices&donec=libero&quis=non&orci=mattis&eget=pulvinar&orci=nulla&vehicula=pede&condimentum=ullamcorper&curabitur=augue&in=a&libero=suscipit&ut=nulla&massa=elit&volutpat=ac&convallis=nulla&morbi=sed&odio=vel&odio=enim&elementum=sit&eu=amet&interdum=nunc&eu=viverra&tincidunt=dapibus&in=nulla&leo=suscipit&maecenas=ligula&pulvinar=in&lobortis=lacus&est=curabitur&phasellus=at&sit=ipsum&amet=ac,TRUE
+https://ucsd.edu/dolor/sit/amet/consectetuer.png?accumsan=tincidunt,TRUE
+https://va.gov/porttitor/lorem/id.png?mi=in,TRUE
+http://bravesites.com/pretium/iaculis/justo/in.html?suspendisse=vestibulum&potenti=ante&cras=ipsum&in=primis&purus=in&eu=faucibus&magna=orci&vulputate=luctus&luctus=et&cum=ultrices&sociis=posuere&natoque=cubilia&penatibus=curae&et=donec&magnis=pharetra&dis=magna&parturient=vestibulum&montes=aliquet&nascetur=ultrices&ridiculus=erat&mus=tortor&vivamus=sollicitudin&vestibulum=mi&sagittis=sit&sapien=amet&cum=lobortis&sociis=sapien&natoque=sapien&penatibus=non&et=mi&magnis=integer&dis=ac&parturient=neque&montes=duis&nascetur=bibendum&ridiculus=morbi&mus=non&etiam=quam&vel=nec&augue=dui&vestibulum=luctus&rutrum=rutrum&rutrum=nulla&neque=tellus&aenean=in&auctor=sagittis&gravida=dui&sem=vel&praesent=nisl&id=duis&massa=ac&id=nibh&nisl=fusce&venenatis=lacus&lacinia=purus&aenean=aliquet&sit=at&amet=feugiat&justo=non&morbi=pretium&ut=quis&odio=lectus&cras=suspendisse&mi=potenti&pede=in&malesuada=eleifend,TRUE
+https://berkeley.edu/rutrum/ac/lobortis/vel.jsp?in=vel&leo=accumsan&maecenas=tellus&pulvinar=nisi&lobortis=eu&est=orci&phasellus=mauris&sit=lacinia&amet=sapien&erat=quis,TRUE
+http://examiner.com/quis/justo.aspx?mauris=aliquet&eget=massa&massa=id&tempor=lobortis&convallis=convallis&nulla=tortor&neque=risus&libero=dapibus&convallis=augue&eget=vel&eleifend=accumsan&luctus=tellus&ultricies=nisi&eu=eu&nibh=orci&quisque=mauris&id=lacinia&justo=sapien&sit=quis&amet=libero&sapien=nullam&dignissim=sit&vestibulum=amet&vestibulum=turpis&ante=elementum&ipsum=ligula&primis=vehicula&in=consequat&faucibus=morbi&orci=a&luctus=ipsum&et=integer&ultrices=a&posuere=nibh&cubilia=in&curae=quis&nulla=justo&dapibus=maecenas&dolor=rhoncus&vel=aliquam&est=lacus&donec=morbi&odio=quis&justo=tortor&sollicitudin=id&ut=nulla&suscipit=ultrices&a=aliquet&feugiat=maecenas&et=leo&eros=odio&vestibulum=condimentum&ac=id&est=luctus&lacinia=nec&nisi=molestie&venenatis=sed&tristique=justo&fusce=pellentesque&congue=viverra&diam=pede&id=ac&ornare=diam&imperdiet=cras&sapien=pellentesque&urna=volutpat&pretium=dui&nisl=maecenas&ut=tristique&volutpat=est&sapien=et&arcu=tempus&sed=semper,TRUE
+http://ebay.com/pede/libero/quis/orci.json?sed=nibh&augue=in&aliquam=lectus&erat=pellentesque&volutpat=at&in=nulla&congue=suspendisse&etiam=potenti&justo=cras&etiam=in&pretium=purus&iaculis=eu&justo=magna&in=vulputate&hac=luctus&habitasse=cum&platea=sociis&dictumst=natoque&etiam=penatibus&faucibus=et&cursus=magnis&urna=dis&ut=parturient&tellus=montes&nulla=nascetur&ut=ridiculus&erat=mus&id=vivamus&mauris=vestibulum&vulputate=sagittis&elementum=sapien&nullam=cum&varius=sociis&nulla=natoque&facilisi=penatibus&cras=et&non=magnis&velit=dis&nec=parturient&nisi=montes&vulputate=nascetur&nonummy=ridiculus&maecenas=mus&tincidunt=etiam&lacus=vel&at=augue&velit=vestibulum&vivamus=rutrum&vel=rutrum&nulla=neque&eget=aenean&eros=auctor&elementum=gravida&pellentesque=sem&quisque=praesent&porta=id&volutpat=massa&erat=id&quisque=nisl&erat=venenatis&eros=lacinia&viverra=aenean&eget=sit&congue=amet&eget=justo&semper=morbi&rutrum=ut&nulla=odio&nunc=cras&purus=mi&phasellus=pede&in=malesuada&felis=in&donec=imperdiet&semper=et&sapien=commodo&a=vulputate&libero=justo&nam=in&dui=blandit,TRUE
+https://dyndns.org/elit/sodales/scelerisque/mauris.js?ipsum=consectetuer&dolor=adipiscing&sit=elit&amet=proin&consectetuer=risus&adipiscing=praesent&elit=lectus&proin=vestibulum&risus=quam&praesent=sapien&lectus=varius&vestibulum=ut&quam=blandit&sapien=non&varius=interdum&ut=in&blandit=ante&non=vestibulum&interdum=ante&in=ipsum&ante=primis&vestibulum=in&ante=faucibus&ipsum=orci&primis=luctus&in=et&faucibus=ultrices&orci=posuere&luctus=cubilia&et=curae&ultrices=duis&posuere=faucibus&cubilia=accumsan&curae=odio&duis=curabitur&faucibus=convallis&accumsan=duis&odio=consequat&curabitur=dui&convallis=nec&duis=nisi&consequat=volutpat&dui=eleifend&nec=donec&nisi=ut&volutpat=dolor&eleifend=morbi&donec=vel&ut=lectus&dolor=in&morbi=quam&vel=fringilla&lectus=rhoncus&in=mauris&quam=enim&fringilla=leo&rhoncus=rhoncus&mauris=sed&enim=vestibulum&leo=sit&rhoncus=amet&sed=cursus&vestibulum=id&sit=turpis&amet=integer&cursus=aliquet&id=massa&turpis=id&integer=lobortis&aliquet=convallis&massa=tortor&id=risus&lobortis=dapibus&convallis=augue&tortor=vel&risus=accumsan&dapibus=tellus&augue=nisi&vel=eu&accumsan=orci&tellus=mauris&nisi=lacinia&eu=sapien&orci=quis&mauris=libero&lacinia=nullam&sapien=sit&quis=amet&libero=turpis&nullam=elementum&sit=ligula&amet=vehicula&turpis=consequat,TRUE
+http://myspace.com/sapien.jsp?a=ante&feugiat=vestibulum&et=ante&eros=ipsum&vestibulum=primis&ac=in&est=faucibus&lacinia=orci&nisi=luctus&venenatis=et&tristique=ultrices&fusce=posuere&congue=cubilia&diam=curae&id=duis&ornare=faucibus&imperdiet=accumsan&sapien=odio&urna=curabitur&pretium=convallis&nisl=duis&ut=consequat&volutpat=dui&sapien=nec&arcu=nisi&sed=volutpat&augue=eleifend&aliquam=donec&erat=ut&volutpat=dolor&in=morbi&congue=vel&etiam=lectus&justo=in&etiam=quam&pretium=fringilla&iaculis=rhoncus&justo=mauris&in=enim&hac=leo&habitasse=rhoncus&platea=sed&dictumst=vestibulum&etiam=sit&faucibus=amet&cursus=cursus&urna=id&ut=turpis&tellus=integer&nulla=aliquet&ut=massa&erat=id&id=lobortis&mauris=convallis&vulputate=tortor&elementum=risus&nullam=dapibus&varius=augue&nulla=vel&facilisi=accumsan&cras=tellus&non=nisi&velit=eu&nec=orci&nisi=mauris&vulputate=lacinia&nonummy=sapien&maecenas=quis&tincidunt=libero&lacus=nullam&at=sit&velit=amet&vivamus=turpis&vel=elementum&nulla=ligula&eget=vehicula&eros=consequat&elementum=morbi&pellentesque=a&quisque=ipsum&porta=integer&volutpat=a&erat=nibh&quisque=in&erat=quis&eros=justo&viverra=maecenas&eget=rhoncus&congue=aliquam&eget=lacus&semper=morbi&rutrum=quis&nulla=tortor&nunc=id&purus=nulla&phasellus=ultrices,TRUE
+https://oakley.com/hendrerit/at/vulputate/vitae/nisl/aenean.json?ut=vestibulum&ultrices=velit&vel=id&augue=pretium&vestibulum=iaculis&ante=diam&ipsum=erat&primis=fermentum&in=justo&faucibus=nec&orci=condimentum&luctus=neque&et=sapien&ultrices=placerat&posuere=ante&cubilia=nulla&curae=justo&donec=aliquam&pharetra=quis&magna=turpis&vestibulum=eget&aliquet=elit&ultrices=sodales&erat=scelerisque,TRUE
+http://dell.com/id/nisl/venenatis/lacinia/aenean/sit.jsp?platea=purus&dictumst=phasellus&etiam=in&faucibus=felis&cursus=donec&urna=semper&ut=sapien&tellus=a&nulla=libero&ut=nam&erat=dui&id=proin&mauris=leo&vulputate=odio&elementum=porttitor&nullam=id&varius=consequat&nulla=in&facilisi=consequat&cras=ut&non=nulla&velit=sed&nec=accumsan&nisi=felis&vulputate=ut&nonummy=at&maecenas=dolor&tincidunt=quis&lacus=odio&at=consequat&velit=varius&vivamus=integer&vel=ac&nulla=leo&eget=pellentesque&eros=ultrices&elementum=mattis&pellentesque=odio&quisque=donec&porta=vitae&volutpat=nisi&erat=nam&quisque=ultrices&erat=libero&eros=non&viverra=mattis&eget=pulvinar&congue=nulla&eget=pede&semper=ullamcorper&rutrum=augue&nulla=a&nunc=suscipit&purus=nulla&phasellus=elit&in=ac&felis=nulla&donec=sed&semper=vel&sapien=enim&a=sit&libero=amet&nam=nunc&dui=viverra&proin=dapibus&leo=nulla&odio=suscipit&porttitor=ligula&id=in&consequat=lacus&in=curabitur&consequat=at,TRUE
+http://yellowbook.com/fusce/lacus/purus/aliquet/at/feugiat/non.xml?luctus=nisi&ultricies=at&eu=nibh&nibh=in&quisque=hac&id=habitasse&justo=platea&sit=dictumst&amet=aliquam&sapien=augue&dignissim=quam&vestibulum=sollicitudin&vestibulum=vitae&ante=consectetuer&ipsum=eget&primis=rutrum&in=at&faucibus=lorem&orci=integer&luctus=tincidunt&et=ante&ultrices=vel&posuere=ipsum&cubilia=praesent&curae=blandit&nulla=lacinia,TRUE
+https://usa.gov/neque.jsp?pede=nulla&venenatis=tellus&non=in&sodales=sagittis&sed=dui&tincidunt=vel&eu=nisl&felis=duis&fusce=ac&posuere=nibh&felis=fusce&sed=lacus&lacus=purus&morbi=aliquet&sem=at&mauris=feugiat&laoreet=non&ut=pretium&rhoncus=quis&aliquet=lectus&pulvinar=suspendisse&sed=potenti&nisl=in&nunc=eleifend&rhoncus=quam&dui=a&vel=odio&sem=in&sed=hac&sagittis=habitasse&nam=platea&congue=dictumst&risus=maecenas&semper=ut&porta=massa&volutpat=quis&quam=augue&pede=luctus&lobortis=tincidunt&ligula=nulla&sit=mollis&amet=molestie&eleifend=lorem&pede=quisque&libero=ut&quis=erat&orci=curabitur&nullam=gravida&molestie=nisi&nibh=at&in=nibh&lectus=in&pellentesque=hac&at=habitasse&nulla=platea&suspendisse=dictumst&potenti=aliquam&cras=augue&in=quam&purus=sollicitudin&eu=vitae&magna=consectetuer&vulputate=eget,TRUE
+https://cbslocal.com/cubilia/curae/donec/pharetra/magna.png?volutpat=augue&dui=vel&maecenas=accumsan&tristique=tellus&est=nisi&et=eu&tempus=orci&semper=mauris&est=lacinia&quam=sapien&pharetra=quis&magna=libero&ac=nullam&consequat=sit&metus=amet&sapien=turpis&ut=elementum&nunc=ligula&vestibulum=vehicula&ante=consequat&ipsum=morbi&primis=a&in=ipsum&faucibus=integer&orci=a&luctus=nibh&et=in&ultrices=quis&posuere=justo&cubilia=maecenas&curae=rhoncus&mauris=aliquam&viverra=lacus&diam=morbi&vitae=quis&quam=tortor&suspendisse=id&potenti=nulla&nullam=ultrices&porttitor=aliquet&lacus=maecenas&at=leo&turpis=odio&donec=condimentum&posuere=id&metus=luctus&vitae=nec&ipsum=molestie&aliquam=sed&non=justo&mauris=pellentesque&morbi=viverra&non=pede&lectus=ac&aliquam=diam&sit=cras&amet=pellentesque&diam=volutpat&in=dui&magna=maecenas&bibendum=tristique&imperdiet=est&nullam=et&orci=tempus&pede=semper&venenatis=est&non=quam&sodales=pharetra&sed=magna&tincidunt=ac&eu=consequat&felis=metus&fusce=sapien&posuere=ut&felis=nunc&sed=vestibulum&lacus=ante&morbi=ipsum&sem=primis&mauris=in&laoreet=faucibus&ut=orci&rhoncus=luctus&aliquet=et&pulvinar=ultrices,TRUE
+https://msn.com/auctor/gravida/sem/praesent.jpg?placerat=diam&praesent=neque&blandit=vestibulum&nam=eget&nulla=vulputate&integer=ut&pede=ultrices&justo=vel&lacinia=augue&eget=vestibulum&tincidunt=ante&eget=ipsum&tempus=primis&vel=in&pede=faucibus&morbi=orci&porttitor=luctus&lorem=et&id=ultrices&ligula=posuere&suspendisse=cubilia&ornare=curae&consequat=donec&lectus=pharetra&in=magna&est=vestibulum&risus=aliquet&auctor=ultrices&sed=erat&tristique=tortor&in=sollicitudin&tempus=mi&sit=sit&amet=amet&sem=lobortis&fusce=sapien&consequat=sapien&nulla=non&nisl=mi&nunc=integer&nisl=ac&duis=neque&bibendum=duis&felis=bibendum&sed=morbi&interdum=non&venenatis=quam&turpis=nec&enim=dui&blandit=luctus&mi=rutrum&in=nulla&porttitor=tellus&pede=in,TRUE
+https://diigo.com/felis/donec/semper/sapien/a.aspx?morbi=vestibulum&porttitor=sed&lorem=magna&id=at&ligula=nunc&suspendisse=commodo&ornare=placerat&consequat=praesent&lectus=blandit&in=nam&est=nulla&risus=integer&auctor=pede&sed=justo&tristique=lacinia&in=eget&tempus=tincidunt&sit=eget&amet=tempus&sem=vel&fusce=pede,TRUE
+http://imdb.com/pulvinar.jsp?convallis=diam&tortor=id&risus=ornare&dapibus=imperdiet&augue=sapien&vel=urna&accumsan=pretium&tellus=nisl&nisi=ut&eu=volutpat&orci=sapien&mauris=arcu&lacinia=sed&sapien=augue&quis=aliquam&libero=erat&nullam=volutpat&sit=in&amet=congue&turpis=etiam&elementum=justo&ligula=etiam&vehicula=pretium&consequat=iaculis&morbi=justo&a=in&ipsum=hac&integer=habitasse&a=platea&nibh=dictumst&in=etiam&quis=faucibus&justo=cursus&maecenas=urna&rhoncus=ut&aliquam=tellus&lacus=nulla&morbi=ut&quis=erat&tortor=id&id=mauris&nulla=vulputate&ultrices=elementum&aliquet=nullam&maecenas=varius&leo=nulla&odio=facilisi&condimentum=cras&id=non&luctus=velit&nec=nec&molestie=nisi&sed=vulputate&justo=nonummy&pellentesque=maecenas&viverra=tincidunt&pede=lacus&ac=at&diam=velit&cras=vivamus&pellentesque=vel&volutpat=nulla&dui=eget&maecenas=eros&tristique=elementum&est=pellentesque&et=quisque&tempus=porta&semper=volutpat&est=erat&quam=quisque&pharetra=erat&magna=eros&ac=viverra&consequat=eget&metus=congue&sapien=eget&ut=semper&nunc=rutrum&vestibulum=nulla&ante=nunc&ipsum=purus&primis=phasellus&in=in,TRUE
+https://businessweek.com/proin/eu/mi/nulla.json?vel=quis&augue=libero&vestibulum=nullam&rutrum=sit&rutrum=amet&neque=turpis&aenean=elementum&auctor=ligula&gravida=vehicula&sem=consequat&praesent=morbi&id=a&massa=ipsum&id=integer&nisl=a&venenatis=nibh&lacinia=in&aenean=quis&sit=justo&amet=maecenas&justo=rhoncus&morbi=aliquam&ut=lacus&odio=morbi&cras=quis&mi=tortor&pede=id&malesuada=nulla&in=ultrices&imperdiet=aliquet&et=maecenas&commodo=leo&vulputate=odio&justo=condimentum&in=id&blandit=luctus&ultrices=nec&enim=molestie&lorem=sed&ipsum=justo&dolor=pellentesque&sit=viverra&amet=pede&consectetuer=ac&adipiscing=diam&elit=cras&proin=pellentesque&interdum=volutpat&mauris=dui&non=maecenas&ligula=tristique&pellentesque=est&ultrices=et&phasellus=tempus&id=semper&sapien=est&in=quam&sapien=pharetra&iaculis=magna,TRUE
+https://artisteer.com/adipiscing/elit/proin/risus/praesent/lectus.html?nisi=nisi&volutpat=volutpat&eleifend=eleifend&donec=donec&ut=ut&dolor=dolor&morbi=morbi&vel=vel&lectus=lectus&in=in&quam=quam&fringilla=fringilla&rhoncus=rhoncus&mauris=mauris&enim=enim&leo=leo&rhoncus=rhoncus&sed=sed&vestibulum=vestibulum&sit=sit&amet=amet&cursus=cursus&id=id&turpis=turpis&integer=integer&aliquet=aliquet&massa=massa&id=id&lobortis=lobortis&convallis=convallis&tortor=tortor&risus=risus&dapibus=dapibus&augue=augue&vel=vel&accumsan=accumsan&tellus=tellus&nisi=nisi&eu=eu&orci=orci&mauris=mauris&lacinia=lacinia&sapien=sapien&quis=quis&libero=libero&nullam=nullam&sit=sit&amet=amet&turpis=turpis&elementum=elementum&ligula=ligula&vehicula=vehicula&consequat=consequat&morbi=morbi&a=a&ipsum=ipsum&integer=integer&a=a&nibh=nibh&in=in&quis=quis&justo=justo&maecenas=maecenas&rhoncus=rhoncus&aliquam=aliquam&lacus=lacus&morbi=morbi&quis=quis,TRUE
+https://elpais.com/sapien/arcu/sed/augue/aliquam.xml?fermentum=nec&donec=condimentum&ut=neque&mauris=sapien&eget=placerat&massa=ante&tempor=nulla&convallis=justo&nulla=aliquam&neque=quis&libero=turpis&convallis=eget&eget=elit&eleifend=sodales&luctus=scelerisque&ultricies=mauris&eu=sit&nibh=amet&quisque=eros&id=suspendisse&justo=accumsan&sit=tortor&amet=quis&sapien=turpis&dignissim=sed&vestibulum=ante&vestibulum=vivamus&ante=tortor&ipsum=duis&primis=mattis&in=egestas&faucibus=metus&orci=aenean&luctus=fermentum&et=donec&ultrices=ut&posuere=mauris&cubilia=eget&curae=massa&nulla=tempor&dapibus=convallis&dolor=nulla&vel=neque&est=libero&donec=convallis&odio=eget&justo=eleifend&sollicitudin=luctus&ut=ultricies&suscipit=eu&a=nibh&feugiat=quisque&et=id&eros=justo&vestibulum=sit&ac=amet&est=sapien,TRUE
+http://japanpost.jp/sit/amet/eros/suspendisse/accumsan/tortor/quis.html?sed=cras&accumsan=mi&felis=pede&ut=malesuada&at=in&dolor=imperdiet&quis=et&odio=commodo&consequat=vulputate&varius=justo&integer=in&ac=blandit&leo=ultrices&pellentesque=enim&ultrices=lorem&mattis=ipsum&odio=dolor&donec=sit,TRUE
+http://discovery.com/in/sagittis/dui.jsp?in=at&blandit=velit&ultrices=vivamus&enim=vel&lorem=nulla&ipsum=eget&dolor=eros&sit=elementum&amet=pellentesque&consectetuer=quisque&adipiscing=porta&elit=volutpat&proin=erat&interdum=quisque&mauris=erat&non=eros,TRUE
+https://lulu.com/enim/leo/rhoncus/sed/vestibulum/sit.xml?vel=tincidunt&nisl=nulla&duis=mollis&ac=molestie&nibh=lorem&fusce=quisque&lacus=ut&purus=erat&aliquet=curabitur&at=gravida&feugiat=nisi&non=at&pretium=nibh&quis=in&lectus=hac&suspendisse=habitasse&potenti=platea&in=dictumst&eleifend=aliquam&quam=augue&a=quam&odio=sollicitudin&in=vitae&hac=consectetuer&habitasse=eget&platea=rutrum&dictumst=at&maecenas=lorem&ut=integer&massa=tincidunt&quis=ante&augue=vel,TRUE
+http://printfriendly.com/eu.png?posuere=morbi&cubilia=sem&curae=mauris&mauris=laoreet&viverra=ut&diam=rhoncus&vitae=aliquet&quam=pulvinar&suspendisse=sed&potenti=nisl&nullam=nunc&porttitor=rhoncus&lacus=dui&at=vel&turpis=sem&donec=sed&posuere=sagittis&metus=nam&vitae=congue&ipsum=risus&aliquam=semper&non=porta&mauris=volutpat&morbi=quam&non=pede&lectus=lobortis&aliquam=ligula&sit=sit&amet=amet&diam=eleifend&in=pede&magna=libero&bibendum=quis&imperdiet=orci&nullam=nullam&orci=molestie&pede=nibh&venenatis=in&non=lectus&sodales=pellentesque&sed=at&tincidunt=nulla&eu=suspendisse&felis=potenti&fusce=cras&posuere=in&felis=purus&sed=eu&lacus=magna&morbi=vulputate&sem=luctus&mauris=cum&laoreet=sociis&ut=natoque&rhoncus=penatibus&aliquet=et&pulvinar=magnis&sed=dis&nisl=parturient&nunc=montes&rhoncus=nascetur&dui=ridiculus&vel=mus&sem=vivamus,TRUE
+https://bigcartel.com/orci.xml?in=feugiat&faucibus=non&orci=pretium&luctus=quis&et=lectus&ultrices=suspendisse&posuere=potenti&cubilia=in&curae=eleifend&nulla=quam&dapibus=a&dolor=odio&vel=in&est=hac&donec=habitasse&odio=platea&justo=dictumst&sollicitudin=maecenas&ut=ut&suscipit=massa&a=quis&feugiat=augue&et=luctus&eros=tincidunt&vestibulum=nulla&ac=mollis&est=molestie&lacinia=lorem&nisi=quisque&venenatis=ut&tristique=erat&fusce=curabitur&congue=gravida&diam=nisi&id=at&ornare=nibh&imperdiet=in&sapien=hac&urna=habitasse&pretium=platea&nisl=dictumst&ut=aliquam&volutpat=augue&sapien=quam&arcu=sollicitudin&sed=vitae&augue=consectetuer&aliquam=eget&erat=rutrum&volutpat=at&in=lorem&congue=integer&etiam=tincidunt&justo=ante&etiam=vel&pretium=ipsum&iaculis=praesent&justo=blandit&in=lacinia&hac=erat&habitasse=vestibulum&platea=sed&dictumst=magna&etiam=at&faucibus=nunc&cursus=commodo&urna=placerat&ut=praesent&tellus=blandit&nulla=nam&ut=nulla&erat=integer&id=pede&mauris=justo&vulputate=lacinia&elementum=eget&nullam=tincidunt&varius=eget&nulla=tempus&facilisi=vel&cras=pede&non=morbi&velit=porttitor&nec=lorem&nisi=id&vulputate=ligula&nonummy=suspendisse&maecenas=ornare&tincidunt=consequat&lacus=lectus&at=in&velit=est&vivamus=risus&vel=auctor&nulla=sed&eget=tristique&eros=in&elementum=tempus,TRUE
+http://baidu.com/phasellus/sit/amet/erat/nulla/tempus/vivamus.jpg?aliquam=morbi&augue=non&quam=quam,TRUE
+http://tinypic.com/nunc.jsp?aenean=vehicula&lectus=condimentum&pellentesque=curabitur&eget=in&nunc=libero&donec=ut&quis=massa&orci=volutpat&eget=convallis&orci=morbi&vehicula=odio&condimentum=odio&curabitur=elementum&in=eu&libero=interdum&ut=eu&massa=tincidunt&volutpat=in&convallis=leo&morbi=maecenas&odio=pulvinar&odio=lobortis&elementum=est&eu=phasellus&interdum=sit&eu=amet&tincidunt=erat&in=nulla&leo=tempus&maecenas=vivamus&pulvinar=in&lobortis=felis&est=eu&phasellus=sapien&sit=cursus&amet=vestibulum&erat=proin&nulla=eu&tempus=mi&vivamus=nulla&in=ac&felis=enim&eu=in&sapien=tempor&cursus=turpis&vestibulum=nec&proin=euismod&eu=scelerisque&mi=quam&nulla=turpis&ac=adipiscing&enim=lorem&in=vitae&tempor=mattis&turpis=nibh&nec=ligula&euismod=nec&scelerisque=sem&quam=duis&turpis=aliquam&adipiscing=convallis&lorem=nunc&vitae=proin&mattis=at&nibh=turpis&ligula=a&nec=pede&sem=posuere&duis=nonummy&aliquam=integer&convallis=non&nunc=velit&proin=donec&at=diam&turpis=neque&a=vestibulum&pede=eget&posuere=vulputate&nonummy=ut&integer=ultrices&non=vel&velit=augue&donec=vestibulum&diam=ante&neque=ipsum&vestibulum=primis&eget=in&vulputate=faucibus&ut=orci,TRUE
+http://netlog.com/ut/ultrices/vel.html?luctus=hac&et=habitasse&ultrices=platea&posuere=dictumst&cubilia=etiam&curae=faucibus&mauris=cursus&viverra=urna&diam=ut&vitae=tellus&quam=nulla&suspendisse=ut&potenti=erat&nullam=id&porttitor=mauris&lacus=vulputate&at=elementum&turpis=nullam&donec=varius&posuere=nulla&metus=facilisi&vitae=cras&ipsum=non&aliquam=velit&non=nec&mauris=nisi&morbi=vulputate&non=nonummy&lectus=maecenas&aliquam=tincidunt&sit=lacus&amet=at&diam=velit&in=vivamus&magna=vel&bibendum=nulla&imperdiet=eget&nullam=eros&orci=elementum&pede=pellentesque&venenatis=quisque&non=porta&sodales=volutpat&sed=erat&tincidunt=quisque&eu=erat&felis=eros&fusce=viverra&posuere=eget&felis=congue&sed=eget&lacus=semper,TRUE
+https://buzzfeed.com/ipsum/integer/a/nibh.js?blandit=turpis&nam=adipiscing&nulla=lorem&integer=vitae&pede=mattis&justo=nibh&lacinia=ligula&eget=nec&tincidunt=sem&eget=duis&tempus=aliquam&vel=convallis&pede=nunc&morbi=proin&porttitor=at&lorem=turpis&id=a&ligula=pede&suspendisse=posuere&ornare=nonummy&consequat=integer&lectus=non&in=velit&est=donec&risus=diam&auctor=neque&sed=vestibulum&tristique=eget&in=vulputate&tempus=ut&sit=ultrices&amet=vel&sem=augue&fusce=vestibulum&consequat=ante&nulla=ipsum&nisl=primis&nunc=in&nisl=faucibus&duis=orci&bibendum=luctus&felis=et&sed=ultrices&interdum=posuere&venenatis=cubilia&turpis=curae&enim=donec&blandit=pharetra&mi=magna&in=vestibulum&porttitor=aliquet&pede=ultrices&justo=erat&eu=tortor&massa=sollicitudin&donec=mi&dapibus=sit&duis=amet&at=lobortis&velit=sapien&eu=sapien&est=non&congue=mi,TRUE
+http://123-reg.co.uk/non/mattis/pulvinar/nulla/pede.html?ut=erat&volutpat=curabitur&sapien=gravida&arcu=nisi&sed=at&augue=nibh&aliquam=in&erat=hac&volutpat=habitasse&in=platea&congue=dictumst&etiam=aliquam&justo=augue&etiam=quam&pretium=sollicitudin&iaculis=vitae&justo=consectetuer&in=eget&hac=rutrum&habitasse=at&platea=lorem&dictumst=integer&etiam=tincidunt&faucibus=ante&cursus=vel&urna=ipsum&ut=praesent&tellus=blandit&nulla=lacinia&ut=erat&erat=vestibulum&id=sed&mauris=magna&vulputate=at&elementum=nunc&nullam=commodo&varius=placerat&nulla=praesent&facilisi=blandit&cras=nam,TRUE
+http://salon.com/ac/neque/duis/bibendum.jsp?lobortis=venenatis&convallis=turpis&tortor=enim&risus=blandit&dapibus=mi&augue=in&vel=porttitor&accumsan=pede&tellus=justo&nisi=eu&eu=massa&orci=donec&mauris=dapibus&lacinia=duis&sapien=at&quis=velit&libero=eu&nullam=est&sit=congue&amet=elementum&turpis=in&elementum=hac&ligula=habitasse&vehicula=platea&consequat=dictumst&morbi=morbi&a=vestibulum&ipsum=velit&integer=id&a=pretium&nibh=iaculis&in=diam&quis=erat&justo=fermentum&maecenas=justo&rhoncus=nec&aliquam=condimentum&lacus=neque&morbi=sapien&quis=placerat&tortor=ante&id=nulla&nulla=justo&ultrices=aliquam&aliquet=quis&maecenas=turpis&leo=eget&odio=elit&condimentum=sodales&id=scelerisque&luctus=mauris,TRUE
+https://prnewswire.com/mattis/egestas/metus/aenean/fermentum.xml?amet=consequat&consectetuer=dui&adipiscing=nec&elit=nisi&proin=volutpat&risus=eleifend&praesent=donec&lectus=ut&vestibulum=dolor&quam=morbi&sapien=vel&varius=lectus&ut=in&blandit=quam&non=fringilla&interdum=rhoncus&in=mauris&ante=enim&vestibulum=leo&ante=rhoncus&ipsum=sed&primis=vestibulum&in=sit&faucibus=amet&orci=cursus&luctus=id&et=turpis&ultrices=integer&posuere=aliquet&cubilia=massa&curae=id&duis=lobortis&faucibus=convallis&accumsan=tortor&odio=risus&curabitur=dapibus&convallis=augue&duis=vel&consequat=accumsan&dui=tellus&nec=nisi&nisi=eu&volutpat=orci&eleifend=mauris&donec=lacinia,TRUE
+https://cnbc.com/amet.jpg?ipsum=id&dolor=nulla&sit=ultrices&amet=aliquet&consectetuer=maecenas&adipiscing=leo&elit=odio&proin=condimentum&interdum=id&mauris=luctus&non=nec&ligula=molestie&pellentesque=sed&ultrices=justo&phasellus=pellentesque&id=viverra&sapien=pede&in=ac&sapien=diam&iaculis=cras&congue=pellentesque&vivamus=volutpat&metus=dui&arcu=maecenas&adipiscing=tristique&molestie=est&hendrerit=et&at=tempus&vulputate=semper&vitae=est&nisl=quam&aenean=pharetra&lectus=magna&pellentesque=ac&eget=consequat&nunc=metus,TRUE
+http://rambler.ru/amet/lobortis/sapien/sapien/non/mi/integer.jsp?accumsan=dui&tortor=proin&quis=leo&turpis=odio&sed=porttitor&ante=id&vivamus=consequat&tortor=in&duis=consequat&mattis=ut&egestas=nulla,TRUE
+http://bbb.org/in/hac/habitasse/platea/dictumst/etiam/faucibus.png?ut=et&ultrices=tempus&vel=semper&augue=est&vestibulum=quam&ante=pharetra&ipsum=magna&primis=ac&in=consequat&faucibus=metus&orci=sapien&luctus=ut&et=nunc&ultrices=vestibulum&posuere=ante&cubilia=ipsum&curae=primis&donec=in&pharetra=faucibus&magna=orci&vestibulum=luctus&aliquet=et&ultrices=ultrices&erat=posuere&tortor=cubilia&sollicitudin=curae&mi=mauris&sit=viverra&amet=diam&lobortis=vitae&sapien=quam&sapien=suspendisse&non=potenti&mi=nullam&integer=porttitor&ac=lacus&neque=at&duis=turpis&bibendum=donec&morbi=posuere&non=metus&quam=vitae&nec=ipsum&dui=aliquam&luctus=non&rutrum=mauris&nulla=morbi&tellus=non&in=lectus&sagittis=aliquam&dui=sit&vel=amet&nisl=diam&duis=in,TRUE
+http://webeden.co.uk/suspendisse/accumsan/tortor/quis/turpis/sed/ante.jsp?libero=risus&ut=semper&massa=porta&volutpat=volutpat&convallis=quam&morbi=pede&odio=lobortis&odio=ligula&elementum=sit&eu=amet&interdum=eleifend&eu=pede&tincidunt=libero&in=quis&leo=orci&maecenas=nullam&pulvinar=molestie&lobortis=nibh&est=in&phasellus=lectus&sit=pellentesque&amet=at&erat=nulla&nulla=suspendisse&tempus=potenti&vivamus=cras&in=in&felis=purus&eu=eu&sapien=magna&cursus=vulputate&vestibulum=luctus&proin=cum&eu=sociis&mi=natoque&nulla=penatibus&ac=et&enim=magnis&in=dis&tempor=parturient&turpis=montes&nec=nascetur&euismod=ridiculus&scelerisque=mus&quam=vivamus&turpis=vestibulum&adipiscing=sagittis&lorem=sapien&vitae=cum&mattis=sociis&nibh=natoque&ligula=penatibus&nec=et&sem=magnis&duis=dis&aliquam=parturient&convallis=montes&nunc=nascetur&proin=ridiculus&at=mus&turpis=etiam&a=vel&pede=augue&posuere=vestibulum&nonummy=rutrum&integer=rutrum&non=neque&velit=aenean&donec=auctor&diam=gravida&neque=sem&vestibulum=praesent&eget=id&vulputate=massa&ut=id&ultrices=nisl&vel=venenatis&augue=lacinia&vestibulum=aenean&ante=sit&ipsum=amet&primis=justo&in=morbi&faucibus=ut&orci=odio&luctus=cras&et=mi&ultrices=pede&posuere=malesuada&cubilia=in&curae=imperdiet,TRUE
+https://joomla.org/morbi/vestibulum.xml?ante=proin&ipsum=risus&primis=praesent&in=lectus&faucibus=vestibulum&orci=quam&luctus=sapien&et=varius&ultrices=ut&posuere=blandit&cubilia=non&curae=interdum&mauris=in&viverra=ante&diam=vestibulum&vitae=ante&quam=ipsum&suspendisse=primis&potenti=in&nullam=faucibus&porttitor=orci&lacus=luctus&at=et&turpis=ultrices&donec=posuere&posuere=cubilia&metus=curae&vitae=duis&ipsum=faucibus&aliquam=accumsan&non=odio&mauris=curabitur&morbi=convallis&non=duis&lectus=consequat&aliquam=dui&sit=nec&amet=nisi&diam=volutpat&in=eleifend&magna=donec&bibendum=ut&imperdiet=dolor&nullam=morbi&orci=vel&pede=lectus&venenatis=in&non=quam&sodales=fringilla&sed=rhoncus&tincidunt=mauris&eu=enim&felis=leo&fusce=rhoncus&posuere=sed&felis=vestibulum&sed=sit&lacus=amet&morbi=cursus&sem=id&mauris=turpis&laoreet=integer&ut=aliquet&rhoncus=massa&aliquet=id&pulvinar=lobortis,TRUE
+https://sohu.com/pede/justo/eu/massa.jsp?volutpat=ac&convallis=nibh&morbi=fusce&odio=lacus&odio=purus&elementum=aliquet&eu=at&interdum=feugiat&eu=non&tincidunt=pretium&in=quis&leo=lectus&maecenas=suspendisse&pulvinar=potenti&lobortis=in&est=eleifend&phasellus=quam&sit=a&amet=odio&erat=in,TRUE
+http://unicef.org/mattis/egestas/metus/aenean/fermentum.jsp?vestibulum=congue&ante=risus&ipsum=semper&primis=porta&in=volutpat&faucibus=quam&orci=pede&luctus=lobortis,TRUE
+https://craigslist.org/metus/sapien.png?praesent=hac&id=habitasse&massa=platea&id=dictumst&nisl=etiam&venenatis=faucibus&lacinia=cursus&aenean=urna&sit=ut&amet=tellus&justo=nulla&morbi=ut&ut=erat&odio=id&cras=mauris&mi=vulputate&pede=elementum&malesuada=nullam&in=varius&imperdiet=nulla&et=facilisi&commodo=cras&vulputate=non&justo=velit&in=nec&blandit=nisi&ultrices=vulputate&enim=nonummy&lorem=maecenas&ipsum=tincidunt&dolor=lacus&sit=at&amet=velit&consectetuer=vivamus&adipiscing=vel&elit=nulla&proin=eget&interdum=eros&mauris=elementum&non=pellentesque&ligula=quisque&pellentesque=porta&ultrices=volutpat&phasellus=erat&id=quisque&sapien=erat&in=eros&sapien=viverra&iaculis=eget&congue=congue&vivamus=eget&metus=semper&arcu=rutrum&adipiscing=nulla&molestie=nunc&hendrerit=purus&at=phasellus&vulputate=in&vitae=felis&nisl=donec&aenean=semper&lectus=sapien&pellentesque=a&eget=libero&nunc=nam&donec=dui&quis=proin&orci=leo&eget=odio&orci=porttitor&vehicula=id&condimentum=consequat&curabitur=in&in=consequat&libero=ut&ut=nulla&massa=sed&volutpat=accumsan&convallis=felis&morbi=ut&odio=at&odio=dolor&elementum=quis&eu=odio&interdum=consequat&eu=varius&tincidunt=integer&in=ac&leo=leo&maecenas=pellentesque&pulvinar=ultrices&lobortis=mattis,TRUE
+https://angelfire.com/ante/vel/ipsum/praesent.aspx?turpis=ultrices&enim=posuere,TRUE
+http://youku.com/lorem/ipsum/dolor.png?justo=a&sit=nibh&amet=in&sapien=quis&dignissim=justo&vestibulum=maecenas&vestibulum=rhoncus&ante=aliquam&ipsum=lacus&primis=morbi&in=quis&faucibus=tortor&orci=id&luctus=nulla&et=ultrices&ultrices=aliquet&posuere=maecenas&cubilia=leo&curae=odio&nulla=condimentum&dapibus=id&dolor=luctus&vel=nec&est=molestie&donec=sed&odio=justo&justo=pellentesque&sollicitudin=viverra&ut=pede&suscipit=ac&a=diam&feugiat=cras&et=pellentesque&eros=volutpat&vestibulum=dui&ac=maecenas&est=tristique&lacinia=est&nisi=et&venenatis=tempus&tristique=semper,TRUE
+https://google.ru/enim/blandit/mi/in/porttitor.js?proin=morbi&leo=sem&odio=mauris&porttitor=laoreet&id=ut&consequat=rhoncus&in=aliquet&consequat=pulvinar&ut=sed&nulla=nisl&sed=nunc&accumsan=rhoncus&felis=dui&ut=vel&at=sem&dolor=sed&quis=sagittis&odio=nam&consequat=congue&varius=risus&integer=semper&ac=porta&leo=volutpat&pellentesque=quam&ultrices=pede&mattis=lobortis&odio=ligula&donec=sit&vitae=amet&nisi=eleifend&nam=pede&ultrices=libero&libero=quis&non=orci&mattis=nullam&pulvinar=molestie&nulla=nibh&pede=in&ullamcorper=lectus&augue=pellentesque&a=at&suscipit=nulla&nulla=suspendisse&elit=potenti&ac=cras&nulla=in&sed=purus&vel=eu&enim=magna&sit=vulputate&amet=luctus&nunc=cum&viverra=sociis&dapibus=natoque&nulla=penatibus&suscipit=et&ligula=magnis&in=dis&lacus=parturient&curabitur=montes&at=nascetur&ipsum=ridiculus&ac=mus&tellus=vivamus&semper=vestibulum&interdum=sagittis&mauris=sapien&ullamcorper=cum&purus=sociis&sit=natoque&amet=penatibus&nulla=et&quisque=magnis&arcu=dis&libero=parturient&rutrum=montes&ac=nascetur&lobortis=ridiculus&vel=mus&dapibus=etiam&at=vel&diam=augue&nam=vestibulum&tristique=rutrum,TRUE
+http://boston.com/vestibulum/rutrum/rutrum/neque.jpg?consequat=pulvinar&ut=lobortis&nulla=est&sed=phasellus&accumsan=sit&felis=amet&ut=erat&at=nulla&dolor=tempus&quis=vivamus&odio=in&consequat=felis&varius=eu&integer=sapien&ac=cursus&leo=vestibulum&pellentesque=proin&ultrices=eu&mattis=mi&odio=nulla,TRUE
+http://wsj.com/lobortis/vel/dapibus/at/diam.js?consequat=eget&nulla=semper&nisl=rutrum,TRUE
+https://1688.com/ligula.js?lacus=nonummy&morbi=maecenas&sem=tincidunt&mauris=lacus&laoreet=at&ut=velit&rhoncus=vivamus&aliquet=vel&pulvinar=nulla&sed=eget&nisl=eros&nunc=elementum&rhoncus=pellentesque&dui=quisque&vel=porta&sem=volutpat&sed=erat&sagittis=quisque&nam=erat&congue=eros&risus=viverra&semper=eget&porta=congue&volutpat=eget&quam=semper&pede=rutrum&lobortis=nulla&ligula=nunc&sit=purus&amet=phasellus&eleifend=in&pede=felis&libero=donec&quis=semper&orci=sapien&nullam=a&molestie=libero&nibh=nam&in=dui&lectus=proin&pellentesque=leo,TRUE
+https://google.com.au/pede/justo/eu/massa.aspx?quisque=rhoncus&erat=mauris&eros=enim&viverra=leo&eget=rhoncus&congue=sed&eget=vestibulum&semper=sit&rutrum=amet&nulla=cursus&nunc=id&purus=turpis&phasellus=integer&in=aliquet&felis=massa&donec=id&semper=lobortis&sapien=convallis&a=tortor&libero=risus&nam=dapibus&dui=augue&proin=vel&leo=accumsan&odio=tellus&porttitor=nisi&id=eu&consequat=orci&in=mauris&consequat=lacinia&ut=sapien&nulla=quis&sed=libero&accumsan=nullam&felis=sit&ut=amet&at=turpis&dolor=elementum&quis=ligula&odio=vehicula&consequat=consequat&varius=morbi&integer=a&ac=ipsum&leo=integer&pellentesque=a&ultrices=nibh&mattis=in&odio=quis&donec=justo&vitae=maecenas&nisi=rhoncus&nam=aliquam&ultrices=lacus&libero=morbi&non=quis&mattis=tortor&pulvinar=id&nulla=nulla&pede=ultrices&ullamcorper=aliquet&augue=maecenas&a=leo&suscipit=odio&nulla=condimentum&elit=id,TRUE
+https://dyndns.org/lectus/pellentesque/eget/nunc/donec.jsp?quam=est&sapien=phasellus&varius=sit&ut=amet&blandit=erat&non=nulla&interdum=tempus&in=vivamus&ante=in&vestibulum=felis&ante=eu&ipsum=sapien&primis=cursus&in=vestibulum&faucibus=proin&orci=eu&luctus=mi&et=nulla&ultrices=ac&posuere=enim&cubilia=in&curae=tempor&duis=turpis&faucibus=nec&accumsan=euismod&odio=scelerisque&curabitur=quam&convallis=turpis&duis=adipiscing&consequat=lorem&dui=vitae&nec=mattis&nisi=nibh&volutpat=ligula&eleifend=nec&donec=sem&ut=duis&dolor=aliquam&morbi=convallis&vel=nunc&lectus=proin&in=at&quam=turpis&fringilla=a&rhoncus=pede&mauris=posuere&enim=nonummy&leo=integer&rhoncus=non&sed=velit&vestibulum=donec&sit=diam&amet=neque&cursus=vestibulum&id=eget&turpis=vulputate&integer=ut&aliquet=ultrices&massa=vel&id=augue&lobortis=vestibulum&convallis=ante&tortor=ipsum&risus=primis&dapibus=in&augue=faucibus&vel=orci&accumsan=luctus&tellus=et&nisi=ultrices&eu=posuere&orci=cubilia&mauris=curae&lacinia=donec&sapien=pharetra&quis=magna&libero=vestibulum&nullam=aliquet&sit=ultrices&amet=erat&turpis=tortor&elementum=sollicitudin&ligula=mi&vehicula=sit,TRUE
+http://theatlantic.com/nam/ultrices/libero/non.json?viverra=in&eget=hac&congue=habitasse&eget=platea&semper=dictumst&rutrum=etiam&nulla=faucibus&nunc=cursus&purus=urna&phasellus=ut&in=tellus&felis=nulla&donec=ut&semper=erat&sapien=id&a=mauris&libero=vulputate&nam=elementum&dui=nullam&proin=varius&leo=nulla&odio=facilisi&porttitor=cras&id=non&consequat=velit&in=nec&consequat=nisi&ut=vulputate&nulla=nonummy&sed=maecenas&accumsan=tincidunt&felis=lacus&ut=at&at=velit&dolor=vivamus&quis=vel&odio=nulla&consequat=eget&varius=eros&integer=elementum&ac=pellentesque&leo=quisque&pellentesque=porta&ultrices=volutpat&mattis=erat&odio=quisque&donec=erat&vitae=eros&nisi=viverra&nam=eget&ultrices=congue&libero=eget&non=semper&mattis=rutrum&pulvinar=nulla&nulla=nunc&pede=purus&ullamcorper=phasellus&augue=in&a=felis&suscipit=donec,TRUE
+https://hostgator.com/venenatis/non/sodales.xml?sapien=sed&iaculis=tincidunt&congue=eu&vivamus=felis&metus=fusce&arcu=posuere&adipiscing=felis&molestie=sed&hendrerit=lacus&at=morbi&vulputate=sem&vitae=mauris&nisl=laoreet&aenean=ut&lectus=rhoncus&pellentesque=aliquet&eget=pulvinar&nunc=sed&donec=nisl&quis=nunc&orci=rhoncus&eget=dui&orci=vel&vehicula=sem&condimentum=sed&curabitur=sagittis&in=nam&libero=congue&ut=risus&massa=semper&volutpat=porta&convallis=volutpat&morbi=quam&odio=pede&odio=lobortis&elementum=ligula&eu=sit&interdum=amet&eu=eleifend&tincidunt=pede&in=libero&leo=quis&maecenas=orci&pulvinar=nullam&lobortis=molestie&est=nibh&phasellus=in&sit=lectus&amet=pellentesque,TRUE
+http://prnewswire.com/sit/amet/eros/suspendisse/accumsan.jsp?sit=aliquam&amet=lacus&sapien=morbi&dignissim=quis&vestibulum=tortor&vestibulum=id&ante=nulla&ipsum=ultrices&primis=aliquet&in=maecenas&faucibus=leo&orci=odio&luctus=condimentum&et=id&ultrices=luctus&posuere=nec&cubilia=molestie&curae=sed&nulla=justo&dapibus=pellentesque,TRUE
+http://samsung.com/amet/diam.jsp?lobortis=in&ligula=hac&sit=habitasse&amet=platea&eleifend=dictumst&pede=etiam&libero=faucibus&quis=cursus&orci=urna&nullam=ut&molestie=tellus&nibh=nulla&in=ut,TRUE
+http://shinystat.com/nisi/nam.html?nec=id&nisi=mauris&volutpat=vulputate&eleifend=elementum&donec=nullam&ut=varius&dolor=nulla&morbi=facilisi&vel=cras&lectus=non&in=velit&quam=nec&fringilla=nisi&rhoncus=vulputate&mauris=nonummy&enim=maecenas&leo=tincidunt&rhoncus=lacus&sed=at&vestibulum=velit&sit=vivamus&amet=vel&cursus=nulla&id=eget&turpis=eros&integer=elementum&aliquet=pellentesque&massa=quisque&id=porta&lobortis=volutpat&convallis=erat&tortor=quisque&risus=erat&dapibus=eros&augue=viverra&vel=eget&accumsan=congue&tellus=eget&nisi=semper&eu=rutrum&orci=nulla&mauris=nunc&lacinia=purus&sapien=phasellus&quis=in&libero=felis&nullam=donec&sit=semper&amet=sapien,TRUE
+http://nhs.uk/ligula/pellentesque/ultrices/phasellus.aspx?hac=sed&habitasse=sagittis&platea=nam&dictumst=congue&morbi=risus&vestibulum=semper&velit=porta&id=volutpat&pretium=quam&iaculis=pede&diam=lobortis&erat=ligula&fermentum=sit&justo=amet&nec=eleifend&condimentum=pede&neque=libero&sapien=quis&placerat=orci&ante=nullam&nulla=molestie&justo=nibh&aliquam=in&quis=lectus&turpis=pellentesque&eget=at&elit=nulla&sodales=suspendisse&scelerisque=potenti&mauris=cras&sit=in&amet=purus&eros=eu&suspendisse=magna&accumsan=vulputate&tortor=luctus&quis=cum&turpis=sociis&sed=natoque&ante=penatibus&vivamus=et&tortor=magnis&duis=dis&mattis=parturient&egestas=montes&metus=nascetur&aenean=ridiculus&fermentum=mus&donec=vivamus&ut=vestibulum&mauris=sagittis&eget=sapien&massa=cum&tempor=sociis&convallis=natoque&nulla=penatibus&neque=et&libero=magnis&convallis=dis&eget=parturient&eleifend=montes&luctus=nascetur&ultricies=ridiculus&eu=mus&nibh=etiam&quisque=vel&id=augue&justo=vestibulum&sit=rutrum,TRUE
+http://angelfire.com/magnis/dis.png?pellentesque=nec&at=sem&nulla=duis&suspendisse=aliquam&potenti=convallis&cras=nunc&in=proin&purus=at&eu=turpis&magna=a&vulputate=pede&luctus=posuere&cum=nonummy&sociis=integer&natoque=non&penatibus=velit&et=donec&magnis=diam&dis=neque&parturient=vestibulum&montes=eget&nascetur=vulputate&ridiculus=ut&mus=ultrices&vivamus=vel&vestibulum=augue&sagittis=vestibulum&sapien=ante&cum=ipsum&sociis=primis&natoque=in&penatibus=faucibus&et=orci&magnis=luctus&dis=et&parturient=ultrices&montes=posuere&nascetur=cubilia&ridiculus=curae&mus=donec&etiam=pharetra&vel=magna&augue=vestibulum,TRUE
+http://whitehouse.gov/eget/tempus/vel/pede/morbi/porttitor.png?et=tristique&commodo=in&vulputate=tempus&justo=sit&in=amet&blandit=sem&ultrices=fusce&enim=consequat&lorem=nulla&ipsum=nisl&dolor=nunc&sit=nisl&amet=duis&consectetuer=bibendum&adipiscing=felis&elit=sed&proin=interdum&interdum=venenatis&mauris=turpis&non=enim&ligula=blandit&pellentesque=mi&ultrices=in&phasellus=porttitor&id=pede&sapien=justo&in=eu&sapien=massa&iaculis=donec&congue=dapibus&vivamus=duis&metus=at&arcu=velit&adipiscing=eu&molestie=est&hendrerit=congue&at=elementum&vulputate=in&vitae=hac&nisl=habitasse&aenean=platea&lectus=dictumst&pellentesque=morbi&eget=vestibulum&nunc=velit&donec=id&quis=pretium&orci=iaculis&eget=diam&orci=erat&vehicula=fermentum&condimentum=justo&curabitur=nec&in=condimentum&libero=neque&ut=sapien&massa=placerat&volutpat=ante&convallis=nulla&morbi=justo,TRUE
+https://github.com/placerat/ante/nulla/justo/aliquam/quis.html?lacus=magnis&at=dis&velit=parturient&vivamus=montes&vel=nascetur&nulla=ridiculus&eget=mus&eros=etiam&elementum=vel&pellentesque=augue&quisque=vestibulum&porta=rutrum&volutpat=rutrum&erat=neque&quisque=aenean&erat=auctor&eros=gravida&viverra=sem&eget=praesent&congue=id&eget=massa&semper=id&rutrum=nisl&nulla=venenatis&nunc=lacinia&purus=aenean&phasellus=sit&in=amet&felis=justo&donec=morbi&semper=ut&sapien=odio&a=cras&libero=mi&nam=pede&dui=malesuada&proin=in&leo=imperdiet&odio=et&porttitor=commodo&id=vulputate&consequat=justo&in=in&consequat=blandit&ut=ultrices&nulla=enim,TRUE
+https://nyu.edu/in/magna/bibendum.xml?nisi=odio&volutpat=elementum&eleifend=eu&donec=interdum&ut=eu&dolor=tincidunt&morbi=in&vel=leo&lectus=maecenas&in=pulvinar&quam=lobortis&fringilla=est&rhoncus=phasellus&mauris=sit&enim=amet&leo=erat&rhoncus=nulla&sed=tempus&vestibulum=vivamus&sit=in&amet=felis&cursus=eu&id=sapien&turpis=cursus&integer=vestibulum&aliquet=proin&massa=eu&id=mi&lobortis=nulla&convallis=ac&tortor=enim&risus=in&dapibus=tempor&augue=turpis&vel=nec&accumsan=euismod&tellus=scelerisque&nisi=quam&eu=turpis&orci=adipiscing&mauris=lorem&lacinia=vitae&sapien=mattis,TRUE
+http://phpbb.com/sapien/sapien/non/mi/integer.html?duis=vulputate&bibendum=ut&morbi=ultrices&non=vel&quam=augue&nec=vestibulum&dui=ante&luctus=ipsum&rutrum=primis&nulla=in&tellus=faucibus&in=orci&sagittis=luctus&dui=et&vel=ultrices&nisl=posuere&duis=cubilia&ac=curae&nibh=donec&fusce=pharetra&lacus=magna&purus=vestibulum&aliquet=aliquet&at=ultrices&feugiat=erat&non=tortor&pretium=sollicitudin&quis=mi&lectus=sit&suspendisse=amet&potenti=lobortis&in=sapien&eleifend=sapien&quam=non&a=mi&odio=integer&in=ac&hac=neque&habitasse=duis&platea=bibendum&dictumst=morbi&maecenas=non&ut=quam&massa=nec&quis=dui&augue=luctus&luctus=rutrum,TRUE
+http://feedburner.com/aliquet/pulvinar/sed/nisl/nunc.js?ridiculus=ut&mus=suscipit&vivamus=a&vestibulum=feugiat&sagittis=et&sapien=eros&cum=vestibulum&sociis=ac&natoque=est&penatibus=lacinia&et=nisi&magnis=venenatis&dis=tristique&parturient=fusce&montes=congue&nascetur=diam&ridiculus=id&mus=ornare&etiam=imperdiet&vel=sapien&augue=urna&vestibulum=pretium&rutrum=nisl&rutrum=ut&neque=volutpat&aenean=sapien&auctor=arcu&gravida=sed&sem=augue&praesent=aliquam&id=erat&massa=volutpat&id=in&nisl=congue&venenatis=etiam&lacinia=justo&aenean=etiam&sit=pretium&amet=iaculis&justo=justo&morbi=in&ut=hac&odio=habitasse&cras=platea&mi=dictumst&pede=etiam&malesuada=faucibus&in=cursus&imperdiet=urna&et=ut&commodo=tellus&vulputate=nulla&justo=ut&in=erat&blandit=id&ultrices=mauris&enim=vulputate&lorem=elementum&ipsum=nullam&dolor=varius&sit=nulla&amet=facilisi&consectetuer=cras&adipiscing=non&elit=velit&proin=nec&interdum=nisi&mauris=vulputate&non=nonummy&ligula=maecenas&pellentesque=tincidunt&ultrices=lacus&phasellus=at&id=velit&sapien=vivamus&in=vel&sapien=nulla&iaculis=eget&congue=eros&vivamus=elementum&metus=pellentesque&arcu=quisque&adipiscing=porta&molestie=volutpat&hendrerit=erat&at=quisque&vulputate=erat&vitae=eros&nisl=viverra&aenean=eget&lectus=congue&pellentesque=eget,TRUE
+https://goo.ne.jp/sit/amet.aspx?in=ultrices&eleifend=erat&quam=tortor&a=sollicitudin&odio=mi&in=sit&hac=amet&habitasse=lobortis&platea=sapien&dictumst=sapien&maecenas=non&ut=mi&massa=integer&quis=ac&augue=neque&luctus=duis&tincidunt=bibendum&nulla=morbi&mollis=non&molestie=quam&lorem=nec&quisque=dui&ut=luctus&erat=rutrum&curabitur=nulla&gravida=tellus&nisi=in&at=sagittis,TRUE
+https://cbslocal.com/quam/pharetra/magna/ac/consequat/metus/sapien.js?viverra=iaculis&diam=congue&vitae=vivamus&quam=metus&suspendisse=arcu&potenti=adipiscing&nullam=molestie&porttitor=hendrerit&lacus=at&at=vulputate&turpis=vitae&donec=nisl&posuere=aenean&metus=lectus&vitae=pellentesque&ipsum=eget&aliquam=nunc&non=donec,TRUE
+https://samsung.com/integer/ac/leo/pellentesque/ultrices.png?blandit=in&mi=magna&in=bibendum&porttitor=imperdiet&pede=nullam&justo=orci&eu=pede&massa=venenatis&donec=non,TRUE
+https://nytimes.com/rhoncus/aliquet/pulvinar.js?in=mattis&imperdiet=nibh&et=ligula&commodo=nec&vulputate=sem&justo=duis&in=aliquam&blandit=convallis&ultrices=nunc&enim=proin&lorem=at&ipsum=turpis&dolor=a&sit=pede&amet=posuere&consectetuer=nonummy&adipiscing=integer&elit=non&proin=velit&interdum=donec&mauris=diam&non=neque&ligula=vestibulum&pellentesque=eget&ultrices=vulputate&phasellus=ut&id=ultrices&sapien=vel&in=augue&sapien=vestibulum&iaculis=ante&congue=ipsum&vivamus=primis&metus=in&arcu=faucibus&adipiscing=orci&molestie=luctus&hendrerit=et&at=ultrices&vulputate=posuere&vitae=cubilia&nisl=curae&aenean=donec&lectus=pharetra&pellentesque=magna&eget=vestibulum&nunc=aliquet&donec=ultrices&quis=erat&orci=tortor&eget=sollicitudin&orci=mi&vehicula=sit&condimentum=amet&curabitur=lobortis&in=sapien&libero=sapien&ut=non&massa=mi&volutpat=integer&convallis=ac&morbi=neque&odio=duis&odio=bibendum&elementum=morbi&eu=non&interdum=quam&eu=nec&tincidunt=dui&in=luctus&leo=rutrum&maecenas=nulla&pulvinar=tellus&lobortis=in&est=sagittis&phasellus=dui&sit=vel&amet=nisl&erat=duis&nulla=ac&tempus=nibh&vivamus=fusce&in=lacus&felis=purus&eu=aliquet&sapien=at&cursus=feugiat&vestibulum=non&proin=pretium&eu=quis&mi=lectus&nulla=suspendisse&ac=potenti&enim=in&in=eleifend&tempor=quam&turpis=a,TRUE
+https://biblegateway.com/dolor/sit/amet/consectetuer/adipiscing/elit.json?tempus=at&vivamus=velit&in=eu&felis=est&eu=congue&sapien=elementum,TRUE
+http://livejournal.com/lacinia/aenean/sit/amet/justo/morbi.js?augue=nulla&vestibulum=suscipit&rutrum=ligula&rutrum=in&neque=lacus&aenean=curabitur&auctor=at&gravida=ipsum&sem=ac&praesent=tellus&id=semper&massa=interdum&id=mauris&nisl=ullamcorper&venenatis=purus&lacinia=sit&aenean=amet&sit=nulla&amet=quisque&justo=arcu&morbi=libero&ut=rutrum,TRUE
+http://slashdot.org/pede/justo/lacinia.js?amet=est&sem=lacinia&fusce=nisi&consequat=venenatis&nulla=tristique&nisl=fusce&nunc=congue&nisl=diam&duis=id&bibendum=ornare&felis=imperdiet&sed=sapien&interdum=urna&venenatis=pretium&turpis=nisl&enim=ut&blandit=volutpat&mi=sapien&in=arcu&porttitor=sed&pede=augue&justo=aliquam&eu=erat&massa=volutpat&donec=in&dapibus=congue&duis=etiam&at=justo&velit=etiam&eu=pretium&est=iaculis&congue=justo&elementum=in&in=hac&hac=habitasse&habitasse=platea&platea=dictumst&dictumst=etiam&morbi=faucibus&vestibulum=cursus&velit=urna&id=ut&pretium=tellus&iaculis=nulla&diam=ut&erat=erat&fermentum=id&justo=mauris&nec=vulputate&condimentum=elementum&neque=nullam&sapien=varius&placerat=nulla&ante=facilisi&nulla=cras&justo=non&aliquam=velit&quis=nec&turpis=nisi&eget=vulputate&elit=nonummy&sodales=maecenas,TRUE
+https://woothemes.com/in/felis/donec/semper/sapien/a/libero.js?augue=in&quam=faucibus&sollicitudin=orci&vitae=luctus&consectetuer=et&eget=ultrices&rutrum=posuere&at=cubilia&lorem=curae&integer=duis&tincidunt=faucibus&ante=accumsan&vel=odio&ipsum=curabitur&praesent=convallis&blandit=duis&lacinia=consequat&erat=dui&vestibulum=nec&sed=nisi&magna=volutpat&at=eleifend&nunc=donec&commodo=ut&placerat=dolor&praesent=morbi&blandit=vel&nam=lectus&nulla=in&integer=quam&pede=fringilla&justo=rhoncus&lacinia=mauris&eget=enim&tincidunt=leo&eget=rhoncus&tempus=sed&vel=vestibulum&pede=sit&morbi=amet&porttitor=cursus&lorem=id&id=turpis&ligula=integer&suspendisse=aliquet&ornare=massa&consequat=id&lectus=lobortis&in=convallis&est=tortor&risus=risus&auctor=dapibus&sed=augue&tristique=vel&in=accumsan&tempus=tellus&sit=nisi&amet=eu&sem=orci&fusce=mauris&consequat=lacinia&nulla=sapien&nisl=quis&nunc=libero&nisl=nullam&duis=sit&bibendum=amet&felis=turpis&sed=elementum&interdum=ligula&venenatis=vehicula&turpis=consequat&enim=morbi&blandit=a&mi=ipsum&in=integer&porttitor=a&pede=nibh&justo=in&eu=quis&massa=justo&donec=maecenas&dapibus=rhoncus&duis=aliquam&at=lacus&velit=morbi&eu=quis&est=tortor&congue=id&elementum=nulla&in=ultrices&hac=aliquet&habitasse=maecenas&platea=leo&dictumst=odio&morbi=condimentum&vestibulum=id&velit=luctus&id=nec,TRUE
+http://webs.com/praesent.aspx?faucibus=vestibulum&orci=ante&luctus=ipsum&et=primis&ultrices=in&posuere=faucibus&cubilia=orci&curae=luctus&nulla=et&dapibus=ultrices&dolor=posuere&vel=cubilia&est=curae&donec=mauris&odio=viverra&justo=diam&sollicitudin=vitae&ut=quam&suscipit=suspendisse&a=potenti&feugiat=nullam&et=porttitor&eros=lacus&vestibulum=at&ac=turpis&est=donec&lacinia=posuere&nisi=metus&venenatis=vitae&tristique=ipsum&fusce=aliquam&congue=non&diam=mauris&id=morbi&ornare=non&imperdiet=lectus&sapien=aliquam&urna=sit&pretium=amet&nisl=diam&ut=in&volutpat=magna&sapien=bibendum&arcu=imperdiet&sed=nullam&augue=orci&aliquam=pede&erat=venenatis&volutpat=non,TRUE
+http://clickbank.net/id/luctus/nec/molestie/sed.jsp?vel=pede&pede=justo&morbi=eu&porttitor=massa&lorem=donec&id=dapibus&ligula=duis&suspendisse=at&ornare=velit&consequat=eu&lectus=est&in=congue&est=elementum&risus=in&auctor=hac&sed=habitasse&tristique=platea&in=dictumst&tempus=morbi&sit=vestibulum,TRUE
+https://indiegogo.com/suspendisse/potenti/in/eleifend/quam/a/odio.jpg?amet=odio&consectetuer=cras&adipiscing=mi&elit=pede&proin=malesuada&interdum=in&mauris=imperdiet&non=et&ligula=commodo&pellentesque=vulputate&ultrices=justo&phasellus=in&id=blandit&sapien=ultrices&in=enim&sapien=lorem&iaculis=ipsum&congue=dolor&vivamus=sit&metus=amet&arcu=consectetuer&adipiscing=adipiscing&molestie=elit&hendrerit=proin&at=interdum&vulputate=mauris&vitae=non&nisl=ligula&aenean=pellentesque&lectus=ultrices&pellentesque=phasellus&eget=id&nunc=sapien&donec=in&quis=sapien&orci=iaculis&eget=congue&orci=vivamus&vehicula=metus&condimentum=arcu&curabitur=adipiscing&in=molestie&libero=hendrerit&ut=at&massa=vulputate&volutpat=vitae&convallis=nisl&morbi=aenean&odio=lectus&odio=pellentesque&elementum=eget&eu=nunc&interdum=donec&eu=quis&tincidunt=orci&in=eget&leo=orci&maecenas=vehicula&pulvinar=condimentum&lobortis=curabitur&est=in&phasellus=libero&sit=ut&amet=massa&erat=volutpat&nulla=convallis&tempus=morbi&vivamus=odio&in=odio&felis=elementum&eu=eu&sapien=interdum&cursus=eu&vestibulum=tincidunt,TRUE
+http://mozilla.com/in.png?cum=eros&sociis=vestibulum&natoque=ac&penatibus=est&et=lacinia&magnis=nisi&dis=venenatis&parturient=tristique&montes=fusce&nascetur=congue&ridiculus=diam&mus=id&etiam=ornare&vel=imperdiet&augue=sapien&vestibulum=urna&rutrum=pretium&rutrum=nisl&neque=ut&aenean=volutpat&auctor=sapien&gravida=arcu&sem=sed&praesent=augue&id=aliquam,TRUE
+http://digg.com/justo/in/hac/habitasse.json?platea=bibendum&dictumst=morbi,TRUE
+http://amazonaws.com/elit/ac/nulla/sed/vel/enim/sit.xml?nulla=molestie&mollis=lorem&molestie=quisque&lorem=ut&quisque=erat&ut=curabitur&erat=gravida&curabitur=nisi&gravida=at&nisi=nibh&at=in&nibh=hac&in=habitasse&hac=platea&habitasse=dictumst&platea=aliquam&dictumst=augue&aliquam=quam&augue=sollicitudin&quam=vitae&sollicitudin=consectetuer&vitae=eget&consectetuer=rutrum&eget=at&rutrum=lorem&at=integer&lorem=tincidunt&integer=ante&tincidunt=vel&ante=ipsum&vel=praesent&ipsum=blandit&praesent=lacinia&blandit=erat&lacinia=vestibulum&erat=sed&vestibulum=magna&sed=at&magna=nunc&at=commodo&nunc=placerat&commodo=praesent&placerat=blandit&praesent=nam&blandit=nulla&nam=integer&nulla=pede&integer=justo&pede=lacinia&justo=eget&lacinia=tincidunt&eget=eget&tincidunt=tempus&eget=vel&tempus=pede&vel=morbi&pede=porttitor&morbi=lorem&porttitor=id&lorem=ligula&id=suspendisse&ligula=ornare&suspendisse=consequat&ornare=lectus&consequat=in&lectus=est&in=risus&est=auctor&risus=sed&auctor=tristique&sed=in&tristique=tempus&in=sit&tempus=amet&sit=sem&amet=fusce&sem=consequat&fusce=nulla&consequat=nisl&nulla=nunc&nisl=nisl,TRUE
+https://jiathis.com/ipsum/dolor/sit/amet.png?rhoncus=blandit&sed=lacinia&vestibulum=erat&sit=vestibulum&amet=sed&cursus=magna&id=at&turpis=nunc&integer=commodo&aliquet=placerat&massa=praesent&id=blandit&lobortis=nam&convallis=nulla&tortor=integer&risus=pede&dapibus=justo&augue=lacinia&vel=eget&accumsan=tincidunt&tellus=eget&nisi=tempus,TRUE
+http://latimes.com/donec/dapibus/duis/at/velit/eu.jpg?in=nec&lacus=dui&curabitur=luctus&at=rutrum&ipsum=nulla&ac=tellus&tellus=in&semper=sagittis&interdum=dui&mauris=vel&ullamcorper=nisl&purus=duis&sit=ac&amet=nibh&nulla=fusce&quisque=lacus&arcu=purus&libero=aliquet&rutrum=at&ac=feugiat&lobortis=non&vel=pretium&dapibus=quis,TRUE
+http://irs.gov/quisque/ut/erat/curabitur/gravida.aspx?in=facilisi&magna=cras&bibendum=non&imperdiet=velit&nullam=nec&orci=nisi&pede=vulputate&venenatis=nonummy&non=maecenas&sodales=tincidunt&sed=lacus&tincidunt=at&eu=velit&felis=vivamus&fusce=vel&posuere=nulla&felis=eget&sed=eros&lacus=elementum&morbi=pellentesque&sem=quisque&mauris=porta&laoreet=volutpat&ut=erat&rhoncus=quisque&aliquet=erat&pulvinar=eros&sed=viverra&nisl=eget&nunc=congue&rhoncus=eget&dui=semper&vel=rutrum&sem=nulla&sed=nunc&sagittis=purus&nam=phasellus&congue=in&risus=felis&semper=donec&porta=semper&volutpat=sapien&quam=a&pede=libero&lobortis=nam&ligula=dui&sit=proin&amet=leo,TRUE
+http://blogtalkradio.com/vestibulum/ante/ipsum/primis/in/faucibus/orci.json?volutpat=dui&sapien=vel&arcu=nisl&sed=duis&augue=ac&aliquam=nibh&erat=fusce&volutpat=lacus&in=purus&congue=aliquet&etiam=at&justo=feugiat&etiam=non&pretium=pretium&iaculis=quis&justo=lectus&in=suspendisse&hac=potenti&habitasse=in&platea=eleifend&dictumst=quam&etiam=a&faucibus=odio&cursus=in&urna=hac&ut=habitasse&tellus=platea&nulla=dictumst&ut=maecenas&erat=ut&id=massa&mauris=quis&vulputate=augue&elementum=luctus&nullam=tincidunt&varius=nulla&nulla=mollis&facilisi=molestie&cras=lorem&non=quisque&velit=ut&nec=erat&nisi=curabitur&vulputate=gravida,TRUE
+http://phpbb.com/at/turpis/a/pede.png?molestie=nulla&hendrerit=mollis&at=molestie&vulputate=lorem&vitae=quisque&nisl=ut&aenean=erat&lectus=curabitur&pellentesque=gravida&eget=nisi&nunc=at&donec=nibh&quis=in&orci=hac&eget=habitasse&orci=platea&vehicula=dictumst&condimentum=aliquam&curabitur=augue&in=quam&libero=sollicitudin&ut=vitae&massa=consectetuer&volutpat=eget&convallis=rutrum&morbi=at&odio=lorem&odio=integer&elementum=tincidunt&eu=ante&interdum=vel&eu=ipsum&tincidunt=praesent&in=blandit&leo=lacinia&maecenas=erat&pulvinar=vestibulum&lobortis=sed&est=magna&phasellus=at&sit=nunc&amet=commodo&erat=placerat&nulla=praesent&tempus=blandit&vivamus=nam&in=nulla&felis=integer&eu=pede&sapien=justo&cursus=lacinia&vestibulum=eget&proin=tincidunt&eu=eget&mi=tempus&nulla=vel&ac=pede&enim=morbi&in=porttitor&tempor=lorem&turpis=id&nec=ligula&euismod=suspendisse&scelerisque=ornare&quam=consequat&turpis=lectus&adipiscing=in&lorem=est&vitae=risus&mattis=auctor&nibh=sed&ligula=tristique&nec=in&sem=tempus&duis=sit&aliquam=amet&convallis=sem&nunc=fusce&proin=consequat&at=nulla&turpis=nisl&a=nunc&pede=nisl&posuere=duis&nonummy=bibendum&integer=felis&non=sed&velit=interdum&donec=venenatis&diam=turpis&neque=enim&vestibulum=blandit&eget=mi&vulputate=in&ut=porttitor&ultrices=pede&vel=justo,TRUE
+http://seesaa.net/purus/sit.png?velit=ultrices&donec=mattis&diam=odio&neque=donec&vestibulum=vitae&eget=nisi&vulputate=nam&ut=ultrices&ultrices=libero&vel=non&augue=mattis&vestibulum=pulvinar,TRUE
+https://google.cn/libero/non/mattis/pulvinar/nulla/pede/ullamcorper.json?lorem=nulla&integer=pede,TRUE
+http://gnu.org/cras.html?fusce=cras&consequat=non&nulla=velit&nisl=nec&nunc=nisi&nisl=vulputate&duis=nonummy,TRUE
+http://nature.com/pellentesque/viverra/pede/ac.html?vel=id&ipsum=consequat&praesent=in&blandit=consequat&lacinia=ut&erat=nulla&vestibulum=sed&sed=accumsan&magna=felis&at=ut&nunc=at&commodo=dolor&placerat=quis&praesent=odio&blandit=consequat&nam=varius&nulla=integer&integer=ac&pede=leo&justo=pellentesque&lacinia=ultrices&eget=mattis&tincidunt=odio&eget=donec&tempus=vitae&vel=nisi&pede=nam&morbi=ultrices&porttitor=libero&lorem=non&id=mattis&ligula=pulvinar&suspendisse=nulla&ornare=pede&consequat=ullamcorper&lectus=augue&in=a&est=suscipit&risus=nulla&auctor=elit&sed=ac&tristique=nulla&in=sed&tempus=vel&sit=enim&amet=sit&sem=amet&fusce=nunc&consequat=viverra&nulla=dapibus&nisl=nulla&nunc=suscipit&nisl=ligula&duis=in&bibendum=lacus&felis=curabitur&sed=at&interdum=ipsum&venenatis=ac&turpis=tellus&enim=semper&blandit=interdum&mi=mauris&in=ullamcorper&porttitor=purus&pede=sit&justo=amet&eu=nulla&massa=quisque&donec=arcu&dapibus=libero&duis=rutrum&at=ac&velit=lobortis&eu=vel&est=dapibus&congue=at&elementum=diam&in=nam&hac=tristique&habitasse=tortor&platea=eu&dictumst=pede,TRUE
+https://cyberchimps.com/ante/ipsum.html?nec=eleifend&molestie=pede,TRUE
+http://histats.com/felis.js?tristique=duis&fusce=ac&congue=nibh&diam=fusce&id=lacus&ornare=purus&imperdiet=aliquet&sapien=at&urna=feugiat&pretium=non&nisl=pretium&ut=quis&volutpat=lectus&sapien=suspendisse&arcu=potenti&sed=in&augue=eleifend&aliquam=quam&erat=a&volutpat=odio&in=in&congue=hac&etiam=habitasse&justo=platea&etiam=dictumst&pretium=maecenas&iaculis=ut&justo=massa&in=quis&hac=augue&habitasse=luctus&platea=tincidunt&dictumst=nulla&etiam=mollis&faucibus=molestie&cursus=lorem&urna=quisque&ut=ut&tellus=erat&nulla=curabitur&ut=gravida&erat=nisi&id=at&mauris=nibh&vulputate=in&elementum=hac&nullam=habitasse&varius=platea&nulla=dictumst&facilisi=aliquam&cras=augue&non=quam&velit=sollicitudin&nec=vitae&nisi=consectetuer&vulputate=eget&nonummy=rutrum&maecenas=at&tincidunt=lorem&lacus=integer&at=tincidunt&velit=ante&vivamus=vel&vel=ipsum&nulla=praesent&eget=blandit&eros=lacinia&elementum=erat&pellentesque=vestibulum&quisque=sed&porta=magna&volutpat=at&erat=nunc&quisque=commodo&erat=placerat&eros=praesent&viverra=blandit&eget=nam&congue=nulla&eget=integer&semper=pede&rutrum=justo&nulla=lacinia&nunc=eget&purus=tincidunt,TRUE
+https://hubpages.com/erat/vestibulum/sed.jsp?justo=in&morbi=tempor&ut=turpis&odio=nec&cras=euismod&mi=scelerisque&pede=quam&malesuada=turpis&in=adipiscing&imperdiet=lorem&et=vitae&commodo=mattis&vulputate=nibh&justo=ligula&in=nec&blandit=sem&ultrices=duis&enim=aliquam&lorem=convallis&ipsum=nunc&dolor=proin&sit=at&amet=turpis&consectetuer=a&adipiscing=pede&elit=posuere&proin=nonummy&interdum=integer&mauris=non&non=velit&ligula=donec&pellentesque=diam&ultrices=neque&phasellus=vestibulum&id=eget&sapien=vulputate&in=ut&sapien=ultrices&iaculis=vel&congue=augue&vivamus=vestibulum&metus=ante&arcu=ipsum&adipiscing=primis&molestie=in&hendrerit=faucibus&at=orci&vulputate=luctus&vitae=et,TRUE
+http://oaic.gov.au/in/imperdiet.jpg?semper=sapien&porta=ut&volutpat=nunc&quam=vestibulum&pede=ante&lobortis=ipsum&ligula=primis&sit=in&amet=faucibus&eleifend=orci&pede=luctus&libero=et&quis=ultrices&orci=posuere&nullam=cubilia&molestie=curae&nibh=mauris&in=viverra&lectus=diam&pellentesque=vitae&at=quam&nulla=suspendisse&suspendisse=potenti&potenti=nullam&cras=porttitor&in=lacus&purus=at&eu=turpis&magna=donec&vulputate=posuere&luctus=metus&cum=vitae&sociis=ipsum&natoque=aliquam&penatibus=non&et=mauris&magnis=morbi&dis=non&parturient=lectus&montes=aliquam&nascetur=sit&ridiculus=amet&mus=diam&vivamus=in&vestibulum=magna&sagittis=bibendum&sapien=imperdiet&cum=nullam&sociis=orci&natoque=pede&penatibus=venenatis&et=non&magnis=sodales&dis=sed&parturient=tincidunt&montes=eu&nascetur=felis&ridiculus=fusce&mus=posuere&etiam=felis&vel=sed&augue=lacus&vestibulum=morbi&rutrum=sem&rutrum=mauris&neque=laoreet&aenean=ut&auctor=rhoncus&gravida=aliquet&sem=pulvinar&praesent=sed&id=nisl,TRUE
+https://mail.ru/mauris/lacinia/sapien/quis/libero/nullam/sit.jsp?tellus=ligula&nisi=pellentesque&eu=ultrices&orci=phasellus&mauris=id&lacinia=sapien&sapien=in&quis=sapien&libero=iaculis&nullam=congue&sit=vivamus&amet=metus&turpis=arcu&elementum=adipiscing&ligula=molestie&vehicula=hendrerit&consequat=at&morbi=vulputate&a=vitae&ipsum=nisl&integer=aenean&a=lectus&nibh=pellentesque&in=eget&quis=nunc&justo=donec&maecenas=quis&rhoncus=orci&aliquam=eget&lacus=orci&morbi=vehicula&quis=condimentum&tortor=curabitur&id=in&nulla=libero&ultrices=ut&aliquet=massa&maecenas=volutpat&leo=convallis&odio=morbi&condimentum=odio&id=odio&luctus=elementum&nec=eu&molestie=interdum&sed=eu&justo=tincidunt&pellentesque=in&viverra=leo&pede=maecenas&ac=pulvinar&diam=lobortis&cras=est&pellentesque=phasellus&volutpat=sit&dui=amet&maecenas=erat&tristique=nulla&est=tempus&et=vivamus,TRUE
+https://cargocollective.com/felis/sed/interdum/venenatis/turpis/enim.json?pellentesque=ligula&volutpat=pellentesque&dui=ultrices&maecenas=phasellus&tristique=id&est=sapien&et=in&tempus=sapien&semper=iaculis&est=congue&quam=vivamus&pharetra=metus&magna=arcu&ac=adipiscing&consequat=molestie&metus=hendrerit&sapien=at&ut=vulputate&nunc=vitae&vestibulum=nisl&ante=aenean&ipsum=lectus&primis=pellentesque&in=eget&faucibus=nunc&orci=donec&luctus=quis&et=orci&ultrices=eget&posuere=orci&cubilia=vehicula&curae=condimentum&mauris=curabitur&viverra=in&diam=libero&vitae=ut&quam=massa&suspendisse=volutpat&potenti=convallis&nullam=morbi&porttitor=odio&lacus=odio&at=elementum&turpis=eu&donec=interdum&posuere=eu,TRUE
+https://de.vu/libero/convallis/eget/eleifend/luctus/ultricies/eu.json?aliquet=faucibus&at=orci&feugiat=luctus&non=et&pretium=ultrices&quis=posuere&lectus=cubilia,TRUE
+http://aol.com/non/sodales/sed/tincidunt/eu.png?vulputate=vitae&elementum=consectetuer&nullam=eget&varius=rutrum&nulla=at&facilisi=lorem&cras=integer&non=tincidunt&velit=ante&nec=vel&nisi=ipsum&vulputate=praesent&nonummy=blandit&maecenas=lacinia&tincidunt=erat&lacus=vestibulum&at=sed&velit=magna&vivamus=at&vel=nunc&nulla=commodo&eget=placerat&eros=praesent&elementum=blandit&pellentesque=nam&quisque=nulla&porta=integer&volutpat=pede&erat=justo&quisque=lacinia&erat=eget&eros=tincidunt&viverra=eget&eget=tempus&congue=vel&eget=pede&semper=morbi&rutrum=porttitor&nulla=lorem&nunc=id&purus=ligula&phasellus=suspendisse&in=ornare&felis=consequat&donec=lectus&semper=in&sapien=est&a=risus&libero=auctor&nam=sed&dui=tristique&proin=in&leo=tempus&odio=sit&porttitor=amet&id=sem&consequat=fusce&in=consequat&consequat=nulla&ut=nisl&nulla=nunc,TRUE
+http://microsoft.com/curabitur/at/ipsum/ac/tellus.xml?cursus=luctus&urna=et&ut=ultrices&tellus=posuere&nulla=cubilia&ut=curae&erat=duis&id=faucibus&mauris=accumsan,TRUE
+http://vimeo.com/mauris/viverra/diam/vitae/quam/suspendisse.xml?rhoncus=proin&aliquam=at&lacus=turpis&morbi=a&quis=pede&tortor=posuere&id=nonummy&nulla=integer&ultrices=non&aliquet=velit&maecenas=donec&leo=diam&odio=neque&condimentum=vestibulum&id=eget&luctus=vulputate&nec=ut&molestie=ultrices&sed=vel&justo=augue&pellentesque=vestibulum&viverra=ante&pede=ipsum&ac=primis&diam=in&cras=faucibus&pellentesque=orci&volutpat=luctus&dui=et&maecenas=ultrices&tristique=posuere&est=cubilia&et=curae&tempus=donec&semper=pharetra&est=magna&quam=vestibulum&pharetra=aliquet&magna=ultrices&ac=erat&consequat=tortor&metus=sollicitudin&sapien=mi&ut=sit&nunc=amet&vestibulum=lobortis&ante=sapien&ipsum=sapien&primis=non&in=mi&faucibus=integer&orci=ac&luctus=neque&et=duis&ultrices=bibendum&posuere=morbi&cubilia=non&curae=quam&mauris=nec&viverra=dui&diam=luctus&vitae=rutrum&quam=nulla&suspendisse=tellus&potenti=in&nullam=sagittis&porttitor=dui&lacus=vel&at=nisl&turpis=duis&donec=ac&posuere=nibh&metus=fusce,TRUE
+https://webmd.com/suspendisse.xml?morbi=id&vestibulum=sapien&velit=in&id=sapien&pretium=iaculis,TRUE
+https://yelp.com/erat/curabitur/gravida/nisi/at/nibh/in.jsp?est=curabitur&quam=gravida&pharetra=nisi&magna=at&ac=nibh&consequat=in&metus=hac&sapien=habitasse&ut=platea&nunc=dictumst&vestibulum=aliquam&ante=augue&ipsum=quam&primis=sollicitudin&in=vitae&faucibus=consectetuer&orci=eget&luctus=rutrum&et=at&ultrices=lorem&posuere=integer&cubilia=tincidunt&curae=ante&mauris=vel&viverra=ipsum&diam=praesent&vitae=blandit&quam=lacinia&suspendisse=erat&potenti=vestibulum&nullam=sed&porttitor=magna&lacus=at&at=nunc&turpis=commodo&donec=placerat&posuere=praesent&metus=blandit&vitae=nam&ipsum=nulla&aliquam=integer&non=pede&mauris=justo&morbi=lacinia&non=eget&lectus=tincidunt&aliquam=eget&sit=tempus&amet=vel&diam=pede&in=morbi&magna=porttitor&bibendum=lorem&imperdiet=id&nullam=ligula&orci=suspendisse&pede=ornare&venenatis=consequat&non=lectus&sodales=in&sed=est&tincidunt=risus&eu=auctor&felis=sed&fusce=tristique&posuere=in&felis=tempus&sed=sit&lacus=amet&morbi=sem&sem=fusce&mauris=consequat&laoreet=nulla&ut=nisl&rhoncus=nunc&aliquet=nisl&pulvinar=duis&sed=bibendum&nisl=felis&nunc=sed&rhoncus=interdum&dui=venenatis&vel=turpis,TRUE
+https://washington.edu/nulla/ultrices.js?blandit=nullam&mi=molestie&in=nibh&porttitor=in&pede=lectus&justo=pellentesque&eu=at&massa=nulla&donec=suspendisse&dapibus=potenti&duis=cras&at=in&velit=purus&eu=eu&est=magna&congue=vulputate&elementum=luctus&in=cum&hac=sociis&habitasse=natoque&platea=penatibus&dictumst=et&morbi=magnis&vestibulum=dis&velit=parturient&id=montes&pretium=nascetur&iaculis=ridiculus&diam=mus&erat=vivamus&fermentum=vestibulum&justo=sagittis&nec=sapien&condimentum=cum&neque=sociis&sapien=natoque&placerat=penatibus&ante=et&nulla=magnis&justo=dis&aliquam=parturient&quis=montes&turpis=nascetur&eget=ridiculus&elit=mus&sodales=etiam&scelerisque=vel&mauris=augue&sit=vestibulum&amet=rutrum&eros=rutrum&suspendisse=neque&accumsan=aenean&tortor=auctor&quis=gravida&turpis=sem&sed=praesent&ante=id&vivamus=massa&tortor=id&duis=nisl&mattis=venenatis&egestas=lacinia&metus=aenean&aenean=sit&fermentum=amet&donec=justo&ut=morbi&mauris=ut&eget=odio&massa=cras&tempor=mi&convallis=pede&nulla=malesuada&neque=in&libero=imperdiet&convallis=et&eget=commodo&eleifend=vulputate&luctus=justo&ultricies=in&eu=blandit&nibh=ultrices&quisque=enim&id=lorem&justo=ipsum&sit=dolor&amet=sit&sapien=amet&dignissim=consectetuer&vestibulum=adipiscing&vestibulum=elit&ante=proin&ipsum=interdum&primis=mauris&in=non&faucibus=ligula&orci=pellentesque&luctus=ultrices&et=phasellus,TRUE
+https://usgs.gov/faucibus/orci.js?eu=sit&nibh=amet&quisque=erat&id=nulla&justo=tempus&sit=vivamus&amet=in&sapien=felis&dignissim=eu&vestibulum=sapien&vestibulum=cursus&ante=vestibulum&ipsum=proin&primis=eu&in=mi&faucibus=nulla&orci=ac&luctus=enim&et=in&ultrices=tempor&posuere=turpis&cubilia=nec&curae=euismod&nulla=scelerisque,TRUE
+http://wp.com/nibh/in/quis/justo.jpg?sed=et&lacus=magnis&morbi=dis&sem=parturient&mauris=montes&laoreet=nascetur&ut=ridiculus&rhoncus=mus&aliquet=etiam&pulvinar=vel&sed=augue&nisl=vestibulum&nunc=rutrum&rhoncus=rutrum&dui=neque&vel=aenean&sem=auctor&sed=gravida&sagittis=sem&nam=praesent&congue=id&risus=massa&semper=id&porta=nisl&volutpat=venenatis&quam=lacinia&pede=aenean&lobortis=sit&ligula=amet&sit=justo&amet=morbi&eleifend=ut&pede=odio&libero=cras&quis=mi&orci=pede&nullam=malesuada&molestie=in&nibh=imperdiet&in=et&lectus=commodo&pellentesque=vulputate&at=justo&nulla=in&suspendisse=blandit&potenti=ultrices&cras=enim&in=lorem&purus=ipsum&eu=dolor&magna=sit&vulputate=amet&luctus=consectetuer&cum=adipiscing&sociis=elit&natoque=proin&penatibus=interdum&et=mauris&magnis=non&dis=ligula&parturient=pellentesque&montes=ultrices&nascetur=phasellus&ridiculus=id&mus=sapien&vivamus=in&vestibulum=sapien&sagittis=iaculis&sapien=congue&cum=vivamus&sociis=metus&natoque=arcu&penatibus=adipiscing&et=molestie&magnis=hendrerit&dis=at&parturient=vulputate&montes=vitae&nascetur=nisl&ridiculus=aenean&mus=lectus,TRUE
+https://scribd.com/rhoncus.js?in=turpis&faucibus=elementum&orci=ligula&luctus=vehicula&et=consequat&ultrices=morbi&posuere=a&cubilia=ipsum&curae=integer&nulla=a&dapibus=nibh&dolor=in&vel=quis&est=justo&donec=maecenas&odio=rhoncus&justo=aliquam&sollicitudin=lacus&ut=morbi&suscipit=quis&a=tortor&feugiat=id&et=nulla&eros=ultrices&vestibulum=aliquet&ac=maecenas&est=leo&lacinia=odio&nisi=condimentum&venenatis=id&tristique=luctus&fusce=nec&congue=molestie&diam=sed&id=justo&ornare=pellentesque&imperdiet=viverra&sapien=pede&urna=ac&pretium=diam&nisl=cras&ut=pellentesque&volutpat=volutpat&sapien=dui&arcu=maecenas&sed=tristique&augue=est&aliquam=et&erat=tempus&volutpat=semper&in=est&congue=quam&etiam=pharetra&justo=magna&etiam=ac&pretium=consequat&iaculis=metus&justo=sapien&in=ut&hac=nunc&habitasse=vestibulum&platea=ante&dictumst=ipsum&etiam=primis&faucibus=in&cursus=faucibus&urna=orci&ut=luctus&tellus=et&nulla=ultrices&ut=posuere&erat=cubilia&id=curae&mauris=mauris&vulputate=viverra&elementum=diam&nullam=vitae,TRUE
+https://intel.com/aenean/sit/amet.html?montes=est&nascetur=congue&ridiculus=elementum&mus=in&vivamus=hac&vestibulum=habitasse&sagittis=platea&sapien=dictumst&cum=morbi&sociis=vestibulum&natoque=velit&penatibus=id&et=pretium&magnis=iaculis&dis=diam&parturient=erat&montes=fermentum&nascetur=justo&ridiculus=nec&mus=condimentum&etiam=neque&vel=sapien&augue=placerat&vestibulum=ante&rutrum=nulla&rutrum=justo&neque=aliquam&aenean=quis&auctor=turpis&gravida=eget&sem=elit&praesent=sodales&id=scelerisque&massa=mauris&id=sit&nisl=amet&venenatis=eros&lacinia=suspendisse&aenean=accumsan&sit=tortor&amet=quis&justo=turpis&morbi=sed&ut=ante&odio=vivamus&cras=tortor&mi=duis&pede=mattis&malesuada=egestas,TRUE
+http://epa.gov/blandit/lacinia.html?tristique=augue&fusce=quam&congue=sollicitudin&diam=vitae&id=consectetuer&ornare=eget&imperdiet=rutrum&sapien=at&urna=lorem&pretium=integer&nisl=tincidunt&ut=ante&volutpat=vel&sapien=ipsum&arcu=praesent&sed=blandit&augue=lacinia&aliquam=erat&erat=vestibulum&volutpat=sed&in=magna&congue=at&etiam=nunc&justo=commodo&etiam=placerat&pretium=praesent&iaculis=blandit&justo=nam&in=nulla&hac=integer,TRUE
+https://alexa.com/tempor/turpis/nec/euismod/scelerisque.xml?primis=vulputate&in=ut&faucibus=ultrices&orci=vel&luctus=augue&et=vestibulum&ultrices=ante&posuere=ipsum&cubilia=primis&curae=in&nulla=faucibus&dapibus=orci&dolor=luctus&vel=et&est=ultrices&donec=posuere&odio=cubilia&justo=curae&sollicitudin=donec&ut=pharetra&suscipit=magna&a=vestibulum&feugiat=aliquet&et=ultrices&eros=erat&vestibulum=tortor&ac=sollicitudin&est=mi&lacinia=sit&nisi=amet,TRUE
+http://ucoz.ru/dictumst/etiam.aspx?vestibulum=in&ante=tempor&ipsum=turpis&primis=nec&in=euismod&faucibus=scelerisque&orci=quam&luctus=turpis&et=adipiscing&ultrices=lorem&posuere=vitae&cubilia=mattis&curae=nibh&mauris=ligula&viverra=nec&diam=sem&vitae=duis&quam=aliquam&suspendisse=convallis&potenti=nunc&nullam=proin&porttitor=at&lacus=turpis&at=a&turpis=pede&donec=posuere&posuere=nonummy&metus=integer&vitae=non&ipsum=velit&aliquam=donec&non=diam&mauris=neque&morbi=vestibulum&non=eget&lectus=vulputate&aliquam=ut,TRUE
+https://multiply.com/est/congue/elementum/in/hac/habitasse/platea.json?eleifend=aliquet&pede=maecenas&libero=leo&quis=odio&orci=condimentum&nullam=id&molestie=luctus&nibh=nec&in=molestie&lectus=sed&pellentesque=justo&at=pellentesque&nulla=viverra&suspendisse=pede&potenti=ac&cras=diam&in=cras&purus=pellentesque&eu=volutpat&magna=dui&vulputate=maecenas&luctus=tristique&cum=est&sociis=et&natoque=tempus&penatibus=semper&et=est&magnis=quam&dis=pharetra&parturient=magna&montes=ac&nascetur=consequat&ridiculus=metus&mus=sapien&vivamus=ut&vestibulum=nunc&sagittis=vestibulum&sapien=ante&cum=ipsum&sociis=primis&natoque=in&penatibus=faucibus&et=orci&magnis=luctus&dis=et&parturient=ultrices&montes=posuere&nascetur=cubilia&ridiculus=curae&mus=mauris&etiam=viverra&vel=diam&augue=vitae&vestibulum=quam&rutrum=suspendisse&rutrum=potenti&neque=nullam&aenean=porttitor&auctor=lacus&gravida=at&sem=turpis&praesent=donec&id=posuere&massa=metus&id=vitae&nisl=ipsum&venenatis=aliquam&lacinia=non&aenean=mauris&sit=morbi&amet=non&justo=lectus&morbi=aliquam&ut=sit&odio=amet&cras=diam&mi=in&pede=magna&malesuada=bibendum&in=imperdiet&imperdiet=nullam&et=orci&commodo=pede&vulputate=venenatis&justo=non&in=sodales&blandit=sed&ultrices=tincidunt&enim=eu&lorem=felis,TRUE
+http://si.edu/venenatis/lacinia/aenean/sit/amet/justo.xml?libero=pede&nam=libero&dui=quis&proin=orci&leo=nullam&odio=molestie&porttitor=nibh&id=in&consequat=lectus&in=pellentesque&consequat=at&ut=nulla&nulla=suspendisse&sed=potenti&accumsan=cras&felis=in&ut=purus&at=eu&dolor=magna&quis=vulputate&odio=luctus&consequat=cum&varius=sociis&integer=natoque&ac=penatibus&leo=et&pellentesque=magnis&ultrices=dis&mattis=parturient&odio=montes&donec=nascetur&vitae=ridiculus&nisi=mus&nam=vivamus&ultrices=vestibulum&libero=sagittis&non=sapien&mattis=cum&pulvinar=sociis&nulla=natoque&pede=penatibus&ullamcorper=et&augue=magnis&a=dis&suscipit=parturient&nulla=montes&elit=nascetur&ac=ridiculus&nulla=mus&sed=etiam&vel=vel&enim=augue&sit=vestibulum&amet=rutrum&nunc=rutrum&viverra=neque&dapibus=aenean&nulla=auctor&suscipit=gravida&ligula=sem&in=praesent&lacus=id&curabitur=massa,TRUE
+http://ovh.net/lacinia/eget/tincidunt/eget/tempus.png?erat=purus&volutpat=aliquet&in=at&congue=feugiat&etiam=non&justo=pretium&etiam=quis&pretium=lectus&iaculis=suspendisse&justo=potenti&in=in&hac=eleifend&habitasse=quam&platea=a&dictumst=odio&etiam=in&faucibus=hac&cursus=habitasse&urna=platea&ut=dictumst&tellus=maecenas&nulla=ut&ut=massa&erat=quis&id=augue&mauris=luctus&vulputate=tincidunt&elementum=nulla&nullam=mollis&varius=molestie&nulla=lorem&facilisi=quisque&cras=ut&non=erat&velit=curabitur&nec=gravida&nisi=nisi&vulputate=at&nonummy=nibh&maecenas=in&tincidunt=hac&lacus=habitasse&at=platea&velit=dictumst&vivamus=aliquam&vel=augue&nulla=quam&eget=sollicitudin&eros=vitae&elementum=consectetuer&pellentesque=eget&quisque=rutrum&porta=at&volutpat=lorem&erat=integer&quisque=tincidunt&erat=ante&eros=vel&viverra=ipsum&eget=praesent&congue=blandit&eget=lacinia&semper=erat&rutrum=vestibulum&nulla=sed&nunc=magna&purus=at&phasellus=nunc&in=commodo&felis=placerat&donec=praesent&semper=blandit&sapien=nam&a=nulla&libero=integer&nam=pede&dui=justo,TRUE
+https://blinklist.com/lacus/morbi/sem/mauris.json?justo=quam&in=a&hac=odio&habitasse=in&platea=hac&dictumst=habitasse&etiam=platea&faucibus=dictumst&cursus=maecenas&urna=ut&ut=massa&tellus=quis&nulla=augue&ut=luctus&erat=tincidunt&id=nulla&mauris=mollis,TRUE
+https://timesonline.co.uk/duis/consequat/dui.html?morbi=neque&sem=sapien&mauris=placerat&laoreet=ante&ut=nulla&rhoncus=justo&aliquet=aliquam&pulvinar=quis&sed=turpis&nisl=eget&nunc=elit&rhoncus=sodales&dui=scelerisque&vel=mauris&sem=sit&sed=amet&sagittis=eros&nam=suspendisse&congue=accumsan&risus=tortor&semper=quis&porta=turpis&volutpat=sed&quam=ante&pede=vivamus&lobortis=tortor&ligula=duis&sit=mattis&amet=egestas&eleifend=metus&pede=aenean&libero=fermentum&quis=donec&orci=ut&nullam=mauris&molestie=eget&nibh=massa&in=tempor&lectus=convallis&pellentesque=nulla&at=neque&nulla=libero&suspendisse=convallis&potenti=eget&cras=eleifend&in=luctus&purus=ultricies&eu=eu&magna=nibh&vulputate=quisque&luctus=id&cum=justo&sociis=sit&natoque=amet&penatibus=sapien&et=dignissim&magnis=vestibulum,TRUE
+https://ehow.com/rutrum/nulla.xml?integer=morbi&ac=odio&neque=odio&duis=elementum&bibendum=eu&morbi=interdum&non=eu&quam=tincidunt&nec=in&dui=leo&luctus=maecenas&rutrum=pulvinar&nulla=lobortis&tellus=est&in=phasellus&sagittis=sit&dui=amet&vel=erat&nisl=nulla&duis=tempus&ac=vivamus&nibh=in&fusce=felis&lacus=eu&purus=sapien&aliquet=cursus&at=vestibulum&feugiat=proin&non=eu&pretium=mi&quis=nulla&lectus=ac&suspendisse=enim&potenti=in&in=tempor&eleifend=turpis&quam=nec&a=euismod&odio=scelerisque&in=quam&hac=turpis&habitasse=adipiscing&platea=lorem&dictumst=vitae&maecenas=mattis&ut=nibh&massa=ligula&quis=nec&augue=sem&luctus=duis&tincidunt=aliquam,TRUE
+https://cnet.com/consectetuer/eget/rutrum/at/lorem/integer.xml?elementum=sed&eu=interdum&interdum=venenatis&eu=turpis&tincidunt=enim&in=blandit&leo=mi&maecenas=in&pulvinar=porttitor&lobortis=pede&est=justo&phasellus=eu&sit=massa&amet=donec&erat=dapibus&nulla=duis&tempus=at&vivamus=velit&in=eu&felis=est&eu=congue&sapien=elementum&cursus=in&vestibulum=hac&proin=habitasse&eu=platea&mi=dictumst&nulla=morbi&ac=vestibulum&enim=velit&in=id&tempor=pretium&turpis=iaculis&nec=diam&euismod=erat&scelerisque=fermentum&quam=justo&turpis=nec&adipiscing=condimentum&lorem=neque&vitae=sapien&mattis=placerat&nibh=ante&ligula=nulla&nec=justo&sem=aliquam&duis=quis&aliquam=turpis&convallis=eget&nunc=elit&proin=sodales&at=scelerisque&turpis=mauris&a=sit&pede=amet&posuere=eros&nonummy=suspendisse&integer=accumsan&non=tortor&velit=quis&donec=turpis&diam=sed&neque=ante&vestibulum=vivamus&eget=tortor&vulputate=duis&ut=mattis&ultrices=egestas&vel=metus&augue=aenean&vestibulum=fermentum&ante=donec&ipsum=ut&primis=mauris&in=eget&faucibus=massa&orci=tempor&luctus=convallis&et=nulla&ultrices=neque&posuere=libero&cubilia=convallis,TRUE
+http://dailymail.co.uk/consequat/ut/nulla/sed/accumsan.html?erat=ut&id=at&mauris=dolor&vulputate=quis&elementum=odio&nullam=consequat&varius=varius&nulla=integer&facilisi=ac&cras=leo&non=pellentesque&velit=ultrices&nec=mattis&nisi=odio&vulputate=donec&nonummy=vitae&maecenas=nisi&tincidunt=nam&lacus=ultrices&at=libero&velit=non&vivamus=mattis,TRUE
+https://apple.com/nisl/venenatis.png?ante=lobortis&ipsum=ligula&primis=sit&in=amet&faucibus=eleifend&orci=pede&luctus=libero&et=quis&ultrices=orci&posuere=nullam&cubilia=molestie&curae=nibh&nulla=in&dapibus=lectus&dolor=pellentesque&vel=at&est=nulla&donec=suspendisse&odio=potenti&justo=cras&sollicitudin=in&ut=purus&suscipit=eu&a=magna&feugiat=vulputate&et=luctus&eros=cum&vestibulum=sociis&ac=natoque&est=penatibus&lacinia=et&nisi=magnis&venenatis=dis&tristique=parturient&fusce=montes&congue=nascetur&diam=ridiculus,TRUE
+https://geocities.com/nibh/in/lectus/pellentesque/at/nulla/suspendisse.xml?vestibulum=tincidunt&sed=eget&magna=tempus&at=vel&nunc=pede&commodo=morbi&placerat=porttitor&praesent=lorem&blandit=id&nam=ligula&nulla=suspendisse&integer=ornare&pede=consequat&justo=lectus&lacinia=in&eget=est&tincidunt=risus&eget=auctor&tempus=sed&vel=tristique&pede=in&morbi=tempus&porttitor=sit&lorem=amet&id=sem&ligula=fusce&suspendisse=consequat&ornare=nulla&consequat=nisl&lectus=nunc&in=nisl&est=duis&risus=bibendum&auctor=felis&sed=sed&tristique=interdum&in=venenatis&tempus=turpis&sit=enim&amet=blandit&sem=mi&fusce=in&consequat=porttitor&nulla=pede&nisl=justo&nunc=eu&nisl=massa&duis=donec&bibendum=dapibus&felis=duis&sed=at&interdum=velit&venenatis=eu&turpis=est&enim=congue&blandit=elementum&mi=in&in=hac&porttitor=habitasse&pede=platea,TRUE
+https://cdc.gov/viverra/pede/ac/diam.xml?pharetra=nulla&magna=justo&vestibulum=aliquam&aliquet=quis&ultrices=turpis&erat=eget&tortor=elit&sollicitudin=sodales&mi=scelerisque&sit=mauris&amet=sit&lobortis=amet&sapien=eros&sapien=suspendisse&non=accumsan&mi=tortor&integer=quis&ac=turpis&neque=sed&duis=ante&bibendum=vivamus&morbi=tortor&non=duis&quam=mattis&nec=egestas&dui=metus&luctus=aenean&rutrum=fermentum&nulla=donec&tellus=ut&in=mauris&sagittis=eget&dui=massa,TRUE
+http://hubpages.com/cras/mi/pede/malesuada/in.jpg?integer=tempus&aliquet=semper&massa=est&id=quam&lobortis=pharetra&convallis=magna&tortor=ac&risus=consequat&dapibus=metus&augue=sapien&vel=ut&accumsan=nunc&tellus=vestibulum&nisi=ante&eu=ipsum&orci=primis&mauris=in&lacinia=faucibus&sapien=orci&quis=luctus&libero=et&nullam=ultrices&sit=posuere&amet=cubilia&turpis=curae&elementum=mauris&ligula=viverra&vehicula=diam&consequat=vitae&morbi=quam&a=suspendisse&ipsum=potenti&integer=nullam&a=porttitor&nibh=lacus&in=at&quis=turpis&justo=donec&maecenas=posuere&rhoncus=metus&aliquam=vitae&lacus=ipsum&morbi=aliquam&quis=non&tortor=mauris&id=morbi&nulla=non&ultrices=lectus&aliquet=aliquam&maecenas=sit&leo=amet&odio=diam&condimentum=in&id=magna&luctus=bibendum&nec=imperdiet&molestie=nullam&sed=orci&justo=pede&pellentesque=venenatis&viverra=non&pede=sodales&ac=sed&diam=tincidunt&cras=eu&pellentesque=felis&volutpat=fusce&dui=posuere&maecenas=felis&tristique=sed&est=lacus&et=morbi&tempus=sem&semper=mauris&est=laoreet&quam=ut&pharetra=rhoncus,TRUE
+https://wikia.com/porttitor/lacus/at/turpis.jpg?dictumst=quis&aliquam=justo&augue=maecenas&quam=rhoncus&sollicitudin=aliquam,TRUE
+https://paginegialle.it/sociis/natoque/penatibus/et/magnis/dis/parturient.json?in=penatibus,TRUE
+http://ft.com/luctus/nec/molestie.html?ipsum=lectus&aliquam=aliquam&non=sit&mauris=amet&morbi=diam&non=in&lectus=magna&aliquam=bibendum&sit=imperdiet&amet=nullam&diam=orci&in=pede&magna=venenatis&bibendum=non&imperdiet=sodales&nullam=sed&orci=tincidunt&pede=eu&venenatis=felis&non=fusce&sodales=posuere&sed=felis&tincidunt=sed&eu=lacus&felis=morbi&fusce=sem&posuere=mauris&felis=laoreet&sed=ut&lacus=rhoncus&morbi=aliquet&sem=pulvinar&mauris=sed&laoreet=nisl&ut=nunc&rhoncus=rhoncus&aliquet=dui&pulvinar=vel&sed=sem&nisl=sed&nunc=sagittis&rhoncus=nam&dui=congue&vel=risus&sem=semper&sed=porta&sagittis=volutpat&nam=quam&congue=pede&risus=lobortis&semper=ligula&porta=sit&volutpat=amet&quam=eleifend&pede=pede&lobortis=libero&ligula=quis&sit=orci&amet=nullam&eleifend=molestie&pede=nibh&libero=in&quis=lectus&orci=pellentesque&nullam=at&molestie=nulla&nibh=suspendisse&in=potenti&lectus=cras&pellentesque=in&at=purus&nulla=eu&suspendisse=magna&potenti=vulputate&cras=luctus&in=cum,TRUE
+http://typepad.com/semper/porta/volutpat/quam.jsp?donec=quisque&ut=id&mauris=justo&eget=sit&massa=amet&tempor=sapien&convallis=dignissim&nulla=vestibulum&neque=vestibulum&libero=ante&convallis=ipsum&eget=primis&eleifend=in&luctus=faucibus&ultricies=orci&eu=luctus&nibh=et&quisque=ultrices&id=posuere&justo=cubilia&sit=curae&amet=nulla&sapien=dapibus&dignissim=dolor&vestibulum=vel&vestibulum=est&ante=donec&ipsum=odio&primis=justo&in=sollicitudin&faucibus=ut&orci=suscipit&luctus=a&et=feugiat&ultrices=et&posuere=eros&cubilia=vestibulum&curae=ac&nulla=est&dapibus=lacinia&dolor=nisi&vel=venenatis&est=tristique&donec=fusce&odio=congue&justo=diam&sollicitudin=id&ut=ornare&suscipit=imperdiet,TRUE
+http://github.com/porttitor/lorem.aspx?pede=neque&morbi=aenean&porttitor=auctor&lorem=gravida&id=sem&ligula=praesent&suspendisse=id&ornare=massa&consequat=id&lectus=nisl&in=venenatis&est=lacinia&risus=aenean&auctor=sit&sed=amet&tristique=justo&in=morbi&tempus=ut&sit=odio&amet=cras&sem=mi&fusce=pede&consequat=malesuada&nulla=in&nisl=imperdiet&nunc=et&nisl=commodo&duis=vulputate&bibendum=justo,TRUE
+http://ftc.gov/justo/lacinia/eget/tincidunt.json?natoque=nulla&penatibus=mollis&et=molestie&magnis=lorem&dis=quisque&parturient=ut&montes=erat&nascetur=curabitur&ridiculus=gravida&mus=nisi&vivamus=at&vestibulum=nibh&sagittis=in&sapien=hac&cum=habitasse&sociis=platea&natoque=dictumst&penatibus=aliquam&et=augue&magnis=quam&dis=sollicitudin&parturient=vitae&montes=consectetuer&nascetur=eget&ridiculus=rutrum&mus=at&etiam=lorem&vel=integer&augue=tincidunt&vestibulum=ante&rutrum=vel&rutrum=ipsum&neque=praesent&aenean=blandit&auctor=lacinia&gravida=erat&sem=vestibulum&praesent=sed&id=magna&massa=at&id=nunc&nisl=commodo&venenatis=placerat&lacinia=praesent&aenean=blandit&sit=nam&amet=nulla&justo=integer&morbi=pede&ut=justo&odio=lacinia&cras=eget&mi=tincidunt&pede=eget&malesuada=tempus&in=vel&imperdiet=pede&et=morbi&commodo=porttitor&vulputate=lorem&justo=id&in=ligula&blandit=suspendisse&ultrices=ornare&enim=consequat&lorem=lectus&ipsum=in&dolor=est&sit=risus&amet=auctor&consectetuer=sed&adipiscing=tristique&elit=in&proin=tempus&interdum=sit&mauris=amet&non=sem&ligula=fusce,TRUE
+http://icio.us/duis/ac/nibh/fusce.aspx?id=risus&ligula=semper&suspendisse=porta&ornare=volutpat&consequat=quam&lectus=pede&in=lobortis&est=ligula&risus=sit&auctor=amet&sed=eleifend&tristique=pede&in=libero&tempus=quis&sit=orci&amet=nullam&sem=molestie&fusce=nibh&consequat=in&nulla=lectus&nisl=pellentesque&nunc=at&nisl=nulla&duis=suspendisse&bibendum=potenti&felis=cras&sed=in&interdum=purus&venenatis=eu&turpis=magna&enim=vulputate&blandit=luctus&mi=cum&in=sociis&porttitor=natoque&pede=penatibus&justo=et&eu=magnis&massa=dis&donec=parturient&dapibus=montes&duis=nascetur&at=ridiculus&velit=mus&eu=vivamus&est=vestibulum&congue=sagittis&elementum=sapien&in=cum&hac=sociis&habitasse=natoque&platea=penatibus&dictumst=et&morbi=magnis&vestibulum=dis&velit=parturient&id=montes&pretium=nascetur&iaculis=ridiculus&diam=mus&erat=etiam&fermentum=vel&justo=augue&nec=vestibulum&condimentum=rutrum&neque=rutrum&sapien=neque&placerat=aenean&ante=auctor&nulla=gravida&justo=sem&aliquam=praesent&quis=id&turpis=massa&eget=id&elit=nisl&sodales=venenatis&scelerisque=lacinia&mauris=aenean&sit=sit&amet=amet,TRUE
+https://cam.ac.uk/malesuada/in/imperdiet.png?amet=interdum&justo=in&morbi=ante&ut=vestibulum&odio=ante&cras=ipsum&mi=primis&pede=in&malesuada=faucibus&in=orci&imperdiet=luctus&et=et&commodo=ultrices&vulputate=posuere&justo=cubilia&in=curae&blandit=duis&ultrices=faucibus&enim=accumsan&lorem=odio&ipsum=curabitur&dolor=convallis&sit=duis&amet=consequat&consectetuer=dui&adipiscing=nec&elit=nisi&proin=volutpat&interdum=eleifend&mauris=donec&non=ut&ligula=dolor&pellentesque=morbi&ultrices=vel&phasellus=lectus&id=in&sapien=quam&in=fringilla&sapien=rhoncus&iaculis=mauris&congue=enim&vivamus=leo&metus=rhoncus&arcu=sed&adipiscing=vestibulum&molestie=sit&hendrerit=amet&at=cursus&vulputate=id&vitae=turpis&nisl=integer&aenean=aliquet&lectus=massa&pellentesque=id&eget=lobortis&nunc=convallis&donec=tortor&quis=risus&orci=dapibus&eget=augue&orci=vel&vehicula=accumsan&condimentum=tellus&curabitur=nisi&in=eu&libero=orci&ut=mauris&massa=lacinia&volutpat=sapien&convallis=quis&morbi=libero&odio=nullam&odio=sit&elementum=amet&eu=turpis&interdum=elementum&eu=ligula,TRUE
+http://fda.gov/nunc/nisl/duis/bibendum/felis/sed/interdum.json?nisl=quam&aenean=pharetra&lectus=magna&pellentesque=ac&eget=consequat&nunc=metus&donec=sapien&quis=ut&orci=nunc&eget=vestibulum&orci=ante&vehicula=ipsum&condimentum=primis&curabitur=in&in=faucibus&libero=orci&ut=luctus&massa=et&volutpat=ultrices&convallis=posuere&morbi=cubilia&odio=curae&odio=mauris&elementum=viverra&eu=diam&interdum=vitae&eu=quam&tincidunt=suspendisse&in=potenti&leo=nullam,TRUE
+http://rakuten.co.jp/orci.jpg?eu=blandit&magna=mi&vulputate=in&luctus=porttitor&cum=pede&sociis=justo&natoque=eu&penatibus=massa&et=donec&magnis=dapibus&dis=duis&parturient=at&montes=velit&nascetur=eu&ridiculus=est&mus=congue&vivamus=elementum&vestibulum=in&sagittis=hac&sapien=habitasse&cum=platea&sociis=dictumst&natoque=morbi&penatibus=vestibulum&et=velit&magnis=id&dis=pretium&parturient=iaculis&montes=diam&nascetur=erat&ridiculus=fermentum&mus=justo&etiam=nec&vel=condimentum&augue=neque&vestibulum=sapien&rutrum=placerat&rutrum=ante&neque=nulla&aenean=justo&auctor=aliquam&gravida=quis&sem=turpis&praesent=eget&id=elit&massa=sodales&id=scelerisque&nisl=mauris&venenatis=sit&lacinia=amet&aenean=eros&sit=suspendisse&amet=accumsan&justo=tortor&morbi=quis&ut=turpis&odio=sed&cras=ante&mi=vivamus&pede=tortor&malesuada=duis&in=mattis&imperdiet=egestas&et=metus&commodo=aenean&vulputate=fermentum&justo=donec&in=ut&blandit=mauris&ultrices=eget&enim=massa&lorem=tempor&ipsum=convallis&dolor=nulla&sit=neque&amet=libero&consectetuer=convallis&adipiscing=eget&elit=eleifend&proin=luctus&interdum=ultricies&mauris=eu&non=nibh&ligula=quisque&pellentesque=id&ultrices=justo&phasellus=sit&id=amet&sapien=sapien,TRUE
+http://sogou.com/nunc/viverra/dapibus/nulla/suscipit/ligula/in.jpg?magna=erat&bibendum=volutpat&imperdiet=in&nullam=congue&orci=etiam&pede=justo&venenatis=etiam&non=pretium&sodales=iaculis&sed=justo&tincidunt=in&eu=hac&felis=habitasse&fusce=platea&posuere=dictumst&felis=etiam&sed=faucibus&lacus=cursus&morbi=urna&sem=ut&mauris=tellus,TRUE
+http://sohu.com/aliquet/ultrices.aspx?arcu=quisque&adipiscing=arcu,TRUE
+http://sfgate.com/nisl/ut/volutpat/sapien/arcu/sed.js?dis=morbi&parturient=porttitor&montes=lorem&nascetur=id&ridiculus=ligula&mus=suspendisse&etiam=ornare&vel=consequat&augue=lectus&vestibulum=in&rutrum=est&rutrum=risus&neque=auctor&aenean=sed&auctor=tristique&gravida=in&sem=tempus&praesent=sit&id=amet&massa=sem&id=fusce&nisl=consequat&venenatis=nulla&lacinia=nisl&aenean=nunc&sit=nisl&amet=duis&justo=bibendum&morbi=felis&ut=sed&odio=interdum&cras=venenatis&mi=turpis&pede=enim&malesuada=blandit&in=mi&imperdiet=in&et=porttitor&commodo=pede&vulputate=justo&justo=eu&in=massa&blandit=donec&ultrices=dapibus&enim=duis&lorem=at&ipsum=velit&dolor=eu&sit=est&amet=congue&consectetuer=elementum&adipiscing=in&elit=hac&proin=habitasse&interdum=platea&mauris=dictumst&non=morbi&ligula=vestibulum&pellentesque=velit&ultrices=id&phasellus=pretium&id=iaculis&sapien=diam&in=erat&sapien=fermentum&iaculis=justo&congue=nec&vivamus=condimentum&metus=neque&arcu=sapien&adipiscing=placerat&molestie=ante&hendrerit=nulla&at=justo&vulputate=aliquam&vitae=quis&nisl=turpis&aenean=eget&lectus=elit&pellentesque=sodales&eget=scelerisque&nunc=mauris&donec=sit&quis=amet&orci=eros&eget=suspendisse&orci=accumsan&vehicula=tortor&condimentum=quis&curabitur=turpis&in=sed,TRUE
+http://infoseek.co.jp/donec.json?justo=quam&etiam=suspendisse&pretium=potenti&iaculis=nullam&justo=porttitor&in=lacus&hac=at&habitasse=turpis&platea=donec&dictumst=posuere&etiam=metus&faucibus=vitae&cursus=ipsum&urna=aliquam&ut=non&tellus=mauris&nulla=morbi&ut=non&erat=lectus&id=aliquam&mauris=sit&vulputate=amet&elementum=diam&nullam=in&varius=magna&nulla=bibendum&facilisi=imperdiet&cras=nullam&non=orci&velit=pede&nec=venenatis&nisi=non&vulputate=sodales&nonummy=sed&maecenas=tincidunt&tincidunt=eu&lacus=felis&at=fusce&velit=posuere&vivamus=felis&vel=sed&nulla=lacus&eget=morbi&eros=sem&elementum=mauris&pellentesque=laoreet&quisque=ut&porta=rhoncus&volutpat=aliquet&erat=pulvinar&quisque=sed&erat=nisl&eros=nunc&viverra=rhoncus&eget=dui&congue=vel&eget=sem&semper=sed&rutrum=sagittis&nulla=nam&nunc=congue&purus=risus&phasellus=semper,TRUE
+http://hugedomains.com/ante/ipsum/primis/in/faucibus/orci/luctus.jpg?enim=sit&lorem=amet&ipsum=turpis&dolor=elementum&sit=ligula&amet=vehicula&consectetuer=consequat&adipiscing=morbi&elit=a&proin=ipsum,TRUE
+https://hud.gov/aenean/sit/amet/justo/morbi.js?justo=quisque&sollicitudin=ut&ut=erat&suscipit=curabitur&a=gravida&feugiat=nisi&et=at&eros=nibh&vestibulum=in&ac=hac&est=habitasse&lacinia=platea&nisi=dictumst&venenatis=aliquam&tristique=augue&fusce=quam&congue=sollicitudin&diam=vitae&id=consectetuer&ornare=eget&imperdiet=rutrum&sapien=at&urna=lorem&pretium=integer&nisl=tincidunt&ut=ante,TRUE
+https://businessweek.com/vitae/quam/suspendisse.json?sagittis=fusce&sapien=consequat&cum=nulla&sociis=nisl&natoque=nunc&penatibus=nisl&et=duis&magnis=bibendum&dis=felis&parturient=sed&montes=interdum&nascetur=venenatis&ridiculus=turpis&mus=enim&etiam=blandit&vel=mi&augue=in&vestibulum=porttitor&rutrum=pede&rutrum=justo&neque=eu&aenean=massa&auctor=donec&gravida=dapibus&sem=duis&praesent=at&id=velit&massa=eu&id=est&nisl=congue&venenatis=elementum&lacinia=in&aenean=hac&sit=habitasse&amet=platea&justo=dictumst&morbi=morbi&ut=vestibulum&odio=velit&cras=id&mi=pretium&pede=iaculis&malesuada=diam&in=erat&imperdiet=fermentum&et=justo&commodo=nec,TRUE
+http://archive.org/suspendisse/potenti/nullam/porttitor/lacus/at/turpis.xml?elit=lorem&sodales=id&scelerisque=ligula&mauris=suspendisse&sit=ornare&amet=consequat&eros=lectus&suspendisse=in&accumsan=est&tortor=risus&quis=auctor&turpis=sed&sed=tristique&ante=in&vivamus=tempus&tortor=sit&duis=amet&mattis=sem&egestas=fusce&metus=consequat&aenean=nulla&fermentum=nisl&donec=nunc&ut=nisl&mauris=duis&eget=bibendum&massa=felis&tempor=sed&convallis=interdum&nulla=venenatis&neque=turpis&libero=enim&convallis=blandit&eget=mi&eleifend=in&luctus=porttitor&ultricies=pede&eu=justo&nibh=eu&quisque=massa&id=donec&justo=dapibus&sit=duis&amet=at&sapien=velit&dignissim=eu&vestibulum=est&vestibulum=congue&ante=elementum&ipsum=in&primis=hac&in=habitasse&faucibus=platea&orci=dictumst&luctus=morbi&et=vestibulum&ultrices=velit&posuere=id&cubilia=pretium&curae=iaculis&nulla=diam&dapibus=erat&dolor=fermentum&vel=justo&est=nec,TRUE
+http://fastcompany.com/ultrices/erat/tortor/sollicitudin/mi/sit.jpg?tellus=orci&in=nullam&sagittis=molestie&dui=nibh&vel=in&nisl=lectus&duis=pellentesque&ac=at&nibh=nulla&fusce=suspendisse&lacus=potenti&purus=cras&aliquet=in&at=purus&feugiat=eu&non=magna&pretium=vulputate&quis=luctus&lectus=cum&suspendisse=sociis&potenti=natoque&in=penatibus&eleifend=et&quam=magnis&a=dis&odio=parturient&in=montes&hac=nascetur&habitasse=ridiculus&platea=mus&dictumst=vivamus&maecenas=vestibulum&ut=sagittis&massa=sapien&quis=cum&augue=sociis&luctus=natoque&tincidunt=penatibus&nulla=et&mollis=magnis&molestie=dis&lorem=parturient&quisque=montes&ut=nascetur&erat=ridiculus&curabitur=mus&gravida=etiam&nisi=vel&at=augue&nibh=vestibulum&in=rutrum&hac=rutrum&habitasse=neque&platea=aenean&dictumst=auctor&aliquam=gravida&augue=sem&quam=praesent&sollicitudin=id&vitae=massa,TRUE
+https://plala.or.jp/tempus/semper/est/quam.jpg?sit=blandit&amet=non&diam=interdum&in=in&magna=ante&bibendum=vestibulum&imperdiet=ante&nullam=ipsum&orci=primis&pede=in&venenatis=faucibus&non=orci&sodales=luctus&sed=et&tincidunt=ultrices&eu=posuere&felis=cubilia&fusce=curae&posuere=duis&felis=faucibus&sed=accumsan&lacus=odio&morbi=curabitur,TRUE
+https://unesco.org/suscipit.png?maecenas=elit&ut=proin&massa=risus&quis=praesent&augue=lectus&luctus=vestibulum&tincidunt=quam&nulla=sapien&mollis=varius&molestie=ut&lorem=blandit&quisque=non&ut=interdum&erat=in&curabitur=ante&gravida=vestibulum&nisi=ante&at=ipsum&nibh=primis&in=in&hac=faucibus&habitasse=orci&platea=luctus&dictumst=et&aliquam=ultrices&augue=posuere&quam=cubilia&sollicitudin=curae&vitae=duis&consectetuer=faucibus&eget=accumsan&rutrum=odio&at=curabitur&lorem=convallis&integer=duis&tincidunt=consequat&ante=dui&vel=nec&ipsum=nisi&praesent=volutpat&blandit=eleifend&lacinia=donec&erat=ut&vestibulum=dolor&sed=morbi&magna=vel&at=lectus&nunc=in&commodo=quam&placerat=fringilla&praesent=rhoncus&blandit=mauris&nam=enim,TRUE
+https://sciencedirect.com/sed.json?vivamus=semper&tortor=est&duis=quam&mattis=pharetra&egestas=magna&metus=ac&aenean=consequat&fermentum=metus&donec=sapien&ut=ut&mauris=nunc&eget=vestibulum&massa=ante&tempor=ipsum&convallis=primis&nulla=in&neque=faucibus&libero=orci&convallis=luctus&eget=et&eleifend=ultrices&luctus=posuere&ultricies=cubilia&eu=curae&nibh=mauris&quisque=viverra&id=diam&justo=vitae&sit=quam&amet=suspendisse&sapien=potenti&dignissim=nullam&vestibulum=porttitor&vestibulum=lacus&ante=at&ipsum=turpis&primis=donec&in=posuere&faucibus=metus&orci=vitae&luctus=ipsum&et=aliquam&ultrices=non&posuere=mauris&cubilia=morbi&curae=non&nulla=lectus&dapibus=aliquam&dolor=sit&vel=amet&est=diam&donec=in&odio=magna&justo=bibendum&sollicitudin=imperdiet&ut=nullam&suscipit=orci&a=pede&feugiat=venenatis&et=non&eros=sodales,TRUE
+https://google.es/nunc/nisl/duis/bibendum/felis/sed/interdum.jsp?lacus=pretium&at=iaculis&turpis=justo&donec=in&posuere=hac&metus=habitasse&vitae=platea&ipsum=dictumst&aliquam=etiam&non=faucibus&mauris=cursus&morbi=urna&non=ut&lectus=tellus&aliquam=nulla&sit=ut&amet=erat&diam=id&in=mauris&magna=vulputate&bibendum=elementum&imperdiet=nullam&nullam=varius&orci=nulla&pede=facilisi&venenatis=cras&non=non&sodales=velit&sed=nec&tincidunt=nisi&eu=vulputate&felis=nonummy&fusce=maecenas&posuere=tincidunt&felis=lacus&sed=at&lacus=velit&morbi=vivamus&sem=vel&mauris=nulla&laoreet=eget&ut=eros&rhoncus=elementum&aliquet=pellentesque&pulvinar=quisque&sed=porta&nisl=volutpat&nunc=erat,TRUE
+https://intel.com/erat/tortor/sollicitudin/mi/sit/amet/lobortis.jsp?in=eget&imperdiet=tincidunt&et=eget&commodo=tempus&vulputate=vel&justo=pede&in=morbi&blandit=porttitor,TRUE
+http://imageshack.us/convallis/nulla/neque.xml?elementum=felis&nullam=sed&varius=interdum&nulla=venenatis&facilisi=turpis&cras=enim&non=blandit&velit=mi&nec=in&nisi=porttitor&vulputate=pede&nonummy=justo&maecenas=eu&tincidunt=massa&lacus=donec&at=dapibus&velit=duis&vivamus=at&vel=velit&nulla=eu&eget=est&eros=congue&elementum=elementum&pellentesque=in&quisque=hac&porta=habitasse&volutpat=platea&erat=dictumst&quisque=morbi&erat=vestibulum&eros=velit&viverra=id&eget=pretium&congue=iaculis&eget=diam&semper=erat&rutrum=fermentum&nulla=justo&nunc=nec&purus=condimentum&phasellus=neque&in=sapien&felis=placerat&donec=ante&semper=nulla&sapien=justo&a=aliquam&libero=quis&nam=turpis&dui=eget&proin=elit&leo=sodales&odio=scelerisque&porttitor=mauris&id=sit&consequat=amet&in=eros&consequat=suspendisse&ut=accumsan&nulla=tortor&sed=quis&accumsan=turpis&felis=sed&ut=ante&at=vivamus&dolor=tortor&quis=duis&odio=mattis&consequat=egestas&varius=metus&integer=aenean&ac=fermentum&leo=donec&pellentesque=ut&ultrices=mauris&mattis=eget&odio=massa,TRUE
+http://usgs.gov/eu/tincidunt.aspx?in=eu&hac=interdum&habitasse=eu&platea=tincidunt&dictumst=in&maecenas=leo&ut=maecenas&massa=pulvinar&quis=lobortis&augue=est&luctus=phasellus&tincidunt=sit&nulla=amet&mollis=erat&molestie=nulla&lorem=tempus&quisque=vivamus&ut=in&erat=felis&curabitur=eu&gravida=sapien&nisi=cursus&at=vestibulum&nibh=proin&in=eu&hac=mi&habitasse=nulla&platea=ac&dictumst=enim&aliquam=in&augue=tempor&quam=turpis&sollicitudin=nec&vitae=euismod&consectetuer=scelerisque&eget=quam&rutrum=turpis&at=adipiscing&lorem=lorem&integer=vitae&tincidunt=mattis&ante=nibh&vel=ligula&ipsum=nec&praesent=sem&blandit=duis&lacinia=aliquam&erat=convallis&vestibulum=nunc&sed=proin&magna=at&at=turpis&nunc=a&commodo=pede&placerat=posuere&praesent=nonummy&blandit=integer&nam=non&nulla=velit&integer=donec&pede=diam&justo=neque&lacinia=vestibulum&eget=eget&tincidunt=vulputate&eget=ut&tempus=ultrices&vel=vel,TRUE
+http://stumbleupon.com/in/hac/habitasse/platea.aspx?aliquam=tortor&sit=id&amet=nulla&diam=ultrices&in=aliquet&magna=maecenas&bibendum=leo&imperdiet=odio&nullam=condimentum&orci=id&pede=luctus&venenatis=nec&non=molestie&sodales=sed&sed=justo&tincidunt=pellentesque&eu=viverra&felis=pede&fusce=ac&posuere=diam&felis=cras&sed=pellentesque&lacus=volutpat&morbi=dui&sem=maecenas&mauris=tristique&laoreet=est&ut=et&rhoncus=tempus&aliquet=semper&pulvinar=est&sed=quam&nisl=pharetra&nunc=magna&rhoncus=ac&dui=consequat&vel=metus&sem=sapien&sed=ut&sagittis=nunc&nam=vestibulum&congue=ante&risus=ipsum&semper=primis&porta=in&volutpat=faucibus&quam=orci&pede=luctus&lobortis=et&ligula=ultrices&sit=posuere&amet=cubilia&eleifend=curae&pede=mauris&libero=viverra&quis=diam&orci=vitae&nullam=quam&molestie=suspendisse&nibh=potenti&in=nullam&lectus=porttitor&pellentesque=lacus&at=at&nulla=turpis&suspendisse=donec&potenti=posuere&cras=metus&in=vitae,TRUE
+https://slashdot.org/molestie/hendrerit.jpg?et=in&ultrices=faucibus&posuere=orci&cubilia=luctus&curae=et&donec=ultrices&pharetra=posuere&magna=cubilia&vestibulum=curae&aliquet=duis&ultrices=faucibus&erat=accumsan&tortor=odio&sollicitudin=curabitur&mi=convallis&sit=duis&amet=consequat&lobortis=dui&sapien=nec&sapien=nisi&non=volutpat&mi=eleifend&integer=donec&ac=ut&neque=dolor&duis=morbi&bibendum=vel&morbi=lectus&non=in&quam=quam&nec=fringilla&dui=rhoncus&luctus=mauris&rutrum=enim,TRUE
+http://unblog.fr/quis/libero.jsp?in=turpis&faucibus=enim&orci=blandit&luctus=mi&et=in&ultrices=porttitor&posuere=pede&cubilia=justo&curae=eu&mauris=massa&viverra=donec&diam=dapibus&vitae=duis&quam=at&suspendisse=velit&potenti=eu&nullam=est&porttitor=congue&lacus=elementum&at=in&turpis=hac&donec=habitasse&posuere=platea&metus=dictumst&vitae=morbi&ipsum=vestibulum&aliquam=velit&non=id&mauris=pretium&morbi=iaculis&non=diam&lectus=erat&aliquam=fermentum&sit=justo&amet=nec&diam=condimentum&in=neque&magna=sapien&bibendum=placerat&imperdiet=ante&nullam=nulla&orci=justo&pede=aliquam&venenatis=quis&non=turpis&sodales=eget&sed=elit&tincidunt=sodales&eu=scelerisque&felis=mauris&fusce=sit&posuere=amet&felis=eros&sed=suspendisse&lacus=accumsan&morbi=tortor&sem=quis&mauris=turpis&laoreet=sed&ut=ante&rhoncus=vivamus&aliquet=tortor&pulvinar=duis&sed=mattis&nisl=egestas&nunc=metus&rhoncus=aenean&dui=fermentum&vel=donec&sem=ut&sed=mauris&sagittis=eget&nam=massa&congue=tempor&risus=convallis&semper=nulla&porta=neque&volutpat=libero&quam=convallis&pede=eget&lobortis=eleifend&ligula=luctus&sit=ultricies&amet=eu&eleifend=nibh&pede=quisque&libero=id&quis=justo&orci=sit&nullam=amet&molestie=sapien&nibh=dignissim&in=vestibulum&lectus=vestibulum&pellentesque=ante&at=ipsum&nulla=primis&suspendisse=in&potenti=faucibus&cras=orci,TRUE
+https://webeden.co.uk/aliquet/pulvinar/sed/nisl/nunc/rhoncus/dui.xml?odio=fusce&donec=congue&vitae=diam&nisi=id&nam=ornare&ultrices=imperdiet&libero=sapien&non=urna&mattis=pretium&pulvinar=nisl&nulla=ut&pede=volutpat&ullamcorper=sapien&augue=arcu&a=sed&suscipit=augue&nulla=aliquam&elit=erat&ac=volutpat&nulla=in&sed=congue&vel=etiam&enim=justo&sit=etiam&amet=pretium&nunc=iaculis&viverra=justo&dapibus=in&nulla=hac&suscipit=habitasse&ligula=platea&in=dictumst&lacus=etiam&curabitur=faucibus&at=cursus&ipsum=urna&ac=ut,TRUE
+https://si.edu/nec/dui/luctus/rutrum/nulla.aspx?turpis=pellentesque&sed=ultrices&ante=phasellus&vivamus=id&tortor=sapien&duis=in&mattis=sapien&egestas=iaculis&metus=congue&aenean=vivamus&fermentum=metus&donec=arcu&ut=adipiscing&mauris=molestie&eget=hendrerit&massa=at&tempor=vulputate&convallis=vitae&nulla=nisl&neque=aenean&libero=lectus&convallis=pellentesque&eget=eget&eleifend=nunc&luctus=donec&ultricies=quis&eu=orci&nibh=eget&quisque=orci&id=vehicula&justo=condimentum&sit=curabitur&amet=in&sapien=libero&dignissim=ut&vestibulum=massa&vestibulum=volutpat&ante=convallis&ipsum=morbi&primis=odio&in=odio&faucibus=elementum&orci=eu&luctus=interdum&et=eu&ultrices=tincidunt&posuere=in&cubilia=leo&curae=maecenas&nulla=pulvinar&dapibus=lobortis&dolor=est&vel=phasellus&est=sit&donec=amet&odio=erat&justo=nulla&sollicitudin=tempus&ut=vivamus&suscipit=in&a=felis&feugiat=eu&et=sapien&eros=cursus&vestibulum=vestibulum&ac=proin&est=eu&lacinia=mi&nisi=nulla&venenatis=ac&tristique=enim&fusce=in&congue=tempor&diam=turpis&id=nec&ornare=euismod&imperdiet=scelerisque,TRUE
+https://psu.edu/adipiscing.json?vel=interdum&ipsum=venenatis&praesent=turpis&blandit=enim&lacinia=blandit&erat=mi&vestibulum=in&sed=porttitor&magna=pede&at=justo&nunc=eu,TRUE
+http://wikimedia.org/sapien/ut.png?mi=diam&in=in&porttitor=magna&pede=bibendum&justo=imperdiet&eu=nullam&massa=orci&donec=pede&dapibus=venenatis&duis=non&at=sodales&velit=sed&eu=tincidunt&est=eu&congue=felis&elementum=fusce&in=posuere&hac=felis&habitasse=sed&platea=lacus&dictumst=morbi&morbi=sem&vestibulum=mauris&velit=laoreet&id=ut&pretium=rhoncus&iaculis=aliquet&diam=pulvinar&erat=sed&fermentum=nisl&justo=nunc&nec=rhoncus&condimentum=dui&neque=vel&sapien=sem&placerat=sed&ante=sagittis&nulla=nam&justo=congue&aliquam=risus&quis=semper&turpis=porta&eget=volutpat&elit=quam&sodales=pede&scelerisque=lobortis&mauris=ligula&sit=sit&amet=amet&eros=eleifend&suspendisse=pede&accumsan=libero&tortor=quis&quis=orci&turpis=nullam&sed=molestie&ante=nibh&vivamus=in&tortor=lectus&duis=pellentesque,TRUE
+http://intel.com/aliquam/erat/volutpat.html?nisi=montes&venenatis=nascetur&tristique=ridiculus&fusce=mus&congue=etiam&diam=vel&id=augue&ornare=vestibulum&imperdiet=rutrum&sapien=rutrum&urna=neque&pretium=aenean&nisl=auctor&ut=gravida&volutpat=sem&sapien=praesent&arcu=id&sed=massa&augue=id&aliquam=nisl&erat=venenatis&volutpat=lacinia&in=aenean,TRUE
+http://spotify.com/dolor/morbi/vel/lectus/in.jsp?suspendisse=magna&potenti=vulputate&nullam=luctus&porttitor=cum&lacus=sociis&at=natoque&turpis=penatibus&donec=et&posuere=magnis&metus=dis&vitae=parturient&ipsum=montes&aliquam=nascetur&non=ridiculus&mauris=mus&morbi=vivamus&non=vestibulum&lectus=sagittis&aliquam=sapien&sit=cum,TRUE
+http://weather.com/mi/nulla/ac.jpg?diam=risus&in=dapibus&magna=augue&bibendum=vel&imperdiet=accumsan&nullam=tellus&orci=nisi&pede=eu&venenatis=orci&non=mauris&sodales=lacinia&sed=sapien&tincidunt=quis&eu=libero&felis=nullam&fusce=sit&posuere=amet&felis=turpis&sed=elementum&lacus=ligula&morbi=vehicula&sem=consequat,TRUE
+http://twitpic.com/pretium/iaculis/diam/erat/fermentum/justo.html?sagittis=ante&sapien=vestibulum&cum=ante&sociis=ipsum&natoque=primis&penatibus=in&et=faucibus&magnis=orci&dis=luctus&parturient=et&montes=ultrices&nascetur=posuere&ridiculus=cubilia&mus=curae&etiam=duis&vel=faucibus&augue=accumsan&vestibulum=odio&rutrum=curabitur&rutrum=convallis&neque=duis&aenean=consequat&auctor=dui&gravida=nec&sem=nisi&praesent=volutpat&id=eleifend&massa=donec&id=ut&nisl=dolor&venenatis=morbi,TRUE
+http://qq.com/risus/semper/porta/volutpat/quam.js?nec=dis&condimentum=parturient&neque=montes&sapien=nascetur&placerat=ridiculus&ante=mus&nulla=etiam&justo=vel&aliquam=augue&quis=vestibulum&turpis=rutrum&eget=rutrum&elit=neque&sodales=aenean&scelerisque=auctor&mauris=gravida&sit=sem&amet=praesent&eros=id&suspendisse=massa&accumsan=id&tortor=nisl&quis=venenatis,TRUE
+https://cornell.edu/vel/pede/morbi/porttitor/lorem/id.jsp?aliquam=turpis&lacus=eget&morbi=elit&quis=sodales&tortor=scelerisque&id=mauris&nulla=sit&ultrices=amet&aliquet=eros&maecenas=suspendisse&leo=accumsan&odio=tortor&condimentum=quis&id=turpis&luctus=sed&nec=ante&molestie=vivamus&sed=tortor&justo=duis&pellentesque=mattis&viverra=egestas&pede=metus&ac=aenean&diam=fermentum&cras=donec&pellentesque=ut&volutpat=mauris&dui=eget&maecenas=massa&tristique=tempor&est=convallis&et=nulla&tempus=neque&semper=libero&est=convallis&quam=eget&pharetra=eleifend&magna=luctus&ac=ultricies&consequat=eu&metus=nibh&sapien=quisque&ut=id&nunc=justo&vestibulum=sit&ante=amet,TRUE
+https://last.fm/sodales/sed/tincidunt/eu.aspx?etiam=libero&justo=convallis&etiam=eget&pretium=eleifend&iaculis=luctus&justo=ultricies&in=eu&hac=nibh&habitasse=quisque&platea=id&dictumst=justo&etiam=sit&faucibus=amet&cursus=sapien&urna=dignissim&ut=vestibulum&tellus=vestibulum&nulla=ante&ut=ipsum&erat=primis&id=in&mauris=faucibus&vulputate=orci&elementum=luctus&nullam=et&varius=ultrices&nulla=posuere&facilisi=cubilia&cras=curae&non=nulla&velit=dapibus&nec=dolor&nisi=vel&vulputate=est&nonummy=donec&maecenas=odio&tincidunt=justo&lacus=sollicitudin&at=ut&velit=suscipit&vivamus=a&vel=feugiat&nulla=et&eget=eros&eros=vestibulum&elementum=ac&pellentesque=est&quisque=lacinia&porta=nisi&volutpat=venenatis&erat=tristique&quisque=fusce&erat=congue&eros=diam&viverra=id&eget=ornare&congue=imperdiet&eget=sapien&semper=urna&rutrum=pretium&nulla=nisl&nunc=ut,TRUE
+http://gizmodo.com/eleifend/quam/a.json?nunc=amet&rhoncus=lobortis&dui=sapien&vel=sapien&sem=non&sed=mi&sagittis=integer&nam=ac&congue=neque&risus=duis&semper=bibendum&porta=morbi&volutpat=non&quam=quam&pede=nec&lobortis=dui&ligula=luctus&sit=rutrum&amet=nulla&eleifend=tellus&pede=in&libero=sagittis&quis=dui&orci=vel&nullam=nisl&molestie=duis&nibh=ac&in=nibh&lectus=fusce&pellentesque=lacus&at=purus&nulla=aliquet&suspendisse=at&potenti=feugiat&cras=non&in=pretium&purus=quis&eu=lectus&magna=suspendisse&vulputate=potenti&luctus=in&cum=eleifend&sociis=quam&natoque=a&penatibus=odio&et=in&magnis=hac&dis=habitasse&parturient=platea&montes=dictumst&nascetur=maecenas&ridiculus=ut&mus=massa&vivamus=quis&vestibulum=augue&sagittis=luctus&sapien=tincidunt&cum=nulla&sociis=mollis&natoque=molestie&penatibus=lorem&et=quisque&magnis=ut,TRUE
+http://army.mil/gravida.jpg?montes=in&nascetur=congue&ridiculus=etiam&mus=justo&etiam=etiam&vel=pretium&augue=iaculis&vestibulum=justo&rutrum=in&rutrum=hac&neque=habitasse&aenean=platea&auctor=dictumst&gravida=etiam&sem=faucibus&praesent=cursus&id=urna&massa=ut&id=tellus&nisl=nulla&venenatis=ut&lacinia=erat&aenean=id&sit=mauris&amet=vulputate&justo=elementum&morbi=nullam&ut=varius&odio=nulla&cras=facilisi&mi=cras&pede=non&malesuada=velit&in=nec&imperdiet=nisi&et=vulputate&commodo=nonummy&vulputate=maecenas&justo=tincidunt&in=lacus&blandit=at&ultrices=velit&enim=vivamus&lorem=vel&ipsum=nulla&dolor=eget&sit=eros&amet=elementum&consectetuer=pellentesque&adipiscing=quisque&elit=porta&proin=volutpat&interdum=erat&mauris=quisque&non=erat&ligula=eros&pellentesque=viverra&ultrices=eget&phasellus=congue&id=eget&sapien=semper&in=rutrum&sapien=nulla&iaculis=nunc&congue=purus&vivamus=phasellus&metus=in&arcu=felis&adipiscing=donec&molestie=semper&hendrerit=sapien&at=a&vulputate=libero&vitae=nam&nisl=dui&aenean=proin&lectus=leo&pellentesque=odio&eget=porttitor&nunc=id&donec=consequat&quis=in&orci=consequat&eget=ut,TRUE
+http://indiatimes.com/cursus/urna/ut/tellus/nulla/ut/erat.jpg?dui=lorem&nec=vitae&nisi=mattis&volutpat=nibh&eleifend=ligula&donec=nec&ut=sem&dolor=duis&morbi=aliquam&vel=convallis&lectus=nunc&in=proin&quam=at&fringilla=turpis&rhoncus=a&mauris=pede&enim=posuere&leo=nonummy&rhoncus=integer&sed=non&vestibulum=velit&sit=donec&amet=diam&cursus=neque&id=vestibulum&turpis=eget&integer=vulputate&aliquet=ut&massa=ultrices&id=vel&lobortis=augue&convallis=vestibulum&tortor=ante&risus=ipsum&dapibus=primis&augue=in&vel=faucibus&accumsan=orci&tellus=luctus&nisi=et&eu=ultrices&orci=posuere&mauris=cubilia&lacinia=curae&sapien=donec&quis=pharetra&libero=magna&nullam=vestibulum&sit=aliquet&amet=ultrices&turpis=erat&elementum=tortor&ligula=sollicitudin&vehicula=mi&consequat=sit&morbi=amet&a=lobortis&ipsum=sapien&integer=sapien,TRUE
+https://statcounter.com/auctor/gravida/sem.js?curae=sapien&nulla=a&dapibus=libero&dolor=nam&vel=dui&est=proin&donec=leo&odio=odio&justo=porttitor&sollicitudin=id&ut=consequat&suscipit=in&a=consequat&feugiat=ut&et=nulla&eros=sed&vestibulum=accumsan&ac=felis&est=ut&lacinia=at&nisi=dolor&venenatis=quis&tristique=odio&fusce=consequat&congue=varius&diam=integer&id=ac&ornare=leo&imperdiet=pellentesque&sapien=ultrices&urna=mattis&pretium=odio&nisl=donec&ut=vitae&volutpat=nisi&sapien=nam&arcu=ultrices&sed=libero&augue=non&aliquam=mattis&erat=pulvinar&volutpat=nulla&in=pede&congue=ullamcorper&etiam=augue&justo=a&etiam=suscipit&pretium=nulla&iaculis=elit&justo=ac&in=nulla&hac=sed&habitasse=vel&platea=enim&dictumst=sit&etiam=amet,TRUE
+https://cafepress.com/molestie/nibh/in.html?arcu=vivamus&sed=vestibulum&augue=sagittis&aliquam=sapien&erat=cum&volutpat=sociis&in=natoque&congue=penatibus&etiam=et&justo=magnis&etiam=dis&pretium=parturient&iaculis=montes&justo=nascetur&in=ridiculus&hac=mus&habitasse=etiam&platea=vel&dictumst=augue&etiam=vestibulum&faucibus=rutrum&cursus=rutrum&urna=neque&ut=aenean&tellus=auctor&nulla=gravida&ut=sem&erat=praesent&id=id&mauris=massa&vulputate=id&elementum=nisl&nullam=venenatis&varius=lacinia&nulla=aenean&facilisi=sit&cras=amet&non=justo&velit=morbi&nec=ut&nisi=odio&vulputate=cras&nonummy=mi&maecenas=pede&tincidunt=malesuada&lacus=in&at=imperdiet&velit=et&vivamus=commodo&vel=vulputate&nulla=justo&eget=in&eros=blandit&elementum=ultrices&pellentesque=enim&quisque=lorem&porta=ipsum&volutpat=dolor&erat=sit&quisque=amet&erat=consectetuer&eros=adipiscing&viverra=elit&eget=proin&congue=interdum&eget=mauris&semper=non&rutrum=ligula&nulla=pellentesque&nunc=ultrices&purus=phasellus&phasellus=id&in=sapien&felis=in&donec=sapien&semper=iaculis&sapien=congue&a=vivamus&libero=metus&nam=arcu&dui=adipiscing&proin=molestie&leo=hendrerit&odio=at&porttitor=vulputate&id=vitae&consequat=nisl&in=aenean&consequat=lectus&ut=pellentesque&nulla=eget,TRUE
+http://uol.com.br/convallis/nulla/neque/libero.png?mauris=velit&eget=id&massa=pretium&tempor=iaculis&convallis=diam&nulla=erat&neque=fermentum&libero=justo&convallis=nec&eget=condimentum&eleifend=neque&luctus=sapien&ultricies=placerat&eu=ante&nibh=nulla&quisque=justo&id=aliquam&justo=quis&sit=turpis&amet=eget&sapien=elit&dignissim=sodales&vestibulum=scelerisque&vestibulum=mauris&ante=sit&ipsum=amet&primis=eros&in=suspendisse&faucibus=accumsan&orci=tortor&luctus=quis&et=turpis&ultrices=sed&posuere=ante&cubilia=vivamus&curae=tortor&nulla=duis&dapibus=mattis&dolor=egestas&vel=metus&est=aenean&donec=fermentum&odio=donec&justo=ut&sollicitudin=mauris&ut=eget&suscipit=massa&a=tempor&feugiat=convallis&et=nulla&eros=neque&vestibulum=libero&ac=convallis&est=eget&lacinia=eleifend&nisi=luctus&venenatis=ultricies&tristique=eu&fusce=nibh&congue=quisque&diam=id&id=justo&ornare=sit&imperdiet=amet&sapien=sapien&urna=dignissim&pretium=vestibulum&nisl=vestibulum&ut=ante&volutpat=ipsum&sapien=primis&arcu=in&sed=faucibus&augue=orci&aliquam=luctus&erat=et&volutpat=ultrices&in=posuere&congue=cubilia&etiam=curae&justo=nulla&etiam=dapibus&pretium=dolor&iaculis=vel&justo=est&in=donec&hac=odio&habitasse=justo,TRUE
+http://netvibes.com/sed/ante/vivamus/tortor/duis.xml?nisl=interdum&nunc=venenatis&nisl=turpis&duis=enim&bibendum=blandit&felis=mi&sed=in&interdum=porttitor&venenatis=pede&turpis=justo&enim=eu&blandit=massa&mi=donec&in=dapibus&porttitor=duis&pede=at&justo=velit&eu=eu&massa=est&donec=congue&dapibus=elementum&duis=in&at=hac&velit=habitasse&eu=platea&est=dictumst&congue=morbi&elementum=vestibulum&in=velit&hac=id&habitasse=pretium&platea=iaculis&dictumst=diam&morbi=erat&vestibulum=fermentum&velit=justo&id=nec&pretium=condimentum&iaculis=neque&diam=sapien&erat=placerat&fermentum=ante&justo=nulla&nec=justo&condimentum=aliquam&neque=quis&sapien=turpis&placerat=eget&ante=elit&nulla=sodales&justo=scelerisque&aliquam=mauris&quis=sit&turpis=amet&eget=eros&elit=suspendisse&sodales=accumsan&scelerisque=tortor&mauris=quis&sit=turpis&amet=sed&eros=ante&suspendisse=vivamus&accumsan=tortor&tortor=duis&quis=mattis&turpis=egestas&sed=metus&ante=aenean&vivamus=fermentum&tortor=donec&duis=ut&mattis=mauris&egestas=eget&metus=massa&aenean=tempor&fermentum=convallis&donec=nulla&ut=neque&mauris=libero&eget=convallis&massa=eget&tempor=eleifend&convallis=luctus&nulla=ultricies&neque=eu&libero=nibh&convallis=quisque&eget=id&eleifend=justo&luctus=sit,TRUE
+http://timesonline.co.uk/quis.aspx?eu=turpis&massa=enim&donec=blandit&dapibus=mi&duis=in&at=porttitor&velit=pede&eu=justo&est=eu&congue=massa&elementum=donec&in=dapibus&hac=duis&habitasse=at&platea=velit&dictumst=eu&morbi=est&vestibulum=congue&velit=elementum&id=in&pretium=hac&iaculis=habitasse&diam=platea&erat=dictumst&fermentum=morbi&justo=vestibulum&nec=velit&condimentum=id&neque=pretium&sapien=iaculis&placerat=diam&ante=erat&nulla=fermentum&justo=justo&aliquam=nec&quis=condimentum&turpis=neque&eget=sapien&elit=placerat&sodales=ante&scelerisque=nulla&mauris=justo&sit=aliquam&amet=quis&eros=turpis&suspendisse=eget&accumsan=elit&tortor=sodales&quis=scelerisque&turpis=mauris&sed=sit&ante=amet&vivamus=eros&tortor=suspendisse&duis=accumsan&mattis=tortor&egestas=quis&metus=turpis&aenean=sed&fermentum=ante&donec=vivamus&ut=tortor&mauris=duis&eget=mattis&massa=egestas&tempor=metus&convallis=aenean&nulla=fermentum&neque=donec&libero=ut&convallis=mauris,TRUE
+http://1und1.de/odio/elementum/eu/interdum/eu.jpg?in=sem&congue=fusce&etiam=consequat&justo=nulla&etiam=nisl&pretium=nunc&iaculis=nisl&justo=duis&in=bibendum,TRUE
+http://umich.edu/posuere/cubilia/curae/nulla/dapibus/dolor/vel.aspx?rhoncus=integer&sed=ac&vestibulum=neque&sit=duis&amet=bibendum&cursus=morbi&id=non&turpis=quam&integer=nec&aliquet=dui&massa=luctus&id=rutrum&lobortis=nulla&convallis=tellus&tortor=in&risus=sagittis&dapibus=dui&augue=vel&vel=nisl&accumsan=duis&tellus=ac&nisi=nibh&eu=fusce&orci=lacus&mauris=purus&lacinia=aliquet&sapien=at&quis=feugiat&libero=non&nullam=pretium&sit=quis&amet=lectus&turpis=suspendisse&elementum=potenti&ligula=in&vehicula=eleifend&consequat=quam&morbi=a&a=odio&ipsum=in&integer=hac&a=habitasse&nibh=platea&in=dictumst&quis=maecenas&justo=ut&maecenas=massa&rhoncus=quis&aliquam=augue&lacus=luctus&morbi=tincidunt&quis=nulla&tortor=mollis&id=molestie&nulla=lorem&ultrices=quisque&aliquet=ut&maecenas=erat&leo=curabitur&odio=gravida&condimentum=nisi&id=at&luctus=nibh&nec=in&molestie=hac&sed=habitasse&justo=platea&pellentesque=dictumst&viverra=aliquam&pede=augue&ac=quam&diam=sollicitudin&cras=vitae&pellentesque=consectetuer&volutpat=eget&dui=rutrum&maecenas=at&tristique=lorem&est=integer&et=tincidunt&tempus=ante&semper=vel&est=ipsum&quam=praesent&pharetra=blandit&magna=lacinia&ac=erat&consequat=vestibulum&metus=sed&sapien=magna&ut=at&nunc=nunc&vestibulum=commodo&ante=placerat&ipsum=praesent&primis=blandit&in=nam&faucibus=nulla&orci=integer&luctus=pede,TRUE
+https://clickbank.net/ac.json?primis=diam&in=erat&faucibus=fermentum&orci=justo&luctus=nec&et=condimentum&ultrices=neque&posuere=sapien&cubilia=placerat&curae=ante&duis=nulla&faucibus=justo&accumsan=aliquam&odio=quis&curabitur=turpis&convallis=eget&duis=elit&consequat=sodales&dui=scelerisque&nec=mauris&nisi=sit&volutpat=amet&eleifend=eros&donec=suspendisse&ut=accumsan&dolor=tortor&morbi=quis&vel=turpis&lectus=sed&in=ante&quam=vivamus&fringilla=tortor&rhoncus=duis&mauris=mattis&enim=egestas&leo=metus&rhoncus=aenean&sed=fermentum&vestibulum=donec&sit=ut&amet=mauris&cursus=eget&id=massa&turpis=tempor&integer=convallis&aliquet=nulla&massa=neque&id=libero&lobortis=convallis&convallis=eget&tortor=eleifend&risus=luctus&dapibus=ultricies&augue=eu&vel=nibh&accumsan=quisque&tellus=id&nisi=justo&eu=sit&orci=amet&mauris=sapien&lacinia=dignissim&sapien=vestibulum&quis=vestibulum&libero=ante&nullam=ipsum&sit=primis&amet=in&turpis=faucibus&elementum=orci&ligula=luctus&vehicula=et&consequat=ultrices&morbi=posuere&a=cubilia&ipsum=curae,TRUE
+http://soup.io/libero.jsp?morbi=nunc&odio=rhoncus&odio=dui&elementum=vel&eu=sem&interdum=sed&eu=sagittis&tincidunt=nam&in=congue&leo=risus&maecenas=semper&pulvinar=porta&lobortis=volutpat&est=quam&phasellus=pede&sit=lobortis&amet=ligula&erat=sit&nulla=amet&tempus=eleifend&vivamus=pede&in=libero&felis=quis&eu=orci&sapien=nullam&cursus=molestie&vestibulum=nibh&proin=in&eu=lectus&mi=pellentesque&nulla=at&ac=nulla&enim=suspendisse&in=potenti&tempor=cras&turpis=in&nec=purus&euismod=eu&scelerisque=magna&quam=vulputate&turpis=luctus&adipiscing=cum&lorem=sociis&vitae=natoque&mattis=penatibus&nibh=et&ligula=magnis&nec=dis&sem=parturient&duis=montes&aliquam=nascetur&convallis=ridiculus&nunc=mus&proin=vivamus&at=vestibulum&turpis=sagittis&a=sapien&pede=cum&posuere=sociis&nonummy=natoque&integer=penatibus&non=et&velit=magnis&donec=dis&diam=parturient&neque=montes&vestibulum=nascetur&eget=ridiculus&vulputate=mus&ut=etiam&ultrices=vel&vel=augue&augue=vestibulum&vestibulum=rutrum&ante=rutrum&ipsum=neque&primis=aenean&in=auctor&faucibus=gravida&orci=sem&luctus=praesent&et=id&ultrices=massa&posuere=id&cubilia=nisl&curae=venenatis,TRUE
+http://wikipedia.org/nullam/sit/amet/turpis/elementum/ligula.js?leo=elementum&maecenas=ligula&pulvinar=vehicula&lobortis=consequat&est=morbi&phasellus=a&sit=ipsum&amet=integer&erat=a&nulla=nibh&tempus=in&vivamus=quis&in=justo&felis=maecenas&eu=rhoncus&sapien=aliquam&cursus=lacus&vestibulum=morbi&proin=quis&eu=tortor&mi=id&nulla=nulla&ac=ultrices&enim=aliquet&in=maecenas&tempor=leo&turpis=odio&nec=condimentum&euismod=id&scelerisque=luctus&quam=nec&turpis=molestie&adipiscing=sed&lorem=justo&vitae=pellentesque&mattis=viverra&nibh=pede&ligula=ac&nec=diam&sem=cras&duis=pellentesque&aliquam=volutpat&convallis=dui&nunc=maecenas&proin=tristique&at=est&turpis=et&a=tempus&pede=semper&posuere=est&nonummy=quam&integer=pharetra&non=magna&velit=ac&donec=consequat&diam=metus&neque=sapien&vestibulum=ut&eget=nunc&vulputate=vestibulum&ut=ante&ultrices=ipsum&vel=primis&augue=in&vestibulum=faucibus&ante=orci&ipsum=luctus&primis=et&in=ultrices&faucibus=posuere,TRUE
+https://seesaa.net/nam/congue/risus/semper/porta.xml?ut=vulputate&erat=luctus&id=cum&mauris=sociis&vulputate=natoque&elementum=penatibus&nullam=et&varius=magnis&nulla=dis&facilisi=parturient&cras=montes&non=nascetur&velit=ridiculus&nec=mus&nisi=vivamus&vulputate=vestibulum&nonummy=sagittis&maecenas=sapien&tincidunt=cum&lacus=sociis&at=natoque&velit=penatibus&vivamus=et&vel=magnis&nulla=dis&eget=parturient&eros=montes&elementum=nascetur&pellentesque=ridiculus&quisque=mus&porta=etiam&volutpat=vel&erat=augue&quisque=vestibulum&erat=rutrum&eros=rutrum&viverra=neque&eget=aenean&congue=auctor&eget=gravida&semper=sem&rutrum=praesent&nulla=id&nunc=massa&purus=id&phasellus=nisl&in=venenatis&felis=lacinia&donec=aenean&semper=sit&sapien=amet&a=justo&libero=morbi&nam=ut&dui=odio&proin=cras&leo=mi&odio=pede&porttitor=malesuada&id=in&consequat=imperdiet&in=et&consequat=commodo&ut=vulputate&nulla=justo&sed=in&accumsan=blandit&felis=ultrices&ut=enim&at=lorem&dolor=ipsum&quis=dolor&odio=sit&consequat=amet&varius=consectetuer&integer=adipiscing&ac=elit&leo=proin&pellentesque=interdum&ultrices=mauris&mattis=non&odio=ligula&donec=pellentesque&vitae=ultrices&nisi=phasellus&nam=id&ultrices=sapien&libero=in&non=sapien&mattis=iaculis&pulvinar=congue&nulla=vivamus&pede=metus&ullamcorper=arcu,TRUE
+http://usgs.gov/sit/amet/consectetuer/adipiscing/elit.jpg?in=duis&tempus=bibendum&sit=felis&amet=sed,TRUE
+http://state.gov/lacinia/aenean/sit/amet.html?felis=cubilia&fusce=curae&posuere=duis&felis=faucibus&sed=accumsan&lacus=odio&morbi=curabitur&sem=convallis&mauris=duis&laoreet=consequat,TRUE
+http://stumbleupon.com/duis/at/velit/eu/est.jpg?nunc=tincidunt&rhoncus=eget,TRUE
+https://phoca.cz/sed/vel/enim/sit/amet/nunc.html?amet=eget&justo=tincidunt&morbi=eget&ut=tempus&odio=vel&cras=pede&mi=morbi&pede=porttitor&malesuada=lorem&in=id&imperdiet=ligula&et=suspendisse&commodo=ornare&vulputate=consequat&justo=lectus&in=in&blandit=est&ultrices=risus&enim=auctor&lorem=sed&ipsum=tristique&dolor=in&sit=tempus&amet=sit&consectetuer=amet&adipiscing=sem&elit=fusce&proin=consequat&interdum=nulla&mauris=nisl&non=nunc&ligula=nisl&pellentesque=duis&ultrices=bibendum&phasellus=felis&id=sed&sapien=interdum&in=venenatis&sapien=turpis&iaculis=enim&congue=blandit&vivamus=mi&metus=in&arcu=porttitor&adipiscing=pede&molestie=justo&hendrerit=eu&at=massa,TRUE
+http://unesco.org/sapien/placerat/ante/nulla/justo.js?in=eget&hac=rutrum&habitasse=at&platea=lorem&dictumst=integer&etiam=tincidunt&faucibus=ante&cursus=vel&urna=ipsum&ut=praesent&tellus=blandit&nulla=lacinia&ut=erat&erat=vestibulum&id=sed&mauris=magna&vulputate=at&elementum=nunc&nullam=commodo&varius=placerat&nulla=praesent&facilisi=blandit&cras=nam&non=nulla&velit=integer&nec=pede&nisi=justo&vulputate=lacinia&nonummy=eget&maecenas=tincidunt&tincidunt=eget&lacus=tempus&at=vel&velit=pede&vivamus=morbi&vel=porttitor&nulla=lorem&eget=id&eros=ligula&elementum=suspendisse&pellentesque=ornare&quisque=consequat&porta=lectus&volutpat=in&erat=est&quisque=risus&erat=auctor&eros=sed&viverra=tristique,TRUE
+http://businessinsider.com/sit/amet/eros/suspendisse/accumsan.jsp?egestas=felis&metus=ut&aenean=at&fermentum=dolor&donec=quis&ut=odio&mauris=consequat&eget=varius&massa=integer&tempor=ac&convallis=leo&nulla=pellentesque&neque=ultrices&libero=mattis&convallis=odio&eget=donec&eleifend=vitae&luctus=nisi&ultricies=nam&eu=ultrices&nibh=libero&quisque=non&id=mattis&justo=pulvinar&sit=nulla&amet=pede&sapien=ullamcorper&dignissim=augue&vestibulum=a&vestibulum=suscipit,TRUE
+https://free.fr/mus/etiam/vel.js?vestibulum=nullam&sit=molestie&amet=nibh&cursus=in&id=lectus&turpis=pellentesque&integer=at&aliquet=nulla&massa=suspendisse&id=potenti&lobortis=cras&convallis=in&tortor=purus&risus=eu&dapibus=magna&augue=vulputate&vel=luctus&accumsan=cum&tellus=sociis&nisi=natoque&eu=penatibus&orci=et&mauris=magnis&lacinia=dis&sapien=parturient&quis=montes&libero=nascetur&nullam=ridiculus&sit=mus&amet=vivamus&turpis=vestibulum&elementum=sagittis&ligula=sapien&vehicula=cum&consequat=sociis&morbi=natoque&a=penatibus&ipsum=et&integer=magnis&a=dis&nibh=parturient&in=montes&quis=nascetur&justo=ridiculus&maecenas=mus&rhoncus=etiam&aliquam=vel&lacus=augue&morbi=vestibulum&quis=rutrum&tortor=rutrum&id=neque&nulla=aenean&ultrices=auctor&aliquet=gravida&maecenas=sem&leo=praesent&odio=id&condimentum=massa&id=id&luctus=nisl&nec=venenatis,TRUE
+https://hexun.com/morbi/vel/lectus.jpg?id=condimentum&sapien=neque&in=sapien,TRUE
+http://sfgate.com/consequat/lectus/in.jpg?nulla=primis&suspendisse=in&potenti=faucibus&cras=orci&in=luctus&purus=et&eu=ultrices&magna=posuere&vulputate=cubilia&luctus=curae&cum=donec&sociis=pharetra&natoque=magna&penatibus=vestibulum&et=aliquet&magnis=ultrices&dis=erat&parturient=tortor&montes=sollicitudin&nascetur=mi&ridiculus=sit&mus=amet&vivamus=lobortis&vestibulum=sapien&sagittis=sapien&sapien=non&cum=mi&sociis=integer&natoque=ac&penatibus=neque&et=duis&magnis=bibendum&dis=morbi&parturient=non&montes=quam&nascetur=nec&ridiculus=dui&mus=luctus&etiam=rutrum&vel=nulla&augue=tellus&vestibulum=in&rutrum=sagittis&rutrum=dui&neque=vel&aenean=nisl&auctor=duis&gravida=ac&sem=nibh&praesent=fusce&id=lacus&massa=purus&id=aliquet&nisl=at&venenatis=feugiat&lacinia=non&aenean=pretium&sit=quis&amet=lectus&justo=suspendisse&morbi=potenti&ut=in&odio=eleifend&cras=quam&mi=a&pede=odio&malesuada=in&in=hac&imperdiet=habitasse&et=platea&commodo=dictumst&vulputate=maecenas&justo=ut&in=massa&blandit=quis&ultrices=augue&enim=luctus&lorem=tincidunt&ipsum=nulla&dolor=mollis&sit=molestie&amet=lorem&consectetuer=quisque&adipiscing=ut&elit=erat&proin=curabitur&interdum=gravida&mauris=nisi&non=at&ligula=nibh&pellentesque=in&ultrices=hac&phasellus=habitasse,TRUE
+http://princeton.edu/quisque/porta/volutpat/erat/quisque.jsp?tincidunt=velit&eget=vivamus&tempus=vel&vel=nulla&pede=eget&morbi=eros&porttitor=elementum&lorem=pellentesque&id=quisque&ligula=porta&suspendisse=volutpat&ornare=erat&consequat=quisque&lectus=erat&in=eros&est=viverra&risus=eget&auctor=congue&sed=eget&tristique=semper&in=rutrum&tempus=nulla&sit=nunc&amet=purus&sem=phasellus&fusce=in&consequat=felis&nulla=donec&nisl=semper&nunc=sapien&nisl=a&duis=libero&bibendum=nam&felis=dui&sed=proin&interdum=leo&venenatis=odio&turpis=porttitor&enim=id&blandit=consequat&mi=in&in=consequat&porttitor=ut&pede=nulla&justo=sed&eu=accumsan&massa=felis&donec=ut&dapibus=at&duis=dolor&at=quis&velit=odio&eu=consequat&est=varius&congue=integer&elementum=ac&in=leo&hac=pellentesque&habitasse=ultrices&platea=mattis&dictumst=odio&morbi=donec&vestibulum=vitae&velit=nisi&id=nam&pretium=ultrices&iaculis=libero&diam=non&erat=mattis&fermentum=pulvinar&justo=nulla&nec=pede&condimentum=ullamcorper,TRUE
+https://admin.ch/in/sagittis.js?maecenas=venenatis&tincidunt=lacinia&lacus=aenean&at=sit&velit=amet&vivamus=justo&vel=morbi&nulla=ut&eget=odio&eros=cras&elementum=mi&pellentesque=pede&quisque=malesuada&porta=in&volutpat=imperdiet&erat=et&quisque=commodo&erat=vulputate&eros=justo&viverra=in&eget=blandit&congue=ultrices&eget=enim&semper=lorem&rutrum=ipsum&nulla=dolor&nunc=sit&purus=amet&phasellus=consectetuer&in=adipiscing&felis=elit&donec=proin&semper=interdum&sapien=mauris&a=non&libero=ligula&nam=pellentesque&dui=ultrices&proin=phasellus&leo=id&odio=sapien&porttitor=in&id=sapien&consequat=iaculis&in=congue&consequat=vivamus&ut=metus&nulla=arcu&sed=adipiscing&accumsan=molestie&felis=hendrerit&ut=at&at=vulputate&dolor=vitae&quis=nisl&odio=aenean&consequat=lectus&varius=pellentesque&integer=eget&ac=nunc&leo=donec&pellentesque=quis&ultrices=orci&mattis=eget&odio=orci&donec=vehicula&vitae=condimentum&nisi=curabitur&nam=in&ultrices=libero&libero=ut&non=massa&mattis=volutpat&pulvinar=convallis&nulla=morbi&pede=odio&ullamcorper=odio&augue=elementum&a=eu&suscipit=interdum&nulla=eu&elit=tincidunt&ac=in&nulla=leo&sed=maecenas&vel=pulvinar&enim=lobortis&sit=est&amet=phasellus&nunc=sit&viverra=amet&dapibus=erat&nulla=nulla&suscipit=tempus&ligula=vivamus,TRUE
+http://dailymotion.com/justo/aliquam/quis/turpis.html?semper=non&sapien=velit&a=donec&libero=diam&nam=neque&dui=vestibulum&proin=eget&leo=vulputate&odio=ut&porttitor=ultrices&id=vel&consequat=augue&in=vestibulum&consequat=ante&ut=ipsum&nulla=primis&sed=in&accumsan=faucibus&felis=orci&ut=luctus&at=et&dolor=ultrices&quis=posuere&odio=cubilia&consequat=curae&varius=donec&integer=pharetra,TRUE
+https://pinterest.com/integer/a/nibh/in.jpg?ut=malesuada&dolor=in&morbi=imperdiet&vel=et&lectus=commodo&in=vulputate&quam=justo&fringilla=in&rhoncus=blandit&mauris=ultrices&enim=enim&leo=lorem&rhoncus=ipsum&sed=dolor&vestibulum=sit&sit=amet&amet=consectetuer&cursus=adipiscing&id=elit&turpis=proin&integer=interdum&aliquet=mauris&massa=non&id=ligula&lobortis=pellentesque&convallis=ultrices&tortor=phasellus&risus=id&dapibus=sapien&augue=in&vel=sapien&accumsan=iaculis&tellus=congue&nisi=vivamus&eu=metus&orci=arcu&mauris=adipiscing&lacinia=molestie&sapien=hendrerit&quis=at&libero=vulputate&nullam=vitae&sit=nisl&amet=aenean&turpis=lectus&elementum=pellentesque&ligula=eget&vehicula=nunc&consequat=donec&morbi=quis&a=orci&ipsum=eget&integer=orci&a=vehicula&nibh=condimentum&in=curabitur&quis=in&justo=libero&maecenas=ut&rhoncus=massa&aliquam=volutpat&lacus=convallis&morbi=morbi&quis=odio&tortor=odio&id=elementum&nulla=eu&ultrices=interdum&aliquet=eu&maecenas=tincidunt&leo=in&odio=leo&condimentum=maecenas&id=pulvinar&luctus=lobortis&nec=est&molestie=phasellus&sed=sit&justo=amet&pellentesque=erat&viverra=nulla&pede=tempus&ac=vivamus&diam=in&cras=felis&pellentesque=eu&volutpat=sapien&dui=cursus&maecenas=vestibulum&tristique=proin&est=eu&et=mi&tempus=nulla&semper=ac&est=enim&quam=in&pharetra=tempor,TRUE
+http://sun.com/faucibus/orci/luctus.html?nulla=vel&ut=ipsum&erat=praesent&id=blandit&mauris=lacinia&vulputate=erat&elementum=vestibulum&nullam=sed&varius=magna&nulla=at&facilisi=nunc&cras=commodo&non=placerat&velit=praesent&nec=blandit&nisi=nam&vulputate=nulla&nonummy=integer&maecenas=pede&tincidunt=justo&lacus=lacinia&at=eget&velit=tincidunt&vivamus=eget&vel=tempus&nulla=vel&eget=pede&eros=morbi&elementum=porttitor&pellentesque=lorem&quisque=id&porta=ligula&volutpat=suspendisse&erat=ornare&quisque=consequat&erat=lectus&eros=in&viverra=est&eget=risus&congue=auctor&eget=sed&semper=tristique&rutrum=in&nulla=tempus&nunc=sit&purus=amet&phasellus=sem&in=fusce&felis=consequat&donec=nulla&semper=nisl&sapien=nunc&a=nisl&libero=duis&nam=bibendum&dui=felis&proin=sed&leo=interdum&odio=venenatis&porttitor=turpis&id=enim&consequat=blandit&in=mi&consequat=in&ut=porttitor&nulla=pede&sed=justo&accumsan=eu&felis=massa&ut=donec&at=dapibus&dolor=duis&quis=at,TRUE
+https://smh.com.au/vitae.aspx?non=duis&sodales=aliquam&sed=convallis&tincidunt=nunc&eu=proin&felis=at&fusce=turpis&posuere=a&felis=pede&sed=posuere&lacus=nonummy&morbi=integer&sem=non&mauris=velit&laoreet=donec&ut=diam&rhoncus=neque&aliquet=vestibulum&pulvinar=eget&sed=vulputate&nisl=ut&nunc=ultrices&rhoncus=vel&dui=augue&vel=vestibulum&sem=ante&sed=ipsum&sagittis=primis&nam=in&congue=faucibus&risus=orci&semper=luctus&porta=et&volutpat=ultrices&quam=posuere&pede=cubilia&lobortis=curae&ligula=donec&sit=pharetra&amet=magna&eleifend=vestibulum&pede=aliquet&libero=ultrices&quis=erat&orci=tortor&nullam=sollicitudin&molestie=mi&nibh=sit&in=amet&lectus=lobortis&pellentesque=sapien&at=sapien&nulla=non&suspendisse=mi&potenti=integer&cras=ac&in=neque&purus=duis&eu=bibendum&magna=morbi&vulputate=non&luctus=quam&cum=nec&sociis=dui&natoque=luctus&penatibus=rutrum&et=nulla&magnis=tellus&dis=in&parturient=sagittis&montes=dui&nascetur=vel&ridiculus=nisl&mus=duis&vivamus=ac&vestibulum=nibh&sagittis=fusce&sapien=lacus&cum=purus&sociis=aliquet&natoque=at&penatibus=feugiat&et=non&magnis=pretium&dis=quis&parturient=lectus&montes=suspendisse&nascetur=potenti&ridiculus=in&mus=eleifend&etiam=quam&vel=a&augue=odio,TRUE
+http://cisco.com/tincidunt/in/leo/maecenas/pulvinar/lobortis.html?in=morbi&quis=sem&justo=mauris&maecenas=laoreet&rhoncus=ut&aliquam=rhoncus&lacus=aliquet&morbi=pulvinar&quis=sed&tortor=nisl&id=nunc&nulla=rhoncus&ultrices=dui&aliquet=vel&maecenas=sem&leo=sed&odio=sagittis&condimentum=nam&id=congue&luctus=risus&nec=semper&molestie=porta&sed=volutpat&justo=quam&pellentesque=pede&viverra=lobortis&pede=ligula&ac=sit&diam=amet&cras=eleifend&pellentesque=pede&volutpat=libero&dui=quis&maecenas=orci&tristique=nullam&est=molestie&et=nibh&tempus=in&semper=lectus&est=pellentesque&quam=at&pharetra=nulla&magna=suspendisse&ac=potenti&consequat=cras&metus=in&sapien=purus&ut=eu&nunc=magna&vestibulum=vulputate&ante=luctus&ipsum=cum&primis=sociis&in=natoque&faucibus=penatibus&orci=et&luctus=magnis&et=dis&ultrices=parturient&posuere=montes,TRUE
+https://dropbox.com/justo/morbi/ut/odio/cras/mi.xml?justo=platea&pellentesque=dictumst&viverra=morbi&pede=vestibulum&ac=velit&diam=id&cras=pretium&pellentesque=iaculis&volutpat=diam&dui=erat&maecenas=fermentum&tristique=justo&est=nec&et=condimentum&tempus=neque&semper=sapien&est=placerat,TRUE
+http://privacy.gov.au/dis/parturient/montes/nascetur/ridiculus/mus.png?nunc=feugiat&commodo=et&placerat=eros&praesent=vestibulum&blandit=ac&nam=est&nulla=lacinia&integer=nisi&pede=venenatis&justo=tristique&lacinia=fusce&eget=congue&tincidunt=diam&eget=id&tempus=ornare&vel=imperdiet&pede=sapien&morbi=urna&porttitor=pretium&lorem=nisl&id=ut&ligula=volutpat&suspendisse=sapien&ornare=arcu&consequat=sed&lectus=augue&in=aliquam,TRUE
+https://cnbc.com/erat/fermentum/justo/nec/condimentum.png?vestibulum=ipsum&aliquet=aliquam&ultrices=non&erat=mauris&tortor=morbi&sollicitudin=non&mi=lectus&sit=aliquam&amet=sit&lobortis=amet&sapien=diam&sapien=in&non=magna&mi=bibendum&integer=imperdiet&ac=nullam&neque=orci&duis=pede&bibendum=venenatis&morbi=non&non=sodales&quam=sed&nec=tincidunt&dui=eu&luctus=felis&rutrum=fusce&nulla=posuere&tellus=felis,TRUE
+https://omniture.com/pede/justo/eu/massa/donec/dapibus/duis.json?dictumst=ipsum&maecenas=aliquam&ut=non&massa=mauris&quis=morbi&augue=non&luctus=lectus&tincidunt=aliquam&nulla=sit&mollis=amet&molestie=diam&lorem=in&quisque=magna&ut=bibendum&erat=imperdiet&curabitur=nullam&gravida=orci&nisi=pede&at=venenatis&nibh=non&in=sodales&hac=sed&habitasse=tincidunt&platea=eu&dictumst=felis&aliquam=fusce&augue=posuere&quam=felis&sollicitudin=sed&vitae=lacus&consectetuer=morbi&eget=sem&rutrum=mauris&at=laoreet&lorem=ut&integer=rhoncus&tincidunt=aliquet&ante=pulvinar&vel=sed&ipsum=nisl&praesent=nunc&blandit=rhoncus&lacinia=dui&erat=vel&vestibulum=sem&sed=sed&magna=sagittis&at=nam&nunc=congue&commodo=risus&placerat=semper&praesent=porta&blandit=volutpat,TRUE
+http://amazonaws.com/maecenas/ut/massa/quis/augue/luctus.jpg?at=sollicitudin&velit=ut&eu=suscipit&est=a&congue=feugiat&elementum=et&in=eros&hac=vestibulum&habitasse=ac&platea=est&dictumst=lacinia&morbi=nisi&vestibulum=venenatis&velit=tristique&id=fusce&pretium=congue&iaculis=diam&diam=id&erat=ornare&fermentum=imperdiet&justo=sapien&nec=urna&condimentum=pretium&neque=nisl&sapien=ut&placerat=volutpat&ante=sapien&nulla=arcu&justo=sed&aliquam=augue&quis=aliquam&turpis=erat&eget=volutpat&elit=in&sodales=congue&scelerisque=etiam&mauris=justo&sit=etiam&amet=pretium&eros=iaculis&suspendisse=justo&accumsan=in&tortor=hac&quis=habitasse&turpis=platea&sed=dictumst&ante=etiam&vivamus=faucibus&tortor=cursus&duis=urna&mattis=ut&egestas=tellus&metus=nulla&aenean=ut&fermentum=erat&donec=id&ut=mauris&mauris=vulputate&eget=elementum,TRUE
+https://infoseek.co.jp/dui/nec/nisi.xml?pede=dolor&malesuada=vel&in=est&imperdiet=donec&et=odio&commodo=justo&vulputate=sollicitudin&justo=ut&in=suscipit&blandit=a&ultrices=feugiat&enim=et&lorem=eros&ipsum=vestibulum&dolor=ac&sit=est&amet=lacinia&consectetuer=nisi&adipiscing=venenatis&elit=tristique&proin=fusce&interdum=congue&mauris=diam&non=id&ligula=ornare&pellentesque=imperdiet&ultrices=sapien&phasellus=urna&id=pretium&sapien=nisl&in=ut&sapien=volutpat&iaculis=sapien&congue=arcu&vivamus=sed&metus=augue&arcu=aliquam&adipiscing=erat&molestie=volutpat,TRUE
+https://friendfeed.com/rutrum/rutrum/neque/aenean/auctor/gravida/sem.png?interdum=tempus&venenatis=vel&turpis=pede&enim=morbi&blandit=porttitor&mi=lorem&in=id&porttitor=ligula&pede=suspendisse&justo=ornare&eu=consequat&massa=lectus&donec=in&dapibus=est&duis=risus&at=auctor&velit=sed&eu=tristique&est=in&congue=tempus&elementum=sit&in=amet&hac=sem&habitasse=fusce&platea=consequat&dictumst=nulla&morbi=nisl&vestibulum=nunc&velit=nisl&id=duis&pretium=bibendum&iaculis=felis&diam=sed&erat=interdum&fermentum=venenatis&justo=turpis&nec=enim&condimentum=blandit&neque=mi&sapien=in&placerat=porttitor&ante=pede&nulla=justo&justo=eu&aliquam=massa&quis=donec&turpis=dapibus&eget=duis&elit=at&sodales=velit&scelerisque=eu&mauris=est&sit=congue&amet=elementum&eros=in&suspendisse=hac&accumsan=habitasse&tortor=platea&quis=dictumst&turpis=morbi&sed=vestibulum&ante=velit&vivamus=id&tortor=pretium&duis=iaculis&mattis=diam&egestas=erat&metus=fermentum&aenean=justo&fermentum=nec&donec=condimentum&ut=neque&mauris=sapien&eget=placerat&massa=ante&tempor=nulla,TRUE
+https://miibeian.gov.cn/mi/sit/amet/lobortis/sapien/sapien/non.json?tincidunt=pulvinar&ante=sed&vel=nisl&ipsum=nunc&praesent=rhoncus&blandit=dui&lacinia=vel&erat=sem&vestibulum=sed&sed=sagittis&magna=nam&at=congue&nunc=risus&commodo=semper&placerat=porta&praesent=volutpat&blandit=quam&nam=pede&nulla=lobortis&integer=ligula&pede=sit&justo=amet&lacinia=eleifend&eget=pede&tincidunt=libero&eget=quis&tempus=orci&vel=nullam&pede=molestie&morbi=nibh&porttitor=in&lorem=lectus&id=pellentesque&ligula=at&suspendisse=nulla&ornare=suspendisse&consequat=potenti&lectus=cras&in=in&est=purus&risus=eu&auctor=magna&sed=vulputate&tristique=luctus&in=cum&tempus=sociis&sit=natoque&amet=penatibus&sem=et&fusce=magnis&consequat=dis&nulla=parturient&nisl=montes&nunc=nascetur&nisl=ridiculus&duis=mus&bibendum=vivamus&felis=vestibulum&sed=sagittis&interdum=sapien&venenatis=cum&turpis=sociis&enim=natoque&blandit=penatibus&mi=et&in=magnis&porttitor=dis&pede=parturient&justo=montes&eu=nascetur&massa=ridiculus&donec=mus&dapibus=etiam&duis=vel&at=augue&velit=vestibulum&eu=rutrum&est=rutrum&congue=neque&elementum=aenean&in=auctor&hac=gravida&habitasse=sem&platea=praesent&dictumst=id&morbi=massa&vestibulum=id&velit=nisl&id=venenatis,TRUE
+https://usatoday.com/gravida.jpg?ultrices=eget&posuere=tincidunt&cubilia=eget&curae=tempus&duis=vel&faucibus=pede&accumsan=morbi&odio=porttitor&curabitur=lorem&convallis=id&duis=ligula&consequat=suspendisse&dui=ornare&nec=consequat&nisi=lectus&volutpat=in&eleifend=est&donec=risus&ut=auctor&dolor=sed&morbi=tristique&vel=in&lectus=tempus&in=sit&quam=amet&fringilla=sem&rhoncus=fusce&mauris=consequat&enim=nulla&leo=nisl&rhoncus=nunc&sed=nisl&vestibulum=duis&sit=bibendum&amet=felis&cursus=sed&id=interdum&turpis=venenatis&integer=turpis&aliquet=enim&massa=blandit&id=mi&lobortis=in&convallis=porttitor&tortor=pede&risus=justo&dapibus=eu&augue=massa&vel=donec&accumsan=dapibus&tellus=duis&nisi=at&eu=velit&orci=eu&mauris=est&lacinia=congue&sapien=elementum&quis=in&libero=hac&nullam=habitasse&sit=platea&amet=dictumst&turpis=morbi&elementum=vestibulum&ligula=velit&vehicula=id&consequat=pretium&morbi=iaculis&a=diam&ipsum=erat&integer=fermentum&a=justo&nibh=nec&in=condimentum&quis=neque&justo=sapien&maecenas=placerat&rhoncus=ante&aliquam=nulla&lacus=justo&morbi=aliquam&quis=quis&tortor=turpis&id=eget&nulla=elit&ultrices=sodales&aliquet=scelerisque&maecenas=mauris&leo=sit&odio=amet&condimentum=eros&id=suspendisse&luctus=accumsan&nec=tortor&molestie=quis&sed=turpis&justo=sed,TRUE
+https://sourceforge.net/lorem/vitae/mattis/nibh/ligula/nec.jsp?leo=condimentum&rhoncus=neque&sed=sapien&vestibulum=placerat&sit=ante&amet=nulla&cursus=justo&id=aliquam&turpis=quis&integer=turpis&aliquet=eget&massa=elit&id=sodales&lobortis=scelerisque&convallis=mauris&tortor=sit&risus=amet&dapibus=eros&augue=suspendisse&vel=accumsan&accumsan=tortor&tellus=quis&nisi=turpis&eu=sed&orci=ante&mauris=vivamus&lacinia=tortor&sapien=duis&quis=mattis&libero=egestas&nullam=metus&sit=aenean&amet=fermentum&turpis=donec&elementum=ut&ligula=mauris&vehicula=eget&consequat=massa&morbi=tempor&a=convallis&ipsum=nulla&integer=neque&a=libero&nibh=convallis&in=eget&quis=eleifend&justo=luctus&maecenas=ultricies&rhoncus=eu&aliquam=nibh&lacus=quisque&morbi=id&quis=justo&tortor=sit&id=amet&nulla=sapien&ultrices=dignissim&aliquet=vestibulum&maecenas=vestibulum&leo=ante&odio=ipsum&condimentum=primis&id=in&luctus=faucibus&nec=orci&molestie=luctus&sed=et&justo=ultrices&pellentesque=posuere&viverra=cubilia&pede=curae&ac=nulla,TRUE
+http://vkontakte.ru/ac/lobortis.jsp?nonummy=urna&integer=ut&non=tellus&velit=nulla&donec=ut&diam=erat&neque=id&vestibulum=mauris&eget=vulputate&vulputate=elementum&ut=nullam&ultrices=varius&vel=nulla&augue=facilisi&vestibulum=cras&ante=non&ipsum=velit&primis=nec&in=nisi&faucibus=vulputate&orci=nonummy&luctus=maecenas&et=tincidunt&ultrices=lacus&posuere=at&cubilia=velit&curae=vivamus&donec=vel&pharetra=nulla&magna=eget&vestibulum=eros&aliquet=elementum&ultrices=pellentesque&erat=quisque&tortor=porta&sollicitudin=volutpat&mi=erat&sit=quisque,TRUE
+http://ted.com/massa/id/lobortis/convallis.html?in=in&faucibus=lectus&orci=pellentesque&luctus=at&et=nulla&ultrices=suspendisse&posuere=potenti&cubilia=cras&curae=in&mauris=purus&viverra=eu&diam=magna&vitae=vulputate&quam=luctus&suspendisse=cum&potenti=sociis&nullam=natoque&porttitor=penatibus&lacus=et&at=magnis&turpis=dis&donec=parturient&posuere=montes&metus=nascetur&vitae=ridiculus&ipsum=mus&aliquam=vivamus&non=vestibulum&mauris=sagittis&morbi=sapien&non=cum&lectus=sociis&aliquam=natoque&sit=penatibus&amet=et&diam=magnis&in=dis&magna=parturient&bibendum=montes&imperdiet=nascetur&nullam=ridiculus&orci=mus&pede=etiam&venenatis=vel&non=augue&sodales=vestibulum&sed=rutrum&tincidunt=rutrum&eu=neque&felis=aenean&fusce=auctor&posuere=gravida&felis=sem&sed=praesent&lacus=id&morbi=massa,TRUE
+http://google.fr/porttitor/lacus/at/turpis/donec/posuere.json?ut=non&erat=quam&curabitur=nec&gravida=dui&nisi=luctus&at=rutrum&nibh=nulla&in=tellus&hac=in&habitasse=sagittis,TRUE
+http://census.gov/sapien/dignissim/vestibulum/vestibulum/ante/ipsum.js?sem=ante&mauris=ipsum&laoreet=primis&ut=in&rhoncus=faucibus&aliquet=orci&pulvinar=luctus&sed=et&nisl=ultrices&nunc=posuere&rhoncus=cubilia&dui=curae&vel=donec&sem=pharetra&sed=magna&sagittis=vestibulum&nam=aliquet&congue=ultrices&risus=erat&semper=tortor&porta=sollicitudin&volutpat=mi&quam=sit&pede=amet&lobortis=lobortis&ligula=sapien&sit=sapien&amet=non&eleifend=mi&pede=integer&libero=ac&quis=neque&orci=duis&nullam=bibendum&molestie=morbi&nibh=non&in=quam&lectus=nec&pellentesque=dui&at=luctus&nulla=rutrum&suspendisse=nulla&potenti=tellus&cras=in&in=sagittis&purus=dui&eu=vel&magna=nisl&vulputate=duis&luctus=ac&cum=nibh&sociis=fusce&natoque=lacus&penatibus=purus&et=aliquet&magnis=at&dis=feugiat,TRUE
+https://biglobe.ne.jp/in/magna/bibendum/imperdiet/nullam/orci/pede.xml?ipsum=volutpat&praesent=eleifend&blandit=donec&lacinia=ut&erat=dolor&vestibulum=morbi&sed=vel&magna=lectus&at=in&nunc=quam&commodo=fringilla&placerat=rhoncus&praesent=mauris&blandit=enim&nam=leo&nulla=rhoncus&integer=sed&pede=vestibulum&justo=sit&lacinia=amet&eget=cursus&tincidunt=id&eget=turpis&tempus=integer&vel=aliquet&pede=massa&morbi=id&porttitor=lobortis&lorem=convallis&id=tortor&ligula=risus&suspendisse=dapibus&ornare=augue&consequat=vel&lectus=accumsan&in=tellus&est=nisi&risus=eu&auctor=orci&sed=mauris&tristique=lacinia&in=sapien&tempus=quis&sit=libero&amet=nullam&sem=sit&fusce=amet,TRUE
+http://jugem.jp/augue/aliquam/erat.js?odio=sed&justo=sagittis&sollicitudin=nam&ut=congue&suscipit=risus&a=semper&feugiat=porta&et=volutpat&eros=quam&vestibulum=pede&ac=lobortis&est=ligula&lacinia=sit&nisi=amet&venenatis=eleifend&tristique=pede&fusce=libero&congue=quis&diam=orci&id=nullam&ornare=molestie&imperdiet=nibh&sapien=in&urna=lectus&pretium=pellentesque&nisl=at&ut=nulla&volutpat=suspendisse&sapien=potenti&arcu=cras&sed=in&augue=purus&aliquam=eu&erat=magna&volutpat=vulputate&in=luctus&congue=cum&etiam=sociis&justo=natoque&etiam=penatibus&pretium=et&iaculis=magnis&justo=dis&in=parturient&hac=montes&habitasse=nascetur&platea=ridiculus&dictumst=mus&etiam=vivamus&faucibus=vestibulum&cursus=sagittis&urna=sapien,TRUE
+https://engadget.com/neque/vestibulum/eget/vulputate/ut.aspx?lobortis=tempus&ligula=semper&sit=est&amet=quam&eleifend=pharetra&pede=magna&libero=ac&quis=consequat&orci=metus&nullam=sapien&molestie=ut&nibh=nunc&in=vestibulum&lectus=ante&pellentesque=ipsum&at=primis&nulla=in&suspendisse=faucibus&potenti=orci&cras=luctus&in=et&purus=ultrices&eu=posuere&magna=cubilia&vulputate=curae&luctus=mauris&cum=viverra&sociis=diam&natoque=vitae&penatibus=quam&et=suspendisse&magnis=potenti&dis=nullam&parturient=porttitor&montes=lacus&nascetur=at&ridiculus=turpis&mus=donec&vivamus=posuere&vestibulum=metus&sagittis=vitae&sapien=ipsum&cum=aliquam&sociis=non&natoque=mauris&penatibus=morbi&et=non&magnis=lectus&dis=aliquam&parturient=sit&montes=amet&nascetur=diam&ridiculus=in&mus=magna&etiam=bibendum&vel=imperdiet&augue=nullam&vestibulum=orci&rutrum=pede&rutrum=venenatis&neque=non&aenean=sodales&auctor=sed&gravida=tincidunt&sem=eu&praesent=felis&id=fusce&massa=posuere&id=felis&nisl=sed&venenatis=lacus&lacinia=morbi&aenean=sem&sit=mauris&amet=laoreet&justo=ut&morbi=rhoncus&ut=aliquet&odio=pulvinar&cras=sed&mi=nisl&pede=nunc&malesuada=rhoncus&in=dui&imperdiet=vel&et=sem&commodo=sed&vulputate=sagittis&justo=nam&in=congue&blandit=risus&ultrices=semper&enim=porta&lorem=volutpat&ipsum=quam,TRUE
+http://umich.edu/massa/quis/augue/luctus/tincidunt/nulla/mollis.json?aliquam=amet&quis=sem&turpis=fusce&eget=consequat&elit=nulla&sodales=nisl&scelerisque=nunc&mauris=nisl&sit=duis&amet=bibendum&eros=felis&suspendisse=sed&accumsan=interdum&tortor=venenatis&quis=turpis&turpis=enim&sed=blandit&ante=mi&vivamus=in&tortor=porttitor&duis=pede&mattis=justo&egestas=eu&metus=massa&aenean=donec&fermentum=dapibus&donec=duis&ut=at&mauris=velit&eget=eu&massa=est&tempor=congue&convallis=elementum&nulla=in&neque=hac&libero=habitasse&convallis=platea&eget=dictumst&eleifend=morbi&luctus=vestibulum&ultricies=velit&eu=id&nibh=pretium&quisque=iaculis&id=diam&justo=erat&sit=fermentum&amet=justo&sapien=nec&dignissim=condimentum&vestibulum=neque&vestibulum=sapien&ante=placerat&ipsum=ante&primis=nulla,TRUE
+http://mtv.com/ante/ipsum/primis/in/faucibus/orci/luctus.js?lacinia=fusce&erat=consequat&vestibulum=nulla&sed=nisl&magna=nunc&at=nisl&nunc=duis&commodo=bibendum&placerat=felis&praesent=sed&blandit=interdum&nam=venenatis&nulla=turpis&integer=enim&pede=blandit&justo=mi&lacinia=in&eget=porttitor&tincidunt=pede&eget=justo&tempus=eu&vel=massa&pede=donec&morbi=dapibus&porttitor=duis&lorem=at&id=velit&ligula=eu&suspendisse=est&ornare=congue&consequat=elementum&lectus=in&in=hac&est=habitasse&risus=platea&auctor=dictumst&sed=morbi&tristique=vestibulum&in=velit&tempus=id&sit=pretium&amet=iaculis&sem=diam&fusce=erat&consequat=fermentum&nulla=justo&nisl=nec&nunc=condimentum&nisl=neque&duis=sapien&bibendum=placerat&felis=ante&sed=nulla&interdum=justo&venenatis=aliquam&turpis=quis&enim=turpis&blandit=eget&mi=elit&in=sodales&porttitor=scelerisque&pede=mauris&justo=sit&eu=amet&massa=eros&donec=suspendisse&dapibus=accumsan&duis=tortor&at=quis&velit=turpis&eu=sed&est=ante&congue=vivamus&elementum=tortor&in=duis&hac=mattis&habitasse=egestas&platea=metus&dictumst=aenean&morbi=fermentum,TRUE
+http://123-reg.co.uk/platea/dictumst.jsp?et=justo&tempus=aliquam&semper=quis&est=turpis&quam=eget&pharetra=elit&magna=sodales&ac=scelerisque&consequat=mauris&metus=sit&sapien=amet&ut=eros&nunc=suspendisse&vestibulum=accumsan&ante=tortor&ipsum=quis&primis=turpis&in=sed&faucibus=ante&orci=vivamus&luctus=tortor&et=duis&ultrices=mattis&posuere=egestas&cubilia=metus&curae=aenean&mauris=fermentum&viverra=donec&diam=ut&vitae=mauris&quam=eget&suspendisse=massa&potenti=tempor&nullam=convallis&porttitor=nulla&lacus=neque&at=libero&turpis=convallis&donec=eget&posuere=eleifend&metus=luctus&vitae=ultricies&ipsum=eu&aliquam=nibh&non=quisque&mauris=id&morbi=justo&non=sit&lectus=amet&aliquam=sapien&sit=dignissim&amet=vestibulum&diam=vestibulum&in=ante&magna=ipsum&bibendum=primis&imperdiet=in&nullam=faucibus&orci=orci&pede=luctus&venenatis=et&non=ultrices&sodales=posuere&sed=cubilia&tincidunt=curae&eu=nulla&felis=dapibus&fusce=dolor&posuere=vel&felis=est,TRUE
+http://amazon.com/quam/a/odio/in.json?praesent=vitae&blandit=nisl&lacinia=aenean&erat=lectus&vestibulum=pellentesque&sed=eget&magna=nunc&at=donec&nunc=quis&commodo=orci&placerat=eget&praesent=orci,TRUE
+https://shareasale.com/praesent/id/massa.xml?consectetuer=sapien&adipiscing=cum&elit=sociis&proin=natoque&interdum=penatibus&mauris=et&non=magnis&ligula=dis&pellentesque=parturient&ultrices=montes&phasellus=nascetur&id=ridiculus&sapien=mus&in=etiam&sapien=vel&iaculis=augue&congue=vestibulum&vivamus=rutrum&metus=rutrum&arcu=neque&adipiscing=aenean&molestie=auctor&hendrerit=gravida&at=sem&vulputate=praesent&vitae=id&nisl=massa&aenean=id&lectus=nisl&pellentesque=venenatis&eget=lacinia&nunc=aenean&donec=sit&quis=amet&orci=justo&eget=morbi&orci=ut&vehicula=odio&condimentum=cras&curabitur=mi&in=pede&libero=malesuada&ut=in&massa=imperdiet&volutpat=et&convallis=commodo&morbi=vulputate&odio=justo&odio=in&elementum=blandit&eu=ultrices&interdum=enim&eu=lorem&tincidunt=ipsum&in=dolor&leo=sit&maecenas=amet&pulvinar=consectetuer&lobortis=adipiscing&est=elit&phasellus=proin&sit=interdum&amet=mauris&erat=non&nulla=ligula&tempus=pellentesque&vivamus=ultrices&in=phasellus&felis=id&eu=sapien&sapien=in&cursus=sapien&vestibulum=iaculis,TRUE
+http://noaa.gov/nunc/vestibulum.xml?lectus=lacus&pellentesque=morbi&at=quis&nulla=tortor&suspendisse=id&potenti=nulla,TRUE
+http://indiatimes.com/mauris.jpg?nisi=suspendisse&vulputate=accumsan&nonummy=tortor&maecenas=quis&tincidunt=turpis&lacus=sed&at=ante&velit=vivamus&vivamus=tortor&vel=duis&nulla=mattis&eget=egestas&eros=metus&elementum=aenean&pellentesque=fermentum&quisque=donec&porta=ut&volutpat=mauris&erat=eget&quisque=massa&erat=tempor&eros=convallis&viverra=nulla&eget=neque&congue=libero&eget=convallis&semper=eget&rutrum=eleifend&nulla=luctus&nunc=ultricies&purus=eu&phasellus=nibh&in=quisque&felis=id&donec=justo&semper=sit&sapien=amet&a=sapien&libero=dignissim&nam=vestibulum&dui=vestibulum&proin=ante&leo=ipsum&odio=primis&porttitor=in&id=faucibus&consequat=orci&in=luctus,TRUE
+https://dmoz.org/dolor/sit/amet/consectetuer/adipiscing/elit/proin.json?semper=pede&porta=libero&volutpat=quis&quam=orci&pede=nullam&lobortis=molestie&ligula=nibh&sit=in,TRUE
+https://forbes.com/sed/magna/at/nunc/commodo.jsp?dolor=donec&sit=posuere&amet=metus&consectetuer=vitae&adipiscing=ipsum&elit=aliquam&proin=non&interdum=mauris&mauris=morbi&non=non&ligula=lectus&pellentesque=aliquam&ultrices=sit&phasellus=amet&id=diam&sapien=in&in=magna&sapien=bibendum&iaculis=imperdiet&congue=nullam&vivamus=orci&metus=pede&arcu=venenatis&adipiscing=non&molestie=sodales&hendrerit=sed&at=tincidunt&vulputate=eu&vitae=felis&nisl=fusce&aenean=posuere&lectus=felis&pellentesque=sed&eget=lacus&nunc=morbi&donec=sem&quis=mauris&orci=laoreet&eget=ut&orci=rhoncus&vehicula=aliquet&condimentum=pulvinar&curabitur=sed&in=nisl&libero=nunc&ut=rhoncus&massa=dui&volutpat=vel&convallis=sem&morbi=sed&odio=sagittis&odio=nam&elementum=congue&eu=risus&interdum=semper&eu=porta&tincidunt=volutpat&in=quam&leo=pede,TRUE
+https://sfgate.com/molestie.xml?curae=in&duis=purus&faucibus=eu&accumsan=magna&odio=vulputate&curabitur=luctus&convallis=cum&duis=sociis&consequat=natoque&dui=penatibus&nec=et&nisi=magnis&volutpat=dis&eleifend=parturient&donec=montes&ut=nascetur&dolor=ridiculus&morbi=mus&vel=vivamus&lectus=vestibulum&in=sagittis&quam=sapien,TRUE
+https://forbes.com/porta/volutpat/erat.json?sed=morbi&accumsan=non&felis=quam&ut=nec&at=dui&dolor=luctus&quis=rutrum&odio=nulla&consequat=tellus&varius=in&integer=sagittis&ac=dui&leo=vel&pellentesque=nisl&ultrices=duis&mattis=ac&odio=nibh&donec=fusce&vitae=lacus&nisi=purus&nam=aliquet&ultrices=at&libero=feugiat&non=non&mattis=pretium&pulvinar=quis&nulla=lectus&pede=suspendisse&ullamcorper=potenti&augue=in&a=eleifend&suscipit=quam&nulla=a&elit=odio&ac=in&nulla=hac&sed=habitasse&vel=platea&enim=dictumst&sit=maecenas&amet=ut&nunc=massa&viverra=quis&dapibus=augue&nulla=luctus&suscipit=tincidunt&ligula=nulla&in=mollis&lacus=molestie&curabitur=lorem&at=quisque&ipsum=ut&ac=erat&tellus=curabitur&semper=gravida&interdum=nisi&mauris=at&ullamcorper=nibh&purus=in&sit=hac&amet=habitasse&nulla=platea&quisque=dictumst&arcu=aliquam&libero=augue&rutrum=quam&ac=sollicitudin&lobortis=vitae&vel=consectetuer&dapibus=eget&at=rutrum&diam=at,TRUE
+http://plala.or.jp/porttitor/lacus/at/turpis/donec/posuere/metus.jpg?nunc=porttitor&vestibulum=pede&ante=justo&ipsum=eu&primis=massa&in=donec,TRUE
+https://dyndns.org/faucibus/orci/luctus/et.html?ut=porta&erat=volutpat&id=quam&mauris=pede&vulputate=lobortis&elementum=ligula&nullam=sit&varius=amet&nulla=eleifend&facilisi=pede,TRUE
+http://instagram.com/congue/etiam/justo/etiam.html?sapien=mauris&a=eget&libero=massa&nam=tempor&dui=convallis&proin=nulla&leo=neque&odio=libero&porttitor=convallis&id=eget&consequat=eleifend&in=luctus&consequat=ultricies&ut=eu,TRUE
+http://delicious.com/lorem/id/ligula/suspendisse/ornare.json?nec=blandit&euismod=non&scelerisque=interdum&quam=in&turpis=ante&adipiscing=vestibulum&lorem=ante&vitae=ipsum&mattis=primis&nibh=in&ligula=faucibus&nec=orci&sem=luctus&duis=et&aliquam=ultrices&convallis=posuere&nunc=cubilia&proin=curae&at=duis&turpis=faucibus&a=accumsan&pede=odio&posuere=curabitur&nonummy=convallis&integer=duis&non=consequat&velit=dui&donec=nec&diam=nisi&neque=volutpat&vestibulum=eleifend&eget=donec&vulputate=ut&ut=dolor&ultrices=morbi&vel=vel&augue=lectus&vestibulum=in&ante=quam&ipsum=fringilla&primis=rhoncus&in=mauris&faucibus=enim&orci=leo&luctus=rhoncus&et=sed&ultrices=vestibulum&posuere=sit&cubilia=amet&curae=cursus&donec=id&pharetra=turpis&magna=integer&vestibulum=aliquet&aliquet=massa&ultrices=id&erat=lobortis&tortor=convallis&sollicitudin=tortor&mi=risus&sit=dapibus&amet=augue&lobortis=vel&sapien=accumsan&sapien=tellus&non=nisi,TRUE
+http://e-recht24.de/platea/dictumst.jpg?tempus=nulla&vivamus=eget&in=eros&felis=elementum&eu=pellentesque,TRUE
+http://etsy.com/ante/ipsum/primis/in/faucibus/orci.json?nam=nunc&dui=nisl&proin=duis&leo=bibendum&odio=felis&porttitor=sed&id=interdum&consequat=venenatis&in=turpis&consequat=enim&ut=blandit&nulla=mi&sed=in&accumsan=porttitor&felis=pede&ut=justo&at=eu&dolor=massa&quis=donec&odio=dapibus&consequat=duis&varius=at&integer=velit&ac=eu&leo=est&pellentesque=congue&ultrices=elementum&mattis=in&odio=hac&donec=habitasse&vitae=platea&nisi=dictumst&nam=morbi&ultrices=vestibulum&libero=velit&non=id&mattis=pretium&pulvinar=iaculis&nulla=diam&pede=erat&ullamcorper=fermentum&augue=justo&a=nec&suscipit=condimentum&nulla=neque&elit=sapien&ac=placerat&nulla=ante&sed=nulla&vel=justo&enim=aliquam&sit=quis&amet=turpis&nunc=eget&viverra=elit&dapibus=sodales&nulla=scelerisque&suscipit=mauris&ligula=sit&in=amet&lacus=eros&curabitur=suspendisse&at=accumsan&ipsum=tortor&ac=quis&tellus=turpis&semper=sed&interdum=ante&mauris=vivamus,TRUE
+http://spotify.com/maecenas.png?consectetuer=placerat&adipiscing=ante&elit=nulla&proin=justo&risus=aliquam&praesent=quis&lectus=turpis&vestibulum=eget&quam=elit&sapien=sodales&varius=scelerisque&ut=mauris&blandit=sit&non=amet&interdum=eros&in=suspendisse&ante=accumsan&vestibulum=tortor&ante=quis&ipsum=turpis&primis=sed&in=ante&faucibus=vivamus&orci=tortor&luctus=duis&et=mattis&ultrices=egestas&posuere=metus&cubilia=aenean&curae=fermentum&duis=donec&faucibus=ut&accumsan=mauris&odio=eget&curabitur=massa&convallis=tempor&duis=convallis&consequat=nulla&dui=neque&nec=libero&nisi=convallis&volutpat=eget&eleifend=eleifend&donec=luctus&ut=ultricies&dolor=eu&morbi=nibh&vel=quisque&lectus=id&in=justo&quam=sit&fringilla=amet&rhoncus=sapien&mauris=dignissim&enim=vestibulum&leo=vestibulum&rhoncus=ante&sed=ipsum,TRUE
+https://t-online.de/proin/risus/praesent/lectus.jpg?varius=mauris&nulla=laoreet&facilisi=ut&cras=rhoncus&non=aliquet&velit=pulvinar&nec=sed&nisi=nisl&vulputate=nunc&nonummy=rhoncus&maecenas=dui&tincidunt=vel&lacus=sem&at=sed&velit=sagittis&vivamus=nam&vel=congue&nulla=risus&eget=semper&eros=porta&elementum=volutpat&pellentesque=quam&quisque=pede&porta=lobortis&volutpat=ligula&erat=sit&quisque=amet&erat=eleifend&eros=pede&viverra=libero&eget=quis&congue=orci&eget=nullam&semper=molestie&rutrum=nibh&nulla=in&nunc=lectus&purus=pellentesque&phasellus=at&in=nulla&felis=suspendisse&donec=potenti&semper=cras&sapien=in&a=purus&libero=eu&nam=magna&dui=vulputate&proin=luctus&leo=cum&odio=sociis&porttitor=natoque&id=penatibus&consequat=et&in=magnis&consequat=dis&ut=parturient&nulla=montes&sed=nascetur&accumsan=ridiculus&felis=mus&ut=vivamus&at=vestibulum&dolor=sagittis&quis=sapien&odio=cum&consequat=sociis&varius=natoque&integer=penatibus&ac=et&leo=magnis,TRUE
+https://businessinsider.com/donec/quis/orci/eget/orci/vehicula/condimentum.jsp?orci=nunc&luctus=commodo&et=placerat&ultrices=praesent&posuere=blandit&cubilia=nam&curae=nulla&nulla=integer&dapibus=pede&dolor=justo&vel=lacinia&est=eget&donec=tincidunt&odio=eget&justo=tempus&sollicitudin=vel&ut=pede&suscipit=morbi&a=porttitor&feugiat=lorem&et=id&eros=ligula&vestibulum=suspendisse&ac=ornare&est=consequat&lacinia=lectus&nisi=in&venenatis=est&tristique=risus&fusce=auctor&congue=sed&diam=tristique&id=in&ornare=tempus&imperdiet=sit&sapien=amet&urna=sem&pretium=fusce&nisl=consequat&ut=nulla&volutpat=nisl&sapien=nunc&arcu=nisl&sed=duis&augue=bibendum&aliquam=felis&erat=sed&volutpat=interdum&in=venenatis&congue=turpis&etiam=enim&justo=blandit&etiam=mi&pretium=in&iaculis=porttitor&justo=pede&in=justo&hac=eu&habitasse=massa&platea=donec&dictumst=dapibus&etiam=duis&faucibus=at&cursus=velit&urna=eu&ut=est&tellus=congue&nulla=elementum&ut=in&erat=hac&id=habitasse&mauris=platea&vulputate=dictumst&elementum=morbi&nullam=vestibulum&varius=velit&nulla=id&facilisi=pretium&cras=iaculis&non=diam&velit=erat&nec=fermentum&nisi=justo&vulputate=nec&nonummy=condimentum&maecenas=neque&tincidunt=sapien&lacus=placerat&at=ante&velit=nulla&vivamus=justo&vel=aliquam&nulla=quis&eget=turpis&eros=eget&elementum=elit&pellentesque=sodales,TRUE
+http://bloglovin.com/dolor/morbi/vel/lectus/in.json?pede=dignissim&ullamcorper=vestibulum,TRUE
+https://yale.edu/quis/orci/eget/orci.xml?tempus=faucibus&vel=orci&pede=luctus&morbi=et&porttitor=ultrices&lorem=posuere&id=cubilia&ligula=curae&suspendisse=nulla&ornare=dapibus&consequat=dolor&lectus=vel&in=est&est=donec&risus=odio&auctor=justo&sed=sollicitudin&tristique=ut&in=suscipit&tempus=a&sit=feugiat&amet=et&sem=eros&fusce=vestibulum&consequat=ac&nulla=est&nisl=lacinia&nunc=nisi&nisl=venenatis&duis=tristique&bibendum=fusce&felis=congue&sed=diam&interdum=id&venenatis=ornare&turpis=imperdiet&enim=sapien&blandit=urna&mi=pretium&in=nisl&porttitor=ut&pede=volutpat&justo=sapien&eu=arcu&massa=sed&donec=augue&dapibus=aliquam&duis=erat&at=volutpat&velit=in&eu=congue&est=etiam&congue=justo&elementum=etiam&in=pretium&hac=iaculis&habitasse=justo&platea=in&dictumst=hac&morbi=habitasse&vestibulum=platea&velit=dictumst&id=etiam&pretium=faucibus&iaculis=cursus&diam=urna&erat=ut&fermentum=tellus&justo=nulla&nec=ut&condimentum=erat&neque=id&sapien=mauris&placerat=vulputate&ante=elementum&nulla=nullam&justo=varius,TRUE
+https://usda.gov/duis/aliquam/convallis/nunc.aspx?pharetra=curae,TRUE
+http://amazonaws.com/vestibulum/ante/ipsum/primis/in/faucibus.xml?vivamus=primis&vestibulum=in&sagittis=faucibus&sapien=orci&cum=luctus&sociis=et,TRUE
+http://elegantthemes.com/quam/sapien/varius/ut.xml?augue=laoreet&luctus=ut&tincidunt=rhoncus&nulla=aliquet&mollis=pulvinar&molestie=sed&lorem=nisl&quisque=nunc&ut=rhoncus&erat=dui&curabitur=vel&gravida=sem&nisi=sed&at=sagittis&nibh=nam&in=congue&hac=risus&habitasse=semper&platea=porta&dictumst=volutpat&aliquam=quam&augue=pede&quam=lobortis&sollicitudin=ligula&vitae=sit&consectetuer=amet&eget=eleifend&rutrum=pede&at=libero&lorem=quis&integer=orci&tincidunt=nullam&ante=molestie&vel=nibh&ipsum=in&praesent=lectus&blandit=pellentesque&lacinia=at&erat=nulla&vestibulum=suspendisse&sed=potenti&magna=cras&at=in&nunc=purus&commodo=eu&placerat=magna&praesent=vulputate&blandit=luctus&nam=cum&nulla=sociis&integer=natoque&pede=penatibus&justo=et&lacinia=magnis,TRUE
+https://hhs.gov/ipsum/primis/in.xml?velit=sodales&id=sed&pretium=tincidunt&iaculis=eu&diam=felis&erat=fusce&fermentum=posuere&justo=felis&nec=sed&condimentum=lacus&neque=morbi&sapien=sem&placerat=mauris&ante=laoreet&nulla=ut&justo=rhoncus&aliquam=aliquet&quis=pulvinar&turpis=sed&eget=nisl&elit=nunc&sodales=rhoncus&scelerisque=dui&mauris=vel&sit=sem&amet=sed&eros=sagittis&suspendisse=nam&accumsan=congue&tortor=risus&quis=semper&turpis=porta&sed=volutpat&ante=quam&vivamus=pede&tortor=lobortis&duis=ligula&mattis=sit&egestas=amet&metus=eleifend&aenean=pede&fermentum=libero&donec=quis&ut=orci&mauris=nullam&eget=molestie&massa=nibh&tempor=in&convallis=lectus&nulla=pellentesque&neque=at&libero=nulla&convallis=suspendisse&eget=potenti&eleifend=cras&luctus=in&ultricies=purus&eu=eu&nibh=magna&quisque=vulputate&id=luctus&justo=cum&sit=sociis&amet=natoque&sapien=penatibus&dignissim=et&vestibulum=magnis&vestibulum=dis&ante=parturient&ipsum=montes&primis=nascetur&in=ridiculus&faucibus=mus&orci=vivamus&luctus=vestibulum&et=sagittis&ultrices=sapien&posuere=cum&cubilia=sociis&curae=natoque&nulla=penatibus&dapibus=et&dolor=magnis&vel=dis&est=parturient&donec=montes&odio=nascetur&justo=ridiculus&sollicitudin=mus,TRUE
+https://ucla.edu/et/magnis/dis/parturient.xml?luctus=adipiscing&et=lorem&ultrices=vitae&posuere=mattis&cubilia=nibh&curae=ligula&nulla=nec&dapibus=sem&dolor=duis&vel=aliquam&est=convallis&donec=nunc&odio=proin&justo=at&sollicitudin=turpis&ut=a&suscipit=pede&a=posuere&feugiat=nonummy&et=integer&eros=non&vestibulum=velit&ac=donec&est=diam&lacinia=neque&nisi=vestibulum&venenatis=eget&tristique=vulputate&fusce=ut&congue=ultrices&diam=vel&id=augue&ornare=vestibulum&imperdiet=ante&sapien=ipsum&urna=primis&pretium=in&nisl=faucibus&ut=orci&volutpat=luctus&sapien=et&arcu=ultrices&sed=posuere&augue=cubilia&aliquam=curae&erat=donec&volutpat=pharetra&in=magna&congue=vestibulum&etiam=aliquet&justo=ultrices&etiam=erat&pretium=tortor&iaculis=sollicitudin&justo=mi&in=sit&hac=amet&habitasse=lobortis&platea=sapien&dictumst=sapien&etiam=non&faucibus=mi&cursus=integer&urna=ac&ut=neque&tellus=duis&nulla=bibendum&ut=morbi&erat=non&id=quam&mauris=nec&vulputate=dui&elementum=luctus&nullam=rutrum&varius=nulla&nulla=tellus&facilisi=in&cras=sagittis&non=dui&velit=vel&nec=nisl&nisi=duis&vulputate=ac&nonummy=nibh&maecenas=fusce&tincidunt=lacus&lacus=purus,TRUE
+http://gizmodo.com/quisque/ut/erat/curabitur/gravida.jsp?felis=sapien&fusce=urna&posuere=pretium&felis=nisl&sed=ut&lacus=volutpat&morbi=sapien&sem=arcu&mauris=sed&laoreet=augue&ut=aliquam&rhoncus=erat&aliquet=volutpat&pulvinar=in&sed=congue&nisl=etiam&nunc=justo&rhoncus=etiam&dui=pretium&vel=iaculis&sem=justo&sed=in&sagittis=hac&nam=habitasse&congue=platea&risus=dictumst&semper=etiam&porta=faucibus&volutpat=cursus&quam=urna&pede=ut&lobortis=tellus&ligula=nulla&sit=ut&amet=erat&eleifend=id&pede=mauris&libero=vulputate&quis=elementum&orci=nullam&nullam=varius&molestie=nulla&nibh=facilisi&in=cras&lectus=non&pellentesque=velit&at=nec&nulla=nisi&suspendisse=vulputate&potenti=nonummy&cras=maecenas&in=tincidunt&purus=lacus&eu=at&magna=velit&vulputate=vivamus&luctus=vel&cum=nulla&sociis=eget&natoque=eros,TRUE
+https://odnoklassniki.ru/aenean/lectus/pellentesque/eget.png?sit=libero&amet=ut&diam=massa&in=volutpat&magna=convallis&bibendum=morbi&imperdiet=odio&nullam=odio&orci=elementum&pede=eu&venenatis=interdum&non=eu&sodales=tincidunt&sed=in&tincidunt=leo&eu=maecenas&felis=pulvinar&fusce=lobortis&posuere=est&felis=phasellus&sed=sit&lacus=amet&morbi=erat&sem=nulla&mauris=tempus&laoreet=vivamus&ut=in&rhoncus=felis&aliquet=eu&pulvinar=sapien&sed=cursus&nisl=vestibulum&nunc=proin&rhoncus=eu&dui=mi&vel=nulla&sem=ac&sed=enim&sagittis=in&nam=tempor&congue=turpis&risus=nec&semper=euismod&porta=scelerisque&volutpat=quam&quam=turpis&pede=adipiscing&lobortis=lorem&ligula=vitae&sit=mattis&amet=nibh&eleifend=ligula&pede=nec&libero=sem&quis=duis&orci=aliquam&nullam=convallis&molestie=nunc&nibh=proin&in=at&lectus=turpis&pellentesque=a&at=pede&nulla=posuere&suspendisse=nonummy&potenti=integer&cras=non&in=velit&purus=donec&eu=diam&magna=neque&vulputate=vestibulum,TRUE
+http://ehow.com/massa/donec.jpg?nulla=ante&integer=ipsum&pede=primis&justo=in&lacinia=faucibus&eget=orci&tincidunt=luctus&eget=et&tempus=ultrices&vel=posuere&pede=cubilia,TRUE
+http://japanpost.jp/metus/arcu/adipiscing/molestie/hendrerit.png?tincidunt=tortor&eu=risus&felis=dapibus&fusce=augue&posuere=vel&felis=accumsan&sed=tellus&lacus=nisi&morbi=eu&sem=orci&mauris=mauris&laoreet=lacinia&ut=sapien&rhoncus=quis&aliquet=libero&pulvinar=nullam&sed=sit&nisl=amet&nunc=turpis&rhoncus=elementum&dui=ligula&vel=vehicula&sem=consequat&sed=morbi&sagittis=a&nam=ipsum&congue=integer&risus=a&semper=nibh&porta=in&volutpat=quis&quam=justo&pede=maecenas&lobortis=rhoncus&ligula=aliquam&sit=lacus&amet=morbi&eleifend=quis&pede=tortor&libero=id&quis=nulla&orci=ultrices&nullam=aliquet&molestie=maecenas&nibh=leo&in=odio&lectus=condimentum&pellentesque=id&at=luctus&nulla=nec&suspendisse=molestie&potenti=sed&cras=justo&in=pellentesque&purus=viverra&eu=pede&magna=ac&vulputate=diam&luctus=cras&cum=pellentesque&sociis=volutpat&natoque=dui&penatibus=maecenas&et=tristique&magnis=est&dis=et&parturient=tempus&montes=semper&nascetur=est&ridiculus=quam&mus=pharetra&vivamus=magna&vestibulum=ac&sagittis=consequat&sapien=metus&cum=sapien&sociis=ut&natoque=nunc&penatibus=vestibulum&et=ante&magnis=ipsum&dis=primis&parturient=in,TRUE
+https://virginia.edu/consectetuer/adipiscing/elit/proin.jpg?etiam=libero&faucibus=convallis,TRUE
+http://craigslist.org/lacinia/nisi/venenatis/tristique.png?montes=natoque&nascetur=penatibus&ridiculus=et&mus=magnis&vivamus=dis&vestibulum=parturient&sagittis=montes&sapien=nascetur&cum=ridiculus&sociis=mus&natoque=vivamus&penatibus=vestibulum&et=sagittis&magnis=sapien&dis=cum&parturient=sociis&montes=natoque&nascetur=penatibus&ridiculus=et&mus=magnis&etiam=dis&vel=parturient&augue=montes&vestibulum=nascetur&rutrum=ridiculus&rutrum=mus&neque=etiam&aenean=vel&auctor=augue&gravida=vestibulum&sem=rutrum&praesent=rutrum&id=neque&massa=aenean&id=auctor&nisl=gravida&venenatis=sem&lacinia=praesent&aenean=id&sit=massa,TRUE
+https://miibeian.gov.cn/a/feugiat/et/eros/vestibulum.xml?sit=lectus&amet=pellentesque&sapien=at&dignissim=nulla&vestibulum=suspendisse&vestibulum=potenti&ante=cras&ipsum=in&primis=purus&in=eu&faucibus=magna&orci=vulputate&luctus=luctus&et=cum&ultrices=sociis&posuere=natoque&cubilia=penatibus&curae=et&nulla=magnis&dapibus=dis&dolor=parturient&vel=montes&est=nascetur&donec=ridiculus&odio=mus&justo=vivamus&sollicitudin=vestibulum&ut=sagittis&suscipit=sapien&a=cum&feugiat=sociis&et=natoque&eros=penatibus&vestibulum=et&ac=magnis&est=dis&lacinia=parturient&nisi=montes&venenatis=nascetur&tristique=ridiculus&fusce=mus&congue=etiam&diam=vel&id=augue&ornare=vestibulum&imperdiet=rutrum&sapien=rutrum&urna=neque&pretium=aenean&nisl=auctor&ut=gravida&volutpat=sem&sapien=praesent&arcu=id&sed=massa&augue=id&aliquam=nisl&erat=venenatis&volutpat=lacinia&in=aenean&congue=sit&etiam=amet&justo=justo&etiam=morbi&pretium=ut&iaculis=odio&justo=cras,TRUE
+http://fema.gov/lobortis/ligula.js?id=est&sapien=quam&in=pharetra&sapien=magna&iaculis=ac&congue=consequat&vivamus=metus&metus=sapien&arcu=ut&adipiscing=nunc&molestie=vestibulum&hendrerit=ante&at=ipsum&vulputate=primis&vitae=in&nisl=faucibus&aenean=orci&lectus=luctus&pellentesque=et&eget=ultrices&nunc=posuere&donec=cubilia&quis=curae&orci=mauris&eget=viverra&orci=diam&vehicula=vitae&condimentum=quam&curabitur=suspendisse&in=potenti&libero=nullam&ut=porttitor&massa=lacus&volutpat=at&convallis=turpis&morbi=donec&odio=posuere&odio=metus&elementum=vitae&eu=ipsum&interdum=aliquam&eu=non&tincidunt=mauris&in=morbi&leo=non&maecenas=lectus&pulvinar=aliquam&lobortis=sit&est=amet&phasellus=diam&sit=in&amet=magna&erat=bibendum&nulla=imperdiet&tempus=nullam&vivamus=orci,TRUE
+http://shinystat.com/pede/ullamcorper/augue/a/suscipit.jpg?interdum=quis&eu=orci&tincidunt=eget&in=orci&leo=vehicula&maecenas=condimentum&pulvinar=curabitur&lobortis=in&est=libero&phasellus=ut&sit=massa&amet=volutpat&erat=convallis&nulla=morbi&tempus=odio&vivamus=odio&in=elementum&felis=eu&eu=interdum&sapien=eu&cursus=tincidunt&vestibulum=in&proin=leo&eu=maecenas&mi=pulvinar&nulla=lobortis&ac=est&enim=phasellus&in=sit&tempor=amet&turpis=erat&nec=nulla&euismod=tempus&scelerisque=vivamus&quam=in&turpis=felis&adipiscing=eu&lorem=sapien&vitae=cursus&mattis=vestibulum&nibh=proin&ligula=eu&nec=mi&sem=nulla&duis=ac&aliquam=enim&convallis=in&nunc=tempor&proin=turpis&at=nec&turpis=euismod&a=scelerisque&pede=quam&posuere=turpis&nonummy=adipiscing&integer=lorem&non=vitae&velit=mattis&donec=nibh&diam=ligula&neque=nec&vestibulum=sem&eget=duis&vulputate=aliquam&ut=convallis&ultrices=nunc&vel=proin&augue=at&vestibulum=turpis&ante=a&ipsum=pede&primis=posuere&in=nonummy&faucibus=integer&orci=non&luctus=velit&et=donec&ultrices=diam&posuere=neque&cubilia=vestibulum,TRUE
+https://flavors.me/dui/vel/nisl/duis/ac.html?posuere=est&cubilia=lacinia&curae=nisi&nulla=venenatis&dapibus=tristique&dolor=fusce&vel=congue&est=diam&donec=id&odio=ornare&justo=imperdiet&sollicitudin=sapien&ut=urna&suscipit=pretium&a=nisl&feugiat=ut&et=volutpat&eros=sapien&vestibulum=arcu&ac=sed&est=augue&lacinia=aliquam&nisi=erat&venenatis=volutpat&tristique=in&fusce=congue&congue=etiam&diam=justo&id=etiam&ornare=pretium&imperdiet=iaculis&sapien=justo&urna=in&pretium=hac&nisl=habitasse&ut=platea&volutpat=dictumst&sapien=etiam&arcu=faucibus&sed=cursus&augue=urna&aliquam=ut&erat=tellus&volutpat=nulla&in=ut&congue=erat&etiam=id&justo=mauris&etiam=vulputate&pretium=elementum&iaculis=nullam&justo=varius&in=nulla&hac=facilisi&habitasse=cras&platea=non&dictumst=velit&etiam=nec&faucibus=nisi&cursus=vulputate&urna=nonummy&ut=maecenas&tellus=tincidunt&nulla=lacus&ut=at&erat=velit&id=vivamus&mauris=vel&vulputate=nulla&elementum=eget&nullam=eros&varius=elementum&nulla=pellentesque&facilisi=quisque&cras=porta&non=volutpat&velit=erat&nec=quisque,TRUE
+http://i2i.jp/justo/etiam/pretium/iaculis/justo/in/hac.html?mauris=faucibus&sit=orci&amet=luctus&eros=et&suspendisse=ultrices&accumsan=posuere&tortor=cubilia&quis=curae&turpis=mauris&sed=viverra&ante=diam&vivamus=vitae&tortor=quam&duis=suspendisse&mattis=potenti&egestas=nullam&metus=porttitor&aenean=lacus&fermentum=at&donec=turpis&ut=donec&mauris=posuere&eget=metus&massa=vitae&tempor=ipsum&convallis=aliquam&nulla=non&neque=mauris&libero=morbi&convallis=non&eget=lectus&eleifend=aliquam&luctus=sit&ultricies=amet&eu=diam&nibh=in&quisque=magna&id=bibendum&justo=imperdiet&sit=nullam&amet=orci&sapien=pede&dignissim=venenatis&vestibulum=non&vestibulum=sodales&ante=sed&ipsum=tincidunt&primis=eu&in=felis&faucibus=fusce&orci=posuere&luctus=felis&et=sed&ultrices=lacus&posuere=morbi&cubilia=sem&curae=mauris&nulla=laoreet&dapibus=ut&dolor=rhoncus,TRUE
+http://theguardian.com/in/hac/habitasse/platea/dictumst/etiam/faucibus.xml?rutrum=ac&rutrum=est&neque=lacinia&aenean=nisi&auctor=venenatis&gravida=tristique&sem=fusce&praesent=congue&id=diam&massa=id&id=ornare&nisl=imperdiet&venenatis=sapien&lacinia=urna&aenean=pretium&sit=nisl&amet=ut&justo=volutpat&morbi=sapien&ut=arcu&odio=sed&cras=augue&mi=aliquam&pede=erat&malesuada=volutpat&in=in&imperdiet=congue&et=etiam&commodo=justo&vulputate=etiam&justo=pretium&in=iaculis&blandit=justo&ultrices=in&enim=hac&lorem=habitasse&ipsum=platea&dolor=dictumst&sit=etiam&amet=faucibus&consectetuer=cursus&adipiscing=urna&elit=ut&proin=tellus&interdum=nulla&mauris=ut&non=erat&ligula=id&pellentesque=mauris&ultrices=vulputate&phasellus=elementum&id=nullam&sapien=varius&in=nulla&sapien=facilisi&iaculis=cras&congue=non&vivamus=velit&metus=nec&arcu=nisi&adipiscing=vulputate&molestie=nonummy&hendrerit=maecenas&at=tincidunt&vulputate=lacus&vitae=at&nisl=velit&aenean=vivamus&lectus=vel&pellentesque=nulla&eget=eget&nunc=eros&donec=elementum&quis=pellentesque&orci=quisque&eget=porta&orci=volutpat&vehicula=erat&condimentum=quisque&curabitur=erat&in=eros&libero=viverra&ut=eget&massa=congue&volutpat=eget&convallis=semper&morbi=rutrum&odio=nulla&odio=nunc&elementum=purus,TRUE
+http://canalblog.com/nulla/sed/vel.html?turpis=sapien&donec=a&posuere=libero&metus=nam&vitae=dui&ipsum=proin&aliquam=leo&non=odio&mauris=porttitor&morbi=id&non=consequat&lectus=in&aliquam=consequat&sit=ut&amet=nulla&diam=sed&in=accumsan&magna=felis&bibendum=ut&imperdiet=at&nullam=dolor&orci=quis&pede=odio&venenatis=consequat&non=varius&sodales=integer&sed=ac&tincidunt=leo&eu=pellentesque,TRUE
+https://fema.gov/sapien/placerat/ante/nulla.json?quam=curabitur&pede=gravida&lobortis=nisi&ligula=at&sit=nibh&amet=in&eleifend=hac&pede=habitasse&libero=platea&quis=dictumst&orci=aliquam&nullam=augue&molestie=quam&nibh=sollicitudin&in=vitae&lectus=consectetuer&pellentesque=eget&at=rutrum&nulla=at&suspendisse=lorem&potenti=integer&cras=tincidunt&in=ante&purus=vel&eu=ipsum&magna=praesent&vulputate=blandit&luctus=lacinia&cum=erat&sociis=vestibulum&natoque=sed&penatibus=magna&et=at&magnis=nunc&dis=commodo&parturient=placerat&montes=praesent&nascetur=blandit&ridiculus=nam&mus=nulla&vivamus=integer&vestibulum=pede&sagittis=justo&sapien=lacinia&cum=eget&sociis=tincidunt&natoque=eget&penatibus=tempus&et=vel&magnis=pede&dis=morbi&parturient=porttitor&montes=lorem&nascetur=id&ridiculus=ligula&mus=suspendisse&etiam=ornare&vel=consequat&augue=lectus&vestibulum=in&rutrum=est&rutrum=risus&neque=auctor&aenean=sed&auctor=tristique&gravida=in&sem=tempus&praesent=sit&id=amet&massa=sem&id=fusce&nisl=consequat&venenatis=nulla,TRUE
+http://bbb.org/accumsan/odio/curabitur.jpg?ac=nulla&lobortis=nisl&vel=nunc&dapibus=nisl&at=duis&diam=bibendum&nam=felis&tristique=sed&tortor=interdum,TRUE
+http://cargocollective.com/nibh/ligula/nec/sem/duis/aliquam/convallis.js?donec=gravida&pharetra=sem&magna=praesent&vestibulum=id&aliquet=massa&ultrices=id&erat=nisl&tortor=venenatis&sollicitudin=lacinia&mi=aenean&sit=sit&amet=amet&lobortis=justo&sapien=morbi&sapien=ut&non=odio&mi=cras&integer=mi&ac=pede&neque=malesuada&duis=in&bibendum=imperdiet&morbi=et&non=commodo&quam=vulputate&nec=justo&dui=in&luctus=blandit&rutrum=ultrices&nulla=enim&tellus=lorem&in=ipsum&sagittis=dolor&dui=sit&vel=amet&nisl=consectetuer&duis=adipiscing&ac=elit&nibh=proin&fusce=interdum&lacus=mauris&purus=non&aliquet=ligula&at=pellentesque&feugiat=ultrices&non=phasellus&pretium=id&quis=sapien&lectus=in&suspendisse=sapien&potenti=iaculis&in=congue&eleifend=vivamus&quam=metus&a=arcu&odio=adipiscing&in=molestie&hac=hendrerit&habitasse=at&platea=vulputate&dictumst=vitae&maecenas=nisl&ut=aenean&massa=lectus&quis=pellentesque&augue=eget&luctus=nunc&tincidunt=donec&nulla=quis&mollis=orci&molestie=eget&lorem=orci&quisque=vehicula&ut=condimentum&erat=curabitur&curabitur=in&gravida=libero&nisi=ut&at=massa&nibh=volutpat&in=convallis&hac=morbi&habitasse=odio&platea=odio&dictumst=elementum&aliquam=eu&augue=interdum&quam=eu&sollicitudin=tincidunt&vitae=in&consectetuer=leo&eget=maecenas&rutrum=pulvinar&at=lobortis&lorem=est&integer=phasellus&tincidunt=sit,TRUE
+https://abc.net.au/a/pede/posuere/nonummy/integer.js?duis=orci&bibendum=luctus&felis=et&sed=ultrices&interdum=posuere&venenatis=cubilia&turpis=curae&enim=nulla&blandit=dapibus&mi=dolor&in=vel&porttitor=est&pede=donec&justo=odio&eu=justo&massa=sollicitudin&donec=ut&dapibus=suscipit&duis=a&at=feugiat&velit=et&eu=eros&est=vestibulum&congue=ac&elementum=est&in=lacinia&hac=nisi&habitasse=venenatis&platea=tristique&dictumst=fusce&morbi=congue&vestibulum=diam&velit=id&id=ornare,TRUE
+https://scribd.com/praesent.aspx?quam=nisl&pharetra=duis&magna=ac&ac=nibh&consequat=fusce&metus=lacus&sapien=purus&ut=aliquet&nunc=at&vestibulum=feugiat&ante=non&ipsum=pretium&primis=quis&in=lectus&faucibus=suspendisse&orci=potenti&luctus=in&et=eleifend&ultrices=quam&posuere=a&cubilia=odio&curae=in&mauris=hac&viverra=habitasse&diam=platea&vitae=dictumst&quam=maecenas&suspendisse=ut&potenti=massa&nullam=quis&porttitor=augue&lacus=luctus&at=tincidunt&turpis=nulla&donec=mollis&posuere=molestie&metus=lorem&vitae=quisque&ipsum=ut&aliquam=erat&non=curabitur&mauris=gravida&morbi=nisi&non=at&lectus=nibh&aliquam=in&sit=hac&amet=habitasse&diam=platea&in=dictumst&magna=aliquam&bibendum=augue&imperdiet=quam&nullam=sollicitudin&orci=vitae&pede=consectetuer&venenatis=eget&non=rutrum&sodales=at&sed=lorem&tincidunt=integer&eu=tincidunt&felis=ante&fusce=vel&posuere=ipsum&felis=praesent&sed=blandit&lacus=lacinia&morbi=erat&sem=vestibulum&mauris=sed&laoreet=magna&ut=at&rhoncus=nunc&aliquet=commodo&pulvinar=placerat&sed=praesent&nisl=blandit&nunc=nam&rhoncus=nulla&dui=integer&vel=pede&sem=justo&sed=lacinia&sagittis=eget&nam=tincidunt,TRUE
+http://intel.com/pede/justo/lacinia/eget.html?in=congue&libero=eget&ut=semper&massa=rutrum&volutpat=nulla&convallis=nunc&morbi=purus&odio=phasellus&odio=in&elementum=felis&eu=donec&interdum=semper&eu=sapien&tincidunt=a&in=libero&leo=nam&maecenas=dui&pulvinar=proin&lobortis=leo&est=odio&phasellus=porttitor&sit=id&amet=consequat&erat=in&nulla=consequat&tempus=ut&vivamus=nulla&in=sed&felis=accumsan&eu=felis&sapien=ut&cursus=at&vestibulum=dolor&proin=quis&eu=odio&mi=consequat&nulla=varius&ac=integer&enim=ac&in=leo&tempor=pellentesque&turpis=ultrices&nec=mattis&euismod=odio&scelerisque=donec&quam=vitae&turpis=nisi&adipiscing=nam&lorem=ultrices&vitae=libero&mattis=non&nibh=mattis&ligula=pulvinar&nec=nulla&sem=pede&duis=ullamcorper&aliquam=augue&convallis=a&nunc=suscipit&proin=nulla&at=elit&turpis=ac&a=nulla&pede=sed&posuere=vel&nonummy=enim&integer=sit&non=amet&velit=nunc&donec=viverra&diam=dapibus&neque=nulla&vestibulum=suscipit&eget=ligula&vulputate=in&ut=lacus&ultrices=curabitur&vel=at&augue=ipsum&vestibulum=ac&ante=tellus&ipsum=semper&primis=interdum&in=mauris&faucibus=ullamcorper&orci=purus&luctus=sit&et=amet,TRUE
+http://forbes.com/duis/aliquam.jsp?sem=varius&praesent=nulla&id=facilisi&massa=cras&id=non&nisl=velit&venenatis=nec&lacinia=nisi&aenean=vulputate&sit=nonummy&amet=maecenas&justo=tincidunt&morbi=lacus&ut=at&odio=velit&cras=vivamus&mi=vel&pede=nulla&malesuada=eget&in=eros&imperdiet=elementum&et=pellentesque&commodo=quisque&vulputate=porta&justo=volutpat&in=erat&blandit=quisque&ultrices=erat&enim=eros&lorem=viverra&ipsum=eget&dolor=congue&sit=eget&amet=semper&consectetuer=rutrum&adipiscing=nulla&elit=nunc&proin=purus,TRUE
+http://squarespace.com/ante.jpg?ultrices=diam&erat=id&tortor=ornare&sollicitudin=imperdiet&mi=sapien&sit=urna&amet=pretium&lobortis=nisl&sapien=ut&sapien=volutpat&non=sapien&mi=arcu&integer=sed&ac=augue&neque=aliquam&duis=erat&bibendum=volutpat&morbi=in&non=congue&quam=etiam&nec=justo&dui=etiam&luctus=pretium&rutrum=iaculis&nulla=justo&tellus=in&in=hac&sagittis=habitasse&dui=platea&vel=dictumst&nisl=etiam&duis=faucibus&ac=cursus&nibh=urna&fusce=ut&lacus=tellus&purus=nulla&aliquet=ut&at=erat&feugiat=id&non=mauris&pretium=vulputate&quis=elementum&lectus=nullam&suspendisse=varius&potenti=nulla&in=facilisi&eleifend=cras&quam=non&a=velit&odio=nec,TRUE
+https://imageshack.us/pede/posuere/nonummy/integer/non/velit.png?leo=pellentesque&rhoncus=eget&sed=nunc&vestibulum=donec&sit=quis&amet=orci&cursus=eget&id=orci&turpis=vehicula&integer=condimentum&aliquet=curabitur&massa=in&id=libero&lobortis=ut&convallis=massa&tortor=volutpat&risus=convallis&dapibus=morbi&augue=odio&vel=odio&accumsan=elementum&tellus=eu&nisi=interdum&eu=eu&orci=tincidunt&mauris=in&lacinia=leo&sapien=maecenas&quis=pulvinar&libero=lobortis&nullam=est&sit=phasellus&amet=sit&turpis=amet&elementum=erat&ligula=nulla&vehicula=tempus&consequat=vivamus&morbi=in&a=felis&ipsum=eu&integer=sapien&a=cursus&nibh=vestibulum&in=proin&quis=eu&justo=mi&maecenas=nulla&rhoncus=ac&aliquam=enim&lacus=in&morbi=tempor&quis=turpis&tortor=nec&id=euismod&nulla=scelerisque&ultrices=quam&aliquet=turpis&maecenas=adipiscing&leo=lorem&odio=vitae&condimentum=mattis&id=nibh&luctus=ligula&nec=nec&molestie=sem&sed=duis&justo=aliquam&pellentesque=convallis&viverra=nunc&pede=proin&ac=at&diam=turpis&cras=a&pellentesque=pede&volutpat=posuere&dui=nonummy&maecenas=integer&tristique=non&est=velit&et=donec&tempus=diam&semper=neque,TRUE
+http://yellowpages.com/justo/maecenas/rhoncus/aliquam/lacus/morbi.jpg?sem=lobortis&sed=est&sagittis=phasellus&nam=sit&congue=amet&risus=erat&semper=nulla&porta=tempus&volutpat=vivamus&quam=in&pede=felis&lobortis=eu&ligula=sapien&sit=cursus&amet=vestibulum&eleifend=proin&pede=eu&libero=mi&quis=nulla&orci=ac&nullam=enim&molestie=in&nibh=tempor&in=turpis&lectus=nec&pellentesque=euismod&at=scelerisque&nulla=quam&suspendisse=turpis&potenti=adipiscing,TRUE
+http://cloudflare.com/fusce/lacus.jpg?convallis=nibh&morbi=quisque&odio=id&odio=justo&elementum=sit&eu=amet&interdum=sapien&eu=dignissim&tincidunt=vestibulum&in=vestibulum&leo=ante&maecenas=ipsum&pulvinar=primis&lobortis=in&est=faucibus&phasellus=orci&sit=luctus&amet=et&erat=ultrices&nulla=posuere&tempus=cubilia&vivamus=curae&in=nulla&felis=dapibus&eu=dolor&sapien=vel&cursus=est&vestibulum=donec&proin=odio&eu=justo&mi=sollicitudin&nulla=ut&ac=suscipit&enim=a&in=feugiat&tempor=et&turpis=eros&nec=vestibulum&euismod=ac&scelerisque=est&quam=lacinia&turpis=nisi&adipiscing=venenatis&lorem=tristique&vitae=fusce&mattis=congue&nibh=diam&ligula=id&nec=ornare&sem=imperdiet&duis=sapien&aliquam=urna&convallis=pretium,TRUE
+http://bloglines.com/dui/luctus/rutrum/nulla/tellus.png?mattis=erat&egestas=tortor&metus=sollicitudin&aenean=mi&fermentum=sit&donec=amet&ut=lobortis&mauris=sapien&eget=sapien&massa=non&tempor=mi&convallis=integer&nulla=ac&neque=neque&libero=duis&convallis=bibendum&eget=morbi&eleifend=non&luctus=quam&ultricies=nec&eu=dui&nibh=luctus&quisque=rutrum&id=nulla&justo=tellus&sit=in&amet=sagittis&sapien=dui&dignissim=vel&vestibulum=nisl&vestibulum=duis&ante=ac&ipsum=nibh&primis=fusce&in=lacus&faucibus=purus&orci=aliquet&luctus=at&et=feugiat&ultrices=non&posuere=pretium&cubilia=quis&curae=lectus&nulla=suspendisse&dapibus=potenti&dolor=in&vel=eleifend&est=quam&donec=a&odio=odio&justo=in&sollicitudin=hac&ut=habitasse&suscipit=platea&a=dictumst&feugiat=maecenas&et=ut&eros=massa&vestibulum=quis&ac=augue&est=luctus&lacinia=tincidunt&nisi=nulla&venenatis=mollis&tristique=molestie&fusce=lorem&congue=quisque&diam=ut&id=erat&ornare=curabitur&imperdiet=gravida&sapien=nisi&urna=at&pretium=nibh&nisl=in&ut=hac&volutpat=habitasse&sapien=platea&arcu=dictumst&sed=aliquam&augue=augue&aliquam=quam&erat=sollicitudin&volutpat=vitae&in=consectetuer&congue=eget&etiam=rutrum&justo=at&etiam=lorem&pretium=integer&iaculis=tincidunt&justo=ante&in=vel&hac=ipsum&habitasse=praesent&platea=blandit&dictumst=lacinia&etiam=erat,TRUE
+http://blogtalkradio.com/in.png?turpis=dapibus&enim=duis&blandit=at&mi=velit&in=eu&porttitor=est&pede=congue&justo=elementum&eu=in&massa=hac&donec=habitasse&dapibus=platea&duis=dictumst&at=morbi&velit=vestibulum&eu=velit&est=id&congue=pretium&elementum=iaculis&in=diam&hac=erat&habitasse=fermentum&platea=justo&dictumst=nec&morbi=condimentum&vestibulum=neque&velit=sapien&id=placerat&pretium=ante,TRUE
+https://cocolog-nifty.com/ac/nulla/sed/vel/enim/sit.xml?vitae=pellentesque&ipsum=viverra&aliquam=pede&non=ac&mauris=diam&morbi=cras&non=pellentesque&lectus=volutpat,TRUE
+https://fda.gov/id/justo/sit/amet/sapien/dignissim.html?purus=sed&eu=tincidunt&magna=eu&vulputate=felis&luctus=fusce&cum=posuere&sociis=felis&natoque=sed&penatibus=lacus&et=morbi&magnis=sem&dis=mauris&parturient=laoreet&montes=ut&nascetur=rhoncus&ridiculus=aliquet&mus=pulvinar&vivamus=sed&vestibulum=nisl&sagittis=nunc&sapien=rhoncus&cum=dui&sociis=vel&natoque=sem&penatibus=sed&et=sagittis&magnis=nam&dis=congue&parturient=risus&montes=semper&nascetur=porta&ridiculus=volutpat&mus=quam&etiam=pede&vel=lobortis&augue=ligula&vestibulum=sit&rutrum=amet&rutrum=eleifend&neque=pede&aenean=libero&auctor=quis&gravida=orci&sem=nullam&praesent=molestie&id=nibh&massa=in&id=lectus&nisl=pellentesque&venenatis=at&lacinia=nulla&aenean=suspendisse&sit=potenti&amet=cras&justo=in&morbi=purus&ut=eu&odio=magna&cras=vulputate&mi=luctus&pede=cum&malesuada=sociis&in=natoque&imperdiet=penatibus&et=et&commodo=magnis&vulputate=dis&justo=parturient&in=montes&blandit=nascetur&ultrices=ridiculus&enim=mus&lorem=vivamus&ipsum=vestibulum&dolor=sagittis&sit=sapien&amet=cum&consectetuer=sociis&adipiscing=natoque&elit=penatibus&proin=et&interdum=magnis&mauris=dis&non=parturient&ligula=montes&pellentesque=nascetur,TRUE
+http://diigo.com/commodo/vulputate/justo/in/blandit.jpg?consequat=vestibulum&in=quam&consequat=sapien&ut=varius&nulla=ut&sed=blandit&accumsan=non&felis=interdum&ut=in&at=ante&dolor=vestibulum&quis=ante&odio=ipsum&consequat=primis&varius=in&integer=faucibus&ac=orci&leo=luctus&pellentesque=et&ultrices=ultrices&mattis=posuere&odio=cubilia&donec=curae&vitae=duis&nisi=faucibus&nam=accumsan&ultrices=odio&libero=curabitur&non=convallis&mattis=duis&pulvinar=consequat&nulla=dui&pede=nec&ullamcorper=nisi&augue=volutpat&a=eleifend&suscipit=donec&nulla=ut&elit=dolor&ac=morbi&nulla=vel&sed=lectus&vel=in&enim=quam&sit=fringilla&amet=rhoncus&nunc=mauris&viverra=enim&dapibus=leo&nulla=rhoncus&suscipit=sed&ligula=vestibulum&in=sit&lacus=amet&curabitur=cursus&at=id&ipsum=turpis&ac=integer&tellus=aliquet&semper=massa&interdum=id&mauris=lobortis&ullamcorper=convallis&purus=tortor&sit=risus&amet=dapibus&nulla=augue&quisque=vel&arcu=accumsan&libero=tellus&rutrum=nisi&ac=eu&lobortis=orci&vel=mauris&dapibus=lacinia,TRUE
+http://examiner.com/diam/cras/pellentesque/volutpat/dui/maecenas/tristique.xml?nulla=maecenas&mollis=ut&molestie=massa&lorem=quis&quisque=augue&ut=luctus&erat=tincidunt&curabitur=nulla&gravida=mollis&nisi=molestie,TRUE
+http://github.com/porttitor.js?ipsum=est&praesent=lacinia&blandit=nisi&lacinia=venenatis&erat=tristique&vestibulum=fusce&sed=congue&magna=diam&at=id&nunc=ornare&commodo=imperdiet&placerat=sapien&praesent=urna&blandit=pretium&nam=nisl&nulla=ut&integer=volutpat&pede=sapien&justo=arcu&lacinia=sed&eget=augue&tincidunt=aliquam&eget=erat&tempus=volutpat&vel=in&pede=congue&morbi=etiam&porttitor=justo&lorem=etiam&id=pretium&ligula=iaculis&suspendisse=justo&ornare=in&consequat=hac&lectus=habitasse&in=platea&est=dictumst&risus=etiam&auctor=faucibus&sed=cursus&tristique=urna&in=ut&tempus=tellus&sit=nulla&amet=ut&sem=erat&fusce=id&consequat=mauris&nulla=vulputate&nisl=elementum&nunc=nullam&nisl=varius&duis=nulla&bibendum=facilisi&felis=cras&sed=non&interdum=velit&venenatis=nec&turpis=nisi&enim=vulputate&blandit=nonummy&mi=maecenas&in=tincidunt&porttitor=lacus&pede=at&justo=velit&eu=vivamus&massa=vel&donec=nulla&dapibus=eget&duis=eros&at=elementum&velit=pellentesque&eu=quisque&est=porta,TRUE
+https://who.int/id/pretium/iaculis/diam/erat/fermentum/justo.jpg?curabitur=sit&gravida=amet&nisi=justo&at=morbi&nibh=ut&in=odio&hac=cras&habitasse=mi&platea=pede&dictumst=malesuada&aliquam=in&augue=imperdiet&quam=et&sollicitudin=commodo&vitae=vulputate&consectetuer=justo&eget=in&rutrum=blandit&at=ultrices&lorem=enim&integer=lorem&tincidunt=ipsum&ante=dolor&vel=sit&ipsum=amet&praesent=consectetuer&blandit=adipiscing&lacinia=elit&erat=proin&vestibulum=interdum&sed=mauris&magna=non&at=ligula&nunc=pellentesque&commodo=ultrices&placerat=phasellus&praesent=id&blandit=sapien&nam=in&nulla=sapien&integer=iaculis&pede=congue&justo=vivamus&lacinia=metus&eget=arcu&tincidunt=adipiscing&eget=molestie&tempus=hendrerit&vel=at&pede=vulputate&morbi=vitae&porttitor=nisl&lorem=aenean&id=lectus&ligula=pellentesque&suspendisse=eget&ornare=nunc&consequat=donec&lectus=quis&in=orci&est=eget&risus=orci&auctor=vehicula&sed=condimentum&tristique=curabitur&in=in&tempus=libero&sit=ut&amet=massa&sem=volutpat&fusce=convallis&consequat=morbi&nulla=odio&nisl=odio&nunc=elementum&nisl=eu&duis=interdum&bibendum=eu&felis=tincidunt&sed=in&interdum=leo&venenatis=maecenas&turpis=pulvinar&enim=lobortis&blandit=est,TRUE
+https://domainmarket.com/rutrum/neque/aenean/auctor.aspx?integer=eu&a=interdum&nibh=eu&in=tincidunt&quis=in&justo=leo&maecenas=maecenas&rhoncus=pulvinar&aliquam=lobortis&lacus=est&morbi=phasellus&quis=sit&tortor=amet&id=erat&nulla=nulla&ultrices=tempus&aliquet=vivamus&maecenas=in&leo=felis&odio=eu&condimentum=sapien,TRUE
+https://nsw.gov.au/sit/amet.html?rutrum=tempor&nulla=convallis&nunc=nulla&purus=neque&phasellus=libero&in=convallis&felis=eget&donec=eleifend&semper=luctus&sapien=ultricies&a=eu&libero=nibh&nam=quisque&dui=id&proin=justo&leo=sit&odio=amet&porttitor=sapien&id=dignissim&consequat=vestibulum&in=vestibulum&consequat=ante&ut=ipsum&nulla=primis&sed=in&accumsan=faucibus&felis=orci&ut=luctus&at=et&dolor=ultrices&quis=posuere&odio=cubilia&consequat=curae&varius=nulla&integer=dapibus&ac=dolor&leo=vel&pellentesque=est&ultrices=donec&mattis=odio&odio=justo&donec=sollicitudin&vitae=ut&nisi=suscipit&nam=a&ultrices=feugiat&libero=et&non=eros&mattis=vestibulum&pulvinar=ac&nulla=est&pede=lacinia&ullamcorper=nisi&augue=venenatis&a=tristique&suscipit=fusce&nulla=congue&elit=diam&ac=id&nulla=ornare&sed=imperdiet&vel=sapien&enim=urna&sit=pretium&amet=nisl&nunc=ut&viverra=volutpat&dapibus=sapien&nulla=arcu&suscipit=sed&ligula=augue&in=aliquam&lacus=erat&curabitur=volutpat&at=in&ipsum=congue&ac=etiam,TRUE
+http://unicef.org/integer/ac.html?nulla=nunc&sed=donec&accumsan=quis&felis=orci,TRUE
+http://comsenz.com/ac/lobortis.json?et=blandit&magnis=ultrices&dis=enim&parturient=lorem&montes=ipsum&nascetur=dolor&ridiculus=sit&mus=amet&etiam=consectetuer&vel=adipiscing&augue=elit&vestibulum=proin&rutrum=interdum&rutrum=mauris&neque=non&aenean=ligula&auctor=pellentesque&gravida=ultrices&sem=phasellus&praesent=id&id=sapien&massa=in&id=sapien&nisl=iaculis&venenatis=congue&lacinia=vivamus&aenean=metus&sit=arcu&amet=adipiscing&justo=molestie&morbi=hendrerit&ut=at&odio=vulputate&cras=vitae&mi=nisl&pede=aenean&malesuada=lectus&in=pellentesque&imperdiet=eget&et=nunc&commodo=donec&vulputate=quis&justo=orci&in=eget&blandit=orci&ultrices=vehicula&enim=condimentum,TRUE
+https://forbes.com/lacinia/erat/vestibulum.jsp?ante=non&ipsum=lectus&primis=aliquam&in=sit&faucibus=amet&orci=diam&luctus=in&et=magna&ultrices=bibendum&posuere=imperdiet&cubilia=nullam&curae=orci&duis=pede&faucibus=venenatis&accumsan=non&odio=sodales&curabitur=sed&convallis=tincidunt&duis=eu&consequat=felis&dui=fusce&nec=posuere&nisi=felis&volutpat=sed&eleifend=lacus&donec=morbi,TRUE
+http://acquirethisname.com/felis/sed/interdum/venenatis/turpis.png?venenatis=dolor&turpis=sit&enim=amet&blandit=consectetuer&mi=adipiscing&in=elit&porttitor=proin&pede=risus&justo=praesent,TRUE
+https://constantcontact.com/aliquet/maecenas/leo/odio/condimentum.aspx?pellentesque=in&volutpat=lectus&dui=pellentesque&maecenas=at&tristique=nulla&est=suspendisse&et=potenti&tempus=cras&semper=in&est=purus&quam=eu&pharetra=magna&magna=vulputate&ac=luctus&consequat=cum&metus=sociis&sapien=natoque&ut=penatibus&nunc=et&vestibulum=magnis&ante=dis&ipsum=parturient&primis=montes&in=nascetur&faucibus=ridiculus&orci=mus&luctus=vivamus&et=vestibulum&ultrices=sagittis&posuere=sapien&cubilia=cum&curae=sociis&mauris=natoque&viverra=penatibus&diam=et&vitae=magnis&quam=dis&suspendisse=parturient&potenti=montes&nullam=nascetur&porttitor=ridiculus&lacus=mus&at=etiam&turpis=vel&donec=augue&posuere=vestibulum&metus=rutrum&vitae=rutrum&ipsum=neque&aliquam=aenean&non=auctor&mauris=gravida,TRUE
+http://businessweek.com/rhoncus/aliquet/pulvinar/sed/nisl/nunc/rhoncus.xml?fermentum=mauris&donec=sit&ut=amet&mauris=eros&eget=suspendisse&massa=accumsan&tempor=tortor&convallis=quis&nulla=turpis&neque=sed&libero=ante&convallis=vivamus&eget=tortor&eleifend=duis&luctus=mattis&ultricies=egestas&eu=metus&nibh=aenean&quisque=fermentum&id=donec&justo=ut&sit=mauris&amet=eget&sapien=massa&dignissim=tempor&vestibulum=convallis&vestibulum=nulla&ante=neque&ipsum=libero&primis=convallis&in=eget&faucibus=eleifend&orci=luctus&luctus=ultricies&et=eu&ultrices=nibh&posuere=quisque&cubilia=id&curae=justo&nulla=sit&dapibus=amet&dolor=sapien&vel=dignissim&est=vestibulum&donec=vestibulum&odio=ante&justo=ipsum&sollicitudin=primis&ut=in&suscipit=faucibus&a=orci&feugiat=luctus&et=et&eros=ultrices&vestibulum=posuere&ac=cubilia&est=curae&lacinia=nulla&nisi=dapibus&venenatis=dolor&tristique=vel&fusce=est&congue=donec&diam=odio&id=justo&ornare=sollicitudin&imperdiet=ut&sapien=suscipit&urna=a,TRUE
+https://delicious.com/lacus.jpg?consequat=non&morbi=mattis&a=pulvinar&ipsum=nulla&integer=pede&a=ullamcorper&nibh=augue&in=a&quis=suscipit&justo=nulla&maecenas=elit&rhoncus=ac&aliquam=nulla&lacus=sed&morbi=vel&quis=enim&tortor=sit&id=amet&nulla=nunc&ultrices=viverra&aliquet=dapibus&maecenas=nulla&leo=suscipit&odio=ligula&condimentum=in&id=lacus&luctus=curabitur&nec=at&molestie=ipsum&sed=ac&justo=tellus&pellentesque=semper&viverra=interdum&pede=mauris&ac=ullamcorper&diam=purus&cras=sit&pellentesque=amet&volutpat=nulla&dui=quisque&maecenas=arcu&tristique=libero&est=rutrum&et=ac&tempus=lobortis&semper=vel&est=dapibus&quam=at&pharetra=diam&magna=nam&ac=tristique&consequat=tortor&metus=eu&sapien=pede,TRUE
+https://123-reg.co.uk/ipsum/dolor/sit/amet/consectetuer/adipiscing.jpg?augue=convallis&quam=nulla&sollicitudin=neque&vitae=libero&consectetuer=convallis&eget=eget&rutrum=eleifend&at=luctus&lorem=ultricies&integer=eu&tincidunt=nibh&ante=quisque&vel=id&ipsum=justo&praesent=sit&blandit=amet&lacinia=sapien&erat=dignissim&vestibulum=vestibulum&sed=vestibulum&magna=ante&at=ipsum&nunc=primis&commodo=in&placerat=faucibus&praesent=orci&blandit=luctus&nam=et&nulla=ultrices&integer=posuere&pede=cubilia&justo=curae&lacinia=nulla&eget=dapibus&tincidunt=dolor&eget=vel&tempus=est&vel=donec&pede=odio&morbi=justo&porttitor=sollicitudin&lorem=ut&id=suscipit&ligula=a&suspendisse=feugiat&ornare=et&consequat=eros&lectus=vestibulum&in=ac&est=est&risus=lacinia&auctor=nisi&sed=venenatis&tristique=tristique&in=fusce&tempus=congue&sit=diam&amet=id&sem=ornare&fusce=imperdiet&consequat=sapien&nulla=urna&nisl=pretium&nunc=nisl&nisl=ut&duis=volutpat&bibendum=sapien&felis=arcu&sed=sed&interdum=augue&venenatis=aliquam&turpis=erat&enim=volutpat&blandit=in&mi=congue&in=etiam&porttitor=justo&pede=etiam&justo=pretium&eu=iaculis&massa=justo&donec=in&dapibus=hac&duis=habitasse&at=platea&velit=dictumst&eu=etiam,TRUE
+https://cam.ac.uk/lectus/in/est/risus/auctor/sed.html?sapien=augue&sapien=vestibulum&non=ante&mi=ipsum&integer=primis&ac=in&neque=faucibus&duis=orci&bibendum=luctus&morbi=et&non=ultrices&quam=posuere&nec=cubilia&dui=curae&luctus=donec&rutrum=pharetra&nulla=magna&tellus=vestibulum&in=aliquet&sagittis=ultrices&dui=erat&vel=tortor&nisl=sollicitudin&duis=mi&ac=sit&nibh=amet&fusce=lobortis&lacus=sapien&purus=sapien&aliquet=non&at=mi&feugiat=integer&non=ac&pretium=neque&quis=duis&lectus=bibendum&suspendisse=morbi&potenti=non&in=quam&eleifend=nec&quam=dui&a=luctus&odio=rutrum&in=nulla&hac=tellus&habitasse=in&platea=sagittis&dictumst=dui&maecenas=vel&ut=nisl&massa=duis&quis=ac&augue=nibh&luctus=fusce&tincidunt=lacus&nulla=purus&mollis=aliquet&molestie=at&lorem=feugiat&quisque=non&ut=pretium&erat=quis&curabitur=lectus&gravida=suspendisse&nisi=potenti&at=in&nibh=eleifend&in=quam&hac=a&habitasse=odio&platea=in&dictumst=hac&aliquam=habitasse&augue=platea&quam=dictumst&sollicitudin=maecenas&vitae=ut&consectetuer=massa&eget=quis&rutrum=augue&at=luctus&lorem=tincidunt&integer=nulla&tincidunt=mollis&ante=molestie&vel=lorem&ipsum=quisque&praesent=ut&blandit=erat,TRUE
+http://canalblog.com/vivamus/metus/arcu/adipiscing/molestie/hendrerit.js?mauris=amet&enim=justo&leo=morbi&rhoncus=ut&sed=odio&vestibulum=cras&sit=mi&amet=pede&cursus=malesuada&id=in&turpis=imperdiet&integer=et&aliquet=commodo&massa=vulputate&id=justo&lobortis=in&convallis=blandit&tortor=ultrices&risus=enim&dapibus=lorem&augue=ipsum&vel=dolor&accumsan=sit&tellus=amet&nisi=consectetuer&eu=adipiscing&orci=elit&mauris=proin&lacinia=interdum&sapien=mauris&quis=non&libero=ligula&nullam=pellentesque&sit=ultrices&amet=phasellus&turpis=id&elementum=sapien&ligula=in&vehicula=sapien&consequat=iaculis&morbi=congue&a=vivamus&ipsum=metus&integer=arcu&a=adipiscing&nibh=molestie&in=hendrerit&quis=at&justo=vulputate&maecenas=vitae&rhoncus=nisl&aliquam=aenean&lacus=lectus&morbi=pellentesque&quis=eget&tortor=nunc&id=donec&nulla=quis&ultrices=orci&aliquet=eget&maecenas=orci&leo=vehicula&odio=condimentum&condimentum=curabitur&id=in&luctus=libero&nec=ut&molestie=massa&sed=volutpat&justo=convallis&pellentesque=morbi&viverra=odio&pede=odio&ac=elementum&diam=eu&cras=interdum&pellentesque=eu&volutpat=tincidunt&dui=in&maecenas=leo&tristique=maecenas&est=pulvinar&et=lobortis&tempus=est&semper=phasellus&est=sit&quam=amet&pharetra=erat&magna=nulla&ac=tempus&consequat=vivamus&metus=in&sapien=felis&ut=eu&nunc=sapien&vestibulum=cursus&ante=vestibulum&ipsum=proin&primis=eu,TRUE
+https://skyrock.com/pulvinar/sed.jsp?montes=justo&nascetur=nec&ridiculus=condimentum&mus=neque&vivamus=sapien&vestibulum=placerat&sagittis=ante&sapien=nulla&cum=justo&sociis=aliquam&natoque=quis&penatibus=turpis&et=eget&magnis=elit&dis=sodales&parturient=scelerisque&montes=mauris&nascetur=sit&ridiculus=amet&mus=eros&etiam=suspendisse&vel=accumsan&augue=tortor,TRUE
+http://wikimedia.org/in/faucibus/orci.aspx?nec=ipsum&nisi=primis&volutpat=in&eleifend=faucibus&donec=orci&ut=luctus&dolor=et&morbi=ultrices&vel=posuere&lectus=cubilia&in=curae,TRUE
+https://wikimedia.org/id/lobortis/convallis/tortor.aspx?sapien=sit&quis=amet&libero=consectetuer&nullam=adipiscing&sit=elit&amet=proin&turpis=interdum&elementum=mauris&ligula=non&vehicula=ligula&consequat=pellentesque&morbi=ultrices&a=phasellus&ipsum=id&integer=sapien&a=in&nibh=sapien&in=iaculis&quis=congue&justo=vivamus&maecenas=metus&rhoncus=arcu&aliquam=adipiscing&lacus=molestie&morbi=hendrerit&quis=at&tortor=vulputate&id=vitae&nulla=nisl&ultrices=aenean&aliquet=lectus&maecenas=pellentesque&leo=eget&odio=nunc&condimentum=donec&id=quis,TRUE
+https://businesswire.com/quam/suspendisse.aspx?vehicula=bibendum&condimentum=morbi&curabitur=non&in=quam&libero=nec&ut=dui&massa=luctus&volutpat=rutrum&convallis=nulla&morbi=tellus&odio=in&odio=sagittis&elementum=dui&eu=vel&interdum=nisl&eu=duis&tincidunt=ac&in=nibh&leo=fusce&maecenas=lacus&pulvinar=purus&lobortis=aliquet&est=at&phasellus=feugiat&sit=non&amet=pretium&erat=quis&nulla=lectus&tempus=suspendisse&vivamus=potenti&in=in&felis=eleifend&eu=quam&sapien=a&cursus=odio&vestibulum=in&proin=hac&eu=habitasse&mi=platea&nulla=dictumst&ac=maecenas&enim=ut&in=massa&tempor=quis&turpis=augue&nec=luctus&euismod=tincidunt&scelerisque=nulla&quam=mollis&turpis=molestie&adipiscing=lorem&lorem=quisque&vitae=ut&mattis=erat&nibh=curabitur&ligula=gravida&nec=nisi&sem=at&duis=nibh&aliquam=in&convallis=hac&nunc=habitasse&proin=platea&at=dictumst&turpis=aliquam&a=augue&pede=quam&posuere=sollicitudin&nonummy=vitae&integer=consectetuer&non=eget&velit=rutrum&donec=at&diam=lorem&neque=integer,TRUE
+http://woothemes.com/mauris/sit/amet/eros.aspx?sed=posuere&sagittis=cubilia&nam=curae&congue=donec&risus=pharetra&semper=magna&porta=vestibulum&volutpat=aliquet&quam=ultrices&pede=erat&lobortis=tortor&ligula=sollicitudin&sit=mi&amet=sit&eleifend=amet,TRUE
+https://clickbank.net/integer/aliquet/massa/id/lobortis/convallis.xml?erat=eu&curabitur=tincidunt&gravida=in&nisi=leo&at=maecenas&nibh=pulvinar&in=lobortis&hac=est&habitasse=phasellus&platea=sit&dictumst=amet&aliquam=erat&augue=nulla&quam=tempus&sollicitudin=vivamus&vitae=in&consectetuer=felis&eget=eu&rutrum=sapien&at=cursus&lorem=vestibulum&integer=proin&tincidunt=eu&ante=mi&vel=nulla&ipsum=ac&praesent=enim&blandit=in&lacinia=tempor&erat=turpis&vestibulum=nec&sed=euismod&magna=scelerisque&at=quam&nunc=turpis&commodo=adipiscing&placerat=lorem&praesent=vitae&blandit=mattis&nam=nibh&nulla=ligula&integer=nec&pede=sem&justo=duis&lacinia=aliquam&eget=convallis&tincidunt=nunc&eget=proin&tempus=at&vel=turpis&pede=a&morbi=pede&porttitor=posuere&lorem=nonummy&id=integer&ligula=non&suspendisse=velit&ornare=donec&consequat=diam&lectus=neque&in=vestibulum&est=eget&risus=vulputate&auctor=ut&sed=ultrices&tristique=vel&in=augue&tempus=vestibulum&sit=ante&amet=ipsum&sem=primis&fusce=in&consequat=faucibus&nulla=orci&nisl=luctus&nunc=et&nisl=ultrices&duis=posuere&bibendum=cubilia&felis=curae&sed=donec&interdum=pharetra,TRUE
+http://amazon.de/bibendum.jpg?sem=consectetuer&praesent=adipiscing&id=elit&massa=proin&id=risus&nisl=praesent&venenatis=lectus&lacinia=vestibulum&aenean=quam&sit=sapien&amet=varius&justo=ut&morbi=blandit&ut=non&odio=interdum&cras=in&mi=ante&pede=vestibulum&malesuada=ante&in=ipsum&imperdiet=primis&et=in&commodo=faucibus&vulputate=orci&justo=luctus&in=et&blandit=ultrices&ultrices=posuere&enim=cubilia&lorem=curae&ipsum=duis&dolor=faucibus&sit=accumsan&amet=odio&consectetuer=curabitur&adipiscing=convallis&elit=duis&proin=consequat&interdum=dui&mauris=nec&non=nisi&ligula=volutpat&pellentesque=eleifend&ultrices=donec&phasellus=ut&id=dolor&sapien=morbi&in=vel&sapien=lectus&iaculis=in&congue=quam&vivamus=fringilla&metus=rhoncus&arcu=mauris&adipiscing=enim&molestie=leo&hendrerit=rhoncus&at=sed&vulputate=vestibulum&vitae=sit&nisl=amet&aenean=cursus&lectus=id&pellentesque=turpis&eget=integer&nunc=aliquet&donec=massa&quis=id&orci=lobortis&eget=convallis&orci=tortor&vehicula=risus&condimentum=dapibus&curabitur=augue&in=vel&libero=accumsan&ut=tellus&massa=nisi&volutpat=eu&convallis=orci&morbi=mauris,TRUE
+http://yahoo.com/tincidunt/in/leo/maecenas/pulvinar/lobortis.aspx?mattis=pretium&egestas=iaculis&metus=diam&aenean=erat&fermentum=fermentum&donec=justo&ut=nec&mauris=condimentum&eget=neque&massa=sapien&tempor=placerat&convallis=ante&nulla=nulla&neque=justo&libero=aliquam&convallis=quis&eget=turpis&eleifend=eget&luctus=elit&ultricies=sodales&eu=scelerisque&nibh=mauris&quisque=sit&id=amet&justo=eros&sit=suspendisse&amet=accumsan&sapien=tortor&dignissim=quis&vestibulum=turpis&vestibulum=sed&ante=ante&ipsum=vivamus,TRUE
+https://geocities.jp/nulla/suscipit.jpg?morbi=potenti&non=nullam,TRUE
+http://feedburner.com/vulputate/elementum/nullam/varius/nulla/facilisi.xml?blandit=sapien&lacinia=cum&erat=sociis&vestibulum=natoque&sed=penatibus&magna=et&at=magnis&nunc=dis&commodo=parturient&placerat=montes&praesent=nascetur&blandit=ridiculus&nam=mus&nulla=etiam&integer=vel&pede=augue&justo=vestibulum&lacinia=rutrum&eget=rutrum&tincidunt=neque&eget=aenean&tempus=auctor&vel=gravida&pede=sem&morbi=praesent&porttitor=id&lorem=massa&id=id&ligula=nisl&suspendisse=venenatis&ornare=lacinia&consequat=aenean&lectus=sit&in=amet&est=justo&risus=morbi&auctor=ut&sed=odio&tristique=cras&in=mi&tempus=pede&sit=malesuada&amet=in&sem=imperdiet&fusce=et&consequat=commodo&nulla=vulputate&nisl=justo&nunc=in&nisl=blandit&duis=ultrices&bibendum=enim&felis=lorem&sed=ipsum&interdum=dolor&venenatis=sit&turpis=amet&enim=consectetuer&blandit=adipiscing&mi=elit&in=proin&porttitor=interdum&pede=mauris&justo=non&eu=ligula&massa=pellentesque&donec=ultrices&dapibus=phasellus&duis=id,TRUE
+http://cpanel.net/in.html?congue=mus&etiam=vivamus&justo=vestibulum&etiam=sagittis&pretium=sapien&iaculis=cum&justo=sociis&in=natoque&hac=penatibus&habitasse=et&platea=magnis&dictumst=dis&etiam=parturient&faucibus=montes&cursus=nascetur&urna=ridiculus&ut=mus&tellus=etiam&nulla=vel&ut=augue&erat=vestibulum&id=rutrum&mauris=rutrum&vulputate=neque&elementum=aenean&nullam=auctor&varius=gravida&nulla=sem&facilisi=praesent&cras=id&non=massa&velit=id&nec=nisl&nisi=venenatis&vulputate=lacinia&nonummy=aenean&maecenas=sit&tincidunt=amet&lacus=justo&at=morbi&velit=ut&vivamus=odio&vel=cras&nulla=mi&eget=pede&eros=malesuada&elementum=in&pellentesque=imperdiet&quisque=et&porta=commodo&volutpat=vulputate&erat=justo&quisque=in&erat=blandit&eros=ultrices&viverra=enim&eget=lorem&congue=ipsum&eget=dolor&semper=sit&rutrum=amet&nulla=consectetuer&nunc=adipiscing&purus=elit&phasellus=proin&in=interdum&felis=mauris&donec=non&semper=ligula,TRUE
+https://simplemachines.org/rhoncus/aliquam/lacus/morbi/quis/tortor/id.png?semper=sed&sapien=justo&a=pellentesque&libero=viverra&nam=pede&dui=ac&proin=diam&leo=cras&odio=pellentesque&porttitor=volutpat&id=dui&consequat=maecenas&in=tristique&consequat=est&ut=et&nulla=tempus&sed=semper&accumsan=est&felis=quam&ut=pharetra&at=magna&dolor=ac&quis=consequat&odio=metus&consequat=sapien&varius=ut&integer=nunc&ac=vestibulum&leo=ante&pellentesque=ipsum&ultrices=primis&mattis=in&odio=faucibus&donec=orci&vitae=luctus&nisi=et&nam=ultrices&ultrices=posuere&libero=cubilia&non=curae&mattis=mauris&pulvinar=viverra&nulla=diam&pede=vitae&ullamcorper=quam&augue=suspendisse&a=potenti&suscipit=nullam&nulla=porttitor&elit=lacus&ac=at&nulla=turpis&sed=donec&vel=posuere&enim=metus&sit=vitae&amet=ipsum&nunc=aliquam&viverra=non&dapibus=mauris&nulla=morbi&suscipit=non&ligula=lectus&in=aliquam&lacus=sit&curabitur=amet&at=diam&ipsum=in&ac=magna&tellus=bibendum&semper=imperdiet&interdum=nullam,TRUE
+http://marketwatch.com/sit/amet/consectetuer/adipiscing/elit/proin/risus.png?lacinia=donec&aenean=semper&sit=sapien&amet=a&justo=libero&morbi=nam&ut=dui&odio=proin&cras=leo&mi=odio&pede=porttitor&malesuada=id&in=consequat&imperdiet=in&et=consequat&commodo=ut&vulputate=nulla&justo=sed&in=accumsan&blandit=felis&ultrices=ut&enim=at&lorem=dolor&ipsum=quis&dolor=odio&sit=consequat&amet=varius&consectetuer=integer&adipiscing=ac&elit=leo&proin=pellentesque&interdum=ultrices&mauris=mattis&non=odio&ligula=donec&pellentesque=vitae&ultrices=nisi&phasellus=nam&id=ultrices&sapien=libero&in=non&sapien=mattis&iaculis=pulvinar&congue=nulla&vivamus=pede&metus=ullamcorper&arcu=augue&adipiscing=a&molestie=suscipit,TRUE
+http://omniture.com/nullam/orci/pede/venenatis.aspx?hendrerit=rutrum&at=neque&vulputate=aenean&vitae=auctor&nisl=gravida&aenean=sem&lectus=praesent&pellentesque=id&eget=massa&nunc=id&donec=nisl&quis=venenatis&orci=lacinia&eget=aenean&orci=sit&vehicula=amet&condimentum=justo&curabitur=morbi&in=ut&libero=odio&ut=cras&massa=mi&volutpat=pede&convallis=malesuada&morbi=in&odio=imperdiet&odio=et&elementum=commodo&eu=vulputate&interdum=justo&eu=in&tincidunt=blandit&in=ultrices&leo=enim&maecenas=lorem&pulvinar=ipsum&lobortis=dolor&est=sit&phasellus=amet&sit=consectetuer&amet=adipiscing&erat=elit&nulla=proin&tempus=interdum&vivamus=mauris&in=non&felis=ligula&eu=pellentesque&sapien=ultrices&cursus=phasellus&vestibulum=id&proin=sapien&eu=in&mi=sapien&nulla=iaculis&ac=congue&enim=vivamus&in=metus&tempor=arcu&turpis=adipiscing&nec=molestie&euismod=hendrerit&scelerisque=at&quam=vulputate&turpis=vitae&adipiscing=nisl,TRUE
+https://de.vu/ipsum/primis.html?congue=sit&etiam=amet&justo=eros&etiam=suspendisse&pretium=accumsan&iaculis=tortor&justo=quis&in=turpis&hac=sed&habitasse=ante&platea=vivamus&dictumst=tortor&etiam=duis&faucibus=mattis&cursus=egestas&urna=metus&ut=aenean&tellus=fermentum&nulla=donec&ut=ut&erat=mauris&id=eget&mauris=massa&vulputate=tempor&elementum=convallis&nullam=nulla&varius=neque&nulla=libero,TRUE
+https://surveymonkey.com/nam/nulla/integer/pede.aspx?rutrum=pellentesque&rutrum=volutpat&neque=dui&aenean=maecenas&auctor=tristique&gravida=est&sem=et&praesent=tempus&id=semper&massa=est&id=quam&nisl=pharetra&venenatis=magna&lacinia=ac&aenean=consequat&sit=metus&amet=sapien&justo=ut&morbi=nunc&ut=vestibulum&odio=ante&cras=ipsum&mi=primis&pede=in&malesuada=faucibus&in=orci&imperdiet=luctus&et=et&commodo=ultrices&vulputate=posuere&justo=cubilia&in=curae&blandit=mauris&ultrices=viverra&enim=diam&lorem=vitae&ipsum=quam&dolor=suspendisse&sit=potenti&amet=nullam&consectetuer=porttitor&adipiscing=lacus&elit=at&proin=turpis&interdum=donec&mauris=posuere&non=metus&ligula=vitae&pellentesque=ipsum&ultrices=aliquam&phasellus=non&id=mauris,TRUE
+http://time.com/nibh/in/hac/habitasse/platea/dictumst/aliquam.png?sit=phasellus&amet=in&turpis=felis&elementum=donec&ligula=semper&vehicula=sapien&consequat=a&morbi=libero&a=nam&ipsum=dui&integer=proin&a=leo&nibh=odio&in=porttitor&quis=id&justo=consequat&maecenas=in&rhoncus=consequat&aliquam=ut&lacus=nulla&morbi=sed&quis=accumsan&tortor=felis&id=ut&nulla=at&ultrices=dolor&aliquet=quis&maecenas=odio&leo=consequat&odio=varius&condimentum=integer&id=ac&luctus=leo&nec=pellentesque&molestie=ultrices&sed=mattis&justo=odio&pellentesque=donec&viverra=vitae&pede=nisi&ac=nam&diam=ultrices&cras=libero&pellentesque=non&volutpat=mattis&dui=pulvinar&maecenas=nulla&tristique=pede&est=ullamcorper&et=augue&tempus=a&semper=suscipit&est=nulla&quam=elit&pharetra=ac&magna=nulla&ac=sed&consequat=vel&metus=enim&sapien=sit&ut=amet&nunc=nunc&vestibulum=viverra,TRUE
+http://networkadvertising.org/nulla/sed/accumsan/felis/ut/at/dolor.js?eget=donec&tempus=semper&vel=sapien&pede=a&morbi=libero&porttitor=nam&lorem=dui&id=proin&ligula=leo&suspendisse=odio&ornare=porttitor&consequat=id&lectus=consequat&in=in&est=consequat&risus=ut&auctor=nulla&sed=sed&tristique=accumsan&in=felis&tempus=ut&sit=at&amet=dolor&sem=quis&fusce=odio&consequat=consequat&nulla=varius,TRUE
+http://youtube.com/nisl/nunc/nisl.html?placerat=amet&ante=consectetuer&nulla=adipiscing&justo=elit&aliquam=proin&quis=interdum&turpis=mauris&eget=non&elit=ligula&sodales=pellentesque&scelerisque=ultrices&mauris=phasellus&sit=id&amet=sapien&eros=in&suspendisse=sapien&accumsan=iaculis&tortor=congue&quis=vivamus&turpis=metus&sed=arcu&ante=adipiscing&vivamus=molestie&tortor=hendrerit&duis=at&mattis=vulputate&egestas=vitae,TRUE
+https://globo.com/dui.png?at=lectus&turpis=pellentesque&donec=at&posuere=nulla&metus=suspendisse&vitae=potenti&ipsum=cras&aliquam=in,TRUE
+http://gmpg.org/tellus/in/sagittis/dui/vel/nisl.xml?porttitor=vestibulum&id=eget&consequat=vulputate&in=ut&consequat=ultrices&ut=vel&nulla=augue&sed=vestibulum&accumsan=ante&felis=ipsum&ut=primis&at=in&dolor=faucibus&quis=orci&odio=luctus&consequat=et&varius=ultrices&integer=posuere&ac=cubilia&leo=curae&pellentesque=donec&ultrices=pharetra&mattis=magna&odio=vestibulum&donec=aliquet,TRUE
+http://dmoz.org/posuere/cubilia/curae.png?at=consequat&nunc=ut&commodo=nulla&placerat=sed&praesent=accumsan&blandit=felis&nam=ut&nulla=at&integer=dolor&pede=quis&justo=odio&lacinia=consequat&eget=varius&tincidunt=integer&eget=ac&tempus=leo&vel=pellentesque&pede=ultrices&morbi=mattis&porttitor=odio&lorem=donec&id=vitae&ligula=nisi&suspendisse=nam&ornare=ultrices&consequat=libero&lectus=non&in=mattis&est=pulvinar&risus=nulla&auctor=pede&sed=ullamcorper,TRUE
+https://odnoklassniki.ru/ac/consequat/metus.png?sed=at&augue=ipsum&aliquam=ac&erat=tellus&volutpat=semper&in=interdum&congue=mauris&etiam=ullamcorper&justo=purus&etiam=sit&pretium=amet&iaculis=nulla&justo=quisque&in=arcu&hac=libero&habitasse=rutrum&platea=ac&dictumst=lobortis&etiam=vel&faucibus=dapibus&cursus=at,TRUE
+http://bbb.org/nec/molestie/sed/justo/pellentesque/viverra.aspx?platea=dui&dictumst=proin&aliquam=leo,TRUE
+https://yahoo.com/vel.png?donec=ligula&ut=pellentesque&dolor=ultrices&morbi=phasellus&vel=id&lectus=sapien&in=in&quam=sapien&fringilla=iaculis&rhoncus=congue&mauris=vivamus&enim=metus&leo=arcu&rhoncus=adipiscing&sed=molestie&vestibulum=hendrerit&sit=at&amet=vulputate&cursus=vitae&id=nisl&turpis=aenean&integer=lectus&aliquet=pellentesque&massa=eget&id=nunc&lobortis=donec&convallis=quis&tortor=orci&risus=eget&dapibus=orci&augue=vehicula&vel=condimentum&accumsan=curabitur&tellus=in&nisi=libero&eu=ut&orci=massa&mauris=volutpat&lacinia=convallis&sapien=morbi&quis=odio&libero=odio&nullam=elementum&sit=eu&amet=interdum&turpis=eu&elementum=tincidunt&ligula=in&vehicula=leo&consequat=maecenas&morbi=pulvinar&a=lobortis&ipsum=est&integer=phasellus&a=sit,TRUE
+https://nymag.com/justo/lacinia.json?vivamus=odio&vestibulum=elementum&sagittis=eu&sapien=interdum&cum=eu&sociis=tincidunt&natoque=in&penatibus=leo&et=maecenas&magnis=pulvinar&dis=lobortis&parturient=est&montes=phasellus&nascetur=sit&ridiculus=amet&mus=erat&etiam=nulla&vel=tempus&augue=vivamus&vestibulum=in&rutrum=felis&rutrum=eu&neque=sapien&aenean=cursus&auctor=vestibulum&gravida=proin&sem=eu&praesent=mi,TRUE
+http://imdb.com/sodales/sed/tincidunt/eu/felis/fusce.html?magna=quis&vulputate=orci&luctus=nullam&cum=molestie&sociis=nibh&natoque=in&penatibus=lectus&et=pellentesque&magnis=at&dis=nulla&parturient=suspendisse&montes=potenti&nascetur=cras&ridiculus=in&mus=purus&vivamus=eu&vestibulum=magna&sagittis=vulputate&sapien=luctus&cum=cum&sociis=sociis&natoque=natoque&penatibus=penatibus&et=et&magnis=magnis&dis=dis&parturient=parturient&montes=montes&nascetur=nascetur&ridiculus=ridiculus&mus=mus&etiam=vivamus&vel=vestibulum&augue=sagittis&vestibulum=sapien&rutrum=cum&rutrum=sociis&neque=natoque&aenean=penatibus&auctor=et&gravida=magnis,TRUE
+https://bluehost.com/justo/maecenas/rhoncus/aliquam/lacus/morbi/quis.jpg?quam=est&turpis=phasellus&adipiscing=sit&lorem=amet&vitae=erat&mattis=nulla&nibh=tempus&ligula=vivamus&nec=in&sem=felis&duis=eu&aliquam=sapien&convallis=cursus&nunc=vestibulum&proin=proin&at=eu&turpis=mi&a=nulla&pede=ac&posuere=enim&nonummy=in&integer=tempor&non=turpis&velit=nec&donec=euismod&diam=scelerisque&neque=quam&vestibulum=turpis&eget=adipiscing&vulputate=lorem&ut=vitae&ultrices=mattis&vel=nibh&augue=ligula&vestibulum=nec&ante=sem&ipsum=duis&primis=aliquam&in=convallis&faucibus=nunc&orci=proin&luctus=at&et=turpis&ultrices=a,TRUE
+https://sciencedirect.com/ullamcorper/purus/sit.html?interdum=vestibulum&eu=ac&tincidunt=est&in=lacinia&leo=nisi&maecenas=venenatis&pulvinar=tristique&lobortis=fusce&est=congue&phasellus=diam&sit=id&amet=ornare&erat=imperdiet&nulla=sapien&tempus=urna&vivamus=pretium&in=nisl&felis=ut&eu=volutpat&sapien=sapien&cursus=arcu&vestibulum=sed&proin=augue&eu=aliquam&mi=erat&nulla=volutpat&ac=in&enim=congue&in=etiam&tempor=justo&turpis=etiam&nec=pretium&euismod=iaculis&scelerisque=justo&quam=in&turpis=hac&adipiscing=habitasse&lorem=platea&vitae=dictumst&mattis=etiam&nibh=faucibus&ligula=cursus&nec=urna,TRUE
+http://disqus.com/donec/posuere/metus/vitae.jpg?maecenas=condimentum&rhoncus=neque&aliquam=sapien&lacus=placerat&morbi=ante&quis=nulla&tortor=justo&id=aliquam&nulla=quis&ultrices=turpis&aliquet=eget&maecenas=elit&leo=sodales&odio=scelerisque&condimentum=mauris&id=sit&luctus=amet&nec=eros&molestie=suspendisse&sed=accumsan&justo=tortor&pellentesque=quis&viverra=turpis&pede=sed&ac=ante&diam=vivamus&cras=tortor&pellentesque=duis&volutpat=mattis&dui=egestas&maecenas=metus&tristique=aenean&est=fermentum&et=donec&tempus=ut&semper=mauris&est=eget&quam=massa&pharetra=tempor&magna=convallis&ac=nulla&consequat=neque&metus=libero&sapien=convallis&ut=eget&nunc=eleifend&vestibulum=luctus&ante=ultricies&ipsum=eu&primis=nibh&in=quisque&faucibus=id&orci=justo&luctus=sit&et=amet&ultrices=sapien&posuere=dignissim&cubilia=vestibulum&curae=vestibulum&mauris=ante&viverra=ipsum&diam=primis&vitae=in&quam=faucibus&suspendisse=orci&potenti=luctus&nullam=et&porttitor=ultrices&lacus=posuere&at=cubilia&turpis=curae&donec=nulla&posuere=dapibus&metus=dolor&vitae=vel&ipsum=est&aliquam=donec&non=odio&mauris=justo&morbi=sollicitudin&non=ut&lectus=suscipit&aliquam=a,TRUE
+http://symantec.com/neque/libero/convallis/eget.js?id=felis&consequat=sed&in=interdum&consequat=venenatis&ut=turpis&nulla=enim&sed=blandit&accumsan=mi&felis=in&ut=porttitor&at=pede&dolor=justo&quis=eu&odio=massa&consequat=donec&varius=dapibus&integer=duis&ac=at&leo=velit&pellentesque=eu&ultrices=est&mattis=congue&odio=elementum&donec=in&vitae=hac&nisi=habitasse&nam=platea&ultrices=dictumst&libero=morbi&non=vestibulum&mattis=velit&pulvinar=id&nulla=pretium&pede=iaculis&ullamcorper=diam&augue=erat&a=fermentum&suscipit=justo&nulla=nec&elit=condimentum&ac=neque&nulla=sapien,TRUE
+https://fastcompany.com/mauris.html?est=commodo&congue=vulputate&elementum=justo&in=in&hac=blandit&habitasse=ultrices&platea=enim&dictumst=lorem&morbi=ipsum&vestibulum=dolor&velit=sit&id=amet&pretium=consectetuer&iaculis=adipiscing&diam=elit&erat=proin&fermentum=interdum&justo=mauris&nec=non&condimentum=ligula&neque=pellentesque&sapien=ultrices&placerat=phasellus&ante=id&nulla=sapien&justo=in&aliquam=sapien&quis=iaculis&turpis=congue&eget=vivamus&elit=metus&sodales=arcu&scelerisque=adipiscing&mauris=molestie&sit=hendrerit&amet=at&eros=vulputate&suspendisse=vitae&accumsan=nisl&tortor=aenean&quis=lectus&turpis=pellentesque&sed=eget&ante=nunc&vivamus=donec&tortor=quis&duis=orci&mattis=eget&egestas=orci&metus=vehicula&aenean=condimentum&fermentum=curabitur&donec=in&ut=libero&mauris=ut&eget=massa,TRUE
+http://berkeley.edu/magna/at/nunc/commodo.jpg?eleifend=montes&pede=nascetur&libero=ridiculus&quis=mus&orci=vivamus&nullam=vestibulum&molestie=sagittis&nibh=sapien&in=cum&lectus=sociis&pellentesque=natoque&at=penatibus&nulla=et&suspendisse=magnis&potenti=dis&cras=parturient&in=montes&purus=nascetur&eu=ridiculus&magna=mus&vulputate=etiam&luctus=vel&cum=augue&sociis=vestibulum&natoque=rutrum&penatibus=rutrum&et=neque&magnis=aenean&dis=auctor&parturient=gravida&montes=sem&nascetur=praesent&ridiculus=id&mus=massa&vivamus=id&vestibulum=nisl&sagittis=venenatis&sapien=lacinia&cum=aenean&sociis=sit&natoque=amet&penatibus=justo&et=morbi&magnis=ut&dis=odio&parturient=cras&montes=mi&nascetur=pede&ridiculus=malesuada&mus=in&etiam=imperdiet&vel=et&augue=commodo&vestibulum=vulputate&rutrum=justo&rutrum=in&neque=blandit&aenean=ultrices&auctor=enim&gravida=lorem&sem=ipsum&praesent=dolor&id=sit&massa=amet&id=consectetuer&nisl=adipiscing,TRUE
+https://reddit.com/sed.png?ligula=suspendisse&vehicula=accumsan&consequat=tortor&morbi=quis&a=turpis&ipsum=sed&integer=ante&a=vivamus&nibh=tortor&in=duis&quis=mattis&justo=egestas&maecenas=metus&rhoncus=aenean,TRUE
+http://shinystat.com/enim/in/tempor.json?consequat=eleifend&lectus=pede&in=libero&est=quis&risus=orci&auctor=nullam&sed=molestie&tristique=nibh&in=in&tempus=lectus&sit=pellentesque&amet=at&sem=nulla&fusce=suspendisse&consequat=potenti&nulla=cras&nisl=in&nunc=purus&nisl=eu&duis=magna&bibendum=vulputate&felis=luctus&sed=cum&interdum=sociis&venenatis=natoque&turpis=penatibus&enim=et&blandit=magnis&mi=dis&in=parturient&porttitor=montes&pede=nascetur&justo=ridiculus&eu=mus&massa=vivamus&donec=vestibulum&dapibus=sagittis&duis=sapien&at=cum&velit=sociis&eu=natoque&est=penatibus&congue=et&elementum=magnis&in=dis&hac=parturient&habitasse=montes&platea=nascetur&dictumst=ridiculus&morbi=mus&vestibulum=etiam&velit=vel&id=augue&pretium=vestibulum&iaculis=rutrum&diam=rutrum&erat=neque&fermentum=aenean&justo=auctor&nec=gravida&condimentum=sem&neque=praesent&sapien=id&placerat=massa&ante=id&nulla=nisl&justo=venenatis&aliquam=lacinia&quis=aenean&turpis=sit&eget=amet,TRUE
+http://reverbnation.com/id/turpis/integer.aspx?ultrices=eget&posuere=massa&cubilia=tempor&curae=convallis&mauris=nulla&viverra=neque&diam=libero&vitae=convallis&quam=eget&suspendisse=eleifend&potenti=luctus&nullam=ultricies&porttitor=eu&lacus=nibh&at=quisque&turpis=id&donec=justo&posuere=sit&metus=amet&vitae=sapien&ipsum=dignissim&aliquam=vestibulum&non=vestibulum&mauris=ante&morbi=ipsum&non=primis&lectus=in&aliquam=faucibus&sit=orci&amet=luctus&diam=et&in=ultrices&magna=posuere&bibendum=cubilia&imperdiet=curae&nullam=nulla&orci=dapibus&pede=dolor&venenatis=vel&non=est&sodales=donec&sed=odio&tincidunt=justo,TRUE
+http://desdev.cn/ante/ipsum.xml?in=est&hac=donec&habitasse=odio&platea=justo&dictumst=sollicitudin&morbi=ut&vestibulum=suscipit&velit=a&id=feugiat&pretium=et&iaculis=eros&diam=vestibulum&erat=ac&fermentum=est&justo=lacinia&nec=nisi&condimentum=venenatis&neque=tristique&sapien=fusce&placerat=congue&ante=diam&nulla=id&justo=ornare&aliquam=imperdiet&quis=sapien&turpis=urna&eget=pretium&elit=nisl&sodales=ut&scelerisque=volutpat&mauris=sapien&sit=arcu&amet=sed&eros=augue&suspendisse=aliquam&accumsan=erat&tortor=volutpat&quis=in&turpis=congue&sed=etiam&ante=justo&vivamus=etiam&tortor=pretium&duis=iaculis&mattis=justo&egestas=in&metus=hac&aenean=habitasse&fermentum=platea&donec=dictumst&ut=etiam&mauris=faucibus&eget=cursus&massa=urna&tempor=ut&convallis=tellus&nulla=nulla&neque=ut&libero=erat&convallis=id&eget=mauris&eleifend=vulputate&luctus=elementum&ultricies=nullam&eu=varius&nibh=nulla&quisque=facilisi&id=cras&justo=non&sit=velit&amet=nec&sapien=nisi&dignissim=vulputate&vestibulum=nonummy&vestibulum=maecenas,TRUE
+http://jimdo.com/penatibus.xml?adipiscing=sollicitudin&lorem=ut&vitae=suscipit&mattis=a&nibh=feugiat&ligula=et&nec=eros&sem=vestibulum&duis=ac&aliquam=est&convallis=lacinia&nunc=nisi&proin=venenatis&at=tristique&turpis=fusce&a=congue&pede=diam&posuere=id&nonummy=ornare&integer=imperdiet&non=sapien&velit=urna&donec=pretium&diam=nisl&neque=ut&vestibulum=volutpat&eget=sapien&vulputate=arcu&ut=sed&ultrices=augue&vel=aliquam&augue=erat&vestibulum=volutpat&ante=in&ipsum=congue&primis=etiam&in=justo&faucibus=etiam&orci=pretium&luctus=iaculis&et=justo&ultrices=in&posuere=hac&cubilia=habitasse&curae=platea&donec=dictumst&pharetra=etiam&magna=faucibus&vestibulum=cursus&aliquet=urna&ultrices=ut&erat=tellus&tortor=nulla&sollicitudin=ut&mi=erat&sit=id&amet=mauris&lobortis=vulputate&sapien=elementum&sapien=nullam&non=varius&mi=nulla&integer=facilisi&ac=cras&neque=non&duis=velit&bibendum=nec&morbi=nisi&non=vulputate&quam=nonummy&nec=maecenas&dui=tincidunt&luctus=lacus&rutrum=at&nulla=velit&tellus=vivamus&in=vel&sagittis=nulla&dui=eget&vel=eros&nisl=elementum&duis=pellentesque&ac=quisque&nibh=porta&fusce=volutpat&lacus=erat&purus=quisque&aliquet=erat&at=eros&feugiat=viverra&non=eget&pretium=congue&quis=eget&lectus=semper&suspendisse=rutrum&potenti=nulla&in=nunc&eleifend=purus&quam=phasellus&a=in,TRUE
+http://nasa.gov/sagittis/sapien/cum/sociis/natoque/penatibus.jsp?volutpat=nec&erat=euismod&quisque=scelerisque&erat=quam&eros=turpis&viverra=adipiscing&eget=lorem&congue=vitae&eget=mattis&semper=nibh&rutrum=ligula&nulla=nec&nunc=sem&purus=duis&phasellus=aliquam&in=convallis&felis=nunc&donec=proin&semper=at&sapien=turpis&a=a&libero=pede&nam=posuere&dui=nonummy&proin=integer&leo=non&odio=velit&porttitor=donec&id=diam&consequat=neque&in=vestibulum&consequat=eget&ut=vulputate&nulla=ut&sed=ultrices&accumsan=vel&felis=augue&ut=vestibulum&at=ante&dolor=ipsum,TRUE
+http://uol.com.br/consequat/metus/sapien/ut/nunc.png?venenatis=nibh&non=in&sodales=hac&sed=habitasse&tincidunt=platea&eu=dictumst&felis=aliquam&fusce=augue&posuere=quam&felis=sollicitudin&sed=vitae&lacus=consectetuer&morbi=eget&sem=rutrum&mauris=at&laoreet=lorem&ut=integer&rhoncus=tincidunt&aliquet=ante&pulvinar=vel&sed=ipsum&nisl=praesent&nunc=blandit&rhoncus=lacinia&dui=erat&vel=vestibulum&sem=sed&sed=magna&sagittis=at&nam=nunc&congue=commodo&risus=placerat&semper=praesent&porta=blandit&volutpat=nam&quam=nulla&pede=integer&lobortis=pede&ligula=justo&sit=lacinia&amet=eget&eleifend=tincidunt&pede=eget&libero=tempus&quis=vel&orci=pede&nullam=morbi&molestie=porttitor&nibh=lorem&in=id&lectus=ligula&pellentesque=suspendisse&at=ornare&nulla=consequat&suspendisse=lectus&potenti=in&cras=est&in=risus&purus=auctor&eu=sed&magna=tristique&vulputate=in&luctus=tempus&cum=sit&sociis=amet&natoque=sem&penatibus=fusce&et=consequat,TRUE
+http://wix.com/fusce/consequat/nulla/nisl.js?in=aliquet&consequat=massa&ut=id&nulla=lobortis&sed=convallis&accumsan=tortor&felis=risus&ut=dapibus&at=augue&dolor=vel&quis=accumsan&odio=tellus&consequat=nisi&varius=eu&integer=orci&ac=mauris&leo=lacinia&pellentesque=sapien&ultrices=quis&mattis=libero&odio=nullam&donec=sit,TRUE
+https://engadget.com/eget/nunc/donec/quis/orci/eget.xml?ante=massa&vivamus=donec&tortor=dapibus&duis=duis&mattis=at&egestas=velit&metus=eu&aenean=est&fermentum=congue,TRUE
+http://businesswire.com/suspendisse/potenti/cras/in/purus/eu.xml?erat=pellentesque&fermentum=eget&justo=nunc&nec=donec&condimentum=quis&neque=orci&sapien=eget&placerat=orci&ante=vehicula&nulla=condimentum&justo=curabitur&aliquam=in&quis=libero&turpis=ut&eget=massa&elit=volutpat&sodales=convallis,TRUE
+http://google.ru/fringilla/rhoncus/mauris/enim.aspx?vitae=cras&nisl=mi&aenean=pede&lectus=malesuada&pellentesque=in&eget=imperdiet&nunc=et&donec=commodo&quis=vulputate&orci=justo&eget=in&orci=blandit&vehicula=ultrices&condimentum=enim&curabitur=lorem&in=ipsum&libero=dolor&ut=sit&massa=amet&volutpat=consectetuer&convallis=adipiscing&morbi=elit&odio=proin&odio=interdum&elementum=mauris&eu=non&interdum=ligula&eu=pellentesque&tincidunt=ultrices&in=phasellus&leo=id&maecenas=sapien&pulvinar=in&lobortis=sapien&est=iaculis&phasellus=congue&sit=vivamus&amet=metus&erat=arcu&nulla=adipiscing&tempus=molestie&vivamus=hendrerit&in=at&felis=vulputate&eu=vitae&sapien=nisl&cursus=aenean&vestibulum=lectus&proin=pellentesque&eu=eget&mi=nunc&nulla=donec&ac=quis&enim=orci&in=eget&tempor=orci&turpis=vehicula&nec=condimentum&euismod=curabitur&scelerisque=in&quam=libero&turpis=ut&adipiscing=massa&lorem=volutpat&vitae=convallis&mattis=morbi&nibh=odio&ligula=odio&nec=elementum&sem=eu&duis=interdum&aliquam=eu,TRUE
+http://4shared.com/lacus/curabitur/at/ipsum.xml?pede=pretium&ac=quis&diam=lectus&cras=suspendisse&pellentesque=potenti&volutpat=in&dui=eleifend&maecenas=quam&tristique=a&est=odio&et=in&tempus=hac&semper=habitasse&est=platea&quam=dictumst&pharetra=maecenas&magna=ut&ac=massa&consequat=quis&metus=augue&sapien=luctus&ut=tincidunt&nunc=nulla&vestibulum=mollis&ante=molestie&ipsum=lorem&primis=quisque&in=ut&faucibus=erat&orci=curabitur&luctus=gravida&et=nisi&ultrices=at&posuere=nibh&cubilia=in&curae=hac&mauris=habitasse&viverra=platea&diam=dictumst&vitae=aliquam&quam=augue&suspendisse=quam&potenti=sollicitudin&nullam=vitae&porttitor=consectetuer&lacus=eget&at=rutrum&turpis=at&donec=lorem&posuere=integer&metus=tincidunt&vitae=ante&ipsum=vel&aliquam=ipsum&non=praesent&mauris=blandit&morbi=lacinia&non=erat&lectus=vestibulum&aliquam=sed&sit=magna&amet=at&diam=nunc&in=commodo&magna=placerat&bibendum=praesent&imperdiet=blandit&nullam=nam&orci=nulla&pede=integer&venenatis=pede&non=justo&sodales=lacinia&sed=eget,TRUE
+http://ucla.edu/molestie/sed/justo.aspx?quam=molestie&a=nibh&odio=in&in=lectus&hac=pellentesque&habitasse=at&platea=nulla&dictumst=suspendisse&maecenas=potenti&ut=cras&massa=in&quis=purus&augue=eu&luctus=magna&tincidunt=vulputate&nulla=luctus&mollis=cum&molestie=sociis&lorem=natoque&quisque=penatibus&ut=et&erat=magnis&curabitur=dis&gravida=parturient&nisi=montes&at=nascetur&nibh=ridiculus&in=mus&hac=vivamus&habitasse=vestibulum&platea=sagittis&dictumst=sapien&aliquam=cum&augue=sociis&quam=natoque&sollicitudin=penatibus&vitae=et&consectetuer=magnis&eget=dis&rutrum=parturient&at=montes&lorem=nascetur&integer=ridiculus&tincidunt=mus&ante=etiam&vel=vel&ipsum=augue&praesent=vestibulum&blandit=rutrum&lacinia=rutrum,TRUE
+https://histats.com/blandit/lacinia/erat.aspx?rutrum=velit&neque=eu&aenean=est&auctor=congue&gravida=elementum&sem=in&praesent=hac&id=habitasse&massa=platea&id=dictumst&nisl=morbi&venenatis=vestibulum&lacinia=velit&aenean=id&sit=pretium&amet=iaculis&justo=diam&morbi=erat&ut=fermentum&odio=justo&cras=nec&mi=condimentum&pede=neque&malesuada=sapien&in=placerat&imperdiet=ante&et=nulla,TRUE
+https://tmall.com/phasellus/id/sapien/in.jpg?libero=velit&convallis=nec&eget=nisi&eleifend=vulputate&luctus=nonummy&ultricies=maecenas&eu=tincidunt&nibh=lacus&quisque=at&id=velit&justo=vivamus&sit=vel&amet=nulla&sapien=eget&dignissim=eros&vestibulum=elementum&vestibulum=pellentesque&ante=quisque&ipsum=porta&primis=volutpat&in=erat&faucibus=quisque&orci=erat&luctus=eros&et=viverra&ultrices=eget&posuere=congue&cubilia=eget&curae=semper&nulla=rutrum&dapibus=nulla&dolor=nunc&vel=purus&est=phasellus&donec=in&odio=felis&justo=donec&sollicitudin=semper&ut=sapien&suscipit=a&a=libero&feugiat=nam&et=dui,TRUE
+http://soundcloud.com/blandit/nam/nulla/integer/pede/justo/lacinia.aspx?in=et&faucibus=eros&orci=vestibulum&luctus=ac&et=est&ultrices=lacinia&posuere=nisi&cubilia=venenatis&curae=tristique&nulla=fusce&dapibus=congue&dolor=diam&vel=id&est=ornare&donec=imperdiet&odio=sapien&justo=urna&sollicitudin=pretium&ut=nisl&suscipit=ut&a=volutpat&feugiat=sapien&et=arcu&eros=sed&vestibulum=augue&ac=aliquam&est=erat&lacinia=volutpat&nisi=in&venenatis=congue&tristique=etiam&fusce=justo&congue=etiam&diam=pretium&id=iaculis&ornare=justo&imperdiet=in&sapien=hac&urna=habitasse&pretium=platea&nisl=dictumst&ut=etiam&volutpat=faucibus&sapien=cursus&arcu=urna&sed=ut&augue=tellus&aliquam=nulla&erat=ut&volutpat=erat&in=id&congue=mauris&etiam=vulputate&justo=elementum&etiam=nullam&pretium=varius&iaculis=nulla&justo=facilisi&in=cras&hac=non&habitasse=velit&platea=nec&dictumst=nisi&etiam=vulputate&faucibus=nonummy&cursus=maecenas&urna=tincidunt&ut=lacus&tellus=at&nulla=velit&ut=vivamus&erat=vel&id=nulla&mauris=eget&vulputate=eros&elementum=elementum&nullam=pellentesque,TRUE
+https://epa.gov/odio/curabitur/convallis/duis/consequat/dui/nec.xml?mauris=lobortis&enim=est&leo=phasellus&rhoncus=sit&sed=amet&vestibulum=erat&sit=nulla&amet=tempus&cursus=vivamus&id=in&turpis=felis&integer=eu&aliquet=sapien&massa=cursus&id=vestibulum&lobortis=proin&convallis=eu&tortor=mi&risus=nulla&dapibus=ac&augue=enim&vel=in&accumsan=tempor&tellus=turpis&nisi=nec&eu=euismod&orci=scelerisque&mauris=quam&lacinia=turpis&sapien=adipiscing&quis=lorem&libero=vitae&nullam=mattis&sit=nibh&amet=ligula&turpis=nec&elementum=sem&ligula=duis&vehicula=aliquam&consequat=convallis&morbi=nunc&a=proin&ipsum=at&integer=turpis&a=a&nibh=pede&in=posuere&quis=nonummy&justo=integer&maecenas=non&rhoncus=velit&aliquam=donec&lacus=diam&morbi=neque&quis=vestibulum&tortor=eget&id=vulputate&nulla=ut&ultrices=ultrices&aliquet=vel&maecenas=augue&leo=vestibulum&odio=ante&condimentum=ipsum&id=primis&luctus=in&nec=faucibus&molestie=orci&sed=luctus&justo=et&pellentesque=ultrices&viverra=posuere&pede=cubilia&ac=curae&diam=donec&cras=pharetra&pellentesque=magna&volutpat=vestibulum&dui=aliquet&maecenas=ultrices&tristique=erat&est=tortor,TRUE
+http://adobe.com/proin.html?enim=pulvinar&lorem=lobortis&ipsum=est&dolor=phasellus&sit=sit&amet=amet&consectetuer=erat&adipiscing=nulla&elit=tempus&proin=vivamus&interdum=in&mauris=felis&non=eu&ligula=sapien&pellentesque=cursus&ultrices=vestibulum&phasellus=proin&id=eu&sapien=mi&in=nulla&sapien=ac&iaculis=enim&congue=in&vivamus=tempor&metus=turpis&arcu=nec&adipiscing=euismod&molestie=scelerisque&hendrerit=quam&at=turpis&vulputate=adipiscing&vitae=lorem&nisl=vitae&aenean=mattis&lectus=nibh&pellentesque=ligula&eget=nec&nunc=sem&donec=duis&quis=aliquam&orci=convallis&eget=nunc&orci=proin&vehicula=at&condimentum=turpis&curabitur=a&in=pede&libero=posuere&ut=nonummy&massa=integer&volutpat=non&convallis=velit&morbi=donec&odio=diam&odio=neque&elementum=vestibulum&eu=eget&interdum=vulputate&eu=ut&tincidunt=ultrices&in=vel&leo=augue&maecenas=vestibulum&pulvinar=ante&lobortis=ipsum&est=primis&phasellus=in&sit=faucibus&amet=orci&erat=luctus&nulla=et&tempus=ultrices&vivamus=posuere&in=cubilia&felis=curae&eu=donec&sapien=pharetra&cursus=magna&vestibulum=vestibulum&proin=aliquet&eu=ultrices&mi=erat&nulla=tortor&ac=sollicitudin&enim=mi&in=sit&tempor=amet&turpis=lobortis,TRUE
+http://privacy.gov.au/phasellus.json?eu=in&tincidunt=quis&in=justo&leo=maecenas&maecenas=rhoncus&pulvinar=aliquam&lobortis=lacus&est=morbi&phasellus=quis&sit=tortor&amet=id&erat=nulla&nulla=ultrices&tempus=aliquet&vivamus=maecenas&in=leo&felis=odio&eu=condimentum&sapien=id&cursus=luctus&vestibulum=nec&proin=molestie&eu=sed&mi=justo&nulla=pellentesque&ac=viverra&enim=pede&in=ac&tempor=diam&turpis=cras&nec=pellentesque&euismod=volutpat&scelerisque=dui&quam=maecenas&turpis=tristique&adipiscing=est&lorem=et&vitae=tempus&mattis=semper&nibh=est&ligula=quam&nec=pharetra&sem=magna&duis=ac&aliquam=consequat&convallis=metus&nunc=sapien&proin=ut&at=nunc&turpis=vestibulum&a=ante&pede=ipsum&posuere=primis&nonummy=in&integer=faucibus&non=orci&velit=luctus&donec=et&diam=ultrices&neque=posuere&vestibulum=cubilia&eget=curae&vulputate=mauris&ut=viverra&ultrices=diam&vel=vitae&augue=quam&vestibulum=suspendisse&ante=potenti&ipsum=nullam&primis=porttitor&in=lacus&faucibus=at&orci=turpis&luctus=donec&et=posuere&ultrices=metus&posuere=vitae&cubilia=ipsum&curae=aliquam&donec=non&pharetra=mauris&magna=morbi&vestibulum=non&aliquet=lectus&ultrices=aliquam&erat=sit&tortor=amet&sollicitudin=diam&mi=in&sit=magna&amet=bibendum&lobortis=imperdiet&sapien=nullam&sapien=orci&non=pede&mi=venenatis&integer=non&ac=sodales,TRUE
+http://nsw.gov.au/augue/vel.html?justo=lacus&lacinia=at&eget=turpis&tincidunt=donec&eget=posuere&tempus=metus&vel=vitae&pede=ipsum&morbi=aliquam&porttitor=non&lorem=mauris&id=morbi&ligula=non&suspendisse=lectus&ornare=aliquam&consequat=sit&lectus=amet&in=diam&est=in&risus=magna&auctor=bibendum&sed=imperdiet&tristique=nullam&in=orci&tempus=pede,TRUE
+https://ft.com/lacinia/aenean/sit/amet.jpg?erat=tellus&eros=nulla&viverra=ut&eget=erat&congue=id&eget=mauris&semper=vulputate&rutrum=elementum&nulla=nullam&nunc=varius&purus=nulla&phasellus=facilisi&in=cras&felis=non&donec=velit&semper=nec&sapien=nisi&a=vulputate&libero=nonummy&nam=maecenas&dui=tincidunt&proin=lacus&leo=at&odio=velit&porttitor=vivamus&id=vel&consequat=nulla&in=eget&consequat=eros&ut=elementum&nulla=pellentesque&sed=quisque&accumsan=porta&felis=volutpat&ut=erat&at=quisque&dolor=erat&quis=eros&odio=viverra&consequat=eget&varius=congue&integer=eget&ac=semper&leo=rutrum&pellentesque=nulla&ultrices=nunc&mattis=purus&odio=phasellus&donec=in&vitae=felis&nisi=donec&nam=semper&ultrices=sapien&libero=a&non=libero&mattis=nam&pulvinar=dui&nulla=proin&pede=leo&ullamcorper=odio&augue=porttitor&a=id&suscipit=consequat&nulla=in&elit=consequat&ac=ut&nulla=nulla&sed=sed&vel=accumsan&enim=felis&sit=ut&amet=at&nunc=dolor&viverra=quis&dapibus=odio&nulla=consequat&suscipit=varius&ligula=integer&in=ac&lacus=leo&curabitur=pellentesque&at=ultrices&ipsum=mattis&ac=odio&tellus=donec&semper=vitae&interdum=nisi&mauris=nam&ullamcorper=ultrices&purus=libero&sit=non&amet=mattis&nulla=pulvinar&quisque=nulla&arcu=pede&libero=ullamcorper&rutrum=augue&ac=a,TRUE
+https://guardian.co.uk/odio.png?sit=convallis&amet=tortor&sem=risus&fusce=dapibus&consequat=augue&nulla=vel&nisl=accumsan&nunc=tellus&nisl=nisi&duis=eu&bibendum=orci&felis=mauris&sed=lacinia&interdum=sapien&venenatis=quis&turpis=libero&enim=nullam&blandit=sit&mi=amet&in=turpis&porttitor=elementum&pede=ligula&justo=vehicula&eu=consequat&massa=morbi&donec=a&dapibus=ipsum&duis=integer&at=a&velit=nibh&eu=in&est=quis&congue=justo&elementum=maecenas&in=rhoncus&hac=aliquam&habitasse=lacus&platea=morbi&dictumst=quis&morbi=tortor&vestibulum=id&velit=nulla&id=ultrices&pretium=aliquet&iaculis=maecenas&diam=leo&erat=odio&fermentum=condimentum&justo=id&nec=luctus&condimentum=nec&neque=molestie&sapien=sed&placerat=justo&ante=pellentesque&nulla=viverra&justo=pede&aliquam=ac&quis=diam&turpis=cras&eget=pellentesque&elit=volutpat&sodales=dui&scelerisque=maecenas&mauris=tristique&sit=est&amet=et&eros=tempus&suspendisse=semper&accumsan=est&tortor=quam&quis=pharetra&turpis=magna&sed=ac&ante=consequat&vivamus=metus&tortor=sapien&duis=ut&mattis=nunc&egestas=vestibulum&metus=ante&aenean=ipsum&fermentum=primis&donec=in&ut=faucibus&mauris=orci&eget=luctus&massa=et,TRUE
+https://techcrunch.com/luctus.xml?et=mollis&ultrices=molestie&posuere=lorem&cubilia=quisque&curae=ut&nulla=erat&dapibus=curabitur&dolor=gravida&vel=nisi&est=at&donec=nibh&odio=in&justo=hac&sollicitudin=habitasse&ut=platea&suscipit=dictumst&a=aliquam&feugiat=augue&et=quam&eros=sollicitudin&vestibulum=vitae&ac=consectetuer&est=eget&lacinia=rutrum&nisi=at&venenatis=lorem&tristique=integer&fusce=tincidunt&congue=ante&diam=vel&id=ipsum&ornare=praesent&imperdiet=blandit&sapien=lacinia&urna=erat&pretium=vestibulum&nisl=sed&ut=magna&volutpat=at&sapien=nunc&arcu=commodo&sed=placerat&augue=praesent&aliquam=blandit&erat=nam&volutpat=nulla&in=integer&congue=pede&etiam=justo&justo=lacinia,TRUE
+https://simplemachines.org/hac.js?sed=ante&sagittis=ipsum&nam=primis&congue=in&risus=faucibus&semper=orci&porta=luctus&volutpat=et&quam=ultrices&pede=posuere&lobortis=cubilia&ligula=curae&sit=donec&amet=pharetra&eleifend=magna&pede=vestibulum&libero=aliquet&quis=ultrices&orci=erat&nullam=tortor&molestie=sollicitudin&nibh=mi&in=sit&lectus=amet&pellentesque=lobortis&at=sapien&nulla=sapien&suspendisse=non&potenti=mi&cras=integer,TRUE
+https://wikispaces.com/blandit/mi/in/porttitor.png?a=odio&odio=condimentum&in=id&hac=luctus&habitasse=nec&platea=molestie&dictumst=sed&maecenas=justo&ut=pellentesque&massa=viverra&quis=pede&augue=ac&luctus=diam&tincidunt=cras&nulla=pellentesque&mollis=volutpat&molestie=dui&lorem=maecenas&quisque=tristique&ut=est&erat=et&curabitur=tempus&gravida=semper&nisi=est&at=quam&nibh=pharetra&in=magna&hac=ac&habitasse=consequat&platea=metus&dictumst=sapien&aliquam=ut&augue=nunc&quam=vestibulum&sollicitudin=ante&vitae=ipsum&consectetuer=primis&eget=in&rutrum=faucibus&at=orci&lorem=luctus&integer=et&tincidunt=ultrices&ante=posuere&vel=cubilia&ipsum=curae&praesent=mauris&blandit=viverra&lacinia=diam&erat=vitae&vestibulum=quam&sed=suspendisse&magna=potenti&at=nullam&nunc=porttitor&commodo=lacus&placerat=at&praesent=turpis&blandit=donec,TRUE
+http://mapquest.com/erat/curabitur/gravida/nisi/at/nibh/in.json?leo=vestibulum&maecenas=ac&pulvinar=est&lobortis=lacinia&est=nisi&phasellus=venenatis&sit=tristique&amet=fusce&erat=congue&nulla=diam&tempus=id&vivamus=ornare&in=imperdiet&felis=sapien&eu=urna&sapien=pretium&cursus=nisl&vestibulum=ut&proin=volutpat&eu=sapien&mi=arcu&nulla=sed&ac=augue&enim=aliquam&in=erat&tempor=volutpat&turpis=in&nec=congue&euismod=etiam&scelerisque=justo&quam=etiam&turpis=pretium&adipiscing=iaculis&lorem=justo&vitae=in&mattis=hac&nibh=habitasse&ligula=platea&nec=dictumst&sem=etiam&duis=faucibus&aliquam=cursus&convallis=urna&nunc=ut&proin=tellus&at=nulla&turpis=ut&a=erat&pede=id&posuere=mauris&nonummy=vulputate&integer=elementum&non=nullam&velit=varius&donec=nulla&diam=facilisi&neque=cras&vestibulum=non&eget=velit&vulputate=nec&ut=nisi&ultrices=vulputate&vel=nonummy&augue=maecenas,TRUE
+http://marketwatch.com/cursus.aspx?molestie=cras&nibh=mi&in=pede&lectus=malesuada&pellentesque=in&at=imperdiet&nulla=et&suspendisse=commodo&potenti=vulputate&cras=justo&in=in&purus=blandit&eu=ultrices&magna=enim&vulputate=lorem&luctus=ipsum&cum=dolor&sociis=sit&natoque=amet&penatibus=consectetuer&et=adipiscing&magnis=elit&dis=proin&parturient=interdum,TRUE
+http://wisc.edu/aliquet/pulvinar/sed/nisl/nunc/rhoncus/dui.png?mattis=id&nibh=turpis&ligula=integer&nec=aliquet&sem=massa&duis=id&aliquam=lobortis&convallis=convallis&nunc=tortor&proin=risus&at=dapibus&turpis=augue&a=vel&pede=accumsan&posuere=tellus&nonummy=nisi&integer=eu&non=orci&velit=mauris&donec=lacinia&diam=sapien&neque=quis&vestibulum=libero&eget=nullam&vulputate=sit&ut=amet&ultrices=turpis&vel=elementum&augue=ligula&vestibulum=vehicula&ante=consequat&ipsum=morbi&primis=a&in=ipsum&faucibus=integer&orci=a&luctus=nibh&et=in&ultrices=quis&posuere=justo&cubilia=maecenas&curae=rhoncus&donec=aliquam&pharetra=lacus&magna=morbi&vestibulum=quis&aliquet=tortor&ultrices=id&erat=nulla&tortor=ultrices&sollicitudin=aliquet&mi=maecenas&sit=leo&amet=odio&lobortis=condimentum&sapien=id&sapien=luctus&non=nec&mi=molestie&integer=sed,TRUE
+http://yahoo.com/libero/nam/dui.xml?sed=amet&tristique=sapien&in=dignissim&tempus=vestibulum&sit=vestibulum&amet=ante&sem=ipsum&fusce=primis&consequat=in&nulla=faucibus&nisl=orci&nunc=luctus&nisl=et&duis=ultrices&bibendum=posuere&felis=cubilia&sed=curae&interdum=nulla&venenatis=dapibus&turpis=dolor&enim=vel&blandit=est&mi=donec&in=odio&porttitor=justo&pede=sollicitudin&justo=ut&eu=suscipit&massa=a&donec=feugiat&dapibus=et&duis=eros&at=vestibulum&velit=ac&eu=est&est=lacinia&congue=nisi&elementum=venenatis&in=tristique&hac=fusce&habitasse=congue&platea=diam&dictumst=id&morbi=ornare&vestibulum=imperdiet&velit=sapien&id=urna&pretium=pretium&iaculis=nisl&diam=ut&erat=volutpat&fermentum=sapien&justo=arcu&nec=sed&condimentum=augue&neque=aliquam&sapien=erat&placerat=volutpat&ante=in&nulla=congue&justo=etiam&aliquam=justo&quis=etiam&turpis=pretium&eget=iaculis&elit=justo&sodales=in&scelerisque=hac&mauris=habitasse&sit=platea&amet=dictumst&eros=etiam&suspendisse=faucibus&accumsan=cursus&tortor=urna&quis=ut&turpis=tellus&sed=nulla&ante=ut&vivamus=erat&tortor=id&duis=mauris&mattis=vulputate&egestas=elementum&metus=nullam,TRUE
+http://youtu.be/nisi/vulputate/nonummy/maecenas/tincidunt.html?quam=nec&fringilla=molestie&rhoncus=sed&mauris=justo&enim=pellentesque&leo=viverra&rhoncus=pede&sed=ac&vestibulum=diam&sit=cras&amet=pellentesque&cursus=volutpat&id=dui&turpis=maecenas&integer=tristique,TRUE
+http://umn.edu/rhoncus/sed/vestibulum/sit/amet/cursus/id.aspx?diam=mauris&id=enim&ornare=leo&imperdiet=rhoncus&sapien=sed&urna=vestibulum&pretium=sit&nisl=amet&ut=cursus&volutpat=id&sapien=turpis&arcu=integer&sed=aliquet&augue=massa&aliquam=id&erat=lobortis&volutpat=convallis&in=tortor,TRUE
+http://pen.io/hac/habitasse.js?in=congue&sapien=etiam&iaculis=justo&congue=etiam&vivamus=pretium&metus=iaculis&arcu=justo&adipiscing=in&molestie=hac&hendrerit=habitasse&at=platea&vulputate=dictumst&vitae=etiam&nisl=faucibus&aenean=cursus&lectus=urna&pellentesque=ut&eget=tellus&nunc=nulla&donec=ut&quis=erat&orci=id&eget=mauris&orci=vulputate&vehicula=elementum&condimentum=nullam&curabitur=varius&in=nulla,TRUE
+http://twitter.com/dolor/morbi/vel/lectus/in/quam.html?nulla=phasellus&elit=id&ac=sapien&nulla=in&sed=sapien&vel=iaculis&enim=congue&sit=vivamus&amet=metus&nunc=arcu&viverra=adipiscing,TRUE
+http://state.gov/dapibus.jsp?pede=iaculis&morbi=congue&porttitor=vivamus&lorem=metus&id=arcu&ligula=adipiscing&suspendisse=molestie&ornare=hendrerit&consequat=at&lectus=vulputate&in=vitae&est=nisl&risus=aenean&auctor=lectus&sed=pellentesque&tristique=eget&in=nunc&tempus=donec&sit=quis&amet=orci&sem=eget&fusce=orci&consequat=vehicula&nulla=condimentum&nisl=curabitur&nunc=in&nisl=libero&duis=ut&bibendum=massa&felis=volutpat&sed=convallis&interdum=morbi&venenatis=odio&turpis=odio&enim=elementum&blandit=eu&mi=interdum&in=eu&porttitor=tincidunt&pede=in&justo=leo&eu=maecenas&massa=pulvinar&donec=lobortis&dapibus=est&duis=phasellus&at=sit&velit=amet&eu=erat&est=nulla&congue=tempus&elementum=vivamus&in=in&hac=felis&habitasse=eu&platea=sapien&dictumst=cursus&morbi=vestibulum&vestibulum=proin&velit=eu&id=mi&pretium=nulla&iaculis=ac&diam=enim&erat=in&fermentum=tempor&justo=turpis&nec=nec&condimentum=euismod&neque=scelerisque&sapien=quam&placerat=turpis&ante=adipiscing&nulla=lorem&justo=vitae&aliquam=mattis&quis=nibh,TRUE
+http://slashdot.org/lectus/suspendisse/potenti/in/eleifend/quam.png?non=tellus&quam=nisi&nec=eu&dui=orci&luctus=mauris&rutrum=lacinia&nulla=sapien&tellus=quis&in=libero&sagittis=nullam&dui=sit&vel=amet&nisl=turpis&duis=elementum&ac=ligula&nibh=vehicula&fusce=consequat&lacus=morbi&purus=a&aliquet=ipsum&at=integer&feugiat=a&non=nibh&pretium=in&quis=quis&lectus=justo&suspendisse=maecenas&potenti=rhoncus&in=aliquam&eleifend=lacus&quam=morbi&a=quis&odio=tortor&in=id&hac=nulla&habitasse=ultrices&platea=aliquet&dictumst=maecenas&maecenas=leo&ut=odio&massa=condimentum&quis=id&augue=luctus&luctus=nec&tincidunt=molestie&nulla=sed&mollis=justo&molestie=pellentesque&lorem=viverra&quisque=pede&ut=ac&erat=diam&curabitur=cras&gravida=pellentesque&nisi=volutpat&at=dui&nibh=maecenas&in=tristique&hac=est&habitasse=et&platea=tempus&dictumst=semper&aliquam=est&augue=quam&quam=pharetra&sollicitudin=magna&vitae=ac&consectetuer=consequat&eget=metus&rutrum=sapien&at=ut&lorem=nunc&integer=vestibulum&tincidunt=ante&ante=ipsum&vel=primis&ipsum=in&praesent=faucibus&blandit=orci&lacinia=luctus&erat=et&vestibulum=ultrices&sed=posuere&magna=cubilia&at=curae&nunc=mauris&commodo=viverra&placerat=diam&praesent=vitae&blandit=quam&nam=suspendisse&nulla=potenti&integer=nullam&pede=porttitor&justo=lacus,TRUE
+http://nyu.edu/blandit/lacinia/erat/vestibulum.jsp?at=vel&velit=est&eu=donec&est=odio&congue=justo&elementum=sollicitudin&in=ut&hac=suscipit&habitasse=a&platea=feugiat&dictumst=et&morbi=eros&vestibulum=vestibulum&velit=ac&id=est&pretium=lacinia&iaculis=nisi&diam=venenatis&erat=tristique&fermentum=fusce&justo=congue&nec=diam&condimentum=id&neque=ornare&sapien=imperdiet&placerat=sapien&ante=urna&nulla=pretium&justo=nisl&aliquam=ut&quis=volutpat&turpis=sapien&eget=arcu&elit=sed&sodales=augue&scelerisque=aliquam&mauris=erat&sit=volutpat&amet=in&eros=congue&suspendisse=etiam&accumsan=justo&tortor=etiam&quis=pretium&turpis=iaculis&sed=justo&ante=in&vivamus=hac&tortor=habitasse&duis=platea&mattis=dictumst&egestas=etiam&metus=faucibus&aenean=cursus&fermentum=urna&donec=ut&ut=tellus&mauris=nulla&eget=ut&massa=erat&tempor=id&convallis=mauris&nulla=vulputate&neque=elementum&libero=nullam&convallis=varius&eget=nulla&eleifend=facilisi&luctus=cras&ultricies=non&eu=velit&nibh=nec&quisque=nisi&id=vulputate&justo=nonummy&sit=maecenas&amet=tincidunt&sapien=lacus&dignissim=at&vestibulum=velit&vestibulum=vivamus&ante=vel&ipsum=nulla&primis=eget&in=eros&faucibus=elementum&orci=pellentesque&luctus=quisque&et=porta&ultrices=volutpat&posuere=erat&cubilia=quisque&curae=erat&nulla=eros&dapibus=viverra&dolor=eget&vel=congue,TRUE
+https://nba.com/at/turpis.xml?aliquet=mi&pulvinar=sit&sed=amet&nisl=lobortis&nunc=sapien&rhoncus=sapien&dui=non&vel=mi&sem=integer&sed=ac&sagittis=neque&nam=duis&congue=bibendum&risus=morbi&semper=non&porta=quam&volutpat=nec&quam=dui&pede=luctus&lobortis=rutrum&ligula=nulla&sit=tellus&amet=in&eleifend=sagittis&pede=dui&libero=vel&quis=nisl&orci=duis&nullam=ac&molestie=nibh&nibh=fusce&in=lacus&lectus=purus&pellentesque=aliquet&at=at&nulla=feugiat&suspendisse=non&potenti=pretium&cras=quis&in=lectus&purus=suspendisse&eu=potenti&magna=in&vulputate=eleifend&luctus=quam&cum=a&sociis=odio&natoque=in&penatibus=hac&et=habitasse&magnis=platea&dis=dictumst&parturient=maecenas&montes=ut&nascetur=massa&ridiculus=quis&mus=augue&vivamus=luctus&vestibulum=tincidunt&sagittis=nulla&sapien=mollis&cum=molestie&sociis=lorem&natoque=quisque&penatibus=ut&et=erat&magnis=curabitur&dis=gravida&parturient=nisi&montes=at&nascetur=nibh&ridiculus=in&mus=hac&etiam=habitasse&vel=platea&augue=dictumst&vestibulum=aliquam&rutrum=augue&rutrum=quam&neque=sollicitudin&aenean=vitae&auctor=consectetuer&gravida=eget&sem=rutrum&praesent=at&id=lorem&massa=integer&id=tincidunt,TRUE
+http://cisco.com/orci/nullam.jsp?et=ultrices&tempus=posuere&semper=cubilia&est=curae&quam=donec&pharetra=pharetra&magna=magna&ac=vestibulum&consequat=aliquet&metus=ultrices&sapien=erat&ut=tortor&nunc=sollicitudin&vestibulum=mi&ante=sit&ipsum=amet&primis=lobortis&in=sapien&faucibus=sapien&orci=non&luctus=mi&et=integer&ultrices=ac&posuere=neque&cubilia=duis&curae=bibendum&mauris=morbi&viverra=non&diam=quam&vitae=nec&quam=dui&suspendisse=luctus&potenti=rutrum&nullam=nulla&porttitor=tellus&lacus=in&at=sagittis&turpis=dui&donec=vel&posuere=nisl&metus=duis&vitae=ac&ipsum=nibh&aliquam=fusce&non=lacus&mauris=purus&morbi=aliquet&non=at&lectus=feugiat&aliquam=non&sit=pretium&amet=quis&diam=lectus&in=suspendisse&magna=potenti&bibendum=in&imperdiet=eleifend&nullam=quam&orci=a&pede=odio&venenatis=in&non=hac&sodales=habitasse&sed=platea&tincidunt=dictumst&eu=maecenas&felis=ut&fusce=massa&posuere=quis&felis=augue&sed=luctus&lacus=tincidunt&morbi=nulla&sem=mollis&mauris=molestie&laoreet=lorem,TRUE
+http://wordpress.com/quam/suspendisse/potenti/nullam.html?consequat=ac&morbi=diam&a=cras&ipsum=pellentesque&integer=volutpat&a=dui&nibh=maecenas&in=tristique&quis=est&justo=et&maecenas=tempus&rhoncus=semper&aliquam=est&lacus=quam&morbi=pharetra&quis=magna&tortor=ac&id=consequat&nulla=metus&ultrices=sapien&aliquet=ut&maecenas=nunc&leo=vestibulum&odio=ante&condimentum=ipsum&id=primis&luctus=in&nec=faucibus&molestie=orci&sed=luctus&justo=et&pellentesque=ultrices&viverra=posuere&pede=cubilia&ac=curae&diam=mauris&cras=viverra&pellentesque=diam&volutpat=vitae&dui=quam&maecenas=suspendisse&tristique=potenti&est=nullam&et=porttitor&tempus=lacus&semper=at&est=turpis&quam=donec&pharetra=posuere&magna=metus&ac=vitae&consequat=ipsum&metus=aliquam&sapien=non&ut=mauris&nunc=morbi&vestibulum=non&ante=lectus&ipsum=aliquam&primis=sit&in=amet&faucibus=diam&orci=in&luctus=magna&et=bibendum&ultrices=imperdiet&posuere=nullam&cubilia=orci&curae=pede&mauris=venenatis&viverra=non&diam=sodales&vitae=sed&quam=tincidunt&suspendisse=eu&potenti=felis&nullam=fusce&porttitor=posuere,TRUE
+https://lulu.com/eu/interdum.html?proin=montes&leo=nascetur&odio=ridiculus&porttitor=mus&id=etiam&consequat=vel&in=augue&consequat=vestibulum&ut=rutrum&nulla=rutrum&sed=neque&accumsan=aenean&felis=auctor&ut=gravida&at=sem&dolor=praesent&quis=id&odio=massa&consequat=id&varius=nisl&integer=venenatis&ac=lacinia&leo=aenean&pellentesque=sit&ultrices=amet&mattis=justo&odio=morbi&donec=ut&vitae=odio&nisi=cras&nam=mi&ultrices=pede&libero=malesuada&non=in&mattis=imperdiet&pulvinar=et&nulla=commodo&pede=vulputate&ullamcorper=justo&augue=in&a=blandit&suscipit=ultrices&nulla=enim&elit=lorem&ac=ipsum&nulla=dolor&sed=sit&vel=amet&enim=consectetuer&sit=adipiscing&amet=elit&nunc=proin&viverra=interdum&dapibus=mauris&nulla=non&suscipit=ligula&ligula=pellentesque&in=ultrices&lacus=phasellus&curabitur=id&at=sapien&ipsum=in&ac=sapien&tellus=iaculis&semper=congue&interdum=vivamus&mauris=metus&ullamcorper=arcu&purus=adipiscing&sit=molestie&amet=hendrerit&nulla=at&quisque=vulputate&arcu=vitae&libero=nisl&rutrum=aenean&ac=lectus&lobortis=pellentesque&vel=eget,TRUE
+http://ibm.com/dolor.html?nunc=praesent&proin=blandit&at=lacinia&turpis=erat&a=vestibulum&pede=sed&posuere=magna&nonummy=at&integer=nunc&non=commodo&velit=placerat&donec=praesent&diam=blandit&neque=nam&vestibulum=nulla&eget=integer&vulputate=pede&ut=justo&ultrices=lacinia&vel=eget&augue=tincidunt&vestibulum=eget&ante=tempus&ipsum=vel&primis=pede&in=morbi&faucibus=porttitor&orci=lorem&luctus=id&et=ligula&ultrices=suspendisse&posuere=ornare&cubilia=consequat&curae=lectus&donec=in&pharetra=est&magna=risus&vestibulum=auctor&aliquet=sed&ultrices=tristique&erat=in&tortor=tempus&sollicitudin=sit&mi=amet&sit=sem&amet=fusce&lobortis=consequat&sapien=nulla&sapien=nisl&non=nunc&mi=nisl&integer=duis&ac=bibendum&neque=felis&duis=sed&bibendum=interdum&morbi=venenatis&non=turpis&quam=enim&nec=blandit&dui=mi&luctus=in&rutrum=porttitor&nulla=pede&tellus=justo&in=eu&sagittis=massa&dui=donec&vel=dapibus&nisl=duis&duis=at&ac=velit&nibh=eu&fusce=est&lacus=congue&purus=elementum&aliquet=in&at=hac&feugiat=habitasse&non=platea&pretium=dictumst&quis=morbi&lectus=vestibulum&suspendisse=velit&potenti=id&in=pretium&eleifend=iaculis&quam=diam,TRUE
+http://hatena.ne.jp/quisque/erat/eros/viverra/eget/congue.aspx?eu=purus&massa=phasellus&donec=in&dapibus=felis&duis=donec&at=semper&velit=sapien&eu=a&est=libero&congue=nam&elementum=dui&in=proin&hac=leo&habitasse=odio&platea=porttitor&dictumst=id&morbi=consequat&vestibulum=in&velit=consequat&id=ut&pretium=nulla&iaculis=sed&diam=accumsan&erat=felis&fermentum=ut&justo=at&nec=dolor&condimentum=quis&neque=odio&sapien=consequat&placerat=varius&ante=integer&nulla=ac&justo=leo&aliquam=pellentesque&quis=ultrices,TRUE
+http://nsw.gov.au/libero/non/mattis/pulvinar/nulla/pede/ullamcorper.xml?diam=sapien&erat=ut&fermentum=nunc&justo=vestibulum&nec=ante&condimentum=ipsum&neque=primis&sapien=in&placerat=faucibus&ante=orci&nulla=luctus&justo=et&aliquam=ultrices&quis=posuere&turpis=cubilia&eget=curae&elit=mauris&sodales=viverra&scelerisque=diam&mauris=vitae&sit=quam&amet=suspendisse&eros=potenti&suspendisse=nullam&accumsan=porttitor&tortor=lacus&quis=at&turpis=turpis&sed=donec&ante=posuere&vivamus=metus&tortor=vitae&duis=ipsum&mattis=aliquam&egestas=non&metus=mauris&aenean=morbi&fermentum=non&donec=lectus,TRUE
+https://bloglovin.com/rhoncus/dui.jsp?sagittis=nec&sapien=dui&cum=luctus&sociis=rutrum&natoque=nulla&penatibus=tellus&et=in&magnis=sagittis&dis=dui&parturient=vel&montes=nisl&nascetur=duis&ridiculus=ac&mus=nibh&etiam=fusce&vel=lacus&augue=purus&vestibulum=aliquet&rutrum=at&rutrum=feugiat&neque=non&aenean=pretium&auctor=quis&gravida=lectus&sem=suspendisse&praesent=potenti&id=in&massa=eleifend&id=quam&nisl=a&venenatis=odio&lacinia=in&aenean=hac&sit=habitasse&amet=platea&justo=dictumst&morbi=maecenas&ut=ut&odio=massa&cras=quis&mi=augue&pede=luctus&malesuada=tincidunt&in=nulla&imperdiet=mollis&et=molestie&commodo=lorem&vulputate=quisque&justo=ut&in=erat&blandit=curabitur&ultrices=gravida&enim=nisi&lorem=at&ipsum=nibh&dolor=in&sit=hac&amet=habitasse&consectetuer=platea&adipiscing=dictumst&elit=aliquam&proin=augue&interdum=quam&mauris=sollicitudin&non=vitae,TRUE
+https://cloudflare.com/habitasse/platea/dictumst/etiam/faucibus/cursus/urna.xml?a=eget&libero=congue&nam=eget&dui=semper&proin=rutrum&leo=nulla&odio=nunc&porttitor=purus&id=phasellus&consequat=in&in=felis&consequat=donec&ut=semper&nulla=sapien&sed=a&accumsan=libero&felis=nam&ut=dui&at=proin&dolor=leo&quis=odio&odio=porttitor&consequat=id&varius=consequat&integer=in&ac=consequat&leo=ut&pellentesque=nulla&ultrices=sed&mattis=accumsan&odio=felis&donec=ut&vitae=at&nisi=dolor&nam=quis&ultrices=odio&libero=consequat&non=varius&mattis=integer&pulvinar=ac&nulla=leo&pede=pellentesque&ullamcorper=ultrices&augue=mattis,TRUE
+https://wikispaces.com/donec/quis/orci/eget/orci/vehicula.jpg?cum=posuere&sociis=cubilia&natoque=curae&penatibus=mauris&et=viverra&magnis=diam&dis=vitae&parturient=quam&montes=suspendisse&nascetur=potenti&ridiculus=nullam&mus=porttitor&vivamus=lacus&vestibulum=at&sagittis=turpis&sapien=donec&cum=posuere&sociis=metus&natoque=vitae&penatibus=ipsum&et=aliquam&magnis=non&dis=mauris&parturient=morbi&montes=non&nascetur=lectus&ridiculus=aliquam&mus=sit&etiam=amet&vel=diam&augue=in&vestibulum=magna&rutrum=bibendum&rutrum=imperdiet&neque=nullam&aenean=orci&auctor=pede&gravida=venenatis&sem=non&praesent=sodales&id=sed&massa=tincidunt&id=eu&nisl=felis&venenatis=fusce&lacinia=posuere&aenean=felis&sit=sed&amet=lacus&justo=morbi&morbi=sem&ut=mauris&odio=laoreet&cras=ut&mi=rhoncus&pede=aliquet&malesuada=pulvinar&in=sed&imperdiet=nisl,TRUE
+https://storify.com/venenatis/lacinia/aenean/sit/amet/justo.xml?interdum=fermentum&venenatis=donec&turpis=ut&enim=mauris&blandit=eget&mi=massa&in=tempor&porttitor=convallis&pede=nulla&justo=neque&eu=libero&massa=convallis&donec=eget&dapibus=eleifend&duis=luctus&at=ultricies&velit=eu&eu=nibh&est=quisque&congue=id&elementum=justo&in=sit,TRUE
+http://utexas.edu/donec/ut.js?blandit=in&ultrices=hac&enim=habitasse&lorem=platea&ipsum=dictumst&dolor=etiam&sit=faucibus&amet=cursus&consectetuer=urna&adipiscing=ut&elit=tellus&proin=nulla&interdum=ut&mauris=erat&non=id&ligula=mauris&pellentesque=vulputate&ultrices=elementum&phasellus=nullam&id=varius&sapien=nulla&in=facilisi&sapien=cras&iaculis=non&congue=velit&vivamus=nec&metus=nisi&arcu=vulputate&adipiscing=nonummy&molestie=maecenas&hendrerit=tincidunt&at=lacus&vulputate=at&vitae=velit&nisl=vivamus&aenean=vel&lectus=nulla&pellentesque=eget&eget=eros&nunc=elementum&donec=pellentesque&quis=quisque&orci=porta&eget=volutpat&orci=erat&vehicula=quisque&condimentum=erat&curabitur=eros,TRUE
+http://jiathis.com/nulla/facilisi/cras/non/velit.js?in=ut&faucibus=volutpat&orci=sapien&luctus=arcu&et=sed&ultrices=augue&posuere=aliquam&cubilia=erat&curae=volutpat&duis=in&faucibus=congue&accumsan=etiam&odio=justo&curabitur=etiam&convallis=pretium&duis=iaculis&consequat=justo&dui=in&nec=hac&nisi=habitasse&volutpat=platea&eleifend=dictumst&donec=etiam&ut=faucibus&dolor=cursus&morbi=urna&vel=ut&lectus=tellus&in=nulla&quam=ut&fringilla=erat&rhoncus=id&mauris=mauris&enim=vulputate&leo=elementum&rhoncus=nullam&sed=varius&vestibulum=nulla&sit=facilisi&amet=cras&cursus=non&id=velit&turpis=nec&integer=nisi&aliquet=vulputate&massa=nonummy&id=maecenas&lobortis=tincidunt&convallis=lacus&tortor=at&risus=velit&dapibus=vivamus&augue=vel&vel=nulla&accumsan=eget&tellus=eros&nisi=elementum&eu=pellentesque&orci=quisque&mauris=porta&lacinia=volutpat&sapien=erat&quis=quisque&libero=erat&nullam=eros&sit=viverra&amet=eget&turpis=congue&elementum=eget&ligula=semper&vehicula=rutrum&consequat=nulla&morbi=nunc&a=purus&ipsum=phasellus&integer=in&a=felis&nibh=donec&in=semper&quis=sapien&justo=a&maecenas=libero&rhoncus=nam&aliquam=dui&lacus=proin&morbi=leo&quis=odio&tortor=porttitor&id=id&nulla=consequat&ultrices=in&aliquet=consequat&maecenas=ut&leo=nulla&odio=sed&condimentum=accumsan&id=felis&luctus=ut&nec=at,TRUE
+http://feedburner.com/volutpat/eleifend/donec/ut.aspx?quis=rhoncus&turpis=aliquet&eget=pulvinar&elit=sed&sodales=nisl&scelerisque=nunc&mauris=rhoncus&sit=dui&amet=vel&eros=sem&suspendisse=sed&accumsan=sagittis&tortor=nam&quis=congue&turpis=risus&sed=semper&ante=porta&vivamus=volutpat&tortor=quam&duis=pede&mattis=lobortis&egestas=ligula&metus=sit&aenean=amet&fermentum=eleifend&donec=pede&ut=libero&mauris=quis&eget=orci&massa=nullam&tempor=molestie&convallis=nibh&nulla=in&neque=lectus&libero=pellentesque&convallis=at&eget=nulla&eleifend=suspendisse&luctus=potenti&ultricies=cras&eu=in&nibh=purus&quisque=eu&id=magna&justo=vulputate&sit=luctus&amet=cum&sapien=sociis&dignissim=natoque&vestibulum=penatibus&vestibulum=et&ante=magnis&ipsum=dis&primis=parturient&in=montes&faucibus=nascetur&orci=ridiculus&luctus=mus&et=vivamus&ultrices=vestibulum&posuere=sagittis&cubilia=sapien&curae=cum&nulla=sociis&dapibus=natoque&dolor=penatibus&vel=et&est=magnis&donec=dis&odio=parturient&justo=montes&sollicitudin=nascetur&ut=ridiculus&suscipit=mus&a=etiam&feugiat=vel&et=augue&eros=vestibulum&vestibulum=rutrum&ac=rutrum&est=neque&lacinia=aenean&nisi=auctor&venenatis=gravida&tristique=sem&fusce=praesent&congue=id&diam=massa&id=id&ornare=nisl&imperdiet=venenatis&sapien=lacinia&urna=aenean&pretium=sit&nisl=amet&ut=justo&volutpat=morbi&sapien=ut&arcu=odio&sed=cras,TRUE
+https://soup.io/dolor/sit.xml?pede=dolor&ullamcorper=sit&augue=amet&a=consectetuer&suscipit=adipiscing&nulla=elit&elit=proin&ac=interdum&nulla=mauris&sed=non&vel=ligula&enim=pellentesque&sit=ultrices&amet=phasellus&nunc=id&viverra=sapien&dapibus=in&nulla=sapien&suscipit=iaculis&ligula=congue&in=vivamus&lacus=metus&curabitur=arcu&at=adipiscing&ipsum=molestie&ac=hendrerit&tellus=at&semper=vulputate&interdum=vitae&mauris=nisl&ullamcorper=aenean&purus=lectus&sit=pellentesque,TRUE
+http://uol.com.br/accumsan/felis/ut/at/dolor/quis.aspx?blandit=arcu&nam=sed,TRUE
+http://bloglovin.com/odio/in/hac.json?non=consectetuer&quam=eget&nec=rutrum&dui=at&luctus=lorem&rutrum=integer&nulla=tincidunt&tellus=ante&in=vel&sagittis=ipsum&dui=praesent&vel=blandit&nisl=lacinia&duis=erat&ac=vestibulum&nibh=sed&fusce=magna&lacus=at&purus=nunc&aliquet=commodo&at=placerat&feugiat=praesent&non=blandit&pretium=nam&quis=nulla&lectus=integer&suspendisse=pede&potenti=justo&in=lacinia&eleifend=eget&quam=tincidunt&a=eget&odio=tempus&in=vel&hac=pede&habitasse=morbi&platea=porttitor&dictumst=lorem&maecenas=id&ut=ligula&massa=suspendisse&quis=ornare&augue=consequat&luctus=lectus&tincidunt=in&nulla=est&mollis=risus&molestie=auctor&lorem=sed&quisque=tristique&ut=in&erat=tempus&curabitur=sit&gravida=amet&nisi=sem&at=fusce&nibh=consequat&in=nulla&hac=nisl,TRUE
+http://taobao.com/turpis/integer.jpg?morbi=dis&porttitor=parturient&lorem=montes&id=nascetur&ligula=ridiculus&suspendisse=mus&ornare=etiam&consequat=vel&lectus=augue&in=vestibulum&est=rutrum&risus=rutrum&auctor=neque&sed=aenean&tristique=auctor&in=gravida&tempus=sem&sit=praesent,TRUE
+http://gnu.org/in/imperdiet/et/commodo/vulputate.aspx?ut=orci&nunc=luctus&vestibulum=et&ante=ultrices&ipsum=posuere&primis=cubilia&in=curae&faucibus=mauris&orci=viverra&luctus=diam&et=vitae&ultrices=quam&posuere=suspendisse&cubilia=potenti&curae=nullam&mauris=porttitor&viverra=lacus&diam=at&vitae=turpis&quam=donec&suspendisse=posuere&potenti=metus&nullam=vitae,TRUE
+http://msu.edu/morbi/quis/tortor/id/nulla/ultrices.aspx?justo=eu&eu=felis&massa=fusce&donec=posuere&dapibus=felis&duis=sed&at=lacus&velit=morbi&eu=sem&est=mauris&congue=laoreet&elementum=ut&in=rhoncus&hac=aliquet&habitasse=pulvinar&platea=sed&dictumst=nisl&morbi=nunc&vestibulum=rhoncus&velit=dui&id=vel&pretium=sem&iaculis=sed&diam=sagittis&erat=nam&fermentum=congue&justo=risus&nec=semper&condimentum=porta&neque=volutpat&sapien=quam&placerat=pede&ante=lobortis&nulla=ligula&justo=sit&aliquam=amet&quis=eleifend&turpis=pede&eget=libero&elit=quis&sodales=orci&scelerisque=nullam&mauris=molestie&sit=nibh&amet=in&eros=lectus&suspendisse=pellentesque&accumsan=at&tortor=nulla&quis=suspendisse&turpis=potenti&sed=cras&ante=in&vivamus=purus&tortor=eu&duis=magna&mattis=vulputate&egestas=luctus&metus=cum&aenean=sociis&fermentum=natoque&donec=penatibus&ut=et&mauris=magnis&eget=dis&massa=parturient&tempor=montes,TRUE
+https://prlog.org/vehicula/condimentum.json?quam=luctus&turpis=cum&adipiscing=sociis&lorem=natoque&vitae=penatibus&mattis=et&nibh=magnis&ligula=dis&nec=parturient&sem=montes&duis=nascetur&aliquam=ridiculus&convallis=mus&nunc=vivamus&proin=vestibulum&at=sagittis&turpis=sapien&a=cum&pede=sociis&posuere=natoque&nonummy=penatibus&integer=et&non=magnis&velit=dis&donec=parturient&diam=montes&neque=nascetur&vestibulum=ridiculus&eget=mus&vulputate=etiam&ut=vel&ultrices=augue&vel=vestibulum&augue=rutrum&vestibulum=rutrum&ante=neque&ipsum=aenean&primis=auctor&in=gravida&faucibus=sem&orci=praesent&luctus=id&et=massa&ultrices=id&posuere=nisl&cubilia=venenatis&curae=lacinia&donec=aenean&pharetra=sit&magna=amet&vestibulum=justo&aliquet=morbi&ultrices=ut&erat=odio&tortor=cras&sollicitudin=mi&mi=pede&sit=malesuada&amet=in&lobortis=imperdiet&sapien=et&sapien=commodo&non=vulputate&mi=justo&integer=in&ac=blandit&neque=ultrices&duis=enim&bibendum=lorem&morbi=ipsum&non=dolor&quam=sit&nec=amet&dui=consectetuer&luctus=adipiscing&rutrum=elit&nulla=proin&tellus=interdum&in=mauris&sagittis=non&dui=ligula&vel=pellentesque&nisl=ultrices&duis=phasellus&ac=id&nibh=sapien&fusce=in&lacus=sapien&purus=iaculis&aliquet=congue&at=vivamus&feugiat=metus&non=arcu&pretium=adipiscing,TRUE
+http://bloglines.com/rutrum/neque/aenean/auctor/gravida/sem/praesent.xml?turpis=venenatis&a=lacinia&pede=aenean&posuere=sit&nonummy=amet&integer=justo&non=morbi&velit=ut&donec=odio&diam=cras&neque=mi,TRUE
+http://earthlink.net/aliquam.xml?lobortis=rhoncus&sapien=aliquet&sapien=pulvinar&non=sed&mi=nisl&integer=nunc&ac=rhoncus&neque=dui&duis=vel&bibendum=sem&morbi=sed&non=sagittis&quam=nam&nec=congue&dui=risus&luctus=semper&rutrum=porta&nulla=volutpat&tellus=quam&in=pede&sagittis=lobortis&dui=ligula&vel=sit&nisl=amet&duis=eleifend&ac=pede&nibh=libero&fusce=quis&lacus=orci&purus=nullam&aliquet=molestie&at=nibh&feugiat=in&non=lectus&pretium=pellentesque&quis=at&lectus=nulla&suspendisse=suspendisse&potenti=potenti&in=cras&eleifend=in&quam=purus&a=eu&odio=magna&in=vulputate&hac=luctus&habitasse=cum&platea=sociis&dictumst=natoque&maecenas=penatibus&ut=et&massa=magnis&quis=dis&augue=parturient&luctus=montes&tincidunt=nascetur&nulla=ridiculus&mollis=mus&molestie=vivamus&lorem=vestibulum&quisque=sagittis&ut=sapien&erat=cum&curabitur=sociis&gravida=natoque&nisi=penatibus&at=et&nibh=magnis&in=dis&hac=parturient,TRUE
+http://yandex.ru/leo/odio/porttitor/id.aspx?duis=quis&ac=tortor&nibh=id&fusce=nulla&lacus=ultrices&purus=aliquet&aliquet=maecenas&at=leo&feugiat=odio&non=condimentum&pretium=id&quis=luctus&lectus=nec&suspendisse=molestie&potenti=sed&in=justo&eleifend=pellentesque&quam=viverra&a=pede&odio=ac&in=diam&hac=cras&habitasse=pellentesque&platea=volutpat&dictumst=dui&maecenas=maecenas&ut=tristique&massa=est&quis=et&augue=tempus&luctus=semper&tincidunt=est&nulla=quam&mollis=pharetra&molestie=magna&lorem=ac&quisque=consequat&ut=metus&erat=sapien&curabitur=ut&gravida=nunc&nisi=vestibulum&at=ante&nibh=ipsum&in=primis&hac=in&habitasse=faucibus&platea=orci&dictumst=luctus&aliquam=et&augue=ultrices&quam=posuere,TRUE
+http://craigslist.org/mi.jsp?erat=adipiscing&curabitur=elit&gravida=proin&nisi=risus&at=praesent&nibh=lectus&in=vestibulum&hac=quam&habitasse=sapien&platea=varius&dictumst=ut&aliquam=blandit&augue=non&quam=interdum&sollicitudin=in&vitae=ante&consectetuer=vestibulum&eget=ante&rutrum=ipsum&at=primis&lorem=in&integer=faucibus&tincidunt=orci&ante=luctus&vel=et&ipsum=ultrices&praesent=posuere&blandit=cubilia&lacinia=curae&erat=duis&vestibulum=faucibus&sed=accumsan&magna=odio&at=curabitur&nunc=convallis&commodo=duis&placerat=consequat&praesent=dui&blandit=nec&nam=nisi&nulla=volutpat&integer=eleifend&pede=donec&justo=ut&lacinia=dolor&eget=morbi&tincidunt=vel&eget=lectus&tempus=in&vel=quam&pede=fringilla&morbi=rhoncus&porttitor=mauris&lorem=enim&id=leo&ligula=rhoncus&suspendisse=sed&ornare=vestibulum&consequat=sit&lectus=amet&in=cursus&est=id&risus=turpis&auctor=integer&sed=aliquet&tristique=massa&in=id&tempus=lobortis&sit=convallis&amet=tortor&sem=risus,TRUE
+http://examiner.com/suspendisse/ornare/consequat/lectus/in/est/risus.jpg?eu=sit&est=amet&congue=diam&elementum=in&in=magna&hac=bibendum&habitasse=imperdiet&platea=nullam&dictumst=orci&morbi=pede&vestibulum=venenatis&velit=non&id=sodales&pretium=sed&iaculis=tincidunt&diam=eu&erat=felis&fermentum=fusce&justo=posuere&nec=felis&condimentum=sed&neque=lacus&sapien=morbi&placerat=sem&ante=mauris&nulla=laoreet&justo=ut&aliquam=rhoncus&quis=aliquet&turpis=pulvinar&eget=sed&elit=nisl&sodales=nunc&scelerisque=rhoncus&mauris=dui&sit=vel&amet=sem&eros=sed&suspendisse=sagittis&accumsan=nam&tortor=congue&quis=risus&turpis=semper&sed=porta&ante=volutpat&vivamus=quam&tortor=pede&duis=lobortis&mattis=ligula&egestas=sit&metus=amet&aenean=eleifend&fermentum=pede&donec=libero&ut=quis&mauris=orci&eget=nullam&massa=molestie&tempor=nibh&convallis=in&nulla=lectus&neque=pellentesque&libero=at&convallis=nulla&eget=suspendisse&eleifend=potenti&luctus=cras&ultricies=in&eu=purus&nibh=eu&quisque=magna&id=vulputate&justo=luctus&sit=cum&amet=sociis&sapien=natoque&dignissim=penatibus&vestibulum=et&vestibulum=magnis,TRUE
+http://chronoengine.com/dui/proin/leo/odio/porttitor/id/consequat.xml?dolor=felis&morbi=fusce&vel=posuere&lectus=felis&in=sed&quam=lacus&fringilla=morbi&rhoncus=sem&mauris=mauris&enim=laoreet&leo=ut&rhoncus=rhoncus&sed=aliquet&vestibulum=pulvinar&sit=sed&amet=nisl&cursus=nunc&id=rhoncus&turpis=dui&integer=vel&aliquet=sem&massa=sed&id=sagittis&lobortis=nam&convallis=congue&tortor=risus&risus=semper&dapibus=porta&augue=volutpat&vel=quam&accumsan=pede&tellus=lobortis&nisi=ligula&eu=sit&orci=amet&mauris=eleifend&lacinia=pede&sapien=libero&quis=quis&libero=orci&nullam=nullam&sit=molestie&amet=nibh&turpis=in&elementum=lectus&ligula=pellentesque&vehicula=at&consequat=nulla&morbi=suspendisse&a=potenti&ipsum=cras&integer=in&a=purus&nibh=eu&in=magna&quis=vulputate&justo=luctus&maecenas=cum&rhoncus=sociis&aliquam=natoque&lacus=penatibus&morbi=et&quis=magnis&tortor=dis&id=parturient&nulla=montes&ultrices=nascetur&aliquet=ridiculus&maecenas=mus&leo=vivamus&odio=vestibulum&condimentum=sagittis&id=sapien&luctus=cum&nec=sociis&molestie=natoque&sed=penatibus&justo=et&pellentesque=magnis&viverra=dis&pede=parturient&ac=montes&diam=nascetur&cras=ridiculus&pellentesque=mus,TRUE
+http://stumbleupon.com/nec/nisi/volutpat/eleifend/donec.json?cras=nulla&in=tellus&purus=in&eu=sagittis&magna=dui&vulputate=vel&luctus=nisl&cum=duis&sociis=ac&natoque=nibh&penatibus=fusce&et=lacus&magnis=purus&dis=aliquet&parturient=at&montes=feugiat&nascetur=non&ridiculus=pretium&mus=quis&vivamus=lectus&vestibulum=suspendisse&sagittis=potenti&sapien=in&cum=eleifend&sociis=quam&natoque=a&penatibus=odio&et=in&magnis=hac&dis=habitasse&parturient=platea&montes=dictumst&nascetur=maecenas&ridiculus=ut&mus=massa&etiam=quis&vel=augue&augue=luctus&vestibulum=tincidunt&rutrum=nulla&rutrum=mollis&neque=molestie&aenean=lorem&auctor=quisque&gravida=ut&sem=erat&praesent=curabitur&id=gravida&massa=nisi&id=at&nisl=nibh&venenatis=in&lacinia=hac&aenean=habitasse&sit=platea&amet=dictumst&justo=aliquam&morbi=augue,TRUE
+http://archive.org/sapien/quis/libero/nullam/sit/amet/turpis.js?tincidunt=elementum&lacus=nullam&at=varius&velit=nulla&vivamus=facilisi,TRUE
+http://princeton.edu/nulla/tellus/in/sagittis.png?odio=magna&elementum=ac&eu=consequat&interdum=metus&eu=sapien&tincidunt=ut&in=nunc&leo=vestibulum&maecenas=ante&pulvinar=ipsum&lobortis=primis&est=in&phasellus=faucibus&sit=orci&amet=luctus&erat=et&nulla=ultrices&tempus=posuere&vivamus=cubilia&in=curae&felis=mauris&eu=viverra&sapien=diam&cursus=vitae&vestibulum=quam&proin=suspendisse&eu=potenti&mi=nullam&nulla=porttitor&ac=lacus&enim=at&in=turpis&tempor=donec&turpis=posuere&nec=metus&euismod=vitae&scelerisque=ipsum&quam=aliquam&turpis=non&adipiscing=mauris&lorem=morbi,TRUE
+http://mysql.com/ante/ipsum/primis/in/faucibus.html?orci=ut&nullam=rhoncus&molestie=aliquet&nibh=pulvinar&in=sed&lectus=nisl&pellentesque=nunc&at=rhoncus&nulla=dui&suspendisse=vel&potenti=sem&cras=sed&in=sagittis&purus=nam&eu=congue&magna=risus&vulputate=semper&luctus=porta&cum=volutpat&sociis=quam&natoque=pede&penatibus=lobortis&et=ligula&magnis=sit&dis=amet&parturient=eleifend&montes=pede&nascetur=libero&ridiculus=quis&mus=orci&vivamus=nullam&vestibulum=molestie&sagittis=nibh&sapien=in&cum=lectus&sociis=pellentesque&natoque=at&penatibus=nulla&et=suspendisse&magnis=potenti&dis=cras&parturient=in&montes=purus&nascetur=eu&ridiculus=magna&mus=vulputate&etiam=luctus&vel=cum&augue=sociis&vestibulum=natoque&rutrum=penatibus&rutrum=et&neque=magnis&aenean=dis&auctor=parturient&gravida=montes&sem=nascetur&praesent=ridiculus&id=mus&massa=vivamus&id=vestibulum&nisl=sagittis&venenatis=sapien&lacinia=cum&aenean=sociis&sit=natoque&amet=penatibus&justo=et&morbi=magnis&ut=dis&odio=parturient&cras=montes&mi=nascetur&pede=ridiculus&malesuada=mus&in=etiam&imperdiet=vel&et=augue&commodo=vestibulum&vulputate=rutrum&justo=rutrum&in=neque&blandit=aenean&ultrices=auctor&enim=gravida&lorem=sem&ipsum=praesent&dolor=id&sit=massa&amet=id&consectetuer=nisl&adipiscing=venenatis&elit=lacinia,TRUE
+https://go.com/tortor/id.png?in=eu&imperdiet=interdum&et=eu&commodo=tincidunt&vulputate=in&justo=leo&in=maecenas&blandit=pulvinar&ultrices=lobortis&enim=est&lorem=phasellus&ipsum=sit&dolor=amet&sit=erat&amet=nulla&consectetuer=tempus&adipiscing=vivamus&elit=in&proin=felis&interdum=eu&mauris=sapien&non=cursus&ligula=vestibulum,TRUE
+https://usda.gov/sollicitudin/vitae.jpg?consectetuer=tempus&adipiscing=sit&elit=amet&proin=sem&interdum=fusce&mauris=consequat&non=nulla&ligula=nisl&pellentesque=nunc&ultrices=nisl&phasellus=duis&id=bibendum&sapien=felis&in=sed&sapien=interdum&iaculis=venenatis&congue=turpis&vivamus=enim&metus=blandit&arcu=mi&adipiscing=in&molestie=porttitor&hendrerit=pede&at=justo&vulputate=eu&vitae=massa&nisl=donec&aenean=dapibus&lectus=duis&pellentesque=at&eget=velit&nunc=eu&donec=est&quis=congue&orci=elementum&eget=in&orci=hac&vehicula=habitasse&condimentum=platea&curabitur=dictumst&in=morbi&libero=vestibulum&ut=velit&massa=id&volutpat=pretium&convallis=iaculis&morbi=diam&odio=erat&odio=fermentum&elementum=justo&eu=nec&interdum=condimentum&eu=neque&tincidunt=sapien&in=placerat&leo=ante&maecenas=nulla&pulvinar=justo&lobortis=aliquam&est=quis&phasellus=turpis&sit=eget&amet=elit&erat=sodales&nulla=scelerisque&tempus=mauris&vivamus=sit&in=amet&felis=eros&eu=suspendisse&sapien=accumsan&cursus=tortor&vestibulum=quis&proin=turpis,TRUE
+http://si.edu/sem/fusce/consequat/nulla.jpg?ut=cubilia&suscipit=curae&a=duis,TRUE
+http://businessweek.com/cursus/vestibulum/proin/eu.html?vestibulum=pellentesque&ac=ultrices&est=phasellus&lacinia=id&nisi=sapien&venenatis=in&tristique=sapien&fusce=iaculis&congue=congue&diam=vivamus&id=metus&ornare=arcu&imperdiet=adipiscing&sapien=molestie&urna=hendrerit&pretium=at&nisl=vulputate&ut=vitae&volutpat=nisl&sapien=aenean&arcu=lectus&sed=pellentesque&augue=eget&aliquam=nunc&erat=donec&volutpat=quis&in=orci&congue=eget&etiam=orci&justo=vehicula&etiam=condimentum&pretium=curabitur&iaculis=in&justo=libero&in=ut&hac=massa&habitasse=volutpat&platea=convallis&dictumst=morbi&etiam=odio&faucibus=odio&cursus=elementum&urna=eu&ut=interdum&tellus=eu&nulla=tincidunt&ut=in&erat=leo&id=maecenas&mauris=pulvinar&vulputate=lobortis&elementum=est&nullam=phasellus&varius=sit&nulla=amet&facilisi=erat&cras=nulla&non=tempus&velit=vivamus&nec=in&nisi=felis&vulputate=eu&nonummy=sapien&maecenas=cursus&tincidunt=vestibulum&lacus=proin&at=eu&velit=mi&vivamus=nulla&vel=ac&nulla=enim&eget=in&eros=tempor&elementum=turpis,TRUE
+https://imageshack.us/diam/id/ornare/imperdiet.xml?sed=integer&vestibulum=ac&sit=neque&amet=duis&cursus=bibendum&id=morbi&turpis=non&integer=quam&aliquet=nec&massa=dui&id=luctus&lobortis=rutrum&convallis=nulla&tortor=tellus&risus=in&dapibus=sagittis&augue=dui&vel=vel&accumsan=nisl&tellus=duis&nisi=ac&eu=nibh&orci=fusce&mauris=lacus&lacinia=purus&sapien=aliquet&quis=at&libero=feugiat&nullam=non&sit=pretium&amet=quis&turpis=lectus&elementum=suspendisse&ligula=potenti&vehicula=in&consequat=eleifend&morbi=quam&a=a&ipsum=odio&integer=in&a=hac&nibh=habitasse&in=platea&quis=dictumst&justo=maecenas&maecenas=ut&rhoncus=massa&aliquam=quis&lacus=augue&morbi=luctus&quis=tincidunt&tortor=nulla&id=mollis&nulla=molestie&ultrices=lorem&aliquet=quisque&maecenas=ut&leo=erat&odio=curabitur&condimentum=gravida&id=nisi&luctus=at&nec=nibh&molestie=in&sed=hac&justo=habitasse&pellentesque=platea&viverra=dictumst&pede=aliquam&ac=augue&diam=quam&cras=sollicitudin&pellentesque=vitae&volutpat=consectetuer&dui=eget&maecenas=rutrum&tristique=at,TRUE
+http://odnoklassniki.ru/lacus.js?urna=phasellus&pretium=id&nisl=sapien&ut=in&volutpat=sapien&sapien=iaculis&arcu=congue&sed=vivamus&augue=metus&aliquam=arcu&erat=adipiscing&volutpat=molestie&in=hendrerit&congue=at&etiam=vulputate&justo=vitae&etiam=nisl&pretium=aenean&iaculis=lectus&justo=pellentesque&in=eget&hac=nunc&habitasse=donec&platea=quis&dictumst=orci&etiam=eget&faucibus=orci&cursus=vehicula&urna=condimentum&ut=curabitur&tellus=in&nulla=libero&ut=ut&erat=massa&id=volutpat&mauris=convallis&vulputate=morbi&elementum=odio&nullam=odio&varius=elementum&nulla=eu&facilisi=interdum&cras=eu,TRUE
+http://tmall.com/scelerisque/quam/turpis.aspx?lobortis=amet&convallis=sapien&tortor=dignissim&risus=vestibulum&dapibus=vestibulum&augue=ante&vel=ipsum&accumsan=primis&tellus=in&nisi=faucibus&eu=orci&orci=luctus&mauris=et&lacinia=ultrices&sapien=posuere&quis=cubilia&libero=curae&nullam=nulla&sit=dapibus&amet=dolor&turpis=vel&elementum=est&ligula=donec&vehicula=odio&consequat=justo&morbi=sollicitudin,TRUE
+http://eventbrite.com/nulla.html?libero=eros&nam=vestibulum&dui=ac&proin=est&leo=lacinia&odio=nisi&porttitor=venenatis&id=tristique&consequat=fusce&in=congue&consequat=diam&ut=id&nulla=ornare&sed=imperdiet&accumsan=sapien&felis=urna&ut=pretium&at=nisl&dolor=ut&quis=volutpat&odio=sapien&consequat=arcu&varius=sed&integer=augue&ac=aliquam&leo=erat&pellentesque=volutpat&ultrices=in&mattis=congue&odio=etiam&donec=justo&vitae=etiam&nisi=pretium&nam=iaculis&ultrices=justo&libero=in&non=hac&mattis=habitasse&pulvinar=platea&nulla=dictumst&pede=etiam&ullamcorper=faucibus&augue=cursus&a=urna&suscipit=ut&nulla=tellus&elit=nulla&ac=ut&nulla=erat&sed=id&vel=mauris&enim=vulputate&sit=elementum&amet=nullam&nunc=varius&viverra=nulla&dapibus=facilisi&nulla=cras&suscipit=non&ligula=velit&in=nec&lacus=nisi&curabitur=vulputate&at=nonummy&ipsum=maecenas&ac=tincidunt&tellus=lacus&semper=at&interdum=velit&mauris=vivamus&ullamcorper=vel&purus=nulla&sit=eget&amet=eros&nulla=elementum&quisque=pellentesque&arcu=quisque&libero=porta,TRUE
+https://washington.edu/fermentum/justo/nec/condimentum/neque.html?semper=aenean&interdum=auctor&mauris=gravida&ullamcorper=sem&purus=praesent&sit=id&amet=massa&nulla=id&quisque=nisl&arcu=venenatis&libero=lacinia&rutrum=aenean&ac=sit&lobortis=amet&vel=justo&dapibus=morbi,TRUE
+https://com.com/id/justo/sit/amet/sapien/dignissim.jpg?vel=massa&sem=tempor&sed=convallis&sagittis=nulla&nam=neque&congue=libero&risus=convallis&semper=eget&porta=eleifend&volutpat=luctus&quam=ultricies&pede=eu&lobortis=nibh&ligula=quisque&sit=id&amet=justo&eleifend=sit&pede=amet&libero=sapien&quis=dignissim&orci=vestibulum&nullam=vestibulum&molestie=ante&nibh=ipsum&in=primis&lectus=in&pellentesque=faucibus&at=orci&nulla=luctus&suspendisse=et&potenti=ultrices&cras=posuere&in=cubilia&purus=curae&eu=nulla&magna=dapibus&vulputate=dolor,TRUE
+http://ustream.tv/lobortis.xml?tempor=dis&turpis=parturient&nec=montes&euismod=nascetur&scelerisque=ridiculus&quam=mus&turpis=vivamus&adipiscing=vestibulum&lorem=sagittis&vitae=sapien&mattis=cum&nibh=sociis&ligula=natoque&nec=penatibus&sem=et&duis=magnis&aliquam=dis&convallis=parturient&nunc=montes&proin=nascetur&at=ridiculus&turpis=mus&a=etiam&pede=vel&posuere=augue&nonummy=vestibulum&integer=rutrum&non=rutrum&velit=neque&donec=aenean&diam=auctor&neque=gravida&vestibulum=sem&eget=praesent&vulputate=id&ut=massa&ultrices=id&vel=nisl&augue=venenatis&vestibulum=lacinia&ante=aenean&ipsum=sit,TRUE
+http://disqus.com/volutpat/quam/pede/lobortis.html?mi=fusce&pede=lacus&malesuada=purus&in=aliquet&imperdiet=at&et=feugiat&commodo=non&vulputate=pretium&justo=quis&in=lectus&blandit=suspendisse&ultrices=potenti&enim=in&lorem=eleifend&ipsum=quam&dolor=a&sit=odio&amet=in&consectetuer=hac&adipiscing=habitasse&elit=platea&proin=dictumst&interdum=maecenas&mauris=ut&non=massa&ligula=quis&pellentesque=augue&ultrices=luctus&phasellus=tincidunt&id=nulla&sapien=mollis&in=molestie&sapien=lorem&iaculis=quisque&congue=ut&vivamus=erat&metus=curabitur&arcu=gravida&adipiscing=nisi&molestie=at&hendrerit=nibh&at=in&vulputate=hac&vitae=habitasse&nisl=platea&aenean=dictumst&lectus=aliquam&pellentesque=augue&eget=quam&nunc=sollicitudin&donec=vitae&quis=consectetuer&orci=eget&eget=rutrum&orci=at&vehicula=lorem&condimentum=integer&curabitur=tincidunt&in=ante&libero=vel&ut=ipsum&massa=praesent&volutpat=blandit&convallis=lacinia&morbi=erat&odio=vestibulum&odio=sed&elementum=magna&eu=at&interdum=nunc&eu=commodo&tincidunt=placerat&in=praesent&leo=blandit&maecenas=nam&pulvinar=nulla&lobortis=integer&est=pede&phasellus=justo&sit=lacinia&amet=eget&erat=tincidunt&nulla=eget&tempus=tempus&vivamus=vel,TRUE
+https://narod.ru/justo/pellentesque/viverra/pede.aspx?posuere=pulvinar&cubilia=sed&curae=nisl&mauris=nunc&viverra=rhoncus&diam=dui&vitae=vel&quam=sem&suspendisse=sed&potenti=sagittis&nullam=nam&porttitor=congue&lacus=risus&at=semper&turpis=porta&donec=volutpat&posuere=quam&metus=pede&vitae=lobortis&ipsum=ligula&aliquam=sit&non=amet&mauris=eleifend&morbi=pede&non=libero&lectus=quis&aliquam=orci&sit=nullam&amet=molestie&diam=nibh&in=in&magna=lectus&bibendum=pellentesque&imperdiet=at&nullam=nulla&orci=suspendisse&pede=potenti&venenatis=cras&non=in&sodales=purus&sed=eu&tincidunt=magna&eu=vulputate&felis=luctus&fusce=cum&posuere=sociis&felis=natoque&sed=penatibus&lacus=et&morbi=magnis&sem=dis&mauris=parturient&laoreet=montes&ut=nascetur&rhoncus=ridiculus&aliquet=mus&pulvinar=vivamus&sed=vestibulum&nisl=sagittis&nunc=sapien&rhoncus=cum&dui=sociis&vel=natoque&sem=penatibus&sed=et&sagittis=magnis&nam=dis&congue=parturient&risus=montes&semper=nascetur&porta=ridiculus&volutpat=mus&quam=etiam&pede=vel&lobortis=augue&ligula=vestibulum&sit=rutrum&amet=rutrum,TRUE
+https://issuu.com/sem/fusce/consequat/nulla.js?quis=et&justo=magnis&maecenas=dis&rhoncus=parturient&aliquam=montes&lacus=nascetur&morbi=ridiculus&quis=mus&tortor=etiam&id=vel&nulla=augue&ultrices=vestibulum&aliquet=rutrum&maecenas=rutrum&leo=neque&odio=aenean&condimentum=auctor&id=gravida&luctus=sem&nec=praesent&molestie=id&sed=massa&justo=id&pellentesque=nisl&viverra=venenatis&pede=lacinia&ac=aenean&diam=sit&cras=amet&pellentesque=justo&volutpat=morbi&dui=ut,TRUE
+http://pagesperso-orange.fr/orci/vehicula/condimentum.jsp?magnis=sagittis,TRUE
+https://narod.ru/vestibulum.html?sapien=tristique&placerat=in&ante=tempus&nulla=sit&justo=amet&aliquam=sem&quis=fusce&turpis=consequat&eget=nulla&elit=nisl&sodales=nunc&scelerisque=nisl&mauris=duis&sit=bibendum&amet=felis&eros=sed&suspendisse=interdum&accumsan=venenatis&tortor=turpis&quis=enim&turpis=blandit&sed=mi&ante=in&vivamus=porttitor&tortor=pede&duis=justo&mattis=eu&egestas=massa&metus=donec&aenean=dapibus&fermentum=duis&donec=at&ut=velit&mauris=eu&eget=est&massa=congue&tempor=elementum&convallis=in&nulla=hac&neque=habitasse&libero=platea&convallis=dictumst&eget=morbi&eleifend=vestibulum&luctus=velit&ultricies=id&eu=pretium&nibh=iaculis&quisque=diam&id=erat&justo=fermentum&sit=justo&amet=nec&sapien=condimentum&dignissim=neque&vestibulum=sapien&vestibulum=placerat&ante=ante&ipsum=nulla&primis=justo&in=aliquam&faucibus=quis&orci=turpis&luctus=eget&et=elit&ultrices=sodales,TRUE
+http://scientificamerican.com/feugiat/et/eros/vestibulum/ac.jsp?vivamus=magnis&tortor=dis&duis=parturient&mattis=montes&egestas=nascetur&metus=ridiculus&aenean=mus&fermentum=etiam&donec=vel&ut=augue&mauris=vestibulum&eget=rutrum&massa=rutrum&tempor=neque&convallis=aenean&nulla=auctor&neque=gravida&libero=sem&convallis=praesent&eget=id&eleifend=massa&luctus=id&ultricies=nisl&eu=venenatis&nibh=lacinia&quisque=aenean&id=sit&justo=amet&sit=justo&amet=morbi&sapien=ut&dignissim=odio&vestibulum=cras&vestibulum=mi&ante=pede&ipsum=malesuada&primis=in&in=imperdiet&faucibus=et&orci=commodo&luctus=vulputate&et=justo&ultrices=in&posuere=blandit&cubilia=ultrices&curae=enim&nulla=lorem&dapibus=ipsum&dolor=dolor,TRUE
+http://berkeley.edu/morbi/vel/lectus/in/quam/fringilla/rhoncus.png?metus=lacinia&vitae=nisi&ipsum=venenatis&aliquam=tristique&non=fusce&mauris=congue&morbi=diam&non=id&lectus=ornare&aliquam=imperdiet&sit=sapien&amet=urna&diam=pretium&in=nisl&magna=ut&bibendum=volutpat&imperdiet=sapien&nullam=arcu&orci=sed&pede=augue&venenatis=aliquam&non=erat&sodales=volutpat&sed=in&tincidunt=congue&eu=etiam&felis=justo&fusce=etiam&posuere=pretium&felis=iaculis&sed=justo&lacus=in&morbi=hac&sem=habitasse&mauris=platea&laoreet=dictumst&ut=etiam&rhoncus=faucibus&aliquet=cursus&pulvinar=urna&sed=ut&nisl=tellus&nunc=nulla&rhoncus=ut&dui=erat&vel=id&sem=mauris&sed=vulputate&sagittis=elementum&nam=nullam&congue=varius&risus=nulla,TRUE
+https://cdbaby.com/quam/sollicitudin/vitae.js?aenean=sed&auctor=vestibulum&gravida=sit&sem=amet&praesent=cursus&id=id&massa=turpis&id=integer&nisl=aliquet&venenatis=massa&lacinia=id&aenean=lobortis&sit=convallis&amet=tortor&justo=risus&morbi=dapibus&ut=augue&odio=vel&cras=accumsan&mi=tellus&pede=nisi&malesuada=eu&in=orci&imperdiet=mauris&et=lacinia&commodo=sapien&vulputate=quis&justo=libero&in=nullam&blandit=sit&ultrices=amet&enim=turpis&lorem=elementum&ipsum=ligula&dolor=vehicula&sit=consequat&amet=morbi&consectetuer=a&adipiscing=ipsum&elit=integer&proin=a&interdum=nibh&mauris=in&non=quis&ligula=justo&pellentesque=maecenas&ultrices=rhoncus&phasellus=aliquam&id=lacus&sapien=morbi&in=quis&sapien=tortor&iaculis=id&congue=nulla&vivamus=ultrices&metus=aliquet&arcu=maecenas&adipiscing=leo&molestie=odio&hendrerit=condimentum&at=id&vulputate=luctus&vitae=nec&nisl=molestie&aenean=sed&lectus=justo&pellentesque=pellentesque&eget=viverra&nunc=pede&donec=ac,TRUE
+https://nytimes.com/vestibulum/ante/ipsum/primis/in.xml?mauris=id&vulputate=ornare&elementum=imperdiet&nullam=sapien&varius=urna&nulla=pretium&facilisi=nisl&cras=ut&non=volutpat&velit=sapien&nec=arcu&nisi=sed&vulputate=augue&nonummy=aliquam&maecenas=erat&tincidunt=volutpat&lacus=in&at=congue&velit=etiam&vivamus=justo&vel=etiam&nulla=pretium&eget=iaculis&eros=justo&elementum=in&pellentesque=hac&quisque=habitasse&porta=platea&volutpat=dictumst&erat=etiam&quisque=faucibus&erat=cursus&eros=urna&viverra=ut&eget=tellus&congue=nulla&eget=ut&semper=erat&rutrum=id&nulla=mauris&nunc=vulputate&purus=elementum&phasellus=nullam&in=varius&felis=nulla&donec=facilisi&semper=cras&sapien=non&a=velit&libero=nec&nam=nisi&dui=vulputate&proin=nonummy&leo=maecenas&odio=tincidunt&porttitor=lacus&id=at&consequat=velit&in=vivamus&consequat=vel&ut=nulla&nulla=eget&sed=eros&accumsan=elementum&felis=pellentesque&ut=quisque&at=porta&dolor=volutpat&quis=erat&odio=quisque&consequat=erat&varius=eros&integer=viverra&ac=eget&leo=congue&pellentesque=eget&ultrices=semper&mattis=rutrum&odio=nulla&donec=nunc&vitae=purus&nisi=phasellus&nam=in&ultrices=felis&libero=donec&non=semper&mattis=sapien,TRUE
+https://printfriendly.com/vestibulum.png?vestibulum=nisl&sagittis=duis&sapien=bibendum&cum=felis&sociis=sed&natoque=interdum&penatibus=venenatis&et=turpis&magnis=enim&dis=blandit&parturient=mi&montes=in&nascetur=porttitor&ridiculus=pede&mus=justo&etiam=eu&vel=massa&augue=donec&vestibulum=dapibus&rutrum=duis&rutrum=at&neque=velit&aenean=eu&auctor=est&gravida=congue&sem=elementum&praesent=in&id=hac&massa=habitasse&id=platea&nisl=dictumst&venenatis=morbi&lacinia=vestibulum&aenean=velit&sit=id&amet=pretium&justo=iaculis&morbi=diam&ut=erat&odio=fermentum&cras=justo&mi=nec&pede=condimentum&malesuada=neque&in=sapien&imperdiet=placerat&et=ante&commodo=nulla&vulputate=justo&justo=aliquam&in=quis&blandit=turpis&ultrices=eget&enim=elit&lorem=sodales&ipsum=scelerisque&dolor=mauris&sit=sit&amet=amet&consectetuer=eros&adipiscing=suspendisse&elit=accumsan&proin=tortor&interdum=quis&mauris=turpis&non=sed&ligula=ante&pellentesque=vivamus&ultrices=tortor&phasellus=duis&id=mattis&sapien=egestas&in=metus&sapien=aenean&iaculis=fermentum&congue=donec&vivamus=ut&metus=mauris&arcu=eget&adipiscing=massa&molestie=tempor&hendrerit=convallis&at=nulla&vulputate=neque&vitae=libero&nisl=convallis&aenean=eget&lectus=eleifend&pellentesque=luctus&eget=ultricies&nunc=eu&donec=nibh&quis=quisque&orci=id&eget=justo&orci=sit&vehicula=amet&condimentum=sapien&curabitur=dignissim,TRUE
+http://utexas.edu/habitasse/platea/dictumst.jsp?sapien=porta&cum=volutpat&sociis=quam&natoque=pede&penatibus=lobortis&et=ligula&magnis=sit&dis=amet&parturient=eleifend&montes=pede&nascetur=libero&ridiculus=quis&mus=orci&etiam=nullam&vel=molestie&augue=nibh&vestibulum=in&rutrum=lectus&rutrum=pellentesque&neque=at&aenean=nulla&auctor=suspendisse&gravida=potenti&sem=cras&praesent=in&id=purus&massa=eu&id=magna&nisl=vulputate&venenatis=luctus&lacinia=cum&aenean=sociis&sit=natoque&amet=penatibus&justo=et&morbi=magnis&ut=dis&odio=parturient&cras=montes&mi=nascetur&pede=ridiculus&malesuada=mus&in=vivamus&imperdiet=vestibulum&et=sagittis&commodo=sapien&vulputate=cum&justo=sociis&in=natoque&blandit=penatibus&ultrices=et&enim=magnis&lorem=dis&ipsum=parturient&dolor=montes&sit=nascetur&amet=ridiculus&consectetuer=mus&adipiscing=etiam&elit=vel&proin=augue&interdum=vestibulum,TRUE
+http://nymag.com/ac/nulla/sed/vel/enim/sit.jpg?at=duis,TRUE
+http://scribd.com/odio/in/hac/habitasse.jsp?vel=suspendisse&augue=ornare&vestibulum=consequat&rutrum=lectus&rutrum=in&neque=est&aenean=risus&auctor=auctor&gravida=sed&sem=tristique&praesent=in&id=tempus&massa=sit&id=amet&nisl=sem&venenatis=fusce&lacinia=consequat&aenean=nulla&sit=nisl,TRUE
+https://statcounter.com/a/pede/posuere.png?sapien=amet&quis=justo&libero=morbi&nullam=ut&sit=odio&amet=cras&turpis=mi&elementum=pede&ligula=malesuada&vehicula=in&consequat=imperdiet&morbi=et&a=commodo&ipsum=vulputate&integer=justo&a=in&nibh=blandit&in=ultrices&quis=enim&justo=lorem&maecenas=ipsum&rhoncus=dolor&aliquam=sit&lacus=amet&morbi=consectetuer&quis=adipiscing&tortor=elit&id=proin&nulla=interdum&ultrices=mauris&aliquet=non&maecenas=ligula&leo=pellentesque&odio=ultrices&condimentum=phasellus&id=id&luctus=sapien&nec=in&molestie=sapien&sed=iaculis&justo=congue&pellentesque=vivamus&viverra=metus&pede=arcu&ac=adipiscing&diam=molestie&cras=hendrerit&pellentesque=at&volutpat=vulputate&dui=vitae&maecenas=nisl&tristique=aenean&est=lectus&et=pellentesque&tempus=eget&semper=nunc&est=donec&quam=quis&pharetra=orci&magna=eget&ac=orci&consequat=vehicula&metus=condimentum&sapien=curabitur&ut=in&nunc=libero&vestibulum=ut&ante=massa&ipsum=volutpat&primis=convallis&in=morbi&faucibus=odio&orci=odio&luctus=elementum&et=eu&ultrices=interdum&posuere=eu&cubilia=tincidunt&curae=in&mauris=leo&viverra=maecenas&diam=pulvinar&vitae=lobortis,TRUE
+https://tripadvisor.com/dolor/quis/odio/consequat/varius.aspx?aliquam=nulla&convallis=ultrices&nunc=aliquet&proin=maecenas&at=leo&turpis=odio&a=condimentum&pede=id&posuere=luctus&nonummy=nec&integer=molestie&non=sed&velit=justo&donec=pellentesque&diam=viverra&neque=pede&vestibulum=ac&eget=diam&vulputate=cras&ut=pellentesque&ultrices=volutpat&vel=dui&augue=maecenas&vestibulum=tristique&ante=est&ipsum=et&primis=tempus&in=semper&faucibus=est&orci=quam&luctus=pharetra&et=magna&ultrices=ac&posuere=consequat&cubilia=metus&curae=sapien&donec=ut&pharetra=nunc&magna=vestibulum&vestibulum=ante&aliquet=ipsum&ultrices=primis&erat=in&tortor=faucibus&sollicitudin=orci&mi=luctus&sit=et&amet=ultrices&lobortis=posuere&sapien=cubilia&sapien=curae&non=mauris&mi=viverra&integer=diam&ac=vitae&neque=quam&duis=suspendisse&bibendum=potenti&morbi=nullam&non=porttitor&quam=lacus&nec=at&dui=turpis&luctus=donec&rutrum=posuere&nulla=metus&tellus=vitae&in=ipsum&sagittis=aliquam&dui=non&vel=mauris&nisl=morbi&duis=non&ac=lectus&nibh=aliquam&fusce=sit&lacus=amet&purus=diam&aliquet=in&at=magna&feugiat=bibendum&non=imperdiet&pretium=nullam&quis=orci&lectus=pede&suspendisse=venenatis&potenti=non&in=sodales&eleifend=sed&quam=tincidunt&a=eu&odio=felis,TRUE
+http://zimbio.com/praesent/id/massa/id/nisl/venenatis/lacinia.png?hac=enim&habitasse=leo&platea=rhoncus&dictumst=sed&aliquam=vestibulum&augue=sit&quam=amet&sollicitudin=cursus&vitae=id&consectetuer=turpis&eget=integer&rutrum=aliquet&at=massa&lorem=id&integer=lobortis&tincidunt=convallis&ante=tortor&vel=risus&ipsum=dapibus&praesent=augue&blandit=vel&lacinia=accumsan&erat=tellus,TRUE
+http://virginia.edu/quisque/arcu/libero.js?est=vestibulum&lacinia=sed&nisi=magna&venenatis=at&tristique=nunc&fusce=commodo&congue=placerat&diam=praesent&id=blandit&ornare=nam&imperdiet=nulla&sapien=integer&urna=pede&pretium=justo&nisl=lacinia&ut=eget&volutpat=tincidunt&sapien=eget&arcu=tempus&sed=vel&augue=pede&aliquam=morbi&erat=porttitor&volutpat=lorem&in=id&congue=ligula&etiam=suspendisse&justo=ornare&etiam=consequat&pretium=lectus&iaculis=in&justo=est&in=risus&hac=auctor&habitasse=sed&platea=tristique&dictumst=in&etiam=tempus&faucibus=sit&cursus=amet&urna=sem&ut=fusce&tellus=consequat&nulla=nulla&ut=nisl&erat=nunc&id=nisl&mauris=duis&vulputate=bibendum&elementum=felis&nullam=sed&varius=interdum&nulla=venenatis&facilisi=turpis&cras=enim&non=blandit&velit=mi&nec=in&nisi=porttitor&vulputate=pede&nonummy=justo&maecenas=eu&tincidunt=massa&lacus=donec&at=dapibus&velit=duis&vivamus=at&vel=velit&nulla=eu&eget=est,TRUE
+https://bizjournals.com/sed/tristique/in/tempus.js?condimentum=fusce&curabitur=congue&in=diam&libero=id&ut=ornare&massa=imperdiet&volutpat=sapien&convallis=urna&morbi=pretium&odio=nisl&odio=ut,TRUE
+http://usnews.com/varius/integer/ac/leo/pellentesque/ultrices/mattis.aspx?sit=tristique&amet=fusce&eros=congue&suspendisse=diam&accumsan=id&tortor=ornare&quis=imperdiet&turpis=sapien&sed=urna&ante=pretium&vivamus=nisl&tortor=ut&duis=volutpat&mattis=sapien&egestas=arcu&metus=sed&aenean=augue&fermentum=aliquam&donec=erat&ut=volutpat&mauris=in&eget=congue&massa=etiam&tempor=justo&convallis=etiam&nulla=pretium&neque=iaculis&libero=justo&convallis=in&eget=hac&eleifend=habitasse&luctus=platea&ultricies=dictumst,TRUE
+http://theguardian.com/vivamus.xml?nec=quis&dui=orci&luctus=nullam&rutrum=molestie&nulla=nibh&tellus=in&in=lectus&sagittis=pellentesque&dui=at&vel=nulla&nisl=suspendisse&duis=potenti&ac=cras&nibh=in&fusce=purus&lacus=eu&purus=magna&aliquet=vulputate&at=luctus&feugiat=cum&non=sociis&pretium=natoque&quis=penatibus&lectus=et&suspendisse=magnis&potenti=dis&in=parturient&eleifend=montes&quam=nascetur&a=ridiculus&odio=mus&in=vivamus&hac=vestibulum&habitasse=sagittis&platea=sapien&dictumst=cum&maecenas=sociis&ut=natoque&massa=penatibus&quis=et&augue=magnis&luctus=dis&tincidunt=parturient&nulla=montes&mollis=nascetur&molestie=ridiculus&lorem=mus&quisque=etiam&ut=vel&erat=augue&curabitur=vestibulum&gravida=rutrum&nisi=rutrum&at=neque&nibh=aenean&in=auctor&hac=gravida&habitasse=sem&platea=praesent&dictumst=id&aliquam=massa&augue=id&quam=nisl,TRUE
+http://macromedia.com/urna/ut/tellus/nulla/ut/erat/id.jsp?consectetuer=at&eget=nulla&rutrum=suspendisse&at=potenti&lorem=cras&integer=in&tincidunt=purus&ante=eu&vel=magna&ipsum=vulputate&praesent=luctus&blandit=cum&lacinia=sociis&erat=natoque,TRUE
+http://blogger.com/auctor/sed.png?ut=vel&erat=augue&curabitur=vestibulum&gravida=rutrum&nisi=rutrum,TRUE
+http://issuu.com/posuere/felis/sed.xml?odio=ultrices&odio=enim&elementum=lorem&eu=ipsum&interdum=dolor&eu=sit&tincidunt=amet&in=consectetuer&leo=adipiscing&maecenas=elit&pulvinar=proin,TRUE
+http://addthis.com/id/nulla/ultrices.html?velit=ligula&id=nec&pretium=sem&iaculis=duis,TRUE
+http://tamu.edu/ante/vestibulum/ante/ipsum.aspx?nec=a&dui=libero&luctus=nam&rutrum=dui&nulla=proin&tellus=leo&in=odio&sagittis=porttitor&dui=id&vel=consequat&nisl=in&duis=consequat&ac=ut&nibh=nulla&fusce=sed&lacus=accumsan&purus=felis&aliquet=ut&at=at&feugiat=dolor&non=quis&pretium=odio&quis=consequat&lectus=varius&suspendisse=integer&potenti=ac&in=leo&eleifend=pellentesque&quam=ultrices&a=mattis&odio=odio&in=donec&hac=vitae&habitasse=nisi&platea=nam&dictumst=ultrices&maecenas=libero&ut=non&massa=mattis&quis=pulvinar&augue=nulla,TRUE
+https://intel.com/mauris/viverra/diam/vitae/quam/suspendisse/potenti.xml?hac=enim&habitasse=blandit&platea=mi&dictumst=in&etiam=porttitor&faucibus=pede&cursus=justo&urna=eu&ut=massa&tellus=donec&nulla=dapibus,TRUE
+http://miibeian.gov.cn/augue.html?sed=ante&vestibulum=vivamus&sit=tortor&amet=duis&cursus=mattis&id=egestas&turpis=metus&integer=aenean&aliquet=fermentum&massa=donec&id=ut&lobortis=mauris&convallis=eget&tortor=massa&risus=tempor&dapibus=convallis&augue=nulla&vel=neque&accumsan=libero&tellus=convallis&nisi=eget&eu=eleifend&orci=luctus&mauris=ultricies&lacinia=eu&sapien=nibh&quis=quisque&libero=id&nullam=justo&sit=sit&amet=amet&turpis=sapien&elementum=dignissim&ligula=vestibulum&vehicula=vestibulum&consequat=ante&morbi=ipsum&a=primis&ipsum=in&integer=faucibus&a=orci&nibh=luctus&in=et&quis=ultrices&justo=posuere&maecenas=cubilia&rhoncus=curae&aliquam=nulla&lacus=dapibus&morbi=dolor&quis=vel&tortor=est&id=donec&nulla=odio&ultrices=justo&aliquet=sollicitudin&maecenas=ut&leo=suscipit&odio=a&condimentum=feugiat&id=et&luctus=eros&nec=vestibulum&molestie=ac&sed=est&justo=lacinia&pellentesque=nisi&viverra=venenatis&pede=tristique&ac=fusce&diam=congue&cras=diam&pellentesque=id&volutpat=ornare&dui=imperdiet&maecenas=sapien&tristique=urna&est=pretium&et=nisl,TRUE
+https://go.com/turpis/eget/elit/sodales/scelerisque/mauris.aspx?id=iaculis&consequat=justo&in=in&consequat=hac&ut=habitasse&nulla=platea&sed=dictumst&accumsan=etiam&felis=faucibus&ut=cursus&at=urna&dolor=ut&quis=tellus&odio=nulla&consequat=ut&varius=erat&integer=id&ac=mauris&leo=vulputate&pellentesque=elementum&ultrices=nullam&mattis=varius,TRUE
+http://about.me/vestibulum.xml?pede=in&malesuada=quam&in=fringilla&imperdiet=rhoncus&et=mauris&commodo=enim&vulputate=leo&justo=rhoncus&in=sed&blandit=vestibulum&ultrices=sit&enim=amet&lorem=cursus&ipsum=id&dolor=turpis&sit=integer&amet=aliquet&consectetuer=massa&adipiscing=id&elit=lobortis&proin=convallis&interdum=tortor&mauris=risus&non=dapibus&ligula=augue&pellentesque=vel&ultrices=accumsan&phasellus=tellus&id=nisi&sapien=eu&in=orci&sapien=mauris&iaculis=lacinia&congue=sapien&vivamus=quis&metus=libero&arcu=nullam&adipiscing=sit&molestie=amet&hendrerit=turpis&at=elementum&vulputate=ligula&vitae=vehicula,TRUE
+https://wufoo.com/augue/vel/accumsan/tellus/nisi.jpg?venenatis=massa&non=quis&sodales=augue&sed=luctus&tincidunt=tincidunt&eu=nulla&felis=mollis&fusce=molestie&posuere=lorem&felis=quisque&sed=ut&lacus=erat&morbi=curabitur&sem=gravida&mauris=nisi&laoreet=at&ut=nibh&rhoncus=in&aliquet=hac&pulvinar=habitasse&sed=platea&nisl=dictumst&nunc=aliquam&rhoncus=augue&dui=quam&vel=sollicitudin&sem=vitae&sed=consectetuer&sagittis=eget&nam=rutrum&congue=at&risus=lorem&semper=integer&porta=tincidunt&volutpat=ante&quam=vel&pede=ipsum&lobortis=praesent&ligula=blandit&sit=lacinia&amet=erat&eleifend=vestibulum&pede=sed&libero=magna&quis=at&orci=nunc&nullam=commodo&molestie=placerat&nibh=praesent&in=blandit&lectus=nam&pellentesque=nulla&at=integer&nulla=pede&suspendisse=justo&potenti=lacinia&cras=eget&in=tincidunt&purus=eget&eu=tempus&magna=vel&vulputate=pede&luctus=morbi&cum=porttitor&sociis=lorem&natoque=id,TRUE
+https://apache.org/proin/interdum/mauris/non.xml?placerat=praesent&ante=blandit&nulla=nam&justo=nulla&aliquam=integer&quis=pede&turpis=justo&eget=lacinia&elit=eget&sodales=tincidunt&scelerisque=eget&mauris=tempus&sit=vel&amet=pede&eros=morbi&suspendisse=porttitor&accumsan=lorem&tortor=id&quis=ligula&turpis=suspendisse&sed=ornare&ante=consequat&vivamus=lectus&tortor=in&duis=est&mattis=risus&egestas=auctor&metus=sed&aenean=tristique&fermentum=in&donec=tempus&ut=sit&mauris=amet&eget=sem&massa=fusce&tempor=consequat&convallis=nulla&nulla=nisl&neque=nunc&libero=nisl&convallis=duis&eget=bibendum&eleifend=felis&luctus=sed&ultricies=interdum&eu=venenatis&nibh=turpis&quisque=enim&id=blandit&justo=mi&sit=in&amet=porttitor&sapien=pede&dignissim=justo&vestibulum=eu&vestibulum=massa&ante=donec&ipsum=dapibus&primis=duis&in=at&faucibus=velit&orci=eu&luctus=est&et=congue&ultrices=elementum&posuere=in&cubilia=hac&curae=habitasse,TRUE
+http://yandex.ru/pulvinar/lobortis.jsp?eros=cras&vestibulum=pellentesque&ac=volutpat,TRUE
+http://vk.com/ultrices/phasellus/id/sapien/in.png?in=donec&sapien=odio&iaculis=justo&congue=sollicitudin&vivamus=ut&metus=suscipit&arcu=a&adipiscing=feugiat&molestie=et&hendrerit=eros&at=vestibulum&vulputate=ac&vitae=est&nisl=lacinia&aenean=nisi&lectus=venenatis&pellentesque=tristique&eget=fusce&nunc=congue&donec=diam&quis=id&orci=ornare&eget=imperdiet&orci=sapien&vehicula=urna&condimentum=pretium&curabitur=nisl&in=ut&libero=volutpat&ut=sapien&massa=arcu&volutpat=sed&convallis=augue&morbi=aliquam&odio=erat,TRUE
+http://prweb.com/integer/ac/neque/duis.js?nulla=at&dapibus=nulla&dolor=suspendisse&vel=potenti&est=cras&donec=in&odio=purus&justo=eu&sollicitudin=magna&ut=vulputate&suscipit=luctus&a=cum&feugiat=sociis&et=natoque&eros=penatibus&vestibulum=et&ac=magnis&est=dis&lacinia=parturient&nisi=montes&venenatis=nascetur&tristique=ridiculus&fusce=mus&congue=vivamus&diam=vestibulum&id=sagittis&ornare=sapien&imperdiet=cum&sapien=sociis&urna=natoque&pretium=penatibus&nisl=et&ut=magnis&volutpat=dis&sapien=parturient&arcu=montes&sed=nascetur&augue=ridiculus&aliquam=mus&erat=etiam&volutpat=vel&in=augue&congue=vestibulum&etiam=rutrum&justo=rutrum&etiam=neque&pretium=aenean&iaculis=auctor&justo=gravida&in=sem&hac=praesent&habitasse=id&platea=massa&dictumst=id&etiam=nisl&faucibus=venenatis&cursus=lacinia&urna=aenean&ut=sit&tellus=amet&nulla=justo&ut=morbi&erat=ut&id=odio&mauris=cras&vulputate=mi&elementum=pede&nullam=malesuada&varius=in,TRUE
+https://amazon.com/sit/amet/nulla/quisque/arcu/libero.xml?aliquam=sapien&quis=placerat&turpis=ante&eget=nulla&elit=justo&sodales=aliquam&scelerisque=quis&mauris=turpis&sit=eget&amet=elit&eros=sodales&suspendisse=scelerisque&accumsan=mauris&tortor=sit&quis=amet&turpis=eros&sed=suspendisse&ante=accumsan&vivamus=tortor&tortor=quis&duis=turpis&mattis=sed&egestas=ante&metus=vivamus&aenean=tortor&fermentum=duis&donec=mattis&ut=egestas&mauris=metus&eget=aenean&massa=fermentum&tempor=donec&convallis=ut&nulla=mauris&neque=eget&libero=massa&convallis=tempor&eget=convallis&eleifend=nulla&luctus=neque&ultricies=libero&eu=convallis&nibh=eget&quisque=eleifend&id=luctus&justo=ultricies&sit=eu&amet=nibh&sapien=quisque&dignissim=id&vestibulum=justo&vestibulum=sit&ante=amet&ipsum=sapien&primis=dignissim&in=vestibulum&faucibus=vestibulum&orci=ante&luctus=ipsum&et=primis&ultrices=in&posuere=faucibus&cubilia=orci&curae=luctus&nulla=et&dapibus=ultrices&dolor=posuere&vel=cubilia&est=curae&donec=nulla&odio=dapibus&justo=dolor&sollicitudin=vel&ut=est,TRUE
+https://free.fr/pede/morbi/porttitor/lorem.png?platea=vestibulum&dictumst=ante&morbi=ipsum&vestibulum=primis&velit=in&id=faucibus&pretium=orci&iaculis=luctus&diam=et&erat=ultrices&fermentum=posuere&justo=cubilia&nec=curae&condimentum=duis&neque=faucibus&sapien=accumsan&placerat=odio&ante=curabitur&nulla=convallis&justo=duis&aliquam=consequat&quis=dui&turpis=nec&eget=nisi&elit=volutpat&sodales=eleifend&scelerisque=donec&mauris=ut&sit=dolor&amet=morbi&eros=vel&suspendisse=lectus&accumsan=in&tortor=quam&quis=fringilla&turpis=rhoncus&sed=mauris&ante=enim&vivamus=leo&tortor=rhoncus&duis=sed&mattis=vestibulum&egestas=sit&metus=amet&aenean=cursus&fermentum=id&donec=turpis&ut=integer&mauris=aliquet&eget=massa&massa=id&tempor=lobortis&convallis=convallis&nulla=tortor&neque=risus&libero=dapibus&convallis=augue&eget=vel&eleifend=accumsan&luctus=tellus&ultricies=nisi&eu=eu&nibh=orci&quisque=mauris&id=lacinia&justo=sapien&sit=quis&amet=libero&sapien=nullam&dignissim=sit&vestibulum=amet&vestibulum=turpis&ante=elementum&ipsum=ligula&primis=vehicula&in=consequat&faucibus=morbi&orci=a&luctus=ipsum&et=integer&ultrices=a&posuere=nibh&cubilia=in&curae=quis&nulla=justo&dapibus=maecenas&dolor=rhoncus&vel=aliquam,TRUE
+https://weebly.com/tristique.jpg?lectus=in&vestibulum=purus&quam=eu&sapien=magna&varius=vulputate&ut=luctus&blandit=cum&non=sociis&interdum=natoque&in=penatibus&ante=et&vestibulum=magnis&ante=dis&ipsum=parturient&primis=montes&in=nascetur&faucibus=ridiculus&orci=mus&luctus=vivamus&et=vestibulum&ultrices=sagittis&posuere=sapien&cubilia=cum&curae=sociis&duis=natoque&faucibus=penatibus&accumsan=et&odio=magnis&curabitur=dis&convallis=parturient&duis=montes&consequat=nascetur&dui=ridiculus&nec=mus&nisi=etiam&volutpat=vel&eleifend=augue&donec=vestibulum&ut=rutrum&dolor=rutrum&morbi=neque&vel=aenean&lectus=auctor&in=gravida&quam=sem&fringilla=praesent&rhoncus=id&mauris=massa&enim=id&leo=nisl&rhoncus=venenatis&sed=lacinia&vestibulum=aenean&sit=sit&amet=amet&cursus=justo&id=morbi&turpis=ut&integer=odio&aliquet=cras&massa=mi&id=pede&lobortis=malesuada&convallis=in&tortor=imperdiet&risus=et&dapibus=commodo&augue=vulputate&vel=justo&accumsan=in&tellus=blandit&nisi=ultrices&eu=enim&orci=lorem,TRUE
+https://auda.org.au/sit.jpg?sed=felis&accumsan=sed&felis=lacus&ut=morbi&at=sem&dolor=mauris&quis=laoreet&odio=ut&consequat=rhoncus&varius=aliquet,TRUE
+https://thetimes.co.uk/donec/vitae/nisi/nam.jsp?tempus=nisi&sit=volutpat&amet=eleifend&sem=donec&fusce=ut&consequat=dolor&nulla=morbi&nisl=vel&nunc=lectus&nisl=in&duis=quam&bibendum=fringilla&felis=rhoncus&sed=mauris&interdum=enim&venenatis=leo&turpis=rhoncus&enim=sed,TRUE
+https://patch.com/at/velit/eu/est/congue/elementum/in.jpg?pretium=lobortis&nisl=ligula&ut=sit&volutpat=amet&sapien=eleifend&arcu=pede&sed=libero&augue=quis&aliquam=orci&erat=nullam&volutpat=molestie&in=nibh&congue=in&etiam=lectus&justo=pellentesque&etiam=at&pretium=nulla&iaculis=suspendisse&justo=potenti&in=cras&hac=in&habitasse=purus&platea=eu&dictumst=magna&etiam=vulputate&faucibus=luctus&cursus=cum&urna=sociis&ut=natoque&tellus=penatibus&nulla=et&ut=magnis&erat=dis&id=parturient&mauris=montes&vulputate=nascetur&elementum=ridiculus&nullam=mus&varius=vivamus&nulla=vestibulum&facilisi=sagittis&cras=sapien&non=cum&velit=sociis&nec=natoque&nisi=penatibus&vulputate=et&nonummy=magnis&maecenas=dis&tincidunt=parturient&lacus=montes&at=nascetur&velit=ridiculus&vivamus=mus&vel=etiam&nulla=vel&eget=augue&eros=vestibulum&elementum=rutrum&pellentesque=rutrum&quisque=neque&porta=aenean&volutpat=auctor&erat=gravida&quisque=sem&erat=praesent&eros=id&viverra=massa&eget=id&congue=nisl&eget=venenatis,TRUE
+http://pbs.org/posuere/cubilia.html?eros=pharetra&suspendisse=magna&accumsan=vestibulum&tortor=aliquet&quis=ultrices&turpis=erat&sed=tortor&ante=sollicitudin&vivamus=mi&tortor=sit&duis=amet&mattis=lobortis&egestas=sapien&metus=sapien&aenean=non&fermentum=mi&donec=integer&ut=ac&mauris=neque&eget=duis&massa=bibendum&tempor=morbi&convallis=non&nulla=quam&neque=nec&libero=dui&convallis=luctus&eget=rutrum&eleifend=nulla&luctus=tellus&ultricies=in&eu=sagittis&nibh=dui&quisque=vel&id=nisl&justo=duis&sit=ac&amet=nibh&sapien=fusce&dignissim=lacus&vestibulum=purus&vestibulum=aliquet&ante=at&ipsum=feugiat&primis=non&in=pretium&faucibus=quis&orci=lectus&luctus=suspendisse&et=potenti&ultrices=in&posuere=eleifend,TRUE
+https://nba.com/id/ornare/imperdiet/sapien/urna.png?duis=lobortis&bibendum=convallis&morbi=tortor&non=risus&quam=dapibus&nec=augue&dui=vel&luctus=accumsan&rutrum=tellus&nulla=nisi&tellus=eu&in=orci&sagittis=mauris&dui=lacinia&vel=sapien&nisl=quis&duis=libero&ac=nullam&nibh=sit&fusce=amet&lacus=turpis&purus=elementum&aliquet=ligula&at=vehicula&feugiat=consequat&non=morbi&pretium=a&quis=ipsum&lectus=integer&suspendisse=a&potenti=nibh&in=in,TRUE
+https://weebly.com/dolor/quis/odio.js?at=felis&nunc=ut&commodo=at&placerat=dolor&praesent=quis&blandit=odio&nam=consequat&nulla=varius&integer=integer&pede=ac&justo=leo&lacinia=pellentesque&eget=ultrices&tincidunt=mattis&eget=odio&tempus=donec&vel=vitae&pede=nisi&morbi=nam&porttitor=ultrices&lorem=libero&id=non&ligula=mattis&suspendisse=pulvinar&ornare=nulla&consequat=pede&lectus=ullamcorper&in=augue&est=a&risus=suscipit&auctor=nulla&sed=elit&tristique=ac&in=nulla&tempus=sed&sit=vel&amet=enim&sem=sit&fusce=amet&consequat=nunc&nulla=viverra&nisl=dapibus&nunc=nulla&nisl=suscipit&duis=ligula&bibendum=in&felis=lacus&sed=curabitur&interdum=at&venenatis=ipsum&turpis=ac&enim=tellus&blandit=semper&mi=interdum&in=mauris&porttitor=ullamcorper&pede=purus&justo=sit&eu=amet&massa=nulla&donec=quisque&dapibus=arcu&duis=libero,TRUE
+https://altervista.org/vestibulum/proin/eu/mi/nulla/ac.png?laoreet=cubilia&ut=curae&rhoncus=mauris&aliquet=viverra&pulvinar=diam&sed=vitae&nisl=quam&nunc=suspendisse&rhoncus=potenti&dui=nullam&vel=porttitor&sem=lacus&sed=at&sagittis=turpis&nam=donec&congue=posuere&risus=metus&semper=vitae&porta=ipsum&volutpat=aliquam&quam=non&pede=mauris&lobortis=morbi&ligula=non&sit=lectus&amet=aliquam&eleifend=sit&pede=amet&libero=diam&quis=in&orci=magna&nullam=bibendum&molestie=imperdiet&nibh=nullam&in=orci,TRUE
+https://biglobe.ne.jp/enim/sit/amet/nunc/viverra.xml?ultrices=fermentum&phasellus=donec&id=ut&sapien=mauris&in=eget&sapien=massa&iaculis=tempor&congue=convallis&vivamus=nulla&metus=neque&arcu=libero&adipiscing=convallis&molestie=eget&hendrerit=eleifend&at=luctus&vulputate=ultricies&vitae=eu&nisl=nibh&aenean=quisque&lectus=id&pellentesque=justo&eget=sit&nunc=amet&donec=sapien&quis=dignissim&orci=vestibulum&eget=vestibulum&orci=ante&vehicula=ipsum&condimentum=primis&curabitur=in&in=faucibus&libero=orci&ut=luctus&massa=et&volutpat=ultrices&convallis=posuere&morbi=cubilia&odio=curae&odio=nulla&elementum=dapibus&eu=dolor&interdum=vel&eu=est&tincidunt=donec&in=odio&leo=justo&maecenas=sollicitudin&pulvinar=ut&lobortis=suscipit&est=a&phasellus=feugiat&sit=et&amet=eros&erat=vestibulum&nulla=ac&tempus=est&vivamus=lacinia&in=nisi&felis=venenatis&eu=tristique&sapien=fusce&cursus=congue&vestibulum=diam&proin=id&eu=ornare&mi=imperdiet&nulla=sapien&ac=urna&enim=pretium&in=nisl&tempor=ut&turpis=volutpat&nec=sapien&euismod=arcu&scelerisque=sed&quam=augue&turpis=aliquam&adipiscing=erat&lorem=volutpat&vitae=in&mattis=congue&nibh=etiam&ligula=justo&nec=etiam&sem=pretium&duis=iaculis&aliquam=justo&convallis=in&nunc=hac&proin=habitasse&at=platea&turpis=dictumst,TRUE
+http://businesswire.com/amet/sapien/dignissim/vestibulum/vestibulum/ante/ipsum.json?aliquam=ipsum&augue=primis&quam=in&sollicitudin=faucibus&vitae=orci&consectetuer=luctus&eget=et&rutrum=ultrices&at=posuere&lorem=cubilia&integer=curae&tincidunt=mauris&ante=viverra&vel=diam&ipsum=vitae&praesent=quam&blandit=suspendisse&lacinia=potenti&erat=nullam&vestibulum=porttitor&sed=lacus&magna=at&at=turpis&nunc=donec&commodo=posuere,TRUE
+http://dyndns.org/vel/pede/morbi.jsp?ut=posuere&rhoncus=cubilia&aliquet=curae&pulvinar=duis&sed=faucibus&nisl=accumsan&nunc=odio&rhoncus=curabitur&dui=convallis&vel=duis&sem=consequat&sed=dui&sagittis=nec&nam=nisi&congue=volutpat&risus=eleifend&semper=donec&porta=ut&volutpat=dolor&quam=morbi&pede=vel&lobortis=lectus&ligula=in&sit=quam&amet=fringilla&eleifend=rhoncus&pede=mauris&libero=enim&quis=leo&orci=rhoncus&nullam=sed&molestie=vestibulum&nibh=sit&in=amet&lectus=cursus&pellentesque=id&at=turpis&nulla=integer&suspendisse=aliquet&potenti=massa&cras=id&in=lobortis&purus=convallis&eu=tortor&magna=risus&vulputate=dapibus&luctus=augue&cum=vel&sociis=accumsan&natoque=tellus&penatibus=nisi&et=eu&magnis=orci&dis=mauris&parturient=lacinia,TRUE
+http://aboutads.info/in.png?volutpat=tempus&erat=semper&quisque=est&erat=quam&eros=pharetra&viverra=magna&eget=ac&congue=consequat&eget=metus&semper=sapien&rutrum=ut&nulla=nunc&nunc=vestibulum&purus=ante&phasellus=ipsum&in=primis&felis=in&donec=faucibus&semper=orci&sapien=luctus&a=et&libero=ultrices&nam=posuere&dui=cubilia&proin=curae&leo=mauris&odio=viverra&porttitor=diam&id=vitae&consequat=quam&in=suspendisse&consequat=potenti&ut=nullam&nulla=porttitor&sed=lacus&accumsan=at&felis=turpis&ut=donec&at=posuere&dolor=metus&quis=vitae&odio=ipsum&consequat=aliquam&varius=non&integer=mauris&ac=morbi&leo=non&pellentesque=lectus&ultrices=aliquam&mattis=sit&odio=amet&donec=diam&vitae=in&nisi=magna&nam=bibendum&ultrices=imperdiet&libero=nullam&non=orci&mattis=pede&pulvinar=venenatis&nulla=non&pede=sodales&ullamcorper=sed&augue=tincidunt&a=eu,TRUE
+https://yale.edu/non/mattis/pulvinar/nulla/pede/ullamcorper.aspx?nisi=est&vulputate=donec&nonummy=odio&maecenas=justo&tincidunt=sollicitudin&lacus=ut&at=suscipit&velit=a&vivamus=feugiat&vel=et&nulla=eros&eget=vestibulum&eros=ac&elementum=est&pellentesque=lacinia&quisque=nisi&porta=venenatis&volutpat=tristique&erat=fusce&quisque=congue&erat=diam&eros=id&viverra=ornare&eget=imperdiet&congue=sapien&eget=urna&semper=pretium&rutrum=nisl&nulla=ut&nunc=volutpat&purus=sapien&phasellus=arcu&in=sed&felis=augue&donec=aliquam&semper=erat,TRUE
+https://wunderground.com/amet/consectetuer/adipiscing/elit/proin.html?sodales=nisi&scelerisque=venenatis&mauris=tristique&sit=fusce&amet=congue&eros=diam&suspendisse=id&accumsan=ornare&tortor=imperdiet&quis=sapien,TRUE
+http://naver.com/potenti.xml?pellentesque=amet&viverra=diam&pede=in&ac=magna&diam=bibendum&cras=imperdiet&pellentesque=nullam&volutpat=orci&dui=pede&maecenas=venenatis&tristique=non&est=sodales&et=sed&tempus=tincidunt&semper=eu&est=felis&quam=fusce&pharetra=posuere&magna=felis&ac=sed&consequat=lacus&metus=morbi&sapien=sem&ut=mauris&nunc=laoreet&vestibulum=ut&ante=rhoncus&ipsum=aliquet&primis=pulvinar&in=sed&faucibus=nisl&orci=nunc&luctus=rhoncus&et=dui&ultrices=vel&posuere=sem,TRUE
+https://timesonline.co.uk/ante/ipsum/primis/in/faucibus/orci.png?curae=habitasse&donec=platea&pharetra=dictumst&magna=aliquam&vestibulum=augue&aliquet=quam&ultrices=sollicitudin&erat=vitae&tortor=consectetuer&sollicitudin=eget&mi=rutrum&sit=at&amet=lorem&lobortis=integer&sapien=tincidunt&sapien=ante&non=vel&mi=ipsum&integer=praesent&ac=blandit&neque=lacinia&duis=erat&bibendum=vestibulum&morbi=sed&non=magna&quam=at&nec=nunc&dui=commodo&luctus=placerat&rutrum=praesent&nulla=blandit&tellus=nam&in=nulla&sagittis=integer&dui=pede&vel=justo&nisl=lacinia&duis=eget&ac=tincidunt&nibh=eget&fusce=tempus&lacus=vel&purus=pede&aliquet=morbi&at=porttitor&feugiat=lorem&non=id&pretium=ligula&quis=suspendisse&lectus=ornare&suspendisse=consequat&potenti=lectus&in=in&eleifend=est&quam=risus&a=auctor&odio=sed&in=tristique&hac=in&habitasse=tempus&platea=sit&dictumst=amet&maecenas=sem&ut=fusce&massa=consequat&quis=nulla&augue=nisl&luctus=nunc&tincidunt=nisl&nulla=duis&mollis=bibendum&molestie=felis&lorem=sed&quisque=interdum&ut=venenatis&erat=turpis&curabitur=enim&gravida=blandit&nisi=mi&at=in,TRUE
+http://msn.com/morbi/non/lectus/aliquam/sit/amet/diam.png?magna=eget&bibendum=vulputate&imperdiet=ut&nullam=ultrices&orci=vel&pede=augue&venenatis=vestibulum&non=ante&sodales=ipsum&sed=primis&tincidunt=in&eu=faucibus&felis=orci&fusce=luctus&posuere=et&felis=ultrices&sed=posuere&lacus=cubilia&morbi=curae&sem=donec&mauris=pharetra&laoreet=magna&ut=vestibulum&rhoncus=aliquet&aliquet=ultrices&pulvinar=erat&sed=tortor&nisl=sollicitudin&nunc=mi&rhoncus=sit&dui=amet&vel=lobortis&sem=sapien&sed=sapien&sagittis=non&nam=mi&congue=integer&risus=ac&semper=neque&porta=duis&volutpat=bibendum&quam=morbi&pede=non&lobortis=quam&ligula=nec&sit=dui&amet=luctus&eleifend=rutrum&pede=nulla&libero=tellus&quis=in&orci=sagittis&nullam=dui&molestie=vel&nibh=nisl&in=duis&lectus=ac&pellentesque=nibh&at=fusce&nulla=lacus&suspendisse=purus&potenti=aliquet&cras=at&in=feugiat&purus=non&eu=pretium&magna=quis&vulputate=lectus&luctus=suspendisse&cum=potenti&sociis=in&natoque=eleifend&penatibus=quam&et=a&magnis=odio&dis=in&parturient=hac&montes=habitasse&nascetur=platea&ridiculus=dictumst&mus=maecenas&vivamus=ut&vestibulum=massa&sagittis=quis&sapien=augue&cum=luctus&sociis=tincidunt,TRUE
+http://people.com.cn/aliquet.jsp?velit=justo&eu=lacinia&est=eget&congue=tincidunt&elementum=eget&in=tempus&hac=vel&habitasse=pede&platea=morbi&dictumst=porttitor&morbi=lorem&vestibulum=id&velit=ligula&id=suspendisse&pretium=ornare&iaculis=consequat&diam=lectus&erat=in&fermentum=est&justo=risus&nec=auctor&condimentum=sed&neque=tristique&sapien=in&placerat=tempus&ante=sit&nulla=amet&justo=sem&aliquam=fusce&quis=consequat&turpis=nulla&eget=nisl&elit=nunc&sodales=nisl&scelerisque=duis&mauris=bibendum&sit=felis,TRUE
+http://berkeley.edu/elit/sodales/scelerisque/mauris/sit/amet/eros.jpg?sed=suspendisse&lacus=potenti&morbi=cras&sem=in&mauris=purus&laoreet=eu&ut=magna&rhoncus=vulputate&aliquet=luctus&pulvinar=cum&sed=sociis&nisl=natoque&nunc=penatibus&rhoncus=et&dui=magnis&vel=dis&sem=parturient&sed=montes&sagittis=nascetur&nam=ridiculus&congue=mus&risus=vivamus&semper=vestibulum&porta=sagittis&volutpat=sapien&quam=cum&pede=sociis&lobortis=natoque&ligula=penatibus&sit=et&amet=magnis&eleifend=dis&pede=parturient&libero=montes&quis=nascetur&orci=ridiculus&nullam=mus&molestie=etiam&nibh=vel&in=augue&lectus=vestibulum&pellentesque=rutrum&at=rutrum&nulla=neque&suspendisse=aenean&potenti=auctor&cras=gravida&in=sem&purus=praesent&eu=id&magna=massa&vulputate=id&luctus=nisl&cum=venenatis&sociis=lacinia&natoque=aenean&penatibus=sit&et=amet&magnis=justo&dis=morbi&parturient=ut&montes=odio&nascetur=cras&ridiculus=mi&mus=pede&vivamus=malesuada&vestibulum=in&sagittis=imperdiet&sapien=et&cum=commodo&sociis=vulputate&natoque=justo&penatibus=in&et=blandit&magnis=ultrices&dis=enim,TRUE
+https://taobao.com/lorem/quisque/ut/erat/curabitur/gravida.json?ultrices=nulla&posuere=quisque&cubilia=arcu&curae=libero&donec=rutrum&pharetra=ac&magna=lobortis&vestibulum=vel&aliquet=dapibus&ultrices=at&erat=diam&tortor=nam,TRUE
+https://oakley.com/mi/in/porttitor.json?eget=lorem&orci=ipsum&vehicula=dolor&condimentum=sit&curabitur=amet&in=consectetuer&libero=adipiscing&ut=elit&massa=proin&volutpat=interdum&convallis=mauris&morbi=non&odio=ligula&odio=pellentesque&elementum=ultrices&eu=phasellus&interdum=id&eu=sapien&tincidunt=in&in=sapien&leo=iaculis&maecenas=congue&pulvinar=vivamus&lobortis=metus&est=arcu&phasellus=adipiscing&sit=molestie&amet=hendrerit&erat=at&nulla=vulputate&tempus=vitae&vivamus=nisl&in=aenean&felis=lectus&eu=pellentesque&sapien=eget&cursus=nunc&vestibulum=donec&proin=quis&eu=orci&mi=eget&nulla=orci&ac=vehicula&enim=condimentum&in=curabitur&tempor=in&turpis=libero&nec=ut&euismod=massa&scelerisque=volutpat&quam=convallis&turpis=morbi&adipiscing=odio&lorem=odio&vitae=elementum&mattis=eu&nibh=interdum&ligula=eu&nec=tincidunt&sem=in&duis=leo,TRUE
+http://techcrunch.com/nulla/pede/ullamcorper/augue/a/suscipit/nulla.html?ligula=vestibulum&nec=ante&sem=ipsum&duis=primis&aliquam=in&convallis=faucibus&nunc=orci&proin=luctus&at=et&turpis=ultrices&a=posuere&pede=cubilia&posuere=curae&nonummy=duis&integer=faucibus&non=accumsan&velit=odio&donec=curabitur&diam=convallis&neque=duis&vestibulum=consequat&eget=dui&vulputate=nec&ut=nisi&ultrices=volutpat&vel=eleifend&augue=donec&vestibulum=ut&ante=dolor&ipsum=morbi&primis=vel&in=lectus&faucibus=in&orci=quam&luctus=fringilla&et=rhoncus&ultrices=mauris&posuere=enim&cubilia=leo&curae=rhoncus&donec=sed&pharetra=vestibulum&magna=sit&vestibulum=amet&aliquet=cursus&ultrices=id&erat=turpis&tortor=integer&sollicitudin=aliquet&mi=massa&sit=id&amet=lobortis&lobortis=convallis&sapien=tortor&sapien=risus&non=dapibus&mi=augue&integer=vel&ac=accumsan&neque=tellus&duis=nisi&bibendum=eu&morbi=orci&non=mauris&quam=lacinia&nec=sapien&dui=quis&luctus=libero&rutrum=nullam&nulla=sit&tellus=amet&in=turpis&sagittis=elementum&dui=ligula&vel=vehicula,TRUE
+https://chron.com/et/eros/vestibulum.json?rhoncus=morbi&aliquam=non&lacus=lectus&morbi=aliquam&quis=sit&tortor=amet&id=diam&nulla=in&ultrices=magna&aliquet=bibendum&maecenas=imperdiet&leo=nullam&odio=orci&condimentum=pede&id=venenatis&luctus=non&nec=sodales&molestie=sed&sed=tincidunt&justo=eu&pellentesque=felis&viverra=fusce&pede=posuere,TRUE
+https://deliciousdays.com/erat/tortor/sollicitudin.jpg?pede=praesent&libero=lectus&quis=vestibulum&orci=quam&nullam=sapien&molestie=varius&nibh=ut&in=blandit&lectus=non&pellentesque=interdum&at=in&nulla=ante&suspendisse=vestibulum&potenti=ante&cras=ipsum&in=primis&purus=in&eu=faucibus&magna=orci&vulputate=luctus&luctus=et&cum=ultrices&sociis=posuere&natoque=cubilia&penatibus=curae&et=duis&magnis=faucibus&dis=accumsan&parturient=odio,TRUE
+https://reddit.com/iaculis/justo/in.aspx?a=donec&ipsum=odio&integer=justo&a=sollicitudin&nibh=ut&in=suscipit&quis=a&justo=feugiat&maecenas=et&rhoncus=eros&aliquam=vestibulum&lacus=ac&morbi=est&quis=lacinia&tortor=nisi&id=venenatis&nulla=tristique&ultrices=fusce&aliquet=congue&maecenas=diam&leo=id&odio=ornare&condimentum=imperdiet&id=sapien&luctus=urna&nec=pretium&molestie=nisl&sed=ut&justo=volutpat&pellentesque=sapien&viverra=arcu&pede=sed&ac=augue&diam=aliquam&cras=erat&pellentesque=volutpat&volutpat=in&dui=congue&maecenas=etiam&tristique=justo&est=etiam&et=pretium&tempus=iaculis&semper=justo&est=in&quam=hac&pharetra=habitasse&magna=platea&ac=dictumst&consequat=etiam&metus=faucibus&sapien=cursus&ut=urna&nunc=ut&vestibulum=tellus&ante=nulla&ipsum=ut&primis=erat&in=id&faucibus=mauris&orci=vulputate&luctus=elementum&et=nullam&ultrices=varius&posuere=nulla&cubilia=facilisi&curae=cras&mauris=non&viverra=velit&diam=nec&vitae=nisi&quam=vulputate&suspendisse=nonummy&potenti=maecenas&nullam=tincidunt&porttitor=lacus&lacus=at&at=velit&turpis=vivamus&donec=vel&posuere=nulla&metus=eget&vitae=eros&ipsum=elementum&aliquam=pellentesque&non=quisque&mauris=porta&morbi=volutpat&non=erat&lectus=quisque&aliquam=erat&sit=eros&amet=viverra,TRUE
+http://mozilla.org/lectus/aliquam/sit.aspx?duis=eget&aliquam=rutrum&convallis=at&nunc=lorem&proin=integer&at=tincidunt&turpis=ante&a=vel&pede=ipsum&posuere=praesent&nonummy=blandit&integer=lacinia&non=erat&velit=vestibulum&donec=sed&diam=magna&neque=at&vestibulum=nunc&eget=commodo&vulputate=placerat&ut=praesent&ultrices=blandit&vel=nam&augue=nulla&vestibulum=integer&ante=pede&ipsum=justo&primis=lacinia&in=eget&faucibus=tincidunt&orci=eget&luctus=tempus&et=vel&ultrices=pede&posuere=morbi&cubilia=porttitor&curae=lorem,TRUE
+http://scientificamerican.com/ipsum/integer/a.aspx?rhoncus=sapien&sed=iaculis&vestibulum=congue&sit=vivamus&amet=metus&cursus=arcu&id=adipiscing&turpis=molestie&integer=hendrerit&aliquet=at&massa=vulputate&id=vitae&lobortis=nisl&convallis=aenean&tortor=lectus&risus=pellentesque&dapibus=eget&augue=nunc&vel=donec&accumsan=quis&tellus=orci&nisi=eget&eu=orci,TRUE
+https://spotify.com/vel/sem.js?cubilia=pellentesque&curae=quisque&nulla=porta&dapibus=volutpat&dolor=erat&vel=quisque&est=erat&donec=eros&odio=viverra&justo=eget&sollicitudin=congue&ut=eget&suscipit=semper&a=rutrum&feugiat=nulla&et=nunc&eros=purus&vestibulum=phasellus&ac=in&est=felis&lacinia=donec&nisi=semper&venenatis=sapien&tristique=a&fusce=libero&congue=nam&diam=dui&id=proin&ornare=leo&imperdiet=odio&sapien=porttitor&urna=id&pretium=consequat&nisl=in&ut=consequat&volutpat=ut&sapien=nulla&arcu=sed&sed=accumsan&augue=felis&aliquam=ut&erat=at&volutpat=dolor&in=quis&congue=odio&etiam=consequat&justo=varius&etiam=integer&pretium=ac&iaculis=leo&justo=pellentesque&in=ultrices&hac=mattis&habitasse=odio&platea=donec&dictumst=vitae&etiam=nisi&faucibus=nam&cursus=ultrices&urna=libero&ut=non&tellus=mattis&nulla=pulvinar&ut=nulla&erat=pede&id=ullamcorper&mauris=augue&vulputate=a&elementum=suscipit&nullam=nulla&varius=elit&nulla=ac&facilisi=nulla&cras=sed&non=vel&velit=enim&nec=sit&nisi=amet&vulputate=nunc&nonummy=viverra&maecenas=dapibus&tincidunt=nulla&lacus=suscipit&at=ligula&velit=in&vivamus=lacus&vel=curabitur&nulla=at,TRUE
+https://ftc.gov/duis/bibendum.jpg?parturient=vel&montes=accumsan&nascetur=tellus&ridiculus=nisi&mus=eu&vivamus=orci&vestibulum=mauris&sagittis=lacinia&sapien=sapien&cum=quis&sociis=libero&natoque=nullam&penatibus=sit&et=amet&magnis=turpis&dis=elementum&parturient=ligula&montes=vehicula&nascetur=consequat&ridiculus=morbi&mus=a&etiam=ipsum&vel=integer&augue=a&vestibulum=nibh&rutrum=in&rutrum=quis&neque=justo&aenean=maecenas&auctor=rhoncus&gravida=aliquam&sem=lacus&praesent=morbi&id=quis&massa=tortor&id=id&nisl=nulla&venenatis=ultrices&lacinia=aliquet&aenean=maecenas&sit=leo&amet=odio&justo=condimentum&morbi=id&ut=luctus&odio=nec&cras=molestie&mi=sed&pede=justo&malesuada=pellentesque&in=viverra&imperdiet=pede&et=ac&commodo=diam&vulputate=cras&justo=pellentesque&in=volutpat&blandit=dui&ultrices=maecenas&enim=tristique&lorem=est&ipsum=et&dolor=tempus&sit=semper&amet=est&consectetuer=quam&adipiscing=pharetra&elit=magna&proin=ac&interdum=consequat&mauris=metus&non=sapien&ligula=ut&pellentesque=nunc&ultrices=vestibulum&phasellus=ante&id=ipsum&sapien=primis&in=in&sapien=faucibus&iaculis=orci&congue=luctus&vivamus=et&metus=ultrices&arcu=posuere&adipiscing=cubilia&molestie=curae,TRUE
+https://aol.com/suspendisse/potenti.png?nec=sapien&nisi=arcu&vulputate=sed&nonummy=augue&maecenas=aliquam&tincidunt=erat&lacus=volutpat&at=in&velit=congue&vivamus=etiam&vel=justo&nulla=etiam&eget=pretium&eros=iaculis&elementum=justo&pellentesque=in&quisque=hac&porta=habitasse&volutpat=platea&erat=dictumst&quisque=etiam&erat=faucibus&eros=cursus&viverra=urna&eget=ut&congue=tellus&eget=nulla&semper=ut&rutrum=erat&nulla=id&nunc=mauris&purus=vulputate&phasellus=elementum&in=nullam&felis=varius&donec=nulla&semper=facilisi,TRUE
+http://google.pl/nunc/vestibulum/ante/ipsum/primis/in.aspx?interdum=integer&eu=tincidunt&tincidunt=ante&in=vel&leo=ipsum&maecenas=praesent&pulvinar=blandit&lobortis=lacinia&est=erat&phasellus=vestibulum&sit=sed&amet=magna&erat=at&nulla=nunc&tempus=commodo&vivamus=placerat&in=praesent&felis=blandit&eu=nam&sapien=nulla&cursus=integer&vestibulum=pede&proin=justo&eu=lacinia&mi=eget&nulla=tincidunt&ac=eget&enim=tempus&in=vel&tempor=pede&turpis=morbi&nec=porttitor&euismod=lorem&scelerisque=id&quam=ligula&turpis=suspendisse&adipiscing=ornare&lorem=consequat&vitae=lectus&mattis=in&nibh=est&ligula=risus&nec=auctor&sem=sed&duis=tristique&aliquam=in&convallis=tempus&nunc=sit&proin=amet&at=sem&turpis=fusce&a=consequat&pede=nulla&posuere=nisl,TRUE
+https://intel.com/congue/etiam/justo/etiam/pretium/iaculis.aspx?posuere=sem&felis=praesent&sed=id&lacus=massa&morbi=id&sem=nisl&mauris=venenatis&laoreet=lacinia&ut=aenean&rhoncus=sit&aliquet=amet&pulvinar=justo&sed=morbi&nisl=ut&nunc=odio&rhoncus=cras&dui=mi&vel=pede&sem=malesuada&sed=in&sagittis=imperdiet&nam=et&congue=commodo&risus=vulputate&semper=justo&porta=in&volutpat=blandit&quam=ultrices&pede=enim&lobortis=lorem&ligula=ipsum&sit=dolor&amet=sit&eleifend=amet&pede=consectetuer&libero=adipiscing&quis=elit&orci=proin&nullam=interdum&molestie=mauris&nibh=non&in=ligula&lectus=pellentesque&pellentesque=ultrices&at=phasellus&nulla=id&suspendisse=sapien&potenti=in&cras=sapien&in=iaculis&purus=congue&eu=vivamus&magna=metus&vulputate=arcu&luctus=adipiscing&cum=molestie&sociis=hendrerit&natoque=at&penatibus=vulputate&et=vitae&magnis=nisl&dis=aenean&parturient=lectus&montes=pellentesque&nascetur=eget&ridiculus=nunc&mus=donec&vivamus=quis&vestibulum=orci&sagittis=eget&sapien=orci&cum=vehicula&sociis=condimentum&natoque=curabitur&penatibus=in&et=libero&magnis=ut&dis=massa&parturient=volutpat&montes=convallis&nascetur=morbi&ridiculus=odio&mus=odio&etiam=elementum&vel=eu&augue=interdum&vestibulum=eu&rutrum=tincidunt&rutrum=in&neque=leo&aenean=maecenas&auctor=pulvinar,TRUE
+https://microsoft.com/a/nibh/in/quis/justo.jsp?bibendum=erat&morbi=curabitur&non=gravida&quam=nisi&nec=at&dui=nibh&luctus=in&rutrum=hac&nulla=habitasse&tellus=platea&in=dictumst&sagittis=aliquam&dui=augue&vel=quam&nisl=sollicitudin&duis=vitae&ac=consectetuer&nibh=eget&fusce=rutrum&lacus=at&purus=lorem&aliquet=integer&at=tincidunt&feugiat=ante&non=vel&pretium=ipsum&quis=praesent&lectus=blandit&suspendisse=lacinia&potenti=erat&in=vestibulum&eleifend=sed&quam=magna&a=at&odio=nunc&in=commodo&hac=placerat&habitasse=praesent&platea=blandit&dictumst=nam&maecenas=nulla&ut=integer&massa=pede&quis=justo&augue=lacinia&luctus=eget&tincidunt=tincidunt&nulla=eget&mollis=tempus&molestie=vel&lorem=pede&quisque=morbi&ut=porttitor&erat=lorem&curabitur=id&gravida=ligula&nisi=suspendisse&at=ornare&nibh=consequat&in=lectus&hac=in&habitasse=est&platea=risus&dictumst=auctor&aliquam=sed&augue=tristique&quam=in&sollicitudin=tempus&vitae=sit&consectetuer=amet&eget=sem&rutrum=fusce&at=consequat&lorem=nulla&integer=nisl&tincidunt=nunc&ante=nisl&vel=duis&ipsum=bibendum&praesent=felis&blandit=sed&lacinia=interdum&erat=venenatis&vestibulum=turpis&sed=enim&magna=blandit&at=mi&nunc=in&commodo=porttitor&placerat=pede&praesent=justo&blandit=eu,TRUE
+https://domainmarket.com/interdum/in/ante/vestibulum.xml?sed=sollicitudin&ante=ut&vivamus=suscipit&tortor=a&duis=feugiat&mattis=et&egestas=eros&metus=vestibulum&aenean=ac&fermentum=est&donec=lacinia&ut=nisi&mauris=venenatis&eget=tristique&massa=fusce&tempor=congue&convallis=diam&nulla=id&neque=ornare&libero=imperdiet&convallis=sapien&eget=urna&eleifend=pretium&luctus=nisl&ultricies=ut&eu=volutpat&nibh=sapien&quisque=arcu&id=sed&justo=augue&sit=aliquam&amet=erat&sapien=volutpat&dignissim=in&vestibulum=congue&vestibulum=etiam&ante=justo&ipsum=etiam&primis=pretium&in=iaculis,TRUE
+https://usa.gov/justo/nec/condimentum/neque/sapien/placerat/ante.aspx?habitasse=sapien&platea=sapien&dictumst=non&maecenas=mi&ut=integer&massa=ac&quis=neque&augue=duis&luctus=bibendum&tincidunt=morbi&nulla=non&mollis=quam&molestie=nec&lorem=dui&quisque=luctus&ut=rutrum&erat=nulla&curabitur=tellus&gravida=in&nisi=sagittis&at=dui&nibh=vel&in=nisl&hac=duis&habitasse=ac&platea=nibh&dictumst=fusce&aliquam=lacus&augue=purus&quam=aliquet&sollicitudin=at&vitae=feugiat&consectetuer=non&eget=pretium&rutrum=quis&at=lectus&lorem=suspendisse&integer=potenti&tincidunt=in&ante=eleifend&vel=quam&ipsum=a&praesent=odio&blandit=in&lacinia=hac&erat=habitasse&vestibulum=platea&sed=dictumst&magna=maecenas&at=ut&nunc=massa&commodo=quis&placerat=augue&praesent=luctus&blandit=tincidunt&nam=nulla&nulla=mollis&integer=molestie&pede=lorem&justo=quisque&lacinia=ut&eget=erat&tincidunt=curabitur&eget=gravida&tempus=nisi&vel=at&pede=nibh&morbi=in&porttitor=hac&lorem=habitasse&id=platea&ligula=dictumst&suspendisse=aliquam&ornare=augue&consequat=quam&lectus=sollicitudin&in=vitae&est=consectetuer&risus=eget&auctor=rutrum&sed=at&tristique=lorem&in=integer&tempus=tincidunt&sit=ante&amet=vel&sem=ipsum&fusce=praesent&consequat=blandit&nulla=lacinia,TRUE
+http://ihg.com/consequat/morbi/a/ipsum/integer/a/nibh.jsp?mattis=posuere&nibh=cubilia&ligula=curae&nec=mauris&sem=viverra&duis=diam&aliquam=vitae&convallis=quam&nunc=suspendisse&proin=potenti&at=nullam&turpis=porttitor&a=lacus&pede=at&posuere=turpis&nonummy=donec&integer=posuere&non=metus&velit=vitae&donec=ipsum&diam=aliquam&neque=non&vestibulum=mauris&eget=morbi&vulputate=non&ut=lectus&ultrices=aliquam&vel=sit&augue=amet&vestibulum=diam&ante=in&ipsum=magna&primis=bibendum&in=imperdiet&faucibus=nullam&orci=orci&luctus=pede&et=venenatis&ultrices=non&posuere=sodales&cubilia=sed&curae=tincidunt&donec=eu&pharetra=felis&magna=fusce&vestibulum=posuere,TRUE
+http://businesswire.com/id/justo/sit/amet/sapien.json?nulla=nec&sed=dui&vel=luctus&enim=rutrum&sit=nulla&amet=tellus&nunc=in,TRUE
+https://storify.com/amet/nunc/viverra/dapibus/nulla.xml?quisque=amet&erat=diam&eros=in&viverra=magna&eget=bibendum&congue=imperdiet&eget=nullam&semper=orci&rutrum=pede&nulla=venenatis&nunc=non&purus=sodales&phasellus=sed&in=tincidunt&felis=eu&donec=felis&semper=fusce&sapien=posuere&a=felis&libero=sed&nam=lacus&dui=morbi&proin=sem&leo=mauris&odio=laoreet&porttitor=ut&id=rhoncus&consequat=aliquet&in=pulvinar&consequat=sed&ut=nisl&nulla=nunc&sed=rhoncus&accumsan=dui&felis=vel&ut=sem&at=sed&dolor=sagittis&quis=nam&odio=congue&consequat=risus&varius=semper&integer=porta&ac=volutpat&leo=quam&pellentesque=pede,TRUE
+https://china.com.cn/ultrices/erat/tortor/sollicitudin/mi.jpg?ridiculus=aliquet&mus=maecenas&vivamus=leo&vestibulum=odio&sagittis=condimentum&sapien=id&cum=luctus&sociis=nec&natoque=molestie&penatibus=sed&et=justo&magnis=pellentesque&dis=viverra&parturient=pede&montes=ac&nascetur=diam&ridiculus=cras&mus=pellentesque&etiam=volutpat&vel=dui&augue=maecenas&vestibulum=tristique&rutrum=est&rutrum=et&neque=tempus&aenean=semper&auctor=est&gravida=quam&sem=pharetra&praesent=magna&id=ac&massa=consequat&id=metus&nisl=sapien&venenatis=ut&lacinia=nunc&aenean=vestibulum&sit=ante&amet=ipsum&justo=primis&morbi=in&ut=faucibus&odio=orci&cras=luctus,TRUE
+http://amazon.com/vivamus/metus/arcu/adipiscing/molestie/hendrerit/at.jsp?augue=dapibus&quam=augue&sollicitudin=vel&vitae=accumsan&consectetuer=tellus&eget=nisi&rutrum=eu&at=orci&lorem=mauris&integer=lacinia&tincidunt=sapien&ante=quis&vel=libero&ipsum=nullam&praesent=sit&blandit=amet&lacinia=turpis&erat=elementum&vestibulum=ligula&sed=vehicula&magna=consequat&at=morbi&nunc=a&commodo=ipsum&placerat=integer&praesent=a&blandit=nibh&nam=in&nulla=quis&integer=justo&pede=maecenas&justo=rhoncus&lacinia=aliquam&eget=lacus&tincidunt=morbi&eget=quis&tempus=tortor&vel=id&pede=nulla&morbi=ultrices&porttitor=aliquet&lorem=maecenas&id=leo&ligula=odio&suspendisse=condimentum&ornare=id&consequat=luctus&lectus=nec&in=molestie&est=sed&risus=justo&auctor=pellentesque&sed=viverra&tristique=pede&in=ac&tempus=diam&sit=cras&amet=pellentesque&sem=volutpat&fusce=dui&consequat=maecenas&nulla=tristique&nisl=est&nunc=et&nisl=tempus&duis=semper&bibendum=est&felis=quam&sed=pharetra&interdum=magna&venenatis=ac&turpis=consequat&enim=metus&blandit=sapien&mi=ut&in=nunc&porttitor=vestibulum&pede=ante&justo=ipsum&eu=primis&massa=in&donec=faucibus&dapibus=orci&duis=luctus&at=et&velit=ultrices&eu=posuere&est=cubilia&congue=curae&elementum=mauris&in=viverra&hac=diam,TRUE
+http://fema.gov/consectetuer/eget/rutrum/at/lorem/integer/tincidunt.jpg?auctor=dui&sed=vel&tristique=sem&in=sed&tempus=sagittis&sit=nam&amet=congue&sem=risus,TRUE
+https://prlog.org/justo/pellentesque/viverra/pede.xml?nam=proin&dui=leo&proin=odio&leo=porttitor&odio=id&porttitor=consequat&id=in&consequat=consequat&in=ut&consequat=nulla&ut=sed&nulla=accumsan&sed=felis&accumsan=ut&felis=at&ut=dolor&at=quis&dolor=odio&quis=consequat&odio=varius&consequat=integer&varius=ac,TRUE
+http://marketwatch.com/turpis.xml?mauris=nulla&laoreet=dapibus&ut=dolor&rhoncus=vel&aliquet=est&pulvinar=donec&sed=odio&nisl=justo&nunc=sollicitudin&rhoncus=ut&dui=suscipit&vel=a&sem=feugiat&sed=et&sagittis=eros&nam=vestibulum&congue=ac&risus=est&semper=lacinia&porta=nisi&volutpat=venenatis&quam=tristique&pede=fusce&lobortis=congue&ligula=diam&sit=id&amet=ornare&eleifend=imperdiet&pede=sapien&libero=urna&quis=pretium,TRUE
+https://meetup.com/id.png?nisl=id&aenean=turpis&lectus=integer&pellentesque=aliquet&eget=massa&nunc=id&donec=lobortis&quis=convallis&orci=tortor&eget=risus&orci=dapibus&vehicula=augue&condimentum=vel&curabitur=accumsan&in=tellus&libero=nisi&ut=eu&massa=orci&volutpat=mauris&convallis=lacinia&morbi=sapien&odio=quis&odio=libero&elementum=nullam&eu=sit&interdum=amet&eu=turpis&tincidunt=elementum&in=ligula&leo=vehicula&maecenas=consequat&pulvinar=morbi&lobortis=a&est=ipsum&phasellus=integer&sit=a&amet=nibh&erat=in&nulla=quis&tempus=justo&vivamus=maecenas&in=rhoncus&felis=aliquam&eu=lacus&sapien=morbi&cursus=quis&vestibulum=tortor&proin=id&eu=nulla&mi=ultrices&nulla=aliquet&ac=maecenas&enim=leo&in=odio&tempor=condimentum&turpis=id&nec=luctus&euismod=nec&scelerisque=molestie&quam=sed,TRUE
+http://abc.net.au/neque/sapien/placerat/ante/nulla.html?tincidunt=ac&eget=neque&tempus=duis&vel=bibendum&pede=morbi&morbi=non&porttitor=quam&lorem=nec&id=dui&ligula=luctus&suspendisse=rutrum&ornare=nulla&consequat=tellus&lectus=in&in=sagittis&est=dui&risus=vel&auctor=nisl&sed=duis&tristique=ac&in=nibh&tempus=fusce&sit=lacus&amet=purus&sem=aliquet&fusce=at&consequat=feugiat&nulla=non&nisl=pretium&nunc=quis&nisl=lectus&duis=suspendisse&bibendum=potenti&felis=in&sed=eleifend&interdum=quam&venenatis=a&turpis=odio&enim=in&blandit=hac&mi=habitasse&in=platea&porttitor=dictumst&pede=maecenas&justo=ut&eu=massa&massa=quis&donec=augue&dapibus=luctus&duis=tincidunt&at=nulla&velit=mollis&eu=molestie&est=lorem&congue=quisque&elementum=ut&in=erat&hac=curabitur&habitasse=gravida&platea=nisi&dictumst=at&morbi=nibh&vestibulum=in&velit=hac&id=habitasse&pretium=platea&iaculis=dictumst&diam=aliquam&erat=augue&fermentum=quam&justo=sollicitudin&nec=vitae&condimentum=consectetuer&neque=eget&sapien=rutrum&placerat=at&ante=lorem&nulla=integer&justo=tincidunt&aliquam=ante,TRUE
+http://live.com/augue/vestibulum/rutrum/rutrum/neque/aenean.xml?ac=et&enim=tempus&in=semper&tempor=est&turpis=quam&nec=pharetra&euismod=magna&scelerisque=ac&quam=consequat&turpis=metus&adipiscing=sapien&lorem=ut&vitae=nunc&mattis=vestibulum&nibh=ante&ligula=ipsum&nec=primis&sem=in&duis=faucibus&aliquam=orci&convallis=luctus&nunc=et&proin=ultrices&at=posuere&turpis=cubilia&a=curae&pede=mauris&posuere=viverra&nonummy=diam&integer=vitae&non=quam&velit=suspendisse&donec=potenti&diam=nullam&neque=porttitor&vestibulum=lacus&eget=at&vulputate=turpis&ut=donec&ultrices=posuere&vel=metus,TRUE
+http://npr.org/varius.jpg?duis=ac&bibendum=leo&felis=pellentesque&sed=ultrices&interdum=mattis&venenatis=odio&turpis=donec&enim=vitae&blandit=nisi&mi=nam&in=ultrices&porttitor=libero&pede=non&justo=mattis&eu=pulvinar&massa=nulla&donec=pede&dapibus=ullamcorper&duis=augue&at=a&velit=suscipit&eu=nulla&est=elit&congue=ac&elementum=nulla&in=sed&hac=vel&habitasse=enim,TRUE
+https://tripod.com/a/odio/in.aspx?fusce=nulla&lacus=tellus&purus=in&aliquet=sagittis&at=dui&feugiat=vel&non=nisl&pretium=duis&quis=ac&lectus=nibh&suspendisse=fusce&potenti=lacus&in=purus&eleifend=aliquet&quam=at&a=feugiat&odio=non&in=pretium&hac=quis&habitasse=lectus&platea=suspendisse&dictumst=potenti&maecenas=in&ut=eleifend&massa=quam&quis=a&augue=odio&luctus=in&tincidunt=hac&nulla=habitasse&mollis=platea&molestie=dictumst&lorem=maecenas&quisque=ut&ut=massa&erat=quis&curabitur=augue&gravida=luctus&nisi=tincidunt&at=nulla&nibh=mollis&in=molestie&hac=lorem&habitasse=quisque&platea=ut&dictumst=erat&aliquam=curabitur&augue=gravida&quam=nisi&sollicitudin=at&vitae=nibh&consectetuer=in&eget=hac&rutrum=habitasse&at=platea&lorem=dictumst&integer=aliquam&tincidunt=augue&ante=quam&vel=sollicitudin&ipsum=vitae&praesent=consectetuer&blandit=eget&lacinia=rutrum&erat=at&vestibulum=lorem&sed=integer&magna=tincidunt&at=ante&nunc=vel&commodo=ipsum&placerat=praesent&praesent=blandit&blandit=lacinia&nam=erat&nulla=vestibulum&integer=sed&pede=magna&justo=at&lacinia=nunc&eget=commodo&tincidunt=placerat&eget=praesent&tempus=blandit&vel=nam&pede=nulla&morbi=integer&porttitor=pede&lorem=justo&id=lacinia&ligula=eget&suspendisse=tincidunt&ornare=eget&consequat=tempus&lectus=vel&in=pede,TRUE
+http://tmall.com/fringilla/rhoncus/mauris/enim.png?volutpat=aenean&in=fermentum&congue=donec&etiam=ut&justo=mauris&etiam=eget&pretium=massa&iaculis=tempor&justo=convallis&in=nulla&hac=neque&habitasse=libero&platea=convallis&dictumst=eget&etiam=eleifend&faucibus=luctus&cursus=ultricies&urna=eu&ut=nibh&tellus=quisque&nulla=id&ut=justo&erat=sit&id=amet&mauris=sapien&vulputate=dignissim&elementum=vestibulum&nullam=vestibulum&varius=ante&nulla=ipsum&facilisi=primis&cras=in&non=faucibus&velit=orci&nec=luctus&nisi=et&vulputate=ultrices&nonummy=posuere&maecenas=cubilia&tincidunt=curae&lacus=nulla,TRUE
+https://de.vu/sociis/natoque.js?orci=accumsan&mauris=odio&lacinia=curabitur&sapien=convallis&quis=duis&libero=consequat&nullam=dui&sit=nec&amet=nisi&turpis=volutpat&elementum=eleifend&ligula=donec&vehicula=ut&consequat=dolor&morbi=morbi&a=vel&ipsum=lectus&integer=in&a=quam&nibh=fringilla&in=rhoncus&quis=mauris&justo=enim&maecenas=leo&rhoncus=rhoncus&aliquam=sed&lacus=vestibulum&morbi=sit&quis=amet&tortor=cursus&id=id&nulla=turpis&ultrices=integer&aliquet=aliquet&maecenas=massa&leo=id&odio=lobortis&condimentum=convallis&id=tortor&luctus=risus&nec=dapibus&molestie=augue&sed=vel&justo=accumsan&pellentesque=tellus&viverra=nisi&pede=eu&ac=orci&diam=mauris&cras=lacinia&pellentesque=sapien&volutpat=quis&dui=libero&maecenas=nullam&tristique=sit&est=amet&et=turpis&tempus=elementum&semper=ligula&est=vehicula&quam=consequat&pharetra=morbi&magna=a&ac=ipsum&consequat=integer&metus=a&sapien=nibh&ut=in&nunc=quis&vestibulum=justo&ante=maecenas&ipsum=rhoncus&primis=aliquam&in=lacus&faucibus=morbi&orci=quis&luctus=tortor&et=id&ultrices=nulla&posuere=ultrices&cubilia=aliquet&curae=maecenas&mauris=leo&viverra=odio&diam=condimentum&vitae=id&quam=luctus&suspendisse=nec&potenti=molestie&nullam=sed&porttitor=justo&lacus=pellentesque&at=viverra&turpis=pede&donec=ac&posuere=diam&metus=cras&vitae=pellentesque,TRUE
+https://vk.com/suspendisse/accumsan/tortor.png?platea=nulla&dictumst=ultrices&aliquam=aliquet&augue=maecenas&quam=leo&sollicitudin=odio&vitae=condimentum&consectetuer=id&eget=luctus&rutrum=nec&at=molestie&lorem=sed&integer=justo&tincidunt=pellentesque&ante=viverra&vel=pede&ipsum=ac&praesent=diam&blandit=cras&lacinia=pellentesque&erat=volutpat&vestibulum=dui&sed=maecenas&magna=tristique&at=est&nunc=et&commodo=tempus&placerat=semper&praesent=est&blandit=quam&nam=pharetra&nulla=magna&integer=ac&pede=consequat&justo=metus&lacinia=sapien&eget=ut,TRUE
+https://dyndns.org/ultrices.png?nisi=nisi&eu=nam&orci=ultrices&mauris=libero&lacinia=non&sapien=mattis&quis=pulvinar&libero=nulla&nullam=pede,TRUE
+http://jimdo.com/massa/quis/augue.json?nunc=tortor&vestibulum=duis&ante=mattis&ipsum=egestas&primis=metus&in=aenean&faucibus=fermentum&orci=donec&luctus=ut&et=mauris&ultrices=eget&posuere=massa&cubilia=tempor&curae=convallis&mauris=nulla&viverra=neque&diam=libero&vitae=convallis&quam=eget&suspendisse=eleifend&potenti=luctus&nullam=ultricies&porttitor=eu&lacus=nibh&at=quisque&turpis=id&donec=justo&posuere=sit&metus=amet&vitae=sapien&ipsum=dignissim&aliquam=vestibulum&non=vestibulum&mauris=ante&morbi=ipsum&non=primis&lectus=in&aliquam=faucibus&sit=orci&amet=luctus&diam=et&in=ultrices&magna=posuere&bibendum=cubilia&imperdiet=curae&nullam=nulla&orci=dapibus&pede=dolor&venenatis=vel&non=est&sodales=donec&sed=odio&tincidunt=justo&eu=sollicitudin&felis=ut&fusce=suscipit&posuere=a&felis=feugiat&sed=et&lacus=eros&morbi=vestibulum&sem=ac&mauris=est&laoreet=lacinia&ut=nisi&rhoncus=venenatis&aliquet=tristique&pulvinar=fusce&sed=congue&nisl=diam&nunc=id&rhoncus=ornare&dui=imperdiet&vel=sapien&sem=urna&sed=pretium&sagittis=nisl&nam=ut&congue=volutpat&risus=sapien&semper=arcu&porta=sed&volutpat=augue&quam=aliquam&pede=erat&lobortis=volutpat&ligula=in&sit=congue&amet=etiam&eleifend=justo&pede=etiam&libero=pretium&quis=iaculis,TRUE
+https://flickr.com/eget/vulputate.html?nulla=dictumst&neque=etiam&libero=faucibus&convallis=cursus&eget=urna&eleifend=ut&luctus=tellus&ultricies=nulla&eu=ut&nibh=erat&quisque=id&id=mauris&justo=vulputate&sit=elementum&amet=nullam&sapien=varius&dignissim=nulla&vestibulum=facilisi&vestibulum=cras&ante=non&ipsum=velit&primis=nec&in=nisi&faucibus=vulputate&orci=nonummy&luctus=maecenas&et=tincidunt&ultrices=lacus&posuere=at&cubilia=velit&curae=vivamus&nulla=vel&dapibus=nulla&dolor=eget&vel=eros&est=elementum&donec=pellentesque&odio=quisque&justo=porta&sollicitudin=volutpat&ut=erat&suscipit=quisque&a=erat&feugiat=eros&et=viverra&eros=eget&vestibulum=congue&ac=eget&est=semper&lacinia=rutrum&nisi=nulla&venenatis=nunc&tristique=purus&fusce=phasellus&congue=in&diam=felis&id=donec&ornare=semper&imperdiet=sapien&sapien=a&urna=libero&pretium=nam&nisl=dui&ut=proin&volutpat=leo&sapien=odio&arcu=porttitor&sed=id&augue=consequat&aliquam=in&erat=consequat&volutpat=ut,TRUE
+https://histats.com/eu/massa/donec/dapibus/duis.jpg?magna=dapibus&at=augue&nunc=vel,TRUE
+https://cnet.com/ut/nulla/sed/accumsan/felis/ut.json?turpis=volutpat&elementum=in&ligula=congue&vehicula=etiam&consequat=justo&morbi=etiam&a=pretium&ipsum=iaculis&integer=justo&a=in&nibh=hac&in=habitasse&quis=platea&justo=dictumst&maecenas=etiam&rhoncus=faucibus&aliquam=cursus&lacus=urna&morbi=ut&quis=tellus&tortor=nulla&id=ut&nulla=erat&ultrices=id&aliquet=mauris&maecenas=vulputate&leo=elementum&odio=nullam&condimentum=varius&id=nulla&luctus=facilisi&nec=cras&molestie=non&sed=velit&justo=nec&pellentesque=nisi&viverra=vulputate&pede=nonummy&ac=maecenas&diam=tincidunt&cras=lacus&pellentesque=at&volutpat=velit&dui=vivamus&maecenas=vel&tristique=nulla&est=eget&et=eros&tempus=elementum&semper=pellentesque&est=quisque&quam=porta&pharetra=volutpat&magna=erat&ac=quisque&consequat=erat&metus=eros&sapien=viverra&ut=eget&nunc=congue&vestibulum=eget&ante=semper&ipsum=rutrum&primis=nulla&in=nunc&faucibus=purus&orci=phasellus,TRUE
+https://auda.org.au/lectus.jsp?mauris=amet&enim=erat&leo=nulla&rhoncus=tempus&sed=vivamus&vestibulum=in&sit=felis&amet=eu&cursus=sapien&id=cursus&turpis=vestibulum&integer=proin&aliquet=eu&massa=mi&id=nulla&lobortis=ac&convallis=enim&tortor=in&risus=tempor&dapibus=turpis&augue=nec&vel=euismod&accumsan=scelerisque&tellus=quam&nisi=turpis&eu=adipiscing&orci=lorem&mauris=vitae&lacinia=mattis&sapien=nibh&quis=ligula&libero=nec&nullam=sem&sit=duis&amet=aliquam&turpis=convallis&elementum=nunc&ligula=proin&vehicula=at&consequat=turpis&morbi=a&a=pede&ipsum=posuere&integer=nonummy&a=integer&nibh=non&in=velit&quis=donec&justo=diam&maecenas=neque&rhoncus=vestibulum&aliquam=eget&lacus=vulputate&morbi=ut&quis=ultrices&tortor=vel&id=augue&nulla=vestibulum&ultrices=ante&aliquet=ipsum&maecenas=primis&leo=in&odio=faucibus&condimentum=orci&id=luctus&luctus=et&nec=ultrices&molestie=posuere&sed=cubilia&justo=curae&pellentesque=donec&viverra=pharetra&pede=magna&ac=vestibulum&diam=aliquet,TRUE
+https://cnet.com/est/quam/pharetra/magna/ac.png?diam=nec&cras=dui&pellentesque=luctus&volutpat=rutrum&dui=nulla&maecenas=tellus&tristique=in&est=sagittis&et=dui&tempus=vel&semper=nisl&est=duis&quam=ac&pharetra=nibh&magna=fusce&ac=lacus&consequat=purus&metus=aliquet&sapien=at&ut=feugiat&nunc=non&vestibulum=pretium&ante=quis&ipsum=lectus&primis=suspendisse&in=potenti&faucibus=in&orci=eleifend&luctus=quam&et=a&ultrices=odio&posuere=in&cubilia=hac&curae=habitasse&mauris=platea&viverra=dictumst&diam=maecenas&vitae=ut&quam=massa&suspendisse=quis&potenti=augue&nullam=luctus&porttitor=tincidunt&lacus=nulla&at=mollis&turpis=molestie&donec=lorem&posuere=quisque&metus=ut&vitae=erat&ipsum=curabitur&aliquam=gravida&non=nisi&mauris=at&morbi=nibh&non=in&lectus=hac&aliquam=habitasse&sit=platea&amet=dictumst&diam=aliquam&in=augue&magna=quam&bibendum=sollicitudin&imperdiet=vitae&nullam=consectetuer&orci=eget&pede=rutrum&venenatis=at&non=lorem&sodales=integer&sed=tincidunt&tincidunt=ante&eu=vel&felis=ipsum&fusce=praesent&posuere=blandit&felis=lacinia&sed=erat&lacus=vestibulum&morbi=sed&sem=magna&mauris=at&laoreet=nunc&ut=commodo&rhoncus=placerat&aliquet=praesent&pulvinar=blandit&sed=nam,TRUE
+https://storify.com/integer.png?in=vestibulum&felis=quam&eu=sapien&sapien=varius&cursus=ut&vestibulum=blandit&proin=non&eu=interdum&mi=in&nulla=ante&ac=vestibulum&enim=ante&in=ipsum&tempor=primis&turpis=in&nec=faucibus&euismod=orci&scelerisque=luctus&quam=et&turpis=ultrices&adipiscing=posuere&lorem=cubilia&vitae=curae,TRUE
+https://washingtonpost.com/donec/vitae.jpg?semper=integer&rutrum=ac&nulla=neque&nunc=duis&purus=bibendum&phasellus=morbi&in=non&felis=quam&donec=nec&semper=dui&sapien=luctus&a=rutrum&libero=nulla&nam=tellus&dui=in&proin=sagittis&leo=dui&odio=vel&porttitor=nisl&id=duis&consequat=ac&in=nibh&consequat=fusce&ut=lacus&nulla=purus&sed=aliquet&accumsan=at&felis=feugiat&ut=non&at=pretium&dolor=quis&quis=lectus&odio=suspendisse&consequat=potenti&varius=in&integer=eleifend&ac=quam&leo=a&pellentesque=odio&ultrices=in&mattis=hac&odio=habitasse&donec=platea&vitae=dictumst&nisi=maecenas&nam=ut&ultrices=massa&libero=quis&non=augue&mattis=luctus&pulvinar=tincidunt&nulla=nulla&pede=mollis&ullamcorper=molestie&augue=lorem&a=quisque&suscipit=ut&nulla=erat&elit=curabitur&ac=gravida&nulla=nisi&sed=at&vel=nibh&enim=in&sit=hac&amet=habitasse&nunc=platea&viverra=dictumst&dapibus=aliquam&nulla=augue&suscipit=quam&ligula=sollicitudin&in=vitae&lacus=consectetuer&curabitur=eget&at=rutrum&ipsum=at&ac=lorem&tellus=integer&semper=tincidunt&interdum=ante&mauris=vel&ullamcorper=ipsum&purus=praesent&sit=blandit&amet=lacinia&nulla=erat&quisque=vestibulum&arcu=sed&libero=magna&rutrum=at&ac=nunc&lobortis=commodo&vel=placerat&dapibus=praesent&at=blandit&diam=nam&nam=nulla&tristique=integer&tortor=pede,TRUE
+https://mtv.com/elementum/nullam/varius/nulla.json?vitae=commodo&mattis=vulputate&nibh=justo&ligula=in&nec=blandit&sem=ultrices&duis=enim&aliquam=lorem&convallis=ipsum&nunc=dolor&proin=sit&at=amet&turpis=consectetuer&a=adipiscing&pede=elit&posuere=proin&nonummy=interdum&integer=mauris&non=non&velit=ligula&donec=pellentesque&diam=ultrices&neque=phasellus&vestibulum=id&eget=sapien&vulputate=in&ut=sapien&ultrices=iaculis&vel=congue&augue=vivamus&vestibulum=metus&ante=arcu&ipsum=adipiscing&primis=molestie&in=hendrerit&faucibus=at&orci=vulputate&luctus=vitae&et=nisl&ultrices=aenean&posuere=lectus&cubilia=pellentesque&curae=eget&donec=nunc&pharetra=donec&magna=quis&vestibulum=orci&aliquet=eget&ultrices=orci&erat=vehicula&tortor=condimentum&sollicitudin=curabitur&mi=in&sit=libero&amet=ut&lobortis=massa&sapien=volutpat&sapien=convallis&non=morbi&mi=odio&integer=odio&ac=elementum&neque=eu&duis=interdum&bibendum=eu,TRUE
+https://ocn.ne.jp/vel/est/donec/odio/justo.jsp?rutrum=tristique&nulla=est&tellus=et&in=tempus&sagittis=semper&dui=est&vel=quam&nisl=pharetra&duis=magna&ac=ac&nibh=consequat&fusce=metus&lacus=sapien&purus=ut&aliquet=nunc&at=vestibulum&feugiat=ante&non=ipsum&pretium=primis&quis=in&lectus=faucibus&suspendisse=orci&potenti=luctus&in=et&eleifend=ultrices&quam=posuere&a=cubilia&odio=curae&in=mauris&hac=viverra&habitasse=diam&platea=vitae&dictumst=quam&maecenas=suspendisse&ut=potenti&massa=nullam&quis=porttitor&augue=lacus&luctus=at&tincidunt=turpis&nulla=donec&mollis=posuere&molestie=metus&lorem=vitae&quisque=ipsum&ut=aliquam&erat=non&curabitur=mauris&gravida=morbi&nisi=non&at=lectus&nibh=aliquam&in=sit&hac=amet&habitasse=diam&platea=in&dictumst=magna&aliquam=bibendum&augue=imperdiet&quam=nullam&sollicitudin=orci&vitae=pede&consectetuer=venenatis&eget=non&rutrum=sodales&at=sed&lorem=tincidunt&integer=eu&tincidunt=felis&ante=fusce&vel=posuere&ipsum=felis&praesent=sed&blandit=lacus&lacinia=morbi&erat=sem&vestibulum=mauris&sed=laoreet&magna=ut&at=rhoncus&nunc=aliquet&commodo=pulvinar&placerat=sed&praesent=nisl&blandit=nunc&nam=rhoncus&nulla=dui&integer=vel&pede=sem&justo=sed&lacinia=sagittis&eget=nam&tincidunt=congue&eget=risus,TRUE
+https://gmpg.org/eget/tincidunt/eget/tempus/vel/pede.jpg?volutpat=justo&erat=nec&quisque=condimentum,TRUE
+http://yolasite.com/nisl.jpg?non=ut&mauris=dolor&morbi=morbi&non=vel&lectus=lectus&aliquam=in&sit=quam&amet=fringilla,TRUE
+https://ucoz.com/non/mattis/pulvinar.jpg?aliquam=tellus&convallis=nulla&nunc=ut&proin=erat&at=id&turpis=mauris&a=vulputate&pede=elementum&posuere=nullam&nonummy=varius&integer=nulla&non=facilisi&velit=cras&donec=non&diam=velit&neque=nec&vestibulum=nisi&eget=vulputate&vulputate=nonummy&ut=maecenas&ultrices=tincidunt&vel=lacus&augue=at&vestibulum=velit&ante=vivamus&ipsum=vel&primis=nulla&in=eget&faucibus=eros&orci=elementum,TRUE
+https://php.net/ornare/consequat/lectus/in/est.js?nascetur=eu&ridiculus=felis&mus=fusce&vivamus=posuere&vestibulum=felis&sagittis=sed&sapien=lacus&cum=morbi&sociis=sem&natoque=mauris&penatibus=laoreet&et=ut&magnis=rhoncus&dis=aliquet&parturient=pulvinar&montes=sed&nascetur=nisl&ridiculus=nunc&mus=rhoncus&etiam=dui&vel=vel&augue=sem&vestibulum=sed&rutrum=sagittis&rutrum=nam&neque=congue&aenean=risus&auctor=semper&gravida=porta&sem=volutpat&praesent=quam&id=pede&massa=lobortis&id=ligula&nisl=sit&venenatis=amet&lacinia=eleifend&aenean=pede&sit=libero&amet=quis&justo=orci&morbi=nullam&ut=molestie&odio=nibh&cras=in&mi=lectus&pede=pellentesque&malesuada=at&in=nulla&imperdiet=suspendisse&et=potenti&commodo=cras&vulputate=in&justo=purus&in=eu&blandit=magna&ultrices=vulputate&enim=luctus&lorem=cum&ipsum=sociis&dolor=natoque&sit=penatibus&amet=et&consectetuer=magnis&adipiscing=dis&elit=parturient&proin=montes&interdum=nascetur&mauris=ridiculus&non=mus,TRUE
+https://eventbrite.com/phasellus/sit/amet/erat/nulla.js?eget=neque&nunc=aenean&donec=auctor&quis=gravida&orci=sem&eget=praesent&orci=id&vehicula=massa&condimentum=id&curabitur=nisl&in=venenatis&libero=lacinia&ut=aenean&massa=sit&volutpat=amet&convallis=justo&morbi=morbi&odio=ut&odio=odio&elementum=cras&eu=mi&interdum=pede&eu=malesuada&tincidunt=in&in=imperdiet&leo=et&maecenas=commodo&pulvinar=vulputate&lobortis=justo&est=in&phasellus=blandit&sit=ultrices&amet=enim&erat=lorem&nulla=ipsum&tempus=dolor&vivamus=sit&in=amet&felis=consectetuer&eu=adipiscing&sapien=elit&cursus=proin&vestibulum=interdum&proin=mauris&eu=non&mi=ligula&nulla=pellentesque&ac=ultrices&enim=phasellus&in=id&tempor=sapien&turpis=in&nec=sapien&euismod=iaculis&scelerisque=congue&quam=vivamus&turpis=metus&adipiscing=arcu&lorem=adipiscing&vitae=molestie&mattis=hendrerit&nibh=at&ligula=vulputate&nec=vitae&sem=nisl&duis=aenean&aliquam=lectus&convallis=pellentesque&nunc=eget&proin=nunc,TRUE
+http://tumblr.com/porttitor/lorem.png?id=risus&consequat=praesent&in=lectus&consequat=vestibulum&ut=quam&nulla=sapien,TRUE
+http://nydailynews.com/praesent/id/massa/id/nisl/venenatis.js?vehicula=metus&condimentum=vitae&curabitur=ipsum&in=aliquam&libero=non&ut=mauris&massa=morbi&volutpat=non&convallis=lectus&morbi=aliquam&odio=sit&odio=amet&elementum=diam&eu=in&interdum=magna&eu=bibendum&tincidunt=imperdiet&in=nullam&leo=orci&maecenas=pede&pulvinar=venenatis&lobortis=non&est=sodales&phasellus=sed&sit=tincidunt&amet=eu&erat=felis&nulla=fusce&tempus=posuere&vivamus=felis&in=sed&felis=lacus&eu=morbi&sapien=sem&cursus=mauris&vestibulum=laoreet&proin=ut&eu=rhoncus&mi=aliquet&nulla=pulvinar&ac=sed&enim=nisl&in=nunc&tempor=rhoncus&turpis=dui&nec=vel&euismod=sem&scelerisque=sed&quam=sagittis&turpis=nam&adipiscing=congue&lorem=risus&vitae=semper&mattis=porta&nibh=volutpat&ligula=quam&nec=pede&sem=lobortis&duis=ligula&aliquam=sit&convallis=amet&nunc=eleifend&proin=pede&at=libero&turpis=quis&a=orci&pede=nullam&posuere=molestie&nonummy=nibh&integer=in&non=lectus&velit=pellentesque&donec=at&diam=nulla&neque=suspendisse&vestibulum=potenti&eget=cras&vulputate=in&ut=purus&ultrices=eu&vel=magna&augue=vulputate&vestibulum=luctus,TRUE
+http://cnbc.com/dolor/vel/est/donec/odio/justo/sollicitudin.xml?vestibulum=nisl&eget=ut&vulputate=volutpat&ut=sapien&ultrices=arcu&vel=sed&augue=augue&vestibulum=aliquam&ante=erat&ipsum=volutpat&primis=in&in=congue&faucibus=etiam&orci=justo&luctus=etiam&et=pretium&ultrices=iaculis&posuere=justo&cubilia=in&curae=hac&donec=habitasse&pharetra=platea&magna=dictumst&vestibulum=etiam&aliquet=faucibus&ultrices=cursus&erat=urna&tortor=ut,TRUE
+http://altervista.org/sed.html?neque=diam&libero=id,TRUE
+http://ucoz.com/proin/interdum/mauris/non/ligula.html?lorem=ipsum&integer=primis&tincidunt=in&ante=faucibus&vel=orci&ipsum=luctus&praesent=et&blandit=ultrices&lacinia=posuere&erat=cubilia&vestibulum=curae&sed=donec&magna=pharetra&at=magna&nunc=vestibulum&commodo=aliquet&placerat=ultrices&praesent=erat&blandit=tortor&nam=sollicitudin&nulla=mi&integer=sit&pede=amet&justo=lobortis&lacinia=sapien&eget=sapien&tincidunt=non&eget=mi&tempus=integer&vel=ac&pede=neque&morbi=duis&porttitor=bibendum&lorem=morbi&id=non&ligula=quam&suspendisse=nec&ornare=dui&consequat=luctus&lectus=rutrum&in=nulla&est=tellus&risus=in&auctor=sagittis&sed=dui&tristique=vel&in=nisl&tempus=duis&sit=ac&amet=nibh&sem=fusce&fusce=lacus&consequat=purus&nulla=aliquet&nisl=at&nunc=feugiat&nisl=non&duis=pretium&bibendum=quis&felis=lectus&sed=suspendisse&interdum=potenti&venenatis=in&turpis=eleifend&enim=quam&blandit=a&mi=odio&in=in&porttitor=hac,TRUE
+https://opera.com/iaculis/congue.jsp?sem=augue&fusce=aliquam&consequat=erat&nulla=volutpat&nisl=in&nunc=congue&nisl=etiam&duis=justo&bibendum=etiam&felis=pretium&sed=iaculis&interdum=justo&venenatis=in,TRUE
+http://dyndns.org/odio/elementum/eu/interdum/eu/tincidunt.html?nisi=blandit&volutpat=nam&eleifend=nulla&donec=integer&ut=pede&dolor=justo&morbi=lacinia&vel=eget&lectus=tincidunt&in=eget&quam=tempus&fringilla=vel&rhoncus=pede&mauris=morbi&enim=porttitor&leo=lorem&rhoncus=id&sed=ligula&vestibulum=suspendisse&sit=ornare&amet=consequat&cursus=lectus&id=in&turpis=est&integer=risus&aliquet=auctor&massa=sed&id=tristique&lobortis=in&convallis=tempus&tortor=sit&risus=amet&dapibus=sem&augue=fusce&vel=consequat&accumsan=nulla&tellus=nisl&nisi=nunc&eu=nisl&orci=duis&mauris=bibendum&lacinia=felis&sapien=sed&quis=interdum&libero=venenatis&nullam=turpis&sit=enim&amet=blandit&turpis=mi&elementum=in&ligula=porttitor&vehicula=pede&consequat=justo&morbi=eu&a=massa&ipsum=donec&integer=dapibus&a=duis&nibh=at&in=velit&quis=eu&justo=est&maecenas=congue&rhoncus=elementum&aliquam=in&lacus=hac&morbi=habitasse&quis=platea&tortor=dictumst&id=morbi&nulla=vestibulum&ultrices=velit&aliquet=id&maecenas=pretium&leo=iaculis&odio=diam&condimentum=erat&id=fermentum&luctus=justo&nec=nec,TRUE
+https://china.com.cn/in/porttitor/pede/justo/eu/massa.xml?montes=ut&nascetur=nulla&ridiculus=sed&mus=accumsan&etiam=felis&vel=ut&augue=at&vestibulum=dolor&rutrum=quis&rutrum=odio&neque=consequat&aenean=varius&auctor=integer&gravida=ac&sem=leo&praesent=pellentesque&id=ultrices&massa=mattis&id=odio&nisl=donec&venenatis=vitae&lacinia=nisi&aenean=nam&sit=ultrices&amet=libero&justo=non&morbi=mattis&ut=pulvinar&odio=nulla&cras=pede&mi=ullamcorper&pede=augue&malesuada=a&in=suscipit&imperdiet=nulla&et=elit&commodo=ac&vulputate=nulla&justo=sed&in=vel&blandit=enim&ultrices=sit&enim=amet&lorem=nunc&ipsum=viverra&dolor=dapibus&sit=nulla&amet=suscipit&consectetuer=ligula&adipiscing=in&elit=lacus,TRUE
+http://google.de/aliquam/augue/quam.aspx?convallis=vel&nulla=lectus&neque=in&libero=quam&convallis=fringilla&eget=rhoncus,TRUE
+http://parallels.com/donec.xml?integer=proin&pede=at&justo=turpis&lacinia=a&eget=pede&tincidunt=posuere&eget=nonummy&tempus=integer&vel=non&pede=velit&morbi=donec&porttitor=diam&lorem=neque&id=vestibulum&ligula=eget&suspendisse=vulputate&ornare=ut&consequat=ultrices&lectus=vel&in=augue&est=vestibulum&risus=ante&auctor=ipsum&sed=primis&tristique=in&in=faucibus&tempus=orci&sit=luctus&amet=et&sem=ultrices&fusce=posuere&consequat=cubilia&nulla=curae&nisl=donec&nunc=pharetra&nisl=magna&duis=vestibulum&bibendum=aliquet&felis=ultrices&sed=erat&interdum=tortor&venenatis=sollicitudin&turpis=mi&enim=sit&blandit=amet&mi=lobortis&in=sapien&porttitor=sapien&pede=non&justo=mi&eu=integer&massa=ac&donec=neque&dapibus=duis&duis=bibendum&at=morbi&velit=non&eu=quam&est=nec&congue=dui&elementum=luctus&in=rutrum&hac=nulla&habitasse=tellus&platea=in&dictumst=sagittis&morbi=dui&vestibulum=vel&velit=nisl&id=duis&pretium=ac&iaculis=nibh&diam=fusce&erat=lacus&fermentum=purus&justo=aliquet&nec=at&condimentum=feugiat&neque=non&sapien=pretium,TRUE
+http://mysql.com/at/turpis.json?malesuada=mi&in=nulla&imperdiet=ac,TRUE
+https://blinklist.com/turpis/donec.jpg?in=justo&porttitor=maecenas&pede=rhoncus&justo=aliquam&eu=lacus&massa=morbi&donec=quis&dapibus=tortor&duis=id&at=nulla&velit=ultrices&eu=aliquet&est=maecenas&congue=leo&elementum=odio&in=condimentum&hac=id&habitasse=luctus&platea=nec&dictumst=molestie&morbi=sed&vestibulum=justo&velit=pellentesque&id=viverra&pretium=pede&iaculis=ac&diam=diam&erat=cras&fermentum=pellentesque&justo=volutpat,TRUE
+http://com.com/habitasse/platea/dictumst.html?est=imperdiet&quam=nullam&pharetra=orci&magna=pede&ac=venenatis&consequat=non&metus=sodales&sapien=sed&ut=tincidunt&nunc=eu&vestibulum=felis&ante=fusce&ipsum=posuere&primis=felis&in=sed&faucibus=lacus&orci=morbi,TRUE
+http://ftc.gov/magna/vulputate/luctus.js?vel=parturient&est=montes&donec=nascetur&odio=ridiculus&justo=mus&sollicitudin=vivamus&ut=vestibulum&suscipit=sagittis&a=sapien&feugiat=cum&et=sociis&eros=natoque&vestibulum=penatibus&ac=et&est=magnis&lacinia=dis&nisi=parturient&venenatis=montes&tristique=nascetur&fusce=ridiculus&congue=mus&diam=etiam&id=vel&ornare=augue&imperdiet=vestibulum&sapien=rutrum&urna=rutrum&pretium=neque&nisl=aenean&ut=auctor&volutpat=gravida&sapien=sem&arcu=praesent&sed=id&augue=massa&aliquam=id&erat=nisl&volutpat=venenatis&in=lacinia&congue=aenean&etiam=sit&justo=amet&etiam=justo&pretium=morbi&iaculis=ut&justo=odio&in=cras&hac=mi&habitasse=pede,TRUE
+http://foxnews.com/amet/consectetuer/adipiscing/elit.json?primis=in&in=est&faucibus=risus&orci=auctor&luctus=sed&et=tristique&ultrices=in&posuere=tempus&cubilia=sit&curae=amet&mauris=sem&viverra=fusce&diam=consequat&vitae=nulla&quam=nisl&suspendisse=nunc&potenti=nisl&nullam=duis&porttitor=bibendum&lacus=felis&at=sed&turpis=interdum&donec=venenatis&posuere=turpis&metus=enim&vitae=blandit&ipsum=mi&aliquam=in&non=porttitor&mauris=pede&morbi=justo&non=eu&lectus=massa&aliquam=donec&sit=dapibus&amet=duis&diam=at&in=velit&magna=eu&bibendum=est&imperdiet=congue&nullam=elementum&orci=in&pede=hac&venenatis=habitasse&non=platea&sodales=dictumst&sed=morbi&tincidunt=vestibulum&eu=velit&felis=id&fusce=pretium&posuere=iaculis&felis=diam&sed=erat&lacus=fermentum&morbi=justo&sem=nec&mauris=condimentum&laoreet=neque&ut=sapien&rhoncus=placerat&aliquet=ante&pulvinar=nulla&sed=justo&nisl=aliquam&nunc=quis&rhoncus=turpis&dui=eget&vel=elit&sem=sodales&sed=scelerisque&sagittis=mauris&nam=sit&congue=amet&risus=eros&semper=suspendisse&porta=accumsan&volutpat=tortor&quam=quis&pede=turpis&lobortis=sed&ligula=ante&sit=vivamus&amet=tortor&eleifend=duis&pede=mattis&libero=egestas&quis=metus&orci=aenean,TRUE
+https://blinklist.com/sapien/ut/nunc/vestibulum/ante/ipsum.jsp?id=ligula&luctus=suspendisse&nec=ornare&molestie=consequat&sed=lectus&justo=in&pellentesque=est&viverra=risus&pede=auctor&ac=sed&diam=tristique&cras=in&pellentesque=tempus&volutpat=sit&dui=amet&maecenas=sem&tristique=fusce&est=consequat&et=nulla&tempus=nisl&semper=nunc&est=nisl&quam=duis&pharetra=bibendum&magna=felis&ac=sed&consequat=interdum&metus=venenatis&sapien=turpis&ut=enim&nunc=blandit&vestibulum=mi&ante=in&ipsum=porttitor&primis=pede&in=justo&faucibus=eu&orci=massa&luctus=donec&et=dapibus&ultrices=duis&posuere=at&cubilia=velit&curae=eu,TRUE
+http://hc360.com/vestibulum/aliquet/ultrices/erat/tortor/sollicitudin.json?dolor=odio&sit=odio&amet=elementum&consectetuer=eu&adipiscing=interdum&elit=eu&proin=tincidunt&risus=in&praesent=leo&lectus=maecenas&vestibulum=pulvinar&quam=lobortis&sapien=est&varius=phasellus&ut=sit&blandit=amet&non=erat&interdum=nulla&in=tempus&ante=vivamus&vestibulum=in&ante=felis&ipsum=eu&primis=sapien&in=cursus&faucibus=vestibulum&orci=proin&luctus=eu&et=mi&ultrices=nulla,TRUE
+http://prnewswire.com/pulvinar/nulla/pede/ullamcorper/augue/a.aspx?lobortis=eget&convallis=tincidunt&tortor=eget&risus=tempus&dapibus=vel&augue=pede&vel=morbi&accumsan=porttitor&tellus=lorem&nisi=id&eu=ligula&orci=suspendisse&mauris=ornare&lacinia=consequat&sapien=lectus&quis=in&libero=est&nullam=risus&sit=auctor&amet=sed&turpis=tristique&elementum=in&ligula=tempus&vehicula=sit&consequat=amet&morbi=sem&a=fusce&ipsum=consequat&integer=nulla&a=nisl&nibh=nunc&in=nisl&quis=duis&justo=bibendum&maecenas=felis&rhoncus=sed&aliquam=interdum&lacus=venenatis&morbi=turpis&quis=enim&tortor=blandit&id=mi&nulla=in&ultrices=porttitor&aliquet=pede&maecenas=justo&leo=eu&odio=massa&condimentum=donec&id=dapibus&luctus=duis&nec=at&molestie=velit&sed=eu&justo=est&pellentesque=congue&viverra=elementum&pede=in&ac=hac&diam=habitasse&cras=platea&pellentesque=dictumst&volutpat=morbi&dui=vestibulum&maecenas=velit&tristique=id&est=pretium&et=iaculis&tempus=diam&semper=erat&est=fermentum&quam=justo&pharetra=nec&magna=condimentum&ac=neque&consequat=sapien&metus=placerat&sapien=ante&ut=nulla&nunc=justo&vestibulum=aliquam&ante=quis,TRUE
+http://networksolutions.com/curabitur/gravida/nisi/at.jsp?quam=vitae&a=quam&odio=suspendisse&in=potenti&hac=nullam&habitasse=porttitor&platea=lacus&dictumst=at&maecenas=turpis&ut=donec&massa=posuere&quis=metus&augue=vitae&luctus=ipsum&tincidunt=aliquam&nulla=non&mollis=mauris&molestie=morbi&lorem=non&quisque=lectus&ut=aliquam&erat=sit&curabitur=amet&gravida=diam&nisi=in&at=magna&nibh=bibendum&in=imperdiet&hac=nullam&habitasse=orci&platea=pede&dictumst=venenatis&aliquam=non&augue=sodales&quam=sed&sollicitudin=tincidunt&vitae=eu&consectetuer=felis&eget=fusce&rutrum=posuere&at=felis&lorem=sed&integer=lacus&tincidunt=morbi&ante=sem&vel=mauris,TRUE
+http://biglobe.ne.jp/morbi/a/ipsum/integer.html?congue=praesent&diam=blandit&id=lacinia&ornare=erat&imperdiet=vestibulum&sapien=sed&urna=magna&pretium=at&nisl=nunc&ut=commodo&volutpat=placerat&sapien=praesent&arcu=blandit&sed=nam&augue=nulla&aliquam=integer&erat=pede&volutpat=justo&in=lacinia&congue=eget&etiam=tincidunt&justo=eget&etiam=tempus&pretium=vel&iaculis=pede&justo=morbi&in=porttitor&hac=lorem&habitasse=id&platea=ligula&dictumst=suspendisse&etiam=ornare&faucibus=consequat&cursus=lectus&urna=in&ut=est,TRUE
+https://fda.gov/velit.aspx?pede=nisi&justo=volutpat&lacinia=eleifend&eget=donec&tincidunt=ut&eget=dolor&tempus=morbi&vel=vel&pede=lectus&morbi=in&porttitor=quam&lorem=fringilla&id=rhoncus&ligula=mauris&suspendisse=enim&ornare=leo&consequat=rhoncus&lectus=sed&in=vestibulum&est=sit&risus=amet&auctor=cursus&sed=id&tristique=turpis&in=integer&tempus=aliquet&sit=massa&amet=id&sem=lobortis&fusce=convallis&consequat=tortor&nulla=risus&nisl=dapibus&nunc=augue&nisl=vel&duis=accumsan&bibendum=tellus,TRUE
+https://furl.net/nibh/quisque/id/justo.jpg?penatibus=risus&et=praesent&magnis=lectus&dis=vestibulum&parturient=quam&montes=sapien&nascetur=varius&ridiculus=ut&mus=blandit&vivamus=non&vestibulum=interdum&sagittis=in&sapien=ante&cum=vestibulum&sociis=ante&natoque=ipsum&penatibus=primis&et=in&magnis=faucibus&dis=orci&parturient=luctus&montes=et&nascetur=ultrices&ridiculus=posuere&mus=cubilia&etiam=curae&vel=duis&augue=faucibus&vestibulum=accumsan&rutrum=odio&rutrum=curabitur&neque=convallis&aenean=duis,TRUE
+http://fda.gov/ac/consequat.json?massa=metus&volutpat=sapien&convallis=ut&morbi=nunc&odio=vestibulum&odio=ante&elementum=ipsum&eu=primis&interdum=in&eu=faucibus&tincidunt=orci&in=luctus&leo=et&maecenas=ultrices&pulvinar=posuere&lobortis=cubilia&est=curae,TRUE
+http://lulu.com/vitae/nisl/aenean/lectus.aspx?posuere=arcu&cubilia=adipiscing&curae=molestie&duis=hendrerit&faucibus=at&accumsan=vulputate&odio=vitae&curabitur=nisl&convallis=aenean&duis=lectus&consequat=pellentesque&dui=eget&nec=nunc&nisi=donec&volutpat=quis&eleifend=orci&donec=eget&ut=orci&dolor=vehicula&morbi=condimentum&vel=curabitur&lectus=in&in=libero&quam=ut&fringilla=massa&rhoncus=volutpat&mauris=convallis&enim=morbi&leo=odio&rhoncus=odio&sed=elementum&vestibulum=eu&sit=interdum&amet=eu&cursus=tincidunt&id=in&turpis=leo&integer=maecenas&aliquet=pulvinar&massa=lobortis&id=est&lobortis=phasellus&convallis=sit&tortor=amet&risus=erat&dapibus=nulla&augue=tempus&vel=vivamus&accumsan=in&tellus=felis&nisi=eu&eu=sapien&orci=cursus&mauris=vestibulum&lacinia=proin&sapien=eu&quis=mi&libero=nulla&nullam=ac&sit=enim&amet=in&turpis=tempor&elementum=turpis&ligula=nec&vehicula=euismod&consequat=scelerisque&morbi=quam&a=turpis&ipsum=adipiscing&integer=lorem&a=vitae&nibh=mattis&in=nibh,TRUE
+https://state.tx.us/amet/erat/nulla/tempus/vivamus/in.aspx?justo=pede&morbi=justo&ut=eu&odio=massa&cras=donec&mi=dapibus&pede=duis&malesuada=at&in=velit&imperdiet=eu&et=est&commodo=congue&vulputate=elementum&justo=in&in=hac&blandit=habitasse&ultrices=platea&enim=dictumst&lorem=morbi&ipsum=vestibulum&dolor=velit&sit=id&amet=pretium&consectetuer=iaculis&adipiscing=diam&elit=erat&proin=fermentum&interdum=justo&mauris=nec&non=condimentum&ligula=neque&pellentesque=sapien&ultrices=placerat&phasellus=ante&id=nulla&sapien=justo&in=aliquam&sapien=quis&iaculis=turpis&congue=eget,TRUE
+http://example.com/justo.jpg?odio=elementum&curabitur=pellentesque&convallis=quisque&duis=porta&consequat=volutpat&dui=erat&nec=quisque&nisi=erat&volutpat=eros&eleifend=viverra&donec=eget&ut=congue&dolor=eget&morbi=semper&vel=rutrum&lectus=nulla&in=nunc&quam=purus&fringilla=phasellus&rhoncus=in&mauris=felis&enim=donec&leo=semper&rhoncus=sapien&sed=a&vestibulum=libero&sit=nam&amet=dui&cursus=proin&id=leo&turpis=odio&integer=porttitor&aliquet=id&massa=consequat&id=in&lobortis=consequat&convallis=ut&tortor=nulla&risus=sed&dapibus=accumsan&augue=felis&vel=ut&accumsan=at&tellus=dolor&nisi=quis&eu=odio&orci=consequat&mauris=varius&lacinia=integer&sapien=ac&quis=leo&libero=pellentesque&nullam=ultrices&sit=mattis&amet=odio&turpis=donec&elementum=vitae&ligula=nisi&vehicula=nam&consequat=ultrices&morbi=libero&a=non&ipsum=mattis&integer=pulvinar&a=nulla,TRUE
+https://lycos.com/ridiculus/mus/etiam/vel/augue.json?vel=nulla&nulla=suspendisse&eget=potenti&eros=cras&elementum=in&pellentesque=purus&quisque=eu&porta=magna&volutpat=vulputate&erat=luctus&quisque=cum&erat=sociis&eros=natoque&viverra=penatibus&eget=et&congue=magnis&eget=dis&semper=parturient&rutrum=montes&nulla=nascetur&nunc=ridiculus&purus=mus&phasellus=vivamus&in=vestibulum&felis=sagittis&donec=sapien&semper=cum&sapien=sociis&a=natoque&libero=penatibus&nam=et&dui=magnis&proin=dis&leo=parturient&odio=montes&porttitor=nascetur&id=ridiculus,TRUE
+http://utexas.edu/est/risus.json?eu=nunc&massa=proin&donec=at&dapibus=turpis&duis=a&at=pede&velit=posuere&eu=nonummy&est=integer&congue=non&elementum=velit&in=donec&hac=diam&habitasse=neque&platea=vestibulum&dictumst=eget&morbi=vulputate&vestibulum=ut&velit=ultrices&id=vel&pretium=augue&iaculis=vestibulum&diam=ante&erat=ipsum&fermentum=primis&justo=in&nec=faucibus&condimentum=orci&neque=luctus&sapien=et&placerat=ultrices&ante=posuere&nulla=cubilia&justo=curae&aliquam=donec&quis=pharetra&turpis=magna&eget=vestibulum&elit=aliquet&sodales=ultrices&scelerisque=erat&mauris=tortor&sit=sollicitudin&amet=mi&eros=sit&suspendisse=amet&accumsan=lobortis&tortor=sapien&quis=sapien&turpis=non&sed=mi&ante=integer&vivamus=ac&tortor=neque&duis=duis,TRUE
+http://dell.com/elementum/pellentesque/quisque.xml?quam=praesent&suspendisse=id&potenti=massa&nullam=id&porttitor=nisl&lacus=venenatis&at=lacinia&turpis=aenean&donec=sit&posuere=amet&metus=justo&vitae=morbi&ipsum=ut&aliquam=odio&non=cras&mauris=mi&morbi=pede&non=malesuada&lectus=in&aliquam=imperdiet&sit=et&amet=commodo&diam=vulputate&in=justo&magna=in&bibendum=blandit&imperdiet=ultrices&nullam=enim&orci=lorem&pede=ipsum&venenatis=dolor&non=sit&sodales=amet&sed=consectetuer&tincidunt=adipiscing&eu=elit&felis=proin&fusce=interdum&posuere=mauris&felis=non&sed=ligula&lacus=pellentesque&morbi=ultrices&sem=phasellus&mauris=id&laoreet=sapien&ut=in&rhoncus=sapien&aliquet=iaculis&pulvinar=congue&sed=vivamus&nisl=metus&nunc=arcu&rhoncus=adipiscing&dui=molestie&vel=hendrerit&sem=at&sed=vulputate&sagittis=vitae&nam=nisl&congue=aenean&risus=lectus&semper=pellentesque&porta=eget&volutpat=nunc&quam=donec&pede=quis&lobortis=orci&ligula=eget&sit=orci&amet=vehicula&eleifend=condimentum&pede=curabitur&libero=in&quis=libero&orci=ut&nullam=massa&molestie=volutpat&nibh=convallis&in=morbi&lectus=odio&pellentesque=odio&at=elementum&nulla=eu&suspendisse=interdum,TRUE
+https://reverbnation.com/lobortis/vel/dapibus.xml?vehicula=non&consequat=pretium&morbi=quis&a=lectus&ipsum=suspendisse&integer=potenti&a=in&nibh=eleifend&in=quam&quis=a&justo=odio&maecenas=in&rhoncus=hac&aliquam=habitasse&lacus=platea&morbi=dictumst&quis=maecenas&tortor=ut&id=massa&nulla=quis&ultrices=augue&aliquet=luctus&maecenas=tincidunt&leo=nulla&odio=mollis&condimentum=molestie&id=lorem&luctus=quisque&nec=ut&molestie=erat&sed=curabitur&justo=gravida&pellentesque=nisi,TRUE
+http://mlb.com/mauris/laoreet/ut/rhoncus.aspx?proin=mauris&risus=eget&praesent=massa&lectus=tempor&vestibulum=convallis&quam=nulla&sapien=neque&varius=libero&ut=convallis&blandit=eget&non=eleifend&interdum=luctus&in=ultricies&ante=eu&vestibulum=nibh&ante=quisque&ipsum=id&primis=justo&in=sit&faucibus=amet&orci=sapien&luctus=dignissim&et=vestibulum&ultrices=vestibulum&posuere=ante&cubilia=ipsum&curae=primis&duis=in&faucibus=faucibus&accumsan=orci&odio=luctus&curabitur=et&convallis=ultrices&duis=posuere&consequat=cubilia&dui=curae&nec=nulla&nisi=dapibus&volutpat=dolor&eleifend=vel&donec=est&ut=donec&dolor=odio&morbi=justo&vel=sollicitudin&lectus=ut&in=suscipit&quam=a&fringilla=feugiat&rhoncus=et&mauris=eros&enim=vestibulum&leo=ac&rhoncus=est&sed=lacinia&vestibulum=nisi&sit=venenatis&amet=tristique&cursus=fusce&id=congue&turpis=diam&integer=id&aliquet=ornare&massa=imperdiet&id=sapien&lobortis=urna&convallis=pretium&tortor=nisl&risus=ut,TRUE
+http://omniture.com/velit/vivamus/vel.json?ipsum=diam&primis=id&in=ornare&faucibus=imperdiet&orci=sapien&luctus=urna&et=pretium&ultrices=nisl&posuere=ut&cubilia=volutpat&curae=sapien&mauris=arcu&viverra=sed&diam=augue&vitae=aliquam&quam=erat&suspendisse=volutpat&potenti=in&nullam=congue&porttitor=etiam&lacus=justo&at=etiam&turpis=pretium&donec=iaculis&posuere=justo&metus=in&vitae=hac&ipsum=habitasse&aliquam=platea&non=dictumst&mauris=etiam&morbi=faucibus&non=cursus&lectus=urna&aliquam=ut&sit=tellus&amet=nulla&diam=ut&in=erat&magna=id&bibendum=mauris&imperdiet=vulputate&nullam=elementum&orci=nullam&pede=varius&venenatis=nulla&non=facilisi&sodales=cras&sed=non&tincidunt=velit&eu=nec&felis=nisi&fusce=vulputate&posuere=nonummy&felis=maecenas&sed=tincidunt&lacus=lacus&morbi=at&sem=velit&mauris=vivamus&laoreet=vel&ut=nulla&rhoncus=eget&aliquet=eros&pulvinar=elementum&sed=pellentesque&nisl=quisque&nunc=porta&rhoncus=volutpat&dui=erat&vel=quisque,TRUE
+http://howstuffworks.com/pellentesque/quisque/porta/volutpat/erat.jsp?odio=condimentum&justo=id&sollicitudin=luctus&ut=nec&suscipit=molestie&a=sed&feugiat=justo&et=pellentesque&eros=viverra&vestibulum=pede&ac=ac&est=diam&lacinia=cras&nisi=pellentesque&venenatis=volutpat&tristique=dui&fusce=maecenas&congue=tristique&diam=est&id=et&ornare=tempus&imperdiet=semper&sapien=est&urna=quam,TRUE
+https://odnoklassniki.ru/pretium/quis/lectus/suspendisse/potenti.png?felis=lorem&fusce=ipsum&posuere=dolor&felis=sit&sed=amet&lacus=consectetuer&morbi=adipiscing&sem=elit&mauris=proin&laoreet=interdum&ut=mauris&rhoncus=non&aliquet=ligula&pulvinar=pellentesque&sed=ultrices&nisl=phasellus&nunc=id&rhoncus=sapien&dui=in&vel=sapien&sem=iaculis&sed=congue&sagittis=vivamus&nam=metus&congue=arcu&risus=adipiscing&semper=molestie&porta=hendrerit&volutpat=at&quam=vulputate&pede=vitae&lobortis=nisl&ligula=aenean&sit=lectus&amet=pellentesque&eleifend=eget&pede=nunc&libero=donec&quis=quis&orci=orci&nullam=eget&molestie=orci&nibh=vehicula&in=condimentum&lectus=curabitur&pellentesque=in&at=libero&nulla=ut&suspendisse=massa&potenti=volutpat&cras=convallis&in=morbi&purus=odio&eu=odio&magna=elementum&vulputate=eu&luctus=interdum,TRUE
+https://mlb.com/ligula/nec/sem/duis/aliquam/convallis.js?venenatis=vulputate&non=elementum&sodales=nullam&sed=varius&tincidunt=nulla&eu=facilisi&felis=cras&fusce=non&posuere=velit&felis=nec&sed=nisi&lacus=vulputate&morbi=nonummy&sem=maecenas&mauris=tincidunt&laoreet=lacus&ut=at&rhoncus=velit&aliquet=vivamus&pulvinar=vel&sed=nulla&nisl=eget&nunc=eros&rhoncus=elementum&dui=pellentesque&vel=quisque&sem=porta&sed=volutpat&sagittis=erat&nam=quisque,TRUE
+https://pbs.org/eget/semper/rutrum/nulla.aspx?diam=nonummy&neque=maecenas&vestibulum=tincidunt&eget=lacus&vulputate=at&ut=velit&ultrices=vivamus&vel=vel&augue=nulla&vestibulum=eget&ante=eros&ipsum=elementum&primis=pellentesque&in=quisque&faucibus=porta&orci=volutpat&luctus=erat&et=quisque&ultrices=erat&posuere=eros&cubilia=viverra&curae=eget&donec=congue&pharetra=eget&magna=semper&vestibulum=rutrum&aliquet=nulla&ultrices=nunc&erat=purus&tortor=phasellus&sollicitudin=in&mi=felis&sit=donec&amet=semper&lobortis=sapien&sapien=a&sapien=libero&non=nam&mi=dui&integer=proin&ac=leo&neque=odio&duis=porttitor&bibendum=id&morbi=consequat&non=in&quam=consequat&nec=ut&dui=nulla&luctus=sed&rutrum=accumsan&nulla=felis&tellus=ut&in=at&sagittis=dolor&dui=quis&vel=odio&nisl=consequat&duis=varius,TRUE
+https://cmu.edu/justo/sit/amet/sapien/dignissim/vestibulum/vestibulum.png?habitasse=auctor&platea=gravida&dictumst=sem&morbi=praesent&vestibulum=id&velit=massa&id=id&pretium=nisl&iaculis=venenatis&diam=lacinia&erat=aenean,TRUE
+https://e-recht24.de/a/pede/posuere.html?varius=dignissim&ut=vestibulum&blandit=vestibulum&non=ante&interdum=ipsum&in=primis&ante=in&vestibulum=faucibus&ante=orci&ipsum=luctus&primis=et&in=ultrices&faucibus=posuere&orci=cubilia&luctus=curae&et=nulla&ultrices=dapibus&posuere=dolor&cubilia=vel&curae=est&duis=donec&faucibus=odio&accumsan=justo&odio=sollicitudin&curabitur=ut&convallis=suscipit&duis=a&consequat=feugiat&dui=et&nec=eros&nisi=vestibulum&volutpat=ac&eleifend=est&donec=lacinia&ut=nisi&dolor=venenatis&morbi=tristique&vel=fusce&lectus=congue&in=diam&quam=id&fringilla=ornare&rhoncus=imperdiet&mauris=sapien&enim=urna&leo=pretium&rhoncus=nisl&sed=ut&vestibulum=volutpat&sit=sapien&amet=arcu&cursus=sed&id=augue&turpis=aliquam&integer=erat&aliquet=volutpat&massa=in&id=congue&lobortis=etiam&convallis=justo&tortor=etiam&risus=pretium&dapibus=iaculis&augue=justo&vel=in&accumsan=hac&tellus=habitasse&nisi=platea&eu=dictumst&orci=etiam&mauris=faucibus,TRUE
+http://lycos.com/enim/blandit/mi/in/porttitor/pede.html?porta=tortor&volutpat=quis&quam=turpis&pede=sed&lobortis=ante&ligula=vivamus&sit=tortor&amet=duis&eleifend=mattis&pede=egestas&libero=metus&quis=aenean&orci=fermentum&nullam=donec&molestie=ut,TRUE
+http://naver.com/curae.png?quam=quis&suspendisse=augue&potenti=luctus&nullam=tincidunt&porttitor=nulla&lacus=mollis&at=molestie&turpis=lorem&donec=quisque&posuere=ut&metus=erat&vitae=curabitur&ipsum=gravida&aliquam=nisi&non=at&mauris=nibh&morbi=in&non=hac&lectus=habitasse&aliquam=platea&sit=dictumst&amet=aliquam&diam=augue&in=quam&magna=sollicitudin&bibendum=vitae&imperdiet=consectetuer&nullam=eget&orci=rutrum&pede=at,TRUE
+http://cbc.ca/porttitor/lorem.xml?massa=erat&tempor=id&convallis=mauris&nulla=vulputate&neque=elementum&libero=nullam&convallis=varius&eget=nulla&eleifend=facilisi&luctus=cras&ultricies=non&eu=velit&nibh=nec&quisque=nisi&id=vulputate&justo=nonummy&sit=maecenas&amet=tincidunt&sapien=lacus&dignissim=at&vestibulum=velit&vestibulum=vivamus&ante=vel&ipsum=nulla&primis=eget&in=eros&faucibus=elementum&orci=pellentesque&luctus=quisque&et=porta&ultrices=volutpat&posuere=erat&cubilia=quisque&curae=erat&nulla=eros&dapibus=viverra&dolor=eget&vel=congue&est=eget,TRUE
+http://typepad.com/justo/aliquam/quis/turpis/eget/elit.xml?gravida=ipsum&nisi=dolor&at=sit&nibh=amet&in=consectetuer&hac=adipiscing&habitasse=elit&platea=proin&dictumst=interdum&aliquam=mauris&augue=non&quam=ligula&sollicitudin=pellentesque&vitae=ultrices&consectetuer=phasellus&eget=id&rutrum=sapien&at=in&lorem=sapien&integer=iaculis&tincidunt=congue&ante=vivamus&vel=metus&ipsum=arcu&praesent=adipiscing&blandit=molestie&lacinia=hendrerit&erat=at&vestibulum=vulputate&sed=vitae&magna=nisl&at=aenean&nunc=lectus&commodo=pellentesque&placerat=eget&praesent=nunc&blandit=donec&nam=quis&nulla=orci&integer=eget&pede=orci&justo=vehicula&lacinia=condimentum&eget=curabitur&tincidunt=in&eget=libero&tempus=ut&vel=massa,TRUE
+http://who.int/non/mauris/morbi/non.js?rhoncus=eget&aliquam=eleifend&lacus=luctus&morbi=ultricies&quis=eu&tortor=nibh&id=quisque&nulla=id&ultrices=justo&aliquet=sit&maecenas=amet&leo=sapien&odio=dignissim&condimentum=vestibulum&id=vestibulum&luctus=ante&nec=ipsum&molestie=primis&sed=in,TRUE
+http://wikispaces.com/augue/aliquam/erat.html?mauris=nisi&non=eu,TRUE
+http://jugem.jp/molestie/lorem/quisque.xml?in=quam&hac=a&habitasse=odio&platea=in&dictumst=hac&aliquam=habitasse&augue=platea&quam=dictumst&sollicitudin=maecenas&vitae=ut&consectetuer=massa&eget=quis&rutrum=augue&at=luctus&lorem=tincidunt&integer=nulla&tincidunt=mollis&ante=molestie&vel=lorem&ipsum=quisque&praesent=ut,TRUE
+https://shutterfly.com/lobortis/vel/dapibus/at/diam.jsp?dui=tristique&proin=est&leo=et&odio=tempus&porttitor=semper&id=est&consequat=quam&in=pharetra&consequat=magna&ut=ac&nulla=consequat&sed=metus&accumsan=sapien&felis=ut&ut=nunc&at=vestibulum&dolor=ante&quis=ipsum&odio=primis&consequat=in&varius=faucibus&integer=orci&ac=luctus&leo=et&pellentesque=ultrices&ultrices=posuere&mattis=cubilia&odio=curae&donec=mauris&vitae=viverra&nisi=diam&nam=vitae&ultrices=quam&libero=suspendisse&non=potenti&mattis=nullam&pulvinar=porttitor&nulla=lacus&pede=at&ullamcorper=turpis&augue=donec&a=posuere&suscipit=metus&nulla=vitae&elit=ipsum&ac=aliquam&nulla=non&sed=mauris&vel=morbi&enim=non&sit=lectus,TRUE
+https://instagram.com/elit/proin/interdum.aspx?neque=amet&aenean=cursus&auctor=id&gravida=turpis&sem=integer&praesent=aliquet&id=massa&massa=id&id=lobortis&nisl=convallis&venenatis=tortor&lacinia=risus&aenean=dapibus&sit=augue,TRUE
+https://cdbaby.com/sit/amet/eleifend/pede/libero/quis.png?cum=felis&sociis=sed&natoque=lacus&penatibus=morbi&et=sem&magnis=mauris&dis=laoreet&parturient=ut&montes=rhoncus&nascetur=aliquet&ridiculus=pulvinar&mus=sed&etiam=nisl&vel=nunc&augue=rhoncus&vestibulum=dui&rutrum=vel&rutrum=sem&neque=sed&aenean=sagittis&auctor=nam&gravida=congue&sem=risus&praesent=semper&id=porta&massa=volutpat&id=quam&nisl=pede&venenatis=lobortis&lacinia=ligula&aenean=sit&sit=amet&amet=eleifend&justo=pede&morbi=libero&ut=quis&odio=orci&cras=nullam&mi=molestie&pede=nibh&malesuada=in&in=lectus&imperdiet=pellentesque&et=at&commodo=nulla&vulputate=suspendisse&justo=potenti&in=cras&blandit=in&ultrices=purus&enim=eu&lorem=magna&ipsum=vulputate&dolor=luctus&sit=cum&amet=sociis&consectetuer=natoque&adipiscing=penatibus&elit=et&proin=magnis&interdum=dis&mauris=parturient&non=montes&ligula=nascetur&pellentesque=ridiculus&ultrices=mus&phasellus=vivamus,TRUE
+http://artisteer.com/eu/magna/vulputate/luctus/cum/sociis.jpg?in=quisque&faucibus=porta&orci=volutpat&luctus=erat&et=quisque&ultrices=erat&posuere=eros&cubilia=viverra&curae=eget&duis=congue&faucibus=eget&accumsan=semper&odio=rutrum&curabitur=nulla&convallis=nunc&duis=purus&consequat=phasellus&dui=in&nec=felis&nisi=donec&volutpat=semper&eleifend=sapien&donec=a&ut=libero&dolor=nam&morbi=dui&vel=proin&lectus=leo&in=odio&quam=porttitor&fringilla=id&rhoncus=consequat&mauris=in&enim=consequat&leo=ut&rhoncus=nulla&sed=sed&vestibulum=accumsan&sit=felis&amet=ut&cursus=at&id=dolor&turpis=quis&integer=odio&aliquet=consequat&massa=varius&id=integer&lobortis=ac&convallis=leo&tortor=pellentesque&risus=ultrices&dapibus=mattis&augue=odio&vel=donec&accumsan=vitae&tellus=nisi&nisi=nam&eu=ultrices&orci=libero&mauris=non&lacinia=mattis&sapien=pulvinar&quis=nulla&libero=pede&nullam=ullamcorper&sit=augue&amet=a&turpis=suscipit&elementum=nulla&ligula=elit&vehicula=ac&consequat=nulla&morbi=sed&a=vel&ipsum=enim&integer=sit&a=amet&nibh=nunc&in=viverra&quis=dapibus&justo=nulla&maecenas=suscipit&rhoncus=ligula&aliquam=in&lacus=lacus&morbi=curabitur&quis=at&tortor=ipsum&id=ac&nulla=tellus&ultrices=semper&aliquet=interdum&maecenas=mauris&leo=ullamcorper&odio=purus&condimentum=sit&id=amet,TRUE
+http://bandcamp.com/sed/augue/aliquam/erat.jsp?sed=nunc&interdum=rhoncus&venenatis=dui&turpis=vel&enim=sem&blandit=sed&mi=sagittis&in=nam&porttitor=congue&pede=risus&justo=semper&eu=porta&massa=volutpat&donec=quam&dapibus=pede&duis=lobortis&at=ligula&velit=sit&eu=amet&est=eleifend&congue=pede&elementum=libero&in=quis&hac=orci&habitasse=nullam&platea=molestie&dictumst=nibh&morbi=in&vestibulum=lectus&velit=pellentesque&id=at&pretium=nulla&iaculis=suspendisse&diam=potenti&erat=cras&fermentum=in&justo=purus&nec=eu&condimentum=magna&neque=vulputate&sapien=luctus&placerat=cum&ante=sociis&nulla=natoque&justo=penatibus&aliquam=et&quis=magnis&turpis=dis&eget=parturient&elit=montes&sodales=nascetur&scelerisque=ridiculus&mauris=mus&sit=vivamus&amet=vestibulum&eros=sagittis&suspendisse=sapien&accumsan=cum&tortor=sociis&quis=natoque&turpis=penatibus&sed=et&ante=magnis&vivamus=dis&tortor=parturient&duis=montes&mattis=nascetur&egestas=ridiculus&metus=mus&aenean=etiam&fermentum=vel&donec=augue&ut=vestibulum&mauris=rutrum&eget=rutrum&massa=neque&tempor=aenean&convallis=auctor&nulla=gravida&neque=sem&libero=praesent&convallis=id&eget=massa&eleifend=id&luctus=nisl&ultricies=venenatis&eu=lacinia&nibh=aenean,TRUE
+http://shinystat.com/diam/neque/vestibulum/eget/vulputate.xml?ut=eros&blandit=vestibulum&non=ac&interdum=est&in=lacinia&ante=nisi&vestibulum=venenatis&ante=tristique&ipsum=fusce&primis=congue&in=diam&faucibus=id&orci=ornare&luctus=imperdiet&et=sapien&ultrices=urna&posuere=pretium&cubilia=nisl&curae=ut&duis=volutpat&faucibus=sapien&accumsan=arcu&odio=sed&curabitur=augue&convallis=aliquam&duis=erat&consequat=volutpat&dui=in&nec=congue&nisi=etiam&volutpat=justo&eleifend=etiam&donec=pretium&ut=iaculis&dolor=justo&morbi=in&vel=hac&lectus=habitasse&in=platea&quam=dictumst&fringilla=etiam&rhoncus=faucibus&mauris=cursus&enim=urna&leo=ut&rhoncus=tellus&sed=nulla&vestibulum=ut&sit=erat&amet=id&cursus=mauris&id=vulputate&turpis=elementum&integer=nullam&aliquet=varius&massa=nulla&id=facilisi&lobortis=cras&convallis=non&tortor=velit&risus=nec&dapibus=nisi&augue=vulputate&vel=nonummy&accumsan=maecenas&tellus=tincidunt&nisi=lacus&eu=at&orci=velit&mauris=vivamus&lacinia=vel&sapien=nulla&quis=eget&libero=eros&nullam=elementum&sit=pellentesque&amet=quisque&turpis=porta&elementum=volutpat&ligula=erat&vehicula=quisque,TRUE
+https://vistaprint.com/duis/bibendum.json?vestibulum=ut&rutrum=odio&rutrum=cras&neque=mi&aenean=pede&auctor=malesuada&gravida=in&sem=imperdiet&praesent=et&id=commodo&massa=vulputate&id=justo&nisl=in&venenatis=blandit&lacinia=ultrices&aenean=enim&sit=lorem&amet=ipsum&justo=dolor&morbi=sit&ut=amet&odio=consectetuer&cras=adipiscing&mi=elit&pede=proin&malesuada=interdum&in=mauris&imperdiet=non&et=ligula&commodo=pellentesque&vulputate=ultrices&justo=phasellus&in=id&blandit=sapien&ultrices=in&enim=sapien&lorem=iaculis&ipsum=congue&dolor=vivamus&sit=metus&amet=arcu&consectetuer=adipiscing&adipiscing=molestie&elit=hendrerit&proin=at&interdum=vulputate&mauris=vitae&non=nisl&ligula=aenean&pellentesque=lectus&ultrices=pellentesque&phasellus=eget&id=nunc&sapien=donec&in=quis&sapien=orci&iaculis=eget&congue=orci&vivamus=vehicula&metus=condimentum&arcu=curabitur&adipiscing=in&molestie=libero,TRUE
+http://rediff.com/non.aspx?duis=justo&mattis=in&egestas=blandit&metus=ultrices&aenean=enim&fermentum=lorem&donec=ipsum&ut=dolor&mauris=sit&eget=amet&massa=consectetuer&tempor=adipiscing&convallis=elit&nulla=proin&neque=interdum&libero=mauris&convallis=non&eget=ligula&eleifend=pellentesque&luctus=ultrices&ultricies=phasellus&eu=id&nibh=sapien&quisque=in&id=sapien&justo=iaculis&sit=congue&amet=vivamus,TRUE
+http://furl.net/tempor/convallis/nulla/neque/libero/convallis.aspx?justo=vestibulum&etiam=vestibulum&pretium=ante&iaculis=ipsum&justo=primis&in=in&hac=faucibus&habitasse=orci&platea=luctus&dictumst=et&etiam=ultrices&faucibus=posuere&cursus=cubilia&urna=curae&ut=nulla&tellus=dapibus&nulla=dolor&ut=vel&erat=est&id=donec&mauris=odio&vulputate=justo&elementum=sollicitudin&nullam=ut&varius=suscipit&nulla=a&facilisi=feugiat&cras=et&non=eros&velit=vestibulum&nec=ac&nisi=est&vulputate=lacinia&nonummy=nisi&maecenas=venenatis&tincidunt=tristique&lacus=fusce&at=congue&velit=diam&vivamus=id&vel=ornare&nulla=imperdiet&eget=sapien&eros=urna&elementum=pretium&pellentesque=nisl&quisque=ut&porta=volutpat&volutpat=sapien&erat=arcu&quisque=sed&erat=augue&eros=aliquam&viverra=erat&eget=volutpat&congue=in&eget=congue&semper=etiam&rutrum=justo&nulla=etiam&nunc=pretium&purus=iaculis&phasellus=justo&in=in&felis=hac&donec=habitasse&semper=platea&sapien=dictumst&a=etiam&libero=faucibus&nam=cursus&dui=urna&proin=ut&leo=tellus&odio=nulla&porttitor=ut&id=erat&consequat=id&in=mauris&consequat=vulputate&ut=elementum&nulla=nullam&sed=varius&accumsan=nulla&felis=facilisi&ut=cras&at=non&dolor=velit&quis=nec&odio=nisi&consequat=vulputate&varius=nonummy&integer=maecenas&ac=tincidunt&leo=lacus&pellentesque=at&ultrices=velit&mattis=vivamus&odio=vel,TRUE
+https://wikimedia.org/sapien/iaculis.xml?ultrices=integer&phasellus=a&id=nibh&sapien=in&in=quis,TRUE
+http://smh.com.au/aliquam/sit/amet/diam/in.jsp?id=velit&sapien=donec&in=diam&sapien=neque&iaculis=vestibulum&congue=eget&vivamus=vulputate&metus=ut&arcu=ultrices&adipiscing=vel&molestie=augue&hendrerit=vestibulum&at=ante&vulputate=ipsum&vitae=primis&nisl=in&aenean=faucibus&lectus=orci&pellentesque=luctus&eget=et&nunc=ultrices&donec=posuere&quis=cubilia&orci=curae&eget=donec&orci=pharetra&vehicula=magna&condimentum=vestibulum&curabitur=aliquet&in=ultrices&libero=erat&ut=tortor&massa=sollicitudin&volutpat=mi&convallis=sit&morbi=amet&odio=lobortis&odio=sapien&elementum=sapien&eu=non&interdum=mi&eu=integer&tincidunt=ac&in=neque&leo=duis&maecenas=bibendum&pulvinar=morbi&lobortis=non&est=quam&phasellus=nec&sit=dui&amet=luctus&erat=rutrum&nulla=nulla&tempus=tellus&vivamus=in&in=sagittis&felis=dui&eu=vel&sapien=nisl&cursus=duis&vestibulum=ac&proin=nibh&eu=fusce&mi=lacus&nulla=purus&ac=aliquet&enim=at&in=feugiat&tempor=non&turpis=pretium,TRUE
+http://people.com.cn/ac/neque/duis/bibendum/morbi/non.jpg?luctus=sodales&et=sed&ultrices=tincidunt&posuere=eu&cubilia=felis&curae=fusce&nulla=posuere&dapibus=felis&dolor=sed&vel=lacus&est=morbi&donec=sem&odio=mauris&justo=laoreet&sollicitudin=ut&ut=rhoncus&suscipit=aliquet&a=pulvinar&feugiat=sed&et=nisl&eros=nunc&vestibulum=rhoncus&ac=dui&est=vel&lacinia=sem&nisi=sed&venenatis=sagittis&tristique=nam&fusce=congue&congue=risus&diam=semper&id=porta&ornare=volutpat&imperdiet=quam&sapien=pede&urna=lobortis&pretium=ligula&nisl=sit&ut=amet&volutpat=eleifend&sapien=pede&arcu=libero&sed=quis&augue=orci&aliquam=nullam&erat=molestie&volutpat=nibh&in=in&congue=lectus&etiam=pellentesque,TRUE
+http://miitbeian.gov.cn/elit/ac/nulla.xml?tincidunt=auctor&nulla=sed&mollis=tristique&molestie=in&lorem=tempus&quisque=sit&ut=amet&erat=sem&curabitur=fusce&gravida=consequat&nisi=nulla&at=nisl&nibh=nunc&in=nisl&hac=duis&habitasse=bibendum&platea=felis&dictumst=sed&aliquam=interdum&augue=venenatis&quam=turpis&sollicitudin=enim&vitae=blandit&consectetuer=mi&eget=in&rutrum=porttitor&at=pede&lorem=justo&integer=eu&tincidunt=massa&ante=donec,TRUE
+https://ucsd.edu/nulla/pede/ullamcorper/augue/a/suscipit.json?felis=a&eu=pede&sapien=posuere&cursus=nonummy&vestibulum=integer&proin=non&eu=velit&mi=donec&nulla=diam&ac=neque&enim=vestibulum&in=eget&tempor=vulputate&turpis=ut&nec=ultrices&euismod=vel&scelerisque=augue&quam=vestibulum&turpis=ante&adipiscing=ipsum&lorem=primis&vitae=in&mattis=faucibus&nibh=orci&ligula=luctus&nec=et&sem=ultrices&duis=posuere&aliquam=cubilia&convallis=curae&nunc=donec&proin=pharetra&at=magna&turpis=vestibulum&a=aliquet&pede=ultrices&posuere=erat&nonummy=tortor&integer=sollicitudin&non=mi&velit=sit&donec=amet&diam=lobortis&neque=sapien&vestibulum=sapien&eget=non&vulputate=mi&ut=integer&ultrices=ac&vel=neque&augue=duis&vestibulum=bibendum&ante=morbi&ipsum=non&primis=quam&in=nec&faucibus=dui&orci=luctus&luctus=rutrum&et=nulla&ultrices=tellus&posuere=in&cubilia=sagittis&curae=dui&donec=vel&pharetra=nisl&magna=duis&vestibulum=ac&aliquet=nibh&ultrices=fusce&erat=lacus&tortor=purus,TRUE
+https://walmart.com/erat/curabitur/gravida.png?quam=nec&pharetra=nisi&magna=volutpat&ac=eleifend&consequat=donec&metus=ut&sapien=dolor&ut=morbi&nunc=vel&vestibulum=lectus&ante=in&ipsum=quam&primis=fringilla&in=rhoncus&faucibus=mauris&orci=enim&luctus=leo&et=rhoncus&ultrices=sed&posuere=vestibulum&cubilia=sit&curae=amet&mauris=cursus&viverra=id&diam=turpis&vitae=integer&quam=aliquet&suspendisse=massa&potenti=id&nullam=lobortis&porttitor=convallis&lacus=tortor,TRUE
+https://engadget.com/quis/orci/nullam/molestie/nibh.js?luctus=quisque&et=erat&ultrices=eros&posuere=viverra&cubilia=eget&curae=congue&mauris=eget&viverra=semper&diam=rutrum&vitae=nulla&quam=nunc&suspendisse=purus&potenti=phasellus&nullam=in&porttitor=felis&lacus=donec&at=semper&turpis=sapien&donec=a&posuere=libero&metus=nam&vitae=dui&ipsum=proin&aliquam=leo&non=odio&mauris=porttitor&morbi=id&non=consequat&lectus=in&aliquam=consequat&sit=ut&amet=nulla&diam=sed&in=accumsan&magna=felis&bibendum=ut&imperdiet=at&nullam=dolor&orci=quis&pede=odio&venenatis=consequat&non=varius&sodales=integer&sed=ac&tincidunt=leo&eu=pellentesque,TRUE
+http://cbc.ca/pellentesque/ultrices/mattis/odio/donec.js?felis=duis&donec=faucibus&semper=accumsan&sapien=odio&a=curabitur&libero=convallis&nam=duis&dui=consequat&proin=dui&leo=nec&odio=nisi&porttitor=volutpat&id=eleifend&consequat=donec&in=ut&consequat=dolor&ut=morbi&nulla=vel&sed=lectus&accumsan=in&felis=quam&ut=fringilla&at=rhoncus&dolor=mauris&quis=enim&odio=leo&consequat=rhoncus&varius=sed&integer=vestibulum&ac=sit&leo=amet&pellentesque=cursus&ultrices=id&mattis=turpis&odio=integer&donec=aliquet&vitae=massa&nisi=id&nam=lobortis&ultrices=convallis&libero=tortor&non=risus&mattis=dapibus&pulvinar=augue&nulla=vel&pede=accumsan&ullamcorper=tellus&augue=nisi&a=eu&suscipit=orci,TRUE
+https://clickbank.net/orci/pede/venenatis/non.jpg?mus=suscipit&etiam=a&vel=feugiat&augue=et&vestibulum=eros&rutrum=vestibulum&rutrum=ac&neque=est,TRUE
+https://about.me/id/mauris/vulputate/elementum.json?ullamcorper=in&augue=imperdiet&a=et&suscipit=commodo&nulla=vulputate&elit=justo&ac=in&nulla=blandit&sed=ultrices&vel=enim&enim=lorem&sit=ipsum&amet=dolor&nunc=sit&viverra=amet&dapibus=consectetuer&nulla=adipiscing&suscipit=elit&ligula=proin&in=interdum&lacus=mauris&curabitur=non&at=ligula&ipsum=pellentesque&ac=ultrices&tellus=phasellus&semper=id&interdum=sapien&mauris=in&ullamcorper=sapien&purus=iaculis&sit=congue&amet=vivamus&nulla=metus&quisque=arcu&arcu=adipiscing&libero=molestie&rutrum=hendrerit&ac=at&lobortis=vulputate&vel=vitae&dapibus=nisl&at=aenean&diam=lectus&nam=pellentesque,TRUE
+https://tinypic.com/at/nulla/suspendisse/potenti/cras/in.jpg?in=id&lectus=ornare&pellentesque=imperdiet&at=sapien&nulla=urna&suspendisse=pretium&potenti=nisl&cras=ut&in=volutpat&purus=sapien&eu=arcu&magna=sed&vulputate=augue&luctus=aliquam&cum=erat&sociis=volutpat&natoque=in&penatibus=congue&et=etiam&magnis=justo&dis=etiam&parturient=pretium&montes=iaculis&nascetur=justo&ridiculus=in&mus=hac&vivamus=habitasse&vestibulum=platea&sagittis=dictumst&sapien=etiam&cum=faucibus&sociis=cursus&natoque=urna&penatibus=ut&et=tellus&magnis=nulla&dis=ut&parturient=erat&montes=id&nascetur=mauris&ridiculus=vulputate&mus=elementum&etiam=nullam&vel=varius&augue=nulla&vestibulum=facilisi&rutrum=cras&rutrum=non&neque=velit&aenean=nec&auctor=nisi&gravida=vulputate&sem=nonummy&praesent=maecenas&id=tincidunt&massa=lacus&id=at&nisl=velit&venenatis=vivamus&lacinia=vel&aenean=nulla&sit=eget&amet=eros&justo=elementum&morbi=pellentesque&ut=quisque&odio=porta&cras=volutpat&mi=erat&pede=quisque&malesuada=erat&in=eros&imperdiet=viverra&et=eget&commodo=congue&vulputate=eget&justo=semper&in=rutrum,TRUE
+https://delicious.com/nulla/elit/ac.html?convallis=curae&nulla=nulla&neque=dapibus&libero=dolor&convallis=vel&eget=est&eleifend=donec&luctus=odio&ultricies=justo&eu=sollicitudin&nibh=ut&quisque=suscipit&id=a&justo=feugiat&sit=et&amet=eros&sapien=vestibulum&dignissim=ac&vestibulum=est&vestibulum=lacinia&ante=nisi&ipsum=venenatis&primis=tristique&in=fusce&faucibus=congue&orci=diam&luctus=id,TRUE
+http://infoseek.co.jp/mauris/laoreet/ut/rhoncus/aliquet/pulvinar/sed.xml?pellentesque=placerat&viverra=praesent&pede=blandit&ac=nam&diam=nulla&cras=integer&pellentesque=pede&volutpat=justo&dui=lacinia&maecenas=eget&tristique=tincidunt&est=eget&et=tempus&tempus=vel&semper=pede&est=morbi&quam=porttitor&pharetra=lorem&magna=id&ac=ligula&consequat=suspendisse&metus=ornare&sapien=consequat&ut=lectus&nunc=in&vestibulum=est&ante=risus&ipsum=auctor&primis=sed&in=tristique&faucibus=in&orci=tempus&luctus=sit&et=amet&ultrices=sem&posuere=fusce&cubilia=consequat&curae=nulla&mauris=nisl&viverra=nunc&diam=nisl&vitae=duis&quam=bibendum&suspendisse=felis&potenti=sed&nullam=interdum&porttitor=venenatis&lacus=turpis&at=enim,TRUE
+https://accuweather.com/gravida/sem/praesent.png?tempor=nunc&convallis=rhoncus&nulla=dui&neque=vel&libero=sem&convallis=sed&eget=sagittis&eleifend=nam&luctus=congue&ultricies=risus&eu=semper&nibh=porta&quisque=volutpat&id=quam&justo=pede&sit=lobortis&amet=ligula&sapien=sit&dignissim=amet&vestibulum=eleifend&vestibulum=pede&ante=libero&ipsum=quis&primis=orci&in=nullam&faucibus=molestie&orci=nibh&luctus=in&et=lectus&ultrices=pellentesque&posuere=at&cubilia=nulla&curae=suspendisse&nulla=potenti&dapibus=cras&dolor=in&vel=purus&est=eu&donec=magna,TRUE
+https://cisco.com/quisque/erat/eros/viverra/eget/congue.js?mauris=ac&ullamcorper=neque&purus=duis&sit=bibendum&amet=morbi&nulla=non&quisque=quam&arcu=nec&libero=dui&rutrum=luctus&ac=rutrum,TRUE
+https://skype.com/ipsum/aliquam/non/mauris/morbi/non/lectus.xml?primis=in&in=purus&faucibus=eu&orci=magna&luctus=vulputate&et=luctus&ultrices=cum&posuere=sociis&cubilia=natoque&curae=penatibus&mauris=et&viverra=magnis&diam=dis,TRUE
+https://ox.ac.uk/libero/rutrum.xml?adipiscing=aenean&lorem=auctor&vitae=gravida&mattis=sem&nibh=praesent&ligula=id&nec=massa&sem=id&duis=nisl&aliquam=venenatis&convallis=lacinia&nunc=aenean&proin=sit&at=amet&turpis=justo&a=morbi&pede=ut&posuere=odio&nonummy=cras&integer=mi&non=pede&velit=malesuada&donec=in&diam=imperdiet&neque=et&vestibulum=commodo&eget=vulputate&vulputate=justo&ut=in&ultrices=blandit&vel=ultrices&augue=enim&vestibulum=lorem&ante=ipsum&ipsum=dolor&primis=sit&in=amet&faucibus=consectetuer&orci=adipiscing&luctus=elit&et=proin&ultrices=interdum&posuere=mauris&cubilia=non&curae=ligula&donec=pellentesque&pharetra=ultrices&magna=phasellus&vestibulum=id&aliquet=sapien&ultrices=in&erat=sapien&tortor=iaculis&sollicitudin=congue&mi=vivamus&sit=metus,TRUE
+https://friendfeed.com/lacinia/aenean.jsp?posuere=diam&cubilia=erat&curae=fermentum&duis=justo&faucibus=nec&accumsan=condimentum&odio=neque&curabitur=sapien&convallis=placerat&duis=ante&consequat=nulla&dui=justo&nec=aliquam&nisi=quis&volutpat=turpis&eleifend=eget&donec=elit&ut=sodales&dolor=scelerisque&morbi=mauris&vel=sit&lectus=amet&in=eros&quam=suspendisse&fringilla=accumsan&rhoncus=tortor&mauris=quis&enim=turpis&leo=sed&rhoncus=ante&sed=vivamus&vestibulum=tortor&sit=duis&amet=mattis&cursus=egestas&id=metus&turpis=aenean&integer=fermentum&aliquet=donec&massa=ut&id=mauris&lobortis=eget&convallis=massa&tortor=tempor&risus=convallis&dapibus=nulla&augue=neque&vel=libero&accumsan=convallis&tellus=eget&nisi=eleifend&eu=luctus&orci=ultricies&mauris=eu&lacinia=nibh&sapien=quisque&quis=id&libero=justo&nullam=sit&sit=amet&amet=sapien&turpis=dignissim&elementum=vestibulum&ligula=vestibulum&vehicula=ante&consequat=ipsum&morbi=primis&a=in&ipsum=faucibus&integer=orci&a=luctus&nibh=et&in=ultrices&quis=posuere&justo=cubilia&maecenas=curae&rhoncus=nulla&aliquam=dapibus&lacus=dolor&morbi=vel&quis=est&tortor=donec&id=odio&nulla=justo&ultrices=sollicitudin&aliquet=ut&maecenas=suscipit&leo=a&odio=feugiat&condimentum=et&id=eros&luctus=vestibulum&nec=ac&molestie=est&sed=lacinia&justo=nisi&pellentesque=venenatis,TRUE
+https://princeton.edu/aenean/lectus/pellentesque/eget/nunc/donec/quis.js?eget=aliquet&congue=maecenas&eget=leo&semper=odio&rutrum=condimentum&nulla=id&nunc=luctus&purus=nec&phasellus=molestie&in=sed&felis=justo&donec=pellentesque&semper=viverra&sapien=pede&a=ac&libero=diam&nam=cras&dui=pellentesque&proin=volutpat&leo=dui&odio=maecenas&porttitor=tristique&id=est&consequat=et&in=tempus&consequat=semper&ut=est,TRUE
+https://wix.com/mauris/vulputate/elementum/nullam/varius/nulla/facilisi.js?adipiscing=ut&elit=at&proin=dolor&risus=quis&praesent=odio&lectus=consequat&vestibulum=varius&quam=integer&sapien=ac&varius=leo&ut=pellentesque&blandit=ultrices&non=mattis&interdum=odio&in=donec&ante=vitae&vestibulum=nisi&ante=nam&ipsum=ultrices&primis=libero&in=non&faucibus=mattis&orci=pulvinar&luctus=nulla&et=pede&ultrices=ullamcorper&posuere=augue,TRUE
+https://last.fm/lectus.aspx?eget=augue&semper=vel&rutrum=accumsan&nulla=tellus&nunc=nisi&purus=eu&phasellus=orci&in=mauris&felis=lacinia&donec=sapien&semper=quis&sapien=libero&a=nullam&libero=sit&nam=amet&dui=turpis&proin=elementum&leo=ligula&odio=vehicula&porttitor=consequat&id=morbi&consequat=a&in=ipsum&consequat=integer&ut=a&nulla=nibh&sed=in&accumsan=quis,TRUE
+https://cpanel.net/sapien.png?proin=pellentesque&leo=quisque&odio=porta&porttitor=volutpat&id=erat&consequat=quisque&in=erat&consequat=eros&ut=viverra&nulla=eget&sed=congue&accumsan=eget&felis=semper&ut=rutrum&at=nulla&dolor=nunc&quis=purus&odio=phasellus&consequat=in&varius=felis&integer=donec&ac=semper&leo=sapien&pellentesque=a&ultrices=libero&mattis=nam&odio=dui&donec=proin&vitae=leo&nisi=odio&nam=porttitor&ultrices=id&libero=consequat&non=in&mattis=consequat&pulvinar=ut&nulla=nulla&pede=sed&ullamcorper=accumsan&augue=felis&a=ut&suscipit=at&nulla=dolor&elit=quis&ac=odio,TRUE
+http://acquirethisname.com/erat/vestibulum/sed/magna/at.png?bibendum=proin&imperdiet=interdum&nullam=mauris&orci=non&pede=ligula&venenatis=pellentesque&non=ultrices&sodales=phasellus&sed=id&tincidunt=sapien&eu=in&felis=sapien&fusce=iaculis&posuere=congue&felis=vivamus&sed=metus&lacus=arcu&morbi=adipiscing&sem=molestie&mauris=hendrerit&laoreet=at&ut=vulputate&rhoncus=vitae&aliquet=nisl,TRUE
+https://nih.gov/pede/morbi/porttitor.js?cum=proin&sociis=leo&natoque=odio&penatibus=porttitor&et=id&magnis=consequat&dis=in&parturient=consequat&montes=ut&nascetur=nulla&ridiculus=sed&mus=accumsan&vivamus=felis&vestibulum=ut&sagittis=at&sapien=dolor&cum=quis&sociis=odio&natoque=consequat&penatibus=varius&et=integer&magnis=ac&dis=leo&parturient=pellentesque&montes=ultrices&nascetur=mattis&ridiculus=odio&mus=donec&etiam=vitae&vel=nisi&augue=nam&vestibulum=ultrices&rutrum=libero&rutrum=non&neque=mattis&aenean=pulvinar&auctor=nulla&gravida=pede&sem=ullamcorper&praesent=augue,TRUE
+http://shutterfly.com/ac/tellus/semper/interdum/mauris.js?in=id&sapien=ornare&iaculis=imperdiet&congue=sapien&vivamus=urna&metus=pretium&arcu=nisl&adipiscing=ut&molestie=volutpat&hendrerit=sapien&at=arcu&vulputate=sed&vitae=augue&nisl=aliquam&aenean=erat&lectus=volutpat&pellentesque=in&eget=congue&nunc=etiam&donec=justo&quis=etiam&orci=pretium&eget=iaculis&orci=justo&vehicula=in&condimentum=hac&curabitur=habitasse&in=platea&libero=dictumst&ut=etiam&massa=faucibus&volutpat=cursus&convallis=urna&morbi=ut,TRUE
+https://mysql.com/rhoncus/sed/vestibulum/sit/amet/cursus/id.xml?posuere=sapien&cubilia=urna&curae=pretium&mauris=nisl&viverra=ut&diam=volutpat,TRUE
+https://disqus.com/lobortis/vel/dapibus.json?est=vivamus&quam=in&pharetra=felis&magna=eu&ac=sapien&consequat=cursus&metus=vestibulum&sapien=proin&ut=eu&nunc=mi&vestibulum=nulla&ante=ac&ipsum=enim&primis=in&in=tempor&faucibus=turpis&orci=nec&luctus=euismod&et=scelerisque&ultrices=quam&posuere=turpis&cubilia=adipiscing&curae=lorem&mauris=vitae&viverra=mattis&diam=nibh&vitae=ligula&quam=nec&suspendisse=sem&potenti=duis&nullam=aliquam&porttitor=convallis&lacus=nunc&at=proin&turpis=at&donec=turpis&posuere=a&metus=pede&vitae=posuere&ipsum=nonummy&aliquam=integer&non=non&mauris=velit&morbi=donec&non=diam&lectus=neque&aliquam=vestibulum&sit=eget&amet=vulputate&diam=ut&in=ultrices&magna=vel&bibendum=augue&imperdiet=vestibulum&nullam=ante&orci=ipsum&pede=primis&venenatis=in&non=faucibus&sodales=orci&sed=luctus&tincidunt=et&eu=ultrices&felis=posuere&fusce=cubilia&posuere=curae&felis=donec&sed=pharetra&lacus=magna&morbi=vestibulum&sem=aliquet&mauris=ultrices&laoreet=erat&ut=tortor&rhoncus=sollicitudin&aliquet=mi&pulvinar=sit&sed=amet&nisl=lobortis&nunc=sapien&rhoncus=sapien&dui=non&vel=mi&sem=integer&sed=ac&sagittis=neque&nam=duis&congue=bibendum,TRUE
+https://vinaora.com/elit/proin/risus.aspx?ut=a&tellus=odio&nulla=in&ut=hac&erat=habitasse&id=platea&mauris=dictumst&vulputate=maecenas&elementum=ut&nullam=massa&varius=quis&nulla=augue&facilisi=luctus&cras=tincidunt&non=nulla&velit=mollis&nec=molestie&nisi=lorem&vulputate=quisque&nonummy=ut&maecenas=erat&tincidunt=curabitur&lacus=gravida&at=nisi&velit=at&vivamus=nibh&vel=in&nulla=hac&eget=habitasse&eros=platea&elementum=dictumst&pellentesque=aliquam&quisque=augue&porta=quam&volutpat=sollicitudin&erat=vitae&quisque=consectetuer&erat=eget&eros=rutrum&viverra=at&eget=lorem&congue=integer&eget=tincidunt&semper=ante&rutrum=vel&nulla=ipsum&nunc=praesent&purus=blandit&phasellus=lacinia&in=erat&felis=vestibulum&donec=sed&semper=magna&sapien=at&a=nunc&libero=commodo&nam=placerat&dui=praesent&proin=blandit&leo=nam&odio=nulla&porttitor=integer&id=pede&consequat=justo&in=lacinia&consequat=eget&ut=tincidunt&nulla=eget&sed=tempus&accumsan=vel&felis=pede&ut=morbi&at=porttitor&dolor=lorem&quis=id&odio=ligula&consequat=suspendisse&varius=ornare&integer=consequat&ac=lectus&leo=in&pellentesque=est&ultrices=risus&mattis=auctor&odio=sed&donec=tristique&vitae=in&nisi=tempus&nam=sit&ultrices=amet&libero=sem&non=fusce&mattis=consequat&pulvinar=nulla&nulla=nisl&pede=nunc&ullamcorper=nisl&augue=duis&a=bibendum,TRUE
+http://indiegogo.com/ligula/in.jsp?massa=varius&id=ut&lobortis=blandit&convallis=non&tortor=interdum&risus=in&dapibus=ante&augue=vestibulum&vel=ante&accumsan=ipsum&tellus=primis&nisi=in&eu=faucibus&orci=orci&mauris=luctus&lacinia=et&sapien=ultrices&quis=posuere&libero=cubilia&nullam=curae&sit=duis&amet=faucibus&turpis=accumsan&elementum=odio&ligula=curabitur&vehicula=convallis&consequat=duis&morbi=consequat&a=dui&ipsum=nec&integer=nisi&a=volutpat&nibh=eleifend&in=donec&quis=ut&justo=dolor&maecenas=morbi&rhoncus=vel&aliquam=lectus&lacus=in&morbi=quam&quis=fringilla&tortor=rhoncus&id=mauris&nulla=enim&ultrices=leo&aliquet=rhoncus&maecenas=sed&leo=vestibulum&odio=sit&condimentum=amet&id=cursus&luctus=id&nec=turpis&molestie=integer&sed=aliquet&justo=massa&pellentesque=id&viverra=lobortis&pede=convallis&ac=tortor&diam=risus&cras=dapibus&pellentesque=augue&volutpat=vel&dui=accumsan&maecenas=tellus&tristique=nisi&est=eu&et=orci&tempus=mauris&semper=lacinia&est=sapien&quam=quis&pharetra=libero&magna=nullam&ac=sit&consequat=amet&metus=turpis&sapien=elementum&ut=ligula&nunc=vehicula&vestibulum=consequat&ante=morbi&ipsum=a&primis=ipsum&in=integer&faucibus=a&orci=nibh&luctus=in&et=quis&ultrices=justo&posuere=maecenas,TRUE
+http://google.de/lectus/pellentesque/eget/nunc/donec/quis/orci.html?odio=id&in=pretium&hac=iaculis&habitasse=diam&platea=erat&dictumst=fermentum&maecenas=justo&ut=nec&massa=condimentum&quis=neque&augue=sapien&luctus=placerat&tincidunt=ante&nulla=nulla&mollis=justo&molestie=aliquam&lorem=quis&quisque=turpis&ut=eget&erat=elit&curabitur=sodales&gravida=scelerisque&nisi=mauris&at=sit&nibh=amet&in=eros&hac=suspendisse&habitasse=accumsan&platea=tortor&dictumst=quis&aliquam=turpis&augue=sed&quam=ante&sollicitudin=vivamus&vitae=tortor&consectetuer=duis&eget=mattis&rutrum=egestas&at=metus&lorem=aenean&integer=fermentum&tincidunt=donec&ante=ut&vel=mauris&ipsum=eget&praesent=massa&blandit=tempor&lacinia=convallis&erat=nulla&vestibulum=neque&sed=libero&magna=convallis&at=eget&nunc=eleifend&commodo=luctus&placerat=ultricies&praesent=eu&blandit=nibh&nam=quisque&nulla=id&integer=justo&pede=sit&justo=amet&lacinia=sapien&eget=dignissim&tincidunt=vestibulum&eget=vestibulum&tempus=ante&vel=ipsum&pede=primis&morbi=in&porttitor=faucibus&lorem=orci&id=luctus&ligula=et&suspendisse=ultrices&ornare=posuere&consequat=cubilia&lectus=curae&in=nulla&est=dapibus&risus=dolor&auctor=vel&sed=est&tristique=donec&in=odio&tempus=justo&sit=sollicitudin,TRUE
+http://reference.com/auctor/gravida/sem.json?vestibulum=potenti&sit=cras&amet=in&cursus=purus&id=eu&turpis=magna&integer=vulputate&aliquet=luctus&massa=cum&id=sociis&lobortis=natoque&convallis=penatibus&tortor=et&risus=magnis&dapibus=dis&augue=parturient&vel=montes&accumsan=nascetur&tellus=ridiculus&nisi=mus&eu=vivamus&orci=vestibulum&mauris=sagittis&lacinia=sapien&sapien=cum&quis=sociis&libero=natoque&nullam=penatibus&sit=et&amet=magnis&turpis=dis&elementum=parturient&ligula=montes&vehicula=nascetur&consequat=ridiculus&morbi=mus&a=etiam&ipsum=vel&integer=augue&a=vestibulum&nibh=rutrum&in=rutrum&quis=neque&justo=aenean&maecenas=auctor&rhoncus=gravida&aliquam=sem&lacus=praesent&morbi=id&quis=massa&tortor=id&id=nisl&nulla=venenatis&ultrices=lacinia&aliquet=aenean&maecenas=sit&leo=amet&odio=justo&condimentum=morbi&id=ut,TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLdVNdSJNRGD4RRJfdJP2ReBH9eGMQGWVXwoggoosIKooMf0jQG2/EJFOstB+VcpvObX6ub7TNWTIW4Wxtc3PR3GTKVAyd4mA6xT6VgbWtp3MOKTL1wAOH95z3eZ73fc8hAEg6XC7XM4vFEunq6vrLwPYsttPdbQGz2ZxhMBj+IG2xmF6vP7IjwX/FMFVLUaC3txdjY2NIpVJIJpMYHR3lMXbG7rC7G444AWVf36o2MzOD7u5uBINBDpPJxGNpjtY5QU9Pj5YCoVCIKzJ4vV5YrVbodDoOtmcx5iaRSGBkZAQsR61W6wlVSkxMTMDv9yMQCHBFpp6+NhwNDQ3B6XTCbrdDpVIlCLUnra2tYWFhAVNTU5iengatD5OTk5uO2H5gYADj4+Ow2Wwcw8PDaG9vl4jRaOQEKysrWF5exuzsLLfr8/k2e8BUy97noVB7Fl+/2eBwOLjbtrY2iTWQE0iShKWlJcRiMUQiEa7KSnO73VyxuDMXTy23cUt5Cv32Pi6gVColQmf7Ox6PY3V1FdFolCeHw2GUi5dRpruAEuEcCtQ5ePzxJoy+FlSYrkPWdAiuQQdaW1vXiSiKNtaQubk5XgYjYb0o1eXiU0AOs/8dT/zga0ZzfwUEbyNKRBnOP9+PV28bPISOaR99HIWCIPxk3Z2fn8fi4iIe0npZ8pu+cjR8KUX95yLUWB6g1loMpasOdzvzcOIJSW4+Sa1Wm6HRaOrpbH95PB7cUZ2G4UczxO+vIQw2QuN5QUkeQeGqRZF4BVnVJHa0kuRs+wsdHR3ZdL7iDUUWrrYcQ35TBi69PIB72ouQO2tQoJMhs5pED1eSMzt+pg3QDssUCoVdLpe7abOuZdftid8X8pFZRSI0+eSuv3E3UMvx41V7cbCSZG2N/wO9JP1FmMH3ngAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGfSURBVDjLpVOxSgNBEJ297B2iiUmToKABCxEVKyGVoJ+QLp1RxE4sRAQL26RVsLHRQouAkMoq/yD5Ads0ErDIQe5udu+c2eTCGU4MuPCYmbvZN292d0QURfCfJZ9eXh9WV5aPpW3bUQigQg0YKFBKQcAgP0AE38eRDcgShp6HX/3PS0mbT5dumyJ/+A5HmQ24337+s6oQAIXFrN28e1yXUjqifHYO9uYHXIgyFGR2JukL83OACoVEreDg6ppYRSosyzKYjhlrO3sgozCETCYD/X7/R1LahmRcLBYhny+ApVQ4kdVut6HRaMx8A0iHbGmtgS7AoFarQaVSgWq1amLHcSb/kqCDMzbAAGSAynxgtFot6Ha70Ol0TMK07GRb3Db6PkiWEVer1+smgeM4kdf0GZgHRAWVGiuIZSUPMFkxLWYFih6WxHELcdVpklgBx0mfLTIBP09mY4LRK0uvGCMm4T2+IgLXdQekIFcqlVKTfyNh6/ueJ3u93s3W7v4J8eYCzUNEw4SjYeIelUbja/KRrlxT1VBzDg68ofsm/jvO35HitdVS/1ysAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKnSURBVDjLdVJNSFRRFP7e+H7MZ06TyjCSDpZCaS93BpX9EUEEhUJkBS0KJDBoES6ibRujIqJcBUW0Khft2qQZtWigEYLBUgxz0BnHqWbUeTPv/3Xue/5k2eXdex73nO873zn3cK7r4tS1J61kX7pADi72uXTQNdjhG3d1O7YJU1+Yevfs5nZygYcf0EOBO5WWBm4+u+CBfQDgkzmgD/kFFSWdSFy+EcvLJwAOKi313JE99WiIKB6YoR0GZNbxs9duqUBFOY/9p69gHQF5Q0prFK8/TSKXK1I2x7t2VlQwSyT5xSI03cCfa7kEcLzIo3l3FE3hrbBteLJZZtumTYQW/Zc0Ey8GRzYiYIEOpucXIQYEaJpGjTI8ELu3UAZeEFEjS56qfwmYXBZIHdZ1HZ3tTb58X52X4OnbrzDLBfyFX1NgEoFtWkQSwPORMejePymwmAIOgijCsPymbkhgkdMwTRjUPzcggRMEIEAvwLFekM/maP+XADAtG5ZmoVgsQZ0ZQ9DIoDFcg2/JNNTqNkCSsTT1Eef2hjEdaUVvb29fIpEYWFNA7EZJQ3J0CG11m3D2wkWoqoodMzMYeh+D5pbh/JkuiAKPdDqNeDx+O5lM1q4rIZccR7O8hI6jJ9F36z5+fU+gLhKBoige6N7dO0il0oBYiRvXr4IIeviVgTGoBHU+iSqaRrbKW06g+CWO7u5uhEIhFAoFZLNZPHg4gB8F2YsJBoPSag/YwHC8jFQ64znzo6+8B+7v74cs+wBWUoADtm22NJZjdnZWWy0BgQDaDx/D5IdBDL8ZRtfxA5D4DmQyGUxMTECSJESjUYTDYRRLGheLxfKpVGqOY+BDlx49JnOZjS+MPCoLn1EXriaQSBMAjOeqYLkidoV+kgLXMXStROAsKer8DdsBr2sFe8jtAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLpVPPaxNBFP6SXZuYZWlsQbQhqRFsD1ahVgUPIuhBEDyKAU+ehB49FQTpQbwKggj+Cx6UgigloJQsqJcWCykppJVqTILi2iRms7szO86baVMFD4U8eMyP975vvvdmJiaEwCAWx4A2MIHpOM/+W0MUMekCQtDIpQdgjINzJqOhnDOEYQiTksfGTvWB1BMhoh3XBDQnkt0xiijGsbZW1ARkvt9WAB3UCRrEd0C7rhUlk7ZU4GkCzRwhlUojmz2DbtdFs1lBLndO7odYXV3A1NR1GIaJ9fW3cN0ttc+YjzhjYZ+ZwJub72WgJ8FnsbHhoNP5gXz+gkquVIrykBEQhvNQKpAE1BSqkzbIWq06qlUHnudicvIyLGsE9XoZtn0YExNXsL1dU7l0KB1kRpGnOquJoIKcc5TLb1TS9PQNZDKnsfToFuIrH+DXpPxhG73zl8BTPkySQfI5D1RTZmYKSloQdKTcURXbevEYhxpfcOLmLBL5k/A+LaJcKiJtSAVUm1YQYHn5+T+d7vvLJ7h4ew7J6jtg6QFSw2kcy42jUfoI0/d91dFEwvrr2vbundae+wvJI3ng2t29Fzh/FAc7ASnwZL2vVWfpdQnhy1Gol0ckpO546gC6K69gLczC9xroSoJ2y0DPGkJsP7+xVMjMD9nWvewoM834V7S/M3xuGjzsifux/X5np5Cb+/3z2x2Dx8a5IWoS9fTqInv4B7QMlwnqx2E+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJdSURBVDjLrVNLaFNBFB0XWYiusnPhwp0bCy6kumkWRVQQFF24kdqKH1QQQcWqq67S1mpaa1sFqeALLmqlbWgLxpY0/5BoXmrSkJT8P9IkbRKbRSC/49whQVERQQcOl5k359xz733DALB/AfuvAsFgsI1DCgQCkt/vl9bW1mZ9Pt+s1+uVVldXJY/HI7nd7rZfBNbX1zs4MR6JRLC5uYmtrS2BfD4vYi6XE8hkMuCicLlccafT2SEEOLmTkxuFQgG5dAIf56dgmBzGXP89vOu7KaAb6IXh1Qg+LU7zO0lks1k4HI6G3W7vJNsykavVqrioOX3oj9AN9qJUKgkRq9UqM25ne3l5GY1GAzUuon8+AO2dCxg/34mRM4cFJrqO4s3dHvEtJDtRLBZFSWaz+SvTarWpjY0NlMtl1Go1ESuVigA5+x142QiHwzCZTGE2Ojo6heYia7z7IMFW4whkl87i8Th48wSZTworKyvDTKVSHWsJ0EU+NoRCIcRiMUSjUdBkKKO08AK3J7pw5ckpdA8ch3ryAQwGw26mVCqPtLITmUjJZBKJREJkpP3rhXH0ve3BvG8Mni96aD5cxznNAbTf2DPEFApFO88g1+t1YZcI6XQaqVRKgIR6Bk9gzstH638qnA4tXYZm6SoJlBlfO0lkZmbGT1ZlWRb1ElpCJx8exKLvJX5cus9jJND8HRnbwbHLaDRO89k2qG4aVesvVN3ah0f6i1DruwVZ/b77u4OfH4fNZttrsVhqfMbggtQo3H92DWeH9uOx/pLITJH2ogd/++r45X6ObbLdjP10/g1HrwhirOEKWgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLpVO7T1NRGP/dR18iF+iTQktEkHdDCjHgIGAX40AMMhrkD3AxcWBxMnExTigDPhYJcdFFHHxEo5HBVKlaCk1bFJJiaQuhpbS0ve29x3Ov0jiweZLf+ZKT7/t9v+9xGEII/ufwyjU7O3urUCh4SqWSQZIkplgsavL5vFaxsiwzOp1ONBqNL6ampq4p/hMTE/3UrM/Nze0yMzMzNRzHpd1uNxQ1NEBF8OsbXBk9BfHnI0y/64Bg60Q4HJlMpVJ3abBAoUgf4FpaWgI9PT1Gm82GaDSKeDyOnZ0dNDR14P3SNkL7fejtPwuGYbC1tTXGsqxOr9eD53kmk8kM8TRrqyAICAQCsFqtcLlcoKWAlgKLxYJgMIjFxUWYTCZ4PB4kEgmk02nVJxQKtfOKYzKZhNlsRqmqCXfe5pErM5CpPh2jwbDjJIz7+1R+GIpKJTASicBut6ulssqVy+XgdDqxsCyiSFjoNRRaFhKrwYfNKnQ4JYwNboNIWYiiCNrgikqVgHZbRVZiaW0cBQsN+wccR2Dl/ejuuwgLG1T96MRUqypQWA5ZlUOIDGU1GBag8RgUPsF2YhiC3Y065geq2JTqWyE4VEA7Ci0RUZZp/TKh8giMbBJu7UdUm2shZZ6jsXcSrcIGyqWiWkKFQGH0+/1w18TBlQ9QpG8SxWnNazi7LwEFH7yP53G8Ng8Ll0CbtVQh4JXse3t76nhMqRQGmpvV5lQjBredoLrugGZfp7VR0uxnNI9cx4Xd23jyPasScA6HI722tjYci8U4umXKPjCrK8sYaoqifWAUnOwDKe+ioctMOQ6gPaaDQd+FoPcVWf1Veskc9Zl890eumjsv3qtvM9CsXtpUEUvPgugf7wTD1QCG8/jy8EaSyPK5Iwm802c2XZfnGzl2g2ZP/V37w0NHa2hHYuUbwgs3n/JHfdFyUdT7HoznCZ0GzfIPSMVCsYTU/wbkK6iCy8xjQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJkSURBVDjLpZNbSJNhHIeli4jAKOhun9KNbUpaURFRREkFVjpNRcssXOKYZ9J0ihnN05zSUpflzMOnW5tuammajUkWpCbbrOxwEzZJw7Rt2pxJh/16/YSBILPo4uE98P8974nXA4DH/7Dq5GQn+5NdxcK8lsK8msIczcKYlv35rwST3ZwxRw8Ljh5qmU4i0VCYbfWC+T5nfE2BQ+fFBOdbqeUdEOyEWZrCRBWFNQX2ehZMGh4mHkkwM3AYlgYKVoUXZpTe+CKnoJcd2uJW0Jbi/c32vg+WF82Yel4Hm+kYbMYYzH1Qoy9v28LrxsT1bgU34nYMWYfvYdqgwcJLFUHN9K1GFWp4/ga3R0hX0huDLp8ercnci0XDXXx/08GwMKIEnbsPJxJPjsbfrt28qiBNSW+KrcpRhhSxMeTogrQ0CI3XTjEs9XVTLQgu3I6z5RntqbR86wpBqkKxTmvukMTK9mPgdwN6bRVoeCdEtTEN0gEBxE94uDOSgcezMoSJdyGiRNic3Fi7wSVIrissTmo6jhaziGEpeHNQgLJn8SjSX0B+dxSy20NRMZQEST8fCXIu4iuzql0CUx7n13SXENd7z6G0n8dQ3HeRGed1RSKrjYt0VRD49UeRqQmGpTcfg5m+P1yCV1d9nVadiBQcwS1DKgnGkFWjkfsgHFe0XNJGEEkYJE/5OF95EDZ9AYaz/ZwuwWhTSo4xx+cnvy4Q0dLdpPDSqoRL/BEu3glTfsAiyRSseIWPaoEnrZf6RJUnvI0sC3SeKd1DLiwAoSX+CCkKIBxwhoi4X2selvuNtwg83f7Gf+EP0qq8jpoy//YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVBgZBcFLiJVlGADg5/3+/4yOllro1BRZjpmXTAy7rIKCKAQJWrQpAhfRLtokroIiWkRUBEFE7QKpiCjaVBBhdqer3bQyyTE1bzPjeJk55z/f2/PEnY/v3j66ZMEDJWzBQgQIZJBVV+uB6VP5cZyZ2rHn5W19AIitT3+25/VHtqwvJZYljQQgE9KJswO7vp127ND8+d9+2XfpZy9vmwdoSxNrR9pm2a/HNSWCICvDrLouXRgM3b7mYrde1/q6nliUdd3Umy/evHb1WLwye3Jyf4mIizKzGWmKXqENmkITRFAEqvElI7bdPG7tqunRq9bd8+N1tz26NXPRw20SUBBBCpARSlCacPT0BVdf1CiDE1aM7TG+evOl+z951uzJs6+1kEnbEEJGqMOkhLZhJIu/TqXB3BErz79tzfUbnT7whn9+/uPVwSB2tJkk2ihSSkQJgaxkU6iHXXnhHRMbNpg+9Jb3PzxZl82Vnfc9c6RfEhURlAglQokQGXpNaOcnrZh518T69c4ee8+vnx/0Qf+hwX3PHJmCUjsyqUhkJtLg/EkzBz+24O8nTWyYMH/6Q99/9J2Vd7xgOsYToK01ZSZJSjDz334zk3vVbtr86TMWfvmSmam+ZuNTxq7ZZNh9A6AMK8MkK8PK5NFDvti7T3vJVTbfdIula+/30+8Xm1q83eI1d+s1RdfvALS1SzXTEz/0LesfMzb7p8uWX+uryXmv7Z7VxiJ19fPOlSv4qbPr8p7BfAXQdt3QcMj4kp7mq0+cyZ5TR884d7avNzpmYtMGK1atksne452saTDXAWi7+Vq7WrM/FLnlQTVSCgtQk8PSoaOdLKHU0LZRu2HtANrB3PC/xSPN8p039BdnZpFUwNLRFmQy2gsRaq+J2WFX/wVoI/K5ux779N6IuDHlIgBJIiWQYK7W+n1b7AL4H1KjWV696jEzAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLnZPfS5NRGMffq/6BIMhuuvRGKLqooItuugiCoi4qiNDoh2RS6BCnkA6mG+3dD0bvHDXB0iTtwm1M4X39sQ0ZqAzJJYGUNWFuMje3vdtSW9u38xxaDOvKA9/3cA7P93Oe9znPEVwul8XpdN4CIBxGwsDAQL3dbp8zm80NhwLQx2Qyafr7+8O9vb3HDgXQ6/VHenp6ZrRa7Vx7e/tR2ltYWDDMz89X/H5/RVGUvcnJSb/b7b7wXwApEAi0tLW1bVksli/BYDDEzD/YACkT8OO7x42xsbG9kZER7T+ASCQiLy8v/1paWtoLhULY3t5GPp/HVlrFuhzEtzOnuJLTCgYHByus6G/+AlZWVsSNjQ1+0vMpLTeqqopEKofG9xXceQcEX3mQcEjIJpM8bnZ2FqIoGjiALYpkymazHFBVJpPBZjKLaCKHXC6HQqHARXCK7evrK7OiXxdYcSoEOGiuKhqNgmUJq9VaIe3s7PAs19bW0NXV9VWYmJgoE7VqqALS6TRkWYbP5wOLQbf52c+nL2/vP7RcRdOLy3grS9BoNBDGx8fz8Xicp0VGSjeVSmFxcRFer5cqj06xFboPTfCtSvgYV2Cdfoyb1gZca70IYXR0dJoqT0YCkNnhcMQ6OjrU5uZmMKl3DZfKnk82eD7bQUOceQDrzCOca6krCcPDw510Et0EAeh3WHvna+/6SvdpTK26UDu8EQlnW45DGBoaOsnuNR8OhxGLxVAsFmGz2cq1gPNPTuyalHswKI3cbJAbeQYMsMsDJEl6zdoUrJnAmgrsXezXAlig/oZYD7Nyn59MM63ZvsgD2GusY42xbjQaS+x+SzqdLnSw51mwkUmltP/MRtr/DeMW8yghqDBkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJYSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZnPJdYnXVbbA436Le49Aa4Afp5u///ZGAJ+c3AIg5T4DXT0stjpuULj1nmD9xmW6x1nWu2z2W+6RenBcbxIHmga6XgBujl7vw/R1TDAabZscNommOn0UeHLsNFDj2GPDBxh37DDrtJ+u8x0oFu9vb/liU6khal2jPNS3UfAem3FmU6Gej+tqjX5rBo0rln1qI9GdWArG3/jTI0/Q0z1N3UAyxdgTQ4NQpreMjCFAqpOoHZRvnqUhpROhmmxRo8cAO0M7f8187Y/F8rYxMQb/yvlbYBiNf/1wTh1HX/NUA4ZS0Ur/mvkbwajOEGUIIBf5BxjDvwFIUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSNRyLkKg748j3c48Tyb6cr86MNnsJNDhVXVDFSWuO6Z/c6Nj//jKI5XK78YrHFz+9be///u7bj/9cVRf9PZ+v+2enMlofhxKKlj89M2PHiP9CvxjCxnS7Md78BNf+f5Pv/f7ng//9tiv9fdzn8B4rfwzAgfuaDjZN2vvrv2XIjByYGcva/s+v+I4P39RL/QeIYBni33GycuOPl/8DeW0vgLnBlfvxlbvL//0BNP8oY/r8D4ocZzP+B4k8wDABGjXf7puf/8xY/euZYcYUNJHY4XKrhZIrq72fliv9fVbL+v5vC+H+vL8ufHa7MVRgGAKNGqHLV0z8Vqx7/ty29FIgISNkKoI33obHwGKQZJA4AVQ2j4x4gIJMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLpZNdSFNhGMf/787Ome8SF7mxvuecJGU6SLuWIGZ0E7WgFRiBdZFE1CDwJoyI6iYvhIqKoqibrsIgwUkUjDCkC7UQ03IW5EfS8muTvec95/SsXE3dXQd+8HLO8/+d5zkPh1mWhf+57LlDNBr9YJqmj/je3t4eKFQcDocHdV0PSClHOzs7ty8TULDCMIzHxMlIJFKwLQpnaSP2reqAgg7iENl1T1ObLLI5IKQFYQKnPDexpRhoPNdjp3A9sSOXs+UOFBwgbhPDvepdnuKz3OZ0c4u7eQI13MUnuRDiE/GQ6F/VAQVLiHpCutQ+xFPvUKfcgM2oRFfyIPpnqiHECUlvP0K4Cgl0IkEPq70OYHdpMWZEMxbSNUjOhjA878nObxLZGu8qAd0US4KqBm8AGnNCwo+UaxrY+AQm03FfCCwJdhUSlBAHvF5vsOvCtwI7sNEIYlu2JltbSDBHdCQSCVnZ2lHLaQu6AQhaaJP7Dpy9PRiaG1ecmYXgT4vpsZC9JRST1/8KyK6RwE8obzPXUKsdh8Mo/y2ZfPkem74MI3TmoubwV2FxIKYOxruvdO9VU7Y8gUr4CfZnC2cxo3+kzoDFVzFU1B9G0efXYI+Owjn6DGW+UsVi1vn8EWaJp8TplVsoSY6haL0f2B/99w9c2gDFZGX5IwQpfIwo2+P2WRrj0PlmpIqnkXE7WLrvBdY8b0ZmcRJpqp+fU2AoGM8XUFa/p2nag1jL1LLvL9hOrOuJw1fKYVdUzE9LjE0xw4J1i+V+52AwOESCcmJgZGSkbuUS30S2tnydmLjssUP9YVhyrYbWhpi8+gtmOYLutSnwxAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLnZO9a1RBEMB/++5d1LxgPjQYkpxdLEVItFEU0mgay/wDCtfpvyBpIgommCoHqSy0s5Jgo2kEjRa2R/CrM0HzJd7lvZndsXiX8+VDFIddZncZfjOzM+PMjHq9biEEQgh47/Heo6ptXdwi0taTk5MuBvDeMzg4zOb2NphBvsAMA8ysfcaM3t4eFhefAdAGbG5tcevhK/5F7lfPk2XZb4CqtlzCcOU0XZ0dVPoTjh6J2RFDNCAevMHr5fdYMNI0BSACEJE8TMA5R2NH+bq5QyP1mIF6I9NAqrmNGXsjEBHCbnzO4ZzjR0MJltKTlInjElEwrAUIFg4CLOQIV4A0M08mgaSzg1IpInK5DwuHACik4JzLIYA5RyP1uMjydyDsTyHLMqJSBMCXz5/+WoVSXDoI6CjH3L15Du+NcrnM2uoqSddxzIyNjW8MnBqg2Wy2fj4cADxYWnp5pdBlfSLyYmho6IaqsrKysqCq4yKyXujKpwBut3xFmZmZua2q1y9eujze3d3Lk8ePmqp6Z3p6+t5+2z2Aubm5fhFZGxk5Q9+Jk3h1iCpJcoyPH+osL7/5OTs721UExMVLmqZjlUqFiYlrqCpmhpkRRRFjo2dZX/+eVKvVq/Pz888PjQBgamrqnYiM7p/C1mS+rdVqF/6Ywv/IL/azYiamBPboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADqSURBVDjLY/j//z8DJZiBKgbkzH9cMHXX6wcgmiwDQJq3nv/4H0SD+OXl5dlA/L+kpOR/QUHB/+zs7P+pqan/ExIS/kdGRv4PDg7+T10XDHwgpsx8VNC56eWDkJ675Hmhbf3zB0uPvP1fuvQpOBDj4uKyIyIi/gcGBv738vL67+zs/N/Gxua/iYnJf11d3f9qamqogRjQcaugZPHjB66V14ZqINrmXyqIn3bvgXXeJfK8ANLcv+3lfxAN4hsZGWVra2v/V1FR+S8nJ/dfXFz8v5CQ0H8eHp7/7Ozs/5mZmVEDEWQzRS6gBAMAYBDQP57x26IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH/SURBVDjLjZLNS5RxEMc/8zyPz25vLFkEUodfhpBFGpQhXSoivFl/Qp46RJeC7OQpSAJZglow6BDsKRCCoEMdKgwTUShfLtZidFhpsyV7xM1dfjPdZLXQndt8GT4z850RM6ORyOVyliQJ/f39Uq8HNBiqysTExD96VJ8MDw8Pmdl5EWkB9gNNIoKq4pwjiqKtAdVq9WZPTw+pVGq92HuP9x5VJQzDrQGqSiaT4czIXnZESkUFMPbENZ52f99+giiK8N4joXH7nBAFhgBD0xG/q7o9IAgCarUaEhhxCJgRABIaGI1NoKpICAOjYAIigICZ3x4QhiGqyrOOWVR13TzvPZkw0zhgJMmTSqU4/PkYra2t7HvwhMmr3UjbEteyVyxZXU5+rZTvv7z36a7Uf2I+n7euri7K5fJ6ZzNjpviBctM8p9pPc6i5jTdzzxmfHeXrl6Wh4H8eFAoFVJWFhQXMjMlvbzl5tBMfeDpbLuGlRveJswDXg80rmBnOOQCcc6gqP5MSTbKb3vYbANy6+JgjBzoA0sHmM6oqi4uLxHFMqVQinU6znJSZK44x+LoPgMFXfRRK0wB/NgBEZKVSqeCcIwgCnHPEccyF45cZnx4jJuLFTI5YIt5/fAfwaIOJ2Wx2YGpqqndtbQ0RqQeztGv+4OrOH82GxkAC5MYfFu/8BdnT67i+1n1kAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpZNrSJMBFIY/u40wW5sNkS7LiaCJgakF3tDUMZ2aYZE4M6c0p2KiGLl0ec+cqLPErTTnbW1zltHwkgqSaYo6zRKjX0IZlJEg6Uwne/vcjyhKDfrxwOHA+3AOh0MAIP6HPxrJHgfF5Rz6kpR7ABIOFeIztGWeG6PonwSJbvTrNeE0U20UHfdI7kbSUBJCRbrvfhP3hHX+tgIZlwoFGZSQoRLuBjQUhzJwzZ+OGDfq4raCEt996JblYK5LgpG6dFz1YyAj0BYpQSwIvGhrTVlhlC0FtbHMryuf3mFxSIaPvRWY0uRitqMUC7N6qIT2i68bkvdsKbjDOz64MPoQ8+NaGF6pSNTmekGvwv14l/EtV7DhKnc7eCc3qVLd8X28DivT7WYMk0o8znSH8IHn6hWFK/4qYISoKNaclqTDnD5Mv1+CJjsc6uwwMxv1i5lvuCT3Rr4uGhfljr9JCOtgjYUVWxPHDB3EzJwBLXNAxjSQpvRBarMnEhtPgV9/EjntF9A6VoVM7VkEVdoYfcpoFmaBc2R9ROB5CbQj65BPAanDJgj7TUhpPo0nEzV4pK82B9VjUkj7MtE4LIFQyYZHCcXoUmhhQUzkOK7P67JQXa9DXBeQ0Anwn5qQQO67Ea7oSUNpdwqKOwXI0/FR0JEI+UAhYhq84ZBLrBJTYifTQk8BogQKFPUug9cGRKtN4NU6QTMqhXKkHI0vJagfuk1KkiEbKIBAyYGdmHh7SETsJd40pYr0Igcjn3/L6BHXD/4zE+JJzsnsEVx1BAGVNvAqoyFW4Yma53mIb2bDNd/ys62IoPy8wqw6yermjSLrYxE6OdOv4QMrqHWZxW5bYwVq1+z8VQamj2LeOc9y7XJjAFg5OybJ8J5Nv3EzyJG/HM3eCYaI2PVr/we4bY/dzdCujgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLfVNdSBRRFP7mZ2dz3dwfx3VZTVuRiizMwBAiJCixh34gEwLfiqCXegl66D2kB1mJygcjevO1FGKFUhMKI5fZNFYlV31wN7F2nZVk52dnuveuKxjaHc49d2bu953v3HMuZ9s2/jdisdgr0zR7DMMQiQfxzHRdp36I248gHo97CGDQ6/V2OZ0uaAQEywLbTTA+nxfR6DuIe4EVRemkYFmWa8rLy7G0vAoa3bJsWLZFiGwUCJmmaRATiYRWKBQkYmxTSSb12Wz2X8nIZLKEyMLFjkvsm0jBtbV12NhQWXSbPjZVaTOjLyQm/D4Pht++QdOJFhad/mMKKCsFPxyMkW0cOI7MxYl5apu5HJ7caYWPn0coNQrBfRJ/Pk9AthrATpZGpRt9/krwPA+OGL9tdE0JxM33aKsDyuQeeMIt2Fg6CjX6uqiAnAkh4CEIwi6Ckj8dmIXf5YA7eBaZxQQkTsfBiiA8laEiAS0Px3MQRHE3mKg6XKbgZhsHb/gCtPQQJBeHFWUOhilgJOmGSE+SHghNgScKwgEXy5+OKnxFZ2MCnsYryK8OgJdMONz1EPNJ5I/dQ3Z2tEjAb+dJbXGh2AuNkoLu6yDgawT8ArzDhJ4LY+3jNJKV3Qi4a4plpJPDIaL31ilWHsMwkVsZQ3WZhUDTZeg/ByFINvJqPdITX/AjeBuGUMFU0/RFUsu+8fEP7aVGsdem6tvPhGTDrkF65il8AQn5zCGkJmOYdV3FkYbjTGGwuoo126670N/ffz+kDUdu3H2J+aEHSC1/grOuGVtrqjG11ez4pTl3upQaacK5nbsQiUSqSBkjC8l16N9HEG4+B3X9N5LTCdsvV7Q+6n0e3+ve8KUFSSGjqur0t7kU+gaeYXIsihXODeXA+ZmOx/H4ftf9L53Qf7mz5LNnAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLjZNdSFNxHIZPnfS+usiborU2JaKIPvAmig0kkYSCCpHKsTnDolLXnBFJBQV9YC2VtDRThKiYzA9coW6abWSTwRixYqPtIqHTWGM7+3Bfb+d/ZEeHXjh4Lt/395x3/CkAlMPhODHzSIUpXTk+KUpAUdSRdbKThPfZ7XZ2zjaLeds0TBeLkU6n1wVfotPpCo1GY83HB3X40l0H04VixOPxPKLRKFiWFQiHw0ilUksF+QYWjFdLVxXkSnJEIhEkk8l8g/F7dZjtUmO8SopEIsFzc9AP3YAfzRzafh+0fT5oOIiFUCAYWJcMxs5Ksbi4yEPCAxYG/RxvzAz6phg09P7iC4hVnsHYXTU+d9Zi9IyEbyesvNrEBRtfeXDtpYffIBaLZdY0GD4t4QciBblPIZCL5NtJOBQKIRgMslzBwWWD1lrMtKswfGq3EG567UNDjxdXuz243PUT9S9+oP65CwzDIBAIrLGB1QJjpZgvIBvkLnO68Bv0sCn2YEJeAHPVDljbroOm6VLBYOSWCtN6JYYqxMKIBBL2vnsKp/Yo4mNPkP1uQvRtI75d2Y9nh+jHeQZ2zsBQvksYkRiQxS3VYsS4MPQngebNwH0R/j48jhEZ/XvZoEUJc5sChrLlAnKdDEe0s/MGrPz9ay3ChGxTdpXBB7kImUyG/ydyBuZz28H2KAEulNBSCHL4L9EYldMMb6DRaESDFXsxdP4w3stE8Hg8cLvdcLlccDqdmGu/ga/qEiw0i8C0FMCr2oDJykJ0lG7spMhzJtRIthy7faDojlK6VbXW0+0t29YxIqcXiDZ3+Q8f5p7zf7M8wtRUBE6BAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJuSURBVDjLjZDLa1x1GIafc8uZqUlMMmmsLV7SC2hLCoJQ6tou3Lj0T+jGtQjusnLlP1Bw01UJgrqUoAiC2aixDUQl2oC9TjuZSWbOOTPn/L6La5MRfOHbvTy8zxe5O8fT3Hv9opt/784ZN0vcqN18F2P9hesPv/5X2d1P3Hj71VF4ctu92nEvttyPNj10b/vwh7N/Hu+mTImrzaYLb8PkMcgAwoA4n8PELhzvTgWYgtUPicIh+AQd70Mdo3JS9z8WODr8mdD9BqsLrDoi61zDBP7nAiPOz5HNv4nXT7HsFOaGip0E1Nuvzbv5rpudcSNx9TryCBn9hvR38EmBViPa569OVzC1T9KVj85lL70PPgEt81D+RfXHOu3ld/DWU5J8AC5oYBrAP05X3gMZgg5BC9L2CqE8IIl38fEILUdk0QoapiioAFbiUoA3WP0cmjEixsyLF/HWMzTvk8wuoNOeaGJouYce/oI1Xbx+QDJ/Hm2cuv87XpVEzQAvH3F6Keboq2VXpVaxXVPWUw1OlHVI2qvE2SKedXAfIMHJFy9hrS5N7znt618Qp7PABA/DfHJ0963ed59+FqsYURwj1R4yvIcMfyWdvYI0Tih7NAfP0EaJ82UIAxg/Ipo8obVwiabxC7EGNsa9bbK5y6Rzl8mWrlEd3CfJl9BTZ2m98S6Wv0z14A7uExxB5JDR/gZN7RupBNuq+3c/iE9fIckSwrig6O9RHfa+LX/8csHF12Zmom5n7qdXoCBOHSkfU3T/JtS+Fd2/01k14aap3VBlzYQdU9805dbVDwf7APufL66K+E0NfkOFNRXfUWPThFv/APJzrlrFns7aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGfSURBVDjLpVOxSgNBEJ297B2iiUmToKABCxEVKyGVoJ+QLp1RxE4sRAQL26RVsLHRQouAkMoq/yD5Ads0ErDIQe5udu+c2eTCGU4MuPCYmbvZN292d0QURfCfJZ9eXh9WV5aPpW3bUQigQg0YKFBKQcAgP0AE38eRDcgShp6HX/3PS0mbT5dumyJ/+A5HmQ24337+s6oQAIXFrN28e1yXUjqifHYO9uYHXIgyFGR2JukL83OACoVEreDg6ppYRSosyzKYjhlrO3sgozCETCYD/X7/R1LahmRcLBYhny+ApVQ4kdVut6HRaMx8A0iHbGmtgS7AoFarQaVSgWq1amLHcSb/kqCDMzbAAGSAynxgtFot6Ha70Ol0TMK07GRb3Db6PkiWEVer1+smgeM4kdf0GZgHRAWVGiuIZSUPMFkxLWYFih6WxHELcdVpklgBx0mfLTIBP09mY4LRK0uvGCMm4T2+IgLXdQekIFcqlVKTfyNh6/ueJ3u93s3W7v4J8eYCzUNEw4SjYeIelUbja/KRrlxT1VBzDg68ofsm/jvO35HitdVS/1ysAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLpZPPS1RRHMU/982bGUcZLemHkAougmhhIhgqtUqKgggXtWnt0mUg4V9gKNGmwKJFbYMwoxDaRAsXLrQyUlMricSycmbee/e9++79tvBHZNGmLxwOnMXhcDhfJSL8z/m7hcHBwSHgyraxiOzAGMPw8LDq7+8XrTWjo6NK7U4wMDAgvb29LCwsUKlUGBsb4+HNyyRLd7h0rYrm5mbq6+uJoojl5eV3fySoqalhZmaGtrY2amtr6e7u5tmbT0xOnqSvr40gCFhZWSGfzxMEQbM//7hjuqr26FGlPACKxWO0trby6EM9T997QI6TDY20Hz7MxMQEXV1dzM3N0djYiDEm5yvxjjSduJtVSoFA/tUtCoUCTxY9SioPHjz/Ch0NGUqlElproigijmPSNMUnFY1L8vHqTWySIQwN5XIZkRrEA5VRiKdYW1sjDMO/GBjliUuwSQ5xwvr6OqsLk1yrm6ZJ5n/r51wPwH3OnoGR14cQEXyUVLk0Ivi8RrA0xam6iJZMNbnz1/EzWUwSo7UmSRKy2Sz56j0k4xcJwxBjDD7Gwy8cYH/nVfZ3Og5GEVU5w/iDEcTGAGgdYFONtZrs3gu0A1NTUwDjPkZErMaFLxG7gRe+JRHD6RP7EKdRSnDGIdYi1lBo6WHx9g1mZ2fV5hJjRFyKM1+QdAOUj9gKSAoSI+IhNsClZcSWQaldU05EFBZJvyHpj03YDSTd2OIyYkuIDRCncfFHAL1jIIn7nobr1aaSK+KKnkgWXBFk31YHCeJtsvIsVmuRxMW/DHQ8tHSr9zhCD4riP19PAPUiwcm9bUn97zv/BLX9cx0txHrHAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHMSURBVDjL3VK9S0JxFBWChvoHinap4UG6RIsihYMfiTboUFGhPVIbxAJFG5TEKM1U1CWENjEUigiyHBRnicrCwaIlXPqggldRnd6VkNqMti4cfvede875Xd57AgCCv0DwjwIkEkmn2Wxe8Pl8t8lkEm63+8pqtQ7w6OL7GnE0Iw1pfwSIxeJ2lUq1Eg6HUa/XUavVUCgU4PF4LlwuV7FarT4TVyqVQBrSkqcZIBKJRux2+32lUrk1GAx7SqXyzWQyIRKJwOl0gnriaJZKpa5IS57vG6x4vV4uGo2yGo2mQyqVPubzeZTLZRSLRWQyGRBHM9KQljzNAIZhZlmWvYvH4/M6nW5fJpO9yuVyaLXaBqgnjmakIS15mgF9fKnV6vNgMHiXTqdvstksEokEbDYbHA5How9t+mCLjX3MrGlg8Mreh+eYcDNAKBS28Sv2KxSKS6PR+GSxWDgeL3q9foLH0OzixItnawq7pzEcXecQOjBDH2IwYOkOtPStx/3D3PbJOrbPIqAKHJoQOmQpgGspQOUSYe90A99r5zhGAa39bYPWHm41Nw1/brJh9u9P/m4DXrg0GuhFMGds3EwnPbf8Dr5Clnk80Npf5zLxn1E7ljyteCJyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHMSURBVDjLlZLBSyJhGMa/UxTUIWJ0ZVmlwxLLEiEhurCoKeqCOtZN7J4ZRZdd9rSG6NFbSOegDp5aqWWI3UGm6KBUxsq2LLj+CzV9jDOH8NlvJtqLjuXhBy/z8Xvel4chAMhTKGfOMeVsbqXf2wBp3s5Yf5hno8rp24YxS9PTVHq18mTAgzj3k4mCIs0cqZeLUCTHJ1q13VKRSz0v4PRNVr1KQfu9Aa31BZ2LKKg42aHfJ8ZNA9i5L9hWUZFeQ73kof3N42SPR6OyjFZ1FZ36AuQfo5CPyc7gDiRHttNYwsl+Apqmodvt4uJrCur1GmSB/GI4TAOo9JKjVasQi8VQr9ehqiqazSaqu1Fofz5C/kYow9M3gJVkp+JUJZFIIJ1Oo1gsolwu42hngcmfdfmecS4fki3TC3ieN2SPx4NAIIB4PA7lPIo70YY7YQJyhdhNS3yU3W43/H4/LBaLvnWbbbxnvGNyQz4gmb4ByWQShULBkH0+HziOg/6die+ZKOjzzQEZYXzoCYhEIsjn8z3yI0wKmf7KwWAQuVwOLpcLXq+3Rx4EyWQyaLfbcDqdCIVCQ8n/A2q1GkqlklHYMLIREA6HN/WzrVbr0LLOP1AMs7UPAa92AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpVNLbxJRFO4P8BfwO2Dp0g07q42iGxM3JmxMXDR15aRWjdYqZMYSxbRpbaCSoEnVNjW2Ip2CNE2BUsrwELBAoTCMMDAwQDnOucCIj52TfJnk5nyPc+65IwAwMoxzs6BRoFOgV2DoQ98/0/xZP0w8o0B7+03F6Nw+Yrz+GLt/cMgHQ2F+azfCvnYlmXFH2Yg1WPubQJ981u7OUcHDBJcvVUCUWtA+7RJU6zJkC2Xw7Ia4ufUEhbUDkYGAFsmhyDex0WwDfpLcgbLYAl5BrdkhZ6Ikw5YvIFpXoyiiJQLYF8ZG5wG5WJGh8EOGo1IDStUW5IQmZMtNVWR908PdXMpjOxoU0DnZ7wzGHiZHs3W4/GgHLtx1qWII/CLJY6AdXga5KKD37EVZ7Bmj5gUZkgWJEEcnXTB236v8P5PzdLEBlXobTgQJ5pffschFAUNg/4DHYWFcLLw4xRIyEhFj97ZhlNogbWAKuX0KS7ZlHrlEwB8MEQGMj0UZvqFGRldMlMj30EvRgvmFV6qA/stOmBXEJlSlNiERZ8URcf7OJ4JLD30QP66Tm4llBKCtNrUFnW0jzqSzJeh2gThcmfHD1ScBMDzeU/94hoNtdbqw+TUMlOWDOkTNLXvRuOH2cXylN+VBXHSM5eqEGMnWiEFccTc/X+SuW2K9axwsEv02SK18dIv5cq9QqLVJmtSJRJYJnWOZMpisdnGCXv21SMOrPG3zUYuOFc4biEM6XyEzwZ7DKR7W3EGYpue4cfP7v1d5+DHdeJkyTr5YY2ZmF1j6mYV/amb4ByYrO2FyMteYyL8f0/8855/NvQk/FX0nyAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGaSURBVBgZpcG9alRRGIXh99vnKIGgrbaCl5BOC2/BJgi2NmIlFoK9oI1CIJ39kInxhxReh1VKCZmfQkiVTOLs863l7GAau5DnCdtcRzx+ufPi4aON98cLr9uAhCVSiWVk4Uxk40xS4vbNenpwMH395cPmdr/xYGPrxtp6ubPGVayfLnIL2O4X1WVxfMJVnVUXVnqnefv0Plf17N0hTW+LZjkkBiyTAmEkkxI5mBxMWizT3Lt7i1TS9Ng0UYKwcQkcJhSUEkQUIpLoTKdCP5hGQ9L0qaQpgCMgoDMoQDKdoURHH5BhsohGKZpimdFoxGQyYXdnh9nREXvjMbPphO97u8ynE/a/7jKbT/ix/5nf8zmj0QgpufDq0083g+RB8iC5Zrpmepnp80z/qdVny+rFsvrkvLp58uabV+iHWrkQQQC2iQjMik1hpRQ6IG1KmGaoA03vFE0HmJUIsGkigksCuggs0Vii6SVxKYBgJYL/dfzTdTSyafrpr8Px8491U5koRWYiiawVScjGSpxGFpaQaMashG2uo3BNfwFx+DLsFQ4W2wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFxSURBVDjLpZO/S1ZRGMc/5/aqIFhYKCKBOGTttYT1JziJsw26uQit/gHOOgQR7tHi0tjmWIGDPyIoGgQd1BCqe+8532/Dfd/7evEtFR84nOE853O+z/c5T7DNTaIF8GL98zIwATwDHoONCchkWSALIAklTvta/vrw/u0nyLycfRSwzfzap9e+Zqy+3bHtSgHwHODN1nEt7X+FLUzfZe/HaV6XgDzWOXwwOgBACL0v7x/mAPz+U/bXANuDnVe/HOVXMs8phS5AbnWkXTWUxHlAAFh6v4iUkM2rmQ2+HfzseXly/A5WAiCrABWtKApGxu5R5GWdPDTY31h1CbEBqDwviwhAnheNF8tkytTsixS7gFArKNug8nITY3HOg3bXY4ztPTWS+25d7KkduwBFGQgpJrY/7mGrTjz7VfRWoGqIWgBJ+g5MvlvYvOD2P0uwT7o/MWlzbuXDlO2nSMNSBAsrYUVwwhLV5NqgM8h2AcJNx/kvz3X5EBChVawAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACmSURBVCjPvdCxDYQwDAVQSxQ0NFRUl4ouHVV0TapIiIYCKRnEE2QCNrgJ/iIs4jW4KOR0qSiRK+s/2U7opPuiR4CPHh5bOGkJDhYmnqTnca8meNlwtSmWFL9HKKnAJmsBBlMOFA81WGU5HFs2PB06BwP3NVjElQkaYw567mrgxBbw291xWwMrpgCFa3fLzR/YmE6DTs9UYUCPLrah+RBop9dTX31fX9NT9CS3ZDF4AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVDjLY/j//z8DJRiFEzLlgS7ZBgA1C3XtePUFRJNlQOW655dmHXz7H0SD+OXl5f9LSkr+FxQU/M/Ozv6fmpr6PyEh4X9kZOT/4ODgbKxemLD79X+KwqBvxyvKDGjb8hJuQHp6+v/ExMT/0dHR/0NCQv77+vr+d3Nz+4/XgNo1zyhzQfLch88oMiBq6j24Af7+/v89PDz+Ozo6/reysvpvZGT0X1tb+7+Kisp/OTm5lVgNSJr5gDIvRE+9R74Bng03rmXNf/jfo+HGVRDfxMTkv66u7n81NbX/8vLy/yUlJf8LCwvjjgX18NOartXXToNosr1AqmYMA8jBAE8T0gwxA4F9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLpVPJqiJBEHwf1f/UH+DydBTtLxBRUAS9eFH04MGTINIHUQQRt3I5eHBfW20XFBVzKgq75TGPNwxTEFSTXREZmVn1QUQf/4M/Av1+X+r1ekq321U7nY7GGNNarZbabDaVer0u/SjAyTIns/V6TefzmR6Ph8DpdKLFYkG1Wo1Vq1X5W4EXWb9er4SF/XA4kK7rdLlcRAyilUpFL5fL8heBl21mkHe7HW23W1ouV7Tf72mz2RBcGSKqqrJCoSCZArxexThgkEejMbndbrLb7S+xpQDWYDCgbDarmAK8WSqUYVXTNJrNZoJos9nJ6fzFd5uIow/oBwTT6bRqCrTbbQ3Ngl0c/Px0CDKIgMPhJKvVKsqAi9vtRolEQjMF+JiEAOzj0Gq1Mi0jKxxNp1MBw0U8Hn8LNBoNFR1HGSAhKzICFotFwOVy0WQyEZMZDocUi8XeJfD5Kvj5fD5FBq/XS4qikMfjMXfERqMR3e93KpVKFIlE3k3kc5WKxSJDD7AMuxAdj8eCiKxIgG9OZhzSl4uUz+flXC6nY+Y4eDwehZv5fC4uEzJDhBP1YDAof3uVM5mMnEqlGC9JNA49Qc2YO788xInM7/fLPz6mZDIpRaNRJRwOq6FQSAsEAhonqT6fT+Hf0l9f47/iN5+1McdPrPQwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLY/j//z8DJZhh1ADiDXBvPvjftWHff6ea3f/tK3b8sS7ekkaSAS51e/8fuv7+//6r7/4vPvDov1nu+rckGeBQufP/nsvv/l989v//o3f//xulr/pPkgFAJ/8/def9/6WHHv+/D7RbN3EpxIDr8ws3XJ6d8//ctNT/JybE/D/UFfx/V5Pn/83V9v/XlJj8X5Kj9X9emiLIyf+P3nj7f/aeh//3X3n9XyN6AcQAkOZn51fD8aOTC//f3T/5/82trf+vrq+BY5CTD1x583/vpdf/d1189V8lbA7EgHhf2/+x3lb/oz3N/0e6mfwPczH4H+Kk+z/IXvN/gK3afz9r5f8+lor/tayD/mtaBf7XsAj4r27u/1/NzA8RBpqamvdSUlL+5+Tk/Aeyv+Xn5/+PiYkBsfcihwNMHbIcTMIGiI+BBIE4ComtjmaADbrcwCdlAI+lwaKCJjy7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJQSURBVDjLpVNNaBNBFH6RTVNimmQtpg1EpCFVXONPTD1UViQeoihIPXgXURTFXjyKiAh6EkFEFCweCiKIh4IWWqihULC2aRpqC62bSlqRQjZ6CEm6OzOb9c3UBoM5CB34eMMw3/e+x3vPYds2bOVIF59NxC3LgsGbJ2b4w/kH7+OMUqACBCjZiJ+eXp1pJuC4/XraNvFTaiJ9rYZueo8oz8G2gDEGXIjH+eU1cLW6elDsy/SLG6RBwDAMeySzAgNji2uccCW5P3jmaLghS/zyE/B4PFBdr+7u6h0dIAY5O9z/UQhJmUwGEtEodO2Qgm1tXtjVIUM2mwVeVrlcBlVVgRATS2kBYpqAZNVcJwvI7RYOCoWCres65PN5UBQFAoEA3J27JTJbDEuhDMkMyRTJFFqICwUpLGlf56YeZg9JmqaBz+eDUqkEJmbYPMfaj4NVQ4Eaq4Oiq5/VXxgZuqscVK7v+bwtEokIwt/t5JmphRktsgFGwBQwEFgGB+8SYVTK5XLg9XrrZC7EbadWxuq2sW4wETzu9HeCXtBBW1zOai+/qVI4HIZisSiImy7uHX4k2sfLCoVC0J7oxzK9sD042ZdvTb/BzKtIjokuyLIMbrcb/H6/gCRJ4HQ6GwTFTCC+L+ydDR34MY4Oz9UnMXbpsZi2PnWfIAwOT4op5ATrD5G3lJfF75j5dMMo98Si4vJufEp8OpVMNJ35oaEPQvCfXUjPzgsHnR0BkWlkNNXUQQ3RbPEc/LH7wv1XlUr5JB9ln19e0t7eSf7vNjq2us6/ATm4jnKH3lxFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLpZNrSNNRGIeVuaSLrW2NCozlSsrCvqifKrG1vyznRDLQMi9TsamsUCzvSWJKC0Ms0/I2hratmVbi3bLIysRZlgh9qFGuCKOF5KaonV9n+yAGokIHHs7hhd/zvofDcQHg8j8sW0wN2FpQJuVNl8u2QC3loEDMtUX7CYrXJDjrx8u6FcYlNVE83KbciOCiNISD9MDNRHaQf3lVQZWMgwYaVNNQqcwBF1dCBbhwlIczfpypVQWlgZvQVZUPS6cag7XpOBckQIZkB9IYEZIPcee02XL3FQU1scKfM98/YOpFFb72XseooRDm9quwmk3QKXdPvdOkrltRUBG9f8A6dBeTw0bY3+ooeufZatLhToLv8IpX2CZrYnsfTtXqVP6YHa7FzFirE/ubJrRk+sM3UHlfwNSsX1YgCNG586WNKZ7SPox9mYYhLwz6PLkTx/n5+G94Bj8BT1x3ni+u3vCPgH/c4OoRbIgXhg5g3GJHowXIGANSXgOJT4G4DkBTXolnMT7oFbPxgNlo7WDYuYuCAxH14ZKTahgHF1A9CqheESj7CZK6CWIfElwrqsRI5hHMtJeBjHfBps/AUJrvn55jbiqnYCR/38JkWzZu1rchvpN2pR0VjwhimglONREYw/fATsOokANZXKDECz/UQeiWsD45BaMFPsTaU4So5AYU99oQ3Qyc1hNEagkiagn66NjE1IKl61fhdlp3I07Be60qx5TjPa9QlMwHxPdDQUdPWELrCSGm6xIBGpq96AIr5bOShW6GZVl8BbM+xeNSbjF/V3hbtTBIMyFi7tlEwc1zIolxLjM0bv5l4l58y/LCZA4bH5Nc8VjuttDFsHLX/G0HIndm045mx9h0n3CEHfW/dpehdpL0UXsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZPLS1RhFMB/M/eOr0YzH2mjghPjwoWGInWTMDCkmVZB/QPVrty1GXAVtHATLRIXtWgRBGGB2iKxIEgbopJhTMse9Jrpjoz4zuudx/d9LWxGh1oIHjicc+B8v/PgOw6lFHsRJ3uUPQP0eDweBM4DSClRSiGlzFMhxD/2r95zmKaZqaqq0gB27iPr/89m/UgkInSllOZyubg5JUhZ6yx/fIFKb+Csbuagt4Uz7i/4fD6C4ytYdgprM4Vlp3lw0YcQQtN3Vm2fu0XGfMOPaJTvCxaqbxqAdDrNtZPFSFmYGwtACIGeDQDSNW10tdbRXaDz8u0MEU3LJU5MTOQtz+/3bwGEEFuPM5LXCQ+6voy7rIyp1DGWlmxwbwEMw8hVz3ad18FK9BPV3sM80ttZ+pmiqKKA2o1fucT7Y3f4ujLDb3sNO7mJ/+g5ykXDdgd1+9aYXSxHVpRzoKYAe82mVC4AxTwND7PomqO7y6C+oonns8OMTA9QK9q3AVcCx3PzWZZFMplEygaklIyNDnE2cBrhFBw51MOz90MYLZ08HHmyDYhGoyQSCSorK2lsbKSkpCQHXFidx+VwE2i+BMDVU7d5/G6QjBxFF0J8CIfDzUIIOjo6HKFQSMVisbxft7q+zKwZImJOEuy5S//4BYq0QjSnrhy7uUaj13O93ru/r7P1BE21bXyeDxOaniT2bfWGY7fnbPR6+oHLQCmwDgy+GjCDfwBGL0x8usOKBQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFhSURBVDjLpZMxbtZAEIW/N/bP7w4aSiQuQEODEFdIAVI6KFJwgeQenAEBFQVU1CBOkAsgroDSRMof77wUa68tK5GQstqVd1fz3rw345Vt7jN6gM8/zj9k6u3lIYer8ZaoTY5dD8OOj+9fPz/tAdJ6d/TqyeNhGCR1eMIkAMIGez6bMl7z/eefE6ASXF7lfr8f9OX3P0oxY2b9lmQspkznkibTnB0/paQEEACHESI6hKhTTa7mrepegsxNDWhyadAaLIQJCQssiAA3kxuCBpKRRMhkCBlCVW8a1p1rBPYCXjKKTrNRkOvCuougkkTULA4tHRQ4IVb1aQSeCJbMJlZgTdlTqsRwt4LqddUFJms2YWPfpsBugRFTRWffEkojs4CnH6sRaLoNQbImEWlXZV7L3xRx2OmCvH745sUj0Ozd89wMMY4H+k5uBA96ff326+/LQ/Gz/3mcfQe74FNt7T2f8w1Fi68/h3owMgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALwSURBVDjLhZJJTBNhFIDfTKcdumGtBYqtbSgQkE0DaggqiyhBPchBjWLiEuPBaAyHetEEE6NouOjFE5407gESExKNVlyCCYsLRkNYQrqwWVRKO22n//zz/w4kEgKi3+29/39fXt57DKUU/pDTMmqoNKlbrWbNZqtOtQphimficiwQTIx4voQOeJs3eGEJ7OJg8JRL8ATiN0DPTW906tnNGQbNW2/sxcu+maOygH3wF7jFQWbzIGPkmd1ZRs56vn38bnGGfoMYQiIRcDBwexP9r4DE8fHLdc7TF+75boV/Jh5VZBnuGnnWTJP43LwrwyeSdVy2jCkCTJXWiSYSwuMLgoyLX7P3V6S4p8JSeHZKfEATcmytljNpOdYAhCShKI2n2NTFzjVqA5EA3nWH2n9Noc8LArOOdVc4dDnTYSy46x1PkxhGnWvlzd2DrEHyhYYtW3R2Dqh+YCQ66kznXT8m4t8oJjc5Z8NnjiD58PWTrvqWzuCb3s7vt5UHRGViazyXc4lngFelGvcUZunrfH7x69BAxJ1q0jzjKOgCD4sRqwwob1912vlfAo73vJxyTzwuezDZtq2VSPj5hxFhjKOMsbDEfM1AjpLc9P0FFMl6BhPQ8kz6/BrPHrR356fwhbNRrNtbk3Z1LplS6ykpr7bd2ZlnKoqI4LStVptEJIh2y3qoqjrSShSBhoXkub/M4kNaTMP9ckqIJCNCVAhjsJkzoci+DXq8r6B/rBfGP3V0TP6IHuNgBZQxwK78YyqZEpCJDAQoTMwGoNC+FQQUh9D6sj3wuiN1RYGIEcwV+34Og0SwIpRAkiUIJyKwcd12EKQYEyqt7l8mSDv0sYQSWllTIwKWMaQlO5RieV42OesHs8EKHwNd0D3sx8G+tjPLZlDbPBrWqMHIaXeBiCRAJKF0kyCZlny21FUDff730DXkAxd5AgRzaMUhLqXgCju9ybHD8nrI8wERKJtoUk76X1tYiquRmZaJyhInsjrYRPGf/G9oAXqKbs089gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGQSURBVBgZpcG9alRhFIbR5/tRA0Fbbe0tp4tFsHFKLSaNjSIGJlapDIq12BgIxJRaCGIK8QaUNN6BmEJBLNIGCcko55z9bs8WpxlECLNWcnfmkW6uv7l/dXnw9HDii+6AhEuYDJcjF26G3HEzTOLC2fZkf//gwdtnK9t1sDTYOrOwmC8ucBqLJxPbArbrpPU8OTzmtH62ngkPX33xf3n0+qv/z90n771HdRdhvAcjfaBpGobDIVOHx7+wzrHOMReNOZcvncdkhIo7YWeZ3jVm1VJJyUjFKcrUzgnqjFBNRhjvwfUf72jbltFoxFTJkFOhJrDkWBZBJkJ1OWFnmd4NZpUESuAJyImiQpCMUCUjLL2Ae+klTdOwurrKVKqZKiGHDCjxhyRC7dqW8PEOvdvMyvRypgDmTk5O6NqOUN1EuLIJa+eec3R0xMbGBlM5JYKAkhIuEVwiVEmET+v01phVUiIU/iqFIHdCPfj2fXe82a7IDJkwMyRhbcutx5+ROy7DzZELl5AIu/SSuzOPzJx+AwKoFtIrwFHLAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEYSURBVBgZBcHPio5hGAfg6/2+R980k6wmJgsJ5U/ZOAqbSc2GnXOwUg7BESgLUeIQ1GSjLFnMwsKGGg1qxJRmPM97/1zXFAAAAEADdlfZzr26miup2svnelq7d2aYgt3rebl585wN6+K3I1/9fJe7O/uIePP2SypJkiRJ0vMhr55FLCA3zgIAOK9uQ4MS361ZOSX+OrTvkgINSjS/HIvhjxNNFGgQsbSmabohKDNoUGLohsls6BaiQIMSs2FYmnXdUsygQYmumy3Nhi6igwalDEOJEjPKP7CA2aFNK8Bkyy3fdNCg7r9/fW3jgpVJbDmy5+PB2IYp4MXFelQ7izPrhkPHB+P5/PjhD5gCgCenx+VR/dODEwD+A3T7nqbxwf1HAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIQSURBVDjLjZPbbtNAFEVLvoNK/ENRv6W/guChbzwXJRJBDRIgVQglUjClddxUpCEF00RJE8fgXKBtZGzHud+vzWbOgE2gRdTSfrBn9jr7nPGsAFghsec20xrT+n90h8nj+pYAa+PxuD2bzS7n8zmuE1uH1+vdWoYsA9bJ3O/3MRgMXHU6HbRaLVSrVQ4xTRM+n8+FOOZbjHy/VCohnU4jmUwim81C13X0ej20223Yts0Bw+EQVMTv9/+E5HI5TyaTeZhKpRbNZpNvJFOj0YAkScjn8zxFrVa70hKfCTNvkHk0GoGkqiq63S5YO1yCIKBcLnNIvV7nBQzD+A1gZpGqKYrCo1JE0mQy4QDLshCLxfg8CEzzoP0uQJblCg2Geh/2WwiFQjw6GS4qOooXFl69OeQnQGBqj0AuIJF4XzHKu9BST9EzJeztBxGPx3FudZA4PUNKM7ATPsB0OuWpnIQugMUTbbMAw/yK/PckTvWPOLeLMCwbn5QznHzWIURivB0CkCiNC4hGoxu7EWGRN5I4+XaEY+0AcTUCtaigatexvfMaXwolnoBE5j8Aoih6gnsvHz1/+3hxXIhCLr3Dh8IhZC2GQCAANiNe1QE4cgHOj/Rg897m/pGAF8I2noWfICwFoRU09zj/1hUAvbCPi3/dg2t06QJ+Qe6yqANauImZ7e3x27sEWCXIDa6zI7r6qz8AeSLtQ3VwWP8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLpZM7TFNhFMd/t/f2IqVQqAWM72IVMUEjIRoiYnTxEWEyTjqoiYNuxkSjk5uJg4ODDjoYE6ODm4sOJlopqNRY5VXC09oCRaCg3t572++7DspTnTzJyTnfyTn/739O8lccx+F/TBsdHb0MHAOQUuI4DlLKJS6E+CP+9gdKKpXKBwIBFWAxm7n8b3Euj8ViQnMcR3W73dyMCmzjG9PxVzi5H7jKa6gI1nLE208oFOLy8wyGaWNkbQwzx+PTIYQQqrb417reW+RT7xhJJBieMHCufgQgl8txbV8hUhbMrwUghECbewDkKnfStH0NB3SN1o5OYqo63xgOhymWXQQyHajeWka+vsRdth9NCPFrOC95m16Npk3jLSkhau9masoE7y+A+tA0+cQEhetO4AvuJDNUTc+LhwsMMok+yoNVPNHqmPpss8Kvs+pHEgAr/QzViuPfvIepgR50xaa4ZBXe0soFBmuKZumaLEX6Symr1DFnTYrlBGq2G83di6/qINboI3SPwsiHXqSjk/Q1LgCcP9wwfwvDMLAsC2syQYHZiW9TC2byDi49j9u7gSLnC4FDNxho78Y1B5BIJIhGowwPD+PxeLDGwpBpxRdqwUzexuXOYc9uZOzle2aqTlFYvgkpJUosFusWQtQIIaivr1cikYhjj7dR4Rlna1Mz9vh9FNXGnFlLOvweacwE+7ZcGfp9ux5luRbunVt/pqH55N28UsFKfytlFTrmzDomX79JSyvbUH2hbXCJFpaLo2TjlrvbGs8Sf3SRvnCEgvU7yKfjqTJdPVh7qX1web9reSHeP5a3u54S3LGXoqJqkh2fvptZ+0jtpfbOv6nxjxWON/mzdVWV2q6aII7bimTTE6eOXv84+C85/wR0RnLQ/rM7uwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALISURBVDjLpZNpMNRhHMc31ExNmjRTDdVMsxXLkntnTcmxJTKFMK6JnK1KcheKDDZXubbSoRdlNFFNGFTIbeiNsyjHnzI0ZrFk/621+21bx6wx9caLz/Pi+T3fz/Ob56AAoKwH2WAU2QyP+wNO6xKY3WgOsMseKJQvTrm6p0ohplzcuqR4/lsQ0QQmhzA0SxkUW6QPbv47xz9t3zBjd3ZeStu0g+OAFJGUESnUtYLwRqjHjyhqxxFCvVtE+dwxC84vc5ZklmV1dHnhrJUNlW9ty588ZS+wzSHiVwkMwxpAPRm/b0/kcOqF82/m5wyYpIBhwpXfyTCOyAjKLJT0Frji29sktD+xQgeX7ikrGoTVY3nhhJaJZFj/hFA+vD+YeMFOe7QwVhOF6c4yYHYUU53FaEm3Hl8UhNbKBKJdagVC1b0i0zPvyS3eRLayz7Didp+hSteb+fMT3XELwu8lGKtNg6DrNRaIRnQ9DSBlAr2QGsTo2euKlVUkC9t2JFNciUSKCwEFF0LMCi2S8LpjJWJBIwQDl8FrC8KXZ77oyXZDW7aD+qIguBrYsNEOCpv65VsPiE3Kn+y6DjHZgrl+L5AjHpj5HI2hPPPxKeNDH1cOUffKBwgpSk4iitLu5fDd9IOcsU9RS2FPkMPu4HfHoI9rSfalM4yk3aqtCA4HvcPjnTTz5XBkskZlZ0UIxIJ6kEO++D1yDtPSTnq5LJFjlh5/zTvQuVQBk3BtVWYEPc/7qjqvpzwaHRWZ+NHqjLkhD/Dar+FrrsXPqjSGJjNBe5CRSM9ZLbhYDgO2pp0+W8PqZQoLmCHQ+9AJNdFqaHpgg7oEo9E7/keOy24sWEON5q7NNg6jbV0R0APLQGeXQotdggR/HQhbciFszUJrkgWe+x0AK/AeaH6vligGzbdIxopAHmdTFZLjRRNV37YRVWVY1pVG6VD/9xv/AJGzmhVs7+fUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVDjLpZO9apRREIafDVuIhMjGhPwJukashNjoNdgIqQQbG8U7ECy0i4UXIMQLEKxtrCwsRMRKbBSCoBhQwRjwZ3e/M/O+FufbTYRYZWA45wznnXk4Z6Zjm8PYFIe0LsDDG/1pm03jy5gpAzbIxga3q2wMv2Q/uPXo8wZAZ/P6qVmbrd7iyd7cUh86HWhFMvvcpKBE4fv2B358+7Rx+/H23a7Nq+PL/d7c8ipf3r+kjH6jhDSkTAjCRoISZmbhNDMLq4S4c+/K8rmu8fzahYu8fvaEwc+dKm5FIZMJIVMSIsXu1ltmhw1nzq6x8/XjeteG+ZVF1q/dRKMhVqBInElG4igoApXxPlEJpo4t8eaF6drgEIPdd6j5g0KoqCYpSRShkq0LlZps+ugJZOjWxxEuSQ6zVohETZIh1LTiNqYQGTVmtwQqiUZBjgKVICfVsj0Ll7GwpYvcI1AkOSyUYTkQN4twCjWB0jgryYTAjYhRkIPyH1zVilETOV19QlCSHAQ5bA7GTaEUDuFxZ9EmsCGLOLJyvv5AGmvvstVWlGt/7zNjOvevrjy1uST90+8Hz4HBVYkrwfPOYcf5L9lR/9+EMK8xAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMDSURBVBgZpcFNaJt1HMDx7/PkSdombdO0Tedo2q6H2VSnlZXBylAUN/HiRRBksNsQ8eLNsyBFL9tJUA+CMnUiXmSbgqOjgyF9YVu3pmvarG+sa+eatmmb5snz8v/9zA4Dkd38fCxV5f9w3h2+0pJpb7zeHI9lUAtUMKqYIMDzAoIgwK96eJ5H6HqYqovvViltbK+tzC6edHo6mqaHXuzK9B5o5QlR5QkjiohiVDFGMKIYYzCiBMZwa+pe66i3O+t0tiUy6XiE+ZVHhMZwc3qZ44NZJm/P88qRbsJAuJ1bpr//EDduTNN1qANjhOczSdLPHUw5lgWiSjRisVUWKqFFxUTZqgRcGytgjCBq49OAZ8XYLO7Sk0kRimBZFtanF/5SO3SxRbHsCENH+9j2YxgRjCgiEBohFKHZqTAyMolX3iT0AzYe7uKMz6ycyab1i7ZkIpJOZw5EYg3WWmGWtUeb+KEhDA3GCKFRzmTzfPjCEpNL9Q+uLGaK92cnzqOqqCofnbv00/dXczq+sKf5v43+1+UfPtfi+Mca7I3r8u+n/ZvDh99WVSxV5b3Pfuvu70zOnRjM1ifijfR2xOlM2jy1c+9X/OIlUgOn2F9dINwTdu7frcxN3jkbGd3LWnZl/+obx/t64vEmYrEYPW1R6hyLp3ZyF2gZeA1x8ziJTsTfpSV7MBopbZ+0R8+9r9n+3sFUS4r1UoARoSFq8W+RRIZgexnxi6g/R6x5BaozlNe9iENN1Rd7vVhiYX2fqtfOyNgMbtUnZZZ5MzlCY5PQ3WJhSwnsJjTwyV0s6Nxc6QOHmjAICIzghyH5xVWMKIdlgmN1Y7z86inU/xPL7HHncgVT3iVm23ybHwi/+fm7iw41Vd/HdX262uswoYOo8rrm6DvxDn7xKxwnSe6az/X9t6i0H8WtuBTcW0KNQ83SVC5febyRjdYnEBMiIgwdCbAiD4nUpZn6Y4cf777EA00ihQLVcpnHq6tfUmOpKs8ycf7YcGNr6mxla9+dn9/45PTX87/wDP8ABifE0eTdPioAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJxSURBVDjLfdHLaxNRFMfx752ZpOkjfUgiYkykC0G6a8EXuhBxmY1r/wTBpaI7l7oXXQguuvAPEKF/QA3WorSWtmCxldLGR6NpMpnpzGTuOS6iVYv1B4cDF+7ncO41qsq/UqvVvK2trWIQBKPj4+Ov2u32MEA+n2+vra1dGBsba5ZKpR1zGDAzM3OrUqncj6KIMAwpl8uICNvb2wwODpLL5VhfX7/tcEiCILg5OjrK1NQUmUyGpaUllpeXyWQyTE5OMjIyQqPRuO0dBqRpWgrDkMXFRUSEarUKwNzcHPPz8wRBwNDQ0JFDAcdxKJVK7O7uUq/XWV1dRUTodDq4rovneb3+/sWZhdzwxIQxf26jGFPdh4rFImEY0mg0cF0X13UBsNbiGXVOly89zRhjQHuXMYaF589ZWVmhXC6jqogI1lqy2SyqSrPZpNVqffdINUKSvvjzI2zigjOMMXmuXL7I24VVarWXVConKRQK9Pf34/s+X7/Ute2Hz0TkjkfXOCoJNsmiosjeJns7G0RvpjlWr3MMYBtioPCzxsGcuvH6OoCH0ZykewSfvhJ/+YAkIW7fCCeqTzAYpBuDARXBGIM7cJy1h+f2X8uj6+D1H6V4/i4goIqKT9qeRaIN0Bi1IWoDVEJylXt//ZZHV1VthITvUNtCrY9EH0EFlQhkD5UOajuoDUHlABCjKinS3UHTVg+RGDTtTZfedEl91PpgzAEgUTVYNP2Opru9sq3fWOqjtv1zhQiJNwGifUATaabht4FuJ5tH8o5qBiQPWkBtDCSo0+vGsdgoUk0k/g1E8YP1x9fOolzFkOd/UcDMJohO/zr6Acl3eEJ9hHHwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZNBSJRBFMd/37papinFUgZmYESIFiGRYdQhynueig4eomNE0NmDidc8du7arUNFKJSpIKQHAwlNKkUzTVdd3W++mTfzOuxK2RoEzeENPHi//3/mvRepKv9z0gD65aVK7geqFhWHeoeKRSVBfQLO4MWgEoMz1HY+jXYDvFDecrOErgoRFAOgkH12q9RBsr5ApSoa4kI2AtUARCi/CFFqH+riPZ4gQrBLSG4MQoKqLdzBQjBoMGiIqcjcILj8HgCfAIIGA+qKRb8XGzTkQQW1eziQrdWC5V3KMSGYIiSGEBdEZLsUELzBzLxDkk/gLajgzSb7TxwpKAdDz8QUWfOAR3/8QQrAx6vI5gLVTbepbuniwOlrEBzq8xDyqM9jxFKfaeJ+ZXmpg0gVtzxJdmCYmva7RFFEz/c5WJrFBsGKcOzQKZrq2siZbTr665wRWzH0cE3TO/0+2NbF2kA360OPqb1yDwmW681deA344AkoixvznKm/xJaN0+Nzb+3Z3lRFGgAxRGUpqlrvEE+9IDf6HCMWr4GvqzO4IEhwOO/YTHKcO36ZLZdPj30eNsU5MGRf9aNiUBdj4w+Y2irEC0drGpDg8Rr4tjHH4eo6JuZHGJkd/miF1uhvy9T5pNEba7HBYsRyMtOcutjYwfu5UQanX09a4cJinybRv25jS29q5XzD1cyb6cFxG2hf7FNbbMC/ARq7oxUfyjJx8OXLfSo7+Z9JyXr5I2wfSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJWSURBVDjLpZLva1JRGMf9F4JgEEGjIG5vetGoSz8hmGVN023qbTklTdmyHxaN2OLuF5nDsSYWNZyLHM0fZOVetGx4dXNuU0GvL6INKioKutWtKDZaRLenc+AWxbUY9OIDh8Pz/T7f5zlHBgCy/+HXgQ01kmzYFGPDZr4UsQpsyCIUho18boiKzV6tJ/9pwIaNtlLEzLEhE1sYPkTnr1FEzq8ncoM6OjtIsdkBipvyamxlDXBnLC6OGFylFwsbEFqEA3EcoUKszXg1roy3nku5lZIksmLIFCsGTSwqJBBHEW2Is4gWxGmEAVGZ7lezSbcyVibBYb4QaKBRUR2iVRSfEcU4hR1RnXTV0Cm3ipcYlMIWIT9E4e7Hfuv6cwScqAmnSHQriFSvWpCOEDQLWZ+OEAux8KRo1izeWRHU/Q45kXQppQb56wY+O6DFIyhEof17awt8c5yAr0cssKTVw6JcAZ82b4MP6zeCxGDWp0fvrMNLrEToETYs/pKbgKXJOHy+dwcWoyOwEPDDu1XrpAaZS7Xk9BUdl/ao8TOuQewu1xmL365YDaOOHQ2SjzTZd8A25dFwqV4Vyzj30eOde4h4u5yIn6um0311wtzdNnhZ8MHT6YvAnFfDreatFZKvzFzYTyJijEvJ42Uxzhoh3rH3Y6JbCY8neuD1wxvwZj4IjxJdELXuFCKWLRV/GPyN0VO7jOn+g/BsxgPcgwA8z16GvN8MPQriybIMMLft242Msxbmx9phbqwTMl49RJvI98s2wNy0kcZgYxWMdynQCOSroGnTSnz/A5Fyv6NS2MnjAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLpZLNS1RhFIef897rNDSoUEFFIhpCi1okzKKyRSFBFC3aCFERRQTSItrUHxBFbQoEkYJaBdoQ7kqQwm1BREjmF2JWFuKgNTozzr3zntNiRmthC+nAb3fOc37nQ8yM/wk5ff3Z1cNH0vcWCpYyA1QxVbx6TA01xbxHzTDv8arUJeL86Ojszf77Hd1hui3dVZNMue3JDTVO5Qu+C+gOC7G5wsLyhq0XY3MAoXnj9tmWDQMu352hAjAFICp7DDA1vIJiqBpeFV+2ikyJvNG8oxavvgKgegVxgphhTjAxRAXnBBGHiEecJ/rwiLA4RW6xHS1vBsCtkhwgIogTAie4QBAHgYOaIKA8liGV/MLOtguszL2k0UYqdabVPxBZAzmpdA8CIRAoTvQTrAxRvydNfmaAILmLc81vGLi2+0yoVQdUHQBghgNMBA2FcvY9W1tP4gsjJLc1sOK/0Xh0H1Kc7wnLcbzmQAAzQ0Swv0BBqoF48TMuyCIuT6IuCysFln+UgtB85QoBVIpEWF1slP1EbvghkojRchGnP8HVYnHEx74pxscXroSq+meEqhBhafIFudHnbGk9iEWDiF9ibDCiplQiEOHp/Am6em/1hrPTM5nOB3GHeo96xXuPqtLZ1Mf+9mNE2R7CsJ7h1yV6xw4wl9iLGUSJTZnqvmxdfe0//rY0d8fy46fsXdehpccXW86vlxf+61W/T2df5X4NNRUW8sWJifkbl55MZtbL+w0EmEFfv0ZNiwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLpZNLSJRRFMd/M9/okF86IONzClciCRNGZS/BFoIa9BBDrSSC0F2rIFxZUAaDrWrXoggEqVBxHRSmofighUk2jEXjPBxHRbQv1O8+Wozo2MrowuFy7uH+z+/+OdehteZ/lgugZ3i1U2vapFaHlFJIBUIppFRIpRFSpYVECo1UaqKrtbTSBaC0vtNYme39l84PXoeO7hBIpbwAg99fIZRASIGtBLa0d3cpdmodZ7qwbelOE0j5cL389r66WxsCW8hdD6RUAPSOLO5L4NKJXLbSBcS2AMC1qnzefErQdK5g56xvLEHj6d18aW1jL4EtFUprXAb0jS5iGE76xxZxOMG5fWlwfBG0JsMFR3xZbNl/PUEDLsNBQ2Ueg+NJLlfm7yFIz0OxNYRQewm0ApcTBkYjRL5NEhiaI9+bS3Qhic9fQ++HX8yN9eMr9LK8vMKBdQ/V1R1mSkAotNY4tWB19h16fZ1bN1uxLItIJMLo+Ec82SbNV69gGAbxeJzMqSlWcnLup0xUKZzQzCTxYIjmG9d48vQ5s9MTFBUW4vf7Cf/8QXf3BPGFBY4dP0VtzXnC4XC7E0AIgQbCoRk8OQcBeNR5D2HbtLS0UFVVRX19PXV1dQjbpqm1HQCPx+Pe9UBryksPM/15MjWqDx8jhCAQCGCaZmqALAulFD0vnnHxQi3RaHTDobXm7suvI8KWFavJeXPty1vOnqyg2OcjK9NJIpEgGAzidrspKSmhoKCA35uKWHTeHh56P+dI/85lZWVGUVGR3zTNgeLi4jy3220AzqWlpTYg6vV6B4CMzc1NGYvFkpZlNfwBMWlOUI5ySkcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLjZNLS9xQFMe138C9A/0OynyBUjeFQjduROi2MMtCEalS0ToLEdQMdEShoKDWRymKigWxII7PhaB9aBFUJjHJpHlnnvbfe27NJcVIDfwIyT3nd885cOoA1BHsaWQ0MZL/4SHjgciLCJpKpZJVrVava7Ua4mDnkCRpKCqJCpKU7HkefN8X2LYN0zShqiqXKIqCTCYjJGFyPQkooFgsolwu8zfhui4sy4KmaVwQBAHokmw2+1cSClpSUmr12MP7LQunii8klOA4DnRdv9USn0koePRiJDW+aTGBjcOLgAewlnjfYSuFQoFXIsvybQF9jG2avIKFPQtzOyZmcyZMtywkVAnNwzCMeMG7jV+YyFmQ1g30L2kYWitAWtZFJdQOzYREsYLhzwZGGF+OHez/9PD2k4aeeYUHVyoVPheSELGCwRUdA+zG/VMPeycu3iyo6J5WxDxIQFA1QtCauUwPrOpIPh/vSC+qSC/qPHn3u4uu2Su8nsrzZKqAoOR/BO2j+Q+DTPC0/2CdSu79qOLVlIyXk3l0zsjomJYxv6ELQYgQPOk7a2jpOnmcaG57tvuD3fzNxc5XB9sEm0XuyMb5VcCriBI7A/bz9117EMO1ENxImtmAfDq4TzKLdfn2RgQJktxjnUNo9RN/AFmTwlP7TY1uAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJmSURBVDjLjZJdSFNhGMdXW9BtdxEEeRFMJKiTladSajoqSOnOqy5CgyIkKFDLyI/Q5sZgRYpQFtJNpYgIkm5mVFpTc7Cw47Dmml/RZufs65yzr86/9z0qrVLrhf/N8/L7P//neV8NAM1GmuspaiXCilr/vP8vOB2fUbWWyb9h0YVE8CFSkSFSVlQTX6fhwYYGmXD8qxWJpY7V7qDH18HC2cK+3MhAjUxhef4m4t/uEQ0um3QZoKR5eNsY1WRdAxqZwqoW6lWTVHgQ0WkLRO8p/Ii/wrRtL9ZPIH8kCZp/mahGDYhwJxBy5ZHxusHdyF4T3kx3EBi+TIA6hN35ED+dheS7iOjUGQgTuUgJjeBqs2FvyvX8/d69RgRGKpHku0g3lsDFpPt5RFxHIYwyKjxVnwOH6cDkb0uksJIOkzkdkOZrEPqghzh5CNKXW5h7WoDZZ2V4d24XBg062E9vTQ4YtdWqQeZPSwQ6EfWUkE45iHL5kP1mjJkZfqhCv+S+mge5zwqF64f45ArGL+1J2wt1FSudQyRyD2KeQvBOPWJTxyHPNmPcwnzvNeU9HijSeiUC424xULUNaMpC0HwMpD5DDSJJwUGWxYIf0UP6XELgRoxZGL7Pwt6nMUlsRZnoRuYRarfTcZTlN4+9RZgrJAs7CdHfAKdpX+i5lW1b3Q+Zdy7WXgYQKF6pAU/kv6AFqc9r/F2GCTk4DMlfC3nxEUbNjGC3Hb6T+bRvSnfUjZbvTi1WZSFwbQu85ZvwoliX7jdqr2vG2gtq3K0HF97b9gfpzK9bjtxe63MNl+6sJh19NDZNRGFa/wllZefQFCrWMAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLpZJBS5RRFIafb+aOMzoaoqiYtEvBCaSFiEH7IKIQF1FIINJfiFaiC5f+iCIcXAwURX+gIkGigghBbSloEeYwM9/nveecFk5fmiMFHbjczeU5z3nvicyM/ykH8OTV/n0zpsS0X1WpJ4HEC0G0eQQJhqh+XpoZvncKoGa3pye6uv/WbWF162JLA1HtBnj6aX1Ak6GeIC4nqjSOmbRlChQLOeZXtndE9cPSzPD1Y4CjHDqs1HttvOhadTeDWiwUC1kWVrdKJw1EAfhRCy7xxsuN9xmNL2RE8lGLTAY729uYX9k2UV13AKEJEDXyuQjnR7I3xjv5h0zGHIAXRc0QVRJv1BMB4NmXRwQNHMRV6r6Bl0DQQJDAwytLeC/5dARr3vlclGZytzR3ZvdaHPBBSA1MIagSe00zKb/eOxNwc7yHw1+A79U6okoEZDNRmgnAnav9VNZ2mZ4cOAH4dhD/NhCxj4vlzZGB3i5qDUkzcVmovN2DCCpru7hMBGbkHIwOdXDom4Dl2dE5gAePN3YKbREiOmiAy0ZMTfS1NNjaOSAE5cTSiNj6Ynnz0mDfOUzBZeDFu6/AkQGAi0CB0vkCxh+A5dnRW00TE1Umh7sIYtQaPv2Z49XuIm25tiL2ZrG8eflQtOiDUK0lBAmn3u1X4+c/AQHoQ0fGFnyFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLpZNrSNNRGIeVuaSLrW2NCozlSsrCvqifKrG1vyznRDLQMi9TsamsUCzvSWJKC0Ms0/I2hratmVbi3bLIysRZlgh9qFGuCKOF5KaonV9n+yAGokIHHs7hhd/zvofDcQHg8j8sW0wN2FpQJuVNl8u2QC3loEDMtUX7CYrXJDjrx8u6FcYlNVE83KbciOCiNISD9MDNRHaQf3lVQZWMgwYaVNNQqcwBF1dCBbhwlIczfpypVQWlgZvQVZUPS6cag7XpOBckQIZkB9IYEZIPcee02XL3FQU1scKfM98/YOpFFb72XseooRDm9quwmk3QKXdPvdOkrltRUBG9f8A6dBeTw0bY3+ooeufZatLhToLv8IpX2CZrYnsfTtXqVP6YHa7FzFirE/ubJrRk+sM3UHlfwNSsX1YgCNG586WNKZ7SPox9mYYhLwz6PLkTx/n5+G94Bj8BT1x3ni+u3vCPgH/c4OoRbIgXhg5g3GJHowXIGANSXgOJT4G4DkBTXolnMT7oFbPxgNlo7WDYuYuCAxH14ZKTahgHF1A9CqheESj7CZK6CWIfElwrqsRI5hHMtJeBjHfBps/AUJrvn55jbiqnYCR/38JkWzZu1rchvpN2pR0VjwhimglONREYw/fATsOokANZXKDECz/UQeiWsD45BaMFPsTaU4So5AYU99oQ3Qyc1hNEagkiagn66NjE1IKl61fhdlp3I07Be60qx5TjPa9QlMwHxPdDQUdPWELrCSGm6xIBGpq96AIr5bOShW6GZVl8BbM+xeNSbjF/V3hbtTBIMyFi7tlEwc1zIolxLjM0bv5l4l58y/LCZA4bH5Nc8VjuttDFsHLX/G0HIndm045mx9h0n3CEHfW/dpehdpL0UXsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVBgZpcHda45xGMDx7/3yzB6ebc3ayJS8rBDTkixRMsoByoE/wIkDcbQTckJRTnYmB07kiPIaRa28JM2iaLLJS0mYtzLbnvu597t/1++6TCknitrnE5kZMxEzQzEzlB679M34C1HFe8WJ4D3kYuROcF7ICyPzSp4LKdPWd5T5wxA1QjBEDQmGF8Or4r3hRfFBKUQ5c+cLKb9N1ISgIGpIUIpgeFG8GIUoTgKFN5wohVfmVlLyqpAybfuaCv1Dk/SsrjBeC1wYGGNPdzPlughjmsHQuxr3RsbZu3keTpRz976iuSd2ItSc0lxJUIVZpZi8CJTrIvpufCICjl58z6LWOla2l2lvqWNxWz25VzQT4swJD99krFs6m6uPx6gvRezb2kqaRFRdwIDMBVRh4/JGfpmcCjgfsCyQVnNjy8oG7g5PsK2zkZpTTlz5yOHd7WRTATPIpgKDI9d59OIm1XyMQgqqsgl1XaTjeYEPxv2RCdYumYMZVJ1gZmQugEEk/bz89oQtm9axcG4Hd4evMfj8PC3zXhH1HB+xnV3NfPjuKLziRHHeKERxohSiNGkve3ZshyRm14qD9N3eR0LM+cu3iCcmhbwINNQnNMxOaConNFcSWioJrZWUtsYSP6pfKEUVdq04yC+9PWdY2tZJFHvS77nn1M2PmDfUKVYI5hVzAQrFgrJs1RjDowMMjT7g0LaznOzfS30yC9MSkZnxL90HFhxfuLjpyIbOjXTM7+L156cMPHvAh7fjfZGZ8T+6Dyw4CewHGoBJ4PTgqdFDPwHX2V3XB5aEeQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB+SURBVCjPpVHbCYAwDLyIIzmEX07hCH64nAOIuo1Sq+CZ1ueXVsyRBJrc5aBCPEeEvwuxK9XtDn0Si/ZU9gUg2Z/dYEuiuxSI5mRtwyuEIR5KOpVZYRUjjMLVVkIVCk6YPPdg1/LNQ87xdtl4JauaQ7CHjAfXeK5FH+7h9bNWB/9J3PASf8kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKhSURBVDjLpZNZSJRRFMd/937fN58zqWPpjBWamYmtlG0YLW+RVEQPLQ9JVNBCENR7UEhFJPUSZZAR0UsLCEE9VGQLLVCG5kJm2CZajjg2rjPfzHdvD4NTRj31h/NwDvf++Z17zxFaa/5HJkDFkVtn3ITYHh5x04ZifzmlxqdeGzK9XKmt2nbYBHCVqDi+b3EgGAgIIUw0oFP3BFqD1mO5xk047K68txNIGoSHXDuQExAHzl5jan4WtqFwtQ3SjxQkQwoMKfja1syJw/uJu0KkWhiJgZQmxUXTmVe2EkMaaO2CMEEIpBAIIZFSYhkSpf54g7E2bTuNNG96kvcvyuivY5NzmcGnL6la+MTfdOHYjnEGcSdKPDoKQqC1QmkXpSQCyB68S3GkAe/8CvyFpfz4VELb/ZrTKQOtoTfSTV8oQlwlUNplINaD4+ZRqB4xL6+DzOIVhDve4REOGZmTSc+e5h9n8L3Hh9UZ/VXQAQrMZ6yb1U7WjLXEvl3H4xN8aWwjMqy1dPoXyDF8rUEaHqRhJ8NMo8DTSEXJW7KK1hHtvoSw+rHSM/CqPi5+WDK89GBtu/yd4HcFBx6wJf8V/pkbiXZVI604zsB0OuveYJQdpcvJcQEkgFYKAYQ+t9LZ+hLZWk355BaCc9fjfK/B8GhiAwV0Pa7nWHMpMrsk9ZVmctaSE3b+5BF6Gm4S0IoEeXxrPsfEoIdoOJ++122I8stUbp4COClSCZDplRGViDLF5xBqqmHOyr3Ync9ov/2cxnth3j9sxL/mBLnBbHJ9cSzpYFtCpwgm2PLGnpMPl4/E9fxV0ZDfab1D4YJVRHr76Kh/r+/4Dg33VLW40AKAbYHX5CqA+HOdt66eNLpoRq65bHYh2oq9GA317tpwqunjv9b5J0pAFDVe4XHbAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADZSURBVBgZBcFBbo1hGAbQ83+5kRCJhA2IEQMrYAPMxRZMbcLG2ICRGTeUtE1jpr1p3/95nLMV8PnL3eOT07Pr79f+/f34GuAAcPfqgXseunlx6ysADsfC0+3k1n03ODP41oiX2+IReO7KH7sfLr1HPBEsCOKNc0cXPghGDFZUUPHWb+/UIKpYUUXU+LRFBbsYLCqICkbsiArWroKIQVQQFayIYFRQFYwKVtQgqhgxiNixooJdDKIgCtaIHVFB1KAqWFFBVDCiiAoOuzMwfgnqpyCOYCsAAADgP4mZnXDW2crZAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADvSURBVDjLY/z//z8DJYCJgUIwxAwImOWx22uSExvZBvz68cvm5/dfV5HFGEGxUHoiExwVf//8Zfjz+w/D719/GH79/A3UAMK/GH4CMYiWFJJk+PXrN8PN27cunWq/oA/SwwIzyUrYluHvP6AB//7A8e+/f4H4N8Pvf0D8Fyb2h+HLl696WllqJ69Nu2XOArMZpBCuGajoN1jxbwT9FyH36/dvkCt/w10Acvb+h3uxOhvoZzCbi4OLQVJSiuH1q9cMt2/cvXB7zj0beBgQAwwKtS2AFuwH2vwIqFmd5Fi40H/1BFDzQaBrdTFiYYTnBQAI58A33Wys0AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLlZPtS1NhGMb3D8y/xY+FwQKXr4mWFYT2wQhNQqEXKohIlNLIT2NNxLLYVtAiGIGSL9nm1lTmW3rczpk7287cdNTci9vU7Wy7Os9DR3J+qQMX93Nu7ut3nvt+nqMAoPhbDoejwmKxaKemppbHxsZ+mc3muMlk4oxG49A7w9DZ0vqjhdPpVEpmnWTOBYNBxGIx7O3tIZPJIJlMwu12YejlU3FY12fQagbKjgH+mL/wPI9isYiDgwMQiCAIiEajyOfzKOb3Ie5zsEy/x4vnD2wD/Y/LjgDky8Scy+VAHlEUQd69Xi8SiQSFZve3cZh2oXC4icnxt+h90mWgAMl8Stp2IZ1OU0MqlaKQcDgMlmVB8vm8iEySRTbtprvISbpz+2bh3t1bFQrJrNva2gIRx3HURHomoJ2dHbrOHiYlACMZg9J6V9phFjabDR0dHTpFeXk5/lVkNgQcj8fh8/nQ1ta2SgEMw8Dj8cBut0Ov19NiEkOhEM3LOTJYv9+PQCCASCSClpaWKAWQItlEIEQkJ+fl6NjwY4HxUrHCNi40X9k9ASCSzaUAKyNgdiMIuzuEiUUWNY2XXCdakEEklrYws8pj5gePuc0IXn0cR835xpH/GqJr049vaz4sCXGoztUV1FXVp+lF0mg0OqvVikhCOsrwGlzCCtZ9i1jxLGCJdWDR/R0enqMDFCJR9Gtfo7K6buToJg4ODir7nvVOf/hshO+nm0IIYNkzjyVujkJYP0OPb3R0FJXqqkmVSqU89jP19PQoHz66P9LZ3S6aJ0yYX5+lkDXeCfvyVxg/vUFtXW1OrVbrZPMxgKzu7q4z7Z03hq9db2UuX70Ya2puiDU01TP1DbXDkrmitP43h3Pjic5IKdYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZnumq0n+4OFHi9x4nl305X5kfXDHmvwg3Qz9v9/ycDS8hvBhZxmGavmZZeHjMtX3jMMn/QW6p5+XyJxd/vW3v//7u24//XFUX/T2fr/tnlzJILVqyXu/P/HFENB5hmxw6jaY6dRh8dugwXOfQY8ux0Yb77Daj5/yTf///LBf//b1P8/7rL4T9Q/B5Yg2729v+WJTqSFqXaM81LdR8B6bcWZToZMANBzv53dt1/ZPC+XuI/SBxiQNa2/0YZmv6GGepu6gGWrkAanBqFNTxkQTTQz4+/zE3+/x+o6UcZw/93QPwwg/k/UPwJ2ADtzC3/tTM2/9fK2ATEG/9rpW0A4vX/NUE4dd3/sriU/8dS1P8/K1f8/6qS9f/dFMb/u33Z/u9wZa4iOtcdCZetANp4HxoLj0GaQeIAMa12DZDYXzMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFySURBVBgZpcE7a1RBGMfh3xwnRziwBlOoBEG28FYriMSU9oKkTop8AcFWEKystRDEL2BnIVbapdVC8EbAYCEokgsL2T05M+/fd9CFRTcYyfMESRxGxK08fHMLOANcAy6BhAiYqKpAFcDMsMz2TNT6+dPHLmPi9s0LAUksP3j9WP/p/tN3ckR+WcQ9WdtkTOxvdWGOD1+2W1ykMJ3it7MnjlKEwFQfv7UUw1FX4yJOUoMT8Ol7y0Eo54CLOJkibnVhjoOybBQRJ1PALd19ycgMEzy/d53PX3eYpj8/iyxTVDiZUfwYdly5eJLNYWKs19T0mppeU9NrasaUMkWFk4liMMp0ErttYlKXRZfFJLNEUeGCGUXbdgy7TB51/IvSHkXECTEm8ZeZI4E/SYki4iyZgIB7sbbBpMHuHtPIJFzEZbMNoP/20Q0m9edn2Y+kLVykyPZs6c6rc5KuYnbcLIEMWUaWQBmZIQmQwAZQvccFSRzGT6Th9AjEKBwhAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLjZJfaFJRHMf3sOhlSG8RvfbQS0G9RNBLPRUEPfQQPQQrVkH1VC/BegkEL1O7ouhwORS1beI2///Z9TKk2EMEM3QqTkQKdU5S58VhE9q33zmkrRhjB36ce889n+/5/r73jAAYOaoikYgqGAxKfr9fWFpaGv3/+3HghM/n6y4uLioej0eYm5sbPZZAOBxWBQIBBu/W63V0u10QvOdyuQSHw3HySIEBvLy8vFur1UDPoBagKArsdvsvm80WslqtJw4VCIVCKtosD2AGzs/Pg9pBu93mTghWLBaLYDKZRg+FKazdarUKss9sgxxhvViFGMnC/+UbzGbzvtFoTIqieGoIU1gqAmQKi8PkAG63GySKZrMJ80oeE+8/45VrHd8rNRCs6HS6a4fC5AAUFu+90WggmUziR7OFSU8Kno95BOVP0Gq1fUEQbnABOk32er397e1tkAicTifvncEkjtXVVZTLZWQLJXwIyAzeI/jyMESCpYWFhf1KpYJisQhJkjjMHESjUZRKJbgiVry0PMCTd3dwX329e+v1xTdDAUpZSafT2NnZwebmJgqFAnfAks/lcrD5DHjrfYjwhhlfaxLExDPcEy/gyvMzOi5AYW2tra0hFouh1Wohn89zkWw2i1QqhXHhJgIZAwI5I9jQyY8hyk+ZQI8L0M06PTs7208kEvzXsdQ7nQ4ymQxkWcbtyUuIbthwcATTZibw9w7MzMyMTU9PN1jP7BeyvuPxOCis3tUXZ39qpUfQSOMc1qyM/+tgUHSzxgwGwxbrnwWo0Wh6arX6HG1U39Wdh16a4Cezmb0PMzhYer1+bGpqaotghcGDddosUCnM9p9ZYOu/ASUg4G4xOdG6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKTSURBVDjLjZNLSJRRFMd/95uHOmrjo0zM0RTR7EFvg4oeEtQiKoRcRBRFaKs2QatW0cIeFCRUWERBgYsWFYQUUfawh20GW+SDHIcSdaRSq5n5vu/e77aYnD6JosO9nHvh3t85/3vuEVpr+vr6tOM4OI6DUgqlFFLKtHdP27bTvrGxUXgBlFKUlJQyMTUFWkNqgNZoQGudXqM1+fl5dHTcByANmJic5MiFLv7HzjSvxrKs3wAp5a+QUBoqIyfgJzQnm8wML0lbY0sHW4HS8Lo7jHY0pmkCYADYtp1KExBCEE9KRieSxE2F1iCVxpIOpkyd0ZqZGdi2jTOdnxAIIfgWlzjaJC/bh9frwXA05XSzZ2UHnoFBNuU+pefilX1pgHZSCOGCJCyFZTtkB/xUZz1jS2GUrNl7CVYsZyJSQ+/Dq6fTAFwShBApCKCFYJ7xnG21MWYF1/Hlw3v8wiJ3VjE5hWVBL6T0GB4DgOhQZMaLLyocYPdai7zKbZgj7fgDgmi4l+8/JNqaWpoG+H1eWg4tQymNz+cjNjZGnmeAUDBBsGoHyeHLGH6JL6ecDBnldmQex1uu908DznV2Ptno+mUFufEXkepNZfXBql0khy9h+CTWVAUjnW/UvU/l/bG49xaAmC6f226eari2Ymnl/gUbdxrW2A2ExyI5Wcr4s+6ESvxYWHP01VC6aG5Aa2vrHPE5HKtfU4wURRQWdJFf5Cc5GWK0q4f2wVD8xNnL2e5ghntjmuaquYEoC9c3kfHxBf13uwg/+EL/4zDlDecpmr840NzcvNV95w8JJ5uWOMcOHhYYivCjOwwORXiXtZmvdiZSyrdtbW11/wQ0bihIrKic662rrUD7zJeJ2PiB7S09g39rrJ+Ib2CJHdkBMQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALHSURBVDjLpZLtS5NRGMYf6H8RIoT8VB+CZaKUsHIGGYgRpYn4IVdgmhW+zNnUTTZwC6l9SahmDjNTLJdtTtO11tBiOed8mS9zbW5zm9szd56r5zxKtM8euODmuq/7d87hHAYAcxwxxwY86pudlPX/itTpnAeVPXZyS2UnN1XfSEW3jZR3zZHrnbPk2tOv5Kp8hpTIpom41ZoRt5mTFxuHfackqklGPeDypNKEiyYyYDPIUvo/HVARIMMrtn+AQDhFCh4MLDFNLxa4Pd7Qjvjg8bPYTXBw7xB4AgTeIMFaiGAjzGE7ymE/DawGWLQb1rG4EUVJ9yzH1GmdYHn0u+9RaD/44N1hEU1yWYOBGIckP+wLsug0rqN3IoJgPEUBYO6o7AJgYZNg2H4IobskWAiDoTjH94HNEAvlkA96cwRjrgxCsSNAuXxOALj8BD+3CAZmQlAYPMJudJDef2uXRcdrD55PhvBlKSPoH6Dk8bQA+M3f27nG4r3tD15NB/Fs1Ifl7SS8/iR0fN0/FcSb6QAs7hRmVo4ASh5QVG9BigfM+1iM/wjC5o6g3/gRis5u6PV6NMsUeGtywbYUhlxx6Cm6lBgaGcMVxRSYc3c/cwn+zSacQcyvxtHTq4darYbf78fy8jLMZjOUPWpotH1YXHQLntVqFTKXa2Rg8ipeendjKbIRTHCj4yY8bGqCY2EB7fIOiMViVFVVQaPRoLGxUaip19rWzlGI9H49Yehvyrs9FD5b9yl9RnKPNLfKBEDhE9OB6EIhTCYTHA4HLBYLBgcHcZ73LrWMxymguaWVZP3r3Nzcmurq6jAFlJaWjufn56eLioogkUgE0Zp6tEcBNJsFOMkv/ogupVIZNhgMIaPRCJ1OB6lUioaGBqGmHu3RDM1mAXJyck6IRKLTxcXFK5WVlfHa2tokL7asrOwGrwK+3qMe7dEMzf4FvOYAdxCFF/YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKvSURBVDjLpZJdSFNhGMcnIX4GhglGKHlRemHhYBoSiEkgZhgaIjqwNaqBGuxiF5FFhDOHzRmZlGBdhI5SopQInZOJtXkTKGYyN+fm5s7mOW7HtjHHhv17zynLqDDowMN7znOe/+/5egUABP9jewY4VlePOp3OG3a7/YnVaq32er37/hlgXlq65fF6wbIsb263G2azmZqdnU3fE/Bhbq7d7fEgGo0iEokgGAwiHA7D7/eDAFjjzEziXwEGo/Gu3eXixaFQiM/OMAzW19d5kNVmw3uTSfFHgMFgUFpIACfmgrmMnJj0zrfAGbOxAcP0tO83gHVgoI3S6xElgkAgAJ/Px4s9pJW1tTU4HA7YCJzzj01O4heAp7W1LTg0hNjUFLY6O7FpMICmaVAUBRdph2wBy8vLPJBsBi9HR5d+AKz19TK2vx8xQt1SqRBsacFnqRT04CDICrGysgKyQqwSITeHsfFxPNNqs3iAMTs7wdbUhBhxhpVKBMj7pkQCf10dmKoquNRqWCwWvJh4CsXji7iqOY8G5elwxfUTN3nAWE7OMbtcjujwMAIyGTYbG+GrrQVTWQlvWRmo4mJou67hzvAlvFnoxRylQ/dEE+q6j+Nk8yG14Hlm5pFFki3S1wdWLIavpgZ0RQW8paWgiopAE4C0/QxGPt7HyOIDbnBQ66+gWy/jAFuCntTUuNd5efOMXP4lpFCALi+Hp6QEbpEINAGwhYU41yrE24V+7H5G53s5wLcN9KSlHTSJRE5GLI6GGhpAE0CAVOAXCvEpPx+nmg9H7+mk6NBJeHHHuORnBTtr1KSkHBjIyHi1WFDAuoXCbVtu7va7rKyYNj39LAlUXlDnoUt3mc/Mndw3P4PdF+l2fHycJjFR9Cg5WfEwKalak5Cwf+cfCVYRC3Blfz9VnP8rovbZoQ8oWiIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpZPPS1RRFMc/970341N7Ehjij/wVQWqrFgmBiyAhiDYtAqNFmyAIWhSEgSC2CeofsF20bVMIblRkAtsPCgmGEpk246+ZcX6/d+89LcZf0UbwbO7lcM7nfM+95ygR4SzmcEY7M8ADWJm+nvSbBgaUOskTqvnVdaOzN4DqP1kKgOKVu0vaA1Di9HUOfYgppUBqySiFruxcSidfr8uBF8CNN4mYaKvwZ/4l8MkDQEsFG9ZVU5OY0AWnCaUC/PZbtA++jSMCWBALCMo51/pjamj8GBApR2yICeOIFWz5F1ExTWErQcxvA4nAhohoQBP0jcYR2330BijxrS4TlkDCIlF+n6DvEX5z/0HDhwqkpsA7D8bxjgGRg1ffwvn+x0eBgsWGG+jsHGJyiM4heh8xBfyLY1AVTgBExFSwpcVasMkjOouNMojJgc6SSiyR+rpMaXOPWMs89R2ux8NDQBURq7HRdq2SySE6e3DPkE4sU1jRXBsZpa73KuXFGb4vzHqzw7FntY8PRRQG0XuI3kWindqpdxGdYX0uyeWb9/FXE6iPD2hY+0xPVzOi5LkHIKHN6NJuQ1SIB9jAEYmBDUAuIKZKtPMFv7UX7rw4nsCJNlyremqASvXd2vt7gwjDKIL/5rXerSslp1Xj1FOq5RQlIL/vYlw21Wm2cWGkYyIeNI51NmvPc36T39b8TLsmqsi4Ou06fxvpelXc23ziGtVtXNkQmLw9o9/8BXTmMmWfiWeXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMLSURBVDjLXZNbSBRRHMaHSHrpKehCYTch06AoTEiyy0MPEVFIUbYkqOFmgoZZBK2uli3VlrHeVitzUzPqoTT00VoqLe1CIomL3XPD3dnZ2ZnZcXac2fk6M+VY/eF3OPzP//vgfIdDAaCivdQcQiVhmDBEmKf3/4b0Fv85HyQkz/Qp9iGVQLgSfW2ZmA49hfgqOyDcXP1CLS7yKkWFjGItYKbz87x8/fJn4puC0NSojSHzg4REwyBwjzrHDR71y5O94F9Y2PCNpYLorAbffB1sRxPYdje4xqvgL5Qh5F4gRt/bROH9qSDRvSUkUD88VDk/bGPCXgsbaFimcLfrwHd1QnY5oJUWQis+htjlcnD374BpOo1gx8a49P2+OtmV4iPaZOpTM5X52Z3gm3AtErnbtRAfeBBtv4XYxHco8jTUmAzp21cIrhqILXWYbDiEieak2Oe6ue+INvl3QKeOOKNOO/hHdxFtaYReqqqCpmnMlBaPg3NcRKT9JkKluWC3b7loZKAvalGhl2uqQcxRjqmPX0xRa2srZFk29n19fWDfDUM6kQ/GUQUuLcNrGuhJs21uaHnZiE8rpoHdbkd3dzcqKiowNDQEgWGh7cgA7b6OyIZ0xjQgz8SwdxqhHdoHRYoZYkmS4HQ6DfHIyIjR4yZpaJlpCDaSF0rdNGsg5+R4I7WXESs5jvDbYWNYURQMDAxAEAQzk8CTfkiHs0BX2RBes372CrHsI5V8+VkwnR6wZ8oQV+P4v/QeY7XiZ2sLQrm5YFalVpoG0oGDaVP7sz6Ea68g7LpmmERHx6BpmkF0zIdwaQmClxygHeeJOOVDKHFNmmmgI+7Zaw2UnRFplxM/OzyQ8rOh7c6AtisdkiULPzwe+Otd8B+wiERsNf/CzIbcd6ce1mDfEzVUUoxQtR3BhhoD2m6Dv+QkXj5/rg3092tkdts/Bj09PQsJwvj4OHofP2Yi6VurIus3e/WkSVgMs3qdl1mxtpKc8T6fD2RWISSZBm1tbfMJYwSZsO7/rzwDOVtJiBD8hCV67xfvC+0h/fUq5wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZO7T1NhGMY7Mji6uJgYt8bElTjof6CDg4sMSqIxJsRGB5F4TwQSIg1QKC0KWmkZEEsKtEcSxF5ohV5pKSicXqX3aqGn957z+PUEGopiGJ583/A+v3znvPkJAAjWR0VNJG0kGhKahCFhXcN3YBFfx8Kry6ym4xIzce88/fbWGY2k5WRb77UTTbWuYA9gDGg7EVmSIOF4g5T7HZKuMcSW5djWDyL0uRf0dCc8inYYxTcw9fAiCMBYB3gVj1z7gLhNTjKCqHkYP79KENC9Bq3uxrrqORzy+9D3tPAAccspVx1gWg0KbaZFbGllWFM+xrKkFQudV0CeDfJsjN4+C2nracjunoPq5VXIBrowMK4V1gG1LGyWdbZwCalsBYUyh2KFQzpXxVqkAGswD3+qBDpZwow9iYE5v26/VwfUQnnznyhvjguQYabIIpKpYD1ahI8UTT92MUSFuP5Z/9TBTgOgFrVjp3nakaG/0VmEfpX58pwzjUEquNk362s+PP8XYD/KpYTBHmRg9Wch0QX1R80dCZhYipudYQY2Auib8RmODVCa4hfUK4ngaiiLNFNFdKeCWWscXZMbWy9Unv9/gsIQU09a4pwvUeA3Uapy2C2wCKXL0DqTePLexbWPOv79E8f0UWrencZ2poxciUWZlKssB4bcHeE83NsFuMgpo2iIpMuNa1TNu4XjhggWvb+R2K3wZdLlAZl8Fd9jRb5sD+Xx0RJBx5gdom6VsMEFDyWF0WyCeSOFcDKPnRxZYTQL5Rc/nn1w4oFsBaIhC3r6FRh5erPRhYMyHdeFw4C6zkRhmijM7CnMu0AUZonCDCnRJBqSus5/ABD6Ba5CkQS8AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL5SURBVDjLjZNbSJNhGMd3KdRlN90E1Z0URVfShYKKic7ChFRKyHRNp3lAgq1ppeam5nFuno+JJ8ylzNMSRec3LdFNm7rKPuemznm2nMfl/n3fBw6tiC5+Lw8Pz//H8148LH1VvBNFDIWCgqSwUhxNlETiQ94D9IluHymEbtbGuGtk5eOLClnIuZjcwLNOAFg0LGqYmOsSwzwkw4q2Amu6GqxOVMMyUoZFVSFM73NBtokxWSsAkRcKOd8VlIBwCKZrn00cC5bHyijKsTRcgoUBGea6c0C2ZkDfkAxtWQJUWSGMIC/k/IRDoP5kdB5T9+NbVymm6pMwIgtDn/gOqLVBrY0q7mUUh11AadQVNKQGoFSaDmldl7NDQD99M4fdY/MHWNu2Ye/Qjn2bHes7PzFl3sOocReGtQOQqwdo16xC2mnoPg47BDTK6d13yukd+xw1bN0/gnnLBv3SPmapoPrrDxQpTfaCDoP8ZPiUgKZV+92lTbtFfiS3Ydo4ZMKd4+soVBpnJB2zLr+H/xAcUz+0MqgxWjFq2Ias26j628w/BY1Dy8Pj81aMUQJJ++zgfwvq1cs3mwmT6U1zO7KyslFZWYnUtAwkl/ctCKUK38TERJLupaWlbfB4vKeurq5nHOHaQUtrE7Foz5WWIj8/HxaLBSRJYmBgAOmvc5H4Kg/6z1+O6B5BEMwMm83OZMLVqiVlj24d8s5eCIVCaHQ6iMXp8PPzA4fDgUQigUAgYGpfNtseFBTUSUsSEhK2WA09Oue6QTP6pzchysyBSCRiBDu7e7jl7Y3e3l5oNBqoVCq0tLTA3dMLvCTZDVqQkpKyx9zCpLIYxLAa6ZIKxMbGMQK+8Dk8PDzh5eUFf39/Brr2cHfHwwD3TVrA5XI3Tx3TiCIDnNBgFOTnQP62CXK5HEVFRYiPjwefz2dqutdUV2PLzs7epL6oZ508Z21xBNny8t5u8F1fcDmP8CQqEtEUSfev7r8IvGSO5kXYoqJ4h+Hh4VYfHx+Dm5vb9V9HN9N1j9T0nAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALeSURBVDjLjZNLTxNRGIb5A2Xh0rULjJqw1BCDprXQAuICDBEBE7xFJQY1giCKEARCF9rUljuEFiOIBokFhYIFK6Q2Ei6V3oW21BKFdnq/93VmQomACyd5M+d8Oc9zvjM5kwQg6e/Mzs6myeVywcTExLxUKv09PDzsHBwc1EkkElG/WHRq7/qdgUqlYpCwkITDFosFDocDbrcbPp8PLpcLGs0KRC8aIm3CerGA35S8S7ANfzCZTIjH4wgEAqAkZrMZm5ubiEajiEf9iPh1kMteoqW54nNTY03yjoDamYLD4TCoJxKJgJobjUYQBEFLQ/6fCHpXEAsaMD7ai7rHZWJaQMLHybZjXq+XBjweDy2x2WzQarWg6tFoBD6XFiGvhu4iTOZO+fXYvbs305JIWGi1WkFFp9PREHVmSmS32+lxKOgiBWq4Vgeg7S+A4V0DFrrY6HzEmUxKTU3F/+T2pSOwT1WAWHoPeGxwLg3hUzM3QgvUajX0ej0UCgX6+vpogHqvr6/T9bFXFfi1+BAh6wjs8hb4l98iuqYgu7gapwXUogRESahQNSql54/Boa5BzK+A33QLW1/LoBGXYqn3Gi4X5RP7BFQSsGG+H47lB4gF5uAzliBgKYR7pQqmnlxMymXIzM1b2XeEhKg4OwV2VcU2XIyA+QJc6mroW7lQqRTofD2KzOzcjn9+xItZh7EkLSfbnkFgtRRBSxEIshODiIMZpRLfzE6kn+HGWOyME/RF4vP5wunpaWwQVkxLefg+WoXFsWdYV+bDt1qIrYVK6NvP4odaCfPGJhoFXWBmcDt2biKPx2PUP62TDYxIMNjMBNxr0LbnYarqIL60kru2MKFZ+Ain04nu7m4wWezx9PR0xq6fqba2llFZfb+j/spRhOYECCmfQ9lwGkM3DmFmSgzJmx5wuJwwi8USJuBdgkTyTx4INZakxGRNnLjkCTtSXJBJ5JzLUmflcNpIOG3v+j9k/eSwcE1V7wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMsSURBVDjLXZNrSBRhFIaHIIIyu1q/+hdYJBVhJUmE0EWiC0U/ukM/KroRllGR1S4UWVnZTdJMS2ujrbZSK7ruNK5rm+m6bV7WNbfc1F3d2d3ZcUxH7e18k1k08AyHb87zHuYwwwHgOp9yQwgd4SA+EMPY+b/Q2cSB5zYi9s85FzJxQ4kznRUbvqsBM6SKjX5b0XJL6muVJ8QB+PdFq4SIfUegqzZNpH4bMUkL8N/ljki2TS09vqfoKN8S+micJ6dbArhS4ceN6jYNVp8XmlBtnKWEnXpFrt7fTl4lMZTz3uSORhxpoq90S8h6e17vpfJm3HO0wiB8RZapBpfu1+DmmyYY7N+R986MuqIl/V3e+32+x1Nd5MZyX7K5+fU5w11ludOVM+Ym3LU1w2T2oNErISDJ6JA64WqWUPiyEXmlHtx7kgGHIaG7Nie6itxYbRGpN4rPHnzoRI7FAyNNY1cwHEZDSxt+UM2QfwLXShqRxbtxzChgZ771pLYDdtuQXckfeODEtecu1NJkpfcnZEXB1bx8+Cko0t2Nhy/eQmgI45TxE1gvcwYD1mQKYoqhCqfvOODvUhHs7kcPPTis0+O26QkOHtfjpdUGZ1jFviwbWC9zBgNWnHoubsu1QZdvR7OsUkg/vOEITmSc02TB/gkdvcDHgIo9meVgvcwZDEg+9oBfe8EMfWEl3rnDaKWX9kZUPOPL0CRK8PUBHgV49DmEfdnvwXqZMxiQdOCWbqnuMfZetyLd6EIHLSyoApF+guoQBUjr1kOeMAFSTAyCRGD8eLSNG+fRAhL3ZMUTNYuPFiMlW8BpYz3snhBk2oesqHBQzURl9Wp0rlwJadkyhJKT8XXs2L/f+pytGdt3pBcqCw89wuaMV0i5LCD1ogUpF0qxO9OsTWSiOHMm2uPi0J6UhLrRo/8GWK3WJKfTiTdmoS9xVy5m7zZg7l6TBqu9NE1ctAhtU6agZfJktCYmoio6+rdcUlISQ8hutxtFxcXijPVp+ri1R3hCHIBvGDMGvgULNNGbkIBv8fEoi4r6HVBQUBBF1BM9xLT/f2WGc9SoOjaxYuRITbQQ/IgRwV81l9Ohf930iQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLhZNdSFNxFMBHCdGDr0sIg3qwiF6jwMeefY0giB56CoMIeuhN8KHXCJuoEYUZpJW0QMyPmWl+ldM5FTedujn34e7c7ma6z/vr/O9maRINfrtj55zfPed/7rUAloPceNxbKzQJTiEmJASP0Kxif+cfLKwUbELu87Sf+YDOmpZlM50nGN+h3xlAxco5lYcE5eLejiEPhaJBUIcPUynez6WYiGfZk6SioGIqR+XuS/YFNhVI5jA/acluH07ycmwbV7KIIf/JBb1YipclNlMgP64KRX88R/u4hlcrJfVM79E8qLGyg9lBRL7Scs0qDEMJiqrWvHufzNczp9M2HKNlKIY7CMsRGPemZZwM8QxERaBLK4kCpIS+0pnYlGDW5U/yanRLBFGav0SxO3U6R1ZUQljxbtRHWoo2pRvvNrg2C7j8uorPKoG2EPwpd47SIsWtIpn0pVUwJJwuE/JEMtjlULt+JE3cwV2Vo/0WNDui2AYiNA2EmVo9KnBv7NI1rfN6MiHEmTsgmJ1dT2BzhM3it2L3agaq7f0ROkd8LDXcYdDuYNTxjUDLfWbW/oxgHuLY6h6uKAR2wZcSkuDZyjAfyjC+lsf/0Ers3gmMF1XkOi4eOkRzjTlZTVR2tJSA6TB89UP/SoFPC1m+Nz5Ae1YBz8/D+gUYrsb+6LZhrvHggxSTdbliMCLFfcsG9sU88111RJ9ayHSeEoEUh4SAiAarYcLafeRRDqYMZqSD/uUCdneWufrrxCQt011VEniEiOA+Bzetb/75MjnXdRbDWVYb6tm6ayExcQyjrUZmKwtaz0Cd9Ynlf6/zrcaP2sbZCiN0yUK45niBWmuea1a4Ys1y2XryF6CZCaxnm2/nAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEwSURBVDjLpZMxSkNBFEXPD2IhVmKlS8gGXIBdsHQRkt5dWGYfFmYXtsHaQkTQRlDIzHv3WsyPIfiDSh4MU8zlzJ375nW22aX2fhPc3D1v3JA21xcn3Z8BAKdH+9hgm8fXMuzg9v7TBpRgwIbLs4MOQDYSWCarhgEpOD4cIcCCl/cmzDRKkEzKlNgCsCHddhlWugiRaVIiE+oyhwGRNJs9IHtdTTeITOZPByOA6XRq9Q5C6zWZTFyLqSFqiAhRqhiPx94AzGazbuWgLaMU8/m8KyWJFFlFDVOLWCwWP9sYakHKbhn0Tyghovr7CXVbiJki1a0z6E3WZbMvNU0t3hKi4ektyb4jqx9eQkQay62V3gK4Oj/shn5hrUmGkVcQ/W8WIszD4weyBs+7XadxxI71BUieEw+8ru7iAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVBgZBcFNiFVVAADg75x777z50RmdDJG0phpTIwq1cqP9IBqlLaxNpYVSVIvahLVLCqFFoGEZQkQhgdGilUghaqRNIKgUZEmQlCBlmmOm772Zd+85fV/IOVuz7ejmgeHWxhgsRz8CCMiBnNQp/Xbln3w4XJ18/die9dMAIefssXcmjn326vIlMYZZmUIGIGfILl7r2Xfiir/OTbV//unM6Hd71k9BCbEIi/rKYtbpvxUxBAI50eSkrrNOr/HQwplW3FE6ni4O5rR48sFXDsz+dve6qQghhBk556KviKpIGSgiRSAEooBk3nCf9ffNMzbeGiiHhz6F8NSO1WdTHh2bNZhCk4Nl44+7fP2Sb37cK6NVzdCk2rplz9j0wEtaVandnbbpvZP1wbdXVSVOvfzI5ls7rT/9fvmMUyf3q1PbsoX3mG5q7XZHMmp8wdOOn6ulNG3VbS2hjDVEbPzw64PNDXnc8NCwRXfNU8ZBl65e1m53lcVcW9a8b3hoRH9fob+vkkVCBPHz1w5NtZsne19M7LVkYLWZ/QPGF92i2+mq69ILa3caqFqqMuorCq0ySsgZiNBuHy6+//WIXQe2u3/OBk3ZceeSu031Jp3+45CyoCqCMgZlETWJJgHx3jduevFa5+NqxeKVchXs3P+WRxc8a9Il88du99WJDzy/a0zIQRmDIgb9VdDUGURsI5s4fcQvZ3/QmW58cuQjT4w9Z2TmbKM3L7D01pUyUiajKqJ6ugbliXfPz3/4zYnOvq3L+y9eq8C/1y/4cmK7691JIUQjgzeqIlUMIOWsN5VACXXdaBoARobm2rJ2NwAAgJyyXrcGEeqplOqUMgAAAABAWcZUN6mGEnrd5sJQXzFH6A3lnKNMAowMlCBnBqooBKkqwn9Nnc5DCSHkHWu3Ht0QQlia5UEAmYwsAxl0U0qnymgf/A8eWStYAg6kAQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH/SURBVDjLjZLNS5RxEMc/8zyPz25vLFkEUodfhpBFGpQhXSoivFl/Qp46RJeC7OQpSAJZglow6BDsKRCCoEMdKgwTUShfLtZidFhpsyV7xM1dfjPdZLXQndt8GT4z850RM6ORyOVyliQJ/f39Uq8HNBiqysTExD96VJ8MDw8Pmdl5EWkB9gNNIoKq4pwjiqKtAdVq9WZPTw+pVGq92HuP9x5VJQzDrQGqSiaT4czIXnZESkUFMPbENZ52f99+giiK8N4joXH7nBAFhgBD0xG/q7o9IAgCarUaEhhxCJgRABIaGI1NoKpICAOjYAIigICZ3x4QhiGqyrOOWVR13TzvPZkw0zhgJMmTSqU4/PkYra2t7HvwhMmr3UjbEteyVyxZXU5+rZTvv7z36a7Uf2I+n7euri7K5fJ6ZzNjpviBctM8p9pPc6i5jTdzzxmfHeXrl6Wh4H8eFAoFVJWFhQXMjMlvbzl5tBMfeDpbLuGlRveJswDXg80rmBnOOQCcc6gqP5MSTbKb3vYbANy6+JgjBzoA0sHmM6oqi4uLxHFMqVQinU6znJSZK44x+LoPgMFXfRRK0wB/NgBEZKVSqeCcIwgCnHPEccyF45cZnx4jJuLFTI5YIt5/fAfwaIOJ2Wx2YGpqqndtbQ0RqQeztGv+4OrOH82GxkAC5MYfFu/8BdnT67i+1n1kAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHcSURBVDjLhZPZihpREIb7JeY2wbcQmjxZbrIQ5nKSIYQ8gyuKOwqKihuKKy5xnJ5GRzteTIjTp51e+HPqDDaKSy7qoqvq/+qvYykNBgP0+310u110Oh202220Wi00m000Go0rANKlkHq9HhzHOYr5fC4g1Wr1IkSiySRQVVVMVhTFhVCOu0CpVDoLkcgyNdM0StTr9eZms4FlWSJPwEqlgnw+fxIi0dRdIxe/cMuqYRgw2SO2v9OiNpvNUCwWkcvljiASTd5Ztm0bJLa3GvTpZ+iT9xySErXpdEoukE6nDyAS35Gt12vRZJomTP0R+q9PYPc3MB6+C9AOMplMyAXi8bgLkWq12ju+I9M0TTRtnzp45pOZ8g2G+vMIMh6PyQUikYiACEq5XJb5jmy1Wr1C/vQ55CMM5XYPwr+1hKgPh0NygVAodOXuUigUZL4jWy6Xx5CHH2B313gaXcOxLeEimUwiEAi8PXhRvp+czWbZYrHYg3yAfvcFf6e3eDE2+2KPu8J+ZDIZOZVKMbrEV0gPz/df4ViGK/b7/R73EU8dRyKRkGOxGKNL3P3EJOb5A/FZAEU0GvXyl2Z0YKPR6KT4IoAiHA57g8EgI7HP5/OcPOX//V35VC8XvzlX/we1NDqN64FopAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJKSURBVDjLdZJNSFRRFIC/82YazQJpkVgbQV9aU23cuQtatIxaREi4C9zmQvrBpEUGLtvnQkqIVi0jgmzjT5PWZJYwIiEG2iInnR/ffeeeFuNMjtaFwz1wz/fde+69Ymb03Z1Ine88uZxMSuP84lo4PtKb5x/j0rX7zafPtee2torlxWymY/rVWCRmBlAneZ/9Hk6M9tVJLl693dx5tiNXKBbLix9nOzJvnkUANQHAjTtPU+n248uYNc7MLIYvnwzkAS5cvtUcnjmVKxZK5a+fZzvm3z6PqkydAODKzceprs4TOfXx4Q/Tc2EUFelMd+UK26XSty+Z8NO7F9HeejEzBgcHHwD3qjIzo6WlJQGgqnjvWV9fVzPDzFBVCoXCw/Hx8eHkLjAUXn8k+y/NDNTAe8OXNLH221FSMODXWO8QMBwANDU1ScsRIZCDcKzGj7xjNe+IvZAQCADnnEAlx8xoTELrUSEZ/IXLkbK6GbEVeRIiJIIKEIigqtQEzjmcVsBjjYJIBf65HWOeXVgIEAIRAqMmSAJEUUTkgd2dU2LkywoIIkYAeKOSG3jZJ1BVnFaK1Hu2nKcpFeDUCAJQBcQQE6qPXieI45gdNcxDKTbUV/o8lDBiJ3VwNbz39S0UdgznoeSMWEHNUBNMKmf2tgfG6gUNDQ1svh5lZWWFkaUlBtracM6RTqdZmJuju7ubqakpenp6mJycJAzDWgtiZvT391trayuq+t/w3tdm7z3ZbJZMJiNJgI2NDRYWFmqL3nvM7EBe/crVvwPwB5ahnKoTKjg4AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZNBSJRBFMd/37papinFUgZmYESIFiGRYdQhynueig4eomNE0NmDidc8du7arUNFKJSpIKQHAwlNKkUzTVdd3W++mTfzOuxK2RoEzeENPHi//3/mvRepKv9z0gD65aVK7geqFhWHeoeKRSVBfQLO4MWgEoMz1HY+jXYDvFDecrOErgoRFAOgkH12q9RBsr5ApSoa4kI2AtUARCi/CFFqH+riPZ4gQrBLSG4MQoKqLdzBQjBoMGiIqcjcILj8HgCfAIIGA+qKRb8XGzTkQQW1eziQrdWC5V3KMSGYIiSGEBdEZLsUELzBzLxDkk/gLajgzSb7TxwpKAdDz8QUWfOAR3/8QQrAx6vI5gLVTbepbuniwOlrEBzq8xDyqM9jxFKfaeJ+ZXmpg0gVtzxJdmCYmva7RFFEz/c5WJrFBsGKcOzQKZrq2siZbTr665wRWzH0cE3TO/0+2NbF2kA360OPqb1yDwmW681deA344AkoixvznKm/xJaN0+Nzb+3Z3lRFGgAxRGUpqlrvEE+9IDf6HCMWr4GvqzO4IEhwOO/YTHKcO36ZLZdPj30eNsU5MGRf9aNiUBdj4w+Y2irEC0drGpDg8Rr4tjHH4eo6JuZHGJkd/miF1uhvy9T5pNEba7HBYsRyMtOcutjYwfu5UQanX09a4cJinybRv25jS29q5XzD1cyb6cFxG2hf7FNbbMC/ARq7oxUfyjJx8OXLfSo7+Z9JyXr5I2wfSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLpZNLSNRRFIe/O81o+WjISM0epuarEHuDqIFEDyoqEFtFD4gWQVDQoo0QhFARbowKNNpKi0DJRYVGqRmY5oPUBs3S1GnMcdR0/v8Z554WM44RGURne7nf+X6cc5SI8D9lBTh79/0VIBkoAHaCCIJCCxaLwqJAa40O4LFZpT9z/cpdaOFqcZZCRDhT0V4p/1i3HveIiAQNgEKAh83usNrfgp3Pj6NvyGOGI6AlceExPT4SAKX+/PnjNxMAr+GPCANEJGqhq8NlLtk53myk0FlN/0QO19a+Ul33Lp4OArRYF9SWqrmxWqb7WliRcwp7ynY8g5n0Pa+6vQBQACXX6zG0RgvU3djP4OhUMI7nBXZ6iEvPxz3QS4TyEbsykZjVG+0hgAbgu9fPvm1J1LWNhDtH+1qxSRf21IOYY9VERCm+dPQxPatQvolcS8gAgBkjgF+EOXM+OImpZmw/GrCnHcYYrUTZJrHFxBItbh4N5bH70hOHBUCFDEzTj9cfIGD4cfbWEjX7GvvmYxgj97HY/PimN+Fq7GTNgTKchh2AoMEvUxeBnKgOPF+bid96BJ+zimURgjmdzHhTO6qonOUJ2YjMLwL0vA4ThluqKT0UwBdIYqy7Ao3BrHsdrre9qKJyVHQCodgSBgS0/gzQ/eAExWntbCm4QORwE46aZjqeuXG87GTD8TukZmSRkmQPmcrk4iYGdE1JaUOGiOTlulyrfB+ekpJbyNT4BANtDupjLzNe9g6R1lBIPQOWXgD1+zmf3Bvn3ZGaYN2TnYLYzDde1/i5oze7Pi21YD8BVSdMJ0n4cQkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLY/j//z8DJRiFozbrLk/aqkc76/a8eDft2Ou/Ew69+lm/8/n7pMUPTsuXXlAgaAAIK/fe9Kg7/ubmsaff/h99/O2/48y7q+Tyz2vKZJ5hJGiAUucNRv0JNycuuvLho/WU24tytz67aNl5fZFM8mlhoryg0HAlcePNz7+06670y2aftaja8fy224SbW6SzL1lrNt+aY95776BJ593dJq13dpu13jqoWXptGUJz1WXVkp0vrs48/e6NTNoZM+n4kzpTDr5+7T/l9gHpzAvOyhU3J/vMe/w5e+OL/5lrXvzXKb2xTjz2QhncAKOWqzM3X//0Z97Jdx8mHHj1YsbB128P3Pz0P3bW3TNiXgfk9BturQ+Y9+ifU+/du4nLnvyXiD7fLBZ+lo0BGEAswACKXXLm3We/aXf2SoYejZQIPBws7ncwb+qeF29TZt+9LJlwNiNmydP/tm13LwNtdY+Y+/i/TNT5XnAYAANIL3vN40uTDrx6JRF0xBDmIlHPvepJM+5czJh174Hb5Pvv3SbceykWdd4aaGtQ5MyH/1UTLywDG9Cx8/n3aQdf/W/e+uxL8ozb20CCIu57jIN7bpxcdujN/+hJ9/4nLnnyXyzibC1YLuS0d/jU+/+1ky9swZoOkDHQuTHR8x//T1705H/MnIf/ffvu/Q+ffO9/ytyH/7XiLmwR9DoijFtz9Hkz6/qbl716736Tizo/XSTgZIGw34kc9ajz65JnPvivF3/+oIDbYQ2cBmhmX1qTMO/Rf7Hgk83C/ie4YOKCnkeCXSpvfNCLPn+A3+WgEoZGYCAZi4aeKXZvu/PBo+3OV6CtwUI+x1nBmj2OKAJtbXCrvPbVNufSYz6nA/EYBrh33v3k23f3v2/Pnf8+HXf+G6VdPAa0lRMkZ5Zy8aJXzY1/QPzfq/rGf/fyaz8ZKM3OABiskbcwY1E6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFsSURBVDjLxZO/SwJhHMYF16b+gP6GZiehwcm7hBORKLXzPT1SIhMUHCKO48TT88emhwchHTiEERQhTrlE1FIhQS1BGRTU5vr0ntgS6BFBDR94eeH5fPk+L68DgOM3OP5MUCjkg7IsPf9YoKoFJw1LiiKPJGkX7wyToCxMFWhayaVpxTHFouqi4ftmU0enc4CTGLEE15T5qYJSSUWtVkW1WkalUkartYd2u43zbBZPPp8lMGeuoKp59Ptn6PV66Ha7MAwDp6KIIcfh1u+3BHMzBXRXmOY+FEWBLMs4FoTx5LtgENuJOGxLtIrS9ToIITADATwyDC69XmzGBYiiYC/I5bJoNOo44vnx5CuWgcftRii0iliMtxek01s4jIRoeBk3dO/URhw+eo7QO0Ii9oIBx+lvLPvxwrKDnfW1JULCD8mkiEwmhWg0PFtAG16kvFIuvtqmU51RPixTRraCicTz/akmohXK8P8+0zQ+AXBHwZp9sfnqAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLpVO7T1NRGP/dR18iF+iTQktEkHdDCjHgIGAX40AMMhrkD3AxcWBxMnExTigDPhYJcdFFHHxEo5HBVKlaCk1bFJJiaQuhpbS0ve29x3Ov0jiweZLf+ZKT7/t9v+9xGEII/ufwyjU7O3urUCh4SqWSQZIkplgsavL5vFaxsiwzOp1ONBqNL6ampq4p/hMTE/3UrM/Nze0yMzMzNRzHpd1uNxQ1NEBF8OsbXBk9BfHnI0y/64Bg60Q4HJlMpVJ3abBAoUgf4FpaWgI9PT1Gm82GaDSKeDyOnZ0dNDR14P3SNkL7fejtPwuGYbC1tTXGsqxOr9eD53kmk8kM8TRrqyAICAQCsFqtcLlcoKWAlgKLxYJgMIjFxUWYTCZ4PB4kEgmk02nVJxQKtfOKYzKZhNlsRqmqCXfe5pErM5CpPh2jwbDjJIz7+1R+GIpKJTASicBut6ulssqVy+XgdDqxsCyiSFjoNRRaFhKrwYfNKnQ4JYwNboNIWYiiCNrgikqVgHZbRVZiaW0cBQsN+wccR2Dl/ejuuwgLG1T96MRUqypQWA5ZlUOIDGU1GBag8RgUPsF2YhiC3Y065geq2JTqWyE4VEA7Ci0RUZZp/TKh8giMbBJu7UdUm2shZZ6jsXcSrcIGyqWiWkKFQGH0+/1w18TBlQ9QpG8SxWnNazi7LwEFH7yP53G8Ng8Ll0CbtVQh4JXse3t76nhMqRQGmpvV5lQjBredoLrugGZfp7VR0uxnNI9cx4Xd23jyPasScA6HI722tjYci8U4umXKPjCrK8sYaoqifWAUnOwDKe+ioctMOQ6gPaaDQd+FoPcVWf1Veskc9Zl890eumjsv3qtvM9CsXtpUEUvPgugf7wTD1QCG8/jy8EaSyPK5Iwm802c2XZfnGzl2g2ZP/V37w0NHa2hHYuUbwgs3n/JHfdFyUdT7HoznCZ0GzfIPSMVCsYTU/wbkK6iCy8xjQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpVNNaBNREP42Wck2MVUilJr+YJC2KG0kViGWHsTSS0HBg+DVq+hJkIJXD714E8FePHnKpdSDf4EebEJOBq1NSbUNiCYNRmPSmHSz+/Y587YpCB4KGfiYx5uZb76Z3adJKdGNedCldU2gp1KL/53BcWyChJTsBaEN2xYQwqaoRWcblmVB5+RweOKgkHcipbMPl4DPTNLxjsMxgY2NpEvAZpq7qsANuglukdgv6sBVZBhBUtByCVxmB37/cQwNnUezWUW5nMfw8EW6t7C2tozx8avwenVsbq6gWv2q7m3bhMe2rQNmLi4UMhTYo+IL2N5OodGoIBK5pJLz+SQ1CYFrhLBIARHwUnhOvmCr10vY2kqh1apibOwKAoEQSqUcgsE+jI7OoFb7rnK5KTfSHaelNusSQQWFEMjlXqmkWOwGBgaieJq4jy+/dlBv1rFn/sHZ/lPwCxM6y2D5QrTVUiYnbypp7XaD5J5QseX0c5S1Ci5PxzEYGsHK+hIyn97B+OlA59lcBW1ks4l/Nt3B6/dvcX1uDsIjcO7kLJK5BOITU0gsvYDHNE21UZ8voGAYAfWJGD09vaSiF5X6DxzRjuLambtqT/dmFnG6LwpBM5OCFs37Um2W/y4pTfJS/XncndX9JoL1YhofiquYn32GhTe3YHh98GoatMO8xvid8MPByLEHU9FpjPTH8Hkni/THVXwr1B5ph33ORLJA7jYhSNglPMk8Ls7/Be/8gsufCT5oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVBgZBcFLiFVlAADg7//PuXdmGp3xMeIokk1USG8jKmlRYJJU1K6NRILQopXVImoVFBGBpLteu2gVLYyiUALFRSVk0aKC0nyE5uA43pm598495/zn7/tCzhns//LSQzh867rxXYO6NahbddsaNm0Py7iGhEUs4DMcKwHapnn4vtk1u157bBMA6Fft9KBqpxdX07aqZnmUnL+24tuz/T04WAK0TbN5qhvApRtJJwRloCgZ60Q3j0VFjDoFO7dN2Do9ueGT05cPRYBU11OTJU3LchX0am6M6K3SW2VhyPxKAm98ftGuuUl3z3Q2lQCprjes7Ub9Ef3VJMagRFEQCwpBEWgR0pIfzy06c7F3uQRIVbV5eqLQGzYGoyzGrIjEFBSRQlYUyIWrSyNHjv+9hP0lQFNV2zdPdfRWswYyRQpiRqKQlTlqM6mTNFUzd/SVR69HgFSNts9Oj+lXWYgUIYiICICQyZlmNJKqUYIS9r793URZxO5YJ6pSEmVkGUkAATFSp2SlP2iwBCU0o2rT5OS4GGghEwJRkDMh4ORHhic/9MO/f3lpfF1YU11/nea9ElI1uqmc7CojRQxSG8hZixBw4mNTf37hjucPGJu7y/C3Y8Xvp46/c/yJTr/4/sbtM21Kh3Y/uOPOua0zfjnfSG2WBUXMioLRpy+6/9kXTJw9IZz6QGd4XnfDlnjl3IUdZaqq3Xj65z/+sTgsrYyyOmWjOqiaVpNaB65eMD47x1OvAijf2qJowy1lqusHnnv83ok39z0CAFKmTlnVcOanrQa/fmPyq5eNhv8ZYHmpkAqXi9l79t62fnrymYXl2sX5vvmlVUuDWt1kRYy6naAbWv+cOip2grro6y1k567ElBrvh537Ds/gILZjIzZiPdZjerzb6YyPd+xJp+248rW1/QVVGeeL3Bx58ljz7v/pCEpK8wRGcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpZB/SFNRFMftj5IiW9saIQjGQrBiUagEFWLDydrUhAWzNNuWTZ1oKIUzf4RlzZY6sWyrLZXhfFszQ1eac2SQkYWW0yH0l1AWITSw1IXK+/beK0RBptCFD+fcyz2fc+4NARDyP6x5qInbVVEn5sw2SHdCL2ahQsiey4jhVW9IkBPDKbmfyibN6Rw8oLgrY0MnYaEofgcpPcitWldglLLQQhXqqSKdlIaNm8k8XDnBQWYMa2ZdgS5+O14YyzHVq8eQpQiFCTwUJ4YjX8SH+hh7wapNCQ0qMGdF/gh8/4SZN0Z87a+H13ENk89vwz85AiJ378xYq2ZLUEFjxv5B//t2TA87MT9KUNiZ3D9C4KFKMBz0Cbults1RxzVWoiAWv4ctCPieMsx/tKHzciwE8blPeCLz1jUFPAkRyhW35UWIPfB9noWjLBX2shQGOn898QsRSS/BET66xBWatq0ScE86NoUlORSRyYOYmJpH2xRQ7APy3gEXXgHnewCtsxPFRgXU9acgvyEMiEsOVS4LDsia0xJP6+EcWoLJCxS8JZE7QCK7j0RWFwmlmUCVU4lnviaMfnPD0K+B3CDAkfzwWkbwoTx6adqlxb1mFxS9VFeqo7KbxLkOEmdsVKyRoGu8AV0TjaBXreciDJ4cWhBgBN6KfaTffR3p6hZU988howM4aycht5KQWUgklx1Gj8+Clat7rIkW/P2IcWtB6Uhp1KJSeWsxTjEAJTW6agVHC/m441ZB51Ywxbo+xeoJaCbteWGVV6u5e9JcpsiE1i980eM5flLHAj/RuSCQZy7KaqNR585mOtOR3i//wUagLtdQ/KTH/hdr6PM/RhGjA91Gi1AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACYSURBVDjLY/j//z8DJZhh1AAcBvSLXQHi//97xD797xLb/b9V1IZ0F3SJ8QE1pv6vFz3yv0rk/v9SYRviDWgVvQLU+A+o8Q5QY8r/AqEj/zOFdpPmglLhIKDGOUCNd/4nC6b+jxP4RLwBBUL7/tcq/wdqTAdq/Pc/UoDvfwj/f+INSBacDNR4AswO4b8Cpn35roymRBoZAADgYeRxtD76EQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLpVNNT1NBFD3z3uvHo339gFZoCxpqRAlBJayMG4wLl2hYqT/AhQsT1xoTV65cEFeiG5MuJLpAJTEmWo26oBbUhSIfEUhLsLUt0NL2fc44r0UDhh2T3NyZ5M6Zc8+ZSxhj2M8SsM8l3RybSrpblIFCxfBsqaZAOSEKBotvKGdn8aC0ed4OBmIZRm2zkPmxuCiFg/6uK8M9Ps1gxO0Sd6GT//ekmeuaKdY1K3rxjqYK+bIZ101KEsk1ZAo6qhrDSpEiU6LIblCsbVLkKwyFKoNhAdmijtEXa1ivaoIS7josVDWLuBwCYhEfXk3nsbFloN1H4OBknCKBU7IDCMgExbKO8Q85BFp9aAu4GpyEmmo2KMY7vOhs9+FlOo/1ioGQV2hcdNpAW5+Qm76FiY8/EWrzIR7zgmybJ1RVq6kmL4xHvQgHW/D4bQalig6/m8AjqSgtjEMJ9aNPft+okaUdNlbrTQaEq2MaJtwSxcFYAJOpPLIFFauzE1DCA/BFBhCuvYOzNtdg9ldZoaZZsNnouolcqYKudgUn4kEcORRE+vscaiuT/PUArPIzRPsvQVhOgBoaGv+PERvAZLa/+SK/HFbg9zg5RYLuAzKOS68R6T0PqDNIPUrAG6jDVUxBXXnDrTQ4AGVCtbS6rHEfj3XKLBoU0OqxuIAWlFoabrMEJVgD1ZbsYlhczO6h62j7lUAuX1LLv7NLpO/C3aSzNX7SpXg8kkskElfTwXW4Fnkonj47TNyOKVA9u92zA6JnELkFAYnk/Gbia/wz2WuYZu4PXQ31Dt/r6JH5qyner47pp7MYHOkFEf2AfA7pBzfyjNIzewKkRk9l+y8nYqKwDGau22rtmj9RPorcty+Yf377ibTXhJma7p4ZG6lzjXjrdEewfxl2ZqzjD9JZU0+1XOyXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLfZNvaNR1HMdf39/97m63nbmdf3BpRrqYt9G2SEJEDFZCEkhCIj4ZDhFpIT7wQUKINCQz0Ee1BxIJjWXPlBwhjdK2dW02/HNTp7FIZa1zu+08b57b7/vn04O1MQR9w4fP58nn/fn3/igRAeDdo93SvK2K3+9N4oxgrcNah7MOYxyb1i6hreMKA20fKBbAnwuctTgnGP1/opn11syaMYI1lqfhzQXz1bTFBJZkuI+mFz5DBxat7Szh8wicsTwual5cFEUHlsbSc6xP/MUKuc1Li2NMFWew9rkd2NY/Bh+wNOpTW/GINZE0XqKRd+I/s7wsQv/VEZyxrc8k6D6+9ciNP8db+9MZ3iy9iF+5A698I7VeF5ev3WPwTqZ1qGP3kacJVNC7OiYSqhYnISdw+LemffvqLuxdXbcXvAjB/e9p7wmd31mT/lTEwznB6uJ45Y6x+wBq5tKKESlNrhQBEUGc4FVshtKXEZ1DdB49kcYWxxAUTmuCwl2CyWzTKx9Ku28mMi0uk+kI1bTE/ZW7kCCDC3I4nQVbBOUIL2sg4i/CGU1+4DtyA9kfiHIWQIkI+XZV5SydkXXbq0Or3keCB4h5jLgiYp+ACvHLUIbufy0FrSkU84WHU5Nf/Hjs+lE1p8TcGRV38G2s/uPtKprAmRxii+Cm6fpbMzgDbyTXsyrxKhdvnqPvRg93h7Mn5q9QsUumVKysS+eHEQWIQ6FALJ1DIzSsq8d6lvrKLVil2fDaRoCPvIUnEUreC1c0oJSPGEMwOYoKJxh7lCWs4mxL7gfg4NunWLu8DqBk/hcmzi6NOaExVF5D/vIJJlKpYRS9ZdVVuwtTM9wcTXF9tJdDW07z+U/NlISiANMLlGjeUvE1sfHOg4xfSp0ymteTx6T54e3hrZtUvtCXThHB5/xgGxHl03vtV4Cv5pf4z9dqz/QYn0xnaak9KRcWjtZ/QC3+5kl5z61wSa1WygMKQFvfl6OH/gNPtZHfxghrXgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFoSURBVDjL1ZMxSBxREIa/WdecLssuRFRUiGkiNmKbaGlhY2UjooVoaZVAiqQTLFUQYi2Wkso2tZ2NioXtqQiKuO557u3u896kMAdecEG4yqlm3sx8vJ+ZEVWlFXNo0VoGuM+Dn7/+rAeeNxfVtENEECFUS9zIi1iytLa98W3y64uAwPfml6aGuz3Pl2fPYcOpZoat34cLwMuAOKHkeb6cXlbYL38nDG5IcsPZdRdj/at8Hh5ApE0KJYgQPAKP1uL713S2v8eSYd+VuYoSrFpENCgEqFJRJbxPcqI0pa4PVE3GbZISkYEKqlQKAf8g3KeW8uUnbOmEqkm4iwYZ6i29YoxCYC3c1eqM9v5gMe5h4tBh4uMaruuigIgUS0AVQTm+WMYYw0Gek/e1k5/MYIxhdvyA/xfXbf6OPdd6/mFleo+nOm1qMMaAalwISJJ0d3P36IvFGXEcQSBUiGlAxPJQre00qX77x/QXu32e+E+qGcwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJkSURBVDjLpZNbSJNhHIeli4jAKOhun9KNbUpaURFRREkFVjpNRcssXOKYZ9J0ihnN05zSUpflzMOnW5tuammajUkWpCbbrOxwEzZJw7Rt2pxJh/16/YSBILPo4uE98P8974nXA4DH/7Dq5GQn+5NdxcK8lsK8msIczcKYlv35rwST3ZwxRw8Ljh5qmU4i0VCYbfWC+T5nfE2BQ+fFBOdbqeUdEOyEWZrCRBWFNQX2ehZMGh4mHkkwM3AYlgYKVoUXZpTe+CKnoJcd2uJW0Jbi/c32vg+WF82Yel4Hm+kYbMYYzH1Qoy9v28LrxsT1bgU34nYMWYfvYdqgwcJLFUHN9K1GFWp4/ga3R0hX0huDLp8ercnci0XDXXx/08GwMKIEnbsPJxJPjsbfrt28qiBNSW+KrcpRhhSxMeTogrQ0CI3XTjEs9XVTLQgu3I6z5RntqbR86wpBqkKxTmvukMTK9mPgdwN6bRVoeCdEtTEN0gEBxE94uDOSgcezMoSJdyGiRNic3Fi7wSVIrissTmo6jhaziGEpeHNQgLJn8SjSX0B+dxSy20NRMZQEST8fCXIu4iuzql0CUx7n13SXENd7z6G0n8dQ3HeRGed1RSKrjYt0VRD49UeRqQmGpTcfg5m+P1yCV1d9nVadiBQcwS1DKgnGkFWjkfsgHFe0XNJGEEkYJE/5OF95EDZ9AYaz/ZwuwWhTSo4xx+cnvy4Q0dLdpPDSqoRL/BEu3glTfsAiyRSseIWPaoEnrZf6RJUnvI0sC3SeKd1DLiwAoSX+CCkKIBxwhoi4X2selvuNtwg83f7Gf+EP0qq8jpoy//YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZNNaBNBFMffJNumS61t1cRYUYwGvHgRj+pNUYmkh54UPFnEgrESaA0oloKC1UuEKmoRD6HgoSIRK1ooUhUMoYpaBWvS9IvmUCMFYbs7Xzu+bU2s9kOwC392Zva937z57xuilILVPK5/BbSkmtzR16di/w0QXNzhlB9f7jtZ6QjNA41xf8WmZoTAyHTuG6fsLbX4c2axh4+b+iZXBJx9cfLyxgr/hR01QZC2BIMZUPjxHfKFPAyPfk0ipGPgYuqNtlTy+cR4iG1g5czFgEkGM+YMaO5y0DwabNu8HUCR+vS7Qdgd3RVZ5EFrYlyX0o7fPpJozeazne9HP4BlUchMZIDimwoK671eqPPX1VOTNiyqAJNbUEFn3H3sUeRo54E1Q8Of9mDJ/Xj+hv17921xKqmurQFG+aE/ANH7uYC0VQwBpTXTsBoxOfaqLX0FS4anvc/OcSZAoKSQh8ExsahIVybZ0TOmTt/6opx5zyBLogILY/5WyYNIVza0rtIdLiP4739XELYVfH6QZpe6U0xftpHO3M2gcTLuwZlhyRIAk2Gnj+i+KtIupPp476UVWhLgGOerKgtyboPFbCh6gH7MQao9BLbWkuBanTy52W8mb/TNBooADc87Zxx2FJiYjDstAAAwoXANwO0i4K0kzo7hsYI4eK3XuIp51zUsN44DPTc9+2tHlD3fnQ5saAqh9vy4KATrGNuOYSfIaq/zT68cX09iiVY0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADsSURBVCjPpZE9SgRBEIW/XnvWwB+ExUAXBDNvsTCTeAtP4AkEz+MNnGSHuYHBRgObCAaCmAiCU93VZdC9g5HJVlBJvfe+osoZ/9eMfQUeYFhrrUQCgYAgCCPS3TXgjGE178+RyZO3quh5be47D/HxjHcOAStD441Trhke6NxmNe8XfJXgiOE4oOKEI1q2jXtZX9SGYCXcpl7xyVPnhW8+GDESSsJIJBTDc4zgpQZB2eCYFa+RuEJZIrUfiUQUxZEKZpcRCPgRRUnckEjYH4yRsmCBTsHZvwNdEvE/7fOtMObbIUi5Z8Za6/b+5i8QHogENhlMkQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVBgZBcE7jBRlAADg79+dvb2929u9F8cbIeHhK8TeggiNHnbQaDS2xsICDXbGzt7KWEi0sLHQGEUiYhTQYEKEEDlCcrzUg4PjgL2dmZ3Z3bnx+8L80VfOzMzNHKxWqwAgAAAIAiBgWKx7+ODhL9HM3MzBzz85IVSC4foAAEFQKgWQDmIEZVlRrpdKhfePv3cwqlarCkNh8JXk9CVTZ1Irx3cYn2i6fv0P15LP3F3pmJhoub/aUY1q1pLMW/OlWlRVAeh0VnWeGbEWx9JTC+L4njiOhfySvNfVS7v6vVivFxtmiRDWEUQB0G5voBwYe3eaj/9SPzJrbvMWjcENveEeE5MTRqoVUW1EnGZCyBFUgKDT6YjjridzhbWpod7XixTryvScQR5Lu4lBnsqzRD9PhVCCCKDdnqMcmGy3dN5+1tSnq4YHNqvP5nb0V9Wa243Vq2ojNd20jzUCFQLIslwSpzprHd3xwuO9ZF/eVBaZSv+krBfr54ksia33EwEEUQA0GpOarUS71QK1N3ZqHDsvKp6yZeaqrNGztXlFfWRFv3dbtfKmgCgAup1EHOdIXFxa9s+gYuPuwr4T1y0dTsxc+FD8288eLz8SmmPW5xMBkRAEtCY3WRvmLqep2/2a6alpy4eCQyeH7py9Z7Rz3/7XP1Df9ZzelZ8snD9j95OmCpRl6c9/b/l+ccF/j1ZlWSaOE3Geu/B0qXb2d3sOHDF641fhi9eM3fzGzh1Tdj+6KgpIh4mVYqA+0jTeaMvyvuZoU/vvO7bdTS0NMqObdjF/DED00WatLBYRhFAxoaUXUvWiYSw0bbz2wMhSz60X96tcOC29/IPx796R95al6K5VxfUx0XBYKIrC1ukXbJ0hgCDswUvMhiA+klg4961tUw1Rtaa7MnR7pWpxcp/w6tHDP26Ym325WosQBEAAADyf3LL97kUTWSIeHbPY3uvscNOp/wGooE3b/ShD8gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDCkFB/7v+r/5/+r/i/7P+N/3DYuC7V93/d//fydQ0Zz/9eexKFgtsejLiv8b/8/8X/WtUBGrGyZLdH6f8r/sW64cTkdWSRS+zpQbgiEJAI4UCqdRg1A6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLvVO/a9tAFD5ZdWwZg11w2iR1idMhxhm8ZOlS3K1rlwwZRD2EQCd7KIUOpmvoj7E4BBxElw72kMFLh5osBkEp3fwXlMY4TlRJtk4/7kffqW6wcDMFevDxTu/u+/S9d3cS5xzdZMTQDcet6xY6nc7jIAh2AU9830eAz4BP9Xr9dH6f9K8S2u22IL8rFovb6XQaEULQeDxGuq5/A5EXjUbjdMFBt9tdA9I+YAewWiqVbieTSWRZVigg5uVyebvf7+/C9kUBUN7P5/OvM5kMopQiz/OQYRhoZj/MpVIpkd+r1WoJyB02m019XmBH2J1OpwhjfEUEN1fRtm1UqVRipmk+6/V6ghYRCCHIruuGfxQk4URE8S3WJ5MJyuVyYv40coywsT0cDv+cbSyGHMcJhRRFCcEYQ5IkoWw2i0ajkRA4ifQABI4Gg0FYyszNV4AMeDQr4TtAATwEnEBjDxeOsaadvYnJSGEUYRFdj2PGmTLxOSaEKZ7LMCVccWzy8svBJo6U8Pz458pWPlF1A97aXE1UL2zS2rgbr54bQevBnXj114XfKkDevPQO/pIjDuofz94TymU3YNQnXMYeozRgUAKjxGdyABH6KLsOfaV/2MKRt7B39OPe+nJcPbeIVlheUg0j0AorS6p5GWj31xKqZRJtfSOlAvntPPnaq/xfX+NvE6ltVjnyz4AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLdZI/aNNBFMc/vySSpLZFg5QguvgHcXHTImQu6OQq6CDoIDjoIpk6dLHgKA7iIOjgotjNLqJCKXQpooMOFSlWGpRGU/NLLnf33nNIQtKmPvjyOO7e57537yVmRj9uvblmF09fYLW+jJgiKj0pUSNnD1V4svCUxTvvkn5NjqGIIaLWPSwqRNVeHsj7OFyyC+AjZhBEhiBdqWp3rxN2ADLDi+AjecbIZwoEiXgJeAkEieSzRYo2TvDh/w6Cj3P19fezV/OfKYV1CuZQNZqa5Zce5u0nJfg491/As2MfNlrxY7M4dXucsVMYGRJtMxkajG9/4WD9QfPyebcxXJP0uxCXj0xjLHDiYdmyk2isQ/yLSYqJgyQBCTRXqzXxXCpfsZUdf2ASqhy9W7bcASz+AWlj4npK0c5PTFMKJ2+WwzbVkSdo9JXs/jNY3MbU9dTpyWHaQsNvMmNThJTKSBdUpWSZHKZt0E5PbiBxIE2wQPSURgGiYBHUD6z3b5eBI6xD9HvMgUapW2hgFnZZdwMIivgWoU19FBDckmytkCTZnfally2QyRRpb36n1WBpBCCO+ebqvZq6LcgWMIuY9JygJLkJokv4+vJ1rZ0yPzIHAJuPkhsSmJs4d728r3QcEsNiivgG6Y811p4v1topszMv7PGeAIBv95Np36AaHRWJlEIHXIu6S1kSYX7mVXeA+vEP7PyqQia3ZfwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALZSURBVBgZBcFLiFVlAADg7zzuPLzjzDjOMINMitIie5gF+UAkIZSgRQuXLZIWrY021dYIggJdJURElJsoqlWRYA9GshGFCNQeOjoTk6bjeOd5zzn/f07flzRNA459ObcHJ3cM9+1fq2prVa2qa+uh7mAZ9xCxiAV8iu9zgDqEvU9ODOx//dkxALBa1kNrZT202I2TZcVyEd28t+Lb66uHcTwHqEMYH+xJwNyDqJUk8oQsp7eV2tqbytJUK+OpyX5bhtojH07Pv58CxKoabOeEmuUy0al4UNDp0umysM5/KxG8eWbW/u1tj4+2xnKAWFUjG3tSqwWr3ShNEzmyjDQjk8gSaiRxyYUbiy7PduZzgFiW40P9mc56sFY00rSRpaQxkaVkGlmGJnNnqXDq7N9LOJYDhLLcNj7Y0uk2AjRkMZE2iGQaeZOqG2IrCmXY/s1rB+6nALEstk0M9VotG0lKliRSpEjw+YUjPjq3RxkKoSjEsoiQwvMnvusXQ09vK1VGUg1qjVrUqDWKUJoc3emVj3dbWeuEUJZLkEMoyrF2u0+aUEPD19OHNXVQ1kEZgy2bHrZzYq/l7qr766/m3VC0ub+SQyyLDXm7R56SpYlYJ0JdOvzYy2JTi3VUa8x35jwxecBKue7S7E+dXW+nI/nB42dGcWLPI1vdXmrcvBO1++iGUmxqtxb+UtVBqCtVrCwVy3Y/dNBKtZb+OjO1kMeyfA4vXLo6Y3E9t1I0qtjo6goxGB/cKtRRbGr/dmaNDEy4PHfe+etTd8vgSB6r6ukXD+3qf+ulfQDg6OnCJ7+8p6xL3VDaMfqofTuOuHhryrk/fl4tokPz7zRX8lhVM7fvdXx29qrhgX7Dg32G271OHv3dxg09entSvXnqmXcHJGm/6Ru/ad89dmrm9AdXIK9D+GLq4rXJqYvXtmEzNmMTNmGor6fV6utr6YxWfvjzR0P/vDGTh7GvAP4H2uh1wse2x/0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIhSURBVDjLY/j//z8DJZhhGBlgZ2fHnZWVVdra2vpu3rx5/2tqah7m5OSYA7EEkH0XJAaSA6kBqUUxwMjIiM3Hx6dr4sSJ/1+8ePH/7t27/w8ePPi/sbHxXnV19aGbN2/+AIkdOXLkP0gNSC1ID9wAQ0NDv+Li4g9Xr159FxERsc3b2/tPamrq/0mTJv2vrKz8D2KDxEByK1aseAhSC9KD7IKupqam75MnT0739/fnsre3/7x3797/586d+3/o0KH/a9eu/Z8xx+Jf6nzD/yA1ILUgPXADdHV1M9PT099PmzatJCgoaKejo+MvNze3/4GBgWAMYifMMPrfuDnqf/gMjf8gtSA9cAM0gcDX1/d6b2/v+1WrVr1dt27d//yltv9zF1n8T19g8j9pruH/mvWh/1ednvi/ZLX/f9c+iX+a2hpacAPU1NSYgc428PLyup+SkvIlOzv7e/Zi8/8bzk37v/bsFLDGFacn/J+wp+T/wuNd/zOWuv03bWf/rdvMyIgzfpOB/gVp7tuV/79zR/b/1m1p/xs2J/5v2pr+f8ah5v8xC2z+q9Yz/MRpQPRszf8rT034v/RE7/+Fx7r+zzvaATQk6//0Q03/05Z6/FesZbguXcnAidOAwOmKfz0nSv917hf9a93N/zduvtX/aQcb/ictdvsvX8twUbKSgZ2kpKzdzPg6fqHzf/lqhjNAzWwk5wWgk1/LVTP/F61kYEEWBwAP7or0z//OfQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC6SURBVCjPfdHhDoIgFAVg6jlq6x10vGdbrQfsR7bcskSTgE73gjAtirP5Qz/hsiNEWIuvpLUWhZCZbMQygEK31ll85rCNRPJnjQc6SosrzjgSUNiNRLLXGNATUmhQo6I3PU7YMwngSSBE4YbLeMwAmiUC3sP4Z0ekpjCbAeP/Mp60uBObAONjE+GR1RTYCbD+KL7XDMwTZvoDjL9XBC4PaGzHoNSdfWV3cUNDPVFZZbYsTiFWv8pOhb8BUJ5M7qO6PVQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADdSURBVDjLY/j//z8DJZhhmBvw41KQ07dzbk5kG/Dtgu/Jb2fsT5JkwI+bqZw/rsfYA21v+XE97f+PS5H/vx5Ra/98QN7+824ZTiIMSJr580bW/x+3iv//etD9/+fdpv/fzwX+/3LY6P/n7TIzCRtwPYYZaPvGH7dKgAb0AA1o/v/tQsh/oO0bP26TZiYqDIB+1/1+wef/z3vN/3/erPr/5aAOyHZdogMRGPIe38/7gvz+Gej3z18OG/8H2u5BvAFn7GO/Htdv/3pAQejzXjkhoO3tH7dIxY7EpEwMBgAr6O5Q8udliwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVDjLbZJPaFxlFMV/93vfmz/NjElpp5rEyUggVijWP9BKVYQacSVIdeWqUBXRjYILaXetRFC7caHFhXYjBsyiuIiIirXQja0UQcSWmjaZxMFk7CSZyfx77/vedZFpSEgu3Ls4HC73nHtEVdmpvvixctSG9udAhCh2r554bvDLHYmquq0/nJqZmLq8qLOLHa3Uujp99T/9aOrW5E7cbcCZr2/+8t3VJa23E+061dipduJEL/9Z09Nf3bx99kJ5aDNf7kr4dHr+USPy6xP7B1IPDveBCI2OB6A/a7AG5qodfvp9mZWWe+nkyyMXgPUFn3xbfndPf+rs33NzqCo+Ubz3OOeJnSN2HkGJnCNJlPEnD3N9oX3u9Cult+y56QU/Npwzj4/189fMLU48O8i+QgERiwJxIiTrbuFdxKnPL/HCoQJ786tvTnxTfsPG7bX58UeGSt1YiWNHYW+B6sefkclkNoyWwOJsQOa146Ag6mm31rh47UrZLtXdSOQSJiZv4LzDGIvk8gw9fBBSAdgArKFy5RpJAsvdAd47f523XxwhXyiWTLPrJR0annqsyEq9QQKkQwv9fZBNQ2hBTE+Esss2ObC/yJ6BNICYVscBMHpfjmPPH+X98xc3pUQ2NUz+8AfjzxxhdDiH9PJnm71X2QBGh3Kknz7MB5eyBL+tbgmcY4zjhw7S9uEW3Dbb6xeIgIsdUay8fuwINtxKdHHMjYU6g4V7sKHdONC0uh4FosixWGtQvDdPKhVui7wNQx4YzFNbaZA4hyqggm11nfpEZelOg2IhTzYTgoIC/q4DCgmK3ZXC7stTqdZpD2RBE7XN2j+z3ciVHro/K7msETEe05MkIlusXB+W0u58MvtvI6pXFyo2WqvOjb/z/e50vq/PpgOxNsAEQmDAGMHY3gLZkK3eRVF7dflOdWa+/D+ThmoKzy7qoQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLnZNfSFNxFMdvaL0EQQQSQpQPQS9R0FPQQwUSPfhQBBb4EOTDIILYxnR7aBPmlPZPBptSDoxNUR9yLhduOrexBs6WpA+BlbnRmrL/f22lu99+58JiWE9e+F64h/P9/M495/y40dFRw8jIyH0A3GHEDQ8PXzCZTEt6vf7ioQD00mq1Uo1GE1GpVC2HAqjV6mNKpXJRLpcvSSSSUxRbXl4eCAaDvM/n4z0eT9XlcvkcDse1/wJIfr//sVgs3jEYDF8CgUCImXfZA1LO78PWrANTU1NVu90u/wewvr7uXl1d3V9ZWamGQiGkUimUSiXsZIrYdAfw7cplQckFD6xWK8+a/uovYG1tTReLxYSTnr2VC8ZisYjtdAEPJ3l0jQOBF7PYtpiRTyaFPK/XC51ONyAA2EeFTPl8XgDUlcvl8COZR3S7gEKhgHK5LIjglNvf319jTb/LsebwBDhorisajYJVCaPRyJOy2axQ5cbGBhQKxVduZmamRtS6oQ7IZDJwu92Ym5sDy4H96b3f3jst+cWbzfA/OIvPNjWkUim46enpUiKREMoiI5WbTqcRDofhdDqp8xgXd+Kj5Grtp0sP/tM8KpNivH9yCcauG+AmJiYWqPNkJACZLRZLXCaTFUUiEZiKztsnKrvMDFMH0HMS0LQh9fw63tw6XuBsNlsvnUSTIAD9DlvvUuOsWdk8/+E1Gp+c8jQozo2NjZ1jcy1FIhHE43FUKhUMDQ3VGgHu9qbvZesjgJmqMg5ZppioCSweFxLMZvNLtqZgywS2VGD34lcjINjZqgp3n99L9LQhKT+Kze4j8HY078+3NymEBHYbW9libA4ODu6x+e719fWFDu78u84zvezELSqbKiIzxf8AGfvxrzvUBvIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIRSURBVDjLjZPJa1NRFIera/8ECy7dV7txkb2UOoDgzo0R3YuLrFwWIVglWQRtN0GCLkIixJDJQJKGQOYBA4akmec5eSFT/XnPsXlNsWIffOTdd3O+e+6PezcAbBDiuS7YEmz/hxuCq3LdmmBrOp32F4vFyXK5xEWIeWg0mnfrknXBNhWPx2NIkiQzGAzQ6/XQaDRYUqvVoNVqZQkXGwyGm2q1+k00GkUkEkE4HEYwGGQCgQDS6TSKxSILJpMJaBGdTvdHYjKZHvp8vuNsNot6vc7QavRLq1UqFcTjcbhcLrmLFZyJ2+0u9Pt9hC1f8OHpDt4/uoO3928zmscKHD5/gKPPB8jn8yxpNpuoVqtnAqPRiOFwiPGgB/fhPr7uvcJH5S4Ont3Dp5dP8G3/NX4cfedCi8XCeXQ6nTOBzWaT5vM5J0yTFFy325WhtmkbhN1ux2g04gVlgcfj+UmDUqkEh8OBcrnM7xRaLpdDIpHgcSqVYihEYr0DL61O6fv9fhQKBd4vhUrpk6DdbsNsNrN8Nptxt7JApVK9EMW9TCbDEgqI2qUOSELvJPF6vbw9Kj4nEM81pVJ5V6/XH8diMQ6IaLVaLAmFQnA6nfyNslohC05P4RWFQrFLHVitVoYSF2cEyWSSgxOn9Bx/CWggPv761z24gBNZcCq5JQKSaOIyxeK/I769a4JNklziOq+gq7/5Gx172kZga+XWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLpZNLSJRRFMd/M9/okF86IONzClciCRNGZS/BFoIa9BBDrSSC0F2rIFxZUAaDrWrXoggEqVBxHRSmofighUk2jEXjPBxHRbQv1O8+Wozo2MrowuFy7uH+z+/+OdehteZ/lgugZ3i1U2vapFaHlFJIBUIppFRIpRFSpYVECo1UaqKrtbTSBaC0vtNYme39l84PXoeO7hBIpbwAg99fIZRASIGtBLa0d3cpdmodZ7qwbelOE0j5cL389r66WxsCW8hdD6RUAPSOLO5L4NKJXLbSBcS2AMC1qnzefErQdK5g56xvLEHj6d18aW1jL4EtFUprXAb0jS5iGE76xxZxOMG5fWlwfBG0JsMFR3xZbNl/PUEDLsNBQ2Ueg+NJLlfm7yFIz0OxNYRQewm0ApcTBkYjRL5NEhiaI9+bS3Qhic9fQ++HX8yN9eMr9LK8vMKBdQ/V1R1mSkAotNY4tWB19h16fZ1bN1uxLItIJMLo+Ec82SbNV69gGAbxeJzMqSlWcnLup0xUKZzQzCTxYIjmG9d48vQ5s9MTFBUW4vf7Cf/8QXf3BPGFBY4dP0VtzXnC4XC7E0AIgQbCoRk8OQcBeNR5D2HbtLS0UFVVRX19PXV1dQjbpqm1HQCPx+Pe9UBryksPM/15MjWqDx8jhCAQCGCaZmqALAulFD0vnnHxQi3RaHTDobXm7suvI8KWFavJeXPty1vOnqyg2OcjK9NJIpEgGAzidrspKSmhoKCA35uKWHTeHh56P+dI/85lZWVGUVGR3zTNgeLi4jy3220AzqWlpTYg6vV6B4CMzc1NGYvFkpZlNfwBMWlOUI5ySkcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVDjLpVOxSgNBFJxcrkmC+AV+gP5BwEKwtLESW0mZD7CyEyViJVhbG7DURvEXBAsDKgpGxIjIecnF29t9byyyAZu9wkz12HnMm3m7WyGJWRC3Dq7aq83FTpKzMcwyqFNYVczHNrvpDc5XmktrXz9siAJpksCKYK5qs9u7t+3T/fXjysn1q9TrtWhqhCSUAAkMR2PUGzWoAkqCBJST+qF3r4ft5Wo8toyy77En/zQpoSRSk/kaEH+mCoxyiQAARxcvDGHv7DnIbe1ekiQiUQ0uyIkEucJaAEAkUiLgwpzNvUDhyqa4sLiZcFHplBJxN41QNsWWOXDegTFFsMnkJixujI9QlOUMR1DxDopC/hVhentx//Gp2+rkG2IdksEHnDioE4goqOxv7uQLUjiIE6Sf76AI/NPpAkBl1t8YYUb8Ao9lHyy2IyRjAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIJSURBVDjLpVM9aJNRFD35GsRSoUKKzQ/B0NJJF3EQlKrVgijSCBmC4NBFKihIcXBwEZdSHVoUwUInFUEkQ1DQ4CKiFsQsTrb5xNpgaZHw2Uog5t5zn0NJNFaw0guX97hwzuPcc17IOYfNlIdNVrhxufR6xJkZjAbSQGXjNAorqixSWFDV3KPhJ+UGLtSQMPryrDscPwLnAHOEOQc6gkbUpIagGmApWIb/pZRX4fjj889nWiSQtgYyBZ1BTUEj6AjPa0P71nb0Jfqwa+futIheHrzRn2yRQCUK/lOQhApBJVQJChHfnkCqOwWEQ+iORJHckUyX5ksvAEyGNuJC+s6xCRXNHNxzKMmQ4luwgjfvZp69uvr2+IZcyJ8rjIporrxURggetnV0QET3rrPxzMNM2+n7p678jUTrCiWhphAjVHR9DlR0WkSzf4IHxg5MSF0zXZEuVKWKSlCBCostS8zeG7oV64wPqxInbw86lbVXKEQ8mkAqmUJ4SxieeVhcnANFC02C7N2h69HO2IXeWC8MDj2JnqaFNAMd8f3HKjx6+LxQRmnOz1OZaxKIaF1VISYwB9ARZoQaYY6o1WpYCVYxt+zDn/XzVBv/MOWXW5J44ubRyVgkelFpmF/4BJVfOVDlVyqLVBZI5manPjajDOdcswfG9k/3X9v3/vfZv7rFBanriIo++J/f+BMT+YWS6hXl7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHbSURBVDjLdVK9qhpREJ7j7vrLGlhRiaCFFikkT2BxQZs8Q7pgJ9rcVuIj3MYHSJdXUAj+FDa2wSaIIihcJVUs1t91c75z7yyLd+8Hw5k5M9/MnDkjXNclYDqdDhzHqV6vV5In4fTL5XLx68N6vV4DTyCBJD/EYrFxsVik8/lM9+AigGEYNBqNaL1e15rN5lDHpczasSyLttstRSIRj+QnQt9sNpRMJqlUKtFyuWzL66GYTCYP8Xh8XCgUaL/fqw5Y0C6IQgjSNE1VN02TEokEDQYDWq1WNV2+p5NOp9UbERSNRpVwdX8nOG+3Gx2PRyqXyzSfz9s6qhwOB9rtdmTbtkeAcAcgASgCW9d1ymQyyo8EVVSezWaqVSbjCaFQyEsAMvsBDFzeVXX+nnw+T6fTSQVDkBQ+fCnPATZ8sJmn87/LqaqKnIBnwglgc0cAYlQCOFKpFFUqFS+Yg2BzMMh+fy6X8xL0e73eF27pbuPebCRvKU4pfeFfFkar1focDod/Z7NZZcutu3W7XY0CIBqNhhvkIC1inzVLraXh/LOFY5tBYWqVsZr3WCwW8WK1ofTNr+/mOzEvCaDc469buHywHYN1GWQEPiFoBsDHr3+e5PHt1fzx/PPTY1Dcf079mla6MmR7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHeSURBVDjLjZO/i1NBEMc/u+/lBYxiLkgU7vRstLEUDyxtxV68ykIMWlocaGHrD1DxSAqxNf4t115jo6DYhCRCEsk733s7u2PxkuiRoBkYdmGZz3xndsaoKgDGmC3gLBDxbxsA31U1AKCqzCBXsywbO+e8iOgqz7JM2+32W+AiYFX1GGDHOeen06mmabrwyWSio9FI+/2+ioj2ej3tdDoLiJm+bimAhgBeUe9RmbkrT5wgT97RaDQoioIQAt1ud7/Var1h+uq+/s9+PLilw+FwqSRgJ1YpexHSKenHF4DFf/uC3b7CydsPsafraO5IkoTxeEwIARGh2WwCYNUJAOmHZ5y4eY/a7h4hPcIdHvDz/fMSnjviOCZJEiqVCtVqdfEl8RygHkz9DLZWQzOHisd9OizfckcURRhjMMbMm14CQlEC/NfPjPd2CSJQCEEEDWYBsNZijFkaCqu5Ky+blwl5geaOUDg0c8TnNssSClkER1GEtXYZcOruI6ILl1AJqATirW02Hr8sFThBVZfklyXMFdQbbDzdXzm78z4Bx7KXTcwdgzs3yizuzxAhHvVh4avqBzAzaQa4JiIHgGE9C3EcX7ezhVIgeO9/AWGdYO/9EeDNX+t8frbOdk0FHhj8BvUsfP0TH5dOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLzVNbSJNRHBd660Go597qJQrEl4qgCIoopyk0ZstN0G22EZu1dAuEbA/Otb0Iu+jciinsaUiI7uJgF4cojkIdXtYG0TbYFuk86Ly0+e3X+QY9CCZEL33we/nOOb//+V1ODYCaf0HN/0FQed3TRrFFQVgwvUrCKLvJkfw5KcuekZJYRH62t5PDJ3xy8JhL9hubN4v3HwqqBPQAj6KIGR8wPw+srADJJLC+DiYcwqbTicL4OHYcDmxbR5EZGkLmTT92b98t7ty41cwSfMJ7GzA1BbhcwNoasLwMTEyA6e1FRipFVixGQSTCD4EAn5uaENfpkOx+CVJ/PcMS1FVUymjlnRag05BKofrNzoLhcpHlcPC9oQF+txvT09PYGBjAV3EXSN213Pblel7VA6r3HNXrYd72A5OTQC4HLC3hm8GAgNeLTEcHwuEwgsEgYj0qfBy1lV1mi+tYCmVpV22ps9N9pFYDCwvA6ir8fj8SiQRCoRC1ZB3xeBw+n48urUJHZWi12rPHIjlsE9Qe8FrdJZW6SrAxPIxYLEatcUGj0UCv11dlRKNRGI3GDyf2YP9RS+3eA47/98Z8Ps9OAtV7ULh0tcViseyl02l4PB4MDg6eXI7dO/cuOKmhXqo/RU212+3YuniFx66ZzWayRpOyWq2QSCR/btgX3tObsy9eZRcXFxEIBDAyMrJnMpmIm6YRiUQgl8vtlOD8qTV10PKwBOxtWDnswbGxMczNzbEEUCgUZ04loBptMpkMfX19jeO0jQYaK53aKhQKGT6fP/NXj0mpVEIgYOt//P8vZQLgm35VBV4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEvSURBVDjLY/j//z8DJZiBagZEtO8QAuKlQPwTiP/jwbuAWAWbARtXHrz1//efv//xgS0n74MMuQ3EbHADgBweIP7z99+//x++/fv/8tO//88+/vv/5P2//w/f/ft/782//7df/f1/5xXE8OoFx0GGmCEbIJcz9QBY8gVQ47MP//4/Bmp+8Pbf/7tQzddf/P1/9RnEgM5VZ0EGeGM14ClQ86N3UM2v//2/9RKi+QpQ88UnuA2AewHk/PtAW++8/vv/JlDzted//18Gar7wBGTAH7ABtYtOgAywxBqIIEOQAcg1Fx7/BRuMFoicuKLxDyzK5u64Cjfo/ecfYD5Q/DLWaMSGgQrvPH/3FabxOxDXEp0SgYp7Z267AtL4BYgLSUrKQA1KQHwPiFPolxcGzAAA94sPIr7iagsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHeSURBVDjLjZO/i1NBEMc/u+/lBYxiLkgU7vRstLEUDyxtxV68ykIMWlocaGHrD1DxSAqxNf4t115jo6DYhCRCEsk733s7u2PxkuiRoBkYdmGZz3xndsaoKgDGmC3gLBDxbxsA31U1AKCqzCBXsywbO+e8iOgqz7JM2+32W+AiYFX1GGDHOeen06mmabrwyWSio9FI+/2+ioj2ej3tdDoLiJm+bimAhgBeUe9RmbkrT5wgT97RaDQoioIQAt1ud7/Var1h+uq+/s9+PLilw+FwqSRgJ1YpexHSKenHF4DFf/uC3b7CydsPsafraO5IkoTxeEwIARGh2WwCYNUJAOmHZ5y4eY/a7h4hPcIdHvDz/fMSnjviOCZJEiqVCtVqdfEl8RygHkz9DLZWQzOHisd9OizfckcURRhjMMbMm14CQlEC/NfPjPd2CSJQCEEEDWYBsNZijFkaCqu5Ky+blwl5geaOUDg0c8TnNssSClkER1GEtXYZcOruI6ILl1AJqATirW02Hr8sFThBVZfklyXMFdQbbDzdXzm78z4Bx7KXTcwdgzs3yizuzxAhHvVh4avqBzAzaQa4JiIHgGE9C3EcX7ezhVIgeO9/AWGdYO/9EeDNX+t8frbOdk0FHhj8BvUsfP0TH5dOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZNNSJRhEMd/z7vr9m7t2oopZl/UoVWpQ0RC0EFL6FAQ4a0OXbrVLaJDEdStjhEUFQVBHaIuSocIomtWJvYFRhb51eqaH7vu7vu8zzvTQbENvDkwDAzMj+E//zGqymrCY5URBxh6vm/Ar21rM6aapwSF7yORm90PBP9NGQAWskc/ujiAUa9ly4EHNcYY0MVhjMFV8jtyA1dGdKkLEEvUqkbhZHHi1XngSRwApxXErgl+3yKyMfBqMSaN33yI5vZrCVQBARVAMV6q6VvPgcv/AKHxVCyRTaCiSPkX4UKO4uRravyNoCGIRdUBjnTLhQQq25Y1wKgvrowtgdoFwsI86ZZT+PWtgKGU72du5CWNbWeJJVKYeAYiL/4PEHrEk41kWk8vraoogtgxwj8vmP7+gVTzEfKDl0jXCf7mixAoVQBVjSpIaRCN5tCogLpZJJxh/vcwaxu7qN24h+Evj0nEF/A1gLDaBwGq4pBwCrFTiM0hNoctjjE7kSO9IUM030PDrtPMTIRIFCwfdhFgVQ0R6v6gbhoN86ibZnZ0jPrsCaj00/fwEalMmULeY378E7gqgFqZcaXpubCYEFdK44IGivkk4u0kXVdCgh+gQlR8y/aOc4y960Ws2GUNtBJcH759vB2lC0MaYwjq6hJbO896UnqDSpm93VnEjuOvGyKz7SBTE/e/Lh5whWfqv9NxZkPrsZtNO5NExT5ULe+ffWVvdysmth6Sh3l379KkinSuCOi7sX9098lHm2LeT9TNUOVkwCOWzJL7PMBQ79Wn8ZU+zAXW77/bXVZRVKQqdbkigqo2/QXSf1oX6zFeUgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLnZO9a1RBEMB/++5d1LxgPjQYkpxdLEVItFEU0mgay/wDCtfpvyBpIgommCoHqSy0s5Jgo2kEjRa2R/CrM0HzJd7lvZndsXiX8+VDFIddZncZfjOzM+PMjHq9biEEQgh47/Heo6ptXdwi0taTk5MuBvDeMzg4zOb2NphBvsAMA8ysfcaM3t4eFhefAdAGbG5tcevhK/5F7lfPk2XZb4CqtlzCcOU0XZ0dVPoTjh6J2RFDNCAevMHr5fdYMNI0BSACEJE8TMA5R2NH+bq5QyP1mIF6I9NAqrmNGXsjEBHCbnzO4ZzjR0MJltKTlInjElEwrAUIFg4CLOQIV4A0M08mgaSzg1IpInK5DwuHACik4JzLIYA5RyP1uMjydyDsTyHLMqJSBMCXz5/+WoVSXDoI6CjH3L15Du+NcrnM2uoqSddxzIyNjW8MnBqg2Wy2fj4cADxYWnp5pdBlfSLyYmho6IaqsrKysqCq4yKyXujKpwBut3xFmZmZua2q1y9eujze3d3Lk8ePmqp6Z3p6+t5+2z2Aubm5fhFZGxk5Q9+Jk3h1iCpJcoyPH+osL7/5OTs721UExMVLmqZjlUqFiYlrqCpmhpkRRRFjo2dZX/+eVKvVq/Pz888PjQBgamrqnYiM7p/C1mS+rdVqF/6Ywv/IL/azYiamBPboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLjZLdKwRRGIf3X1wXuNAikiKfWXaVLO1SIjYlG9LYaGKxNSXWx1rnwoUo+Zhdu2vkRsp32ePCvH5nYoaGNaeemjkz5/ee85zX5W6VS4bjuc3uhSzzz4NohnlnT1nHzAlrnz5mbZEj1jJ5yHwRxsS/ROT6jiu4lEuF12+YE5pHd1O2AFHZKXVDSWYL8EcvxKQjaga27AG+ubTxUUllMlOJq9fB1Us+sAJieR5azPJ+Oc0DC2e8N3rCmyYOOFxocOGxAiTVCBhTtMJ08pYXY1i55nChwUXeDGgM7xsBovJ/dErnHC40uNDMAGynr35kj3VJKn98eQOcPzwLCib3gqcCf3l9e8QiDS6sgK8HuBCTWnxHvRtT8joqEfqC0BeEYxJ6g9AXhL4g9AXBBaF4gxUgqUZAKJYjnNMRcPFuBsCFESAqOwUurPvEdsbhQkNfkNMBFz+b4tPFnwt0gS7Qjfeq4MYvARBWbHyFiOEJrNkD4MLxEdxtsj0ALmS4MATVDm5TdTBBlf3rVNGjUHl3nMp8y1TqjYkrFMgf+hUje+AiV2IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALtSURBVBgZTcFLaFxVAIDh/5577jwzj0wSUmqMtKIiBltbbJ1FUCxVoQu3FrHGVRU3BVcKrkTcKOhCUOtOAyJ23WIQtFawpoooZWKJpnbsNJN5PzP3PO5xArPo93nOOfasXCgfAz48mE8UhzpiqCN0FLFrog7QA+qABVpAA/gC+FYyERlz/NC+qeIbT85xt4GKckMV5Voju6A09ELLzXqfi38PTgLnJBORMfPZmMeectsSeB7SA19CPBAsxgW+EAQ+PLaQZH8uXTj/S+UDwYTVOitxmAh6yqOjoR1CZwSdETR2Yadv2fPm6i2KB9IszQZzkgkVmvnLZcuP21VeO1rgs+tdAu1YOZxlKiHw8fA9iADPdvn5nxa/3epUBGOH39sqjETu2UJG4oUwDB2RcmRSHuevdtjpWgZhxEBH4KDaDflobbNrlVoRh97demHpgfTth+5J5ZpNw5kjWQxw6mCa7aYlk4bPr7X54XqfkfGIHNjAYpQ6cOH1x9fEw/cnP13M+Ik7bc3ZYxniMR9PQCElObmYptox7E97XK0MscbhHJgwxKrQMiZ+v9Y9u3knHBUCn08ut6m2DQJHe6C5WOqQl4KbVcXR2QSxwENbS38wNEapLmNi4/0Hv/r3zxvHN0p1YnGP1e/r4ODr9TbZlKBTU7xSnKG4lCUZQKMfYkJVvfT2c44xyVjKr6lpEUI3g3UOPIE1lu6O5aUTcyRjPjhISUGttYtVYYUJuXxudRZ4p/jIvZx+eoHvSopmz/Ly8jyJwBFIkD7EfMimYLM8xChVZUJapU4Ap34tbdHalfRDh7aOUHsoE2FsROQchVyOV5/Zx3ZjiFWqxoS0Wh95/qlHk2+9+AR3sw60dSgDOPj4UoVUAL3+EKt1gwlptd7arnf4cq1EfipJPpsgn46TS8fJpGLEY4K4FJxenicuodbsYbX+jwkZGfPNlfWNhSvrG/cBM8AMMA1MA7lELAgSiYBsOkk+m+KPv8o3gJ+Y+B9yFXCQeyJWrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKuSURBVDjLdZLdS1NxGMdPRZLgPxBC0pVhWHgRXhiMdlEUQUXBLhLUMnux0gxUtBeX8yXzuCVbKS5Htunmppt7cW5OXGeerZZhObVA8DIaBtoLljr89pwjWm32gy8/Dvyez/N5Hg4DgPknvC6dwoLTjuNlWwwj6hh8qnF4m1g4FOnx7+OLy6hwCW8swKQTiLjX79dGINAOWKuX0F9elgjgdUkY63Rj3AS8twFcB+BhQV0BZy1gvwu4FMBoK+CoAbouutGRm/QHwGlVeEvFAsCnilGhlHSTNzuZy5KhL5biRVEMNoIZSwH1GXYd4G/LhP9JDOFeKmZjsNelwSFPIV0F6QZhLAmi+6oCuoIUaM+n4em5GPoqAeWxGFhpBoORVhX4LtJTC7pS2O6kwlo5h6FGwFIOmG/RXQF0yOagPp2KxyekBKExCoGmHJYh3Y8Im9Zns1Ylk24tXPUR0jXgWZ4E7TIJ6RpguB6B6mgFWo7sQsPhVfTSGPKsaYZ0lxGmLfdTN2PJ9hnOefOD3+4IhUJfeZ4Hx3Hw+/0IDvV/HnUPsKjP3kaFC+i9Ddzfv8iQ7jKCzwFDsbDdpHCIH1tZWcFWcbsHh3Hv4A7IDyyKo9VkfGdou7PoqwLpLpHuzjA38kt4rLDN/ZPBVxaUaXLXilpOoUAhWet+cEgATDPxf1YgEMAGgJv9IabOrIPcXADnlAbvPnmhHL4GmTIT2cW7mxMAwrwbgE7+i5i8h8cxEFFhYIZ+JDrNvktQ+i4LgJ8JAJ/PJwKi0ehmTlZnYXBKi7+PfVIjAJAA8Hg8ImB+fh4TExNiJKV78ch7AQ3efLG4wZP/fwOXy7UQv32NrR5nm/eB9RaKnYVb+N5yB3a7XW+1WqMWiwUmkwk9PT3Q6/W4opAt59zYsypoU75RGoX3vwEsUe6Qo5mAvAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHESURBVDjLY/j//z8DJRjO8F3q3d9ypOF/9b7y9x7zXAXQFTpPcaiv2VX+v2Bzznv7HlsFDAM857sJFOzIuT/hRO//wMW+81E0T3JQAGls29f8377Lph6rC0DYfZZLQOfh1v9tB5v/u0x1coCJB8zzW9+xv/1/xOKw8zi9AMPBSwPX9xzu+h+/KhqsGOjcgMZddf+rt1X+t26xNCBoAMS5eUDntvx3meDYn7Qy7n7rrsb/9h22/XgDERkDbS1o2d3wv31vy//+A73/S9YXvbesNRcg2gAQLtlU8H/KoUn/e/d1/89YnnafYDSC/T8vcH/ppqL/xRsK/tdvr/0/6cCE/9MPTf3fsr35f/byjP9Zy9L/5y3PeYnTgIBJ/g1+E3wbfPu8G5IWJR7o39v3v3h1wfvIuZEHnJudGhwbHBrs6+0aiPKCe4dbQ/XGqv/Ji5KeOzY6NBDlBd8pPvtzVmb9z16Z8b9hc/3/CXv7//fv7vtfu6Hqf8r8pP9J8xP/A124D6cBbm1uDa6tLg0g54bNDD3Qs6v7f/ayjM9BUwIPWFdaNViWWzZYlJsT5wW7WtuGnGXZ/8Nnht23rLAkzgsU5UZyMQAcp633iiwCvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHcSURBVDjLhZPbahpRFIbnJXLb4lsIQx+sF6G0kMsmpZQ8hEeUGWcUTbQqnlDUUTwgIkaj4kUI0j3ozObvXjs4jXjoxbpZe//f/689a5Rut4tOp4N2u41Wq4Vms4lGo4F6vY5arXYFQLlUimVZ4Jwf1Ww2k5ByuXwRopAzCabTqXSeTCYehHoiBQqFwlmIQpHpMrlRo1qt1jebDRzHkX0ClkolZLPZkxCFXPcXhXgrIk9t24bz8gyna8qz8XiMfD6PTCZzBFHIeR/ZdV2QmL+u4Bpf4cY/C4ghz0ajEaVAMpk8gChiRrZer+Wl3W4nnd3EF/CH7+C5n+ACtIcMh0NKAV3XPYhSqVQ+iRnZarV6gzw1pTN/vAPP3x9BBoMBpUAsFpMQSSkWi6qYkS2XyzfI3IKjixSPP/5BRCrH0uR5r9ejFIhEIlfeLLlcThUzssVicQz5/Qs8eYM/+g2468gUhmEgFAp9PHhRMZ+aTqfZfD73IDvtGtz8Bjtzhy3bvBf7vBHeVyqVUk3TZLSJEjJrw3m4Bd/anjgYDPq8Rzy1HIlEQtU0jdEm7j8xiUX/QHwWQBWPx/3ipRktWL/fPym+CKCKRqP+cDjMSBwIBHwnV/l/v6tw9Qvxh3PnfwF+wjbwD++YrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIlSURBVDjLpVM9iBNBFP5mf0jIIsIdMSsR90L8iwfWlhaiaCHBNB42ioWg1QmChYiFXG8l5LjiIKCxMSg2ewQFlRQBc4iIiIoJ5kgMJCTh8mOyu743sF70Llg48PFm3rzvzffezAjP8/A/Q5tc5PP5ACU8R1hwXfcI2YMEmrrvyX4mu0LIJ5NJx+cIXwGRj9L8YTgcPmaaJgzDQCgUAu+32210u11UKhU0Go3X5LuQSqWqksgBDNu2X5TLZT7OmzZGo5FXKpW8bDa76vMUXwot5iORyD9rjkajoEPObOsBOWXGer2OYDCIQCAAXdelr9frodlsolqtIh6Py9ipCTRNQ6vVwmAwkOvxeIxOp4PhcCj32LdjAr8mVVWlAg5mUN0yid9sJjuOM10BB/skIYQM9n2KomxToPydwCcweM5gsnj7DFi+gk+X4zBzN2ftU9qtHRVwMIOJXA5bt5jDzI8iDl+8jkBsHv13tvLh1dq9tZP65h8KGJOn+3IHbx7h0InzCH55CbG6gNDXJ5izZlVPeIu/FTCBr4peImq1Gvr9/ladTbpaMwacvbHVvLt7obpibrKES4VC4XEikTAsy5LvgJso38YeE7315zCeXsOwX0OP4rsdKk/Fhpj8jZlMJkaJbhNS1PHd/Be4HL2Uw77WOvbP/ISmfEe3Mca3uuqMBt4dMe07p9PpXUQ+QHCpqR+PF+8vbjY3rqqOsBzVqxLrwWl7vPQLOvKpkCFdDpkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIuSURBVBgZpcHNi01hAMfx73PmzHWUO0QmbiOhyQyZMYWGRhbYSfkLpKwYpSRTSikLxE7IxsrGSmJBGtSQnXfJ5CUvg+G699x5u/ec53l+zilFNtR8PkYS0xEwTQHTFJJ5dX3to6hlxQpjAn4TjbHXH5ytrgca/MmQm1i+7akNyRgFHYv6LjYbY0BkBMZg69+Xfn109INA/NJUaJFcOjr+efAgcDkkZ1XHJzMaX87hkiYIWjCmSFTaTGndiQIS4EEeECaYtWD4at8R4HJILjWBfIJLCsgLP/WedOIr46N3aI4WglLwCZIFLMWOQwXkF5MJyRlF3k6RTIKSCdKxGsWOnUTzOgEDCPAgAcKEc8AFIZmQXBoQzmxlTuduwIOE8PjkE7Z6C7kY2RjZGnLjRG2HoSFyIblUkqvjJ58gFyM3hmwVn1aQi8FWGRyucPedI56aIrX76Qlc2A6E5BpI3uLTb8jGyMXIVpGNkatw42WFp/UimzauoW1uO7efX+Hes5HwUn/pVEAukQwO2R/IllH6HdkysmVkK1x7UWV1RzcucHQv3IozKb2rNpDZG5BR4it2shyn4wVvJ4vYxnxc0oZ3y/BuJaO1Ms1mFts795E7sPkCy1q7yEQhGdUbJ9+c37EOsQVDkb/UapXo+ch9Ho8MMbD1Isdv7iJqmkGmbiTxL739pWNtS2Yf3tDVR/uCHoa/POT+kyE+vo1PG0n8j97+0nFgD1AExoCzD86MDPwE/3Mt+7fw600AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZM7aFRRFEXXffPyJokzmkSFWBiJiGBEDH5io8QmIIqFojbaaGkZSBVtbAOCpZU2IhhRLJSAEFELISIpRBB/wxgwakYnn5d5n3vvORZCjB8sdJeHw2Jzzt5GVfkfhb8O3ANTUmVQhQMi9KmCChMijKlwsXxY4+X7ZrkD98D0q3DFdA11m7Y+NOoA9WhSw9cnyV6PVEQ43X5EH/4GcOPmiLb13wo6T6Ktq/CNl0j2BXUpmGaC5k0YG5C9HyX79PDo2hN6ewlgx02HKtXCtuslCebxaQXsAuIy1KffIaKYYheF4jbmnpyJRdiw7qR+DQBUGAw2DJc0Askq4BYZv1MDycHnPLoPYmPc/HN89pbWLcMl8QwCBAAiHDLte5C0groEFcv+gy2oWNRb9vXHqGSojXGzzwjbNiOeQ0tfEKGH4kokmeVT9SstLdAUOUJy1OXYzJIuepJFWN1RAzK8p3sJoEKiLo3wjpmpORoLOXnqsVawVaEUBuAD4kTZe8qCKiIUfjjwVLBJL0T07G5HXYa6hM+VmNl3RdYYg00MU/UEE7QiPsRmvFl+g7u2NomJulAB9TnqLFGzJ2ukaJLjFhIkbBCu3E5Sq2Jz7v4AeC41XlyIcWWCaD2oQSWjvMrRtGWetzN1qvNzrD/ciRa3M/34QmwzLv0UpJkb5li4dmC0uesoFBZw9af45APqUkxYplDuxbOR+st71F+NHd8xrDd/i/L0NTMgnssreoa6o9VbCZoCEIfLPIvTr/j4ZKTiLGd3ntOxP3YBYOqqKYlnSIQD3tPncnCWCWcZc5aRXef/UqZ/0TcrHX7i2ZbMyQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJPSURBVDjLpZPta1JhGMaFPvZ/CH3rL1BqICLzg0EMKmSwmZXWskPhSwQJ2yQzVEYyaRI1ikkOCqISJDU/9IZRKyqn9SWYuBedb+d4ju7quZ/jBvvYuuGC+1z3dX7nOc9zjgaA5n+ksbiWHKGnlbbvcRneR0yLJXge/MC1+99wNfEVwsIXXIl/wuX5IqbufoBz7h288UKb7uOA6SeVQfRVFf+qqXBuwAH05IPobDALDvAuruIgNTGbUQGehz+50VP6kJjEnoK2qKApymh0ethsiajVu1hb7+BPrYVfa02eH59ODwFsw6jkwQByv89BXVlBR1JB210FW20J600GaoiobnR53nrzhQqg3abqM4BCEKYeA4kM1KHVMFCLVtRRUG/J2GhKPH/mxnMVQEfFATs7HLAL6jFJffWVdkHNIYjq1PVnKkC493kPQGp3u3iZTiMUCiGRSCAYDGK1XEZtcwu3hx7NxoUwdDrdYc1U7KMKYJJkGQssEIlEUK1WUalUkMvl+PV8PI5SqcS9QqHAvdHR0VuaS3Pv947mdTYLn8+H4soKZgMBmM1m2Gw2RKNReDwe3pMXYDOCCILQ0Dijb/cA4XAYMzMzHCBJEoxGIzKZDIrFIvL5PFKpFPdoRgC/3y/Sv7B07s4b/mWZJ/ywn3dywEnrRRw7PgKDwQCLxcJFPXknTl/gALvdXt/3Zx1hxZb4nW1SPZlMbi4vLyMWi8HlcsHtdvOePJpRhrL7AFqt9pBerz9qMpl+T05Oth0Oh8jUGxsbszKNsL5JHs0oQ9m/1aYTg/t8sGkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLpZNZSNRRGMV//2XGsjFrMg2z0so2K21xIFpepYUiAsGIICLffI8eWiBBeg3qQV+KwBYKLB8qpHUmrahcKLc0QsxldNSxdPz/79LD1ChBUXTh8sG93POdc75zDa01/7NsgGvPR09rzQmpVZZSCqlAKIWUCqk0QqoZWyKFRir1uvxIbsAGUFqXHQqkpP1L57M3Pm5MMJBKpQHUdF9BKIGQAlcJXOlOVykSdye3leO6MmkGQNyHw+uO/1X3bzGBK+S0B1IqAKqDg3986HeCZPffwvJtoNT7lOZLvUdtAPEDAKBkRzo3QwMUb89InN1uGGD3spdE214xe8MRUnM2MfppNW0Pqy7YAK5UKK2xLbhdP4hlmdxpGMQwwQT8ziNiI534c7cT6WrFazikzF2Eb8HS1IQEDdiWwcHAQmpehTkQSAcgNvSMiYFW5uUUMdV3HW+ywefGNqITJsbUUL75k4FWYJtQ+yaMZcXrk1ANk/33mbdiD7EvlRieETy+FJLkMFcjRRSW3emIAwiF1hqPBfu2LGSWbbA1uZ41SfWkrtxPrPcypsfFiWYzFGzGKTjFV28WEJeIUHETLdOgrmkI1VdHpCdEet5enP4qLK9mKrqMgedv6cyrAP+qxOTiUxAi7oEJi8frELoFoTLpa7nI/HQvscgSRt+0kV1SSW7qYtp7xrBMphm4Mi5h/VIfTcEq1u0oJaknSEdNiMYHET7UvcMpPEN31Ed7zxgASmk1I0g6dK66s8CRak5mVxjnfS05+TsZCw/T9baTx1nnGb47DrQksjE6HrsHYPz6nYt3+Sc3L8+wA2tz0J6pF5OD4WP7Kpq7f5fO79DfSxjdtCtDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKnSURBVDjLpVPfS5NhFN6/0F1EF9FFBf28GhF0UWrkVQQZkamgbckoGEUsbVJgLl2K++F0bcx0UwZT07bZnG6yzc3hJND56ZYr59zELjSdm36NTZ6+9yOEQQyii8MLh/M857zPeQ4HAOd/4p8BBoMB3d3d0Gg0UKlUDzg+nw8kpqam4HK54HQ6MT4+DpvNBovFguHhYQwMDMBoNEKv17O12WwWiUQCMpmM4ni9XuRyOWQymYKRSqWg0+nWk8kkwuEw2tvbo1KpVMDxeDxsIh6Pw+/3IxaLgeSi0SgmJiYQiURgtVrZmsHBQVAUxU7U0tJSdKiBw+HA9PQ0RkdHuW63G0NDQ1wC7uvr45JvaLVaLgH7jbdE4f57iHxqwpzuBuZVZytZgrGxMQSDQVaDlZUVVgPSmYBDoRDb+WtAhY1JEXaCViC1ju0gQ9h688ehuiMjI0in07Db7WCU5prNZqI0l4wbMBXVbVKvkImbseF6h/2Fj8iterHwgU8fEjCF4kAggOXlZRAw6WwymRCe1WOLEuNg34v974+xFXiCkKEGQW3FZkBx+1Tejnt7e4nSUKvVUCqV6FcL8XOhDge0H3vfqkCvlWN3qR6LnSX40lZ8qaCRbG+O3t2YFf0BV4KO3UeSeomQshiS5zXbeU7s6ek5zSj9vqurCwqFAhrpI1C2Z8zYHtDRGvxaq8AOM0moowTh1ssnBAJBOo+AEUtMXrlcLlQ2VGwufq7HvE2GxEwZ9qLl2Jp7gSVlUarhKS/BgIV8Pp/OI2A8LWZsya7LRPyxu4qw5g4m64/Bpy6F/fUVGDqbWRsztaiuro789ZgkEgkaeeeQ8XcgMyPHTNM1mB4eT9nrLlysra0V8ng8AkbBayy7eoR+W3Um62wuzTrarrstovMnC13nb3Lp9V3T7PhSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALtSURBVBgZTcFLaFxVAIDh/5577jwzj0wSUmqMtKIiBltbbJ1FUCxVoQu3FrHGVRU3BVcKrkTcKOhCUOtOAyJ23WIQtFawpoooZWKJpnbsNJN5PzP3PO5xArPo93nOOfasXCgfAz48mE8UhzpiqCN0FLFrog7QA+qABVpAA/gC+FYyERlz/NC+qeIbT85xt4GKckMV5Voju6A09ELLzXqfi38PTgLnJBORMfPZmMeectsSeB7SA19CPBAsxgW+EAQ+PLaQZH8uXTj/S+UDwYTVOitxmAh6yqOjoR1CZwSdETR2Yadv2fPm6i2KB9IszQZzkgkVmvnLZcuP21VeO1rgs+tdAu1YOZxlKiHw8fA9iADPdvn5nxa/3epUBGOH39sqjETu2UJG4oUwDB2RcmRSHuevdtjpWgZhxEBH4KDaDflobbNrlVoRh97demHpgfTth+5J5ZpNw5kjWQxw6mCa7aYlk4bPr7X54XqfkfGIHNjAYpQ6cOH1x9fEw/cnP13M+Ik7bc3ZYxniMR9PQCElObmYptox7E97XK0MscbhHJgwxKrQMiZ+v9Y9u3knHBUCn08ut6m2DQJHe6C5WOqQl4KbVcXR2QSxwENbS38wNEapLmNi4/0Hv/r3zxvHN0p1YnGP1e/r4ODr9TbZlKBTU7xSnKG4lCUZQKMfYkJVvfT2c44xyVjKr6lpEUI3g3UOPIE1lu6O5aUTcyRjPjhISUGttYtVYYUJuXxudRZ4p/jIvZx+eoHvSopmz/Ly8jyJwBFIkD7EfMimYLM8xChVZUJapU4Ap34tbdHalfRDh7aOUHsoE2FsROQchVyOV5/Zx3ZjiFWqxoS0Wh95/qlHk2+9+AR3sw60dSgDOPj4UoVUAL3+EKt1gwlptd7arnf4cq1EfipJPpsgn46TS8fJpGLEY4K4FJxenicuodbsYbX+jwkZGfPNlfWNhSvrG/cBM8AMMA1MA7lELAgSiYBsOkk+m+KPv8o3gJ+Y+B9yFXCQeyJWrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLhVNLTBNRFD3TTju1FCcBaxuaQEr94ydiZIHGpcFISBOi0YREZWHCVoyRxKUxxq0LXcACQyLsjO6KjSEiDfHDz0S0CLSxlFKd2g7MTDudGd+bMAQCxJucuXfuu+fcO/PeYwzDALVoNMqRuI3guq7rR4g/SEBC/Svxc8T3EUTD4bCGTcZQAUI+RvxLr9d70u/3o6KiAm63G3Qtn89DFEUkk0lks9lRkrvW3t6e2lCgRZFI5F0ikaDtjN1MVVVjYmLCGBoa6qccC7Z1kQafz4f/WSAQAGlyaXOOpQ+SNNUymQxcLhc4joPD4TBzkiRBEASkUimEQiGzdlcBlmWRy+WgKIr5Xi6XUSgUUCwWzTVN+IAzeOOde71orP0eAaOkbrDWf6Cw2+3mBLSYgny3KULXPOUY2BUB/hMd4IOn8XfhMGYjvU+2TECLLRLDMNA0zYw5JYa6Ghke/hyEn9/gZEqo3OuHp7qW3yJgESjoNPSdlb8gWCOCr29BMT0Ip5tBYnIWqlL6o8irzVsEaHcKSqQCen4cweok+FAblNRz2JxlODx1cEkzGWmVbTl7Z/jHhgCF1Z3GYjIKf+U8+ANhQn4Gm6OMUiGI9MhHg5Gl1sbu8UnKNc8B7Ui3ipxEcwvlpVFw6hz2N1xGabkXdqeBYqEOmfefEZWac4e6xz9Z22hbn+BmLBZbi8fjEBdG4NF/QdUDSM88hQ4FawKJR6cxLDZl86qzZdtdoDYwMBAkQg/2LL/ovNLVh++Dd7G0OAau9hTkrKgnnE39GW3f/Z6enpUdBSx7ePu4eq+zi4VNw+TbV0gsxFd5b9X5i4+mpnY63tsErl6okhvrfWzT0SAMR3FMXsnean08Pb/b/fgHqpjCspi90kkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKNSURBVDjLpZLLa1NBFMa/m/uITfpIKzFJYxGaxkQDFnFRsrLgxm5i3dWl+Ae46Kr+DWbZTcBNhboQ1KW1uYhQhVKECFE0SEvSBrXR2Nyb+37EmYHG0hZceOEww5n5fvOdcw/X6/XwP59wWlKW5SABF0jc8X0/S9Y0CbL1q2T9StZHJOT5+XmPO+6AiC+T3JNoNHolHo8jHA4jFAqB3ut0OlBVFY1GA61Wa4PkFk4A1tfXX2cymdmJiQlwHHeqbdd1Ua1WUavVVgLHDwkwF4vF/ll7MpkEKWPuRA+cnhjY3NyEpmnI5/MIBoMQRZGVoOs62u02ms0mUqkUBfxt4upGe8B2vFXXGBnje/uQJAnlchm5XI6JqW1FUWBZFgRBYLk+YOXNL8FxnA9BkUsLkTg+7vzAZESB53msiVRAATQOe0bF9Jz1wDDtccNy0yEJ4Dkf/Fga7+pBJFJXsba2huXlZZAHGICuVHjogAG6up20bJuCsNvSIPI+pMg4Ss+3mOXp6WkUi0XY5M4hiAL6DlTDiOpErJHo6iZ2vik4IwKJCym8/aJje3sbiUSCCY4C6J4BOqpx0XYs6KYDRbegaiZqe20cqBYGzl/Dy/c+Crdu91+lAGqfOuJb5wqSqltyNCLxChFKPAeBJzMe4OD5Hho7Lczlp3BpMsJ+4+joKLLZLJvGer2uCweq0R0OBUSPUDXDwm6TjOtvDUbXhNm1MJUI497CDCSRZ2XQUaZTWKlUvhMnBeGgq8uBnnjz008Ve3ttx9HMB7EhvzOTQeHsMHd9ZNAeksuvmG06RKZpUuFjUsrDpaWlfW72/osB13CeuYZ1wzXswa2nd+2jk1kqlYaIYIqET5r2eXFx0Tp6/ge8rrdXLiWBdQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIISURBVDjLlZPRT1JxFMf5E+6fwL9Ri8lsI5cSV7swL82w0SZTB6zWXOuB0cLU8HKhuAooTNrFupcAsYWjh1sRIaDgTLGXxmubD2w+9Prth29tXMWH83J+Z5/vOd9zfhoAml7h+mg3ReuhUxIdR37CrVanUXvgvvsOtk4kbJ+kEaos/bkSYCZv0wcri7/zrTS2f32AUOX+2nPWACvd1V4KmM7fnxQP1pE+2kSuJUM+EpFpvUOS5MJVHgQSuBCwWuU72eP3EA8TWCx523NFl+Iv+zrxRgRr+wKeFJ1NVYA9y+o3mjFskbkj9SDGpTGqm2dSJmosZfRYZXPClLxNqQJsGYt2bS+MbEtCF2SVmQCTukOPikaqbxPnik4l3ohC+ilivbGKcC0Af/klXAVHczhuoC8FmDdpyl2YUrjyAlmfHytklATpJronwP9jAYbYIN3XHXTDuDGkJ6qeRzsz7XCNh1AjvshmRRXQnZWVmIQxOfTf5RFV/fw3LyJkC+6d2U5PwOjbEe3Tz4/bQp0/b92WY5VbsZtuQ3SQfpC71+R3/eAqr2ASR7I9AUSVepibUHhSFCVKQv31uXm+0nPwVQ5dgOfLM+jeXNdf6AFRnZz9NNVeKs8jtr+CCDHvRcmL8bSlqQtdo/v+TBaZ+RrcXUaQqLMZy+GVf+OAcGPaWXCckW7OBgTdslrdPxtwvK6n/CCRAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANsSURBVDjLdZNrTNNnGMWb+M3wRaObc/plSxYToiZzc94quCGCVRfMnwYtUiyuUhUQKqtcCmhatAgEaKlcBNFSBYQ5lSIgQ0GFttRCL0BBoAVUVFKo/UtLBXJsiZp5+3CS98N7fjnnyfNQAFDeK1uf6nVGm5CSquS28VqPzMY0RcweVjDawmqC+QevZi6IvfJk4f//e/ThkalL8RFqTg7dHqhFo6UJiuEGdLzU4oq2HISMJo0pH+VwLpqHIgoHfD4DZHQlB1V0l+GOpRFl/VdxXMsH91Eqavr+xd5LO62MkuIfI0vN1tLWcXAvD4IQ6YI+AESdyYtPq0+QzcPNEBklYKmjEa6KxvmeUkhbxNgh3cZhXxiSZteOQWEgUXDnBWhpHeR23sPF8wB3X4Gi/xaKTJfBVEchpI2NeE0aZFoZ/MU+naxC489h4r7Zmzo7shrGUaWy4fgFE6hRTYJ5QHxLZGe9uRFRmkTsc5vZyjjI+isQVREJavpvWw7kme5nK56hWmODpPIaTPIQPL4hRFeJP3T53mGUo/XhrhuWOsRokiDS56Gyrwbn6kXYJPi1hJHbS3f3dVQqJ1FcXYaxZh5s+lqAfIpJfTXaMwOeU8Kv023K52pc67sOyd08+GZtsm48/UtKfeypJbnx5cvcffU1dXKMG9PgGr2JsXvn4DD8g1nLAxgusp0Uunx3p/hujqfvS5+MDXGKWGLlNJOZ5AymW6doe1bzMnLMViMfc44HcAweg9U9p15ZBJTSgzPqvKCfKLuK/Lh+uVS2IZ71vYv9V9Z0aChJpiTjdcg+jGZ6cyYMCZhztmNqgAnnCAP2nkTo82kgGAnF80Oc+fvEojfHjha6WCzXa6EAkxUyWOVlGGRuwVgH7505DM7h/XhlTEK3JBB+BH/qO9+MpfOAN0c4S92RSXthPiaq5Hh2Kgn94mj0KuLcsVvhNEdgeuQAbO4kPZIA+IcWYNnWs8RHm+jYSxAki4WJVD406Wx01yVCdzsHT1TBmDIzYO06iUc5NKzfnTbyLTU94Iu3YN/su/3Vug1DVaI/ALsFpiICzYnL8bAgELX8za4/6dzz31CFXl89Jo8mVq3xEhzynnO1S+BS5UIl3IaqQyvIhoQ1az81fhHgUTB1kfMMc9XMf2cDZ5qyfm+5xVv9w9fMHr0Fh4yy26byoRwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLnZNfSFNxFMdvaL0EQQQSQpQPQS9R0FPQQwUSPfhQBBb4EOTDIILYxnR7aBPmlPZPBptSDoxNUR9yLhduOrexBs6WpA+BlbnRmrL/f22lu99+58JiWE9e+F64h/P9/M495/y40dFRw8jIyH0A3GHEDQ8PXzCZTEt6vf7ioQD00mq1Uo1GE1GpVC2HAqjV6mNKpXJRLpcvSSSSUxRbXl4eCAaDvM/n4z0eT9XlcvkcDse1/wJIfr//sVgs3jEYDF8CgUCImXfZA1LO78PWrANTU1NVu90u/wewvr7uXl1d3V9ZWamGQiGkUimUSiXsZIrYdAfw7cplQckFD6xWK8+a/uovYG1tTReLxYSTnr2VC8ZisYjtdAEPJ3l0jQOBF7PYtpiRTyaFPK/XC51ONyAA2EeFTPl8XgDUlcvl8COZR3S7gEKhgHK5LIjglNvf319jTb/LsebwBDhorisajYJVCaPRyJOy2axQ5cbGBhQKxVduZmamRtS6oQ7IZDJwu92Ym5sDy4H96b3f3jst+cWbzfA/OIvPNjWkUim46enpUiKREMoiI5WbTqcRDofhdDqp8xgXd+Kj5Grtp0sP/tM8KpNivH9yCcauG+AmJiYWqPNkJACZLRZLXCaTFUUiEZiKztsnKrvMDFMH0HMS0LQh9fw63tw6XuBsNlsvnUSTIAD9DlvvUuOsWdk8/+E1Gp+c8jQozo2NjZ1jcy1FIhHE43FUKhUMDQ3VGgHu9qbvZesjgJmqMg5ZppioCSweFxLMZvNLtqZgywS2VGD34lcjINjZqgp3n99L9LQhKT+Kze4j8HY078+3NymEBHYbW9libA4ODu6x+e719fWFDu78u84zvezELSqbKiIzxf8AGfvxrzvUBvIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKnSURBVDjLpVPfS5NhFN6/0F1EF9FFBf28GhF0UWrkVQQZkamgbckoGEUsbVJgLl2K++F0bcx0UwZT07bZnG6yzc3hJND56ZYr59zELjSdm36NTZ6+9yOEQQyii8MLh/M857zPeQ4HAOd/4p8BBoMB3d3d0Gg0UKlUDzg+nw8kpqam4HK54HQ6MT4+DpvNBovFguHhYQwMDMBoNEKv17O12WwWiUQCMpmM4ni9XuRyOWQymYKRSqWg0+nWk8kkwuEw2tvbo1KpVMDxeDxsIh6Pw+/3IxaLgeSi0SgmJiYQiURgtVrZmsHBQVAUxU7U0tJSdKiBw+HA9PQ0RkdHuW63G0NDQ1wC7uvr45JvaLVaLgH7jbdE4f57iHxqwpzuBuZVZytZgrGxMQSDQVaDlZUVVgPSmYBDoRDb+WtAhY1JEXaCViC1ju0gQ9h688ehuiMjI0in07Db7WCU5prNZqI0l4wbMBXVbVKvkImbseF6h/2Fj8iterHwgU8fEjCF4kAggOXlZRAw6WwymRCe1WOLEuNg34v974+xFXiCkKEGQW3FZkBx+1Tejnt7e4nSUKvVUCqV6FcL8XOhDge0H3vfqkCvlWN3qR6LnSX40lZ8qaCRbG+O3t2YFf0BV4KO3UeSeomQshiS5zXbeU7s6ek5zSj9vqurCwqFAhrpI1C2Z8zYHtDRGvxaq8AOM0moowTh1ssnBAJBOo+AEUtMXrlcLlQ2VGwufq7HvE2GxEwZ9qLl2Jp7gSVlUarhKS/BgIV8Pp/OI2A8LWZsya7LRPyxu4qw5g4m64/Bpy6F/fUVGDqbWRsztaiuro789ZgkEgkaeeeQ8XcgMyPHTNM1mB4eT9nrLlysra0V8ng8AkbBayy7eoR+W3Um62wuzTrarrstovMnC13nb3Lp9V3T7PhSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZNNSFRRFMd/b96Mb0ZHEbFPTfqQNKpFkVZYFO1MSFpEkBAYhBht2rnKHIogCNq0qIX2QdHOKFHJooIKlDIrykxLM0VzbMYZx9F57360GC0lpgOHc7j3/H8czrnX0FqzYKefVOuDm8rpDr1CaoVUct4VQglKcvfQdP8W7WeeGQsaN4tMOAKlk8VSSYRS8/Gv27ZYLMG1BGALtAZHSmwp2BgJc/T7V2zpIOT8XcJJDXBsgUU6lsuLIwV7JyfZLvysjEawTB8+7cex/w8IfBrqZY1VyAphsn5mGrW6jLLxMOu8RXS/68GxRSAl4O6x5vrnn54GJkZCHJgxYMNhZG4JJeEwE/1B2jpbA28uva9frDG01nC7zIfLLEJjApyPumpqsq2TWVtqkY4b60cz9/peP6xaldNAsgTEXJATL4aTgJulI+QU52kM0Bq0Qi7fTcKdj4pNYooprHg/xlwo2bR0IDaGKxo+ngRcXHMIoe+o/bV+WXgEFQ0iopOo6SAqPoW2E6AVRlo6JgL3hxa8gwMPyPBUGX8e0tm8QhQtamdlUaKgEhkeR8bDqHgEPRNFGxpLhPC/fSyJiXqaxi8sHWJgdAC/Z4frc3uze+ojWtnouRl0Io4Ss7g9bvy9T0PYunxB/M8WqBuKkZ3V4ZoeQgsHhANKgjMf09wxro12pFwjAKa3QmYXJ1OPwGtGcPmykcpC5iwroKF4a2pA4y4f2jgg/Wvxfmsj81HjQPrLthuZwU4scxqRtQ6kUZEaINU+mZHv87SeI62r6zpCb+PqSLVnbLg8o6d1VM/OgqOXAJb8RiJTeeaX8UF+2ado/Nn+5/zyUDt1RZu9fe+vICldLPkNkalgK6EwqgIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZNNSJRhEMd/z7vr9m7t2oopZl/UoVWpQ0RC0EFL6FAQ4a0OXbrVLaJDEdStjhEUFQVBHaIuSocIomtWJvYFRhb51eqaH7vu7vu8zzvTQbENvDkwDAzMj+E//zGqymrCY5URBxh6vm/Ar21rM6aapwSF7yORm90PBP9NGQAWskc/ujiAUa9ly4EHNcYY0MVhjMFV8jtyA1dGdKkLEEvUqkbhZHHi1XngSRwApxXErgl+3yKyMfBqMSaN33yI5vZrCVQBARVAMV6q6VvPgcv/AKHxVCyRTaCiSPkX4UKO4uRravyNoCGIRdUBjnTLhQQq25Y1wKgvrowtgdoFwsI86ZZT+PWtgKGU72du5CWNbWeJJVKYeAYiL/4PEHrEk41kWk8vraoogtgxwj8vmP7+gVTzEfKDl0jXCf7mixAoVQBVjSpIaRCN5tCogLpZJJxh/vcwaxu7qN24h+Evj0nEF/A1gLDaBwGq4pBwCrFTiM0hNoctjjE7kSO9IUM030PDrtPMTIRIFCwfdhFgVQ0R6v6gbhoN86ibZnZ0jPrsCaj00/fwEalMmULeY378E7gqgFqZcaXpubCYEFdK44IGivkk4u0kXVdCgh+gQlR8y/aOc4y960Ws2GUNtBJcH759vB2lC0MaYwjq6hJbO896UnqDSpm93VnEjuOvGyKz7SBTE/e/Lh5whWfqv9NxZkPrsZtNO5NExT5ULe+ffWVvdysmth6Sh3l379KkinSuCOi7sX9098lHm2LeT9TNUOVkwCOWzJL7PMBQ79Wn8ZU+zAXW77/bXVZRVKQqdbkigqo2/QXSf1oX6zFeUgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLpZLNS1RhFIef897rNDSoUEFFIhpCi1okzKKyRSFBFC3aCFERRQTSItrUHxBFbQoEkYJaBdoQ7kqQwm1BREjmF2JWFuKgNTozzr3zntNiRmthC+nAb3fOc37nQ8yM/wk5ff3Z1cNH0vcWCpYyA1QxVbx6TA01xbxHzTDv8arUJeL86Ojszf77Hd1hui3dVZNMue3JDTVO5Qu+C+gOC7G5wsLyhq0XY3MAoXnj9tmWDQMu352hAjAFICp7DDA1vIJiqBpeFV+2ikyJvNG8oxavvgKgegVxgphhTjAxRAXnBBGHiEecJ/rwiLA4RW6xHS1vBsCtkhwgIogTAie4QBAHgYOaIKA8liGV/MLOtguszL2k0UYqdabVPxBZAzmpdA8CIRAoTvQTrAxRvydNfmaAILmLc81vGLi2+0yoVQdUHQBghgNMBA2FcvY9W1tP4gsjJLc1sOK/0Xh0H1Kc7wnLcbzmQAAzQ0Swv0BBqoF48TMuyCIuT6IuCysFln+UgtB85QoBVIpEWF1slP1EbvghkojRchGnP8HVYnHEx74pxscXroSq+meEqhBhafIFudHnbGk9iEWDiF9ibDCiplQiEOHp/Am6em/1hrPTM5nOB3GHeo96xXuPqtLZ1Mf+9mNE2R7CsJ7h1yV6xw4wl9iLGUSJTZnqvmxdfe0//rY0d8fy46fsXdehpccXW86vlxf+61W/T2df5X4NNRUW8sWJifkbl55MZtbL+w0EmEFfv0ZNiwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAETSURBVBgZfcExS0JRGIDh996OFIQEgSRhTS1Bg0trw937B9UPCAT3hnJ1kYbGhrv0BxoaXSsMhBCsyUEcoiTKUM/3HU8Fce4Q+DyRZz5DcOkdiqIIiiAo7xiCMXs4HI4ZisPhOMcQOJQbOoxxKHm22UUxBBbHM1cRfw58GUtMIAieTIwgxAQWRclMEZSYwCIIGYsixASCYsl4pgiGwDFF+HWUaDopbfCGHRp+nCWSTktFXvFDOKyuNNYp4LhFriPPaXW5UWAV5Y6HNH+/dbHJIjN6NHlJzMnxWqNIDqFHh8/U7hiEJbp0+ar0m2a4MGFEjie6jCrtJs1y57FuI21R6w8g8uwnH/VJJK1ZrT3gn8gz3zcVUYEwGmDcvQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKESURBVBgZpcFPaNZ1HMDx9+/Z79l8xubWhDVmppuynpJFS4nQ6UVDlCFh0EkQKaJ5t/KmJ0O6deiQHTrlQcjlaVGK+I/SyZwH10gtxT252WrP9jzff5/v5yveRJ5OvV5ZSon/I6eBz76bT1EVLxCj4kVxonx7aE3Gc3IacF4ZLrciqmgCiYmx61UayWnABMVHZX5RCDHRUWpi2SiN5DRQM4IXxQZFYsLlBZaM0EiejhxOPKVKCkIKQr3vU5xP2JAIoqwoRqo2cm9s03u+NnC6qW2Q2uMLZPbhgZynduwEVbIYyWJk6abiJGFcJEQoFRNvd52jtPKd01392+joG+Lfe68w/ePJE3kKQiYCNyZAArz+BsvGY4NS94rERG/reT4cmaPzha0s3LlNc+ZpX9lD26qXO/LkPJkIOAtBIAiLLuGCYpyyruVX9pan6ezfhaucork148/JaarO8U1TdUVBrQMRsA6sBe9ZrinWJ14qXGV08wSd6/dgZ78mK/5Dsa2dPFSolLdTMYZcjYUg4Bx4DyKICXQujrN/0206NryLffgVhaLgq33MXrzGeM8gq0rtmJol17oF78EYCAFCYCi/yO619+neOIL/6yRNzQm7uJZHl67z/eoh/qZAW3DYmqWQ6gZEwDqwjpm5CU7smyXSS+XWlyiW2sJqfhu/xdTgPuYVjDN48Zi6o6B1AyHAlq0wvI2p/A6vDX9Ey4NLzIxdZnJ8gV/OTjD6w36WiiXK3QNs7CkTxOOMIzu683jSICQnpBBpGTrDJx98DIXI5E9nmPn9AV9MH+OPhV66yz8jQYkSiaJoVLKUEs96f3uXebP/xfytV/tIRXfFzM0fHPl86i7/4QmxWH8VvTzD6wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEzSURBVDjLxdOxasJAHAZwwbfKkjlbJVMpJaYmxtSoNVoSsCLlekQSjcZNRUFFIUNxD5nqY7Rr+wiuX89M3a62lA4f3PL97n/HXQ5A7jfJ/Rng+/1LSsn72UAQ+HlWJp5Hj4Q8gguE4VAIw0GWwSAQWPl1sZhjv39Gr/fAB4bDAJNJhCgaYTweYbNZIY5jrNcruM49HwiCPg6HF6RpiiRJsFwuQQhhYAS7WecD7KzY7bbwPA+UUnS7Xdi2zdZPqNVMPnC6qPl8Cl3XoSgKZFmGJEkwTYOlzAc6HRez2RSu66DRqKNQuIAoigy7hmGU+EC73USr1WDlajayZZkZoqoKm0rlA807S6jeVoRKRRPK5RtB14tvJ8hxbGhaEWc/JLZrXisVKcvxR8AX6Irl4/8+03fzCbreyRfHFw9qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJNSURBVDjLpZNLSNVhEMV/f7UCy+iaqWkpKVFqUIlRUS3SHkSPRYugVbuCaFPrEgIxsKCFix5QtIsWraIIS5MQa6G1CTN7iKa3SAyt7P7v983M1+Kqm4oCB4bDmcXhzBkmCiEwl8pijpXTf+v0iKqWmimqgqpHxCPiZtF7h4hrO9DUufc3AVUtLdy2jxCUoEYwwUwJKgT1mApBhRf3bu75owMRj5mQnkwSVDDxmPoMisPEsWDxcq7ltXDl/JOgoqioipeTXZf2X88RcRRVH/znrtrZQePRWtQCI2M/slvv9l4AMgLn7n+gP/kddYY4RZ0iaZ3la0sWIl5wEqgpT7BxVYLLt5/nA+R4n+bEsi5+Zg1NW/botPUZnru0nNb8du70THFs3gNqyorxzmfO6H0a8w51KWS61aVQF6MuxnyMiScWx4qCKlo7d9LzbnRWIMe5GBXH/LyiTOKSSf7qtzZCtseZ4Cb6Kc1fTVXxZr7HU1zs2ITqWQCiI7s2hBAMMyMEI0xj6fEEu2uOocFQU4zA58kREgsLefbhMb1DT4k1vSTrzqOX0aukH0xUbqFkXT39Y1GqvHYfsTg0GEPjbxkcH+D9WB8TqXGGvr5nw8odrCmpI5YwHoUQqK6u3g60ACngBnCq9gxbD60/gZgipmgwPk0Ok7+omJcfu3n0+uFXpzREf3umw1crLHYOZ45YHJUFNdGWij30DHfTPtD22QkNyebQF/3vN65rypqqK6vP7RxoH3VGQ7I5vAH4b4GKxmhKLTs3ZVrxpTkMzsx/ARtuob3+yA7oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHUSURBVDjLxZM7a1RhEIafc3J2z6qJkIuCKChItBNSBQ0iIlZiK4gWItj6HwRbC7FRf4CVnSCIkH9gJVjYiCDximCyZ7/zfXOz2A0I2qVwmmFg3rm870wVEezFavZoey7Q3Hv+/Z87qDsiTlZFBJIGKStZlFSCTpyUlAZgfXXfH9BAPTCberVANBB3RAJRR8wp6jzd/DotALA9UcyZgZxis2QNijpZjSJBVqeIszTfkMY65cAjuHxmgSzGlbUFrp1d5ObGErcuLLNxep5hU3H93AqjYcXti4cZZ2OSDU9CnVURddqmIovTDmoev/5GVcGDF585tjzg1JGWo0tDDgxrThxq6XojieOd0nRZ6dVpBxU3zi/T1BVdViKCcTbcYX11ngB6cca9MSlGlprojHqcglycVJyHL79Q1Jn0TgBdb1gEbz9OeL81IYsRAakYvQSeC/WvVOiLE8GsM4xnvsuGe/Do1RY/dpRenIP753hyZxURJ3JQXbr/Lq6uLfLpZ6aIk9XJssv8VK5dNcQcmcl7fKVl89kHmu0dJRVjYTRHGVSMpELaQLVCtEY8EAvMHHUwn067+0LVybtvok9KSODZiaKEOJENihPm01gD3P+62Oq/f+Nv2d9y2D8jLUEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHHSURBVDjLpdPNTuJQGAZgL4FL4BK4BFcuNEZ03Mwk41+MMbNQok7UqCkGJWrGiZKiYJXKERgLpUVEIagcULSTii3KxC2X0Et4bXcmisq4+DYn53ve89sCoOUz9WJgnJXs7nBeJrlb8NlbBFKKMelL84PLcfu7wJhPcnDHipEs3SNz8wipVEPq8h/+nOnYjJeNb+6Y402Ala7qyeIDhEIVfunaWODydC1arB/kNERzOqbYLG0I/FgXnbEzDfJlDV5S0PuXBJs1/pWJ2ZZ4WuczFbAJBT2TxP4qMLKWYA4vdETMtD6PMPB8Uu9MtPXLFGG6XcTVNRa2vQoMeeOuSF7DQVaDmepq+ha+ewQHl1YRv3jAr2jJaBrYEhUzXYdYqGEnpeJ3rGxCZaySMkaWU/RdgE1cIyirIKfWid9jW1TN5it4+RIGFz8AWNU9QZxs4i+2kyo6R0NM0y9xdCVN944q2DxU0D4cGvgw4BwP22f8+bpPUEBOquDkO6xHbuAOUjABivktijl/AR3DPN9wBdZeSaaK/WMdobSGvSMNu7IGTrpD0KyAWMG07xwNgX5Gph6u+CJ11myyGqc3zvFz4w2grW/H9j/f+Qn6r94u36IRBwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVDjLpZO9apRREIafDVuIhMjGhPwJukashNjoNdgIqQQbG8U7ECy0i4UXIMQLEKxtrCwsRMRKbBSCoBhQwRjwZ3e/M/O+FufbTYRYZWA45wznnXk4Z6Zjm8PYFIe0LsDDG/1pm03jy5gpAzbIxga3q2wMv2Q/uPXo8wZAZ/P6qVmbrd7iyd7cUh86HWhFMvvcpKBE4fv2B358+7Rx+/H23a7Nq+PL/d7c8ipf3r+kjH6jhDSkTAjCRoISZmbhNDMLq4S4c+/K8rmu8fzahYu8fvaEwc+dKm5FIZMJIVMSIsXu1ltmhw1nzq6x8/XjeteG+ZVF1q/dRKMhVqBInElG4igoApXxPlEJpo4t8eaF6drgEIPdd6j5g0KoqCYpSRShkq0LlZps+ugJZOjWxxEuSQ6zVohETZIh1LTiNqYQGTVmtwQqiUZBjgKVICfVsj0Ll7GwpYvcI1AkOSyUYTkQN4twCjWB0jgryYTAjYhRkIPyH1zVilETOV19QlCSHAQ5bA7GTaEUDuFxZ9EmsCGLOLJyvv5AGmvvstVWlGt/7zNjOvevrjy1uST90+8Hz4HBVYkrwfPOYcf5L9lR/9+EMK8xAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLfZJtSFNRGMenRkgY1BKiL30yEkqJrCjrgxBB5Qtmyy3NcGoUuqD5skEm+ZZizpTUmZEw33ML06lzGoQKtRRETXM2Z1LOTBs6LNNw9/w7d+IiuevAj3vO4fx/z+E5lweAtxVRvp5Pqaf8psAF3RQfngtBa1OvCet2Bq5Ge/80K5nkCntR7AwhsP0imF8msCwRfF4k+GQlmFxgYF7YEKerDJzV90vKexwHZm0EX2hw6juBaZ6B8RuDsa8MRiwbggL1IP57A7b6NK36kYbH5xiM0vCwhRXYHYKMmnd/gwlH+dvunPTOehy623ZLlrfO9oCVbA72JsMzjEPK2QP5Gb5UGewJxcXtKBLsQ2JKBkR5OkfHq/QfnKKlH2uONd0f/ecVioM8OzXyC+hRRKFAeBC3A3dAfHwn7ob71tCD5rnFlc3gKiVjM+cUlEbsqZ4xqLE81IT3Lx6gXyXDUMsjpGQqRip1Y2zwJ0W6tWfOyZUQQepEYxpZHW8FTFqsGdvRX5dORLlaKw0mcP0vTsHekAYPXkDFE3VxNplU3cREXQrMdRKoCnOI+5Gycu9zlR4uBbvON7l5nNbkykunGL0VkGvfQqo2QFJtwLNhIDHfZHc/UZvpFVThxik4FfEwNS2nDc+NBMkDwI0+4LoeiNQAV+sJcrsIxMnNJDD0noxTMFt4CAPqUiSp5xHbAcRoCIQ1BBFVBGFPAYFiAYPNSkxl+4JTYFYGv6mVxyBU2oe4LiC+GxDrKPR7rQU4G9eBl/ejMVEW1sspMDUk8V+VxPsHRDZkHbjcZvGL7lrxj+pe8xN2rviEa63HLlUVvS6JPWxqlPC5BH8A3ojcdBpMJSoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjLjZLta5JRGMZH/0X0DzhG0Wy1PdVG6aIGtYI+9CVhRSt6gT4Vgavl2vI9LVIWrWL0KZTYpBqpFMUMZ03aMpXVMttLpPX47qPT7eqck2NWzjpwcXjOc67ffZ37nBoANdU0M9RqJkJJ5j///5e5mPvEVAnyb3PGi3z0LgrJZ2R5iUFCFslAVUC5OfdVj/z3weXqoCM0yMFt4p5XA7DI1CzMXkLu200i5y+IVYKlIo/pfjGDrAqgkamZaU7BIIWEE6kpLTLTbVjMvcCUcSNWTyC8JwnUKxAG6kHSvxtxbxM53kP4u2ormtfQHkRGzxLDZSQmmpH5IEM2dBKpwAHExhtQiPXB310L+9WG4N/3bduFiOs8FngrqcYR8z5SvRNJ73bExsTMHFDUwaHa7PutidS8VEyQczqQnZUjPilCxteI7OcrmHnQghHXRZy7dRjHr+2HrHfHYtuFDV0MUP7S8hELUsF2UqkOKX8zhLAGHo2Y16ulvMJyBI98Jrydt8PgOIVDhvVoPL1WV6ocJ5GHkA5KwbtFSAd2Qviixmut+IdN1XRfpmwVht8ZMey/wd6BztkJg/MEBQgUkFyIOUizOPAuEbIf24m5Dx6tmH+s5W7TmHvl9XjiG0D5sE2aKKB05+lXSPilpGF7kAn3wK2qj4/ouf7l/nBn1gla+1Eo7R3MrHzasZIgbJWMC9FRZMPdEObvYUwjjtmNW6+XXy3Z2HtQJ4LefoxVpjP9Zj3w3GmRT5i3zL0xborSM780bVNWelxks4ooSWOXZhVd/wllWOl+7RbUkgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE4SURBVCjPfZFNS4JBFIX9UfOfpl306XZ+QYhG9UJtiihq4cJNQdQsIulLKhs/CAlNy9JRX+slKel0nFdCjOJsLvc8c+6dmQgi/+unKIqCyuucNTarb9SVGAOKsmAaCNCn3lBHxlzIEYC23wPQQxc+3lkFOPXTcggw3AzsNlqwVBMNh2hzKByQV4NGClGneWoOK+yUkFIOyOmAsVFcurMveMYZZrlJC7vaAbe2jw6B0HxEDPeYYfWBLeuALIE2g8/ZrNKexhGBOjPWQ+Bad7lSEhNs7tGewiQWeZ8y1sIRGVXFF80nxtewSeAOFXziBF64ZFocmw63rlFVPGADRR6owDOeGD7Ugdz3m2y+uhyfp8vw/IQceeqk3DEZjgg4uwSNhInJsc/aFqtqWS/ZuI3pBRUXv37zL30Ddxx1NEzXzZIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIcSURBVDjLY/j//z8DLqyePcvQuW7VQomESay41DDgM8CpdkVm94YzD0RiJ3Iii4snTGIjygD3xlX58/de+y6ZOFkAJqaQNk3Hu2HlaaIM8G5eU7r+5L3/silT5aE2q9UsOfw6ecJW4gwIaF9fc/Dq8//yqVO1hWL6pZuXH30+d8/VhymTtyYRZUBw58aWc/ff/VdIm55as/jQraM3Xv71a1pZTXQghvds7rzy6OP/vk3nvjx4/fW/V/2yuUTFQgc3AxOIjurbMuHuq2//t5x9+D+2d+N+gtHYw8ssv1xNeuYuE60zc2UEOzNn7D5z4cGH//ETtx8Vie3nxmsASPNOU53r591s/p+yM/503cf+/6w9N/4/BLogatLu/RJJU6ylEicy4jRgpYbsnDNu1v8nCHFYTRBkD77iYf1/zt7b/5edeff/no/D/4vOVv9nSPJn4jTgsI3Rm7V6yutB7BWqUjMvBTj9L118+t81f8f/ixXF5h6w1L+yz0LvfjcvExdWA/Za6d87aW/6dLOB6qG7Xvb/12jJH9pkoHL6mI3RpzYuBua50oLlJxzN//cJcShgNWC6JH/ycVujH+eBilZrym8AapLYoqu8/oyD6d9WTgaJFeoyU4/amfzo4WMRwRkLvfys8n0CbGpd3IzMIP5sGaGCm94O//eb6ty96G77f6W67BKScmMP0L/L1GXmA732fb2u0k5gTMmgqwEAFiuGP1TJcvYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLjZLbi1JRFMb9N3ro8mYgPqSBCIEPoQSGYYVREkxxTLQsREkjlRG18doxZbyGF7y8HAONQUgnENEHQyFmJqEnoQf/gBDKl/na+1RDEz6cDYvF3uz1W9/+9hIBEP0f1Wr1XKlUWuRyOaTTaUSj0W8+n0+86a5o02GhUHjX7XYxGAzQ7/dRLBZhMpn2BAMSicR4e3sbyWQSFFSr1WAwGA4EA4jcMc0ulwudTodXoNPphAOCwSAPcLvdaLVayGQy0Gg0wgFer3fsdDoRDofRbDb5p6hUKuEAu90+LpfLqNfroCpisRgUCoVwgMViGdEvJErQfGrD4rkTP23WYzx70iPBbAQ0Go0LJNbUcbPZjHw+D/KdWHpe4PiQNJ9+wrrF4cvN2zAajb5TAFpM5K6n0ykCgQD0ej1kMhkkEgm4uwZ8jcfQzLjhTN/Do9c3YAxehZq5/PEEQLryxavVCsvlEovFAvP5HLPZDKPRCG/qIfi5B9g72sXnZQ9s34o7rBSKx2fifycPk8mENy2bzYJlWYRCIXg8HjgcDtx/pUbnMInOPAW64vsmsPtmCvjBA1KpFIbDIWgmcw+/38+7b7PZwDAMrr+8hO7RW/y73h/sUsBvIyKRCD/zdGzb7TY4jgPxBZVKhTfyiu08Yr2H2Olt8cU7H7ZOK7BardBqtVCr1XRgoFQqIZfLIZVKIRaLIb12FrfiF5HoMXxnmun+xAMhQS6HSXynsv/kMD3/Bc9MubHqnCOyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLjZNfTFJRHMdBmX/m1Pln+qDTNjcmD77oo62trYd667H10nNPvrbWIy+u0FFAOhrMzWZKXaYE8YAx4+Ll8kfL/NPoIuBdmAVjCQQb1LdzLkg2wzrb5557zu/8Pud3/xwZABmFNLlKpbqi1Wr9SqXyKhkr6FwFxejo6EWj0cjRNXSumkcvAuk4QsBuRyKRAG+zSWOhAr3fcDqlWMjhqMYqG8vkdLDV2IhdloUoitgh/dv6eqTq6iQ25XLser1SjK7ZrAgq1ZUF4ZYWMHNziMViYMxmbHR3I97ZiXhbG4LNzWBMpnKM9Ht/E3xtb8fq8DBm+vvhGhxEZGAA0b4+7Pf0YI+I7K2teNjUhJcNDUiQis4IMl1dOBofx+exMRyOjEAksvjQEKJEFCEiobcXH0lVQkcHUgrFnwKe51EqlWpSLBaRz+claKNzNKemIJfLIRAIIJVK4smSA48ZN6YtPPTWEGYsr1HIZ88X0GSr1YoF+xosngjCiSyiyQL4yDFWeBHzK2/g8/nOCmipJxKGYaBn/NgRj+GPfcf6fg5ewtanPHRL3tqCE6hAs+iD8KWA9UgWrJDF6ocMQgcFPHoRBMdx/xbonvPYFjNYC5eTKUGxgPvzrPSY1V+ZCkjSj9MCyuIrDq7QAYKxHLhYHgGyu+1dBtOzC7A/1f0WuFwupNPpb1Ry+mUmjpJwsu9JJRwM5AtonvGYmrUgsGyAffIm7l2/cEMS6PV6uN1ueDyec2HJOWBMU3BobmF7+QGME5dykkCtVrPkGON/mbx7G+Y7134aJi7jF1A6sIfsK39SAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLjZJbSNNhGMZXF912FZEVpOaVFFSCmhe2/iNqhYVsmo1tDXUiJjNnrC0RMxVFxTm3ecJDeSrblorpSFAJzxptOrfFzJnuUJDplG2ZrqchtaSGePFcffx+vN/zviQApL2STQvgzFaFOCytx7HQFLjVyAuqjwkPOvTnfU+YRz1BmJsDPda2Y9idmrRg8b4E9ewjEqsqDDZ1MlzjZbApo2BtPwldVfDqvgRy2uEyu0YNx4gcW5qn2BiVw/K+F4NPzpn3JYilxnH1LZk/17UKeAwqOHWdsA9JkMe6pPQr4JJDODLOZYeESYb8LrGVGn9mWiJI+2FX8rHc9RiWrmQYW2/D1FUATf0VaGWhLB/MjjpNyDgUj5hBxu40lPNQWZOPF01M2AcEWJvpATasWJ1RYLT06hefoDz+/HBt6i2ochOhb8tGK58OCZNAdQoFr8dY+DqXg83lbu8XSuCaVWF7cRiahuRtn0AaH/zSNNj+X2Hqkkis6LLhcQ3D9fEeVibTYWhOxGQdEyZZzN6FWfoz8W1WCI97DM55NtxLDKzrRZiroyCjPA62uht/BQcvVAilwnRfYYZnDNinBL9hFtyf7sChewS9nACn8KLtATc3d6ExgbEDH4h6nhTLf7cx9Bko7FBCLBNC15flHfst3OZEfF9iYs07iUlGuIylEad2b44USK2m03k9zm6DB/l6QNTSjrleEbR9Ylgm6HCaGVjRPIRWTHEZyyKC/r0V0kx+2Pa0ohL8V3aw1UBHMQGsL8JYS8OAKAAj1dcwUEDGvJQKf8dGMldE2xQF95GQMw7uGyCPexabY1JsTlRgwgu2cUNQnCXYKcyv4ENzSmRvXqwonN7SGZYxBVr0URSyQ9FfdB0NRUmIuFm1XJmVtFOYP8EvH33H/9EvkWcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABxSURBVCjPY/jPgB8yUFtBdkPqh4T/kR+CD+A0Ie5B5P/ABJwmxBiE//f/gMeKkAlB/90W4FHg88Dzv20ATgVeBq7/bT7g8YXjBJf/RgvwKLB4YPFfKwCnAjMH0/8a/3EGlEmD7gG1A/IHJDfQOC4wIQALYP87Y6unEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIbSURBVDjLpZNfZNVhGMc/7/v7nTq1P9Vkso0kJy1ZjZWZ6CKTlMW6qYmUFNkuqpslYnSxXYwolXURXdRNTRszRU2aWTRbaTctUs1pSjSn/M7vvH+eLn6nsYixh8f7PK/3+fD9eh8lIiwnNMuMZQNCHtb/R4MH48EasB5MAaxL7hxQEIghBCDT9s+sX5zOg3NJbVyxtvDiQREAkMuC94grPrAWcRaMRaxJemMQa8EaUpVbIZK/AAERaLiESpUhU7cR59A7ToONcMPn0QeuoVJp7EgP8mUSjCkCrE20iYdUOTLehWq8gnIx/vUtcB69ux3Mb8xAB0HdUeyniQWAxpgE4AV0CKUbwVtkfhbd1ImuP4WfeYJav4XwyB3851fgE4nEQkiUT/R5jwLU9hPIhyEorcY9akPv70Vva2W4r5URX8J89AsTaZrjrxyLhZDYJjTvwRv8xHX0rgvI+yGC1nvgDIODXUxVrGNvbQM1FRlGph8z8O4l38sDlPRUCTuPI/xMXLcWMYnTYhL3z87lOXzwEASaltoOep+dIUDT3z+IJhIwBpVPo/Or0PFqAlNCYMsJZS2hVPAt94OUKqWltgOAi/v62FxZR0FBSCTw/P7Cz8IJFBafueo009kx3mRH6Wy+S/fTk6SDlawQUEvZxsb2qqs1m9ZcbqrbQ2ZDPTNzk4y9HWX243yvWuo6N7ZXdQPngDIgB9wcv5Ht/APUTCZid72ZzgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEzSURBVDjLxdOxasJAHAZwwbfKkjlbJVMpJaYmxtSoNVoSsCLlekQSjcZNRUFFIUNxD5nqY7Rr+wiuX89M3a62lA4f3PL97n/HXQ5A7jfJ/Rng+/1LSsn72UAQ+HlWJp5Hj4Q8gguE4VAIw0GWwSAQWPl1sZhjv39Gr/fAB4bDAJNJhCgaYTweYbNZIY5jrNcruM49HwiCPg6HF6RpiiRJsFwuQQhhYAS7WecD7KzY7bbwPA+UUnS7Xdi2zdZPqNVMPnC6qPl8Cl3XoSgKZFmGJEkwTYOlzAc6HRez2RSu66DRqKNQuIAoigy7hmGU+EC73USr1WDlajayZZkZoqoKm0rlA807S6jeVoRKRRPK5RtB14tvJ8hxbGhaEWc/JLZrXisVKcvxR8AX6Irl4/8+03fzCbreyRfHFw9qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVDjLpZPNS1VhEIefc7wXTNQopKTM4IKRaB+GliQtKgpau3NjRcsIzEW1EQIR2kRUUP9AtHFhi4rAqKBCUDOEkDIQPzIIWpjX7jnvO+9Mi3uvUBAIDgzMDDMP/JiZyMzYjMVs0jYNyDDc9h8NCl5BPIiCdyChWAuAM0ghA0BTzz+z+rcHhRCKsQ+lWODN4xIAYHUZVLFQahDBgoAXTHwx9x4TAfFkd+yHgpUBBmbQfoMoW4N9fIiFQHzoEkiB8LyP+Nwdomwl8uoWtjgF3pcAIkVtppCtxcZuEnUOEIUUnXgAQYmPXqb/WQ/5NM/dg/3E85PrgBjviwA1iDNQvRdUsJUl4uPXidsuorMvSILQUNfM+fFBnAqIQGpkKCRFfapEQNTai319St/UfUwdzgJOhF3bmmiuP8Zqskb30hgjfjdbUiNDWqKpgnp08h5xx1Vk8jZnWnoJpgQNKMbyyiIHGrrIuwInF0YY1SoyFAxSDyg6egVECE8ukIgjmDL/cxavgqjHB8+vdJXDe06Q97/pOPK2BPCeKFQSlVcYAokkSBB21jYiGgimfF9ZYHt1PR8W3zEzN87w9FYiu1ZveFu/LIKBg+6uahLncOpIxJGra6Ezd5aJhfdMfxrl0UwN+5IKoo1+Y+tgvNbeeKrq9ZeX35xyennIPgMbB+QGorWgFVUFDbkfQzZXrv8BKB9RM6Fzq8AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGNSURBVDjLpVM9SwNBEJ297J1FQBtzjQj2dgppYiP4A1KZRoiFrYWt9rHyH6QUPBDTCimtLNSAnSB26YKg4EdMdsd5611cjwsIWRhmZ3f2zZuPVcxMsyx9fPF0NRfS2vM7lx2WtcQiJHvDRvZMluXMGNHstJH7+Wj09jHkOy1+tc3VxeC+P6TXT1sYZX2hT7cvS6lepv3zHUp2T8vXNw81dXT2yGwEGeERSbSVCC5qysYa+3vm9sJGmLFojceXJ9uklCqUIAic5G3IytahAAhqqVSiwWDwx6nogW9XKhWphaGAvC50Oh1qtVr/7oAdCwBQwjB00mg0qFqtUr1ed3YURZM7X7TWTqM2Gm3CASRJEur1etTtdp1DnrafFtJGMbVNGSBas9l0DrAzR6x8DdwASUB0RqNNGS2/gH7EInvCwMhkZTnlnX0GsP09tJER0BgMoAEAa1rETDIQvBkjBZeHMIjjuNB5Ggg0/oZWPGrHGwd7Fp9F2CAlgHKqf0aYXb6Y2mzE8d/IfrXVrN/5G81p6oa2mIEUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLlZJZSJRRFMd/39JipZXZmCURrRBjKshkJW20CFGSQlAotENQr9FT1IP2HoFPFRFhCSMYGS1GEUUrkZHY2DItUs30kTnjrN9dehhzFAzqwuHcc+6f3z3ncIyL9/uPa80BqVWxUgqpQCiFlAqpNEKqESaRQiOVetZYv8gHYCutj9T5cgv4j3Piyrtlf+62VKoAoP3DBYQSCClwlcCVbtZLMfx2bEUjrisnjABoAHYt3fdPv8eSAldIsgCpAGh5EP4nwLaKfNIjAWIIALCzykPrwxA7VhUO5/yPQ9RVZmMnkhxdgSsVSmtsC/yPwliWSdvjMIYJ5pCo/WkYtKIodJ7C8V/wMh+oAMCUUqEB2zKoW+HBNqG20sN2n4canweAGp+H1RNusWBWiDlVu6ld8poXTYurAYxTbZ/0oU1F3O/5hWGM7tc2IZZS5DvX8ebdY3rpRmJ97xFRxcC7V/HAs679tisUWmvGWVBdPpPOLocNpdm1uP3yB4tzAkwt2YKMdzOxoJik7KNoTdkkEetvtoXKDNEyDTq7HIBhbxrgKuiLz2Ba/0dMy8EwY4zPcyAZZ/BbyrKFEJkZmLCupIB7rx3WejMVJMPdBB+dIX+6RokEpvoFZi7aTfPmciDZHYgctF2ZacE7dwrffiZYUJhD8Psg8vMNjM9Xmbe8Cp2+hSGj9NxMYSWTJFKSjx8i9Q0tQb8tpX54suVtWVqqya6QuEIiheLw7A7K128g7TRj21N5dSfNpU+bCedVMBiNd1y7UOMHQGs9pn1pq36SCjXpWGCrfn56ZfTsnoUNY+nsv63s16DTGRm4Oy/+M5bo7f1xdO+5t61j6X4DmUx477d3qncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLjZJLTBNRGIUxbeOGNLrSaFxgdOnGrS4MijtWLkjcysLEuNEoqDG4IDIpNCUlLVLbQFrsI0Dpg0IfIzYiCyRQA2mb0tQG6QOqbemkFanY438nofFBCJPczOTOfGfOOfdvANBw2PJ4PHKXy+V3OBzcxMSE9N/3R4EDk5OT5fHxccFms3Fms1l6JIGpqSm50+lkcGVzcxPlchkE75pMJm5kZOT4oQL7sN1ur2QyGdAzKAIEQcDw8PAvvV7vHhoakh0o4Ha75fQxvw8z0GKxgOKgWCyKTggWtFotNzAwID0QprIq6XQaZJ/ZBjnCcjwNlScMx+I6NBpNTa1WB1Uq1Yk6TGXJCeCpLBEmBxgdHQWJIp/PQ+OLov31Ah6alvEllQHBQl9f39UDYXIAKkvMnsvlEAwG8S1fwDNbCLb3Ubj4OfT29lY5jmsWBehv/NjYWHVrawskAqPRKGZnMIljdnYWyWQS4VgCb5w8g3cJvlwvkWC/1WqtpVIpxONx+P1+EWYOpqenkUgksKTrwrvb58E3y+C9Kcv4WiSddQFqWVhZWcH29jbW1tYQi8VEB6z5SCSCj6+e49OjK9jxKFGLeFGxPsDivUt7/uvS+6IAlZWdn5/HzMwMCoUCotGoKBIOhxEKheC7dRbfCYa6Feg4CbxswlfFNfhuSD6LAjRZpwwGQzUQCIhHx1ovlUpYXV0Fz/Oi7dqSHX9exa7TtC+t1Y9Rp9M1Dg4O5lhmdoQst9frBZW1Q5mzZcMdgKAfjxtQoLV+VwLqIfXXINFkNfb392dZflZgT0/PTnd394W5tjMvFtov/sx0NCH3RIZE+zG8bZXueVskT/8bZaVS2ahQKLIECwze3//Qdq6T/phktum+wWC2/xtU6N71e0LFhAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIuSURBVBgZpcHNi01hAMfx73PmzHWUO0QmbiOhyQyZMYWGRhbYSfkLpKwYpSRTSikLxE7IxsrGSmJBGtSQnXfJ5CUvg+G699x5u/ec53l+zilFNtR8PkYS0xEwTQHTFJJ5dX3to6hlxQpjAn4TjbHXH5ytrgca/MmQm1i+7akNyRgFHYv6LjYbY0BkBMZg69+Xfn109INA/NJUaJFcOjr+efAgcDkkZ1XHJzMaX87hkiYIWjCmSFTaTGndiQIS4EEeECaYtWD4at8R4HJILjWBfIJLCsgLP/WedOIr46N3aI4WglLwCZIFLMWOQwXkF5MJyRlF3k6RTIKSCdKxGsWOnUTzOgEDCPAgAcKEc8AFIZmQXBoQzmxlTuduwIOE8PjkE7Z6C7kY2RjZGnLjRG2HoSFyIblUkqvjJ58gFyM3hmwVn1aQi8FWGRyucPedI56aIrX76Qlc2A6E5BpI3uLTb8jGyMXIVpGNkatw42WFp/UimzauoW1uO7efX+Hes5HwUn/pVEAukQwO2R/IllH6HdkysmVkK1x7UWV1RzcucHQv3IozKb2rNpDZG5BR4it2shyn4wVvJ4vYxnxc0oZ3y/BuJaO1Ms1mFts795E7sPkCy1q7yEQhGdUbJ9+c37EOsQVDkb/UapXo+ch9Ho8MMbD1Isdv7iJqmkGmbiTxL739pWNtS2Yf3tDVR/uCHoa/POT+kyE+vo1PG0n8j97+0nFgD1AExoCzD86MDPwE/3Mt+7fw600AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLdZJdSFNxGMafc3Y2PdN2pGYjsdS2WFu1oiy8KKSINPqAGtgwhMgKrMAkiIigu7oIvRDCPjCKgj7og27sg6ALg75EW2roMldGpbk2t7nV/uer90RF2Drwuznv+zzn+f+fwzU1NfVpmlZCfGltbXUiy+P3+1/LsuxUFGW4o6PD8/dMIKFLVdVLxK5AIKBnMyCxQQtRPXUmkDCH2ErucmF9i5LL54ApOpgG7C48hdn5QN2BJwKJKwnvVAOehK+INiL03HxWTIlxkbfaRV20i2H4REkcFRljQ8QFIvhPAhLaiEpCkcwv0ZnqQrmpGbzqxv3oFgQnFoGxHQp9fRshZTOQiTANFzlygOUz8jHB9mIy7UM0vg6hZKFxfo0wdhz/GNBL9stgQZXDCQtnhYIypKRxoOgyNE5GO2PQVPld/Spu/ciNqheZ8Y+n5zX0tRsGXE1NzQiJow6HY3EsFstWAnp7e7/5l6ixxsbqIslbi8iTluinF93blx4J3TMSJIg74XBYcR+7s0ykFmQVYFRovf0MivM5nDz4KrJ/z4piyV2O1Pu7ME9zTy+Yk7l5t3HuLp5u1kKUEaanmRNIqMMU1+geeJucCZvSg3K31Vbg28ip6TfItRdBsAKzKpdYnd45bQIJzZSgjOD+10Lex81Mjr0Db4qA41Ow2CLA9zQmP2dMxhHixDWiYWoL1i9erGFPYVtTWqAp/eC1CfpzpkGXGQauDn7vH0zsMRIsJnEtUbraXqJbOBGyWAwpGcLcTA/nrqiFzh6YOXUU3bdjyMt8HjNxHELDiX11V8I3DQPSyucsFsv5B4fH/tz8gbUaPBt2gkXaIAgS+h9OZo62D6mHF4rzcvNMCFwcSf5c9Pl8Ax6Ph7lcri5d1/GbD7eqn2XGjuupwU364+YKdaW7QOd5fujvHQMhGAzOz9b9p3DkYSL+qDQdTX17H/p6qHMgdj3b3g+UOcQZKOdjkwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJdSURBVDjLpZP7S1NhGMf9W7YfogSJboSEUVCY8zJ31trcps6zTI9bLGJpjp1hmkGNxVz4Q6ildtXKXzJNbJRaRmrXoeWx8tJOTWptnrNryre5YCYuI3rh+8vL+/m8PA/PkwIg5X+y5mJWrxfOUBXm91QZM6UluUmthntHqplxUml2lciF6wrmdHriI0Wx3xw2hAediLwZRWRkCPzdDswaSvGqkGCfq8VEUsEyPF1O8Qu3O7A09RbRvjuIttsRbT6HHzebsDjcB4/JgFFlNv9MnkmsEszodIIY7Oaut2OJcSF68Qx8dgv8tmqEL1gQaaARtp5A+N4NzB0lMXxon/uxbI8gIYjB9HytGYuusfiPIQcN71kjgnW6VeFOkgh3XcHLvAwMSDPohOADdYQJdF1FtLMZPmslvhZJk2ahkgRvq4HHUoWHRDqTEDDl2mDkfheiDgt8pw340/EocuClCuFvboQzb0cwIZgki4KhzlaE6w0InipbVzBfqoK/qRH94i0rgokSFeO11iBkp8EdV8cfJo0yD75aE2ZNRvSJ0lZKcBXLaUYmQrCzDT6tDN5SyRqYlWeDLZAg0H4JQ+Jt6M3atNLE10VSwQsN4Z6r0CBwqzXesHmV+BeoyAUri8EyMfi2FowXS5dhd7doo2DVII0V5BAjigP89GEVAtda8b2ehodU4rNaAW+dGfzlFkyo89GTlcrHYCLpKD+V7yeeHNzLjkp24Uu1Ed6G8/F8qjqGRzlbl2H2dzjpMg1KdwsHxOlmJ7GTeZC/nesXbeZ6c9OYnuxUc3fmBuFft/Ff8xMd0s65SXIb/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJySURBVDjLjVJNa1NBFD3vvXxhWprShrSxbTbGYEs2hUoXBaELaTaCICEQJd2Im+JfcF2EUgT/gH8gKymIttkIIlRS3dgs4kfSpMFUmqRJXvI+xnsnJiZ2oZc3794Zzpx7zswoQggcHx8L27bBw7IsOUzTHOThYRjGIMfjccUBCgYGg3M4r9cBIkTvk7WQSQxqzpOTPuztveQZBgTntRoeP3uL/4mnj1bQ7Xb/ELCkHj0wN7+AsSsuzPu98Lgd0A0Bw7RhWNSIMO/eZyFsgU6nI/Eq/9iPlEmhKApauonTcx2tjiUdmbSzSyQds4fhtREFTGD39REBkzRaJmzRgc/rhMOhQaWu4jeBLezLBHQNvf1DJO2uha5hw0uWNE2FqvR6MPYSAYYs8JAkDGZLZEVRRW9dKvjLAk9UTR4Hvn398s9b0MhSn0Dhw0un02Jl5SbqjQbabZ0e1mcUC9/h9/tRLp/iWvg6Qgsh7O+/xsxMANXqGYrFArLZ7FhfwU4mc3BL13Xl6OjoajgcDqRSKTSbTQIWkclkGp8+Zp3JZNLtcrmUcrmMw0MX8vn8E6V/fRzLy8t31tfXXyQ3Nyee7+6eVSqVqdnZWUSjUfCmarWKUqlkjY+Pv9ra2oqR8po67M3tdt+eoOD6/oPUFD+WRCKBtbU1xGIxbGxs4OLiok1xjzEEdTuGCXw+H6irrDMHb2Te3t6G1+uVNVtSVdWjaVqa5ycnJ/qIhcXFxRtLS0sfVldXPcFgEB6PRxLmcjlWh1AohEAgwE//Z6FQUOlsTkcIIpGIRp6j1DFNBH7apPFzJ+8PueH09DR3dpI1i87iBym6+wuQ3GjC/VvaWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGcSURBVDjLxVM7SEJRGP5vmVfpAWGFERJUONQWLtEQOUQRbUK09IDW1mp1KKPBsdGlWqKIqGiLoq0aggqxraFARMpX95535xxCNLouDh04cM7//3yvwzGEEFDPaoA6l6vyEj3MaDmcc0CMX23NdY9X9iPxlxijsHK8GmxxUMAh1O+BAb8bEKZVnZntVMyisFYiotnRgkU4UMaByC0Hy/XpzWQ80GGuTwy1GUULO1tQrIQJQBLIsriuTW4kE71d3qWg3wNM9gqIOYeoWDHlGuALYQhHn/cCPnNpsMeEjyIBW9bzP8B/KlCsSAJ4TQNyiI0M97WaPe1NkM4TyJco+FpcQC3irECxYsVuM/iyaBFTplltzHU+6sx/KagCKCDlX0A6R5TXp5O77NHl4wd43QYYoOwJEAg7A6iEEZHsMijpVbzuhCLPqdzBzcMnNHsadT7CZrUUMB2gjVnZ6/v+6GzqMbt7e5/V+fBaIaqEbfUKEqByMH0enu8cu+AE0QVBqDOAYk2cvUmfUiqrHsxcTy36QqcE3K7lyrrx77/xG/TSBY2ALCinAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLpZNLiI1xGMZ/3/edOWZojjkiudbMuEVMM4SMBVlbSUpZyAIhG4qlkcJWycZOSslCMTNFuYVpRrkzLuMy5tA4xulcv//t/Vt80ZTLxltvz7N43vd5F+8TeO/5n0r9JNLTs9A7t8FbO0WsfSvWdtdv2VIAKJ45kxWtt4rWh5xSQ6LUyeldXVcAAu890t29zzt3hPp0ljBCyiVMofhMjNkmWldE64t1U5qWTpjXiiuVqDx8RDX35ZxTalfgrl7d6K2+HC5cQBBGYAyk05jhYWrPX350WpcbWpsX17e0QGEMwgiasnzv7eX7oyfHUmLt3mjWTIJqFXJfwAlYS13zHKKV7XN9rInqG6D/AYgkBo0TyXSuId/Xvz0lxiyJMhkYegfGghdwDl68JpycgSiAwTeAgLYJ5scIWgUXx5mUGJPGOYgVKJUs0CZZMpIDaxNnEfAOlAFxYDSilKRE66K3dlpgDcQ1sC4ZtjbB8dxacBZSIYQhTqkwFKWu28FBmD0TKmWo1SCOwagEdZxgrZYYlEowv4X8jVuIUudDp9SJyodP7+NPI9C2FNJRIipXk4FqDVQM1QrUhbB2FYXRMXJXusdE667Ae0/++PFlotTZhmzjiknLlxOO5mDgCQRBcnq1Cm2L8M3zGO3p5fPte0/FmN0d/f13gp+v/Pnw4clOqQOi1P5sR1tj46wZcPceFMuwdjXFbwXen7+gRevTYsyxjoGB/K9PHF/vduxY4ZQ61dQ8d/XUDevBWfJ37jJy/eaQaL2z/f79a+P1wZ/C9Grz5ian1FHRek92zozg68s3l0Trg+19fUO/ib33f+3H69ZtetjZuf9fmuB/4/wDFoO2ZVesLdkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpVM9TFNRFP7ubWvb1x+QQAtRIFaRmEakaYiGiJaAurioiYsxXXVxMHESB40TJI5OOihxq0sZTDBq6kANikAJNLSBAokQ29q/1x/69673PoSoMS6c5Oa8c979zv2+k3MIYwz7MYp9mvb3IBKJ9HB3T7BSFAXcW8Q3P/KvWOTHXC5XaBdDRDIajZ7jflyn03VYrVYQQnZ+cr9bTJjwyWQSxWJxg+dv9vX1fST81SEevLXZbKRWlLE++wlyfBO5+BZq5ZIK1BkkWGxtsNoPoePUaTCdHqurqxzGLpDl5eVZDu41m8148+QBVoLv/qv5aP8QBm/fR6lUEsznNF6vd2xtbU3vcDhw7IwHBTmrXqxXymC1GpdB0XnSDvfFw7C0n0XXwGUYG5pUOYlEQtJyBrnh4WFLuVwG7wEGvHeg0WjUIoVCAay+jVx4FJbWfjQVMjB1diEej6t3uIQkTafTU3a7HQaDQaUVi8WQSqWQzWZR4wwK3yZhanbD2uZCfuMDVhYDKrharQoWE9Tn8z3f1ScKCGr5fF59XU6uIL8+CUtzI+o5P2zOG6CJ99BpqcqCMxihCwsLOQEWIJE0mUzQ6/WglKC6NYmW7ivA9ldMv3wFc2MJJL2E2o95wS7l8XjyVJZlRXRTkiQIKep4Uop6JowDrAzLwSKUcgxgCur5zzjiuYvU/DhQyYyqd7mWkNPpvOX3+8O8H8hkMqCEoRD1obGjF0oxxLEluK91Q6ls8l5F0OI4D33osX5vEsnO6EmBQOCFVqu92lRbIhKR0XrcyF+d5lormHkd5kVOgGgaAOMlfHk2EmeKMkj+3sZgMNhO5x5u9Fx/Cg1d47OQ5ln2x/5pjN34vjiHyMQjH/nXOk+NuZOsrkhM4YsklmjvsD2PneWa+QnIJn6IP3aTNQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI2SURBVDjLjZPda5JhGMZX/0AHnRQldFwjCs0maplQE8mJ5Wxr6WiWa7XaAoVFrSTbWFpslQ6NDjroAzJYnZQSHQQj6DBaBx7awcQv/P52XT3303pn5GgvXAcvz3P97vu+eO4OAB0k9u1kEjNJ/6NdTJsFXwtAXK1Ws41GY6XZbKKd2Dm8Xu+DVkgrQErmYrGIUqkkKJfLIZPJIB6Pc0gsFoPP5xMg3OxwerZaRx0122UHvn6PYHB4DEO2S6hUKigUCshms0gkEhxQLpdBRQKBwG8IM25x3vPPumafQHP8BBY/f0G3zojr03N4NO/nHeTzeSSTyX9G4plM3vWJTBZbYWxiCvIjWkzO+KDSmmB3PYSqW49o9IcwSiqV4p0sLy+vASSyQ1M64wDmnr6BwTyC8/Zp9PRZMeN/Ba3hNG677vDwCEKdUB7pdHoNwKpn+s6OQKM3QaPVwe32QKZQQaE+BnGXErv3dIKFyyE0P2VCIAHAMqguhBdx//FLTNxw4tvSEiznRvFs4QM8/hfQG07yy/V6HbVajUNIAmDwwlUE332Cbfwa+s1DeB8KwWy7gudvP+Ki/Sb27hPzy9QFAUjUjQAwDlh5dcvwOOSqowgGX6On9wxuuefBxsO27Tu4mTogkfkvQJdSHVGoNZHO/Qeivaf6EQqHIZMroTyshkR6EHKFQjC3SgCsvsJN9NPu+VL1dloP8HO9PWijFQGwCpGwgEp0sBEzu1vg29sCEBFkA+v8R7T6ol/92Z1dPFeoPQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJQSURBVDjLjZNvSBNxGMeX9O+FOAkaLbehozdGRGiMQqTIlEqJMIig3oxl0YxcgYt6FUZRryLYwpFWCr2wXgjBIMJMYhFjgZSiEXOg5c5N593udne7u+2+3V3tT22SBx/uxe/5fu7uuefRAdCpKJdJoVHB9h9qFSryuSJBYzqdpiRJymYyGZRDOYfH43lULCkW2NRwKpUCy7J5kskkSJJELBbTJARBwOv15iW58AZVoBbwPA9BELS7CsMwoCgK8XhcE3AcB/UhPp/vtyQnGBi03pYXjyAbPQuRD2sSbmUFVN9NLJ5ux9DryZJP0nqiChzjl48Oh9oYRPTAXBVksgnS0hRWu7uxXG/EfL0ZZ9yjGHgb1t4kGo0WBO6AvcUVsFP9oTZZjlQCP7ZA/r4JpHM3lup2Im6pRsRai2PX/GjoDWEk8BWJRKIg6P147mfP+CW63d16RUyOQP5SA6rLAsKyA0TNNizvM4D9/A4Tk2Ec7nuPE0+vgqbpgqBnzLl6vv8N3+x4eEsS0mAvHAJhMoAw6kHUVUF4rkeWHAKXZtA15kDL6C6tkXmBffiZs/P+NE7dC4pBhwsJY6USVjBtBO/bCswrbfq2GS+Ce9DwyooHoRvaPPzVxI67IVfHnQA+2JqQMFQgur0anP8J5IVmYEopmdbh5YQO1wMu0BxdKlB/44GLg48/HT8J8uBesH6/ViDxC5DnWiHPWjAz0wleYCGKokaJIDdI/6JMZ1nWEshr7UEZsnnBH8l+ZfpY9WA9YaWW0ba3SGBWJetY5xzq6pt/AY6/mKmzshF5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLxZO7ihRBFIa/6u0ZW7GHBUV0UQQTZzd3QdhMQxOfwMRXEANBMNQX0MzAzFAwEzHwARbNFDdwEd31Mj3X7a6uOr9BtzNjYjKBJ6nicP7v3KqcJFaxhBVtZUAK8OHlld2st7Xl3DJPVONP+zEUV4HqL5UDYHr5xvuQAjgl/Qs7TzvOOVAjxjlC+ePSwe6DfbVegLVuT4r14eTr6zvA8xSAoBLzx6pvj4l+DZIezuVkG9fY2H7YRQIMZIBwycmzH1/s3F8AapfIPNF3kQk7+kw9PWBy+IZOdg5Ug3mkAATy/t0usovzGeCUWTjCz0B+Sj0ekfdvkZ3abBv+U4GaCtJ1iEm6ANQJ6fEzrG/engcKw/wXQvEKxSEKQxRGKE7Izt+DSiwBJMUSm71rguMYhQKrBygOIRStf4TiFFRBvbRGKiQLWP29yRSHKBTtfdBmHs0BUpgvtgF4yRFR+NUKi0XZcYjCeCG2smkzLAHkbRBmP0/Uk26O5YnUActBp1GsAI+S5nRJJJal5K1aAMrq0d6Tm9uI6zjyf75dAe6tx/SsWeD//o2/Ab6IH3/h25pOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAArSURBVCjPY/jPgB8y0EHByf/4IVDBHzzwBUTByUGgAK8jX/zHDxkGQVwAACuKdiqzzuaTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpZPNS5VBFIef+77X4lYayfVqpQY3XPiRGogp9rEpa2NRQpAELaJl5LKVJGSrFm36A6RMCpSilu5StETLaGcophTeNMyv+/rOmTMtrp87o4FhOOdwnvObHzMR5xz/s6IAz98vtDnHHeu0UFWxCqKKtYpVh1jdti1WHFZ1uONmSW0UQJ2721ybHf+XyQ9efqvcVGBV4wBvJjoRFcQKRgVjzdZpZbN2v74DY+zebYCMDy1lt3c1fSUQjNgtD6xVALr7U7sCXK7JJdwOkHUAwI3TCV4NzHK9IX8z1zM0S3PdVjy3GOxUYKyizhH1oWcwhe979A6liHjgrTfd6zpH2izRVP6aiqJDhCYD8Dau4ICoH6G5PkHUg2t1Ca7WJrhSmwDAOENhvJSu0YsEJkBEdypwClEP3o38wveh9cVZnBpCFUIRjuSWUFpwiqVghdbeKrJ5tg0ginOOLB8uncyjb2wO0ZAL5bewTrFqURw//kxzorCB5TDNyPcmKh8GBzMmakaO70XoG5sDIJAQ65Sp+XGMCqIGYw2La0tUF51h2azyYbJ/3gMQkYwHHpyvihP1IZAAsUJ+TjEFOcc4fDBJlh8jL/soo9MDfJz4ympIzZYHzlFRfICfv9Mcz4+RljU6Bx8TakggIcl4GXXJRoan+hmdGaMi9lR72ls+rz8kN9DePV4dWt1vxGLEEpNuolYRK+QAn2YaiXgxBsa/ULLnCQsribcAkd1+52RbZMWqvy+tNpl65CY38n8B/ZBP7EKNHesAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIhSURBVDjLY/j//z8DJZgsTV+9fAu+uHo8+GzvXECWAV+c3R//mTn9/ydLu4eka3ZyY/ts63T3k4Xt+4/GlqS74JONY+9Hc5tdH4wsmAmGgWv9xQKX2nMPnapOF4A1WzsEfjSzefLB0FwUHoi/szPX/05P/f0rOWk9ugHONWefzNl44X/B/L3/o7LXnn1h4fitN6i22Tx7W5tpxqYHxmnrChh+p6X+/rd10/+fsbF/f0REmiE0n7F3rDz5wb7s6Bu3gt3Vz80db69zTd1mlr11tUnGxt89Cw/8N0ha9YDhZ2LC+p8xMb9/hEdc+h4Ucu+br//JFXFNi5zKjz20KztiDzIMGFgzP+iZboQZbpSypsAgaeUjvfilqIEI9C9bf8rk3Wd8kz59sHV+BQysa8DA+vNe1+RreV94S96UiE9pff7/I1scPnlW6NWgBCLQvxKOVaeO2ZcfW2pbcogTGFgGwMD6+2/alP+rYhz+Na5O/L/lytT/F57t+t+/O+t/eL/uf/NsyR4G17oLBUD/Pgf69w3Qv6XILnqvbbT+nZre74RWlz8bL0/4v/HapP8g0LMn9X//nnSQAd8ZnKrPPJi85uJ/oH9f4opOn2rD/9uuzPmPDDZdmgoy4D+DQ8XxArvSww9sivYX4DLAMkf6e/eupP/tuxLAmtt3JiBcQEzqAypsCe7R+N+7KwVsM4gG8cFhQGwSBiruAOJPIGdD6Q6QOAAJO6JfeUJqowAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLhZPfa5JhFMcH3dX/Meiuv8CBoRdjIvOieRUYmjkzmBaowXCbU9E5U5KhtmX7QbrpyF3UuhDRVFoXgnrhmJO2CSFELaIYw7FvzznU+uGqA+d9znuecz7v9zkPbx+APrPZ7F1YWGgnEgmsra0hlUohnU7zSu+UX15eRiwWez8+Ph6inh/Oj7m5uapYD/F/O45EIu96AIuLi12xnirMT/EvJxNK0QMgeWTX7j+D1pfHTf8r6AMlGB6UYQy9xu2Hb3iPLB6P9wKWlpbOAHrRfOuP5jvhn4DH8SfnA05OTrCzs4NGo4FarYZKpYKtrS2USiUUCgXkcrm/K/ie5MnPzs5ie3sbKysr8Hq9DOrctaCpVqHb7Z4/g/l5TqLdbmN/fx+7u7toNpuspl6vs1erVa55NH8OIBKN8mYmk0EwGMTBwQGrCQQCDEsmk/D7/awgEon2AsLhMAM6nQ729va42efzsVyPx4NyucwKCEK56enpj6Ojo/ckEsklBgSDoTMFJpOJVRCs1Wohn8/D7XbD4XDwkClXLBa5ZmhoyMsA38wMAzY2NmC321ERZ56YmIBCoYBOp0MoFILNZuNYNEGtVj8niMVi+cQAl8vVzRcKp2NjY3A6nQx4sbkJmUyGbDbLN0FXSUeTSqVQKpUXCTA5OXnEAPHV+tSU86tGcwMGg4EBGo2Gi+VyOYaHh9kpFrlTlUr1kgB6vf6w79eJXhYmZDfEsA5XV1c/rK+vQ/xoIGVWq5VjytEe1VDtb4D+/v4LAwMDVwYHB99qtdovRqPxSPjxyMjIdeFXRfyZcrRHNVT7DWZq3D+QvMywAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC3SURBVCjPvdCxDYMwEAVQSxQ0CImKKldE19FRITeu3LihiGQGYYKbIBtkgtuACdiACW4NcgEnpKJE11j6T98+m9Wcj7kERIqsM6ymHwJ7dvQJmhvSryFK5N1rLFtc4gT8Bx4JOO42gC+Y6wM8pJ/D6Ec3dnOrAJ9ga64O0EtIDS3fBS0sGi/FklMCQXwCjQIoa1vZYsqnrEnAi0sAGWQ/5Zx9r/CkT+NW18QBWMu39TIydN1Xn88bUK7xEQPM95QAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMtSURBVDjLVZNLa1xlAIafc5szk8xkMkkm5MKY2EpT2qa2MTVCmoLS2gq6EKooimAW7iQb/0I2bgTRIog0oFW7KQpCS7VqrSmmJGlSQtswqWlLLmbGmcmcZM6cy/edz00r6bt8eXh4N6+mlGJnxiZHR4APgSNAFjCBKjClInXm05Gzl3by2mPB2OSoCUwAp1/LHbcziSyO24gbgJAegg2urF8UUsifhZBvfvXK99v/C8YmRy3gt8G2/cMv517E8Wx8ApYcjZiyKbkRSgQkcFn3rzG9Nn1LhOLYt2/8UNUfLZkYaN0zfLRrkLIMCHUNIXTqIoZLjLJvU/ASrFQtnko+z2BH38HAD78DMConHh4FPn5nz6vGgqyxTp16JNj2kpR9C8eD/OoW1VoNO1NCS+d5oW0vV27f2PX11MS8MTR6+JOTXUMHNCPBui5AtdMpk8xsGNQ9ndur20TxCnbPIn5TnmJUwaxIDrTm9Jn7d1tM4EiuqZs5d41iXGefsZsIwYNCgOfVSXconJbLLEWb4CuahU2+6HO8d4DQF/0m0NpgNvLAXaPgu6QadrEZpKhUItJZj/aMS1EewvHnsdUWW/+WKG82kEykCAPRbCqlNE1B4DsocpiW5OJfIVoiyfqSQFdNdGXrpLZGcFZDPKYJg2VQCiGEZkoRlZ3A6W41mknFn2WlaOKFFrG4Tbw9wb2/S3g3miHySLdbNDd2kzYKVGpVpIiqugjF7P3yQ55pyLFWmCSyVokZPqHnEoYmsWQGuyWOGdexNIkRFOnqbGN5bRngjh4G4rMLd6+KnmQW012lWrpOJuNjCh9LU9i6gRkEZHIrpNv/QK8vcijXz5lfLijgS+PmuYV75+fPDXr1Wt9znfsouy5x+2miuoltW1iawBJV0o0/wT8lBvbv5WZ+gaWNlasz43MfmQChH777e37uT78eHDx5+BiLBROjqhDaFmGkQ1KS6+mlr7+XX2evc+nWVB54+4kznfr8pZQIxXkRyhPvDb9vIjtQqgFN12hLO2yUZ/ni8o8SuAa8NTM+t/GE4HGGx4del0J+IGXUH8ko86iuAneAszPjc9/s5P8DuO6ZcsXuRqAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJKSURBVDjLldFfSFNRHAdw88mXnuqtHu/dufe2e/dHjUl/YEYRRsFaLViYFkUY+CcDwcqiJAjKoCiKCqRw+GCEa6vIdKOJLBPaiqy9CBlkYUUbq83Z3f32uzMX0kZ64AvnHM79nN/53RIAJYXC8+wux/EZQRDiFsu6Y8XOFdxkjG3lOE6jgABYrVbwvFS3BEA6YbNVQTLKWL9hI2RZAWGPFw3IcuVh184axMbDePrEC7vdrgOhJVQgb488MEGdMCH9zozOlgpwBtMr6kvZogBRUvYH7jdjMrQF09HjON3RDoulgvrAnP8FqFTW1NT8PvkjhamPn6BqQCj0jPog6894azCwVUUBuqGUDg15vV7oQ1WzFBWJRBzV1Zt0QK/CT8iyggAdsLlce9RkMkFLDdmsmos+Hx4OwWazgX6xRoi9GHDd4/Hkbs9k0nT7rzygx+FwUBU8hXX+AzBeXG21mOPBYCgHpNMpAmb/ANncXm3tvtwzCLi6ABi5pazwX1QORHsFtedGC6Y+f899+BcgIuJE/W69kQyN9fLNBUCsz9o/E5aBiILROxycjm14Mx7D3NAwSwWkAmvxoYdh9LKAn37xa7LfuCsPTNxT/OqYgpkRGVpYwu2z5Xj+IoL54fUNYLCrHBgUKCI0yrc+YywPvO42RqcfykgO6YCMLz4TTrbW4Whrm+Z279UYW4PzhwxAQELKJ2HsghR81GbenAd626WV1xrFmq4j4jmav7zUIExWKnwVNaxsLsLygzukjoFTQrq7Qbxyxi2WzvfgNzL+mVcak7YgAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALRSURBVDjLfVNbSJNhGP6li24C6UIiDHWah83UdJv7d7R5oiiPWGp5yIUHNNF0acNjrmWe5gx1Ujmd+pubW8upaSWZRilZdhN00WVBEAgalSK5p18hczm7eOF7eb/neZ/n/d6PAEDsFWETAoSN8aWbZ/EDXqLIFLr67x27RPpU6LUzl1hJiC08a7461lNo4GYLBjnf/ktwYrPjOF/+JxeZeWtCY+hSTk00FX9TsCroZttSrggb9iSQjJLL4hFybUuyiVwRDHHBpzjg6zmoni3B7CcLrjVnIiY75KpDAtqnVDQcComBXD5tioL5vQ6THwagfqFCQKsfMifiYJzXIrjlGI43+CNQxaK7jpArtM9t77RPWxjFx9CiBjcey1BhTUGZ9SIkWhIBDUzIBpIRGe/zcVsB7XOd9gnBfW6fhCK/njPHg3rTgtrxDJSa45DeH45UYwIMC3fQMa1GoJIJYaq3xc4Cf4AzR+rZIHVsmN61o3osDSWmWKTrpUgejEXXjAoF/SSye4IRVMMCS+HznVnmXWg3A/Ieey3VkIjmqUIUG2OQ1hOOpL4z6JxWorA/AZd6QnB99DySu/zAlB+1+RZ7weey598B8jpCfuSZZWh7Vo703kgUUWIaSCKXVpbVHYRKy1kYF9ogH45DVOuhDXHTwQNeOR6V2wSC29z6kOYA1I2XI0kXQ0vm4eFiJ8xv27eAQwsaaKbk0M81Io+KBrd+/0aA0snZ7hnZ9UEzXnIPdD9vpyUHb4HVT4rQMFkA1aMc1I5m0Q1y0TWrRFqvCN41xK9d+x9YwZoJVLBw4S4ThtcaUPMt0L9qhO7lLZokH9rZOuRQJ8GoIpZcFcRxh5/Iv9RHn6Bl4FSbKyJaXSBsckZGjwCdM7WQ9UfDvYr4clhBsHZtoqPwzHKfY2S4wV/p9DNTHwH3CuIzDfZ1uMp7hXvqkXVGpZPNrWIfXBQEY2ftN8xTb5GsXWfEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpZPNS5VBFIef+77X4lYayfVqpQY3XPiRGogp9rEpa2NRQpAELaJl5LKVJGSrFm36A6RMCpSilu5StETLaGcophTeNMyv+/rOmTMtrp87o4FhOOdwnvObHzMR5xz/s6IAz98vtDnHHeu0UFWxCqKKtYpVh1jdti1WHFZ1uONmSW0UQJ2721ybHf+XyQ9efqvcVGBV4wBvJjoRFcQKRgVjzdZpZbN2v74DY+zebYCMDy1lt3c1fSUQjNgtD6xVALr7U7sCXK7JJdwOkHUAwI3TCV4NzHK9IX8z1zM0S3PdVjy3GOxUYKyizhH1oWcwhe979A6liHjgrTfd6zpH2izRVP6aiqJDhCYD8Dau4ICoH6G5PkHUg2t1Ca7WJrhSmwDAOENhvJSu0YsEJkBEdypwClEP3o38wveh9cVZnBpCFUIRjuSWUFpwiqVghdbeKrJ5tg0ginOOLB8uncyjb2wO0ZAL5bewTrFqURw//kxzorCB5TDNyPcmKh8GBzMmakaO70XoG5sDIJAQ65Sp+XGMCqIGYw2La0tUF51h2azyYbJ/3gMQkYwHHpyvihP1IZAAsUJ+TjEFOcc4fDBJlh8jL/soo9MDfJz4ympIzZYHzlFRfICfv9Mcz4+RljU6Bx8TakggIcl4GXXJRoan+hmdGaMi9lR72ls+rz8kN9DePV4dWt1vxGLEEpNuolYRK+QAn2YaiXgxBsa/ULLnCQsribcAkd1+52RbZMWqvy+tNpl65CY38n8B/ZBP7EKNHesAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLlZNLSwJhFIa1Rb8iIWhRQUlluuoftDEtC5TKSgINily1CmoT0kJBqwlSaBGBLVxItGgZQQQVFe3bKN7wOjqO2tucwRGvqAMPMzDf+8w5ZzgyADLhGhJQCWi6MCwwQBkJWVWg4jguVSqVKuVyGe0Q3sPtdruaJZJAQ+FcLgeWZWuk02kkk0lEIhFREg6H4fF4GiR0yUlABwqFAorFongnstksUqkUotGoKMjn86CPMAwjSloEFJYgAQUymQxisVhLS9WZyBsEQhu1A/RMfUutxONxsZJQKNRZ0Ey9hCqheSQSid4F9RJqh2ZCor4EBM/z4lxIQvQtoCp2HtexfW+CObAM062uu4BCElSBJWjEzc8Vrr8Y6L3zvQsoTKz6F+H7PAPz7oLRp8eodmSjp7/geDqG2b8Me9CK8zcnXK8O7AWsmDtUF9UHUw/1gr+2O8BzsPm3YLvbhPPlBI7nI6xc6jC9P/Gr3B0flHZhVpgyKwQ6LpPFtwaTdwmGCy0MpwsVWsD6ZVKQpNs6z9iV35PWsY/q6iso+w9crJoc0rRwaAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLxZO7ihRBFIa/6u0ZW7GHBUV0UQQTZzd3QdhMQxOfwMRXEANBMNQX0MzAzFAwEzHwARbNFDdwEd31Mj3X7a6uOr9BtzNjYjKBJ6nicP7v3KqcJFaxhBVtZUAK8OHlld2st7Xl3DJPVONP+zEUV4HqL5UDYHr5xvuQAjgl/Qs7TzvOOVAjxjlC+ePSwe6DfbVegLVuT4r14eTr6zvA8xSAoBLzx6pvj4l+DZIezuVkG9fY2H7YRQIMZIBwycmzH1/s3F8AapfIPNF3kQk7+kw9PWBy+IZOdg5Ug3mkAATy/t0usovzGeCUWTjCz0B+Sj0ekfdvkZ3abBv+U4GaCtJ1iEm6ANQJ6fEzrG/engcKw/wXQvEKxSEKQxRGKE7Izt+DSiwBJMUSm71rguMYhQKrBygOIRStf4TiFFRBvbRGKiQLWP29yRSHKBTtfdBmHs0BUpgvtgF4yRFR+NUKi0XZcYjCeCG2smkzLAHkbRBmP0/Uk26O5YnUActBp1GsAI+S5nRJJJal5K1aAMrq0d6Tm9uI6zjyf75dAe6tx/SsWeD//o2/Ab6IH3/h25pOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpVNNSFRRGD33zZs3P85vOs3kOEUK4qqQCqzcDE0F2eBQgbQIhMAWGWREQdAyaF2LFkaLJCLbBBVoCga5KNEwChK00kYdHWfGnzfjzPu93ffGooTceOG89937vnPued93L6GUYjuDwzYHf7v7w5Dd6W7MiEpFvqRyOjOkg0Jjgc7caQy6Xp5vgIJoirK+mklOTE3xAb83cqm13iMplNhtln/UyeaYlN9FSbUUJa36/F2pxKXX1FpZ1cmToRSSGRkFiWImqyOZ0zG7oiO1qiMtUmQKFIoGzGZl3HuVwnJB4tyBSB1XkDRis3II7/LgzVgaK3kFQQ+BlZkRLAQCbwDwOQiyazJ6hxfh2+FBpc9meuLWS6ppsTbkQk3Qg77RNJZFBVUuziQKTMhrJ8iJBjmNqkoPasMukI3mcYWSVq4mS6ytdiHgd+LZ26RJMIhuhiyLHw8k4fU6zRwH/1cXCsWyA8Kqoyoq7LyO3WEfXo+kcbyxylzv/5hBhK0VM5PofngfLpcLPaoKPhwDvy5pMNzIsorFnIhI0A1BsCKVs+PdxJp5UOojfmhiEv3Dz9F46AiaWi6iIQjcuH7NEFAp6y1JZxk54IbDboWhuHenE7sZjLYlv33Fy95u7D/YjH3Np3Hz8gW0xk9iITXHfiE3Ny3J6p6GGgdxOThCOM3c1bBO2OPzp3G8eNqDpqbDSJxN4NyZBBKnWujo+2FSqkv85OX80syxq31+m7uigrdZCM+qybH2WZhKiM5w5McA9yUNOhUKa3eORi3NsTjGRkfItP9Ecml64TuMy/Q/dHR0UEEQHsTj8bzf7xe7uroetbe301gsZv2dQ7a6jYw8Jsvygc7OzhDLuyKK4q35+Xnn4OBg8U/SVg42xMedTudkW1sbjUajls3ffwGqPWPVeFFgygAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLxZO7ihRBFIa/6u0ZW7GHBUV0UQQTZzd3QdhMQxOfwMRXEANBMNQX0MzAzFAwEzHwARbNFDdwEd31Mj3X7a6uOr9BtzNjYjKBJ6nicP7v3KqcJFaxhBVtZUAK8OHlld2st7Xl3DJPVONP+zEUV4HqL5UDYHr5xvuQAjgl/Qs7TzvOOVAjxjlC+ePSwe6DfbVegLVuT4r14eTr6zvA8xSAoBLzx6pvj4l+DZIezuVkG9fY2H7YRQIMZIBwycmzH1/s3F8AapfIPNF3kQk7+kw9PWBy+IZOdg5Ug3mkAATy/t0usovzGeCUWTjCz0B+Sj0ekfdvkZ3abBv+U4GaCtJ1iEm6ANQJ6fEzrG/engcKw/wXQvEKxSEKQxRGKE7Izt+DSiwBJMUSm71rguMYhQKrBygOIRStf4TiFFRBvbRGKiQLWP29yRSHKBTtfdBmHs0BUpgvtgF4yRFR+NUKi0XZcYjCeCG2smkzLAHkbRBmP0/Uk26O5YnUActBp1GsAI+S5nRJJJal5K1aAMrq0d6Tm9uI6zjyf75dAe6tx/SsWeD//o2/Ab6IH3/h25pOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVDjLpZNdSJNRGMeFoC50flVXBV1EoF3YdzKYG0u30FTsY9bQnLpqrSg/5uZe29RtimvkxBbCTJupmzpLl8tNxfwObUxTF2RQRNJFGOqFYELx/nt7LwaCzKKLH5zz8Px/POccThCAoP9hy+LNq+nVJZzdULMZULBCIGVGQpye2vhXAqlYVK5OiYIhMQx6Cg0vFDJ2CLLj9kGcJTRuKyAuxKKGCiqokIwmFPmcCOScDkPa0T3ktgJZbDjZa1Liq9uAcZMEGaciIGLuhZC5H4Lj4TDKrgQHFJgzD6yuvn+F5Tct+PbagumnRfjk0OC7z43W6wfX5ptu7QwouC9ielY8Nix5O7E+20bRTq9Xpttgzj3iDXgEvuJZMPt23Wht4UVseBvw4103zfpbK+qJ82BdezDCL7AythSw8+yRPIW1kaN+gaahBRRo69BaKEBvVjxERDNV+4Az5S/Bl7c/ji+whW8SMItcO/LrxyxcdQ/d9GT4I5INQxh0TWBKkoUUjRN6hw/C2jGwS7pJbp7FyJXZd/kFScVWXcbDcTg8i0jQusDTuSHQ92E2Iwnz2WlIrhoAt8yJVMMw1B2zuFw9RPLzGqr8ghlV1K8lpxKEbQa6rnm6Sah3w5aaAlVuMc5VuJBpmoDAOApJ/SSW+0oxWRS94RfMqaPJlQEtBDWjeNS/ACUlkrd4kW8aQEJZD+5aPJA2TKGyy4fEij6sDurgKT5M+gW+5jvENHHo5yXjCOI1vajs9tGUdc7hbGU/PdWfPeeeAyxFB2ZKYzaojG7TK3xulzIk2saYkzfMi1zqouKILrCUz2mYcjtYcjt5LMe0JlaZT3zpkDIC/sZ/4TfeSKfmHj5WOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLpVJda5JhGPYH9Ac66bSdFHTydtDhIAiCiA6CEbGiL1bUTgaO9pHk1+y11ymyNT/wYypMxzanqa8Km9PJxg5EJcWBJq7OzUHIRlfP/VQyKWLRCzcP78113dd1X8+jAKD4n/pngtfrhdPpxMLCAqxW6x1FLpcD1dbWFjY2NpBOpyHLMmKxGNbX17GysoJgMIhAIACPx8OxR0dHODg4gMlkKiuy2SyOj4/R7Xb/Wp1OBw6H41O73Ua1WoUkSQ2DwTCiyGQyvNFqtZDP59FsNkG9RqOBZDKJ/f19RCIRjgmFQiiXy9zRzMzMYC+DVCqF7e1tRKNRYXNzE8vLywKRFxcXBVrDZrMJRDabzYLP5+P7q9Xqgd6AeDyOYrHIM6jX6zwDUiZypVLpKbOBKBQKpI6pqakzfbewurqKw8NDJBIJsKSFcDhMSgLZZWEJRNbpdILdbicyfrtGBpzY3d1FrVYDkUl5aWkJpVKJBnJltgr29vagVCq//fEduN1uShrz8/OwWCyUNFjS0Gg0UBqe44VlCI/e3sDQ60FcU16cOPVDeiLdfKUK3kOkbEXhswwpOYLb0gVcfnpW5ACXy3We2Xs3NzdHScNoNEKv11PSmJ6exl3dVayVTFj7YKbdIaYeQko9pgFf+QAWFrczOzs7KoriR0YePeng+stLeF+24+QXLlppwA8Ae9MTLGl+XTs7O/D7/Tzp8fFxjI2N4cqzc3gj34dOHuZkXWK438Gv0mq1UKlUmJyc7HPAgOpb4gCM8gOuTCf99zI4TTGwntUXsv3z1FP/O6UL4ZoSeea0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJNSURBVDjLpZNLSNVhEMV/f7UCy+iaqWkpKVFqUIlRUS3SHkSPRYugVbuCaFPrEgIxsKCFix5QtIsWraIIS5MQa6G1CTN7iKa3SAyt7P7v983M1+Kqm4oCB4bDmcXhzBkmCiEwl8pijpXTf+v0iKqWmimqgqpHxCPiZtF7h4hrO9DUufc3AVUtLdy2jxCUoEYwwUwJKgT1mApBhRf3bu75owMRj5mQnkwSVDDxmPoMisPEsWDxcq7ltXDl/JOgoqioipeTXZf2X88RcRRVH/znrtrZQePRWtQCI2M/slvv9l4AMgLn7n+gP/kddYY4RZ0iaZ3la0sWIl5wEqgpT7BxVYLLt5/nA+R4n+bEsi5+Zg1NW/botPUZnru0nNb8du70THFs3gNqyorxzmfO6H0a8w51KWS61aVQF6MuxnyMiScWx4qCKlo7d9LzbnRWIMe5GBXH/LyiTOKSSf7qtzZCtseZ4Cb6Kc1fTVXxZr7HU1zs2ITqWQCiI7s2hBAMMyMEI0xj6fEEu2uOocFQU4zA58kREgsLefbhMb1DT4k1vSTrzqOX0aukH0xUbqFkXT39Y1GqvHYfsTg0GEPjbxkcH+D9WB8TqXGGvr5nw8odrCmpI5YwHoUQqK6u3g60ACngBnCq9gxbD60/gZgipmgwPk0Ok7+omJcfu3n0+uFXpzREf3umw1crLHYOZ45YHJUFNdGWij30DHfTPtD22QkNyebQF/3vN65rypqqK6vP7RxoH3VGQ7I5vAH4b4GKxmhKLTs3ZVrxpTkMzsx/ARtuob3+yA7oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLpZI9T1RBFIaf3buAoBgJ8rl6QVBJVNDCShMLOhBj6T+wNUaDjY0WmpBIgYpAjL/AShJ+gVYYYRPIony5IETkQxZ2770zc2fGYpflQy2MJzk5J5M5z/vO5ESstfxPxA4erL4Zuh4pLnoaiUZdq7XAGKzRJVbIBZ3JPLJaD9c/eCj/CFgZfNl5qK5q8EhTXdxxLKgQjAFr0NK0ppOpt9n51D2gd2cmsvOElVcvOoprKvuPtriNzsY8rH+H0ECoQEg4WklY1czP8akZby51p6G3b6QAWBl43llSVTlUfuZE3NmYh9Vl0HkHSuVq4ENFNWFdC+uJ5JI/9/V2Y//rkShA1HF6yk/VxJ0f07CcgkCB7+fSC8Dzcy7mp4l9/khlUzwecaI9hT+wRrsOISylcsphCFLl1RXIvBMpYDZJrKYRjHELACNEgC/KCQQofWBQ5nuV64UAP8AEfrDrQEiLlJD18+p7BguwfAoBUmKEsLsAGZSiFWxtgWWP4gGAkuB5YDRWylKAKIDJZBa1H8Kx47C1Cdls7qLnQTZffQ+20lB7EiU1ent7sQBQ6+vdq2PJ5dC9ABW1sJnOQbL5Qc/HpNOYehf/4lW+jY4vh2tr3fsWafrWzRtlDW5f9aVzjUVj72FmCqzBypBQCKzbjLp8jZUPo7OZyYm7bYkvw/sAAFMd7V3lp5sGqs+fjRcZhVYKY0xupwysfpogk0jcb5ucffbbKu9Esv1Kl1N2+Ekk5rg2DIXRmog1Jdr3F/Tm5mO0edc6MSP/CvjX+AV0DoH1Z+D54gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKmSURBVDjLjZPdS5NRHMf3D+h9XXVZRGBXBpYEdSGUaNkLoZWPmNNEI4tekMg0c+HKGLoldhFuBa2bKSm57WI2Wcryhfm4t/biptNRc29uzu2Z+/acU4+Y3njgy++cH+f7Ob/zJgIg2imTyVRkMBh6dTrdzMjIyG+NRhNRq9UOlUql+KBUnN49f7tjNpvzeLOcN2f8fj/C4TDi8TiSySRisRhsNisUfZ1cv7xD2SuT5P8H+Gf+6na7kcvlkEqlQCA+nw+hUAjZbBa57Aa4DQcM+o/ofvnQKOl6kr8NICsTcyaTAWkcx4GMXS4XotEohaY3VrCZsGJr8ye0o+/R/rRJSQG8+QRf9lYikaCG9fV1CgkEArDb7SD5bJZDMmZHOmGjVWR4tdyt37p/r7FIxJvlS0tLIHI4HNRE9kxAq6urtJ/ejPEAljf6+f4aX2EaRqMRYrFYLiooKMB+Rc6GgCORCDweDxiGmaMAlmXhdDoxMTGBwcFBOpnE5eVlmhdy5GC9Xi8WFxcRDAZRWVkZogAySTARCBHJCXkhmha8mGJdVHbfCi5UXFnbAyASzDsBZcxZtChuou51GW5IStCh7ERJ2SXrni0IIBKFLXS+fYxnnxl8Yfswt6JFj+42rvYcwynmqGVfh1j1/AyG5t9gyCqjVyzV30KPXozCxgNp+pBkMpl8fHwcwSh/lQELrL5ZzHt+YNY5hWm7Cedbj2OUfYedbdjSRwB/37NUKs3reNGu/zSsgueXjUIIYMY5iWnHdxTfOYRubQ26tNXU3DVWLVSQ2v5MbW1teY9aHww0NNdxmjE1Jue/UYjFbUbrQD0qpIfxSltLVyaRjHmAVLT7ezY3N52sa6jtv15TxV6+djFcXlEaLi0/xxYzR2YLGw8mSdm84rwkZP4fYOfdUwjREaAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLpZM5aFRRGIW/+2bmZYzJTEzMuCbRGIjRiAsYEIKNIoIiWGgluCCChZ3aCyJqK6hFxMLCpbKxERE3DIpFEgtjonGJYSYzMcYsb7nvvvtbTMC9yil/OB8/nHOUiDAXOcxRcwYkAQbube5JZ9asUepXnhBOvR+OzcQWIPzNpQCYad392iQBlDirGzqvp5RSIGUzSmGCsebRnjPDMnsFSLgZkTgqTucfngLuJAEwEmB1RVi4QqwT4GRQqpr00m0s7bjgIgJYvPwjvjy5SaJqXaM/tvB23+X2dBkQKUesJtYuYgXrfyaaGWW6+IhUeglIhJkZxPjLWbzuANmVG5n40Er//a6LZYCStDU+2gPRM0RTk1SvPki6rg1Q+IX7SFKRWb6R8fdvcJWmOrOYqrrG7OwHDsl5OWrajgIWRBAsVo/gDXdhojTZ5p2E+Vu4lYpPPf2Y0Bff89fPAkQkDrBeHxJ/R+IpxEzgjfUiUkW2ZRfByFUc15CqamK+/YhHKWo/0T1Qzi1ExBpsVMLqElaPUhh4RuBXkm3ZQzByBScVoSdXUHrSTW3nIRwT259F0iKKGDHjiPlK8d1LPL+O3Npd6EIXCVcIJ5soPe2mZm2eivoGML8USbT9ZryvldG0Wz3UN+gkKpZhVI7860ssyLkE4w18e/GK2g2rSKRbiYNARNvwJyAILw5d3duBsL3fydXvO36Nt7dOMvD0ORWN67GlflmYMrr4uCAIoJ5prNwoB/jHGs8ea49OHzmexInpeXCXTx8Gp7P1tZ07zvX2/msLfwH2b631NzUvSna0rURS4XO/WDq8+3zf0P/G9AOyUDsBCTaamwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGtSURBVDjLpZO/a5NhFIWfL1bNoFQdREMRRAo62CqIhOImWRz8A9xcNU4uFd1asEs3cXDxX+ggFkTQoZRsUrGDCDpoY4VSEoPRku+e4/B9+UUyFHqnM9zzcM77chPbHGQKHHAmumL51c9eFNkYiAAMlpAhlOkQLNw5lwwBAEonj2CMBQYsI4MHIBJ8/dUeTRA2dm4Q2MbO0+QgyUgmOmMqRGQRsZFyY1drGNIJjQIcyhYNkrDIDeoZu8A0HQNIBQqjfClb7mr1kxiUehSgVITc6+mBzs4rdZOk4wBpChHq9R+GQLP1luaf9/zda9Bq73HrUf3J66cbi31ABBET+avnRmdfudNYpThZo3LtOlOnpnm3uULt09ZCuVo6UegnMBFGKUQ4+5UQaZitnRWuXJwlCsHs2QqRdChfngO43weECZlUzrWIyJLstrY5nBzj9qUHADy8+YILp2cAigNvID5/b/c6S8JhBOz+brBZX2ejvsZ85SVLb+5SPHQU4F+yn2ssV0uLU+cnH8/N3GD6zFW+bH9g/eMaP741l5P9nnO5WloC7gHHgRbwvPasPv8fJZl0Xd9fi4EAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACYSURBVDjLY/j//z8DJZhh1AAcBvSLXQHi//97xD797xLb/b9V1IZ0F3SJ8QE1pv6vFz3yv0rk/v9SYRviDWgVvQLU+A+o8Q5QY8r/AqEj/zOFdpPmglLhIKDGOUCNd/4nC6b+jxP4RLwBBUL7/tcq/wdqTAdq/Pc/UoDvfwj/f+INSBacDNR4AswO4b8Cpn35roymRBoZAADgYeRxtD76EQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJPSURBVDjLhZPNi1JRGMZv6PwBLQaiqBiIoEV7QQaiaZazrNm0qlkMRJugptpEBNJMtAmapK9lhZ8oKnq5FxQVv7qOX1dRzBxHU8eohc219OrTOVfGSZyxC4cL73nf3/O857yHEUURmUwGqVQKyWQSiUQC8XgcgiAgFovNAmCmLSadTqPf70+sarWqQMLh8FQIQ5VpQaVSUZTL5fIIQmPEBQKBwJEQhlqmyVSNBqLRqNBut9Hr9ZQ4BYZCIXi93kMhDFXdTyTFf4jlSqfTQaPdA78zdFIqleD3+8Hz/ASEocr7lmVZBi3e3etjY2uAJ58BrjLcKxaL1AU8Hs8YhCE9Sq1WS0nqdruoE+X1+ACbGeC1CDzbOoAUCgXqAk6ncwRhIpHIPOlRajabSlK61VOU9QTwPge8yY5D8vk8dQGbzaZAFEowGNSSHqVGo6EkZb/38FToQy8eQNbjALs9hORyOeoCFotldtSLz+fTkh6ler0+AXlLAB/1L8FevwBuYQb8tVNwP74Bk8l0duxESX9ajuOkWq02gugI5MOrTSTuzqPjfI5B1o29T3cQu3VRZhfUtyfulWVZrdvtlugkUohIII7lc5BIMV4sAWvHAd0cWhuX4LmiKh06XS6XS+twOCQ6iRRCbQ8EC/79fj46Ae6yenDkjNvtdg05aYkOGHf1JH69uwmQot/3GPwga3tVBc+iqjr1pVmtVo3ZbJZ43SoiK+flb2tz2H0wgy8rx8AvqWX3ouoh87/najQaNQaD4Uxg+fR9oviV2ib/HVpM9/8Cz3kffqwCPcsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJzSURBVDjLpZNLSFRxFMZ/944z42MqH2MllWJEkT1UjHETSFJiVAtdtHFly5aCm6xNWyFw2aoIoiAoWgjSIqkWghAuVFBTJJVGGV/pzPznzr3/c9qEaUaLOsuPw4/z+D5HVfmfKvhdCIadmCo9KrSLkFAFFUZFGFLh0YFbmt7d7+yeIBh2WlR44lT31jqlCTRSDmpRs4rdGMP70j8vQndZh37YBwjeOx1a2vLaPdqFFh/CZqcQbw0NcuAU4haewvFdvIVXeCsfOitv65sdgP/eKVfla+jCi5i4Wwy/HCSVNJy5eAhUmR7fIl4Jl6+fJxS9wPeRO2kRaqq6dN0FUKHHremLmewKm/PvCLuGtptFLM1usDS3SdvNIiIRsNsTmPUxis/2xcTSA+ACiHDDKWtGtj8TdbZoSkA0bLjSXkTr9QjRsKEp8XNpb4qC0tOI5cZuQB3Rg6xML+z5yOZymo1ls0dLLRrAw1pqdwAqGA1yePkSVhc9xCr5nJDJKEuzhuScIcgryTlDdjMLqogQ2vGBWObxTUP8ZDVzI5OMf0xREHGJH48SPxJi/VuGmdEtKqosx07FEFuA7zH7CyAM+qtjDWU1F2koNai/jfo5xObQwHC4CrQ+AFXCFY2Y1a/4eQZ/3cAykJ18mCY4gBs5Aeqg4oHNo9ZHxQdcQrEzaLSe5KeHad9jYAdQ1qkpEbqzs89AjxE62IwTKkdFQRQ3EidceRUtbmVt4i1+nu7Ge5raZ+Xkc+eaWB6X1PXWRirO4YZdkIDAs2SSMyyP9M8HPneb7uvQH7MAsPjUiYmlV4R2a0kEeQh8RgOfocCn/9KDv4TpX+oHaI9cJDajhlcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKeSURBVDjLrZN9SFNRGMaPhGAUFEKB9CEG0QckCpUWpn+sLPqnECIoUTRSSdD+MFJM8gNJjXLDUCHS1t2kTJlpSYhjbroPttxV1DHHptgczW1+lISgc0/nnBoERRB14MeBe8/z3Od933sIAPIvkP9qMD09HU8R7Ha7YLPZhKmpqZ7JycmeiYkJYXx8XBgbGxOsVmv8LwYOhyOVCudmZmYQCASwuLjIWVpa4rvf7+csLCyAmsJiscyZzeZUbkDFEioOLS8vw+/5iA9vO6Fpk+JN3V10VxVxeutLoWmXYbS/i55xw+fzwWQyhYxGo4TFFpl4Y2ODH2y8fOKP9DaUYnV1lZvo9XqR0Dhf1Go1QqEQgtRkoLUeipJsNGdKIMtI5rRknUPHnRz+zimasbKywksaHh7+TBQKxbzX68Xa2hqCwSDf19fXOSxZmNsdqbjZnghfwAtaNlwuF3Q6nYs0NTV14sdi0Wj3wQzDjWOwuAUvklHVdw1XWw/D7rCBTgpDQ0NSkpaWdj5swA7SscHpdKJYeQZFQjIK5MeR+ywB91RX0GmRoeT1JaRLYzCoGYBGo9lOoqOjT4W/zsSzs7Nwu90oFJLQY21G9+gTLnxpkUI6WAK5sQEFynScfBCFYzURO0hkZGQSrUnc3NzkcZmBx+PBDVovEz8eKEb9+0LU9uehsi8H1e/y0aqrQebzFBy8T4KErq3MRKVS2VhzRFHkPbj+9AhemaVQmh5BbmhAm76OmtxCi64aecoLiKsgvj1lJOH770hIBGWbVqvtorMNsT8yo+UALsr24mzjbqQ83Ims9tNo1lYiV0hHbAX5FFNGjv72MhkMhn0jIyNBOmNQQ9YoTmJtFLLlEsSWk3kqPvTXt5FG/rq/fAt2lZG4n59/Ay6e4tcw3s+GAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKCSURBVDjLpZNJTJNREMc5GTy5J8LBiwcJiY3iwRAPxoMnTUyKpkGFIG6hilXTRtI2Slla4OsqpS3UJsWWpouVbgj9KKWVpGVTCIV68SbxxkGCQjTx77zG9YJEX/LyMvNmfjPzf3lFAIr+Z296OTc3t21mZmb7PwEan76ubXJOrD5PZNdaQ0trd12v6rcMoOQqqW8WMu8kuMgCHsXegNmXuVjVXwGULGh0ZtE6uoQ6tR/B6Mi8xDFRsGu5EM7cswk2BYy9zHjb3SlcNQ1BafLMMt/D3tAks+9rPdCZLOY/ALlczkZi5UmsfCaTeZtOp7+urKyg1xXcmJqags/nA/mgNtk/USwMBsPHzs7OfEtLS16pVKaZ0ubl5WUQAKlUSpjNZhGLxbKJRAJer1cUiURgt9svDAwMQK/X2/v6+qBSqS4xsEwme1dEVQ5OT09jfHy8NB6PF0ej0YpgMLjf4/EInE7nDko40t3dvVOn05Wr1erdzc3N5XK5vIQgkEgkQ4U5ksnkBwKAqgl5ngdVqwmFQrDZbCICgeM4UbtVjjvm6vUb+nO42HZq/YFejIaGhqYCYHh4eCQcDpf6/f5it9stcDgc+6xW6zGj0birq6urQqw/36EKXEFssQfz73kYRsUQGQ7jpPjQswJgcHBQSAC4XC5hIBCAxWKpZjOTWNVs5hrN6c/hnBHh/GOwpU1chyFxE8dvlWz8fI7+/v4vJFax2WwuI7H2aDSaSppzr0KhqDyrOIoXi0/w+4os9DDAr/dklUgskFggsUBigcSCVCrFidsHwPH10PB1hWRNvO5HB+tb+nEU2FalLYOOv1aozE5mk1+75W9LwR20V1nb388O5v8GEnKwdx3xuSsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJhSURBVDjLdZPda85hGMc/v+f5Pc8e2wE2QtiMyZh5K4RSpCkHxJnkSElOxJFy4kDyF3DopR15yUst2pRpJw4cSJLETCTb0mxre57f775eHPyevdBcdXfV3X19ru/36rojd+fwuZtt7n7PYQRnt+O4A+5kyaePaSAko19e3rm0GiAme3DaobV9Q2M0NDyK+1QRZDDDDX6PTlBOHPO4mWpkANjbvmFltG/TShqXteMZAXPLulrWffGCWmpLMXuOnOEvAO4L29uaePr6EyMjk7gZADalwh035/fYJJUkZXZULRDFxZi1G5toWVKPKrgbZo6qo2aIOeVK4O793rkAjqrxdWiMYq5ApVIhJCli2b2QJy4UWVRXg7nPAQBMDdFAkiQc3dGSyc/U4e7cevGBUCrwT/2MgqCGBkE0R2fve5IgiDoqhhBRKBZJJRvqnAARIw2B1MBzNUSFAuQciwwzI9WIVP8LgCCKVIQkKKJGUKvmDL5+4BFrPj5g29AAv4olujviix3dcm1GgRohCSRBMzvqpFVIa/9jdiV9tJ48Q01zG+W33bzv67nSc6AwkZttIaQZIBWjHJQ0KIkYy991sm7fMUqfe4luH6e2/yGrmhryHvn5eGphUlEkEZJgBDNUnGBKCM788UFKS5vh0IUZ75eXkbdo1fQMVB1NNbNghogh4og4Y7UNTL7pou7JWZLyTyaB8bE8mufH9AzI5di+cxMeRag6oo5V8+iWE7x71UVj/TzifIHxYWFgMFLHr08Bep51vTqV/bxZ+4+Dw3NfwX7byuZvPTSkYPncd8dvHOyWq38AFgvYQWlFsCQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALISURBVDjLpZNpMNRhHMc31ExNmjRTDdVMsxXLkntnTcmxJTKFMK6JnK1KcheKDDZXubbSoRdlNFFNGFTIbeiNsyjHnzI0ZrFk/621+21bx6wx9caLz/Pi+T3fz/Ob56AAoKwH2WAU2QyP+wNO6xKY3WgOsMseKJQvTrm6p0ohplzcuqR4/lsQ0QQmhzA0SxkUW6QPbv47xz9t3zBjd3ZeStu0g+OAFJGUESnUtYLwRqjHjyhqxxFCvVtE+dwxC84vc5ZklmV1dHnhrJUNlW9ty588ZS+wzSHiVwkMwxpAPRm/b0/kcOqF82/m5wyYpIBhwpXfyTCOyAjKLJT0Frji29sktD+xQgeX7ikrGoTVY3nhhJaJZFj/hFA+vD+YeMFOe7QwVhOF6c4yYHYUU53FaEm3Hl8UhNbKBKJdagVC1b0i0zPvyS3eRLayz7Didp+hSteb+fMT3XELwu8lGKtNg6DrNRaIRnQ9DSBlAr2QGsTo2euKlVUkC9t2JFNciUSKCwEFF0LMCi2S8LpjJWJBIwQDl8FrC8KXZ77oyXZDW7aD+qIguBrYsNEOCpv65VsPiE3Kn+y6DjHZgrl+L5AjHpj5HI2hPPPxKeNDH1cOUffKBwgpSk4iitLu5fDd9IOcsU9RS2FPkMPu4HfHoI9rSfalM4yk3aqtCA4HvcPjnTTz5XBkskZlZ0UIxIJ6kEO++D1yDtPSTnq5LJFjlh5/zTvQuVQBk3BtVWYEPc/7qjqvpzwaHRWZ+NHqjLkhD/Dar+FrrsXPqjSGJjNBe5CRSM9ZLbhYDgO2pp0+W8PqZQoLmCHQ+9AJNdFqaHpgg7oEo9E7/keOy24sWEON5q7NNg6jbV0R0APLQGeXQotdggR/HQhbciFszUJrkgWe+x0AK/AeaH6vligGzbdIxopAHmdTFZLjRRNV37YRVWVY1pVG6VD/9xv/AJGzmhVs7+fUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG2SURBVDjLY/j//z8DJZgsTUdmCkodmSV7eO8EkQayNN8+WPry3YOV/3d2ib0nVbMsUPPrT8/3/n9+Nun/1hbxP6Rolr99sOTtZ6DmD7cLwZrXVUt5kKb5xb7/P17U/b+4xu4/UHMRUYEI1KwK1PwOpvnSOgeQ5vlExQJQs8atA8UfPr+EaL662QWk+diSPDlWnAZsWjufedOaORyHZ0lrgzR/ebkfrPnWbm+Q5odAzYJY0wFQI+OmtXN5N62ZVbJpzYzrB2bIfX5zaxJY86NjYSDN34CaVbEmpN4lK5hWrJonBtS8ddOaeT82rZn9b8vSmn87u6X+393n///gdKP/QM3OOFNi95Jlks0Ll6+bOG/l//OXzv7/8+ny/09PD/zfPD/vHtTmVJxJuXfxErbW+UuyG6Yu+T9t15X/rQt2/k/t2vK/ctKa/0Utk7YuyFeXxpsX6qcvXdswe/3/tpXH/neuv/a/cu7J/9E9V//7Fi57n1w+QY1gZsppnfMvqWb6/8iSyf8Dcyb8907r+R+QO2tbbNHEIKJz46bF5SybFhVZbVqY17BpfqbEpnmpfJvmJfESYwAA/ZPGvT+K5AYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANRSURBVDjLXZNPTFt1AMc/77WltH0F5I9U1sqgc0qFxYNGlODiEj1sh0kC0WkUD2qiNxM9mCVc3IhGd0E9mOjiZdFkzJg5iI5ljARoNPvDwsZgDLvRCaxA4bV97/X9/Xkxhvi5f7/J55t8JSEE2qgkAwNAD2AC3ZGDwmQH2qjUCJwHysBbkYNiAUDa+pkAcDyQeOP1ipZ3dhmZ73Pzq+ri6fAZB+j4Nz/bq78qpxKxlD9YJ5nzx+4AvTU9Iis9+JGjla1vflDZ/FpTITO8fS+74L/QdFZRgi6hgAeAYctYhsaBtV59d9thfG5B02+dyAKdsmUiS5XNlVuLw9uLSwvKdOInpSVqUWsYmH/l0RbzKAWNWLSCq40nwquZ6UpfXWetCLUplkmrtPQt3bYU/m5T3hOfSv4SToT9BHWXfXtqqamSEUjkVZc/59exQz4i+TM8oQ2bgdLcXFAUjkhCCD4+ee4LX83uj5KNCjWmoO9AC1uqyoZmkGiKAeAIODW6hKcI1nKrbGj+wW/efu6oDLDqND3jCfCKFu1769AdQSAQYOz33yioKrZpcn5snNTeetScgSE/hGoFuwD8AKahdTiWhGp61NWFMF1BJBzm/vIyYxcnmL0+g/HYBYyVEooxBDURTEPrAJABLEND020My8N0wfYgpxaJKAqz12c49EoPlnCI17exIr9LSdewDI2dBbOFoo7k98is6biSzJcjh8g1nkZN/soP1/qpV+K0xZ4lUfc4d4t9mOX1uZ0Klwqyf39eCZK+9oBUshrHs3jpyX5c4eF6Lh6CFTVLR7yLkmVwpfxe175j/dV+AKusnbPKWt8t15eS4w4nhwVlx8IVHvc2F7E9B8ezsV2bglnkqUQ3JVuX/shMbsoAk0PvX7bL+lAysq3PZja5uZyl7JRxXIfGqkeJVTXzSHUrAV+IhugurmanmFqaXNctnpaEEACk0+kXo9HoxdzGljswfNv3cPsgZcvC8izKjkWyPkVn68tcXp5m4s54Xrfs7pVBMecHGBkZaQDONjQ0oJVUtbR192t14sj+nWe6kvrseUkOBW7cv8En7V9Vx0Jx878R8/m8AfydTqdbgBdmTn16k//ROnBcG799KfBhy+fFCiNczBt5DeAfIAavfKIsB2UAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpVPLahNRGP5mcrWZhGgaLEwtJFJJqQEXgoKIkKBkKfoAeYKA4M7S4kLyDF34AF4eIIOQMC7sooqbECExImnSGgwqTTtmcubm+Y9MSAWh0AM//7l9l/9cJM/zcJYm44wt6Hfa7XbdcZwCD9i2DcuyZsEYm8V0OqXcKJfLRcJJVAIH3wmHw3o6nRab/m3zZYZCIei6jl6vV6xUKg3hgCtuJZNJDIdDRCKRGWgeSP3BYIBEIoFMJkOiG3y6ITWbTaGeSqUwHo9P2KVSCChJEgKBgFCPx+OIxWLQNA3dbrcYJHWyTrXSpmg0KsJXn3dC2XVdmKaJfD6PVqu1ESQlwzAwGo3EAfmb6DAp+2PtZxUTy0Ap+QSR0DkoiiJcEkGB2GlAIF6SsCzL8gkHE2WK5fQaXu1v4uHiU6iqSphCkFSpVgoioCCCL6nXXJlfoWuD8TX1/CrWlm7gyDTwvP8Im+pLUbYg8IFkNZfLidz9xXB3vQzH4+W4fA0eDg77yC/fwjGb4PHbEq449/8S0A0QgW+XwhwxAe79+AyLu7C5G8uxMJ4e4dql2zi2fmN38gJBfqJarVYrzb0ykc20CduxcTGxwsGOIPt2uIcLyhI+9t9ht/Meq8PijvS/z/RgO+ua9B5cBtNmuLy4Lt3M3sOHvR3UO2+GzEbxoOp9kk77G68+k43rK4UFvVPfZ64At2d/4TQtuyUZjhtYmLhO9nvV++rP/wHfnZcUJl+kcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB8SURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYwMORk/54C0w2FOcemgmSIMyH1P7LNCHiLBDcEZ/+agqwXaFbOIxLc4P0f1e7fUPiZGDcw/AdD02z9/5r/Vf7L/Zf8L/Kf/z/3f/ZsiAwjxbEJAKUIVgAswNGVAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpVNLSJRhFD2f/+QThVHKJ41Ti0pblCAKrtJQ7LGT0E21CUEisFUtioIeIEGLICkwahUtooW4aAQTcahNBWE1gWOY4yQIio8c5/vuo8X8jYuCBO/mfmdxD+ee+x2jqthJ5WCHFYg97U8wc7UIg5nA7EDkQGSz3TkLIhs5dWu84y8CZq7e09IJVYayQIUgwlAmKDsIE5QJH4aftP9TAZGDCCG9koQyQchB2GU6WQhZ5JVU4lHxAAZvvlEmBhMzOeqbvHfycYDIorzu9H935fExXO9pAIsisbjuPXj5/i6ADMG1kRnEkmtgKyDLYMugNGfxwaoikCNYUtSHgjgaDuL+83elABBwLo3e3ZPYyJn1JTuwL/0PLiwL4UKiESUFBrMLyzhQE4SzDlkCcRZsU/6gyw4K2YyR5OCsgyPBl8Q6Upa3CKzdBJNFbnF5xnHynRfyL8BQcji29hru9lWEk3HY0gq0ppsAnIM5c/yIqgpEBKoC9buoZrAqmosFnfWVqGvrQl64HqlPEUxNjGLl29dLOS9GP5qppPse3N+MqsOtiC2aVKihEyW1TZheyh0bjsZNI8/NHGrrQn58HOZZDwpnXmFfbRnUaH/Av9LZaDQ6ACAFYCgSiVz0330A4IkJ51eEgROXtz7QjUp4YmrNdsIUaQ/MtXSfryn6MYJ0agEbANZWPcTimN9WmApLy4c+v52gn5sFWPV2YXnJYHresAIPzXbjHO3ee+XXUrLXYxNiT+cVGOyI0J3frMiI4RHtXVwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK7SURBVDjLpVNLT1NBGD1z7+2DR2poS0uR1tBKhNBGKyaYGDSpkZ0LXZogK/fs2LlSdOFKQyILE5P+BF2pGEx4KApEbGjaRkGqtFRKX9y29+3MNeDKhMRJvpncyXfOd77z3SGGYeB/lsC2mZmZ+81mM6YoSoumaUSSJEuj0bCyU9d1YrPZZKfT+XJycnKC5Y+NjQ3RYzMej++T6enpEzzPl6PRKJgaCjAjufYat6/3Qf72DI/f9sPhHUA6nRkvlUpPKNhBg0kf5kOhUCIcDju9Xi+y2Szy+Tz29vbQHejH3MovpGrncXZoBIQQ5HK5GxzH2ex2OwRBINVq9bJAq552OBxIJBLweDyIRCKgrYC2gs7OTiSTSczPz8PlciEWi2F3dxflctnMSaVSZwSWWCgU4Ha7obQF8Gi2AVEl0Kk+G7HgSk8QzlqNyk+DqWTATCYDn89ntsqxTRRF+P1+vPgiQzI42C00rBw0zoJ3P9pMYLFYNMGyLIMafKTSJKBum3GgcbQ3ngYHC/cnVGIFnRDaY2m8qT9EQ66b3yzfVMBYDlnZMgwd7NcgHEDx4DmCep2CVBk97gGstj+nJOIRgXCogDoKq9ECVbeDoxOy2+6A5xVAV7Goqjjp7MNA1zBqTRGfR95D+ur7S8Cqr6+vI9odwVrFA0mgY9JlXBsch0YVabpGTTWwU8ki0nMJB3IDK1Ic+ko/BFa9UqmY43GVShju7TXN+UglM/D3YgYKVaHqChRNQVWq4Zx/BAdKHR9GFyDQmU5sbW09oEpsHR0dZHl5mTCC7ltNqJoKryNAwZpJlqtsw9nehdXsAhY3liAsnVog/3pMN58G9SY1V6atMAND7kFyMTiKT9uLmE2/yssqru5MGRvkuK8xfI8TLwRirXPp2Z+yboJT7P7YBMG7RNR0vrWha8HClLF5eP8bbVCla6rK198AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGsSURBVDjLpZIxixNRFIW/kVHQQlwEQdgUdkkgTX6BkMIi/yJY5geE/ISAZIuUSb9lgnYWNsraaOkkTSSz6MLWJhmY9+7ZIm8mCUYLvfDg8d49h3POvZEk/qdigMFgkEqqSEp6vV79b4But/shz/OXzrlkMpnU4/BeabfbzGaz2pt3NzIJAd4DAplhAm+w3W7pdDqMRqNaqcB7/3U6nTbjR095fnYfGQiQCRPogOT2yTnD4RDn3CeAqMhg8Panzs8e7AAGkpDApJLITJiJ5U3GoPMiKhUQ5HoDJMwCsLjbMUnu7ThEAHnbNQrMDBkBYCWwIHTuBIEzMC8sNO2ai7vtlQjM6XcCc4Y3lT514FnBUqHEnSJwDry30v8xyV6RBM5OWfAe7+OQegAqjPIgQEl4f1LB7qOUa2DB++E4FbIqKpJEq9VK8zyvPHz8jFedi6PED6VL4vLiNd+Tz3jvkyzL6vcAsiyr9Pt9bn8sWVyvWVxvmKdrFqtfzNM189WGZLUmSTcsv10xHo9xztV285doNptfGo2GVavVK4UF+tOJ4/h9FEUCPkrar/K/1h35Nbw8S+DdbwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB+SURBVCjPpVHbCYAwDLyIIzmEX07hCH64nAOIuo1Sq+CZ1ueXVsyRBJrc5aBCPEeEvwuxK9XtDn0Si/ZU9gUg2Z/dYEuiuxSI5mRtwyuEIR5KOpVZYRUjjMLVVkIVCk6YPPdg1/LNQ87xdtl4JauaQ7CHjAfXeK5FH+7h9bNWB/9J3PASf8kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC4SURBVDjL7dK/CkFhHMbx5zrOlbgE5Q4MBgulhIn86Wc4os7AbjEaLThhQekYbC/JYMBIp3jrcNLjBgxHshme9VNPfUES3wx/4D1ggYYFSgO+MqGV4CwFHIxPAJnLk3vb56734KjsMouNBAbquKv90Oei4nGc1nRamkksVWCgCletux4nGc1B4sZp7coYxsGBIk5ily50mpoz88pe/sgIOsEv5LA1UlhJHDMVRV+F0ZYQTONf4o+AF+Us6n1474tIAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxZO/axRRFIW/N7o7CZIIKhosAoIIopWNqEX0L7ARG0EU0V4UVLBJJVjY2FgsgiykCOY/SIw2tgHJqEELUUzQJpudcd/c9+M+ixBYhNkmhae7X3E498AxKSV2o4xdau/wMfv6V6XK89mrRx4N8zud78ve6UXxivjAwv0TpinBvqg8uNf98WQYWqucmh7j0ukJSknNL1ivnDmWm8OT7Ye3Xnx7tsMH4hAfcV6prGs2EBdQYPpgm6n97buXn669BCglYV1CvFJKbO7gj0+4oPRt5PhUi02b3zz/+EMbDLUbo24Z+labDaxVJCi9QSAzcPLoOC24tlj0ZHI8Q3wkWN9sMBCH80rtInsMZCZRB6USrco65hmgoxKUkhCfIEGeG94WW6x87S+QOPR7080cmGiRZESJld1uO28Zllb7rKz15n92zl5Rq0kk4oKS6jgqQUS88q7oUXwpu+vdc9cBkjiC2+5n5At9qywXPT593nq1Pnfhxg5PdcR7xUcl+dBsEKzn42rZ2ZifuT3M1Srv32yQgvLv+Mx/X+Nfknb5JPA+HGwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKYSURBVDjLnZPJT1NRFMb5G1wDHV5boNiqdHrvFYolCAtsGSSWKpMFKhYqlDI6oAEKaVJwCIgSphaKtLYWCgSNBgRjMNHoxsSFS3cmJmA0NMTw+R6JKKZl4eJL7sm953fOd3JPHIC4WMpcppG5SGnZc8ZjVVF6QLn975sDgfaZmvg71oRJZIRUYcuAnq/2KWroGfm3QwEn2YpLVPPvOD2oiqj9yq/mGznegl56mx6T7ZbY1M6YAM0CuZkxT0b2Wg6QW/SsApRXDsotR+d6E9Y/h9DuqoCuJq0lKoDxqU1/pITGR27mBU4h+GEcTz5OY+ClA5JbyahYzof/9TBO9B/FcWcqpA4xU3We3GJ87ntnfO5meinMvruNnqcmXA2XoDVcCc0wCYkzBaZpA7ILRJ/2O2B87jA+QT9UeDRe8svZYAG8b/txc6kc9mA+yqayYPQXwvdmBEOrA5B2p0BtFIYOWKCm5RukWwZyXIbA+0F0LpaiKaBHmVsLw4we99ccsM8a8GClF5JOMcQdou8prULrgRmQo7KI0VcE13MrGv06lE5kodhzGvdWu2GdKkTVWC4DcELcJkKyXbCb1EhAVM//M0DVUNqP2qAJd1baUDaZjTMTeXAttsPi0cM0mgvHvA0NkxYk2QRIrieOsDmEmXttH0DfVfSluSToWmpD8bgOroUOWNw6VI7koGfOBuq6EqLLTNU6ojrmP5D1HVsjmrkYezGIrlA9LjKgnrlGXJlpgbCOD0EtD0QNN8I3cZqjAlhJr4rXpB1iNLhrYffUQWoT7yUKzbxqJlHLq0jc5JYmgHMunogKYJVqF7mTrPyfgktMRTMX/CrOq1gLF3fYNrLiX+Bs8MoTwT2fQPwXgBXHGL+TaIjfinb3C7cscRMIcYL6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEPSURBVDjLxZM7TsNQFERPrIielg5FFNkVy6FhN6wiG4hC5AoJVkAR+84MhWM75FNRcKWRXnPP3N9bJOEv0fDHWAK8vn1NZSghAgUsIwcpWFAlXp4fFxcAgIf7O5LgQBxskI0NPkLaz7pegRLsIdnOiUDyAHDoe90AiDnhzHVMtkJVbgDKlK67WkEG23QV9vt9bGOb9Xq9WAJUeXY7c53eBvVitXoiCdvtdq6gaoBccx3bsUMJJNE0DbZnQNcLaXnV1TpCEuR5iJJmQF/m/eObOvY/DNXT/pUQmwDj5Y4VkORCbdtGUrqum3Q4HCZVVTabTZLMh3QakkhC09y+9F8tnIdtdrsd47puCWDx77/xB7F6hU6PdBGYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZNdSJNhGIa/VSQdRQcSISQeBI4R5ZrZNIO2Mj3I6CCCfinRfoR2IoJM020sp8OcoHNQassG1laNpAgdhqI2f0GoOSwTS4u22p+b29zP3ft9Wi2b1gf3yftyX8/9PM/7UQCo9fTJeERNhBWpV9//lzkc+MAoHuTfZt84gvZWhDw95DjKQGb0grvrAmLNgS91CH7T/qwO+pvR8mFu4r9aD8BEps3+uZsIfG0kMi1DDAJEww5Ma7gMZE0AHZk2M5qXMJCQ24SFKSV803mIBHoxpdqLtRP435IENb8hDEgKj+UYXOMHSHtPYClnxzVvoGdg6xcRQxXcE9nwvTuP0o4sFLalwTnGQ8gph6WSja5bPOvf+352FLaBUiw5DKQan5iPk+qFuNHOhaTzDE5rUjEp4aBbkf7mjyHS5mjYTfrsxuKcGCJdNkQPMnDtPg8FLXtQ/vQUHo00oER/Ajn126PZym0sBhD70oI2PRas+XAOcVDcngHjuBqPxxoZY8eICipTCbSva3FVl4P06oTQbhmLtVLZRSIb4bUK4TCnwjt5GAWkX9p8u0uEmpfFkL8oQlXnJUifX4GmT4Zz9w5iVyUVpAGeJWc3GRYfjoFULL7Ph/+jHGfvsPFwWAWduQ7awVq0DigI5Dqa+6Qo0uUipYKaTCqjtizv3DsIt0VIBpYL36wUZkWa62RzSjSvISkirE+MZCm3Ri60ZULdW4XL7TlIrqAmdpRRCcwMZg2CMb+9H4uzlfB/bsNQLdfZpcpsWL1ejoxlv6gVIllMjRLz5l//wnDLIfGEev/8qGqffUTJ/d7XlFUd73GRyPad4o1ILKM2xZ7/AGAf1Jkquq5mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpVNLaBNRFD2TjIq/TdGM0OJGXPhBFENq0aUrtQYJCJaC4GdZxI1IF1XBdiEuXSooBNKKisXfTkGtFqsIdmOxdaEUaSIlTtp05v2u902aTgIuKr3wuOfdee/c88685xARVhJu/k25jznOazJtxhhoAyibtcUExTkeGloR181Yf/f2TERgiHpymY2b/qfr1aHJPUsKmC3aPPz9HndW3EVBcpZaxplr9W+XO/ohpV7TQFDzoGvn2WV1nw+YVOnYA3tWG4W3xWURHE+3QDQSqEUCG6cOpXB/ZAYnD3pLtYejM8gdiOe//aBZgWQCNhJukhe/LyKZTODRaBFOAkgsLhr+wOp4zSoX2NG6DkLGBAl7BOuCm3SQ60jB5V13P3fjRCaFLA8bNmfbPRzZ79V+rTLNCojnduPTTyXc/tgFJVSEH09fgBQSD/ISYRAiXBAIqiECxulLgmzNlcxmb2NnejOO3TqMLS0eS5S48bwTSipcPzPAXTWqsoo5OYdK6KMifMbzGMwPwekbnKKLR9swNuXDYUkDL7LcVeFK9hnujJ9r7lytYVsTgYzUoTc/QbOVkF5+KZGNV+Mlau/dR/VgY6kxvv4o0+mb7yyMlNc8YLB76wb8ml3ANm8tCj2vMTntR4btal2NiZ9/mu6CMWQaLhKNXCt82yu0WW//rx2afZHR41H/vEzlSvCkjp2VPue/lFt5YsuGFGsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKySURBVDjLbZNdSFNhGMf/Z9txO8t9iBuHvvzIaszcXKlBV5qUehFWLmkVQWAhGEQjom4isIugyIuBRHUTpRdBSFYIdllQoRlq2ccWbpCGms7PTXc+e0Yqw+3Ajxfe9/3/znPO876M3+//qihKPjEVCASKkOHxer3fRFEskiRptKenx5m6pqPgTlmWnxLnfT6fmklA4SRtRN3GNR0F9UQD2UV7U5tk0OghSCoEBbhgb8f2bODs5Q86ClcSxRsFGgoOE/eJYB/7kItx85zGaONUzsaF4eYs3AQnCMIv4jExlFYBBc1EJSFZ2EG8i31CufYeNLIDvdHjGJpzQRDOSfT2k4Qlk0AkwrTo4vVARW425oQWLMXdiM7XILhoT36/QiT38GkCmhRWBXtq+SJkMUZIKETM8hfY0gGFERHxbLI2HrZX+++MLGUSmImjPM+X9l4dT+uAntWgqTYnb5enkTlRPbmYSbBAdIfDYclxs7uMoy6IMiBQQ5tsD2CLRWAwljDmzXtR5bEYv3cdq3A2vOhf7wL92SyikNB+TNzGgjwKRU72Hhib1SM+HoLJZoW88BKF+5u1ckK48aWjjk0VsKsC5n8XLmFO/AlJpLMwEUWu4xSw8hl9TzqRbV2GtCIcIerXBVT+PPGMYJNdqKeTY7S1YJuuGfvMUZhy4lASYUBVIC/1o7DqCiMlErf6AgdMaxWUEqeJgoO2fNXJFagVJo96aOY3rHkeKPFhyi6jzOuAIvyBwRAE7/I5pYTgXxOIxCOWZY1vrk8yr69FmKn2EJPH18BomoYqzQCMFgNdQdquQFkJwr47H3JCvPi2taSYcbvdP6j8HcRwKBQqT1qpvDHXmc6tWk2EBLM0k3rHNNByDkyODCL4qvU5o6rpF/D93bJpVVaMqqJS+UoK6vqI5KiqA/8ArTiuh9VnDK4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIhSURBVDjLY/j//z8DJZgsTV+9fAu+uHo8+GzvXECWAV+c3R//mTn9/ydLu4eka3ZyY/ts63T3k4Xt+4/GlqS74JONY+9Hc5tdH4wsmAmGgWv9xQKX2nMPnapOF4A1WzsEfjSzefLB0FwUHoi/szPX/05P/f0rOWk9ugHONWefzNl44X/B/L3/o7LXnn1h4fitN6i22Tx7W5tpxqYHxmnrChh+p6X+/rd10/+fsbF/f0REmiE0n7F3rDz5wb7s6Bu3gt3Vz80db69zTd1mlr11tUnGxt89Cw/8N0ha9YDhZ2LC+p8xMb9/hEdc+h4Ucu+br//JFXFNi5zKjz20KztiDzIMGFgzP+iZboQZbpSypsAgaeUjvfilqIEI9C9bf8rk3Wd8kz59sHV+BQysa8DA+vNe1+RreV94S96UiE9pff7/I1scPnlW6NWgBCLQvxKOVaeO2ZcfW2pbcogTGFgGwMD6+2/alP+rYhz+Na5O/L/lytT/F57t+t+/O+t/eL/uf/NsyR4G17oLBUD/Pgf69w3Qv6XILnqvbbT+nZre74RWlz8bL0/4v/HapP8g0LMn9X//nnSQAd8ZnKrPPJi85uJ/oH9f4opOn2rD/9uuzPmPDDZdmgoy4D+DQ8XxArvSww9sivYX4DLAMkf6e/eupP/tuxLAmtt3JiBcQEzqAypsCe7R+N+7KwVsM4gG8cFhQGwSBiruAOJPIGdD6Q6QOAAJO6JfeUJqowAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLpVNLaxNRFP6STmaKdFqrgYKWlGLSgoiKCwsKVnFRtBsVUSTNyj/gxv4Bl678AyKCoCulgmtd+W7romgzKT4QMW1G+5hMpnPnnuuZm6ZNawoVBw7n3pn5vvP4zkkopfA/j9F8cafO3FekCjGpIgKIvayftTXOkr71jkz2/UXA4HxXfz72gIx/lBsWSfiVtwiWHK8B3kRQeX/6lmnnkuDAwn0MJSKQEFChQCp9CcHixxgsGWw3B01uRKfx9t1HIP1POpoSdUulLyD0vqO26IAkDW7tgSZYeHPqcmpXxkTChKzOaAKSEdo6jnEWVY5ehFxdHs2cn55rScDR73H6DKyyRWs1R0haGdR+z8YZ3MyMTj9rpUKi/PLkUJuZfmX3nkNYmQBxzYprpyCA2XMRrvNAcdfDhgKkm6ttKTdW6jH4w4RpD/ALAaNzhH2kSwALoSJCd9+VhIqEVVeD4C1MclaOT0Ke0Cowq+X9eLHapLH23f1XreDzI27LfqT2HIfvzsRAyLB2N1coXV8vodUkfn16+HnnvrPDhrmXsxBY+fmOwcVlJh/IFebK207iuqSShg0rjer8B9TcWY7q38nmnRstm7g1gy9PDk2129mjinjy3OIvJjvI4PJ2u7CJgMEdUMmVuA9ShLez14rj/7RMDHzNAzTP/gCDvR2to968NSs9HBxqvu/E/gBCSoxk53STJQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALNSURBVDjLjZBbSNNRHMdn0x7qQXwoyoqYS3tIJUsR8UHnFEKayXCO8Dp0mje8zLVm3vJSGpk6539azQteZt6aYmuKoQ8q3uY9LSJHqFsUJGpqpNu3v0FmGOaBLwfOOZ/P+fGlAKAclFQ/S960zHplse4M5qtoW5XxVnIfZ6ujv+8PhOO9zzK1NTTDUv1p7E15DL3oUAJ5yAnJUqsjdGo+NgYLoGtxxZLiHGZk9OVDCQg/8wL9hBor/QS2JqqxNkBgcVyFnmwH7aEEbG//iNnaJOPqZDMMc61Yn1FC3ytBVrB7yz8FEQxrXinPY0USxAARytyK4tqNSkQxP/QtAiy03YO+PQ19ZbGw519SOQltj/8lCHG9wCzleRqKAhjYm4rCeJSU5yBfmoaMR0K0valFbk8W7NIvVl0W2BzbFRRyr/Q9ifJFa2YYZutTUSfgQBLERFmkJyonUiEbE+GxJhF5miQ0vZUjQRkHlygnYlcg5dKb3vco9hWmSGGgcOwO8jVCZI8k4O5INMRD0eARoZgnfP5fWH62H6TjYigIFroCLdHNNEUb2xwPYh2ge3r9j+DI1WKxVBy3rzBbTjKKM90wnuyCzZcFMM6qsd6QhOEYe+MA73z1L9jEtSGcLdCs9X4C7je2IK1CAaGkCs+GNyGULqKRabG6QcKQsACRBfmIhi8P3dHpSZ2n0LzLOJz4jvX2OQNyZgH+MBDcC/h3AFwFyfQD3R5mMGpasXctZ5wiz02NlKkcx+3R5hIIXugRogZClEYEKIzgVBnAkgGsEgNUN07imzwMIKHvtyn4SubjLSo6vaiLFG2xm645NxE30wcR0QXwXpETKIGgdiBwZ4q8eVTzfTHEt4FORMNnsRk+hJvgNct0W+1FTaG8q4l0UWWxU5w5tUrHhBEw0qfITIOROgm3FA3o155rS5LDM0di7RvIH7U7Y5P7wg68099P+T6oezGZAe0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVDjLpZG9S5thFMXPG2NUxE8oxFAtKFnyLwiCHaxOnToodmoVh0qJFBVcRXQLuOhWLLQoWtsIfkCzmNLioA52EYz64mBKFAJKCXnuuU8HWykaS3i92z3Dj/O717HW4j7juxm8+TZQMvS1f9QzgNRZUnuKBTj/KkSTfbGG8tBrVYWbdUEqKMzQcFuEGzRc+tD76aQgILrZNx6sCI01V7XAcQBahaoiJzlkf2WRzv5E6jT1mUamlvvXv99SIDVAEgqFKEESYgU+x4fyQBnCwTAiDyNPjZGRzlh7Y0GFgbXn08HKhlck4Z65ECFC1SE0PXiEUn8AqsRe6gcO3IPol+Fk7NYRZ7reDbrn7tvjjLs392zRed+97Bymj2KJncTJZe4SF/kL1FbXwhh5cucXxMhLMTL/d//4YjVq8rK0f7wPv68UdTX1kLx0FlT43zyebLUdbR2gKuKrcWxN7DoA4C/23yYvMBSoVYjhdV40QIxAlLCWECNeAAT1TwPx2ICWoCroTYFXCqqglwYUIr6wAlKh1Ov8N9v2/gMRLRuAAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI5SURBVDjLpVM7i1pREJ7rYxXFiKjxVYhIMBhMbWGbIk0wasCsCCkD1vkR5gcEmxSpsrLIxVaQCKYQRAW1kgTxrVEUn7i+bmYO3MUlkRQ5MJwzc2e++Wb4LicIAvzPkZ072WxWgYCv0N6eTqeneD9Bw+epjvcPvD+jZf1+/1Gs4UQGWOzG91ej0fjcbDaDWq0GlUoF9H0+n8NyuYR2uw3j8fg7xsLBYLDHCimBLJPJfGu1WtROuHT2+71QqVSEZDL5RayTiFTQeWYymf45s81mA2zy8o8dYJAhjkYjUCqVoFAoQC6Xs9hms4HpdAq9Xg+cTifLvQggk8lgNpvBdrtl/uFwgMViAXd3d+wbxf4KIM4klUoZA0omw7kZiLhsKj4ej5cZULJYxHEcSxZjEonkMgMRgOYtFArQ6XRAr9eznbjdbpZTq9Wg2WzCcDg0xGKxD/V6/dMDgN1uB+l0mvnRaBTW6zV0u10GSOChUIgtdjAYcKVS6SPqwngvpFQq9QuFY8zn8/Dm+hpSNzdQrVaBROXxeKgIJpMJdQer1brDBlc8z8/vGdCsxWIRNBoN8wOBAPPD4TDodDpYrVakQkgkEuBwOBaYYtBqtYrzEd6hZHlc1hX5NAqxi8fjTNZ0aCRqVC6Xf/p8PgPqYsud/42RSOQFbvzW6/U+QsVxNC8tsdFoMGHZ7XYgtWLOFJcsyeVywwcALpdLarFYPNiRxzkfYxEx5FCF75Fhy2Aw8OjLUVTHfr8/RkavfwO7WaXhrjM2EgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPfS1NhGMdXf0VEQhDUhdCN4X0IYT8ghIJQM0KoC4vushZddLELKyRhQQkSFIKEGEkUCI2oxVhepG5zi1xbc0u3cDs7Z+ec/ezT+x62scmmHvhwDrzP93Pe57znsQE2cR0SdAm6d+GwYL/M1LBVBV35fF4plUqVcrlMK8Q6TqdzYrukJuiW4Vwuh67rdbLZLJlMhmQyaUnigVlC05f4+dbB0tQplp92DsnwPimQBaZpUigUrLtE0zQURSGVSqHF37DhGkVZeQdagszKLJ7HvZtNAhmuIQWGYaCqKps/ZkivPqCwPs/Gp0cYvjnKUTe+F9fMJoFoo96zfJZ9K+sLpP33qRhujPANtr7dJPhqmO/PBxX3+PljTYLtqImPpH13qZge9LUrmLEB1FU7sZd9jJw5MljNthYk/KLnxdFqeAjzdz9Z/z3Ck2fRE36qx9pakAjME1y4Lbb9GTMyTD52GUXsZO3ZadTkL6umrSD4ZZrAezvLH54Q915EjwywtXSH8FQf+t+I9V12FLwe6wE1SmjyAi77Qb6Kt3rGe9H+hKzwrgLH9eMUPE4K3gm8jpPMjRwlHfNTLBbr7Cjo7znA2NVOXA/PsThzi2wyah1pI+0E/9rNQQsqMtM4CyfE36fLhb2ERa0mB7BR0CElexjnGnL0O2T2PyFunSz8jchwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNPSFRRFMZ/749/Kt3IqFTSRoSMmrGIYTTbpEJtjBCCok1Em9JVG1dRC8FFEES5aGFEgRRZWq1iLKKxBiNqLDcltQgmHR9hY6LOu+feFm+YGVsZXbh8nHO53/nud8+xjDH8z3IB7r5avGgMZ8XoBq01okFpjYhGtEGJLtmCKINo/XbgVFPUBdDG9PVEq0P/UvnSvdlwQYFoHQIY/3obpRVKFL5W+OIXUVThrL91AN+XihKCwIeTu85sqPryqsJXUvRARAMwkshsiKB7fw25UgKVJwA40V7H/cl5jh+oL+RGk/P0xIqxl11dr8AXjTYG14HRNxkcx+ZhMoNlg52/ND6VAWMoc6F5+2Zy/l9PMIDrWByL1jI+tcDRaN06BaXxbDqLUnq9AqPBteHpuwUcJ0AIcgBXH93h+/wEyyuLrPk5cmv7gNY8gdIYYyhz4PDeWuIpj85IsS2ujQ2zJAk6DkZpqGnixcwYyU+PifUOX7Eh6DoAx7aIpzwA4imPeMrj+bTH+88PaNkZQWwhsrULsXxie9oAzgcESgUe2NAZCeE6AXZGQhwKh/Cyc5RZVXQ39wFwoeMmjXVhgMqiB8awe0cVP36u0Fi/iW9zvwuzkF3+xUz6Nal0gv6uWww+O02lUwGwmv8FM3l55EtLTvQWXwm+EkRpfNEoUZRXHCE5PUFbuJ0nH4cot1wSH14C3LA2Os6x3m2DwDmgGlgChpLX0/1/AIu8MA7WsWBMAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLbZPfa85xFMdf36/nebbGBcLaMmtM2DybElsjQm5c+PEnoKSQCzfEnZtduLRdSJFc4UK5sEizSLtQNCYXJMXKlMeG7fv5cc5x8X02w06dzqdPn/M673M6n8TM2H/6WruZ3TaoYPQYhhlgRh5s1lUCwU18GLpxfjVAgfzBMYP15bZVyfjXCcxmkiCHKabwfeIX085QK7RQtRwAO8ptTcmujiZWNZSxnICa5lU1r758cR11tQW2HTjOXwDMlpTbm7n//B2VyhSmCoDOqDDD1Pg+OUXmPHOt2gJJoVRg7cZmWuuXIgJmiqohYogqUY3pLHDrzuP5AIaI8nF8klJaJMsygvNEze8jCygUSyxbWIOazQMAVJQoAecch7a25vJzdZgZ1wffEmqL/JP/R0EQRUIkSsrNx29wIRLFkKhEEoqlEj7mQ50XEKPiQ8ArWFpDUixCamiiqCpeErz8D0irQyREIWYRF4QsClkQXIi4KDgvuKlnfP50iZZ1A5R3j7PvXOeFvxWIElzABcnbEcOLEkWR6ac01r9h84YuVi5dy+DoXYZfP7nYfbJxcTq3heBzgI/KdBB8EFxUpn48YtP6TiQVOhv2Ikmgu9wDcCKdWRgfhegiLihZEELQXL4TKj+/UEwWsX/DKQDO7LnCmhUdALWzMxAxxAsu5J6FiHOK98q3yQqjY8/ofXgYgN4Hh3k/PgKQzc6ANGVLVweWJIgYUQytxsQdZHhkgJ6O7dx71U8pKfD05RBAX2Jm7DzSd9WMo/nPm7P/GFTP1A5BzQtIPMAPoH/48tjZ3wRCz4QMKdc8AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVCjPY/jPgB8yEKmg0aHxf93/6jPlR4vP5P/I+p9yFMOEuvP7/pedKerJ7cmYnNwTOx9DQaVB9/8J/3McILyw/VjcUFA//3/a/QQBPI5MOT/7f2QBHgWxCRHvg2bhVBAjEHY/8DaecAhd73/GswfCNvmPoSA4we+8x2kQywLoTP33aAqCDHzeu79xrLepN+83uq/3Xwvdm94Jrvsd9lvtN91vuF93v+Z+tX5S44ICBQA4egHkwuNCKQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJHSURBVDjLlZPNi81hFMc/z7137p1mTCFvNZfGSzLIWNjZKRvFRoqNhRCSYm8xS3+AxRRZ2JAFJWJHSQqTQkbEzYwIM+6Yid/znJfH4prLXShOnb6r8/nWOd8Tcs78bz0/f+KMu50y05nK/wy+uHDylbutqS5extvGcxaWqtoGDA8PZ3dnrs2srQc2Zko41UXLmLdyDW5OfvsUkUgbYGbU63UAQggdmvMzFmzZCgTi7CQmkZwdEaX0JwDgTnGbTCaE0G4zw80omhPI92lcEtkNkdgJCCHwJX7mZvNaB0A14SaYJlwTrpHsTkoFlV1nt2c3x5YYo1/vM9A/gKpxdfwyu/v3teCayKq4JEwT5EB2R6WgYmrs2bYbcUNNUVfEhIfFYy69uci+1fuRX84mkawFSxd/4nVWUopUVIykwlQxRTJBTIDA4Pp1jBZPuNW4wUAPmCqWIn29X1k4f5Ku8g9mpKCkakRLVEs1auVuauVuyqHMo8ejNCe+sWPVTkQKXCMmkeZUmUZjETF1tc6ooly+fgUVw9So1/tRN6YnZji46QghBFKKuAouERNhMlbAHZFE6e7pB+He8MMw+GGI4xtOMf1+lsl3TQ4NHf19BSlaO1DB9BfMHdX0O0iqSgiBbJkjm491hClJbA1LxCURgpPzXwAHhg63necAIi3XngXLcRU0fof8ETMljIyM5LGxMcbHxzvy/6fuXdWgt6+PWncv1e4euqo1ZmabvHs5+jn8yzufO7hiiZmuNpNBM13rbvVSpbrXJE7/BMkHtU9jFIC/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMBSURBVDjLTdFNaJt1AMfx7/OePGnypE27LbNrcbpZKagTqQ6ZjsmGOETxoKiXwURlgkz04sGDeFGYMhEv7ii7DAU9dXOgMCcOy8bYRLtRN03b2JekadO89Pm/eulqv/C7fi4/x1oLwJFvp8eAkzuLmb0daehIgzSGrjIrwCpQAzTQAOrA18APPusZpR59cFvP3nefHGBzbWGSjjBJY00PCgmrqebvWovxv9oHgeObga2F0AFgelkTOA6+A54PUeAyFLl4rkvgwZ7BLNuTXN+p36qfbgBjhQujh6KfWLpu8YXBaEOqDVZLIIdz3wkIt3BX4vH+6QqfvDrMr7eCAR+gfvWAN5obHS31lvGCATJSYaVCiy7dxiQrpRexth9PgAEc3eTSrQZXKitVF8Bqs2Mk/nNnkB3GtP/AcXMYrVhbvsl8zyus5J+hnUJbGrAw30z5/PxUUwtxxK9d3h9abV7L94144GG6c+CnNP45T630Fq3keZDgYfGti7GgA40S6u7v33l8yTda77HKvBHld2FVF7wySIk2Hn63QjJzEtQaxsmjyi9g7RAqTdFSaQDfKvNFpvRIf7c+iVGGML4XjE9p+wHi+nW0FDSrV2ne8yFuVERqTavdUUATwDVKn6nevnbquysxNtzNwtQ5VNpGri0jOjUW9DD1sXOIHS+RzcbUWykqFfNnP3jaArjlJy6dOPbjsc/GZw+S7Hod0hadhd9ZrFzm396jNO//GJUZBgux77LY6KJFWr1zv7/v+Ol+4KOxkSFmfn6bMOpjtlumNvIVYTZP4FiC0CH0oBDD1HQHJcT8BqCFeAo4vFoZZ3nLFBfSo9xQj5HO1hFqEaUNxlr6koQ3D21jrt5BC7H4PyDlw8/tfyD73uFeLM/yUHE3ANqC1BahAAtfnq0SB7Da6qClrG8Gbs/VVjgzkVDsyVIszFHMRSS5iHwcEoUuke/y8r6tRD4sLq2ipZzZAIxS31ycmBy8ODE5DJTW17u+JBMGQSYTUMhlKRZirt2Yvgn8cgf4D/BEgoyc1axMAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD4SURBVDjLxZMxTsRAFEOdaAU1ogs0XCDKkTgKdBwFcZooJRINK+UGNJtvm2I20WQzEcUWWBppUvj971hT2cY1qnGlDgAwjqMlYT4kQXJz77quKgIkoWma3Sm20ff9/gYkMYNK5rquERF/Ay6NuUji9eNo0hCBCOLt+anaAC6N87ckPNzdQDJI42uM7Qa5ubRBhBJAxjRxDZiz7im1kcyiEeE1YBiGYoV5tRECleKcckDbtku/L+/ffry/XbLOKyu/C2AeIVcEVllFL1MlQEqgIMqA00SQh+JU8QyxEaKLgCmEz+MPQgApkDj/g9Q/bViCgQoAqn9/jb8mSSzHKz3sXAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJnSURBVDjLpZPNS9RhEMc/z29t1d1tfSmhCAwjioqoKNYuYkRRFB300MWT3eooeMn6C4TunYoiOgSKkGAUhh0SjJCwsBdtfQMN17Ta2v39nueZ6WBtktGh5jLDMPPhC/Mdo6r8T5T93nCPTUqVDhVOi5BRBRVGRBhQ4drGc5pfO2/WKnCPTbMKN0x9Z4OpzqDxWlCPFnL45VHCd91ZEdprWnRoHcANmhatbu4JtrShiSr8t9dIuIS6IpgKgoqdGBsQztwj/DDUWndee0sAO2hqVZmO7b+bkuAzvpgF+wVxIeqLqxBRTHk9sfL9fBq+kBdh+9Y2/RgAqNARbO9KaRwkzIL7ymBfDiQCH/HkIYjN4z6P4cNJEnu6UuLpAAgARDhrahqRYhZ1BVQsx85UomJRb2lqzqMSojaPW3lOWfUuxHN2LWAv5WnErZSWVCzqItRHP2qL+ggJc0CI9zSUACoU1BXBOx71PmXq7dzqorc/csj05BKDD+ZQsaCKCLFfCjxZbAGIc7R5N+9ezTI7uYD6EBXLTHaZiTfLZBrTmCCB+DJsyETJSCL029zowaC6nkRynqNNDYw9m2L8xSx4S7LSkMlUkUzEKEsfoJCbxkb0l8643GPqRHifarydEvsGnx9HohXUhYj7eUaIJXdi0qeYvn8x7yw7Dl3WxQCgplUXRWj/NnELdBuxdCMmVouKgihBfDMb6k6gieMsvezDRrQfuqyL66w8f8ecFM/15N7OhvimfQQbAhCHCz1f59+yMNyddZZLh6/owB9/AWD2pkmJp1OE096TcRE4y4izDDhL95Grf3mmf4nvrQOLvcb/mlMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKVSURBVDjLfVNLSFRRGP7umTs+xubpTJQO4bRxoUGRZS1CCCa0oghatkpo4aZN0LJttIhx1UZs0aZ0UxaKgSFC0KZxhnxRaGqjiU7eUZur93n6z5lR0Kxz+e93H+f/vu//zzkK5xz/G+l0+rlt23csy1IJQSjDNE2BL5V/EWSz2SAl9IRCoduVlT4YlATXhZxNOeFwCMPDQ1APS85kMu0iORqN1tfU1OD7/BKEuutyuNwlIg6HyAzDgDo9PW04jlNBISft2hSoadpBy1hf14jIRfJKh/ymiuR4/AQKhQ2pzsXFhUsuQ7yQJiLhIN4OvEFT8xmpLv5JB4JVJD/sSdM0BYpC99JNooitzU08uXdOKo6nP0G4PX7tZsmBsCpUxcRwpBaMMSgUrBziWRBwx0WD8xGJBEPeaQQv94AJB9QTImDweDz7gpVRjsUBtLREcDLZhWOBLJzVdMmBVV4ehSnwqOqeukRRAuGFQAZR308EG5MoLgwhGCAHc68R2vZCFSyiIaIEoZg46pP1l4aC5Q0bTZFlBE9dh6NPoioax46TQ92lJiQ3xkoErFyniNmvf++LhmgAljZPAnlyVERFIA/s6Ciu7JQIvF4VjztPy+WxLBu6bpArF9VWDuGtQXirXbj2JJhbAJgf3DIx0zeHd7k4VOrk09HRD227G4Uw4vf7E7XWFHyY4HUdtxRuvofibGFiUIfXKMJDJaqtD7CyOIJ9Z6G7u/s+kdw433rxcrzQi/qWNpj5Z1DVICZGdAxOxqCxGO0DG9s2xH6Y2TsLqVQqRkuWam+/iiN+P5heAcWzBE9lDFPDv35/GV/tetQ79uJgf/YIyPo6xef+/ldnRSmNVWto/rGAoqabudm1zru93/oOO3h/ANOqi32og/qlAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLjZNPTxNBGIexid9CEr8DBr8CHEiMVoomJiQkxBIM3dgIiaIESJTGGpVtyXIzHhoM4SIe9KAnEi4clQtJEczWFrbdP93d7s7u/JwZ7XYJBdnkyRxmfs/MvO9OD4AeDvuuMPoY/f/hKiMR5WKCvlarpRNCwiAI0A02D1mW38QlcUE/DzebTdi2HWEYBhqNBqrVqpBUKhUUCoVI0g5f4gK+wHVdeJ4nRo5lWdB1HbVaTQgcxwHfRFGUvxIuCKYfzmqZyZ2wKIO8fQ3/1Uv4Sy/QWliAO/sU9qMZmFMS3HfvT1xJ1ITOZJ9RpQi6+RH0y2fQb19BP23CVhRo+TysXA71+XkcMIk6fAfHK6tQVfWEoESXngNra0C5DHZJYGMDZiaD35IEi41qOo3vc3MoJ1Ooj92HpmkdQZiVEsHUAzl88hjY3gYIAdbXYQ0MoDo4CH1kBHssvH8jCf3eGKzDXzBNsyNoF/HH7WSJZLPA7i6wtQVnaAhmKoXjxUX8vDkMY3Qcnm6IInJOCS4nEte9QhF+RhInIRMTcFhYvZWCcXcUPmsl7w6H/w+nBFEb5SLc8TTo8jLq7M4m25mHfd8X8PC5AtHrXB5NdmwRrnfCcc4VCEnpA8jREasp6cpZAnrWO+hCGAn+Sa6xAtl84iJhttYSrzcm6OWSCzznNvzp9/4BgwKvG3Zq1eoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVBgZBcFNiJVVGADg5z3fmTujY5NZBANBIVkZ2J9IKkZFGKRuglq1KaqVtoqoVbSKFi1LoY2QEVSbcqiFWWJqPxL044wUGESQVqJOKerce7/z9jyRmba++tXTy2YmnyphPaYQIJBBNuPWfls8l1/EfxdeOrJnxxAgMtO2148d2ffC+rWlxMqkkwBkQjp7aeT97xf99cfS5ZPzv6w6umfHElQoXdw+qN3KhX90JYIgG30243G6Muo9tOYa999WfdfOLs92x4UHd3163eG3ti8ViIgVmdkNumKiUIOu0AURFIFmdmZgx4ZZt9w6uazOTO+FAklAQQlKhBKhRCgRShfOnL/i5hUjd64Kz2+6XjfRPQkVIJPaEUJGaH1SQu0YZHHqXBq2sdaGHlg9KWoZQ4VMEjWKlBJRQiAb2RUGlBZa66RCFFAh0RBBCIlENiY6QBTRhyypIROo0MZk0hDITFAKWqhdkkGSQt/oG1ChtZSZJCkBSCCEE79+Yv7UnIuXLxiNR8rwnsomFfpGn2SjAUjQkuPzHzp98XMPb9ngplVrHFr42OX5ubpx1943K7Rxaple+2EopBZkBo2MNL3wnie2P6ovvbtntzp48iMb1232+6n9OyuMx72+Z3Zmwn03Fi3pkz5oyWffnjERKzy29lnw4iPvmDuxG/unKoyXWhu3lsNefPNnr0VKAVpy/tK/Fk5/7afTR72yda83DjxjqpuEqxVGV/u/pwfdDS+vG05nZpE0wLXLqn2Lzzn287s237XF3IndBlEd/fEwvB2ZacPOgzvHo3w8Iu5NuRxAkkhpovug1u5Q5SoGfWurDxzf/eW2/wEnITFm/fHryQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLrZLdT1JhHMfd6q6L7voT3NrEuQq6aTircWFQ04u4MetCZ4UXGY2J1UoMdCoWxMZWDWtrrqHgylZ54RbkZtkiJ5aAku8MXXqQl3PgAOfb8xwq5LrOzmfnd34vn+d5tqcMQNm/UPZfBMHXx2ZWvI386odLe7jIL7w5EQ68qjhEOFjCmMj+v4LQmCwtCHkSCuSlFOIst4X1KU1mbUqT/kPki57bmL6xEnx55HxRMCqNCTkO6fUBpH5YkFoeBLsyAiHLEFcSQi5B2C38Z3eAPJ8JjcrmigKnLJ7nd8mwDcnFh4h/68T29FVsfW4F4zeCmb0LZqYDO191hOtkZ5sIuY8lioJhKZ9lo2DmbNjx9WDTowW7+YmsGv+9Ov3GijsgxwsNy7iiYOg4L54/nyawQC4lDubYANIRG7g1I9glHVILl5EMNCCXnEfouXSP4JksI+RY5OIfkWXGwf8cQSb6hAz2gV2+BXaxFangBSS/n0PCfxq5xAxCg3sFj2TpPB8Hvz2G3dWneOvqhLnPCIfDgd5uPebfNyAyrUR/t1bMmft7MdR1NiuXyw8UBDYpJ/AMkhsOPLa2wmKxIBqNIhwOw+Px4EG/Hvb7GoSCc2JucnJS7FEqlb2FizRwNMLHFmPvXnQJN/U6+Px+3LvdApVKiebmZlitVuj1ejFWqc7AZNCJEq1WGxMFAVPFtUCPZKhDXZUyGu6IAr+pklOclGNiYgI+nw9erxculws0N2uqjFOBwWDgSu61RCK50tLSwlBBfX39eE1NDa9QKFBXVydCY5qjNSqgvSWCw+RRqVTzZrOZcTqd2263G3a7HW1tbWhvbxdjmqM12kN7SwTl5eX7qqurq2pra5eampqSGo2GI2TUanUj4RSJ4zRHa7SH9v4C8Nrl+GFh7LoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPtS1NxFMfPH+Arwb+jFz1Q9GK+aLBXkWQvgoRehRDYAyxEY2StB8SILBJnWZY4HyhDrbR06YssW3O54dRNr7a2Zbq2u3u33bt7b347LhhqYlA/OJwfB87nd873nB8BoP+xPwK6i4q0EbLl3tC4MkRGdpCMzEsalwfIJvVR0Y4ATjZpwyToQSuMlR7o4gj05GtosQ4o01aIz0lIPCPTtgB9hMo0jwlG1MFJXVCjdcgKVcgETyETqoLytRGqcBepURNWuqhsE4BLLs4Nk2x8d0JbbcbQncNorzHD3VkOt/No/j54y4z07Dkoi61Y7iA51k7FBQD3a9dDtfyyE2qkOp8guCry/vf9RN6LHw8xpBaStxaRNrIXACyW14j3IfftGpSlM8guVCIzdxLpwHHIU2WQPBZOLkXy3X6IHyzILrYh3EreAiDzinKGPMp9XoC/7xL8/TfhH9hi/Q3w9dYgMbaHAQ4stpBYAKRfkKgnB/n184hO9SMZCUCMzW2y9VjE48SPt7tY3GYsNJNcAPB8vfpKLwOqIS5046euYesxNBXxqQau4ADSoQeYbdzQAs/Xng3YoMbuQQqchppa4vDahvQ1KPFpxF37WMBKrL63wd+wQcTEUyqJ95Cshp+wgBch+SqQCXdCk4LQUjOQ5x1c+l4W8AhSgSb46kmevEolmxaJl6M84TIjO9/EItVDmjzGqh/kknezL2XoWSR9jRC6LfDYqXzbVeblMPN8haTbiozwiKfyGMqXVsjBFiyPWfH5BgmfrpBlx88UfkhFS/epTnDQRKiJMHOb1vud8F6nOvflv3ymf7Ff4B/4xZL2LgEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF/SURBVDjLpZN/S8JgEMd9i1JURPSDIoIkS1FQI4iQgihStExrhGmydGObyZyyYRaybBRFQb/8vxcgBIF92275ApoHx7jjns/37p49LgCuQdzlXmEXd8RON1L4QPjM9NwbQtkXBE+eEWCe4D9+hC99j+XDO3j3b+FJ3CCcvu5a5wgQLXV6ceUT/3Xv3mWPAJayE5/fboAA4dw7nNjspmoDQqevlDAMA+12G61WC1/fP1BVFfV6HbIsUyyKIgRBAMdxVD8drf0BzIU5scl12QZY27ZM13VSbzQapFir1VCtViFJEsUsy6JQKCCfz1P9xFrFBlhX5cTGVyUb4D96oESz2SR1RVFIsVKpoFwuo1gsUpzNZsEwDDKZDNWPhQUb4D0wHHUwHCjZgKVEmxKaptHc/ZmtL8/zNLMVp1IpJJNJxGIxqh/yn9sAT1x31IHbx6L/FtiF3Sv6s+a2NMxE65jaUMwtX9CixiIiRkM8RoKc2XbRVGZhnrGcJcDAr3FQwC803UMOARws7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLlZNbSJNhGMfnTZddJHS4iFJzdhFSRAc6WClJNmbMZrA+0x0+dQesXGpTnDo3aylmSToSgqiMqNTmFC1aOVMHuSG6DS22SK8aMQPZwanj375vMPuoC3vhz3P1/Pi9z/u8LACsqampc6MtJD6ocvBOtBcsFuvwBrObak632Wz+z9Yx2K0WDBelYW1tbUOhISqVapPRaBS+vV2K8a5SDBemIRQKMRIIBOD3++NZWlrC6upqDMA0GMEQwWY0+3w+tKvL0MLZCm3ONqiILHyZm8PKygrTYEhbirGHJRgSsLG8vEynpnselZUN0HN3QHM+EdpoLTu5GdcLL6wD4gYTMYPBS2yEw2E6qqfzqMo7gTtkBh5X5qI8exeq+ftBZiYjGAwwDQYbS/CpsxgD+ak0nUrVk++olpHwOYwIzprw09KBXy4TepoKooBg5J8G/Xmp9IAoAHWNtvudGDdIEXC+QGj2DTwmHWqUCiwuLvqjgIPrBvXFGH1Aop+3J95M1j8HJzcPdTo9tEoh2m4Kobh6A8VSOe62tiIhIeEI02BiBMbcFBpgNpuh092CRCIBn38Rhq5HGBh+Dy6XC5FIBJlcgaPHjhviBqZaEpZ2Cfo4KfQAv907A8szHdSNeiiV5cjn88Hj8VBQQKBILEW3oQme1tMRhoEtatCbk0wbeAfq8bKWi8tiBfR6PTQaDQiCQHNzMwiRFGpxNjwdXM+6QbUEH9tE6M2OAcIhP34sfIW6oQlyuYy+ikAgoGuJ4hoW3C5kpO88+5fB66wkRCIR+iWoQVKrS22jy+WC1+vFnye+BxUVFUndnH3ou3IIrzKT4Ha7MRddV6fTiZmZGUxPT8PhcNB1cnISdrsdVqs1BqBAVISpW07VHdiukbATyf/5zr8BNamLpjmUSloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFiSURBVBgZpcEhbpRRGIXh99x7IU0asGBJWEIdCLaAqcFiCArFCkjA0KRJF0EF26kkFbVVdEj6/985zJ0wBjfp8ygJD6G3n358fP3m5NvtJscJYBObchEHx6QKJ6SKsnn6eLm7urr5/PP76cU4eXVy/ujouD074hDHd5s6By7GZknb3P7mUH+WNLZGKnx595JDvf96zTQSM92vRYA4lMEEO5RNraHWUDH3FV48f0K5mAYJk5pQQpqIgixaE1JDKtRDd2OsYfJaTKNcTA2IBIIesMAOPdDUGYJSqGYml5lGHHYkSGhAJBBIkAoWREAT3Z3JLqZhF3uS2EloQCQ8xLBxoAEWO7aZxros7EgISIIkwlZCY6s1OlAJTWFal5VppMzUgbAlQcIkiT0DXSI2U2ymYZs9AWJL4n+df3pncsI0bn5dX344W05dhctUFbapZcE2ToiLVHBMbGymS7aUhIdoPNBf7Jjw/gQ77u4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALuSURBVBgZpcFPaJtlHMDx7/PmTZq26b8laZ2m69qJS6dWUVa7oqDOQg9DUPTgwYPgRaenXeZNGEJB2UmLiiCi6MBd1O6iqzgota5sq8uy1nWbrX/Sbm2TkmZJ3vd9nt/jWxARvQh+Pspay//hPv3GqfZMKnGmtSmWwSqwgrEWEwR4XkAQBPh1D8/z0DUPU6/h1+psrpUKy/PXn3B7OltyB+7uzvR27WCbWMs2IxYRi7EWYwQjFmMMRiyBMZyfu7zjO688796RbM6kmyJcWV5FG8O53BJDD2aZvXCF++/ZhQ6EC5eW6O/fzdRUju7dnRgj3JVpI33bzg5XKRBriUYUxYpQ1YqqiVKsBnw7s4gxglgHn0Y8FWNjvUxPpgMtglIK9frH09bRNRyxKCfCgQf2UvJjGBGMWERAG0GL0OpWmZycxatsoP2Atd/LuD/kl5/Ppu1Ysq05kk5nuiKxRlVYnKewuoGvDVobjBECAyOPDXLnvj65lt/KrWyV5er82ePKWsu2w8cnPn1ooPe5bF8PbYkm9nY6/N17ExeJNzWytn6Dc7O5U5+9+dIhQg6hZ499sSvZnniqK53EN5Bo4F9S7S0sLG/Q0Z4kmkgN8yfn0SMnVK24eTLb2xVHuaAcWuOKfyqWp6lWxzmbfw2JftDx+Iuj3xCKLE2f5Pwv5Xf37cmo1bKhrTlGX7oBR/GXie9PsFg8zSP7Bzm4fxQ/dpMS+b63PjnW4hKq++KsrG9ybeUWdS/F5EyeWt1HG8ELDJXqRzxzaBTjGO7bOcLpy58zdO8wS1e/POwQ0kFAYARfaxau/0bpVkDFE6qexfOFUuUGUZXgyf5X2Xbk4Pvs6RwgFHcJ1X2fWs2nO9WA0S5iLWIErTXWRvnp1xL5wjQ/FqY4OvIhY1+/QDzSQKjuEvp57tJC9eZaNhpvRoxGRJDAYLWPaEujGmTm4jTDAw/zVW6cmHKZmjtD6B1lreW/GHrl9jHgZaAF2ALGZ94uHP0DwIeG5DahstsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDCkFB/7v+r/5/+r/i/7P+N/3DYuC7V93/d//fydQ0Zz/9eexKFgtsejLiv8b/8/8X/WtUBGrGyZLdH6f8r/sW64cTkdWSRS+zpQbgiEJAI4UCqdRg1A6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVDjLzZPdS1NxGMf3L3TbXV5EEN5030UJpTdClBBKSgh2Y5cyW0QXISY2eiGxklYgGoaE2YtFdTjHvZyO25i6uReOuRc3T7TNnOFOw8bHs2MmZUEQRRefm9+P74fn9zzPzwJY/gTLPxUsjB04Hh06ifq4i+m7R5jp29/82+HFiT2NmmBlZfYpfMrwcXYU+Urte/PS4XDUGLw14Gc8G+4gF7pIaXEcTeylGHzEl4SL4L02fUsQ9vtl0mnVJJOpML9JbITl0AXKRRfFd+3kp84SGWwlMHC6PHXj2N4twYd4PIzH40KSJBOn04lX6GM5eI6yLrM234KeamI1bCNxv54HA/bStyZuCiIoimwG3W430lgvmtf6NdyMnmykEDqPeqsOLSJWnqZ/J0gmY/h8XmRZZnL8KuEXHUbZk+jxVj6nTrFiVKL21zLnFclmMzsFqZRKIODn5VA3c89tzExcI600sBZvIj/dSex2vRmORiPkctq2oNJlQXhlHC6Rzy/xsKcGVhNE75xAsO3GbZTssR8lu+CjUMga5ExEUTAnZPlxZJfaqinJNykp11G6DjFyporB/h5+NeIdC9NwcJfe3bJv/c3luvXX9sPSE2t11f/zF/6KYAOj9QWRU1s5XQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLdVNLTxNRFP5mOrVT2tLWSgIhEVEsaSUNrSujJi5cGBLiwoTEv+HeDfEPsOmmO6Ou0IUGQ4huTAwPrSUlYDtQ1LRKQKBmOgy2zNzrudMHmMBJvpxzz+O75845A845BEikWCx2d2pqaikajd6jsyJ8LSipVOpWJpOZFznC165zjJIk8d8ia2YG/ckkytks2Pg4etAUEfPMzqI3kcDW8jIaY2NO7ArnkiyRiCSfxwNfMAjbtuEPh+F1uRCWZQcqpaiBgBPzdndDbRGLWrllQ1UUFEolJ6m4vg5GJEYoBMPvh62qKBSLTqygaR0CtN+4AbAg3Z7v68O6YWCIbh+kp8lUwI+OULcsbJIuES4zhhRpk+JDgKyc7GAkEsE1nw+80YBFSUyAyM4R0bDbjShpieCp1WASaaeLxcVFblnWmdC35nl56TE/0He4EOETNaJWxilSr9eRy+Wg6zpy2QVsrT5DVzgB8+dse+QdOZVgbW0NlUoFAfryA8EKzvffQHdfEvulORzsFkAddIj+I2g7k7QLwm7UyqhuzCBwIQRbf42e2EPsrLyAaRpnd3C8mRx7xZeIXL0P/P2CpafP4Q8dQv+xgO3C+9M7OCldrALb/INA2ASrfyM+Btv4hME7j3CoTUORbEHCZd6iIsU6XTALl9xfEbo4Cmbm6XyI6w+GwRq/oKoaIoO3wcrvjjuo0VwNEjKZ2Oz94lt4w1F0BXbBrT0algvZV5oIg/3V0BMdQH1zDh8mR+LOz5ROp3k8HoeiNPfKvfIEiYk0XPJ3Iqg63+Pk4FzeYWyvLkN7MzntVFSr1Y/5fP5mO2W0oeNzZoJa503Q6zhjrXNTg9lcYlbvPxXdfEoTGuB5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpVPJiipBEJyP6n/q+7TL6Km/QERBEfTiRdGDB0+CSB1EEUTcyuWg4r622i4oKuZUFKMyvGEej9cQdFeTEZmRmfVGRG//gz9+tNttpdVq6c1mkzUaDYNzbtRqNVatVvVyuaz8KiDIqiDz5XJJx+ORbrebxOFwoNlsRqVSiReLRfVHgS+yeT6fCQ/eu92OTNOk0+kk/0G0UCiY+Xxe/SbwVTZ/kEejEa3XazIMQ2IwGBCqeogwxngmk1GeAsKv/gjYbDZkt9sFaSjJq9WKrFYb9Xo9ms/nMqbT6VAymdSfAqJZDMooFSSbzS5go36/T4vFQghYJbrdruwHqovH4+wpUK/XDTRru91KAWQEnE4nDYdDslisAhb6+HDI8+VyoUgkYjwFxJikAMqHFZAdDofMClFNs0hbmqbJM6oIh8MvgUqlwtBx2IBPkJEVwZPJ5ElGAsTBWigUelkQ89XR+fv9LueNckEej8cS7++a9I1pXK9XyuVyFAgEXk0Uc1Wy2SwH6TEJECEKzyAjKxJARJC5gPJtkdLptJpKpUyMDYH7/V5WM51O5TIhM0QE0fR6veqPq5xIJNRYLMaFJekdPYFnzF0sDwkid7vd6q+XKRqNKsFgUPf7/czn8xkej8cQJOZyuXTxrfz1Nv4rPgFlRDELuo2JKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALbSURBVDjLfZHrM5RhGMb9A33uq7ERq7XsOry7y2qlPqRFDsVk0c4wZZgRckjJeWMQRhkju5HN6V1nERa7atJMw0zMNLUow1SOUby7mNmrdzWJWn245nnumee+7vt3PRYALI6SZy8fnt08kenu0eoW4E666v9+c6gQDQgYB2thJwGPNrfOmBJfK0GTSxT/qfP3/xqcNk3s4SX9rt1VbgZBs+tq9N1zSv98vp5fwzWG3BAUHGkg7CLWPToIw97KJLHBb3QBT+kMXq0zMrQJ0M63IbUoAuIozk2zBjSnyL3FFcImYt2HPAvVlBx97+pRMpoH1n1bRPT6oXmsEk7Fp+BYYA+HPCY9tYPYoDn32WlOo6eSh8bxUuQ+lyK9MwTJnZEQVhJgFdhBWn8Z3v42uv0NaM4dmhP8Bpc6oZJYuqTyh/JNMTJ7wpGo8oPkiRfyO4IxOXId1cOFcMixgyDUuu0QAq/e+RVRywUh54KcqEBGdxgSSF9IakUIb/DD24FIrOpaoO6PBSuDCWaazaZdsnXcoQyIR1xDaFMAigbjEN8sRpjCC0F1F9A3EIdlOofdzWlMtgfDN5sN28QTxpPxDNjEWv0J0O0BZ+uaSoqyoRRIHnsjUOGDqu4ETLRehGG5G4bPJVib6YHioRDiVPvjph5GtOXtfQN+uYuMU8RCdk8KguRiFHelobVBjJX3JAzz2dDe42JnlcSE/IxxvFoUaPYbuTK2hpFkiZqRClSRUnxUp2N7qQ7U9FVoZU7Qz6VgffYZBkuJxddlxLF/DExySGdqOLfsMag4j290cPpPSdj6EPJLOgmNUoo5TTnac9mlZg1MypJxx+a0Jdj+Wrk3fUt3hUbg7J3UbAyoLx3Q5rAWNVn2TLMG9HoL1MoMttfUMCzRGSy1HJAKuz+msDBWj6F0mxazBi8LOSsvZI7UaB6boidRA5lM9GfYYfiOLUU3Ueo0a0qdwqAGk61GfwIga508Gu46TQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFsSURBVDjLxZO/SwJhHMYF16b+gP6GZiehwcm7hBORKLXzPT1SIhMUHCKO48TT88emhwchHTiEERQhTrlE1FIhQS1BGRTU5vr0ntgS6BFBDR94eeH5fPk+L68DgOM3OP5MUCjkg7IsPf9YoKoFJw1LiiKPJGkX7wyToCxMFWhayaVpxTHFouqi4ftmU0enc4CTGLEE15T5qYJSSUWtVkW1WkalUkartYd2u43zbBZPPp8lMGeuoKp59Ptn6PV66Ha7MAwDp6KIIcfh1u+3BHMzBXRXmOY+FEWBLMs4FoTx5LtgENuJOGxLtIrS9ToIITADATwyDC69XmzGBYiiYC/I5bJoNOo44vnx5CuWgcftRii0iliMtxek01s4jIRoeBk3dO/URhw+eo7QO0Ii9oIBx+lvLPvxwrKDnfW1JULCD8mkiEwmhWg0PFtAG16kvFIuvtqmU51RPixTRraCicTz/akmohXK8P8+0zQ+AXBHwZp9sfnqAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALzSURBVDjLjVJ5SNNhGFac9U//iDlnTtNEYyRKKnZIUOaVeeWSeZY6E2VUkJk2Sg0PNFwtL5zlgiUjxBRLZcMJm1eubWzeTvebxzzWptM8Zoft7TfBEtTqg4cPnu97nvfh4TUBAJMduNQgR1LrZ7g5PLWuqlf7k96p+ZbLXVhOfjMlOp4pc9j9dwd7CCeaPCjn46K8d04PPSo9XGIg9fZ3pQR8utj0nwYnSsZM3enyF6yhlS8+FROs263z/edKRll4sshyP/EeA4e8oaRm+dr3UzlDz+0okrNUzsJEAF3eYksZ8CHkj786Q1MKvEqQdq9CRbt34biAkDnC/iOmDjrf56qHGSLdIj5V7G17U+haIdBqwysm+LbpsstO2fLyEKZqjdKshvQGNbhmjjVaJ8ge/DbwKBhmfBhd3WIKdSt0vkZdLdAu8eWrkFCDiLHBfHv3vPGmCOaMwZeGIEnsWcDFSfOxJMkhE7QgDFpQQp1YtxZWpeiwieqJwV3rIlqHCe5U8tRLKS+RQZtESVp83RxcKEIG0amB0bUqwMdKadsdoAW5URpUA2V8jQYX2X16J5HVlY6TydWK/rQa5VRA+eRyAF35GRsr9UGnRsYwpsE5ScbeNijmLmxWCTSQ3zq/Tq6eaDOSRwN5nsTSMSG7cxHiypSQVDcL2GjJ4+2366KrpMpJOEWWtey7B7uBxo2Pe60CMmsWaI8K4X2UC/B8zaEpHA/UiBujFsHdlgeL46TePrnywWAaon8SfatPmnF+a7OVBoYRDmy8vQefKG6GWj/nggMNCJSBhkTmDGCJwnyOH0apR8VQFgqQZQFQ5Ajapxehze/wzB4hWpKnVZQ4I7BIsRJUpNiwDOsj8nwxBoOkEXaf5VwcGPk9BoElyGroMwRCSxUQUqwAj9T+Xo4/Zna9lgyAir6iq6NDMZ1mBu+CbQx/LXEHXaRjecIU5x/zWY6geWgOSIopdIRitjj+ZtT/MjCim2SXzfU3mzTGRm+VUWzkfwHZspOnT6PVHAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIHSURBVDjLpZPPS9RRFMU/3/GbmhVBWVJGLSQoi5AIM+o/CCowBKVFP3AZ0SKUFlELiaBNhNugEKTIIRFc1iJFs2iRm8QoSiIdQ2Z0Zr4z8969t4U644ALwwuP++57j3PuO5wbmBmbibDvffKeGZ1iekBVEQWviogianjRNUsQb4jqx54rh5sBQjW72dq8o/Z/WO+//Hai2IGo1gIMfn+OV48Xj1OPE1fK4ot33Wd6cE6q1gAsa9DReGND7Jmcx3kpaSCiAPSPJDYEcOHULgprAfwKAED7ub28Gp2j7Wxd8WxgfI7WllL9dzFX3oETRc0IK2BgLEFFRYz4eIIgBrGVR4MTCTBjSwhH62souBIAjwdnLJUtWPxDwszM3qzk1Xg9NltWT/9OWeHaVTMzzIzgYfyndU08BUCjPJrOIKk0klpEkotIKo2mM4zER1GgcX81h253otmImuGhIHR+WQNruwQixHJ5gmxEmM5gmSwWRaS6H3HxdB359g40G5HcXY1UVuFOtljoVZeZe5+ty6xRHoDhz/Nw5wkNeyrZd/k8ms2xc/JTwN2+KVtYytvbL/NmZvZucr7szwNj5Zp8/ZW0hSNNRQ1CJ4qZcfzgdv4sRDTUbeXHbLo4C8fqK5maSZV54db1Xn1RMpKNPuifbiqIbnNecF4QrzhRvPh1zZRcyg2t7oPNjvM/JWOW3I/zgm0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALuSURBVBgZpcFPaJtlHMDx7/PmTZq26b8laZ2m69qJS6dWUVa7oqDOQg9DUPTgwYPgRaenXeZNGEJB2UmLiiCi6MBd1O6iqzgota5sq8uy1nWbrX/Sbm2TkmZJ3vd9nt/jWxARvQh+Pspay//hPv3GqfZMKnGmtSmWwSqwgrEWEwR4XkAQBPh1D8/z0DUPU6/h1+psrpUKy/PXn3B7OltyB+7uzvR27WCbWMs2IxYRi7EWYwQjFmMMRiyBMZyfu7zjO688796RbM6kmyJcWV5FG8O53BJDD2aZvXCF++/ZhQ6EC5eW6O/fzdRUju7dnRgj3JVpI33bzg5XKRBriUYUxYpQ1YqqiVKsBnw7s4gxglgHn0Y8FWNjvUxPpgMtglIK9frH09bRNRyxKCfCgQf2UvJjGBGMWERAG0GL0OpWmZycxatsoP2Atd/LuD/kl5/Ppu1Ysq05kk5nuiKxRlVYnKewuoGvDVobjBECAyOPDXLnvj65lt/KrWyV5er82ePKWsu2w8cnPn1ooPe5bF8PbYkm9nY6/N17ExeJNzWytn6Dc7O5U5+9+dIhQg6hZ499sSvZnniqK53EN5Bo4F9S7S0sLG/Q0Z4kmkgN8yfn0SMnVK24eTLb2xVHuaAcWuOKfyqWp6lWxzmbfw2JftDx+Iuj3xCKLE2f5Pwv5Xf37cmo1bKhrTlGX7oBR/GXie9PsFg8zSP7Bzm4fxQ/dpMS+b63PjnW4hKq++KsrG9ybeUWdS/F5EyeWt1HG8ELDJXqRzxzaBTjGO7bOcLpy58zdO8wS1e/POwQ0kFAYARfaxau/0bpVkDFE6qexfOFUuUGUZXgyf5X2Xbk4Pvs6RwgFHcJ1X2fWs2nO9WA0S5iLWIErTXWRvnp1xL5wjQ/FqY4OvIhY1+/QDzSQKjuEvp57tJC9eZaNhpvRoxGRJDAYLWPaEujGmTm4jTDAw/zVW6cmHKZmjtD6B1lreW/GHrl9jHgZaAF2ALGZ94uHP0DwIeG5DahstsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVBgZBcFLiFVlAADg7//PuXdmGp3xMeIokk1USG8jKmlRYJJU1K6NRILQopXVImoVFBGBpLteu2gVLYyiUALFRSVk0aKC0nyE5uA43pm598495/zn7/tCzhns//LSQzh867rxXYO6NahbddsaNm0Py7iGhEUs4DMcKwHapnn4vtk1u157bBMA6Fft9KBqpxdX07aqZnmUnL+24tuz/T04WAK0TbN5qhvApRtJJwRloCgZ60Q3j0VFjDoFO7dN2Do9ueGT05cPRYBU11OTJU3LchX0am6M6K3SW2VhyPxKAm98ftGuuUl3z3Q2lQCprjes7Ub9Ef3VJMagRFEQCwpBEWgR0pIfzy06c7F3uQRIVbV5eqLQGzYGoyzGrIjEFBSRQlYUyIWrSyNHjv+9hP0lQFNV2zdPdfRWswYyRQpiRqKQlTlqM6mTNFUzd/SVR69HgFSNts9Oj+lXWYgUIYiICICQyZlmNJKqUYIS9r793URZxO5YJ6pSEmVkGUkAATFSp2SlP2iwBCU0o2rT5OS4GGghEwJRkDMh4ORHhic/9MO/f3lpfF1YU11/nea9ElI1uqmc7CojRQxSG8hZixBw4mNTf37hjucPGJu7y/C3Y8Xvp46/c/yJTr/4/sbtM21Kh3Y/uOPOua0zfjnfSG2WBUXMioLRpy+6/9kXTJw9IZz6QGd4XnfDlnjl3IUdZaqq3Xj65z/+sTgsrYyyOmWjOqiaVpNaB65eMD47x1OvAijf2qJowy1lqusHnnv83ok39z0CAFKmTlnVcOanrQa/fmPyq5eNhv8ZYHmpkAqXi9l79t62fnrymYXl2sX5vvmlVUuDWt1kRYy6naAbWv+cOip2grro6y1k567ElBrvh537Ds/gILZjIzZiPdZjerzb6YyPd+xJp+248rW1/QVVGeeL3Bx58ljz7v/pCEpK8wRGcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIWSURBVDjLjZNPSBRRHMf32rVTdFOsDkJEhODNLGqXukgJpmiEURBGdEnbskNktrhCRQuaLEEikUhlbK5EiZmxjbWwfxvL0dHdtdlCx3VtZxyaed/eG5qwZct98DnM4/f9vN/M+40NgK1Y5p7tPTY9UIeZ4Q6EvIcQ9pQ3FR1O+kvqpbFWZCI+YG0RK5EhBNz2dFHhxIvSWjl+TdOSzyGNd0GJPoE+P4nogzPqpuGUv8wux64ahjIJZbYFy1Pnwfc3I9LXuDR1t2bnf8PC0xKHHL0MQw0gJ5yEmmhA9pMTYm9VOth9cA+rsdV1jm6lDFA0Cizabl6H9KH1d7gJ6kI9VmNXIHiqs5/dFfusQ5hg+PGbL/ipG7CWxPvAv7wEQ5mAKjZjPdGIDO2E9xwmgS7Hjo1dMoFuEIKMQvAtS8C9eoT4iBNh/22kuFrkxAYsh9ow661Bp9fHuqv4S9DiGTdPTa8SfM0QDLoOANl5TN8/jjHndrzrceCt2w71uwDXYJAJjhQULNJwQia4cXY3tMA9aNwdcB37MXRuF4Ih3qwpKLBegbUvLhGcqN6GW6fK8dp1FBP9F/AxvoBwSjcF7Q/fM0FlvsD8iEyycbFuQknDFLPl40QWnqFsyRdY16hbV+gdjf8Rraytm890P0opy5+VggNECwVJzllBldL+r2ErFO7uHYmx4A/Kxc1GPT9cSpmjnC72L/0FRS76cD+dhSEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLjZNLTxNRGIaJv6ZNWeBwkZFLQtGAC4l/wKULV+7YILeSYukEUhJoSASVuCI0hpAYDSUQCJBSoAaC0wbBUi4aWphpO52Zlpa+nnOqCAptJ3k3M3me73LOlAAoyZfDqQdOEvyO89/vRcGZ5HeWmySFYdWHVOQN0vE58jrLJMFJ82hewVU4+bMfqdPxP9VBn+A4D88wP59PwFqmsH7UgeTJEMlsTuIyI5uRsDfCMcmtAtoyhVmOu5kkHZuFsiNA3XuEi+QCdhxluL0D/SvpoO+vhIksiItNiPqqyXgfIL403gjfoTsIL70gQBdim3VQvz2FFnwOxf8E8kYF0rIVYqcRM70Vgf/Pe/ohwsutOJdcpBpP4Mek+jPEfbWQVzkG+7tNcNsqt68tkcLZTIzM6YZ21IbolgHq9j1o+z04nKhHRnlH2p6A32LCvFD55fIYr960VHgSSqCFVDJBEeugh+zw2jnpc0/5rthuRMBaioWBqrVrFylXOUpankIi0AjJY0DC3wD9oA9rAnc2bat+n++2UkH8XHaTZfGQlg3QdlsIbIVX4KSPAv+60L+SO/PECmJiI1lYM9SQBR7b3einfn6kEMwEIZd5Q48sQQt1Qv/xFqt2Tp5x3B8sBmYC71h926az6njdUR6hMy8O17wqFqb5Bd2o/0SFzIZrAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLjZPbaxNBFMarf4cFwb9AIgXBR18Enyw+i1gs4g01kphSlPjQeAtNzNqGNLVpNCGhEvBS21Rr0ZIK6ovFiKbNbXNpdpNsstncUz9nNiauErEDHwMz8/1mzjlz+gD0UZGxh0hFNPAf7SXa3fUpAKparVZoNpvbrVYLvUT2YbFYTEqIEjBAzZIkoVwud1UsFiEIAjKZjAxJp9NgGKYL6Zh3UQA9UK1WUa/X5ZmqVCqhUCiA4zgZUKlUQC+xWq1tCAUM3v6+74hu2cH4eUz6OcwFcvgYEmUANYiiiFF3Aq5XHIJRCeqHLOJbFcg5OW6Mqm495fL2NznYl7OwveYxsZSF6QUHEpIc9+eQgOvuFL6EMjC6wrg4GZZfIwOGbazX8TaPY/qAr5Ms72oOBt8WknwVem8KWmcCY0/S0E1HcXYyhjNMBAYH2waYF8izl3I4eGLqmjLjz9by+PRNxCMS0k0C0c+yMDjj0MwmMOGJ4+Vqtg0Yn+dwf5HH/sG75/4uWzAiwbfCQ+dMYSGQxdhMHMPmMFY+8MgX623AiDu9+YAADg35LErzHU8SGkcSI4+T0DoSuGRnoZ5mcdIUwdC9zd85OHpjQzP+nMOVmZj4NSZBKNVh9LbN6xslnGai8CxmMP+Ol81criwntgugZTysDmovTEXEUVcKV8lt520s5kjJvP4MTpkjyApVXCZmvTWKRqMh6w9A5yO9Xy9ijUgZCi1lL/UEkMUf/+qDHtruAn5BDpAvXKYbOzGTsyW5exWAfgrZQTt3RFu//yfHVsX/fi5tjwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLpZNLSNRRFIe/O81o+WjISM0epuarEHuDqIFEDyoqEFtFD4gWQVDQoo0QhFARbowKNNpKi0DJRYVGqRmY5oPUBs3S1GnMcdR0/v8Z554WM44RGURne7nf+X6cc5SI8D9lBTh79/0VIBkoAHaCCIJCCxaLwqJAa40O4LFZpT9z/cpdaOFqcZZCRDhT0V4p/1i3HveIiAQNgEKAh83usNrfgp3Pj6NvyGOGI6AlceExPT4SAKX+/PnjNxMAr+GPCANEJGqhq8NlLtk53myk0FlN/0QO19a+Ul33Lp4OArRYF9SWqrmxWqb7WliRcwp7ynY8g5n0Pa+6vQBQACXX6zG0RgvU3djP4OhUMI7nBXZ6iEvPxz3QS4TyEbsykZjVG+0hgAbgu9fPvm1J1LWNhDtH+1qxSRf21IOYY9VERCm+dPQxPatQvolcS8gAgBkjgF+EOXM+OImpZmw/GrCnHcYYrUTZJrHFxBItbh4N5bH70hOHBUCFDEzTj9cfIGD4cfbWEjX7GvvmYxgj97HY/PimN+Fq7GTNgTKchh2AoMEvUxeBnKgOPF+bid96BJ+zimURgjmdzHhTO6qonOUJ2YjMLwL0vA4ThluqKT0UwBdIYqy7Ao3BrHsdrre9qKJyVHQCodgSBgS0/gzQ/eAExWntbCm4QORwE46aZjqeuXG87GTD8TukZmSRkmQPmcrk4iYGdE1JaUOGiOTlulyrfB+ekpJbyNT4BANtDupjLzNe9g6R1lBIPQOWXgD1+zmf3Bvn3ZGaYN2TnYLYzDde1/i5oze7Pi21YD8BVSdMJ0n4cQkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFrSURBVDjLpZO/SmNREMZ/uVxFCGy7L+AjpAgoIUW4hZjCCDZCbCQgVlY+gaDNLghibbmy2EgQTCOp8gaWYmFrpbE4Z+azuPe6UVE2ZGBgzoHz/Zk5U5HELFFZ2/uzu9ysHT2OVZUAd+SOuSEXLkdmuITMMHd+zIfn29uH/YtfGydpbal2PLdQTX4uTEVcfR7bMXCSjoOS8ePT1NJfghKAVCYONhenBtg+vCcHkAOwcwOnTRiNRkjCzHD3TwmQZRnmlgNQTOG0mSPX6/V3TJNTmqw9FgAl0tY1nGUwHA4xM2KMbyom1Uii0+ng5oUFz1HPshy50Wh8yTp59tJCWaxfwt9VMRgMiDG+y48Kut3uWz/SGAKQP5ZEq9X6lrmMGGJhofCyclGhvyb6/T4hBEIIxBgJIXyaQq/XQ6WC8vJqHSCh3W7/1z/wQlH6cHd/vvM7bLgZbv86biWzhNyQFXvhTsF5DlCZdRsTZoxXOgYqlSAcLRcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE3SURBVCjPhZFfK4NxGIZ/R458Dz7B7wv4Go5WpJW8819mSw3bos202DsTNpT3FTbCRs0YkYPFasvKJhw5kpVEu5y8W0uZ7sPnup+e+34EorH+HIRZQsXfLtKkOSPJCXEOiLGNxgarpPniGW9WnPPN5y+9E3p5I4+n6DaLFHmeuOSRFEUSFNgjj04WDVcbQiCOuWBfnrIlE0RkjKDU8ck1VBytCIE45JYkD8QpECOHTpYIGVzYmo0UO5Q5IiyjqFLDKyNMyUVs1GJq1mvuiZJjkzvCZAhyw3ClrocVQiwwhwc3E4xjZ5f+SoOihpr66Hk1gOWWYGAeHzM4cWBnlEF6QZjLBqBaEbPKdMmpVP0WpbtkVjo/DMBv9aJzxTo2RhjAQoA0fkyFuhsmGWestqFL6cDEP9+s6gcdbFPqiEGjeAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIASURBVDjLpVPPaxNREJ6Vt01caH4oWk1T0ZKlGIo9RG+BUsEK4kEP/Q8qPXnpqRdPBf8A8Wahhx7FQ0GF9FJ6UksqwfTSBDGyB5HkkphC9tfb7jfbtyQQTx142byZ75v5ZnZWC4KALmICPy+2DkvKIX2f/POz83LxCL7nrz+WPNcll49DrhM9v7xdO9JW330DuXrrqkFSgig5iR2Cfv3t3gNxOnv5BwU+eZ5HuON5/PMPJZKJ+yKQfpW0S7TxdC6WJaWkyvff1LDaFRAeLZj05MHsiPTS6hua0PUqtwC5sHq9zv9RYWl+nu5cETcnJ1M0M5WlWq3GsX6/T+VymRzHDluZiGYAAsw0TQahV8uyyGq1qFgskm0bHIO/1+sx1rFtchJhArwEyIQ1Gg2WD2A6nWawHQJVDIWgIJfLhQowTIeE9D0mKAU8qPC0220afsWFQoH93W6X7yCDJ+DEBeBmsxnPIJVKxWQVUwry+XyUwBlKMKwA8jqdDhOVCqVAzQDVvXAXhOdGBFgymYwrGoZBmUyGjxCCdF0fSahaFdgoTHRxfTveMCXvWfkuE3Y+f40qhgT/nMitupzApdvT18bu+YeDQwY9Xl4aG9/d/URiMBhQq/dvZMeVghtT17lSZW9/rAKsvPa/r9Fc2dw+Pe0/xI6kM9mT5vtXy+Nw2kU/5zOGRpvuMIu0YAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKlSURBVDjLjZLdS5pxFMe9aAy2cLvbvzF2PYocddELUTd5464MISEIGRRGF4H0sBKpMMnZC9kqe/UlF+UL6upiDJ6BUSEisqHOXKY8s4Wy/O78flDQaC8XBw7nOd/P75zvc2QAZH8Kr9crd7vde06nU9jY2Ki5q+dfYt/W1lZpfX1dcjgcwtLSUs1/Aba3t+Uul4uJL7LZLEqlEkhcttvtwvz8/P2/Aq7Fm5ubF5lMBpSDVoAkSZibm7uy2Wye6enpe3cCPB6PnJr912ImXF5eBq2DQqHAJyGxNDU1JUxOTtbcAlyLyayLdDoNGp+NDZoIYjwNk/cIzo+fYTabqxMTEyGTyfT4BkBmyUngJ7O4mCbA4uIiCIp8Pg/z7gnUbz5AZxfxJZUBiaWxsbHnHPC7mCYAmcV3z+VyCIVCOMufQ+/4BEfkBG7/e4yOjlYEQVBwAL3mX1tbq5yenoIgWFhY4LszMcERDAaRTCZxFEvgrcvPxGUSP7sxkcR7Kysr1VQqhXg8zg1j+1MTZmdnMTIywiFOlxtDQ0NVVjMYDOc9PT2v6urqHsrIZSkajaJYLOL4+BhGoxHj4+Ng/z+RSCAcDnMYia9isViZ1fb393lPa2vraxmZ9fXg4AA7Ozvc8YGBAYiHhxgcHERbWxu6u7tBrvM6y1taWn4qlcp3DKLT6YoyuqwnMzMzFZ/PB61Wy8bjAFEU0djYiEAgwPNIJMINrq+v/97e3v6AAYaHhy+5EVartdZiseRoTA5hgN7eXigUCjQ1NaGjo4MHyxsaGiqdnZ27DKDRaAo3h0SXVUuAbyqViv1nMGPZPRAYfX196O/v5zmrra6u5smrAq14cuuUqemRXq8/o9eu1Gr1D5rmkqLc1dX1kuIF5RKr0bdSc3NzktZ5+gtxf8ZLfEnITAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLhVPfS1NRHP/ce91wW9MZrjLLKCNxTEgcG9FLj0EgmbApPfQHBEHsL9B6CnrpRcQeQpIiWgwjlN42X3Kza7nKGEXRxFpMhVq7uz/OvZ1z5ubGpL7w5XO+536/n/M53/O9gmVZiEajd/x+/7jT6TwmSRIEQeDOvjEnhMAwDCiKUsjlco8mJiZuoGosYWpq6i3FHev/pk5PT29WiZm3MBKXy+WjIA1HH+NfNn93zG6z2brq9ziBKIocHQ4H2jwdLIZAXaTXqK5/ft/Ebi6aCJiUqkm7BUJdsSjsFVgQmgmYsUbdvubjqOs6b1oFdb5HfO08j7a2gUCsFrPuZzIZLCwswG63Y319HYlEgl+rN/0EPT9moJa2YZpmswJCKpvBYBCBQICfzNZMBdH/oDQo4ODxEfz+9gJmo4CKAoMYPJBlGfF4nCtYW1vD4uIiWhUZnq4Q2roGsf35JZwo7ENAT2QWCoUQDof5dZiCK5fOw8gn4O70gPyah7d/HEdbPiDz8KKtkcAgPFhZWUEsFuPdX12V8enVfXT2jQBlGanZORzwKGgnORhlbbiBQNO1moJIJMIJzvY6carbC3dHCab6hb6fCVJM4+SFKAxVvZW6d85da6KuaUZyaUmiKFTmgsCTn8Xp0GWYpWVaq2BotA+mtolWVxaHB8b6N5Yf3KSpk1xBsVj8mEwklVQqjXQ6jfy7OA71DMHpLsAytujjS3j9LEszTZjlLLxnToCo+vXkpN8n1E9h1ai8jYGrc92S+JUS7PD5q++75OhD/v0bZJ9PPm3Z76cxVK1VnhlVLProFh2cPbdqCIaWdeQvTLNXD529QmkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEMSURBVDjL3ZLBSgJRFIYvtO0BfIPeI3qBNj2Cy1rWzlWbkcBNYhC0TletJKOFq1lIILhQJCywaDZOkINiGl/n3DNj6LaF4MDHGebc/5tz544D3H9w2yAI3LkQp7UgREJRSIS+0BJqwr6QTzkWulqdD09juD3Ah5PI7r8TiPvw0YJeDUq7cJ83NDzqwmUOFUyYT/ASfasGm6d4kQo1OB3JszN4fTDujuBrqP2hW4baVxbMBIuZTfAeQucGxm/w+WzB6AleGipo/Am06hTrEwQupLhjwkFdtlOFnzlc72n/cFWgQb3WJ8i22a7A44mtCfQQ7BSyL6617BtWZ+kphMKFlwSusrJmW/7ETQt+AQhq/TxibW0lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG8SURBVDjLjZNJS8NAGIarv0PBuzcV/4MHwYMHL/4CPQsexYvoSW2RioiguJ9cigtFKhpxqVtBXGqtVRO62TbJNFMb+zpfNKJVMQMPCWTeZ+YdMi4ALjGqBPWCxn+oEVRSxsb1IajnnGeLxeKraZr4DfEdbrd7sFxiCxoprOs6GGOf5HI5ZDIZxONxS6IoCjwezzcJjQoS0ATDMFAoFKwnoWkastksEomEJcjn86BFvF6vJfkhoLANCSigqiqSyeSPSh9nUvFNIGp8TqB36m1XSaVS1k5kWf5bUM5XCe2EziOdTjsXmGYRgVAMi9I1JrbuMbPzBF/wAS8F5kywfX6PlWAcNwrDXYpj/1bF2mkS/pOYM8G8JOPiUcNBNA8pwrArCMkcs9vR/wXUf9wfRTjBId3q2Anr8F9qCMY4pgKPzgSzovPFE0Pg+j1MHD1wjPqunFUIhBTsh1Uci9Be1MChWH35TIN3cgl97XU95YJSueBZ4zi8ecaCOIu5XRljm3cYmfQhtDYGabidTXfWttl3oUH8fUyE/rxMNpGD1dLReEcpsj4EX28TswXVJHFwnS26mqu6NwdajY3+FrwBN5GpoomTEloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLjZPfS5NRGMd3F/4JRRfRVQRdeJOE1EVkaq52MfDHhbS3aeEk82IGMzaaVrrcsh+umUQ3QYsWlOKEbcrKzW3qxNqWG2IsreYkl/pOt7379e28pyQXGR348HI4z/M53+fAKwAg2OaU8q3kbI/HJtJ68gSIdJ6kSDuZFGom8qVXnX07a7cp2FTecqZX2SS+b6YQi/9klU0hGGGhHFqC9N584kTz8J5dBUKNK7GxxWHmc5aQgecTh/GFFFKZHGYiWdwYWcJJhf3ZroIqjSvJC2aJYPZLFlOLaTg/cgivbIJPtrK2hTLVeOavArVaXVSlmeDWNzn4yW3+5dyvFGnY5rZgDsSxTkY73eHgJBJJUYGANEsJcfJYWCOC4HIeH4jAR0TexQwdY2w+Qc7SqOh0oq6uLi4Wi6VUQBrLBgYG4PV6ca7HjRgRhKJ5BAn+rzm8J6O4SQoHGSVGBGduuuFwOCCXy1FeXl7GC3xkIRqNQqlU/hd8rdPpRHV19QIv4LLZLHimp6fBsuw/cblc2K5vbW3NC1QqFTiOo5hMJoTDYSr6kyev+yDvP4+Ld0RgblfiqfUhGIaBoL29HcFgkGIwGBAKhWC32wt4YOyG2sRgOKDHu4gVvTYZanqPoLTmMARtbW2w2WwUnU6HQCAAi8VSgERTgUH/XQzO3Qe/tKON6B29hJKmfRCQOWA2myl6vR7kTSgKhQItLS00pvBaMUYCj7FzDfn0KGneC4FMJssZjUYq4BtfvHyFsTcTBRy/cgA91gvoskpoc5dFQhMcbSICqVT6qL6+3ldbWwtG70YiyWF1g8M3wsp6CpFYEprnnRBrD0FnbaA3819+X1yz31HwLzB6T66xfwqNht80UCYhvN6MY5cP0tgEltDN9/wAJ277Y3yZERAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpVNNSFRRGD33zZs3P85vOs3kOEUK4qqQCqzcDE0F2eBQgbQIhMAWGWREQdAyaF2LFkaLJCLbBBVoCga5KNEwChK00kYdHWfGnzfjzPu93ffGooTceOG89937vnPued93L6GUYjuDwzYHf7v7w5Dd6W7MiEpFvqRyOjOkg0Jjgc7caQy6Xp5vgIJoirK+mklOTE3xAb83cqm13iMplNhtln/UyeaYlN9FSbUUJa36/F2pxKXX1FpZ1cmToRSSGRkFiWImqyOZ0zG7oiO1qiMtUmQKFIoGzGZl3HuVwnJB4tyBSB1XkDRis3II7/LgzVgaK3kFQQ+BlZkRLAQCbwDwOQiyazJ6hxfh2+FBpc9meuLWS6ppsTbkQk3Qg77RNJZFBVUuziQKTMhrJ8iJBjmNqkoPasMukI3mcYWSVq4mS6ytdiHgd+LZ26RJMIhuhiyLHw8k4fU6zRwH/1cXCsWyA8Kqoyoq7LyO3WEfXo+kcbyxylzv/5hBhK0VM5PofngfLpcLPaoKPhwDvy5pMNzIsorFnIhI0A1BsCKVs+PdxJp5UOojfmhiEv3Dz9F46AiaWi6iIQjcuH7NEFAp6y1JZxk54IbDboWhuHenE7sZjLYlv33Fy95u7D/YjH3Np3Hz8gW0xk9iITXHfiE3Ny3J6p6GGgdxOThCOM3c1bBO2OPzp3G8eNqDpqbDSJxN4NyZBBKnWujo+2FSqkv85OX80syxq31+m7uigrdZCM+qybH2WZhKiM5w5McA9yUNOhUKa3eORi3NsTjGRkfItP9Ecml64TuMy/Q/dHR0UEEQHsTj8bzf7xe7uroetbe301gsZv2dQ7a6jYw8Jsvygc7OzhDLuyKK4q35+Xnn4OBg8U/SVg42xMedTudkW1sbjUajls3ffwGqPWPVeFFgygAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpVPJiipBEJyP6n/q+7TL6Km/QERBEfTiRdGDB0+CSB1EEUTcyuWg4r622i4oKuZUFKMyvGEej9cQdFeTEZmRmfVGRG//gz9+tNttpdVq6c1mkzUaDYNzbtRqNVatVvVyuaz8KiDIqiDz5XJJx+ORbrebxOFwoNlsRqVSiReLRfVHgS+yeT6fCQ/eu92OTNOk0+kk/0G0UCiY+Xxe/SbwVTZ/kEejEa3XazIMQ2IwGBCqeogwxngmk1GeAsKv/gjYbDZkt9sFaSjJq9WKrFYb9Xo9ms/nMqbT6VAymdSfAqJZDMooFSSbzS5go36/T4vFQghYJbrdruwHqovH4+wpUK/XDTRru91KAWQEnE4nDYdDslisAhb6+HDI8+VyoUgkYjwFxJikAMqHFZAdDofMClFNs0hbmqbJM6oIh8MvgUqlwtBx2IBPkJEVwZPJ5ElGAsTBWigUelkQ89XR+fv9LueNckEej8cS7++a9I1pXK9XyuVyFAgEXk0Uc1Wy2SwH6TEJECEKzyAjKxJARJC5gPJtkdLptJpKpUyMDYH7/V5WM51O5TIhM0QE0fR6veqPq5xIJNRYLMaFJekdPYFnzF0sDwkid7vd6q+XKRqNKsFgUPf7/czn8xkej8cQJOZyuXTxrfz1Nv4rPgFlRDELuo2JKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJCSURBVBgZBcFBi1VlGADg5/3Od+/cYWjUTYlRS43Zi1BGuGlVizZB0EJaFf2JNpHgPt1kBf2EXFlEZFFCUJsIsWmhI07iqOPM3HvPPed7e57ITAAAcO3mw1wOg2Fo4PbOo6NoGfuL4d7du4tv+r29yz9dfXsemQkAAK78cD8/vHDKw4Mm0DKtxqZ2fP3bE7/f2vn2wb2d9yoAAMA4psdH6c7DVEpaDc3+fPDG6XXnzxy3MS1vXf/u4LMCAACQ6IJZZdqFaRdm0+K/J3NnTnDx3DEb07WPCwAAAEQw6ahB7cKsFtt74eb20tN5mtSi3r5+9o/Z5tZWRAFASp8KoSsFiNRastaJErquk6iR5ZWXzn85iQgSkghu3NdACE0XTGsRmVoLESGTasiF1q8tH1wx9h1lU8Rzfrz1souvv6gWShQt6YLSMGW9kpmqVZRsvbGfypYOt3/29O8/XTrO7hcEEoEOHWZoH/xCC1XkrA1z+9t3rPZ2tNXCibPvq1sf2dzoZBZAyqQU/vn8nOVwIFqJalXU9eedvHAJjUypOXrwlf4ZKWQWhBTq5mtgWja1HPpqlZnjQr97DQloDudFP7BcsRpGi34wX/aOv/BYxbuf/Lp7bGOyXi1ltoFAJhptZXNtxXQpxwXtUBv35fDU7NSb/sWNy6+ehKrPDCOZ5Ej2si1pC5lzOR7J8UAO+3J8hgYAavatDkePtGFCFrKTOaGtybZBrmT2RE8ZjIsFAKi5WP61ffWd0xIBAAAASMT3tLwN8D9pITwp1Smo1gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHwSURBVDjLpZM9a1RBFIafM/fevfcmC7uQjWEjUZKAYBHEVEb/gIWFjVVSWEj6gI0/wt8gprPQykIsTP5BQLAIhBVBzRf52Gw22bk7c8YiZslugggZppuZ55z3nfdICIHrrBhg+ePaa1WZPyk0s+6KWwM1khiyhDcvns4uxQAaZOHJo4nRLMtEJPpnxY6Cd10+fNl4DpwBTqymaZrJ8uoBHfZoyTqTYzvkSRMXlP2jnG8bFYbCXWJGePlsEq8iPQmFA2MijEBhtpis7ZCWftC0LZx3xGnK1ESd741hqqUaqgMeAChgjGDDLqXkgMPTJtZ3KJzDhTZpmtK2OSO5IRB6xvQDRAhOsb5Lx1lOu5ZCHV4B6RLUExvh4s+ZntHhDJAxSqs9TCDBqsc6j0iJdqtMuTROFBkIcllCCGcSytFNfm1tU8k2GRo2pOI43h9ie6tOvTJFbORyDsJFQHKD8fw+P9dWqJZ/I96TdEa5Nb1AOavjVfti0dfB+t4iXhWvyh27y9zEbRRobG7z6fgVeqSoKvB5oIMQEODx7FLvIJo55KS9R7b5ldrDReajpC+Z5z7GAHJFXn1exedVbG36ijwOmJgl0kS7lXtjD0DkLyqc70uPnSuIIwk9QCmWd+9XGnOFDzP/M5xxBInhLYBcd5z/AAZv2pOvFcS/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEGSURBVDjLpZM/LwRRFMXPspmEaGc1shHRaiXsJ5GIRixbCr6SikxIlqgJM5UohIiGdofovHf/PZVmYwZvTntPfjnn3txWCAFNNFE33L/ZKXYv+1dRgL3r7bu0PbucJp3e4GLjtsrXGq9wkA8SU7tPk87i/MwCzAyP5QNeytcnJl46XMuoNoGKDoVlTkQhJpAgmJqcBjnqkqPTXxN8qz9cD6vdHtQMxXOBt49y5XjzLB/3tau6kWewKiwoRu8jZFvn+U++GgCBlWFBQY4qr1ANcAQxgQaFjwH4TwYrQ5skYBOYKbzjiASOwCrNd2BBwZ4jAcowGJgkAuAZ2dEJhAUqij//wn/1BesSumImTttSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHhSURBVDjLjZPLSxtRFIfVZRdWi0oFBf+BrhRx5dKVYKG4tLhRqlgXPmIVJQiC60JCCZYqFHQh7rrQlUK7aVUUfCBRG5RkJpNkkswrM5NEf73n6gxpHujAB/fOvefjnHM5VQCqCPa1MNoZnU/Qxqhx4woE7ZZlpXO53F0+n0c52Dl8Pt/nQkmhoJOCdUWBsvQJ2u4ODMOAwvapVAqSJHGJKIrw+/2uxAmuJgFdMDUVincSxvEBTNOEpmlIp9OIxWJckMlkoOs6AoHAg6RYYNs2kp4RqOvfuIACVFVFPB4vKYn3pFjAykDSOwVta52vqW6nlEQiwTMRBKGygIh9GEDCMwZH6EgoE+qHLMuVBdbfKwjv3yE6Ogjz/PQ/CZVDPSFRRYE4/RHy1y8wry8RGWGSqyC/nM1meX9IQpQV2JKIUH8vrEgYmeAFwuPDCHa9QehtD26HBhCZnYC8ucGzKSsIL8wgsjiH1PYPxL+vQvm5B/3sBMLyIm7GhhCe90BaWykV/Gp+VR9oqPVe9vfBTsruM1HtBKVPmFIUNusBrV3B4ev6bsbyXlPdkbr/u+StHUkxruBPY+0KY8f38oWX/byvNAdluHNLeOxDB+uyQQfPCWZ3NT69BYJWkjxjnB1o9Fv/ASQ5s+ABz8i2AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH5SURBVDjLjZE/SNRxFMA/7/f9eadWnmGBIl3fk1oKGsMh6KA/Bw5CUzS0NbVlkFs0RATh0HLi0CDUEmgQtCiBJA05hf1Z6pQT7Wqw4C697s7vew2BKYreWx7fx+PzPu99xcxoJvL5vFUqFYaHh2VrPaLJUFXm5uZ21OOtj7GxsREzy4pID3AEaBERVBXvPXEc7w2o1+tDuVyOZDK52RxCIISAquKc2xugqqRSKc5OHKYtVqoqgHEo0WC8/8f+BnEcE0JAnHHnvBBHhgAj8zHluu4PiKKIRqOBREbCAWZEgDgDozkDVUUc3J0FExABBMzC/gDnHKrK8zMfUdXN44UQSLlU84CJylOSySSZL6fo6+uj6/ET1i+lGVie4PWFUQ3OloH85amNh7sCBluv/puc+Weweu4onQszZG/cJpk5LdX5qWOfZ6fvT19sWYt2u0GhUEBVWVxcxMxYe/OMk9krtBZmkPFrtC+8wB/vciZ2a4eBmeG938whBBLlVVq7MzAw9H/YvR6cit/xjapKqVQinU6ztLREb28v5Y5O1t+/4sDLm9Sq31kHKmVHcHzbtoKI/K5Wq3jviaII7z2JRIJU9jqf3r2l9KeNsmvh10/h64oEg/w2g2Kx+GhycnKwVqshIlvB9FtH94nih4PtDesILloxbDQ3tfHgL9Xv6UA7GgE/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMoSURBVDjLndPLb5RVHMbx5515pxfnnaadQi9MSykzRSFSqyWjITVoUIMhLmClLky6YcempKBGgitDJEgaIlVjMGkkLkCqIUTjyo7YQs00dYYZpsNoufReaWn7nvM757yX4wJJJBoXfv+AT57NY2it8bBT2fct6aoeodQeoSgplISQYpSE+i6onv2gWr9e/tEbMY6/ZTwETmaO7ZKO+uKZ6q7WoFkBx/BQV7keN6fyuJj7qj9mfJJVjturlNf9+YH40CPAiV+P7tsYSlysDW/AtLqHcTuPoA5gp/U0zl39bKnS3ZeMGC+NJhNWNHdrFbdn7f3nD7cPAkDgw/GjUaHEQJ21EWN2Ean7I7jvrCBR2YL5ubtgjN4L692HttRVROtrKtDWaIFIDbzy9nAUAAJcUk9n9S6rRFPI8wlwV2B9MApLhPBN5sJ4LHj6miDnQKI5jMKMQLSqHG1NEUtw6vkLYHuDoXJk7QKUK1EVsNBe9QRGiz+D1sRBR5p9HZsjQeX4mLqnUJyTaKgNQ5DYCwAmJ7FNGi4CMNBhPYlN5THc+b2EdCl9tjUysIFIdsZqKzFS5ODMA1v1sDUWghTUCgAmI071FevKuiI7MD9zF/1jJ5ckU33Hll87M7GSNn8IP15aWBbbTRjgzIf2fUhlQpEIPljAafKXG8Mdl64PLkqSxw/PNp3fvRR+S/PcxPM8/cKlbb0Q0gPnGsQ81NaEML1gQ0kqPQAYfflt5uv+U1Ntl7esBHs0p7yzudkyir/BX7NBRODCA3ENYbtojj+G4aslOJIuA4A5WOo4qzkd15xOO/GWMifeAt/zYI5lAcYguYSQHoiAzu0RFCbnkcllbM9RfQBgapuZPuNvqp3JMremGuJGHqHGJvg2g2YEKThIeEjEwigUp1HM3YQrRffs0JFFAAiEPj6z6K+xbuNaGsgVEGpohE8cHhE8ElAksMocXEll8FMqNTkzd+vV2aEjF/7xhbWuF1/WQnyq4pta3fp1CPw4Ar3wR/tzO9455ylJrqu+91x1Yj71rv2vZwKA5a1PWZ5UvVqpPb5yktp12xuWZrL4jx4B/k9/AolT0+iTfsOYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLpZNLbxJRFMf7AfwEfA5YunTDwsTuujO+YsLGxEVTV066cdGYQmaAKKZNawOVSE2qltRIW+kI0jQWOlCGh0Bb6FAYcBgYGKAc51wegrrzJv9k5ub8f+dx750CgKlx3bCBTpNBk1HTzEDGwZ7uz/hx4zVN+icbksnz9YwJHiXZ4+iJGOFi4v5hnH2zl2Fm3RUTxmDsBGBgvu7yF6jISZoXyhLIShs6Vz2iWkOFfLECgUOOX9pOUxg7hAwBejRz8R9ys9UBXIrahYrcBlFTvdUle7Kiwn4oLDu2EgjREwD2hWVj5qE5X2lBodoCoaoS4fdGsDiCbO8E+EdrArajQ4DBw54yWDYuzDg9vwcPbNEJ8z2Gg7Nyk8TEMxdAu4MMehFgDHxPsNgzllquIWCXALCSt5r5JnVAALlSE6RGBy6rCiyvv2fRi4CZ8HFUxGGhuSSpME3twn0rB8xWjnyjEJApKqQKtXMFa851Eb0EcBThCADNqFtPfcRg9Z5OANKCMqiiDcsrr0cA45eDGFuVW1BTOlD8iYDPxJC9VPotDQCpiwY5meR5FWiHc9SCwelLMbl8GXo9IIPD4Dt0PyMKq8K9RL4B7W4Pdr7FgLJ/HA1R99hVMvn8IV6UmiRgeHzJQoMIjfiPCVJadsuLVf6uPdk/xuFFot9FqM1Pflmo1Elgtd4h/WIbeLQITp5XwOxwyXP01u+LNH6VF5whatW9yQfDKcgJEpkJ9hzLiuD1R2CBXuJnLR/+vsrjj+nhq6xp/qWXeW5bYWmrXVy0MOIzs4OdM3uY20z834/pf57zL6w/CRKnLd7XAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKfSURBVDjLfZNLaNRXFIe/O//JTCePxqQiRq2CDcQkGFoQF0VaCS4MAVGoiEhDpEigi0JxXYKhthTaTRcuVOhCIgXBFCtVCLb1laoNKkl8tIyPSCoTY8aOJqP538evixiZUOKBw+Uezve7h3PONZKYs81fntPuLfX8MZonOOF9wPtA8AHnAhveeYsDvVcZPPCRmWOSlFjwnhCEsy9BN3t6N+vOCe98KUKi9PLqNetxsaex7BIdb36FjT3W+lnB1wkE55kuWpZVpbGxp7X8J9bV3mGpbvN2dYap4gzev7YC3/Pn8DiL00maa56yOjVEoraVTZVnWFKR4vK1MYLzPQsKnPumrXvk74mey0M51pf/RrJuO4lF79Oc6OfK9VGG/8r13Ort7C5ljCTsxVUZKWpQUBQEX1zs6OpqOb1nZcseSKSIH/zIkfPRzzuahvZJCUIQ3hYn6rY/emAkEZ+tG1N543IJJKEgEjUfQPkqZJ8gW8BODuGLjxCGYC3xs/vE+ccdRhLF42ZLsPRGTZ9WJpfvRHGOED8h2Dz4IsiBSWKSVQRnKQweJT84coI0u8zcIhWOmPrgOZlas60hWrEVxePITaNQRP45mAiXf0ju1DEfP6O75Xvtn9fE6o+VJc26F/f6+sLTmyAhzaAwA4oxRIz/eixvZ2ibg/83hZqdmjKZin5byCIDKGAwII9CgIiptd+qf8ExAog32stq3sWYJHKOOP8QU1ZLIlVNasnSlcP7zNrS/Hl/YbJvcSaI1mhRE4Ur3zE5MJDFcKGiob6zas1G0nXN5O/k2oHhBTbRfWgqV2cmTu5l4veBg87yXuPX2v3v7Wzb3eOH/4mfx7yYpn1+ydIrHzvEJ9n93B35nM2lcUlc+ozqM7v44Zdt3CiN/wel+5Gy/cSN+gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJCSURBVDjLhVJLa1pREP7u9ao3PmLEBEy7sorFtkQUpIuWdlOwBOy+m+zzN7ovRejOZemm+9CsC6FYCIiI+CwUbUJoqVo1Pu7jdOZUxUKSfjDMvWdmvjMz54MQAmwEJZFIPMvn81/i8fhz+tf4bGFaOp1+XCgUPnMOny3r5EdbUcQPzjo6wu1UCp3TU9i5HHbwFxxzHx8jvLeH81IJ8/19GYsKoagKgZO8bje8gQAsy4IvGMSGw4GgqkrTKUX3+2VsY3MT+oKYa9XFN3RNQ63dlkn1ZhM2kYy2tjDy+WDpOmr1uozVGo0VAZYztgA7QLeXd3fRHI0Qo9sjNJpKBcIwMDNNfCXfJrtj20iTv6R4DFC19Q4ehEK47/VCzOcwKclmIzIXEd11OhEnr5C5h0NcEumqi2KxKEzTvNYMwxCTyUQag8+4hms1XIHZbIZqtYpoNIpWqyVnHwwGyGazyydfQb2KgIu73S78tPlkMolIJAKPxwO6eWVLon86kMKgJ0uxFjodLMVSqVRAAsKLNzWotPbDp0FsX9fBmjIl+v0+bNo87QEUwa2QC28/XqDUvWGEdTIeh6Qt92DPTLiow3DQjQ8nNp4cfnqpisV15Oz14hxJmUOZTAZeelruwpqaMOYGNFVgZ9sF3Yn3cgdDetcRwUdYVyfvw0E6YM8dWGMimFoY/57jrNGDObUOJEGdZEqJm5qm3TQRrImJYU/DeeMXHkYv8PrVwTtZ0ev1Tsrl8iP8B9b4Hr5XqTh2hrD/5zc++wOzk1RA9fA6WQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVBgZBcExbFRlAADg7//fu7teC3elQEoMgeDkYDQ6oMQQTYyGxMHZuDA6Ypw0cWI20cHJUdl0cJLIiomR6OACGhUCpqGWtlzbu/b97/3v9/tCKQVc/e7RRXz+7OrSpUXbW7S9tu8ddv0M+3iCjF1s42v8WAP0XffKi2eOXfro9dMAYJ766SL1092jfDa17DfZgycHfvh7/hau1QB9161PhgE8epoNQlAHqprRIDo3iqoYDSpeOjv2zHRl7atfNj6LALltJys1Xc9+CmYtTxtmR8yO2D7kv4MMPr7x0KULK54/NThdA+S2XTs+jOYN86MsxqBGVRErKkEV6BHynp//2fXbw9lGDZBTWp+OK7PDzqIpYiyqSMxBFakUVYVS2dxrfHHrrz1crQG6lM6vTwZmR0UHhSoHsSBTKeoS9YU8yLrUXfj+w9d2IkBOzfkz05F5KkKkCkFERACEQil0TSOnJkMNV67fHNdVHI4GUcpZVFAUZAEExEibs4P5osMeROiadHoUiIEeCgFREAoRBOMB2weNrkmbNz+9UiBCTs1yrVdHqhgIkRL0EOj7QGG5jrZ2D+XUbADEy9dunOpSun7xuXMe7xUPNrOd/WyeyKUIoRgOGS8xWWZ7b6FLaROgzim9iXd+vXvf7mHtoCnaXDRtkLpel3t9KdamUx+8fcbj7YWc0hZAndv25XffeGH8yfuvAoBcaHOROhS+vLlhecD+wUJu222AOrft/cdPZr65ddfqsbHVyZLVlZHpysjx5aHRMBrV0XuX141qtnb25bb9F6Duu+7b23funb195955nMRJnMAJTJeGg8HS0sBkZWx1suz3Px79iZ8A/gd7ijssEaZF9QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLjZPLaxNRFIeriP+AO7Gg7nRXqo1ogoKCK0Fbig8QuxKhPop04SYLNYqlKpEmQlDBRRcFFWlBqqJYLVpbq6ktaRo0aWmamUxmJpN5ZvKoP++9mmlqWuzAt7jc+X2Hcy6nDkAdhXxbCI2Epv+wlbDeyVUJGm3bzpVKpcVyuYyVIPcIBAL3qiXVgiYaNgwDpmk6qKoKRVEgCAKT8DyPYDDoSCrhdYHrO9qzkdOQvp+E+O04hC+tED63gBs+QiDnhQgTWJYFWiQUCv2RUEH/g4YNXwdcT/VEJ6xkF8zEDRixq1CnriD94SikH08gikJNS2wmVLDwybONH3GbNt8DY+YMrDk/tGkvhOFmKPE+pxVJkpDJZMBx3JJAHN+/MTPq8amxdtj8fWjhwzB+diH5ag9y8V6QubDhUYmmaWwesiwvCYRRtyv9ca9oc37kk3egTbbBiPowP+iGOHGT0A1h7BrS43ehiXHous5EjoCEx3IzF6FMnYMcPgs95iOCW1DDXqTfnEBqsBnRR9shTvYibyhsiBRHwL13dabe7r797uHOx3Kkm1T2IDfhhTRyAfMDh5Aauox8Ns5aKRQKDNrSsiHSZ6SHoq1i9nkDuNfHkHi2D9loHwtSisUig4ZXFaSG2pB8cZBUPY+ila0JV1Mj8F/a3DHbfwDq3Mtlb12R/EuNoKN10ylLmv612h6swKIj+CvZRQZk0ou1hMm/OtveKkE9laxhnSvQ1a//DV9axd5NSHlCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADVSURBVDjLY/z//z8DJYCJgUIw8AawgIj58+c7A6lWIDYnUt89IC5MTEzcxAIVmKyvr6kpLi4C5jAygkkoG0FD2IwMr1+/VTp9+uJUIAdugIiQED/Do0cvGX7//gvxGxMTXBMIw/gsLCwM0tLCYD1wL0AAIwMzMzPD37//4YqRDUEYwAxkM6OGAcxGZmYWoAIGFA3oNDMziGbCNAAkCJL8/58Fp+0QS1ANYJw3b95/BQVZBj09bXjgIQIMxkelQeD8+UsM9+49gLjgwYPHYEwOYBzNCwwAGT0uf+Tb34kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIZSURBVDjLpZPPS1RRGIafe+feSccfacxACUFYDGaKlEmrqFVEi6Bdy7YmLqL6A1oEtQiCglZBtYhKKqiEFiGRUERQthhEjKi0UNSbkk73zjnfd1pMM2VpBB64i8OFh/flOa/nnGMtx7tzoq3g1HnqHKoOVUXUIaqoOkTK9+PXJtpXAgSq6vV0dyALBuOKWJdgBVSUb0lAfWMDz1++XjVBIOKMiebC8x2P8DxwDqxV5qOY6aklLtOHFf0HQNUPvVpMSfB9D3WOg0MH8iqKqPJeF8k113G9d+vMCrVygRXFqvI1igkCv/xThJ1dbdgFQ5qI2CzheakVawXWKsYIM9NF/JSHqqMkvitFkde7Z5I6r4i1isukqQnWka1t5uRjrdYKrIjGkDo1eWi7U0fFxuh4RN/Y7zaKWdElxs7mZ0OdwIpUABoOjxTYlGvk/2y0YIxg7XgZ0H/jczvAzf58YqK59LH2e2wJN5Cx8MnAlZ4L7M5+5NWld1hRMnWGIFisVvArOio2Utmj3He7iC1kgSdf9rNoNhNqhBXhyMAoSRIj+gegYqOplKGrYZ6p5jzWv8tAoZuGW6cxpgVrlcGHbxgcfotIeQJBFfDTRseO9XTW91HDDCPfz5Ekt2lt2kZwsRz7zIP53LKH9CuBaAwcvjqFF87Sum8je+nkw7MJCF6QJFKNvQpA08MjBUQVEcfToeWjqnx/rXGtc/4BfOeC6F88S7oAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVDjLpVLdS9NhFH724WbTWcpKiTUxWyJKRTdGURaSUt5URDcW3XYZ9AER1UXhTQT9CREE3URi1EUkaGhq5ZSgDzc1tWmaGzrd5m/v+55zurBy6u468MD54Dzn0yYi+B9xZhvxwWOPheWCiECYARYIrejCvKoTT/qbQuUbCISlZXNFC4QFIIYQrcIQ0rEPsBKR5N/kNQSxgaN3Xd6gHQzo+HOINmCtIUojz3cG1sJXWIkI+ZtC3uyi9tXqfD1/y15Q+hvEEESvIM93CioZxfJCBExctX4HdgCYe3/kbJ4n4ILNBUp9hhgCk4GjcD9Yp2AthEGZxebAyaHRnATC/MjlDUJMCmLMn5kN7O4AlueHoZLRa4HmoVe5rmCb7T1U53D5+rz+E1CxdrDSEK3BlgVX6WnEI09EiNXDxQJ3yihc8aQzDmIIcSJ4fqTUKSTtLu9uCGk4i5ogZCCGAAHEMIrLz9nEaHfm00v4fdW4MxVy3y7gtEPTQQBwCrM7Od2VyboxhBkP5ovcwgqKDZQhbC8JorqsDktWCpejffmWUbNvAdhyfeLEiz2d9xOe+uM1F0HCICYwBDOJKIoLtqF37A0GJrvYMqrEmWsxQlxvGQUSxkQ8As0GhjU0aSxmlrBvx2Ekddre/707voFgvK12MN+7C1YsDEMGpUUBGCaQMH4mJlFSWIbQjx70jHbPKYPGNSOMt9UWQuxLQoyrsTSWlRLFCpZRqPTV2A7sbMTHyXfoCL+eUQYN063yxbmu9X4m80uIK59dGktmx2rv2VM2+yZPZ7hjSjEapltleCVJ5B9GnlbVZdvZqLiFVOCmQ7beQEW2/zeRQcHUmJPKOgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHfSURBVDjLfVI9TwJBEJ2DMxwf1xASSCxsrIwN1TUUFhaUFlr4AwyNsaZQCioqepB/AIWtUaMYGhNiSWdHQUAp4Djue505b83yoZtMZm/vzZs3b1dijAFf3tUlg4NDcB8egLkuMM8D33HAD/NOsQjs8QWST/cSr5FBWGIREwp9OufZdsSSNQLHDUh8ywrAARHlcC9vIYisEOBPhsWwtwcekWBQ9kwTpP198I0lYux/FNhO1TTNyvT0DHQ1BWY0Cg5Jn89B+fyC7PMrqIj5k+Dj5nrIDENP7+6mFPz2fR+4yUgM79GobhwfDc+FGokDBoOB5rruXTabzc2x43K5DAgoIpEIxGKxILrd7siyrJNSqfS24gFKLWcymdxsNgPDMMDDG6AgAhpD1/XgPJ/P51BNecNEBBVIDXV2yfWwOwUnWywWkEwmARUUNjywbTtNYF4Mggfid+hHehvBL1jM63sKi656fQQ8nHJD+excPt9LkhQoJOw2gh7NT07zrmLQWTweh/F4TGp7GwQ4V63f748URYFEIrHiAXUm82RZhk6nM0KC2sY7oNVqtS5QSVXTtJyqqj+vM1QzmUyg3W6P8LYqjUbjdisBrXq9riFJGbsU6GbIXCyaYvQwas1m803EfwO4vsGvr9ICrgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALASURBVDjLdZPLS1tBFMaDf4D7LLqviy66aulSsnBRaDWLSqFgmvRBUhG7UDQoJBpiSGpKTQrRIIqvYBRMKJHeRuMzPq/GNAbFx8JHLwoKLZau7v16zlDTBuzAMAx3vt/5zjdzdQB0N821tTXz0tJSamFhIUXD/L9zRZutra2yjY2NUhKXkPj89PQUJycnGBsbO08kEiXxeLx0fHy87EYAiXtIrK6urirpdFo/NzenHB4e4uDgACRUYrGYnkDKyMiIOjAw0FMEyGQy9v39fVxcXGBvbw8kvpqentby+TxyuRwmJiY0El+RMyiKgsnJSXi9XnsBQFVbqFeNISzY3d0VoGsA77PZLBiwvLyMpqYmrb6+vqWohcXFRRcfXl9fx8rKCiRJQjgcRn9/PzsCtYXZ2VlR3ePxuAotEFGm6sczMzOXOzs7kGUZyWQSTqcz3djYaGhtbTX4/f70/Py8APF3n8936Xa7j9va2mQdidWzszNhlytTkBgaGkJ7e7vhukp3d7eBMgCdFc7YDYdrs9lUHd2xenR0JHrkD1yBEkdXV1cBEAwGDZFIRDjgFsitOG8ymVQdXYlMFo/7+vouNzc3BYRz6O3tTYdCIUMgEBAthKKdePvxGV52PsJTZ7n2+HX5d6PRKBdCJIsuClIExSs9JIyOjoLuHYGIB46oCZ9yQWS+SfB/seKJ/w7u2fQ+IY5Goy3Dw8Pa9va2EPN10cMSmTCoxlOB2Nf3iOU/gIcv+QL+5CsG/BKAwcFBOyfPL49AoHSvXC6XxqFx3w/td5HIhfHviGeDDPj7ph0OR09dXZ1qsViUhoYGPUEUdsIOHry5pXml53BLNULs/lxT7OB6EqDMarWWNjc3lxDwfGpqiv8DVFju/zT6buOdZBGVeeV9IYObZm1trbm6ujpVWVmZqqqqMtPhDpo/2PaftYPP/QZledsx50IwXwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLnZPPS1RRFMe/b3zk5DCVmlq+0ZBCoTEXWkEELmzhqiCocNWyTav+gfoX2gq2bhET/VgUIczKoVUGxthIKqX1tAmG+cGM7/56nXvezDCtDC9czpl7z+ec7zlznxOGIY6y5p/N3ZVKLcb+J/j+23uphczt6x3wLYKfe0Nne53DFBB8QQiZFkK8FFLNSynjBL86MzDY9X13t3qoAoJ7Cc6kBrwYwR8Ifn3OSzFM19POYu4xSzAmpG2gaRutQYFQStOW+H1Qhh9WcTKZRK1exy9/D+nEEI4hBjdtPAwPX2pXtC2FoWlu6yv2Pxe/YulLBk7o4MnVBzgdP4H19WW4LTAIqgxYFRGsyddtez7ej0cX71AFg+NaQWsJKRtRAgtYsKfnFEZGplGvl7C/X8Do6BU6l1hbe4PJyZuY6nKxsZFFqfSDz5UKELM92grGKIa3tz/SxQHBl7G1tYJa7Q/Gxq5xcKGwTEX6eC6RAkqgteI+7YFdlYqPzc0VNBolTEzMIZHog+/nkUwOYnz8Bsrlnxxri9pCMWMa0NyTTQS+tBXy+ffI5ZZ4Lp43hWz2KXZ2PnErVn7EBHCtDCtfa8FDmZlZYGlC1EhuP99VKnuYnX3IfrH4jeGobQ3X9hZlE1hdfdGeRyug85+wtjXwyCq4QRCwpO7uREewafqm/bv1LujJNW30CZCCBvX7jvtWys4hIGvfg+AkkVzFQGT/Xc5RP+fW+gsEgchGXj0/PQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEXSURBVDjLY/j//z8DJZiBLgZkz37Ynjrz4ReyDEideb89afrDf5ET7v4n2YCEqXf7qpY9/T9r76v/Xu03STMgasLteaVLHv+fufvl/6k7X/y3qrlCvAHBvTeXFC54ANbctv7p/95Nz/5rFZ0nzoCAzpuPsuc++D91x4v/jasf/y9aeP9/89rH/6VTTxJngGPDtc3xU+/879789H/5kgf/02fd+V+17OF/yZhjxBmgVXCaRT3v7BqP1mv/a1Y+/J824/b/woX3/osHHSAtECVjjqy0Lb/wP2/+3f+Zs+/8F3XfS3o0inntXWSeffJ/0tRb/0Ucdv4nKyEJW25ZYBh/5L+w5fb/ZCdlQYMNs4WMt/wfuMyEDwMA0Irn/pDRT58AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLxZM7S0NBEIW/fWCnQgyIT0QQDKJBFBRbsRCt/Ae3VRs7wVpIY6WxkqTXxgek8IGIIQRsYjR2SkhAMJoipDAkXNfi6k18YcDCA8vMLDtnds7uCGMMf4Hkj/h/Ag0QDocngVVgrM68O2DJsqx9/bax7vf7fK2tXgCEABBvftU6vuDxMd97cXEZBFwCr8fTTCbzQKViO71J6SYJIdxYa01HRwuA123BgUAphW0b93AtSZVAIaX6qMF7RaU0WvMh4bNVSiKE/EoghEQpiTH62+qJTIzLbIzic4FypYxXdmuwEKFQyPT0dDE0NOCKVxXMiU8SB6Seooz4Run09HGa2iV+fU5Tsd+5QTqdJZ3O/vhmZ7lt5mamsaWNv22K45sdxgcn2NmLgDHm1zW7Mmwi11umFvvJoBlbaDN1/cR8IVdK3ccIHFkABA4tbnNJgFJdBC/mZS2ejNGA5uBqkwahiSbOAIKi3nEeX2wPAPNAI1AENuMb98uviwGZtIAuD3IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI/SURBVBgZpcFdaI1xHMDx7/Oc/3ms8xiZxLxcGIXF3cnN5KWUXIrc4EZcSC5QKC+1xjLKW5ELLzfIS8iNS0qUtxqllkYstllsNufsPKc9z+/3s/9q5Vb7fAIzYyKCDXvv7F6xutg2ULHYDFDFVBEVTA01xURQM0wEUWVKlA53dHQffHBm80VXbCpeyNfE4cwa/kc8XJELwEVXSS2sDJT5l8uGaeptYSRLSRLlw6LjZLmYfyWphYxyJsaJLQsZlyZ/eHejhXx9HaVywuyGOqJPR1m//wb5mlrG7TjZhReaKd5IJgyXB3l/ax+hM4ZKVWoa1vLr+1em18/lYetWvnb18OVHCU9U8ELM8IIw4OP9Q4RRQClR6tccYMmqbcxZuYdvnZ0UptTy5Nx2CnmHp5ngOVHBC4FqdYhUI+avP8a0GXNIK7+Z19iE2RGeXj5Mlma4KMRTUTxnaowJApbvvMnjR/eZNbeB022tDA4OEccxzc3N3L5X5EDLaVDGqApeqCqMC4KAVAM0HSGfj2hsbCQIAjAjF9fhchDmGKOqeC5LU7xXvS94/e0Nn8odLO1fRm1cS6FQYFJ+Eu0Dbykt7+H8szYWTl3MpuJGsjTDcyaKd/PldZJKwkDvENcuXyWnjr6ffVSrVa5cuoosqPK5/zntSTubihsxVTynqngt606RiVDuL2NqiAiqiqemOOeYPG0yURThqRme6/7SdXfX2XSziqCiiAiqiqQpqoqaYSqYGGqKqaKKd5dRgZkxESET9BfqVjgB6mRiLwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADTSURBVDjLY/j//z8DJZhhGBhw8uTJ/5RgsAF//vwhC7948QJhADkGDTEDtp9c+790ZsL/tD7//4ldXv+X7pmBagA+vOnosv+NqxP/b7ky9f+FZ7v+9+/O+h/er/u/fXHZfwaQKYRwYpfn/42XJ/zfeG3SfxDo2ZP6v39P+n/bfHniEotPteH/bVfm/EcGmy5N/W+eLUmcAZY50t+7dyX9b9+VANbcvjMB7AKgAd+JMgCosCW4R+N/764UsM0gGsQHivcQneaBijuA+BPI2VC6AyQOAPdpPzVHO/APAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJUSURBVDjLpVPfa1JRHP/Ma15JRQ3dsEAfBkoOIXqoJ3uqaOwhAgObQXuwnvw/Yhuh+LCnyNfe9jisEYI1RuFQGxv5stCciTKHzTnn7r19v8ccq1wvHTgc7j3fz6/vOWdM0zT8z9D/+WNjYyN1cnLyuN/v62kFrWIeHx/z+joUCj0aSVAoFKwEeGmz2UKyfBE9AkFVIfyRS7vdhnR6JUxffxPk8/l7DHY4HFdMJhN2vlbB6qqqQdVUItKgEFmv1xsdgYpX3G63+NHtHqFP4M+FHBGop/PO3WkRYyQBZzQYDGi32wNlRYF/6ppQ136pc7PPdcDMCoG4iA+FrRfyn2hVhDrvuWbu/9vBoFeaKGaCqcB1oT50oZ3TA93QwZBAkLCyMsjesOzg1X4C6pm6kRGG4MPDLkpftvCjvY/xcSe2y1tomto4dHeEu1QqpdVqtVa1Wn2+ubm5JAjYGoO5gaurbyHLBszNPUGn08Hkt0lcWnNiff09IpEI7ckgAnsul1sol8vOUwd8CnSZ0Grt4eHsLBYWX5CTbbhcLgQCAQYhHo9jd3dXsVgsb2Kx2DQRPBs6+JjNZm8Ui0WYzWaRLXjrNoqFPMLhMN1COw4ODtBoNJBMJrt6vT5EJR2r1SoLgmg0ejORSMxUKpUlIhA3au3DO24r5ufnwbeTB0fS6XSyJEnL/E19OBo7+xr9fv9Vr9ebDgaDl2lIRqMR9XodpVJJZPd4PJiYmOBe7ZGYLpPJfP+NwOfzSZQ5QIrLROAkkMRH3Ww2n7IgvRVWvkCRFepFgxw9+AkiS4SDy9ee+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVBgZBcFLLkNRAADQc1/fU6qkhFRMMNIQn8TUQCJWYBE2YBkWYQWMJIZmNuAXCSoGFUGIInJf33VOSAAAAIAcgLOFt3079flaEdTS50M6nT7YeggJwPFle6nhAoVhc370rnaXcwBSp62GTdxoGdPrkAPQD5OSbRFr6oLvjByA53CqY9YUvjy68YQcgELTuTd/khENbQk5ANGqFUSFnq6WW2QA5Op4VuhreJVEZACUAKiJkogMgIEKANFARAZAKQKolColMgA+f7vVkBkRSeYjvf6QAfB1cnnXNWTUhHHrXuLoESEBYO/aYjNUSqX3snk/2DjshwQAAAD4B9GUWR0G4scKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAOPSURBVDjLVdPra1t1AMbx51zS03iSNk16y0m2tF27bp0d3SodjLjqJqNl+qLDF3WDjTEsKIhQ3fCFY74Sq3ZjyFZRcVCUCd1WpYgiglXYZiudtV1vMXhJmrTpbW1zfud3yeX4Yg627x/w4XnzSLZt42EXJ99x8azoZkK0MUFbmOBgnI1SJr5TxL53PXanduGlgIVHkh4CvRPnW3lGXN3rCVcraiEyUg7lzjL8OT+Nm1PX+gLSx5Mikz0jRO7UZ13bfn4M+OCPcx1bHbU3fbqBhFjFuDkNxZax37UHX/76yZoz29Hilp4bbal1eaf+2cS/C+bRgbO7BwFAfn/8nJcJ1l/u2oq7ZgS/rN/BemYDtc4QUotxEELf1u1Db2wvL/RWlBSizu8CpaL/8Fu3vQAgW5x2N3taXVE6j2lrDlaWoUzxwsUc+Hri+nhA+WiE0UxX7RYds0kGb5GGuqDbxSza/T9AjigODZPmLESWo0h2YXfRDoxGboGm2WsZrl5qqnErIpPH/KpAZJGj0qeDUXYEAFSLsgYuZSFDQpPrSVRpAcT+imIsOvZ5tbvfoJQ3B3xO3IlYsEgOZDOHnQEHOKPVAKASatGKwtKCsPsppJJx9N3tXeNEXDp//4Urcxtj6g96fXTpPmtUIcEiedj5PLhQIShTHiyw6N+/zdxuGro3uMwpf+/sQnDg0Jp+wram5p62xp4ZajgDxnOwLBuU5OArcSCxZEJwGn0AEPrFNxM3+i7O1327fUPppsSa+dEo02fdRfAGgxN7oz9lNpYdYGk3augQdvjLEU8uY5dnfbW1tVVXpnYenT2e8p3wbWavWqFQ+CutoGAluAXHTp6EYRioLPcqsZkRSCSG08efx7aaGpSVlsAppWsSiYRDtU2i5ol1TOxvKbi1sop43saLBw/i01dexYjgeb9hyI2NjeBmEhd6P0QyuQDHE97f33y9a08sFuuSHZevLOfT5JQ0MoZ74xPQiz0AgNMLSzBNk3V2diIcDqO9vR1tbW0wTZPaYiMMAMXFxZoKAM4bA9fT4WcPe0n62lSJ1wcAlz1uyJwV9PT0QNd1AAAhBLIsqYqiDAJAIpFg0qNv7GjY1axXVX2/78CBkmBlpYLiIqRSKUQiEWiahlAohIqKCmSz2bV4PC4PDw8vPgbU19crfr+/Udf1QcMwyjRNUwDIKysrLwNIlJaWDgJwcM5zyWRymRDS8R+TYbuVB9P4ZQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC6SURBVCjPfdHhDoIgFAVg6jlq6x10vGdbrQfsR7bcskSTgE73gjAtirP5Qz/hsiNEWIuvpLUWhZCZbMQygEK31ll85rCNRPJnjQc6SosrzjgSUNiNRLLXGNATUmhQo6I3PU7YMwngSSBE4YbLeMwAmiUC3sP4Z0ekpjCbAeP/Mp60uBObAONjE+GR1RTYCbD+KL7XDMwTZvoDjL9XBC4PaGzHoNSdfWV3cUNDPVFZZbYsTiFWv8pOhb8BUJ5M7qO6PVQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLpVPPaxNBFP6SXZuYZWlsQbQhqRFsD1ahVgUPIuhBEDyKAU+ehB49FQTpQbwKggj+Cx6UgigloJQsqJcWCykppJVqTILi2iRms7szO86baVMFD4U8eMyP975vvvdmJiaEwCAWx4A2MIHpOM/+W0MUMekCQtDIpQdgjINzJqOhnDOEYQiTksfGTvWB1BMhoh3XBDQnkt0xiijGsbZW1ARkvt9WAB3UCRrEd0C7rhUlk7ZU4GkCzRwhlUojmz2DbtdFs1lBLndO7odYXV3A1NR1GIaJ9fW3cN0ttc+YjzhjYZ+ZwJub72WgJ8FnsbHhoNP5gXz+gkquVIrykBEQhvNQKpAE1BSqkzbIWq06qlUHnudicvIyLGsE9XoZtn0YExNXsL1dU7l0KB1kRpGnOquJoIKcc5TLb1TS9PQNZDKnsfToFuIrH+DXpPxhG73zl8BTPkySQfI5D1RTZmYKSloQdKTcURXbevEYhxpfcOLmLBL5k/A+LaJcKiJtSAVUm1YQYHn5+T+d7vvLJ7h4ew7J6jtg6QFSw2kcy42jUfoI0/d91dFEwvrr2vbundae+wvJI3ng2t29Fzh/FAc7ASnwZL2vVWfpdQnhy1Gol0ckpO546gC6K69gLczC9xroSoJ2y0DPGkJsP7+xVMjMD9nWvewoM834V7S/M3xuGjzsifux/X5np5Cb+/3z2x2Dx8a5IWoS9fTqInv4B7QMlwnqx2E+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALjSURBVDjLfZNfSN11FMA/3/v7ea/36prXWWirTZdlKtiC6CGi4BLVCqJB2/BFNmKMfInVQw8RK4lVD/VoEL2UWL0Za8HQJHNL5ya17lZz4aItXb957/V6r9v13t/3z+nBNBm0A4dzXs7n/FciAsCz747LgRdambyyiDOCtQ5rHc46jHE8ft8W+gd/Yrr/JcUG8dccZy3OCUb/G2hWrTWraoxgjeVWiaw569m0xYSW9qrT9NxxFB1atLarwNsBnLHcLGnu3hRDh5ZU4mseqb9Mo8xw7+Y4N0oVrL1tBbbv7PnrNMR8OpNFdkTTROpTPFU7yl01UaZ+nsMZ2/e/gPEPdh258Humbyod8Gjie/ymPUTqHqMzMsKZc1c4fynouzi4/8itABWe2hYX8drEiecE3vqx59ChrhMHt3UdhEiU8OpXDJz0vtnXkX5HJIJzgtWlTNOehasAqjLWOCeJ9q0iICKIEyLJJyCxHdF5RBfQuTS2tICgcFoTLv9JuJjtaXlFBnyTC3pdEAx6Hb21/tZuJAxwYR6ns2BLoBxVd+4k6m/CGU1h+gvy09ljxBgCUCJCYUC1Osvx6IO727x7XkTC64i5ibgSYldAeQTfTRP88AuVpbJYT+aA/qeHzftq7RLzX6paB5/HH3pjt4rV40wesSVwZTKT8yxfyvJAai+xlk5W0sP8dnLE5mcuHl7fQrJbbqh4zYguzCIKEIdCgVj+Gp3k/tReqi+PoT7rJvHHEM3bt3ii5LC/cSVC9fNVyZ0o5eOMQS9dI9rQjM4WqW5sgede++8H3m7Cc6p5HZAbaog7IeXVdVA48yG5iYlZFKdq2lr3e3UJSue+peZYL5WVgBKwXPSwHtc2XKJ5UtXuiGeOv05mbOITo3m4/T05sDQzu6u6nuVfT4/zdzlO0asiv6iYnVdWoH99iPOfqpfLC7xZztLb+ZGc2Nja1KtqcyWTHC3nil2eUb71ZF7g42eGzdF/AONCmjwFNk4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG1SURBVBgZpcG/S9RxHMfx5+dz3+LKsKxBC4KQXIvArYb+BQmuIYgGoaBJiAoiLCqwxUGwkBr7gaGOTu5NZhBkBRU3NEV2Q3d69/m+X+/6DEJcNoiPR3B3diKMjM1ePXN2+OFay3vcAQmXMBkuRy7cDLnjZphE7+7UXF39dmNhsjZdDJ8entpV7Yn9Vbajp9myKWC6aCWPrbVfbNd68sgfhZtz6UKHQBYIBCKRO3O3uHhylBOHT9G39yBFLPjb6ESdLLqLTSbj5etnZOutNlYa7s5WTEZW4E7mwMzSI340vlM/Xqe30ktZGjjg/EOlkUWTkT1ZekzFIscODfJ0cYZqZQ8YSI7jdJOJrHA5E/P32V/tY2hgiNKNA/v6WP34gXang7sIBLpJRhYl4+a52zSbLd58WmH5/TJzi/NstDew0pCcrUgii2VKZNdq12n8bPD5y1ee333Byru3BA8EAu5OtzKVZNFNbLp3+QGDA4Nk7Y1EJyXcRQiBbi6RRUlsKioF41fGyVI7IRP/I3eyMDI2O9t/9EhNZsiEmSEJSwlJyB2X4ebIhUtIZK8WJmvng7uzE5Ed+g22TgZNyTAeRAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADoSURBVBgZBcExblNBGAbA2ceegTRBuIKOgiihSZNTcC5LUHAihNJR0kGKCDcYJY6D3/77MdOinTvzAgCw8ysThIvn/VojIyMjIyPP+bS1sUQIV2s95pBDDvmbP/mdkft83tpYguZq5Jh/OeaYh+yzy8hTHvNlaxNNczm+la9OTlar1UdA/+C2A4trRCnD3jS8BB1obq2Gk6GU6QbQAS4BUaYSQAf4bhhKKTFdAzrAOwAxEUAH+KEM01SY3gM6wBsEAQB0gJ+maZoC3gI6iPYaAIBJsiRmHU0AALOeFC3aK2cWAACUXe7+AwO0lc9eTHYTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFhSURBVDjLjVJRSsNAEJ3WpkKgIA2hVIL/fngJv/3rNbyD4BU8QD57AOkBjOQCPUHIX2m1YAtCku64b5NZtnSrThhmNzvz5s1jesxMsDzPX5RSj7jrSBIPh4ONzvlpNps9m0IkwrMsW+73e/7L1us1z+fzd6kbUGdAhr0uv0hpUowPUTteWP9EvL9happGyo4BaoUyouurARDMmZ1YfFama13XpwCYD5mK2RZR192AGU1a2l4GLQAfdbSRW2aqO59lcNHXUSeVH1U7N7dFwkoAqqryA0CHh9tL20GUJuqZ+3A4pO322z+CW4QOq9WKNpuNuUdRRHEcUxAErdjnRpClQnFZlpbBbrcz76PR6ESDvo+BdE6SxDjOeoHsu3cE/BQGoCnu6uOO6NVAAMbjMem1pqIo7BjQ4VcGLsBkMjFdXRGn0+n/AMIwNA4QnyHHLJ1Hg7c0Te+ALo5Eia5rPRZS9wNIBbXTpSVpqgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLpZNLTxpRFMdd+EX8BixZ6VfxQ9imq3YzSdNVE2MNyEMYAeUNofIKEBjA8CoiM4BCgiQgaJqWtjySAc2/585iogG76eI/czN3/r9z7jnnbgDY+B8pj3w+v5nNZncEQdhLp9N8KpUqJhKJYTwel2OxmByJRIbn5+fFUCjEB4PBPZ/Pt+PxeDZVAJm5SqUCURTRarVUNZtNdd1oNFCtVkHBEA6H4XK5OBWQyWQwnU4xHA7RbrdRr9eVn8vlsiK2ZnC2NxqNMB6PcXZ2BhVAacu3t7eYTCYQbr4jIP2ErzWHt/0I780jnOIUjsoDYlcDjH//UYAOh0NWAXTmbTrzUmpew3bRA196gONqAndrARfJevkLXzJ9fI5dwxkvwG63L09OTrZVABMVTBuNRpfVegPWlIRPvhI+nF7gHZ/FG4sAzl2AP1V8YX4BYKJKa6nSy8srEZakiPeneby1CvjoKeJrurRiXgEwUZu0fr9/+a16iVStC9/FNSLCevNaAJPX69W63e6nxWKhdIfMT+vMrwKYnE6nl7WtVCqB53nbPyfxuSjyFvV4l9pU6Xa7yOVysFgsebPZvGs0GrdeBdBoami6ioFAADQXoPHFYDBQ3lQXUHFxfHwMnU5XPDw81KwAyPxDkiTIsozZbIa7uztFDHJ/f698Y3vJZBIHBwejFQClzbFIhUIBnU4H/X4f8/lcUa/XQ61WU+7A0dER9vf3ubU1sNlsGqvVylGqWZPJ1DEYDNDr9SztLqWdpcgcmTXPPX8BpLUNr3FYePgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKzSURBVBgZBcFfqN5zHADg5/P9/d53/87OmdnU2jIttiGJEZO1SSh2YcWFXHCBEpIibsiVO3GhlhIXascF7maoiY200iSbIYZxmv3/55yd877v7/vxPJGZ7nplz6MLxuc9XMIGzEeAQAZZjWr9/eyp3B3nz7ywd/vWAUBkpntf+2bv+89suLqUWJI0EoBMSCf+G9rx3Vn/Hpmb+enAz0u/3r51DlooTazrt82Sg8c1JYIgK11Wo1G6OOxsuWqxW9a29tUTC7OuP7P56Z2XfPXWfXMFImIsM5t+U/QKbdAUmiCCIlCtGO/bevMKV1w5b0E7vug9KJAEFJSgRCgRSoQSoTTh6OmLVo8NXbM0PL7xUk2veRBagEzahhAyQu2SEtqGfha/nUqDOlLrwKY180RbRtBCJok2ipQSUUIgK9kUetXS39421h12sW4hVoECiYoISoQSoUSIDL0m9EoYO/KB1Uv/tmbzI5z+zFo/FChQR2RSkchMpFIoEeb/87FV7Zcm1t1k+q9degtWemr1F/1dz655qIVaU2aSpAQggd65703cep9u5qD5y1aZ7f6xesu1yszx7S10lS7JSgWQoCbD/krDM38qzUlRpvXHTzI747+jc00LdZRqple/HwipBplh5ewhD3rHxKKhOppV6lnKYjkc+HHysF9/OfVEC6NRp+tYMd5z42VFTZYd2+ny6Q+t3bhRDj4X3QUHPh0YTs9Z0g9vTj0wnJx8abKF0Vyto1pz0Ilvpzo10mPnPrF+0x0GJ7dr2wk/ftn5qPeks9ff443bSz343Ldz0MJwtju2qN8se/G6waLMLJL2h0Y0U5p5yx36YkZv3ZNevu1+Eer8frnQjeoUtBCRr9/9/J5tEXFDyoWwbXm/vfuPfc350yPvHr5zdGj/4s7kbpitte5vix3wP04jPQSDxpk/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLvZPZLkNhFIV75zjvYm7VGFNCqoZUJ+roKUUpjRuqp61Wq0NKDMelGGqOxBSUIBKXWtWGZxAvobr8lWjChRgSF//dv9be+9trCwAI/vIE/26gXmviW5bqnb8yUK028qZjPfoPWEj4Ku5HBspgAz941IXZeze8N1bottSo8BTZviVWrEh546EO03EXpuJOdG63otJbjBKHkEp/Ml6yNYYzpuezWL4s5VMtT8acCMQcb5XL3eJE8VgBlR7BeMGW9Z4yT9y1CeyucuhdTGDxfftaBO7G4L+zg91UocxVmCiy51NpiP3n2treUPujL8xhOjYOzZYsQWANyRYlU4Y9Br6oHd5bDh0bCpSOixJiWx71YY09J5pM/WEbzFcDmHvwwBu2wnikg+lEj4mwBe5bC5h1OUqcwpdC60dxegRmR06TyjCF9G9z+qM2uCJmuMJmaNZaUrCSIi6X+jJIBBYtW5Cge7cd7sgoHDfDaAvKQGAlRZYc6ltJlMxX03UzlaRlBdQrzSCwksLRbOpHUSb7pcsnxCCwngvM2Rm/ugUCi84fycr4l2t8Bb6iqTxSCgNIAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLpZLfT1JhGMfduqu7/giv+wsk5mKGB53UBHHiDzjQkQjhmJyT6OiQBhommKJLaVrLZcPWpi3To0KspiSYv8AL160XOVy5uVrz23lPV0225rp49j77Ps/zed5937cIQNH/REFRyHBb3rXb6FhlT+58bJk5E0DIuC8Kaxwmd0cxkRtGW9L+9cw38Ky4jiZyEUQ2gnAtM4v/BPjWedxNt6Ez1Yr2FSe4D46T8WwEY9sDuLVAHza/bTqwztbnTa9r8wUBXmn4+e5jPMuNYCI7jPHsEKLbgxjdGsDw54cYXH+AR5keGGM6FAR0pFg8lYbJ1vspHu73DNgEDWfcLJ1WOJctEqAXhhfXCgMkp+FO2tG14pG3uuI0HMtNuLlYD0asg2XegP6MH/ZZC7TjFCrGyqAeuYJTJjpEC0Y2+mFfakCzaMSNhVqY52vQ+K4ajiUavZ98CKwK8K96oRpSngbY5kwIp3rADJngCwiIRqPgfW40TOphmzWhs7tD1roCXbju1aKkpOSCPCg5DclpcGIL7H4GoVAI+/v72NvbQzweh8ffjs4+D3ZyO7KWTCblHoqiemQAGR6UTGp94gDLuZDe3ISVp0FpKNA0jXA4DJ7n5by8vPyXXq9/QyAsyx7KAHrGiJBkUllLKYR7ggzQRilcLlVAFEWk02kkEgnEYjEoFIrvlZWV5wlAEIRjGdD4yoC+tW7QvQ1g7MwfgFY7p1Qqf6pUKlRVVclBcqKRGgFYrda8DKh7WY2aSS0q+q+iwqBBoC9wMjU1dTA9PY1IJAKnU/qdHCfnRCO1YDCY12g02b9eobi4+Jx0xUtqtfqL2Ww+stlsx1L80Ol0RilKpfwb0UiN9JDe3w8qq6SmnYkEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLpZLfT1JhGMfduqu7/giv+wsk5mKGB53UBHHiDzjQkQjhmJyT6OiQBhommKJLaVrLZcPWpi3To0KspiSYv8AL160XOVy5uVrz23lPV0225rp49j77Ps/zed5937cIQNH/REFRyHBb3rXb6FhlT+58bJk5E0DIuC8Kaxwmd0cxkRtGW9L+9cw38Ky4jiZyEUQ2gnAtM4v/BPjWedxNt6Ez1Yr2FSe4D46T8WwEY9sDuLVAHza/bTqwztbnTa9r8wUBXmn4+e5jPMuNYCI7jPHsEKLbgxjdGsDw54cYXH+AR5keGGM6FAR0pFg8lYbJ1vspHu73DNgEDWfcLJ1WOJctEqAXhhfXCgMkp+FO2tG14pG3uuI0HMtNuLlYD0asg2XegP6MH/ZZC7TjFCrGyqAeuYJTJjpEC0Y2+mFfakCzaMSNhVqY52vQ+K4ajiUavZ98CKwK8K96oRpSngbY5kwIp3rADJngCwiIRqPgfW40TOphmzWhs7tD1roCXbju1aKkpOSCPCg5DclpcGIL7H4GoVAI+/v72NvbQzweh8ffjs4+D3ZyO7KWTCblHoqiemQAGR6UTGp94gDLuZDe3ISVp0FpKNA0jXA4DJ7n5by8vPyXXq9/QyAsyx7KAHrGiJBkUllLKYR7ggzQRilcLlVAFEWk02kkEgnEYjEoFIrvlZWV5wlAEIRjGdD4yoC+tW7QvQ1g7MwfgFY7p1Qqf6pUKlRVVclBcqKRGgFYrda8DKh7WY2aSS0q+q+iwqBBoC9wMjU1dTA9PY1IJAKnU/qdHCfnRCO1YDCY12g02b9eobi4+Jx0xUtqtfqL2Ww+stlsx1L80Ol0RilKpfwb0UiN9JDe3w8qq6SmnYkEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZM7aBRhEMd/3+7t7W7OmJjnxRjDKUYNnPEJHjZqo4WIEAQhFhY+asVGsLIUbGwVRMFGfKDpRWzEqCEKIko0GlQ0MV4e5u5279sZi+AjRh0Yhml+zPznP+Zy/+A5EdNXiiWILAtD57deCgKPS4f3bTwOkBI1B/ds62gOgsAY4/K/qAgktsrNu8OHgDlAKRLf9wNz5V6RChPMmJfkWscIvSmsCl+nQ54P11Gja0nRyMn9ORIx5gc0FVtwHBfHQOx8Itc0hp9+x1Q0g00sKd9nRUcbI28y1KebEJk/VQpAAMcxRDpO2isyWZ4iSirE1mJ1Ft/3mY1CGkMHRecJ8wtgDGqFKKlSsRHlakQslkQAU0UlIeUYVOer6gCozgECmpmZzaB4RJIQ2QRj0rRUXI6tGiXjlUHNPwCOYZHbzodPrVQmFlGjDdSaBkyxgbzOsKZrO93+/QWXcfR3gNfC0nADxaEi9ukIDL0lP/mF3MqdLG7bwDJ9gJ1+vVBEVXg5cZREhESErmicQkcn6oJTE1PbVE8yfYdl6/oYH76GYe8vgKpigN1zxgLAzU9Smv1C5v1dsvkDUBlk4Optth45xbvRBzT4OQ82z61g/uLXJKxHPJfMkhXULikh0QiokHx7RG77Cdqn+4OB84VaACfwzBRSpad1Kz3ZAuuyBfItm6kbfUj98vVI6RkqZTb1rkbijwTBKzq7dzg2io8DmIu3Bs+KmkKcaP7Hidui++ktnRJmu0KSbwOoxjy58YJNvWsxbh2Eu3h88fSYiuwwfxoDYOB84X2+72q767xFbfGPFR3ccDWfnw/xqv/M9dTfvs5GcTB4obesoqjIb6k/KyKoavY7re8z/KbjU2AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLjdJZSNMBHAfw1UMPhfTUQ5bgkfWQSodmYplroiAkXkvXcnOVipqsWhLKXEvnUEHUOecU72tec8vEVgQamUfeUzzThcc2QUqd+09b+u0pMxTz4fv04/d5+PIlASAdFG6wJWsk3351ofoMZstszKVs22I/V9tjf+4HPrN9z1I0lTZbizWnsTsFsXbZhwKKmadEi03O0KoiQHRnQit3x6LMCqP5dj8OBUiCT2bqhlRY/SyBeagchk4JFgZb0ZZyWXMoIND3buRY1bPtteFGbI03wTiqhK5dhGSGp3xfIJJsz8pj3V4VhZEhCaeYo0Mc+0QvYn/q5BzMv34FXXMSOqSP4RRxsdUl3uHEPwDT/Rwlj+W1lU0nY3dKstjILRAgQ8yFMtcf4y001CjC4ci7UHaJc/74DpAVcqWjMNofTfyHGKvhoppDhSiMAmmUF0qHuGh5Q8VyDxtmQw/mP9xHRhUNbtEukh1AHGLXMN0m21OYLJEMueoelj6GwbxSiZVRPpa7eJioCMBQmsf/C0tPCUanwg+b3+uwoeVhQ1+IlWEeiDk+pqSef4GjV3MSxAlxewpzoD5HRYkP1mfSQXyLgWmOA0LDBDFFRT/fzUQCQDriXvsokNNvaNcDwno5kkpkiBeVobZtAL3VUVDLQw1rkwwQ034wzdBhnKCin+9kqgi1ppFsfKVUKrvF2Dy+BcEYEPEFYLQDwvoWfCoLBzFXAOPXIBCT3ujLdl0fTHHRqwXX9DKGdRAAEkktcP7V15gLjkIHpgpgKrdBl22jqy4GG9pyrKmvgxjzwYD4Bgrodg9UQZYW7Qwri50haXJuaRtTn4LG60bke4D1FmAogS4FG5tLQhgn76A7xwO9wpvYb62kycoot9bkwERXapXS+UkvyDw1yLwRpKW+RHdRAN4Jvc1FcV4Ns6U0+n7Ab/dSu26WPRQHAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPY/jPgB8yUEtBeUL5+ZL/Be+z61PXJ7yPnB8sgGFCcX3m/6z9IFbE/JD/XucxFOTWp/5PBivwr/f77/gfQ0F6ffz/aKACXwG3+27/LeZjKEioj/wffN+n3vW8y3+z/Vh8EVEf/N8LLGEy3+K/2nl5ATQF/vW+/x3BCrQF1P7r/hcvQFPgVg+0GWq0zH/N/wL1aAps6x3+64M9J12g8p//PZcCigKbBJP1uvvV9sv3S/YL7+ft51SgelzghgBKWvx6E5D1XwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFmSURBVBgZBcHPa85xAAfw1/Psy9bEFE+MgwyzrLS4KqUQRauVODohB/+As7OzGilZrpQki4OLgyiEImFWmqb5sfZ4vt/P2+vVitn+nMyZMpZdKeV1PpTpMjvZALQe7clMZ+9mawyKJb99sfA0p6e+AR4+/pySJEmSJOnlRe7cjIhoZ3wTAICtyjGAqojvBvRbJZYt+maHAqAqovLTiqj90lWJAqCK6DOgUumpBTPqDkBVRK2n1tJ477tRI+LKoe71pQdXz7eLaNRqjcaCA2LEqLHZY9uac8cHqyJ6ehp9Gpux5LEB+zSGbtxfbhdFrdaIuzYa9spFnYW3y1tMnL2QdmNRRz/4a1HXBvN60vttzry+qTdfJ9urh3WsM+GHrvWe5V/G1zXuTy8cbsWt7eVymWoPDaq9c9Anu634aMS0uaoVwLW19c66PL/05+zQif33fnh5unt7+dGToyIiIiIiTuVIIiL+A271xrBxnHZ+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLhZP9S1NRHIf3D+gfURRhL2gFFQYFiSkEIkZFI8kfyjIUNNFCrOnMFxKJMTfCKNEl5AxUVCx1bm6NdMMkx97ci5vTjTn3otvdy9326dxbiinRhQ/n3MN9nnO+557DAcDZH7VanSuXy4VTU1OL4+Pjm8PDw4HBwUGTRCIRf+wXXz34/V5Ho9FkEFhE4ITT6YTf78f29jYikQhCoRAMBj3E3a/otyJ+v1DQnvmX4A88abVakU6nEY1GwUgcDgd8Ph+SySTSSQo0ZYJ8egCvO+qV7W2NmXsCZmYGTiQSYB6apsG8WywWBINBVhqnNhAL65GKreDrRC+aX1b2swICXyTLToXDYRbY2dlhJevr6zAajWDGk0kakZAR8bCBXUWCpKb6Uar26ZNcDoFFa2trYGIymViIqZkRud1uth+PhYhAR0An6W+RFcahVCpRXl4u4mRnZ+N/qbh/BZMfShDZ9rLiQCAAm82GsrKyJVag0+lgNpuhUqnQ19fHQkzrcrlgNi5DN/EAWytS2Ba6Ybfbsbq6Co/HAy6X62MFDLwLMRImzBiTlppr2DRIQIct0I/chVY7i3mdBUbHBopLbm0dEjDZhc3LKmgGihDbHENsowt+6zgWx+qh0jvwRWtEQdFN/aESdkU5OUQ8y4fPNITYWjPm2s8hsTWEH+/zMK8exTvpBApuFPX8cxNLiy/APtOAuLcPlKUMc205iDrqEbRNYKH3NvILC1N5+dcvsQdJIBCIFAoFPEHyK9d/Qm/XYklaigDZuOhqLSLmO7+zco+U8gYOhQDC6lzt3kns7OzM4Lc2T38alcDmNUD3TQjHXBfiHjE7e2SFS0o4y7aUrQKUewQK/mmvoulk1t5l4vF4Gc8a6noeVz2k1d15oHxWxP0ziHnJHnil+/IZ9I4Oru8SyBqOSzkHr2dVVeVlRcf5qKI1JyVvyU7Lms6kZbxTKdmLLFrWeCJGIGrm+TFqpv4oNV13RPkLngD4bMIOcuMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLhZP9S1NRHIf3D+gfURRhL2gFFQYFiSkEIkZFI8kfyjIUNNFCrOnMFxKJMTfCKNEl5AxUVCx1bm6NdMMkx97ci5vTjTn3otvdy9326dxbiinRhQ/n3MN9nnO+557DAcDZH7VanSuXy4VTU1OL4+Pjm8PDw4HBwUGTRCIRf+wXXz34/V5Ho9FkEFhE4ITT6YTf78f29jYikQhCoRAMBj3E3a/otyJ+v1DQnvmX4A88abVakU6nEY1GwUgcDgd8Ph+SySTSSQo0ZYJ8egCvO+qV7W2NmXsCZmYGTiQSYB6apsG8WywWBINBVhqnNhAL65GKreDrRC+aX1b2swICXyTLToXDYRbY2dlhJevr6zAajWDGk0kakZAR8bCBXUWCpKb6Uar26ZNcDoFFa2trYGIymViIqZkRud1uth+PhYhAR0An6W+RFcahVCpRXl4u4mRnZ+N/qbh/BZMfShDZ9rLiQCAAm82GsrKyJVag0+lgNpuhUqnQ19fHQkzrcrlgNi5DN/EAWytS2Ba6Ybfbsbq6Co/HAy6X62MFDLwLMRImzBiTlppr2DRIQIct0I/chVY7i3mdBUbHBopLbm0dEjDZhc3LKmgGihDbHENsowt+6zgWx+qh0jvwRWtEQdFN/aESdkU5OUQ8y4fPNITYWjPm2s8hsTWEH+/zMK8exTvpBApuFPX8cxNLiy/APtOAuLcPlKUMc205iDrqEbRNYKH3NvILC1N5+dcvsQdJIBCIFAoFPEHyK9d/Qm/XYklaigDZuOhqLSLmO7+zco+U8gYOhQDC6lzt3kns7OzM4Lc2T38alcDmNUD3TQjHXBfiHjE7e2SFS0o4y7aUrQKUewQK/mmvoulk1t5l4vF4Gc8a6noeVz2k1d15oHxWxP0ziHnJHnil+/IZ9I4Oru8SyBqOSzkHr2dVVeVlRcf5qKI1JyVvyU7Lms6kZbxTKdmLLFrWeCJGIGrm+TFqpv4oNV13RPkLngD4bMIOcuMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEMSURBVDjL3ZLBSgJRFIYvtO0BfIPeI3qBNj2Cy1rWzlWbkcBNYhC0TletJKOFq1lIILhQJCywaDZOkINiGl/n3DNj6LaF4MDHGebc/5tz544D3H9w2yAI3LkQp7UgREJRSIS+0BJqwr6QTzkWulqdD09juD3Ah5PI7r8TiPvw0YJeDUq7cJ83NDzqwmUOFUyYT/ASfasGm6d4kQo1OB3JszN4fTDujuBrqP2hW4baVxbMBIuZTfAeQucGxm/w+WzB6AleGipo/Am06hTrEwQupLhjwkFdtlOFnzlc72n/cFWgQb3WJ8i22a7A44mtCfQQ7BSyL6617BtWZ+kphMKFlwSusrJmW/7ETQt+AQhq/TxibW0lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLjZJLTBNRGIUxbeOGNLrSaFxgdOnGrS4MijtWLkjcysLEuNEoqDG4IDIpNCUlLVLbQFrsI0Dpg0IfIzYiCyRQA2mb0tQG6QOqbemkFanY438nofFBCJPczOTOfGfOOfdvANBw2PJ4PHKXy+V3OBzcxMSE9N/3R4EDk5OT5fHxccFms3Fms1l6JIGpqSm50+lkcGVzcxPlchkE75pMJm5kZOT4oQL7sN1ur2QyGdAzKAIEQcDw8PAvvV7vHhoakh0o4Ha75fQxvw8z0GKxgOKgWCyKTggWtFotNzAwID0QprIq6XQaZJ/ZBjnCcjwNlScMx+I6NBpNTa1WB1Uq1Yk6TGXJCeCpLBEmBxgdHQWJIp/PQ+OLov31Ah6alvEllQHBQl9f39UDYXIAKkvMnsvlEAwG8S1fwDNbCLb3Ubj4OfT29lY5jmsWBehv/NjYWHVrawskAqPRKGZnMIljdnYWyWQS4VgCb5w8g3cJvlwvkWC/1WqtpVIpxONx+P1+EWYOpqenkUgksKTrwrvb58E3y+C9Kcv4WiSddQFqWVhZWcH29jbW1tYQi8VEB6z5SCSCj6+e49OjK9jxKFGLeFGxPsDivUt7/uvS+6IAlZWdn5/HzMwMCoUCotGoKBIOhxEKheC7dRbfCYa6Feg4CbxswlfFNfhuSD6LAjRZpwwGQzUQCIhHx1ovlUpYXV0Fz/Oi7dqSHX9exa7TtC+t1Y9Rp9M1Dg4O5lhmdoQst9frBZW1Q5mzZcMdgKAfjxtQoLV+VwLqIfXXINFkNfb392dZflZgT0/PTnd394W5tjMvFtov/sx0NCH3RIZE+zG8bZXueVskT/8bZaVS2ahQKLIECwze3//Qdq6T/phktum+wWC2/xtU6N71e0LFhAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVBgZpcHLThNhGIDh9/vn7/RApwc5VCmFWBPi1mvwAlx7BW69Afeu3bozcSE7E02ILjCRhRrds8AEbKVS2gIdSjvTmf+TYqLu+zyiqszDMCf75PnnnVwhuNcLpwsXk8Q4BYeSOsWpkqrinJI6JXVK6lSRdDq9PO+19vb37XK13Hj0YLMUTVVyWY//Cf8IVwQEGEeJN47S1YdPo4npDpNmnDh5udOh1YsZRcph39EaONpnjs65oxsqvZEyTaHdj3n2psPpKDLBcuOOGUWpZDOG+q0S7751ObuYUisJGQ98T/Ct4Fuo5IX+MGZr95jKjRKLlSxXxFxOEmaaN4us1Upsf+1yGk5ZKhp8C74H5ZwwCGO2drssLZZo1ouIcs2MJikz1oPmapHlaoFXH1oMwphyTghyQj+MefG+RblcoLlaJG/5y4zGCTMikEwTctaxXq/w9kuXdm9Cuzfh9acujXqFwE8xmuBb/hCwl1GKAnGccDwIadQCfD9DZ5Dj494QA2w2qtQW84wmMZ1eyFI1QBVQwV5GiaZOpdsPaSwH5HMZULi9UmB9pYAAouBQbMHHrgQcnQwZV/KgTu1o8PMgipONu2t5KeaNiEkxgAiICDMCCFeEK5aNauAOfoXx8KR9ZOOLk8P7j7er2WBhwWY9sdbDeIJnwBjBWBBAhGsCmiZxPD4/7Z98b/0QVWUehjkZ5vQb/Un5e/DIsVsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLxZM7S0NBEIW/fWCnQgyIT0QQDKJBFBRbsRCt/Ae3VRs7wVpIY6WxkqTXxgek8IGIIQRsYjR2SkhAMJoipDAkXNfi6k18YcDCA8vMLDtnds7uCGMMf4Hkj/h/Ag0QDocngVVgrM68O2DJsqx9/bax7vf7fK2tXgCEABBvftU6vuDxMd97cXEZBFwCr8fTTCbzQKViO71J6SYJIdxYa01HRwuA123BgUAphW0b93AtSZVAIaX6qMF7RaU0WvMh4bNVSiKE/EoghEQpiTH62+qJTIzLbIzic4FypYxXdmuwEKFQyPT0dDE0NOCKVxXMiU8SB6Seooz4Run09HGa2iV+fU5Tsd+5QTqdJZ3O/vhmZ7lt5mamsaWNv22K45sdxgcn2NmLgDHm1zW7Mmwi11umFvvJoBlbaDN1/cR8IVdK3ccIHFkABA4tbnNJgFJdBC/mZS2ejNGA5uBqkwahiSbOAIKi3nEeX2wPAPNAI1AENuMb98uviwGZtIAuD3IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGBSURBVDjLY/j//z8DJZhhcBoQMuUBJxCzkWxAeXl5PYiOm/toTtDEB0U5OTkCqamp/XFxcfvDwsISYOpsbGwUjI2N12tpaQUgazYoKSn5D8QJgRPuqdevf/nKp+MOf3R0tEJISMh/Ly+vBGTL1NXVC1BcADQgobi4eH5ubu59ED9o4r05Hs23WkBsd3f3+XZ2dudhalVUVBxkZGQUUAwoLCx0ADpZAejk/0AnB7g13JTOX/z4lW3pVWmgkw0sLCz+A53sAFIrKSkZgBIG+fn5AZmZmQIgNtDJ+4ODg/eD2Pbl19odK65Ogzp5v7y8/HxxcXEFAQEBBxQD0tPTAxISEhwiIiIcAgICEry9vf8DnexgnnNJKHbGvVcGyedVgE5OUFZW/s/HxzcfJRaATnYAOtkBWRDo5PvAUAa7Qj/xfIV1waUVIDY3N/d9NjY2lMAEObkA6GS4nywtLRUMDAzqgU6uBzrZQTv2DKdX442r6uGnhVhYWAoYGBgEhkBSpqsBAOTifxrCztZUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMPSURBVDjLpZPba5tlAMZ/75cvadOmzdI2jTNp03TDJM457fAwmYeLyUBU2EBRmBfzwgvFK/0DBBF2oxc68MKK4EAKiqBUGV60qY4yWbVh2cza0nXFmqQ5NS1pvuP7fl50ThG88vkDngM/HuF5Hv9H+un3vtuXGArN9fcEEngCPIX0PKTjYFkOjuNgmxaWZeEaFtI0sA2TVm2rtF68eUJPDvcVjh0aSaRiAwCo242k8lDK2zOTCqk8pJRI5eFIya/53wZy1k5Rjw/2JqI9PpbXK7hS8kvhFo8ezXBlcZkH7hvFdRSL126RzY5x6VKBkbFhpFTckwgTvWt/RBdiL9XvEzTbio4r6Eg/zY7DzOUVpFQoT8MmiCUCNOo7JBMRXKUQQiDeuTDvaa6BpjyE5uPYRJotO4BU6vYMcKXCVYqknCVRmcYXOsxufY4vF+PoP19ffyUT9c4Nhnt90Wgi5gsERWmlSKnSwHYlriuRUpHuX+RQWhI8fIZw6kFaa2lO1ie3xV8Y3/hg+otH7k+9nBlPEg71kB7W7qDqlL/HaF6hLzxBc3WJ8OABAn3DFGc/N3WAF979ZjQbD5+KRQexJYS6/uZs1n/Eal4mMn4SqzxFoEewnr+BY9oN02g/pj311pQwmq2vMqlYN0IHodHfLfaSN3MYlYuEDzyDWfoE4d/CH+rD61T48Ifg1ENvfr2s5d5/yctkU0cj+yKUWw5SKYJ+QaX4LTu/XyR88HnMPz5G8zvYO2OU5vLMhl5nxUgdB9ABTFtp5XqL1fIupjVEfmaSE2Mlsk8+h12ZxBfwMLeTlOYW+Mw8i7QFmrajA2gAruPgSIXtumwuXODpZA1JnHLhIxQmu804a7mrnN86w8ZuD7om0AOBg/9oYGMYNiNDXeyv57j3+KcsTb3N8k/zdI0eYbdRphB9jaG7h4koRadt4No2dwzW8tdudKq1jL+7l0ytin19mtSRx9muNVhdWGIm8CrV1Rp4myilMNttqhsb5wHEv+/84hMDxsR4TH84m8LzW/NGtXb22XNXb/7Xnf8EvI+SIusIR2cAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZM7aFRRFEXXffPyJokzmkSFWBiJiGBEDH5io8QmIIqFojbaaGkZSBVtbAOCpZU2IhhRLJSAEFELISIpRBB/wxgwakYnn5d5n3vvORZCjB8sdJeHw2Jzzt5GVfkfhb8O3ANTUmVQhQMi9KmCChMijKlwsXxY4+X7ZrkD98D0q3DFdA11m7Y+NOoA9WhSw9cnyV6PVEQ43X5EH/4GcOPmiLb13wo6T6Ktq/CNl0j2BXUpmGaC5k0YG5C9HyX79PDo2hN6ewlgx02HKtXCtuslCebxaQXsAuIy1KffIaKYYheF4jbmnpyJRdiw7qR+DQBUGAw2DJc0Askq4BYZv1MDycHnPLoPYmPc/HN89pbWLcMl8QwCBAAiHDLte5C0groEFcv+gy2oWNRb9vXHqGSojXGzzwjbNiOeQ0tfEKGH4kokmeVT9SstLdAUOUJy1OXYzJIuepJFWN1RAzK8p3sJoEKiLo3wjpmpORoLOXnqsVawVaEUBuAD4kTZe8qCKiIUfjjwVLBJL0T07G5HXYa6hM+VmNl3RdYYg00MU/UEE7QiPsRmvFl+g7u2NomJulAB9TnqLFGzJ2ukaJLjFhIkbBCu3E5Sq2Jz7v4AeC41XlyIcWWCaD2oQSWjvMrRtGWetzN1qvNzrD/ciRa3M/34QmwzLv0UpJkb5li4dmC0uesoFBZw9af45APqUkxYplDuxbOR+st71F+NHd8xrDd/i/L0NTMgnssreoa6o9VbCZoCEIfLPIvTr/j4ZKTiLGd3ntOxP3YBYOqqKYlnSIQD3tPncnCWCWcZc5aRXef/UqZ/0TcrHX7i2ZbMyQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLhZNPTBNBFMa/3e0/ty1tiZUChkZAESnGA54k4WRATQxJL2piYpR4UBNvnrwZPXjwiiHRBCVBUMJJ0UrlYtJEjI2JBCkEbLGhWGxh2+5u6W7XmY1LCkJ8ybcz+2bm9968mWE0TUM4HLaS9jzRxXK5fJS0h4lIt/yNtAukfUIU7u3tVbHDmMnJyWNk0rDX6z3u8/lgt9vB8zwoeGNjA7lcDolEAul0+iPxXQgGg8lthFAoNBWPx2k4bS8rlUpaNBrVRkZGBim4Uiz5tNXU1OB/Vl9fDxLkzE6/iTh10urqKmw2G6xWK8xms+4TRRGZTAbJZBJNTU0UgD0BJpMJ2WwWsizr/4qiQBAEFItFfYz6dgOwxl44jtMzcDgc8Hg8cLvdejEtFgtYlkVZVdFQnLInXnVPz/cHrm0BjAxoRFIsXSqZTGX4aL+0MI62didf13Ovw9kcePjlwZGebVswFlDRbPRFf4Gu/DQc3nm4Wk6jEJ+A2dlS7W4ojk3cbuzbAlRGNwBGBryyBFf7OajiDGz7D0JWf6K26wSvFLL9OoDKiG4AKzMT1SqUsj/Acmtg2AIsVWuALCK/UuRMdAI9KnITkUqlIEnSVoUt8jICmMK+WlJEJUMKtk6q5oRW2sT3F3PyzJxwnWZwJRKJjLa2ttr9fr9+DxiGgbj4Frz0Hgc6OqFthsCoOcy8FiRTbkXgyHhsUbh5eXhpjKFpDg0NHSKgu0RBcmQuenxt2jgaO7uxudZP7oELsx/y0udI6pZfll7a7By6BhM5/TFRQKUNDAw4SS2az/rePKvrPBVQ1iOYffc7/zX668bVp/PP/3mNOwGGfXp08r6j2tMnZgpSLJa+c+lxbHS3eX8A58zTPyvL4X4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHsSURBVDjLtZPpTlpRFIV5Dt7AOESr1kYNThGnSomIihPoNVi5Qp3RgBgvEERpRW1BRBAcMEDUtIkdjKk4otK0Jdr2vgxZ3kA0MYoaG3+cX2evb529zt4sAKz/OawnASgCBNm5LaE7vjVDutkA4mMdLV4TkvcCuvba2Iqd1pDhWA33mQU+2oXVv07YfpoxuNWFuqVXoeqFCnZcgJwRm04p+Gk3Fs9t8PyZx/K5Hfbf03CGLRj62g2+rSR0K0D+vZXUB1Xw/ou5usJWjAaU0Gz3w/rjHey/ZjDLvKTD34KSyXzyBkC2JaYd4feMqyNa3OQTREQePlXjrqSq5ssj5hMjTMd66ALDKDLm0jcA0s+NID6JIFmvQaNXANEKX3l5x7NyqTcb7Zg8GYtCOLoXuPcbha6XV0VlU4WUzE9gPKjF2CGFbE3G3QAmafDnShETF3iKTZyIblcNza4Syi/deD6USscFCJwV6Fwn8NonQak5Hy1L9TAcjkJ/oAG1p0a1hYdnfcnkrQCBoxyyNYLp1YCJoB7GIwqGgxGod/oZsQoNDiHSepNCceeAN8uF1CvGxJE25rofc+3blKPqQ2VUnKxIYN85yty3eWh216LeKUTOSCayVGlIH0g5S+1JJB+8Cxxt1rWkH7WNTNIPAlwA9Gm7OcXUHxUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALrSURBVDjLbZJZSFRhGIYNRyK6iC7aLiK8qG4MifZuylxaVOymjZQKDYbEJE1nskITEpeCFAy98KIJl8LUyn0Hzd3EbVKcxlnOuMyZcUads4xzznn7Z4JJzQMv3+E/3/t87/n4fQD4rBdjqIlmNOV1zHSJYXk0n7MPZvK27lSrtSNhdKlLkbG53/vC6qoPsNovDTzVAJelF8LqL4icHhJvgGCfAj9bD2tLPBaqb2ot7YqADQBG/22nY0Y1sEZ3QXQaiHTEPAmRHYHg6CfqJWdqSGs0VgbegVIFWxfblfu8AIe6KIc31pIGE0R+hlQKkmAHJKdHkmAjsDG4lmsB0Qrz93hQn27XewHLw9mUyzZGemfIpFlILgsxLXmMHrlo8k1HAI1EFeBNg9AUnOW8gKUfz50iOwuB6YPADpP4ahJ7HMLKCDEMkB10w7XSDN78HpwpCaLDgKmc45IXYGlPNDoX+8n0CXDGF2RCFmxf78NWJ4etNhaWsghwVCYYzR2s0bngDIOYzjvxL4GlU5lt68sjcS3g9AqYiwPB6lOInoLRyklNxlzWDqxOhkGSNDB9ToS2OKLDC7D3ZMgW6+RTqxOlZIEa0B/Oesws9QiMIQasLgkL+XshMp1Y/lkJdcZRnqpKPLzhHtBtysD5ymh6dbwM9qqHfwFkstvM6p5gOuM0eu4eQuslGVqubrc0hfoqNwDcMjelnNSWP5ifKwkD1x4Oce4yRFMQ9PnnMJp8BlzdW0jqRjAVSRiMPyY0B8sSfDZfzY7y1+GFr2LXPhamoSj3PN6kn0LNtV1giRkFkYBiN5DlDzr3IppCfLX/Adx6qZAbVKVlUKkqUFRcQmL7QRquwvrHlr7f/TvSlgDF43s9La2tMJtpDA0Noz5qDxwlsQAx8ak+WCLSy31B9kBtCWgpz465cf0KExoaIgUFXZCyowJc/XFHxDmFP8zP/PA7bhvaImVCY6hv2paArdR966CSTJx1xybV6Da7z/8A2VoHSyUsj6sAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKtSURBVDjLlZJvaNV1FMY/vz/3zrt77xjs7s7mVZNS3HAuFIWwXpRWexEYDANFKQpfyagE8Q8iUfinKHwTFL0wzBcWMWjpCxWJJQ6hHGOSNtzcTYmma7ipu97tfs85X1+s1DcmHnjgcB54zsNzTnDkzPge79ms3gpmhhqIGaqGmkfUHoKi4lGz3/ZuXLgSIDbvO9pXZnM8QX34/dDS//pYzXIAXcOHERNEBWeCU4czoTFTIFedpy6V48TVn9jSsgvntOohAQ/AhuZ3H7v5+JVOvuz7BCdreSCgBsDRs6P3hw21SZLZv+gdP0Hx1gAiijhlTrpASe5wu/pb4DMAQvlXAGD9C3miwDN/3ii/jneRiVKsbmxjzdw2Xl3QxuJcE00Nzcyum2btV68NAcRODfOeOILOc6NEUcjp4R6qqaa+Kk//jT6Gx67gKo5CzVxEhMGi0tVx8lmAUNXwQBwFtD+fJw7h77uX6L/Rx7HLP1KZCjn0xnccebOTcmkaK0ckJzfx8oFVqfsOvEEcwvHef4giePvpj8jMiggCuHmnwtDIXUSNFDk+eGUnW4b6+HlHTxkgdGJ470lE8PryembFAQvyKeprkuSySeqySX648DmLCxn2t39MGISkq+IHVxCbCTEKA073jwEwOFIim4JEmGDfqe1MTE5weaQEwKddHfx+/Tyt74sXJ1dDEZnJIIQ1rTniCBY+lWZ2bZqD3buZsttECeWdr19i0xcvUmKCDe3rWLFsGa4iJ2cy8J4l8zKM3CzzTEOK4vVJdh17i9psDa2LWlBTlixqRr1iXhksDvPLmZ5eFT0abD106aw4fa6ilnaiOFFUDKdGIvsNUWoCEeXiwB9IRRCnhDSOlaf+XFc8fK0b7/3/Yvm2lu6l7zVdeBQfPu7/K9NutavIwKP4e594fYOHzxflAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHvSURBVDjLjZI/aFNRFMZ/Ly+GlCYlaMF/1D+4FQRJREigk7OiIAguHSwUkrkgLhVcpIurQjdBcLAITi4FETpIAw46CGIHJ0tFamlt3rvnfA7Ji2kTwQOXe4b7/c73HW4kCYCnc+engU8M1/b88kaFf1T05O65KvAAuFY6epw79xfZ3XoPwPjkFZ4t3uP37i+A58DK/PLGy0FAHli5euPmmbFSmfTrByRhnV0AJDFzcYrcyQtIuvXm1evrwBDg7FhpgmRnk+CBjRePQQLEltoIsb/5jeLk6QJQOBwhD4AbCoFc5QRuAckP5tzfI9neG7mDPIDc8RDwtIOnnZ6D/6seIOCW9ie7Ij7+mGDfYlB3F4oKfD8yTavVWnJ3zAwz+9wDGB5SsICbkYQc8dgkt+cekiTJ4aELkojjOG02m0t9ACFF5ig4bsLN6XQ6rK2toYFIWV+v1wkh8NeBOR4cD4ZbhJkBUK1WDwizXtIgwPHUUHAUDLcc3hO02+2+eBBSr9cxsy6gO70L8CwChqSRDrLqO8CEp97bgSGL8CgAsL6+PiSURKPR6Dt4lybJzPipKeRC7uRTiH+WkUStVhsSZ3cGePR2dbUMXMoeGXl2KpcpFotEUTTyA8VxjJkRjco2OzubM7MFMzvW+zD94+6D58sfRXpka4kRkDcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZJvSBNhHMdlwV4n9CIsCAxaEEQEvSh6ExQEva1eFBFY2YuQ/pERUUZUkiihy47U9WdlrWSzoqW1rW6ZbrY/zoazOXfX7hZe3jZm2+12h+Pb3YpgtUXWiw88bz6f5/d7eKoAVP0PPw9Oal7zZlombGGJHQzlCs+D2UL/2Bzb50kRD0Z4zR8DpCK/jsikj5FAJWQwKQlMUsLUlzwcE2ncJmfILjurqRhwRGTCy+TBpmSEZkT4mRw8sRwCbA7RWQnWsQT0L2iiYuDlpMhSvFSUvYr4/pMANyVgOCp8DzECWp9E2IoBdd+YMrIqj9ICXIr8bjoL6cJ5zB9tgHygDuLO3chu2465DZuQWrU2VRKw+NMFOiHBrcgjyq1Diuycyhblrw87kb7bjmR3G3h9M7jWi0jUrERJwOROsJM/xn8byYJUZMfHDDLHT/56c1GerV4ulgSMQxwxEEgizOWLu6uyLZQpxj7ERRhsNDquG0T7pR26sm/Q7YhrbgzGSMsoB19MQPCziHEFdzSDnlc02k0uTFiuwHpuC99/eqOu7Ee69iyqabGEicuPQmxTb7Bw9k6g0Njji7fojZTXeAqcpw/++40wHVvH3zuyWvdboBIDTVu1T89sNg8TBxF3GuC6WQ/DoRX8XwdUHp9Yr+1tWGO2t+1C1HoVxP6lWFBA5VZ9rbarbpnZcLgW+r3VzQsOqHTuW7KoY8/imrKP+K98A227/eEeskW1AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHnSURBVDjLfVI9bxpBEJ1DKMeHkRUbCWIlSuE0KamuIVUKp4pSuI9cWPwFKhcoBRWlFTBtKij8CyIRIUWWUCQXprdEQcBCCtwdHPtxmVm8aM9HMtLT7e3OvHnzdq0wDEHHhy8/wrOPb+Dn/QwkD0EIqSARnEsoHx/C5bdfMLg8tXRNEoyQQoCUIXD2WMg3X8E34ETKhVkSJdh2Y2JTZBRvCZ8QJCIK8NDzGRzlbGBrEcGr/TS4foBE/1UgaqP7h4v3b/fgpPAMLMmA4Th+IOFP4MH3u9/UpPZPgq+fX4+8FXNfvni+pxRJCdrk1WoFbH7rvjuyR2aNpROGw6HDOb8uFArFxWIBy+VSERASiQTYtq3Q6/XGQRB8qlQqNxEPGGPVfD5fnM/n4Pu+mlWoW5F0Bq7rqv1SqVRENdWYiZhUJjXUGZVsuxM0med5kM1mARWUYx6s1+sDStbFpgfm/6MfB7sItsnm9+magAri7wA3Z9pQPbuWr9eWZSmFlLuLoE/zk9O6qwnaS6fTMJlMSG0/RoBz1QeDwTiVSkEmk4l4QJ3JvGQyCd1ud4wE9dg7oGi32+eopOY4TjGXy6k9rWY6nUKn0xnjbV00m82rnQQUjUbDQZIqdinTzZC5WDRD9BH1Vqt1Y+b/BXpYxDgsNaz2AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLTdJNaFxVGMbx/znnzkwm05lJ0xlm7FeIbW3UxDotVoOEFkTMotKFK+mmOxfdRMWFggutOxGquHOnBFw4CIq0WEEsihJNBEWKUmuTYMjXJPM9c8+957wubNM88G5/8Dy8SkQAuFhdPg1ceXBoYLIbebqRJ/KeXuwbQAvYBBywDdSAT4CvA+7Gx/GTJ8p7Jl89U2R3Otbnu9bnt/vuoI2gFTrubLa5+nfnWWBmN1DKJRUAy3VHQikCBSaAVEJzOKUxWpMwUDmYZn8+M/zR3Mp7+h7goiiXCSD20LKKRgT1EBr9/6/Wg/W2A+D12SUmRzOMFxLFYBcwnE1qOiF0+g6tFQFgDGgDBoVR4AHlmvx0e5uFpcbKfcDaUj5taPRiuqGgtWA0aKcwGgyCMYAY1poh71+/1QQu7lSIrR0p5RI0+kIMWAHrFNaBavxCZukdbNjCC7iEI7Z2tHrpiev3N7DhSDmfomMFpcEohQaM75GrVSmWJkhvfIkIxGGIs6ED0ADTl6+lcXEyldBYBxoBPIInvX2V4VKF3AMVzNo3dGp/0u5049ja5g4Qh7aYUqDvjoSAApLhCgOrX5EtDOGaX1B+9EXWfptFbH/92pvTsgM4Gw4GeAINRitQGgRSq1VKx89Df4G5j2fZM9Sjt/wjj6d+796rrqdmZguxtZdPjx1mtSncWXNstRyu9ivDqk52bxcf/gPice2fGT37Cs9kvy/PfTCZBTAHTp57Xpx7rWejxK0NxeJqndv/1ji28SFHTkxh/AISb7H/kQLiuyQHU6STx5P1xfn+oadf+i5wUXTy/NnH0m9ceGrn/zf++Jze1gSD2U1cuwbKMF+9yakXHsb3/6L40HMs3ogu3Xh7/DNTnpg+ujefOVdrRSytd1hv9mn/8BajZ15GBwaVOIQeGONAZQo9MIZKHiHIHCOZPZrZvPltSVUuXCkAM8AIsA/Y9+74p6eMRFq8KPGCeA/iwYN3sWhxVnnnRWT+P1A8aPl/RBTPAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEsSURBVDjLY/j//z8DJZhhmBuQvdj8a+p8w//xc3U5yTIgeb7h18bNUf/DZ2j8958qz0nQgPyltv9zF5v/TV9o/Ddxrv7fmvWh/1ednvi/ZLX/f9d+8b+23YI8eA0AOvn/hnPT/q89OwWsccXpCf8n7Cn5v/B41/+MpW7/TdvZ/+o2M/LjNADoZLDmvl35/zt3ZP9v3Zb2v2Fz4v+mren/Zxxq/h+zwOa/aj3DH5wGRM/W/L/y1IT/S0/0/l94rOv/vKMdQEOy/k8/1PQ/banHf8VahlfSlQwGOA0InK74z3Oi9D/nftF/1t38/+LmW/2fdrDhf9Jit//ytQzPJSsZtEiKBe1mxq/xC53/y1czPAFqVic5GoFO/ipXzfxftJJBkeyUKFzOwDm48wIAh5XH+g7drOwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF5SURBVDjLpZMxa5RBEIafvdu7RPCMhYLBxCoiaqO/IHZWNvkBooh1WrHUwk4s0sTGQrsQwf9gK1gpQoJoY++d5Ludd2YtvlwuaWLODAyzsPu88zLMplorp4n85t3W5vLS4sPc6/VqgMKxIiRRJEoRxYzx2NpajFKMvaaxH993X+flpcXHl169SAv3P/Gge42Nm2//2TUlOH/ubO/p85eXc879dHF1lfmrXe50bgNwfeXKsQJfd37S7XZw95TNxa+7a8Aa94BxKXz+sgOA5JgJuWNyJEfe1m+7gUvkGsGtGyv/NcDt9x8uZCkA2GvGM8Fn5ueIGmR3B2Cu3z/yoNbaJpWI9uwR1NreAXgEuZhmAicJEO5kk2YGD5qFTx1EjRODk4gIsu0LuMeJwSMCxexgIIfhduPSsQI1gjwajYZN0wx+D/8QEfsC00kfdjMxVKn0cwcPV1p/8mx9MFh4BJ1BcU23T0JmyA1JuBlyx2WEO2Y2jPCP6bTf+S96U2WlbWXHPgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIqSURBVDjLjZPNi1JRGMan/ooWDbSKNq2sgZqh0UgqKVoOU7OooEWLgZi+JIaYGolaRAS60JXuxJWoIC6E0KAgAzGbCqpFmua393qv9+PoPJ33THPHcYy68HDPvee8v/e8zznvFIApEn8Octm4Zv6hQ1z7rbgRgE3X9S5jbDgYDDBJfB5er/flKGQUMEPBiqJAVVVLkiSh0+mgVqsJSLVahc/nsyDbwfsIQAs0TYNhGNDevIX29BnUxx50u13U63UB6Pf7oCR+v38LMg6gYCOdhnb1GgaeVajnL0CWZTQajT0lCU/GAea379AWFsHu3kJ/4TLUO/etUprNpthJpVL5C4Ax6I/WwVbvoe9+AMazMvrHzSMI7YT8aLVakwHs8xdoS1eguC7CeJUBa3fEwkKhgEwmI+pP8/Ly+fxkgP78BZj7NgYP3ZDn7FDXPGJhKpVCuVwW/tA7HA7vBawdPrJEmZl7hQc7IJ2YtwCxWEyUIgzmCgaDuwF157kDlVOnC+bKMmS7E8a79zA3PsEs/0Q8Hkc2m4VpmkLkB5URjUa3AMpZ1+uew/lVmnMw/cZ1qOtPrGOirKVSCclk0gKQQqGQOFYB6NnPKPKsfdNYvgnJdQnsV23XWRMkkUig3W6LMSkQCOyUIJ+ch3R8Fj+O2j6YHzc2J/VAsVgUEBpHIhHkcjkaDy0P/hh5jBuk0sQ4gO4AXSIa09b595Cv7YnuHQFME+Q/2nlb1PrTvwGo2K3gWVH3FgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJVSURBVDjLlZPbS5NhHMd3tbvyov6HIJRuhKAFgRci5GXYVQkG0c6HJGvD1FVMjdxC22wlQ9iG7uBh0rtDmxtb77vFoh2c7KgMtiGbU9xdgezb3hf0Ii3cxZfngef5fn6H5/ewALD+Vv8Upeh7HfzdM+pb4QwT7PPunOg8M7tlPh63JtE/4UM3f7WnLUDL3NE7vgmFKYbeF050Di3dbQvQSrvjzogTIm0Yt0WrePp25VNbAHcgrLopXMOgyo/uR8v4bAnAbrdLLwSIRCLK1HYaHKEdnQ9MuHZ/Edv5MpYcHljc1K9Fgvo+uxqanLYEr5wBhMNhZTqdRr1ex6jOBz8VxzONC+VyGQcHB5g3rcFGZWH+lscrc9ArWdjseqzzXWLMFEWdmnO5HEwbEYzpvmKZ+IFKpYJSqQS/3w/l+4XmlCXYnHGmMfTBOzyg9lxmkSQ5RpsbjQYKhQKy2Syz7u/vM0Z6T5+73W44nU7IlOrmS9tPPJn3VfsmXVdZLfKbra0tVKtV7O7uYmdnh8mEBtCwVCqFRCIBgiCg0Wggk8ko7sdNCMwJ3JogRpgSHA6HOhqN4ujoCIeHh6jVashkMkgmk4jH4wgEApibm4NUKqVEIhH74awXrfSPbyi+dJ020Wg0vguFQtjb20M+n2eixmIxBqDX6+nIpFAoZMb63owHHCXhOvOMWq1W7fF4UCwWQZdFN9RqtdKRSYFAcPonrj/fGPznIKlUKvX6+jrTfZvNBolEQvL5fPaFJ5GWXC5XGwwGiMViksfjtfcbT9Rq1gCXy/2vmdYfaGviUGKvapgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJaSURBVDjLpZM7aFRREIa/u7mbNW5IjEQ3WQlBIkaLiBYWvkBi7H0EDGgjaiNY+uoECwlop2glWGknNnZBIRKCZMWooCz4Im6uya5iNnsf555z5lishYVKwCmH4Zv//5nxnHP8T/l/al66X3VWhNSAtUJqBGWEe2f7vBUBVCrs3bIaI4I4MNbxaKa+cgWxFlIrVJcM2jo621poxLJyQBgbUiMkWjDWofwMy7H5M8BdPt9MUQSnDU4boo0XUakj0Q5thFVZSz2x/1BwYARE8KzFs5blWUEZR6ws2kJb1lH/mwWnDZ4x8KIERsO27TTilEQLUdq0kLR6mFj/BaDSJkAloA1ow5JyKC3EStDW0Z4TJBTOTZx0OjWkqUYnGqU0viSKjDGQKNCaJIoohDN45a/sKqyl/GmRSIZpTVN6ZjZRXF9ksbaI35Pj6dJjfIl/bVYKrRQPXr/h0JZ+jh07QRiGDAx8YWLyGQf7YPTwKFk/SxAElEolzDvwJUogTSGOmap95/1AF0eHh7lw9Q7fPpco9vYwNDSEDgNuXL9BEAR0b17H6SOn+Dj3Ad9FMfyyMFtfJt/R0Qxn63Eab6cYGxujq6uLRqNBtVrl5u1b9O1szqzpWIMvUQxaw+499Lx6zXQQALD88i4ZTxgfHyefzzcPLAzJ4KGfR9AHc5UveFdGrjnRBqcMdfWDSqHCjv37KBY30NmeYWFhgXK5TC6Xo7+/n0KhQD1MmK9UeDI5jff7Ow8ODrb09vYO5fP5h8VicV0ul2sBMrVa7QxQ6e7ufghklVJ2fn6+Gobh4Z8+rmPjNq74hgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVDjLY/j//z8DJZiBagb8y8/+D8NgsVXF/+EYyP9wNf0/DA9SAygOgwuvN/2HYRA/4EzufxgG8RM2vP4Pw4PUAIrDIKJqw38YBvFvzr77H4bBaso3/ofjwWnAwGcmcjEAc0v+JGPFQvwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLjZPPS1RRFMc/9703ao40jqbkj9EkjKBFQdaioiCKskVLqXWBJFTQIqJFhYsIgoRctG3TPxCIoFCiCZERUisXplLa+IPUkcZ57/44LUanMYX6ci/ncjn3c865514lIkxMTIhzDucc1lqstRhjCrZ4aq0LtqOjQwUA1lrq6xtZyWRABPIDRBBARAprREgmK+nv7wOgAFhZXeXW81H+R087jxFF0R+AMWYjJDSmmqgoLyFVE6esNCCnBW0c2oIVeP9hHHFCGIYAeABa63yagFKKbM6QXsmRDS0iYKwQGUdo8j4ibM1Aa43bzE8plFKsZQ1OQirjMYLAx3OCbACcuO0AcXmEKoKsR5ZIO+LlJfi+h6fyMcTtAKCoBKVUHgKIUmRDi/Ikvw+4v0uIogjP9wCYmZ76Zxf8wN8OKIkFPLl+BGuFWCzGwvw88YrdiAjLy0skvw6THXmF/jFD+mEtDWX7twCeDQ29PVP0yqq01m8aGhquGWPwhl+O1ZRn2o5fvaFKWw6x/nmAxMigGzwXu6k221esnp6e28aYyydPnT6bSCSZvHtCznfdV7smh2D2HSQqWQqa+TQwMhUUH+zt7a3RWi+0th6gqnoPRkM6vUg8l1Fle1vg0p2Cb/CoDt+pfVsAYRi2pVIp2tsvYoxBRBARxmrryI73EX/dRbieJgusZXysz9y2Erq7uz9qrY8W/8CDq1847H+juVoTeN9ZWzRMz/tW5+TBjnewk0avNN379XOu07eq2foyK/DiwoB5/BuCJmv1SL6PpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLpVNLTxNRGOUH+Av6O2Dp0oVdGEE37EzcmHShiRoCMWqDJiQSI6QjREtAHilQU0lQ3hawjEUM2pZSOn1QHi0M0GmdDp2+oMf5LnSsj503OZubc853vu9+twZATTUudcGgoU6DUUPjOYznd4Y/+dXCCxpqW97JJsfnXW7ZE+bX1jcknz8gLa0G+dHFGNdkT5mIQ9zfDM7FF4dde2bfRlQQkzIUtYjSaZkhky0gcZCCe9Uv9M5EzcStmFQMaknsD24quXwJdNTCCVJKEZKG4/wJu1PUApZWvIp1MkQmtcyA+qLYVLkiPpILOPhRgJg+w146j0Qqr5vMzLuFO0MitWMggzoHv8NRbDo9c3Fcf+rSce3JIkND6wJaBkOME4ztw2Jf5khLBkb39xBPPVNUEjnXJL1qXMphN5nDrCeJBrMTcraEw7SKvpH3PGnJoNG7ti7RsJKZIjOoFsYOVNzu2cD6roL6xx/ZXaF0iiHbiERaZuDx+ZkB9U5x57xJRozsZ5m4/tEs3rpFZrB9lNNSFNHXP6gbGD99DfBpJY+MWkLX9A4u3xtlxIGFBBNffTiNKw8mcP9NkL1MOJ6GxWrTW6izOSPcdiKJchlMuHWosuhRUcWzsRgz8MQyCCWyKJ6UMf8lAHP3hD5Ew93hI5PTtSJIco5NmYQEaiG8l0WbYxPfojIrENGqd74aEG52h8+esbJIljGfeXzWpYipY0ZMH5f0NLRMVDkcT6HDOqw0WyZ/LVL1KrfbVswD9nFh2RvBtiizmVDPgS0JUy4f2i29QlPnh79Xufoz3erZMrW+nuKed/Xzlpfd0otOTmrrsPLNHQ7uBhf892f6n+/8E/bIBuJgfmmXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLpZNLSJRRFMd/M9/okF86IONzClciCRNGZS/BFoIa9BBDrSSC0F2rIFxZUAaDrWrXoggEqVBxHRSmofighUk2jEXjPBxHRbQv1O8+Wozo2MrowuFy7uH+z+/+OdehteZ/lgugZ3i1U2vapFaHlFJIBUIppFRIpRFSpYVECo1UaqKrtbTSBaC0vtNYme39l84PXoeO7hBIpbwAg99fIZRASIGtBLa0d3cpdmodZ7qwbelOE0j5cL389r66WxsCW8hdD6RUAPSOLO5L4NKJXLbSBcS2AMC1qnzefErQdK5g56xvLEHj6d18aW1jL4EtFUprXAb0jS5iGE76xxZxOMG5fWlwfBG0JsMFR3xZbNl/PUEDLsNBQ2Ueg+NJLlfm7yFIz0OxNYRQewm0ApcTBkYjRL5NEhiaI9+bS3Qhic9fQ++HX8yN9eMr9LK8vMKBdQ/V1R1mSkAotNY4tWB19h16fZ1bN1uxLItIJMLo+Ec82SbNV69gGAbxeJzMqSlWcnLup0xUKZzQzCTxYIjmG9d48vQ5s9MTFBUW4vf7Cf/8QXf3BPGFBY4dP0VtzXnC4XC7E0AIgQbCoRk8OQcBeNR5D2HbtLS0UFVVRX19PXV1dQjbpqm1HQCPx+Pe9UBryksPM/15MjWqDx8jhCAQCGCaZmqALAulFD0vnnHxQi3RaHTDobXm7suvI8KWFavJeXPty1vOnqyg2OcjK9NJIpEgGAzidrspKSmhoKCA35uKWHTeHh56P+dI/85lZWVGUVGR3zTNgeLi4jy3220AzqWlpTYg6vV6B4CMzc1NGYvFkpZlNfwBMWlOUI5ySkcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpZNPSFRRFMa/NzPaPNSpsDQVF4JUi3YtomW0MBCchbSxhS3chAS6mJpFBYmugpjSRS5cWAQFSUmBGIYiCbYYbOyfOAqKgwgqRNF79953zzktxoEspyAvnM095/zOdy/fcUQE+zmhYomOl23J9mcXw/8N0J5u8z09+C+AU3hC58Tl+kDbVqODpkCb09UVNUeNMciuLt0b757q+ivgyuv2s4EOrteW1cZj0YOIlrpw4ECRxvsvGWSXlvpme9M39gKEN84s1xtt+o5XnojXHapDAAsWxpa3BUcc5NZz2NzYfLf+NV567lQs+8cfKN+0HnNr4pVlR6CshlYai6tZGN8inZnD4kJ2YO7ux2sAUjef5NzfARHlqabyynIoq/DN+47x6fE1rYKRQJvzRgfpD/cXrgIAszSySAJAz24Fnr7wNjOD529eYGxyDL6nR2Z7093KN0+1CjoKhcwMIk4mhlcadkkQkaLxYNJvGJjwRkUEiYcr0v8qJ11Dy6O/1uzpg6Fp5Q5OqVuW5JMlaQEAIoYbBg6XhVs6BxebixppaFo1W8Z8VYVz+2R1xLWU94klxg9FiIYBaznV0f/ZBYBIoXF4RjdYklTMdVoqDjgoCQOBFRDn89YyfMMgZlTFShrXtv0EgJ7I41njWpKEJUlWx0JueakDQwITACQAcV4BEUGZEAqKiDh56U7mUcSSzFuSRsvA6jbBksBSfjKxYKcflhgr2wpMvHMvLrOknP2u80/X2WfmmbX8IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVDjLpZO9apRREIafDVuIhMjGhPwJukashNjoNdgIqQQbG8U7ECy0i4UXIMQLEKxtrCwsRMRKbBSCoBhQwRjwZ3e/M/O+FufbTYRYZWA45wznnXk4Z6Zjm8PYFIe0LsDDG/1pm03jy5gpAzbIxga3q2wMv2Q/uPXo8wZAZ/P6qVmbrd7iyd7cUh86HWhFMvvcpKBE4fv2B358+7Rx+/H23a7Nq+PL/d7c8ipf3r+kjH6jhDSkTAjCRoISZmbhNDMLq4S4c+/K8rmu8fzahYu8fvaEwc+dKm5FIZMJIVMSIsXu1ltmhw1nzq6x8/XjeteG+ZVF1q/dRKMhVqBInElG4igoApXxPlEJpo4t8eaF6drgEIPdd6j5g0KoqCYpSRShkq0LlZps+ugJZOjWxxEuSQ6zVohETZIh1LTiNqYQGTVmtwQqiUZBjgKVICfVsj0Ll7GwpYvcI1AkOSyUYTkQN4twCjWB0jgryYTAjYhRkIPyH1zVilETOV19QlCSHAQ5bA7GTaEUDuFxZ9EmsCGLOLJyvv5AGmvvstVWlGt/7zNjOvevrjy1uST90+8Hz4HBVYkrwfPOYcf5L9lR/9+EMK8xAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMZSURBVBgZBcFLaFxVHMDh3zn33Dt38poknTSJTVva1LaKxpQ07UJLKlQRTYVUcKNCwWUtCuJWXLkQxIVCl1kIIaCCG0GwXdgkamJS0hLHWs2znbym05m8JjP3nnv+fp8SEQBe+fT21XRT6h2t6ANCQAGgAFEgDuvcfLkot9R26ZOxG4MRgBIRAF7/fGLs2+t9z2itmgU8BAAARACEwm7MyHSZ9ZVaJTd3v3X8xmDNAABoT50KjNf81yaeVgoUiINEHNYK+3HCxacbOX/SMOkKdeJOlwY++KnFAAAotdQ0/PuEV4qeUE0snvg0+Yfp6XqD+rAdjQIcnU0Bg/2d/BKspxfW6oeViHDlm9euvvTsueGXT14Ev5WNSsjufo2NJzkWV6c4f+x9WjPddDc7GtMeKd9QqUa8+9WM9f5sGLsw0Nv33atnLnmSbqa8H7ARBcwXfKCF57sCbt0d5anMc1RshpVywmIx4njW5/vJtUh3tmc/7j/WG/yjEwqR5b8tw9/5mIe1efIHbpNvzHO64yCTuR9IBR5h4BEGPoIGpdGHs50XSiZiubKK5xqYXdwlCUvsHv2NOTPN1KMchw50UCwv4BtN4HmkjMYBImAC46fL1RLFxGeiuEdp2yMIY1pSLxBtHmX/8R/ICUecRPieAgFBkThIHJjt3Z3iKcKuOtvB0rrD+S0s5QP2ZqAuzNLeukZlfwctKZQojAYHhD4kVtC55fkfo60qtfI4qdQKKooIwibCjCXVPMXxTI2Zfx9wpK0XAZyAAL6nsZHFFFe3vvx58tc3L53tP1Jo81mq1YicQRpX6c4+pFaGO/kM2Z63mZuNcQDASIdPXHOY8S+mls5e7728+djMDvR56kRDiE0CGrOWuwtFVosHeevyZ6TSGURABO5tWsQJcdViAKa/nr137sPR6nbhQfrm8ijOWYyfhvoXOdTzHnPlOlTZ4gREK7RTGKOcTZw1AAAublv/aGgouxdLvYhoBBwAkEk7AEQg7SuUwvme2kmsyysRAaD/2s1rNpYhpdQZQeoAABAQQBAAEACqzrk7Gkb+B+5ReIstDYkxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHlSURBVDjLpVPLShxBFD3T3WOUUUGYByhkI+50o6Bmo3ErAVG3Qvb5giyThets8gmC+DYQzEaGBMUnBhQRJAEXQuZJ8Mlodz28t6rbGY2b4IXqU1XcOvfc01UxrTWeEx5/ptbOssQzILVylVKQChCMkucagrA6JKTQtK+uJyc6Gg2B0npwvLfJ+Z/KH2Z+J+4VEJs5nFh4B3BLUhCrBILAzv1bmvvAbWD2rt9nCSRqCCIfCFtTdFjYoUVIwgQ0BJEc5UxmIGoJuGkTMeBPiQ4qq4R8MEpkhJSSyZhMPyQA/4XP33L6qhLoKGbW8wZnNwoG5zftennLYum8ot9+2uWpVRBQBTISc5tFsBmu62BxqwjPBb7sFNFQ52DlZwnxOOFeAe3pevihB07UArvguTGMv0rDo92x/jQoHyO9aZM43J2y2GNbEEJVCVgBt80Hv+5RJdLFFR0nZpAjwqXtQmh3LQGxcT9xkvymJ/WwIiEridajfVZB4oVXJeBbx+FSxdX98oOK2YMyAoV/lER/zrP9COsB0Q11JfH9sIzXnUn8IBwkfBzHp+dUrOYtGA+ohc6Xjcj9raA904CT/BXaWupM8lOhwssXXiR98XH6V7NPRHzDeEjyJTCPRzxJcHZ5kzdX77nP+Q6ZHT+VaotBJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLjZPfS1NhGMfPXfh3OG/E/yBImNkqrYGCzAthh+WNgXihwQYb2CoYukGwsdRLoYUWQbRAhqzc2Q91IrrVhlhLqznL5Tyb23m3s317z1szBzM68Lk47/N9Pud5XjgcAK7OVfM7/a2piE87HalRoLVHStrp1VKvLVi7fE9wns/WaXi58UgoH4kl/CxIyOZ/cyRKSKRFmF/tw/B4p3jl7utLFwp6baHiySnBxheZUkHkM8HKrgSpUsVGWsaDN/tQG/1PLxT02EIlRbBJBZtfZaztlSF8JEgdFqBMdnh8im7LSqWpYHJysqXHFiS5AkGMfi12UP0zRRm+D6fwxvPI0dWu3Q8QvV7f0iCgzQZKnl4WjqkgcVDDeyrYpqLoXoWtsbxTpLUyrlsFDA4O5vv7+w1MQBu7Z2dnEY1GcXsqjCwVJDM1JCixb1Vs0VXCdIoAXSVLBTcfhhEIBDA+Pg6NRtOtCLbpg0wmA7PZ/F8oWUEQMDAwsKsIiCzLUFhfX4coiv8kFAqhnh8bG6txFosFhBDG4uIiUqkUEzVDqc3Pz5/leZ4HZzKZkEgkGG63G8lkEn6/vylKxuFwnOU7OzvBTUxMwOfzMex2O+LxOJaWlpoSi8VgtVrP8u3t7eDoHvB6vQyXywV6Jwyj0YjR0VE2Zl9fH7q6uqBWq9lZPd/W1gZuZGSk6vF42IHSuPD8JZbfBpvybOEFOjo6WHZubg6tra3gDAbDzNDQ0LZOpwPvCqNYIjg6IfhBOcxJSGdL2PtewKeMiKJUBu8MQ6VSKc1bFFPDv8C7ItXhJ2sYdv/lDmOVodR4Z6R6vucXuxIEyKz+W40AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMOSURBVDjLVZNNaBxlAIafb+ab2Z3N7Oxv/nYTEyv2LzQJpKBgrQqNUKmY4kUIXqUHT70p9iB48CKIiN5E0It6KFiwiv9FpAVpKUggNc3mZ7vpJpv9n93ZnZ35PNRI+8B7e9/n9gqlFAeIVUfPeN3zh0R0eVpYM1OanhvTCEY0f3tU79+ctnpfHM73fuQhxIHAWHnmkOGXPjgZyS09l5hnNv4YOdMhoQmigzqGt4nhfeub1fpnVsl/e+hMv/q/QKy+Me0EO5dfso/OvzB8grgV4HGXJC7jwAQ2oxxDuC36xZ+Rhe+v6iutZf2iqklReNe0tPSHZ2Nz84ujR7ht3iJKjcexiOIQI8SiixxcR7QtRORFlK7O9t0rlyy4KBEj5+YisVeez85wy9zGIUeGDDYhDhYOITYuoh2BvTJ68y7B0GnCym8XGq+KL2U0MrE8Z2SRVhqdPmlCsvgk8RlCkgAivRbUNKj1YPMeeu4wcnjRql7/+jVpyvxsPjbK3whi5LEAB0WWgBRgqwAaFah04X4V7puwdwddz+FXjJMSbXI8aSTYCgU2oKMwEdgCEoDhug/G5SjsmFDUoV+DXJ7BnpiUVCNBaJqEXfDVfwG6CjoKnF4crZGCVvNBug0IPXzPZOCnAunfk8W6ro7H2gK3A02gGoDeA1MDGx2nkYG6C24bvDaMSzq7ZfxBsiC7O+aNDaWOn0oLfl0HMwDlQRCAHYUkEGvFkLsp2G9Bo0n41AiNG6sMBvY1yZr6/JsV//XZZ3WZaEp2t6DvgWFA1QRHQbwjSDeTUGvCiSPU1ovU/typQPIrTV0yrrl3vE+/+8XlaCIgq8H+BtSLUN2C2ibsl8ArR+HYGE0rwvbvRTr96HsL6od1CUDDf+enK92JwT+982cWEswvRmiug6qAr0E4AV4uoFXosnV1g8bN5kcp7E8eOZOYKtmUqm/ZiDdfPhV3Zp6IM5k0SIUBstwmXKvCX5UdM6y9n2b34wV1IXxEcEBU3J4dprU0zODpjFBTIyoIxgjXxlB/PIl1eUmdLjzc/xceOVXddrB6BQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJHSURBVDjLfZJPa1NREMV/972ksYmx0bbUpzS1ValpKVQohgguRLuxIBRBcKMbwS/g2l026jfQpWtTcCEFN+Kii0AoSFNpQUirlFprXmybNi/v3nHxYv6Q6oFhLsydc+aeO+rWs8UX08nYkx7bigOIAGIQEcQImCCLMRgjFEuVt+9fzt+jgdC10fjT00PnAQukdbkra0H7PhcOardpQwgBRIEECjSUxAiiTaCsWyQ9Fqc6CB5dP8P4+DCfVnYZONVDtabb66SG4ywWfjCfcQBYWVEddUtEANjYOeTVYql5/hurm3vklrZY3dwj8EjofEIDNyb7AYhGbKIRm+RgL1++7bOxc8h8xuHnb4/joIrFoqRSKQCWl5epVCpEo1Fs2z62QUSoVqu1Uqn0oVAoPA8dbb9DTrwBI5TLs6TTaUKhEEop/gXP8yKO44waYx6HRPvQcL+vr49wOIy3vo4sLCC1GlYqhT19EWKrUPsKGKzIBM7Q7MTIyMhl++Gd/rM7h87M1i8bFbvCoFKobBZrdxe7XMZaW4OPS+iMjSVV0DVU/Tth26dcG7JVu6uFQkEmNjYglwtW0hgwhr25S8SvHoAyIBrEx05k+Lw9idVlkueB1uD7zYjnivh1C0w9CF0PyNu/sUkwNobSuqmO1uynz3HSPgDjNxp9IFi4rgnCU1N4yWRrAq2JztyEiANiAAO9w6iBue4JXNelrjXRbBY5OkI8DxWPE2zE3dbyKIXnebiu20mQz+cfGGNeJxKJmGVZ/A+u65LP5+//AbkTRxnEop0TAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ4SURBVDjLpZNdaM1xGMc//5fDZqTZ2c6Y9mIkmZelll2hlCVF3FDKlZRyQWJXmsKNCzeLcqdE5D0mL/M2s6HlJSlhs2Rv51iYOZ3z+/2ex8X/zHZJfvX0/J6b7+/zfH/P46kq/3NCgNNt3w6ost2pzBYRnIAVwTnBiWKdTAiHs4oTeX5467y6EEBUd22qmxb/l5ebzn1Y/IfAicQBCi7uBFVwFsSBMdE9mwGThYwBYxhtvIcxbvIEgTEfFGYVg9go1OZEMmAyYLPwth8AY924B85JTsCDviSoRCQiEYkby0AiAUA2J4Cq0nyzX3+mjZ5pG1RV1XOPB1RV9fyTqL7QEdVXOqOc/J7Wbceeq6pGBMYJokoYwMWOIYLA51LnEGEAV58N0T54iEdXBBUh1tXEgrIpZE1E4I+1oEAYeGyqLyH0YePyEmI+rK8rwfcC5lfPxfcD1i5LRF9rZdwD4wQVCH243pXkWeooT1sUVSV8sR/f94i13KHh1Utam0+iRaUsKVwH1OcErKCqxAJoqC2mowXmVFTS3fuJhtpi8p6WUTTcxbyte5lctZD069tMb2vlzurYLh+iqQMIfI+7r1IA9PT24uFx73WKzP0TzF2xgbyPD/BObWFK92WqKgpRT3eHANbayAMfVi2KEwb7WFkT5+GbFCtq4rR+/UxeaRWs3TO+A00zCcSrHPdAlZryqfQPp6lO5NMz8JOywkm8+/wdnZHg18sbFFzbSSY9wC9g5EeAC+jLDZK2Hzz7fmnWSYGxDmMdzgrGCdZZ6ks3MrXzFhUz8gmDGCNJS8+gr4oc9/52nds3lzeODvftCJxX4QL9onBizW175DdAmHVGgBeCfwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVDjLfZPNTxNRFMXnX3DhxkRN48aEf8CkYaFGAy7cKImRCAv8iInGnSDGhSFEsJqoUWxABGNQ0zZFGrWRfqS1rf2ype1MC5FaytBmirWK1M7YTofjm0GaUAqLt7lzz++ce98bKh6Pg2EYxGIxRKNRRCIRhMNhhEIhBIPB3QConQ5F0zQkSdpyMpmMAvH5fDtCKNlZFrAsqzin0+kaRK6RFHC73dtCKDmy3Cy7yYVAIBAqFosQRVGpy0Cv1wuHw9EQQsmuG41EXCaRWUEQkCuKsC2tJ0mlUnC5XLDZbFsglOy8EblarUIWfy9JuDuzhr4vgJVd/5ZMJhGwPMLcxBnMT/UjMnoc0SdNHRSZkc/n80pTpVIBR5wHw2sYYoDhOKCZWYf8yUyCs3djJfYOKGbxK2aA915LjvL7/c1kRn55eVmB0HlRcdYSwPNZYCQBvPn8HoX4bZSXTOAcGvC0EdW0G/TYRUGZw+PxqMmMfC6XUyCJHyIGQhK0JIEp7ESBuQWJd4P/dgWFwFXMvuwiI5yHc+TaodoynE6nmmya5ziuBhl32/GTvgFJ8KKU7ITAtmM10YvU2ElYJl/AYDDs37RRsmW11Wrls9ksssxbcMHu/+IOCItn8Zu5iaT2BOzGUVmsUm6h/lqmp6fV5ld95cTH6yT2JwgLXfjLnsMKSTL/tAUW02vo9XpV7RrrAc8u7+2Kf+hF1PwAGX8bSgvtKER68HWYxJ6a2CRuCNANHgVW05gbPg177x54tK1waY7BYhzfIm4I6LvQJJa9j1H2P4S//zB0lw7ArB+FTqdTNXzK9YW25l3Cnc6Dom2gVbTeP+I0DvWcIuJ92/1M/wCZISaoLgB85AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNdaFJhGMcX9EExPVNn3Xcd3Ui3urnJbK4guiioiyjKPFm2QRSINZl2RDuprTZNaTLQ06ajizVhDILW+tpmYxXW6mKNXTSKGS2Xm+foP18vBjLRoosfLzzv//nxPC+8NQBq/oeyRfpAvYXVStMeXR2cWgoWtWT1hEJu+yuBXiG92nNYkg8cl8JfoPuoBEwrhXalOK/bL7NWFXRrqSSrEYNR1YJRi8DoJLC3yXGlUYqTCupnVQGjrIVLU4/RrmN4F7Ph85gfj90GXNDshaOByvdfO7SjqiCzMIVfk31YnuKwnBjE0qswUvMJuNQU3obo7RUFDpUol5qMIDUTQ3p2sEAU36ajSCU4uJrqhIor7NGFt9mVYv514CLWpoPIvH9U5PdMGM/vnoKjSb4m1wR2lhXIW7nibp2q3eCffMK4z1gCP/YB5uZ9IBmZ2rerRCA7OLCFnG/OMPCdbUAu/hHCracQrCMQLEMQbnDI9Y4g2HEEJEOyVGPv1pIJyEV2dBzpoQkIwWfgncPgLRyynWEIbBRZsw+CNwrhXmhDsiEgIxb3vd2HOdqNjDOGdWsY39vv4IvJidXrfqx3sJg7bUOmJ1LMkp5NghVXAMl2LxZNbnw1schc9mDF6MAizWBJb0fyEosfN/2bBS/uGxOkED9nz0/oHeDNkbKQ0eP6LoFkCz2zJW8w/9AgCrXQHq7NNEyC5ehvPv/yQQvtXRgwiCr+xn/hD7c3w4UciyonAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIHSURBVDjLpZPPS9RRFMU/3/GbmhVBWVJGLSQoi5AIM+o/CCowBKVFP3AZ0SKUFlELiaBNhNugEKTIIRFc1iJFs2iRm8QoSiIdQ2Z0Zr4z8969t4U644ALwwuP++57j3PuO5wbmBmbibDvffKeGZ1iekBVEQWviogianjRNUsQb4jqx54rh5sBQjW72dq8o/Z/WO+//Hai2IGo1gIMfn+OV48Xj1OPE1fK4ot33Wd6cE6q1gAsa9DReGND7Jmcx3kpaSCiAPSPJDYEcOHULgprAfwKAED7ub28Gp2j7Wxd8WxgfI7WllL9dzFX3oETRc0IK2BgLEFFRYz4eIIgBrGVR4MTCTBjSwhH62souBIAjwdnLJUtWPxDwszM3qzk1Xg9NltWT/9OWeHaVTMzzIzgYfyndU08BUCjPJrOIKk0klpEkotIKo2mM4zER1GgcX81h253otmImuGhIHR+WQNruwQixHJ5gmxEmM5gmSwWRaS6H3HxdB359g40G5HcXY1UVuFOtljoVZeZe5+ty6xRHoDhz/Nw5wkNeyrZd/k8ms2xc/JTwN2+KVtYytvbL/NmZvZucr7szwNj5Zp8/ZW0hSNNRQ1CJ4qZcfzgdv4sRDTUbeXHbLo4C8fqK5maSZV54db1Xn1RMpKNPuifbiqIbnNecF4QrzhRvPh1zZRcyg2t7oPNjvM/JWOW3I/zgm0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLjZNLSJRRFMd/3/eN6eSDGCeLHkLRy8SoTSZhUfRclVC4Ep1FLcJ9QQUSEUHQqqCCmFXELCrooWFFBRVB4WMi7YVjipqJiWOT4/fde26LL2ea2njhLi6c87+/c/7nWMYYurq69k09vtymxodQown2RD9UM7fz3ers7NygtX4lXrrQQTN25Si7rr+fU3YgEKgOxGKxDzU1Nc0FPa3RolLAgOd5OYEigjEm5x0MBn2R+vr6dVrrS1LWgIMi+fzpfz/Zto2IZN6WZWUEMwTz4q3R4jID4gcAnLk1iggY8BMEBGg5FM6WkSFY2IBjKSafPMsIiEDl8uAfAf9296cA0FrnEgS6H0RLwgZjTFbAGN71/0IAIwYjGjF+D2zbFoCsC2660LEUQxeOsD/WgzEmp+4Tt/eSmkly/mA7jpWHiKRCodD2LEHH/WjxQp9zNvnkzW+IaLQ2pPJmKA9XcCxWy8UDj8jPCxYCzl89aMRBMdHuu3D81m5MnsIVhWsplixYRcXiaqbSKSKxzZzddgfHcewMgf3mXrSkzCDa77gSl92VjWgjaNEIhuHJQaqWbeWnO01z+w7yl+r5fxE0YaMYb3uKZVmklYs2wtfxz3iiUOLhaY/kzBQbl9fy0/vFROTFoyzB67vRojIB3x3SKo3SikUl5SjRaCOMTA4QKlpMx+BLekc+MvqMxhwXbBT9pyPUtX/h8LXVpF0XV1zSymVleD1bVu7h7cAr4sNxbjQ9Ye2iSn8XlFJVm3of9s0PBTEGEokE53a0opTK7EHkwRYsO0h8IE5L7VV+9CX9sZ6d6cia0u3lRfN2DqW8weufxuP/7sOKUzzXxikYa9N10x0Mz67zb4UIk7Pj5YsYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLhZPda9NQHIbzVwlWryzthpWuIpWOieKYZXO2q1vC0KFr9aZM3Yr40QunspU2TVYmYhVRvNErwQtR3E0JTq3G2o80mc0Ql9dzTr/SYdnFA8k5yft78nLCjcxJNwKzsuoOiZoj2GKsi3NS1I7y4hIA7n9wgQvyz4KiWLphwNgyoRMq+jZ+MUyo1ToOR6Ra3wA6ua4b8F/2gL830WF8YRGB2VX4hBwOBEWrnxl3kGzQyXzyLJbfLuL+uwQevr+Jk7EsiBn2MmMBdbJ58UEEKx9vYfVDE89MBtTsTVjA53iiy/XbeD4XRaluwhWSNRZQIYmeay6cSsYxfCmFwfMpEGW4wjk4gxm4J7IECd6IhOW7z/AlkYRaawXQbyuTtCOJAQzPp/bU9gtrLOBHrUECJI3bP5bWypoJx7l9cE+tMO0TsTuIpl90uCq+xJnoEtP2hUV8Cp7G90orwMECGthQd5gynRxLPUWuoOOR8huPN//gyde/iMuvmLZvKgtlfBTFdsBgSNwslavQiOIACaCF0ofzRQv5bzsd6BrV9obSyI8EUCw34JwkAcd4aWFoWn5N00ihFi30+HwaM5LCmM4UGH5SLtX28uvMtlg2mwH2U9UuNHBlDUKu2ANdo9pDwjqqpNQSOwdyrSegXeih0Rh7wQ5da2lbdDI5RBqxT/Qa2ArdUK1ddLV7/gX7jb1QzdhGjVAl10262n0D7IXSSbtpa9vf+QeB6/JTIb6VuwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE0SURBVDjLtZHPSgJRGMXdzmPM88w+gqBF0KZF0CIIstkkhVhSIGFYYWHSHxKmCSdhYAiCIEJTk4ibNJbUA1jjXDenMy+gzkSLD+7i/s4533diAGJ/mVCfs05fzdieEVpg76avENYJe1uVH4QSIKwRFqUHH3ZzgI3y93gC+VtfJWyc3fuw6hL2k4T1KJG8GiFQuJMKYZ2wZ9YknNYAlYZEmW+zKrF22RsuQFgQBmODOyPYOYgdOAdwwughcgsja1w56WocwcFy8QNLhQ4WD10sHLQxnxOYy75gNvM8PAFhhbBO2Nu1PlF0vrB/3cWO+Y70hYuZ7dZ4K9BZpbOROHWxWeogdf6G1eM2ptONcDdgbI2xRfzoFfG8wFSqHv6IjK3QWSfsTSZr0VsgrE6sV43/qzHK/AJ0lPqXO1KzBQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxCcMwEAXQAxcuIoIFAUMgqtypcyXSqBIYNy4M0gSZQBNoAm2QCW6DTOBFbg1HTo6QyqW5QsU9vj4HK+wPHAJ88uhxDiuMwaFFk/qksUOF7cAJnmb8+rKmFXiN8sxgpomBwb6A7qUe7e2vw0Tj4qKNJvaLLkDRhRoS+QdGcpxQwml7pRaxpiowcGQZdHilVssoyu9VhsjAkmGgsCEZT1Rv/RHuH2BTqYa6xKlQmqPIda6ekGA47tT78wZ72Oy4vOPLEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKISURBVDjLpZNLiM1xFMc/v//877yYMYwxjzzKW8MMG8YkMwgrLJRXFAsbj4VkUpLsJMoCCwuPokyShYRhgabbhBg3N+8xpGtct3ncedz7///v7xyLG9NEs3HqrE59zqfT+RpV5X/KGW348+GyaLylftQNRlXpaV2hKoqqLkF0uoquVdWd+VXrUFWGOm+hordV5K6KhsVKWEULp25qN0ZV6X7SqHlV68j0RHHyynBLasmvWAk5YwFBgx7SP8Kk4y/wu99RMLmR3shlpm2NGBdARYvTsZbk+LqLoILafoK+NtzipRjj4sebCRXOJ3fOdlBL4ulJxMqaPzcobXzcL8EgqBAkbhIk7iDpL6ACKOJ14cWuMfThKKjgdXegIs8B3N/HUNGsrvVBAjCCpMKYnAC16WxnPFCLEyomM5SsBHqGAVZAFcRHbYBxLJACE2DUA02DeFkjaxEr8reBZg1UA9AcIA14KB5qA9R6qAqIQa2ERgKsIOLhFMzADkTA5ILjg5O1eBTLo/X7ePqencRPCamhwh3XockZNpAzyTdXcMfVYUITMK7BuAHG9Xnw2dKeKaNheQN7tuyldnE1TORQ3b6qU38AVRueHxjsvE/yfTO55RtxCsbg5AYYd5Dbr5MsnFuLdSy1lauxJqBuQT3A3hGvrFbKBjruMdBxn1DpNow7E+MMEu9LEDJjWT9vPwAHV11gxqQagPwRgKmbXyUyqWR1b7SZ3shVrD8FzG76B7qJxsKceLALgBMtu/gUjwCkzb/S+PHS3HK1st9xxxwpmt3Iubs3eqMlRSX1NcuYVbGID10vCUda+fa577QZLc5vz0+fYP3McfEzTbu/cgzYAxQB/cD5trOxw78Ay4ZsAbSg5bYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLhZPfa5JhFMcH3dX/Meiuv8CBoRdjIvOieRUYmjkzmBaowXCbU9E5U5KhtmX7QbrpyF3UuhDRVFoXgnrhmJO2CSFELaIYw7FvzznU+uGqA+d9znuecz7v9zkPbx+APrPZ7F1YWGgnEgmsra0hlUohnU7zSu+UX15eRiwWez8+Ph6inh/Oj7m5uapYD/F/O45EIu96AIuLi12xnirMT/EvJxNK0QMgeWTX7j+D1pfHTf8r6AMlGB6UYQy9xu2Hb3iPLB6P9wKWlpbOAHrRfOuP5jvhn4DH8SfnA05OTrCzs4NGo4FarYZKpYKtrS2USiUUCgXkcrm/K/ie5MnPzs5ie3sbKysr8Hq9DOrctaCpVqHb7Z4/g/l5TqLdbmN/fx+7u7toNpuspl6vs1erVa55NH8OIBKN8mYmk0EwGMTBwQGrCQQCDEsmk/D7/awgEon2AsLhMAM6nQ729va42efzsVyPx4NyucwKCEK56enpj6Ojo/ckEsklBgSDoTMFJpOJVRCs1Wohn8/D7XbD4XDwkClXLBa5ZmhoyMsA38wMAzY2NmC321ERZ56YmIBCoYBOp0MoFILNZuNYNEGtVj8niMVi+cQAl8vVzRcKp2NjY3A6nQx4sbkJmUyGbDbLN0FXSUeTSqVQKpUXCTA5OXnEAPHV+tSU86tGcwMGg4EBGo2Gi+VyOYaHh9kpFrlTlUr1kgB6vf6w79eJXhYmZDfEsA5XV1c/rK+vQ/xoIGVWq5VjytEe1VDtb4D+/v4LAwMDVwYHB99qtdovRqPxSPjxyMjIdeFXRfyZcrRHNVT7DWZq3D+QvMywAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLlZNBiBJRGMf/r9FZc6lcjLBQdzaElI25LNWhSx0kiD1FUMEegyAqakHYS7hG7C261TEQETpEEoRgS7QDRXgQkShmrVCi1W3JUMcZRx2nN4+0kDlsH3x8w8z3/d57//k/YpomJiOZTAYNw9jo9XpCv9+HpmnfFEWJJhIJebLXAZvQdf2h3+8X3G43LEClUgmUy+UH9NPiZO8eO0C73fbl83kUi0UGcLlcaDabQbteWwBtRjweJ7VajQG63S7LXQN4nmeVEMIAI8iuAVQDxGIx0+PxgArJ0npnF7YiUsUhiiKcTidKpRK8Xu//7YA2m9aKsixDVDu4uLONjZMLx3H7Zo7mVdsdpNNpgRZ5OBzyNNn5A4EAzpgD+C5dAdG7pFepRj+nn0bXlpaOpFKpe0wny0jWMK1yOBzms9ksCoUCqtUqO/eqOA9x4QS0nyUom6/R/bUN1b0PZW1qfXm9FmUAStMjkQhPAWi1WmyQum+c/ffPMFPP49jZC5iam4dWyuGD9ApN+dMtdgTaxFPrIpPJWCZigqmqOgac/vgEp27chevLG0C6D/cBD44Ksyhsmnccf0RjqzYaDfY8Gux0Oqzu1xW4fHPA+eW/4q0eBjckwmgHDBAKhdg/t4zzb9V/PIdafInpF9eha3Wolt1bHAwOWwxgCSZJ0tg0k7l4aBoz7yQIB/fCwTnR3hnga53AhPmI2F1nu3h7ObjSaWxd4wwya3Dmdzr1+FxusPYbDlZf5OWGzT4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLfVPPaxNBFP5mtzVL0nhIA4mUmBaqB/WSUy459FBs6amIIv0DJBcR9GIOWqSI9JSjesjFi1eDoNBEsdEaEFsRD0EPLYKxNMREyY/NbvbH+GbdTdOWOvB4M7Pvfe9735tlnHOIZd24znHuAsxiEdw0wS0LtmHAdv3o/Dz4q3UEXq8xDK0RbzOcxIcSbXHv+b6Bw2sfwDAdEFvXnWAHSHh3P3IMgDQAoI+ckhGPwxIgZMJbmgY2PQ1b7VFM/z8M+saKpmnLzctX0AmOQZNlGIJ6uw3lVwORN28RpJhjAbbv3qlyVe2EJibGFDrbtg1PYALGJ1nuqLMz1aVDAEwEVSqVpGma+UgkEm1TxV6v5wAIkyQJPp/PsVKptKfr+mI6nf5wQAOimgmHw9FWqwVVVWHRBIQJANFGp9Nx7hOJRJTYZI6ISEEpwURUNoXqbnVhHli320UgEAAxSB1poVwuW7FYTKrX604ShjQYnD/mwbfy0Ks7sGT+g64eXiyYq46IfRqPFzzsB/ut5zhZfY+zV9PwTZ1H70shVnlXvF+cHe06LRCt5uBJu7179IXvbTzFmZlLULbXwZ4swb/zDJPxcZkzfnPEBdig/heF0s7sDzGRGjUo0Slg4db+/O+dgmyzScmd8+rm5uaeoijw+/0HNGCMgYfCUD+/AChJv83wm6xVqwstdplHPZfLXSMmK8lkMhoMBv+9TpdF4+VjnPi2htPj9E9IVbTrJr7XZMvQ+PIAQKxsNpskkAyJmiILCXGppSbZxtyf0q5S/7ogWyxOlX9S1qO5gvngL9401yPDHgg9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLbZPLb01RFIe/c3pbvdU2RYsmfUS1KrdaqkGQCANDzyZMjEhEYiBiYGCkf4LExEQiDDxiQARh4DWoegxERG4IQkQ8cnsb2rPP3mstg6OlcleyspKdtb71++2dHZkZ24+c7TOzywYljA2GYQaYkRWbSRWPd+V398+d6ALIkTUcNFjeX+iIvn4rYzY9BBlMMYXx8i+mnKGWW8KfyACwqb/QHm0ZaKejtR/LCKhptlWz7S1NddTV5ti44xCzAJjN6+/r5ObTN5RKk5gqADqtwgxTY3xiksSl/Bt/LBDlanL0rOike9F8RMBMUTVEDFElqDGVeC5duVcJYIgoH75OUBNXkyQJ3qUEzc4DVeSqa2ieOwc1qwAAVJQgHuccu9Z2Z/IzdVj5Gd/eXuSF7OW/+b8KvCjiA0Fizt97hfOBIEYsCduar7C0Zwul4iPM8rMA8TQgBCX1nlTB4jlE1XmozlOof0nnkg00tg7Smo7R3jheCQA+CCEJOC8kQUi8kJcv9DJKQ3MTMnGNtoF9bG17TVVcSYEo3vkM4AXvhYI9pK1vNyTPGTt3gfqmKZbVf2R1m6tswacZIA3KAimyclFEw7xJ1L0DU+TnE7o2H2NXocTYqfUNMwA1Iw1CcAHnldSnrJbbNHWsQidfYDrF0HAvmn6mtrbI4MZhgkuPzroDEUNSwXmh24/S2zNIXcN3LPyAqIpnV4uAokmRlmWdiPOHH4ysKMw8I3HMmnUDWBQx9OkuLYXTEL8nbmwBjLX7d864rsovpWvr8YXF6yMnpwF3bt0YPZD9PGNoeZnHZ/ZgapjqrBppkNgkRRUzW/wbVUOsic+TyncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK1SURBVDjLbZJtSFNxFIcHgjAQgr6VhBSFIhhJQa842JdeLBMyVIpSSUtFZpIIaqa5UNTpUKebmR82FZmmzpXiHKawhqKUlUVQCEEE1ZfQmFg3n85VLN8uHC738H9+5/mfTQNoNtR4S7iUidHmacYtCl6zwnD1NEMPTPSWhG8+vxnOEzDAZBe8ckm5YaYfnjtgzAI9+QGcuXlbA8ZbghmzDTHRDi965HAzDFYiU6H/LvQWgKsERmuhrxAeXhmi+XLw/4DRZjOTAqsBw9WKgHrR1f6b1JGtxZ6up+2aQo+EOTLBfM60GjBqieJZvcJEp0ysUOgvDaOvKER0jaLrpz3Tjz3NiDU5BFtCGA0XFJxyiyqdQuWJSA0jJjO+NtEzq7p6+gpC6c6b42k5dOVCZ5a8b4M1fo76s6FU6/USAq1XwRht0ojue/ztq3fruaMV3W7cZYiuk5YkHY3xOtF14siQqTHdVB3Xcv8wYgaF4W81oruEX7bszFWbQaIbwHEL0dVNTU3F+Xy+SNHV0RAL5UcClB4MoigCOnIkYN8Pjegu4Xski0lXt6vFmqjqfqPLcErg316v9xdNCWdE9xP3oqDggJbC/atXK967oJHtfuBxPqIbEN1g0Y1Rtyuwg5lh+OjB6XTaDY3JxYbGpJ8ZtRdJNeqWO0uj1QC5gjXZILoZspgdaz+bwDtl8oLb7V4WeLncWjBf1p3Kk1kLM1881I1kkVgXRaohdECz5a8sJXCTwArfX8LXKa5Xnsb1xozrXT3qU+NNp857k6PZuxa3gw8J/EedbLfbfTabzXe+KJrB2VbWPwOvLWrA1ukCewVeFLh1rXcyZ49S7UmjwpOyAlcMp2xvIHCswJ8FLl7fl4PGSzURmDw3Viarb/Vb+jUbAgRuEThuu73I4cpj2bsDqrbUvPqt9v8CPKvGd70s+8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLjdJLSNRBHMDx78yqLZaKS75DPdgDDaFDbdJmde5QlhCJGxgpRJfqEEKnIsJLB7skQYQKZaSmdLaopPCgEvSCShCMzR5a7oq7/3l12RVtjfzBMA/4fWZ+MyOccwBM3g8HEbIdfCEhfAFnLVapOa28Uevpjrqz/WOsERJgsu9Uq5CZQzgqrJfo9BajNd5irEYn4p3OUiFExtCLmw2tawFi4l5zUMjMIau9u7K+qxeoAcoAA0wDb2OPwmfA16LiiaOHLj1edRLpkO3WmIis7+oBDgJbgQ2AH6gC6jY19N62RkcctKeVIJAhp9QgUA3kJXdONZVcq9JxPSgQoXRAyIDRth8oAXQyKdWnoCKrTD9CBv4GMqx1WGNZkeRWJKbG2hiD1Cb9FbTnzWFdY/LCdLKlgNQ84gyNKqHm0gDjqVHnxDHgA/B9RQkpaB6YklkZl62np9KBhOqwjpKFgeY2YAz4BESBWHI8Hhs6PVVSvc3v98ye4fP7T676B845nt040ip98qpWJmI9PWiU6bfWgXGN2YHcKwU7tsuc4kpUPMbU0+f8+vKt+Pitl7PLAMDI9cNBoB0hQwICzjqUp6MZvsy8yvp95BRuQUjJ75mPvH4wYo1NlJ64Mza7DPwrhi8cCOeXl/aUB4P4c/NJxKLMvpngycCrzxVFG2v/CwAMnguF80oLe8p27cQh+fnpPV/fTc95S6piXQDAw7a9YbWkezZXFbAwMx/xPFXb1D3+Y90AQF/L7kAsri9mZ4lrTd0TcYA/Kakr+x2JSPUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKuSURBVDjLlZLLS5RRGMbf7zrzebdw8FaSqJAbF0GgRBvptinoPxDKRdDKQjBw2TKClgVJCwmUyMBKydDKS9TCME2tRhs1cZwZ57ud853bfB0HiiAVOvBuDuf5ve/7nEcJwxAOOgPTtk4Fr6ZU1OCAVyBCm2Td9jEdcxG5pBwEeDyZtaRwjAvWSpkAxjkITsGKqJBIuvB903upH9QdE3rd1MLW0gIVCMsBoYq8U8H2CUQNBdJZp33fCe6PbJo+4XZVmRHFhEDKCXaB4Accii0NFlfT8GNt56a6X/er56qog/Cd1aQjRRQictasR8B2EXgIQyblAbX95X9WeDSRPiriz3oZY1pvZ2dH590Z7GB+q7LcjBZHVdhMBaCpEfBsCXDR9p8V+t9lLGlUP7PXLxyJbkUMw4DZ2dm+rq6ujjPdz09xTEZrY8VWYZEh/WAwNxWHwEV1eYDsqsuOCxFDaYRQwGZ8ljeUE31+fr4PY3xFVulM5mQzC4LRypoSy037kEykvuZytDnvAQ5oNSa8scAE0JQcGIeb9LcrJl02Tj+U4gcIoanG8MU35qKzK58SaCux9ZSLoGVxvJvnPfAQrQEQEhTCRhpBYVQB61CNyZY+v6qvrzdisRgMDg6O1+kjbUt+23EpTPz2LA9wMa7QFJBuhxIWQHKHQWmBDrXHGozJuTfQ4sWBEDI9NDSUkc8zf5ueB9gubiqyVJBacBDZXQm2MhSiugZW7QkYfj/NuGi5ttd3a9uxi6bM9FhFmak5fgCmHEXqQFcVEDkBiZVt+edhz8fh7om9AHrWxV5JgWoImXMfE1jbsMHd8QF7AQQyONjxp4UQ9/YLnJ710JgaGucXUi6sr2cY84MeQfmyCOg2p3RD5PjPL69v8H0ByEWXnSR7IoPSzjEt+jDQQeE/zi9kq6pv7shelwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHFSURBVDjLpZI/aFNRFMa/m/eI0eBUBNuYhgrqICg4l0Jra0AFp2C7BMFBdBKngiCdxM2tHSIUwbUIkRpIh1jUVYoUB8HiUEuLUPL+3L/vnnvdooIpqT3jOYff9/Gdw7z3OEqF/QaL69wLY5Eqg0goPL9dZv/ay/UDCG0xMQJcLYXopuLwDmKpIWUIpQhR9B+Abqqw/EkgSgTiWPYFsKOGmDto2Gq1fLPZPFCh56DT6XjnHIgIWZZBKQUhBKSU4JwjTVNwznu9RqPB/srAGINqtcoGsV2v1/2hM/g4V5m3vHvfclGmwG8DWLzWts/Yw/W7nhyBnINzhKXpVwwA7ryteW01lDa48mUPt5KCOT9Vyx8buwj5uY3N92t4ke0iZ8liunQTM2duICPbU1SZwkRpEuOj47iw8RXnpmr5wrd3YC/ncGLrNc5WhjC5EyO0RCBn4TzBEvUAUmnEJkJqElyODQqnx4Drj34/0MIwTglCaMnizdYKyDmQ+wOgFVY3W9Da4FIxgNhYRbH5AFruQgBI4gD7x4PBQvwwW1rInyw+Lg/ZMMxtI/lp8X0voEz5J4NfYXZ0nu/v3AuIVSjwPzywVG3bp78AeAkDORpY/RgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALZSURBVBgZBcFLaJxVHMbh3znfmVsmmaRJehlQUqE1EQu1xKAuxForgmahFhXsxoXgokZwISKIIEJ3guii3bkQstCFuHAhrWBttRZsiaIlaFNtICbmOqbNfDPznfN/fR4nCYAn3/v+lVqjctI7JoEq4ABwgBzIiGYLrQ1967a33rp4ZroH4CQB8PTpHy5+NjN5n/duSJAhAACQAMTanYLZn1usLHbb13+bH750ZrobAAB85sbLIRv6fZXMOwcOZJBkxCjyInH04AAP3Ru4Ymt9somtx17/elcAADg0utDoLZzNxoqIkrBkKCUsFkSrszhyGqjRbJSZnmpyrrxSu7lc/zQAbMwdyyb3TIVKfS99pd2oiKiIpF5OvjXP8uCLWGU3y5s5Y/0ZlVJg/yMjXPjp7xc8gJLd/fDotaxUG8N2ruN8HUuRTusP1hsv0x1+hnIWuLHhuLIY+e7PNpVShgs+hvWrR8tK9urgyDiQYfkKhC5bi+fo7JvB9jxPKIQyD2Xw5jDLEB6cJ1hKRxTttcrAQRRzyJpQFJgFXHuR8l8fUSpyCgZo730WV24iLwyQICjaJ9WRB0fzjXksGuW+A2CB4ebj5Bu/kIoe2//MoYkPCNVdCIdwJINk4C2mz3eWLn/4xdVG7PoDrN/4htjdoei06LXX+c/dQ3z0PIy9hMvqBO/IvKNacqQonCQAnnj/x3x2ZqLavnCcav9+brdWKcbeQHedwATJwIBkQg4ONz3H373UCQAAFkU+9yalyjCXN5t8WT9LvjYI/0bkBIAEBgDM7itRdI0AAHB/fc6n7Vt8VXuHoQee4pggCZIDEwiQQIJfVyMyUXQiAQBg7c6g+cMfa/7WIaelhDkhHAAmcAgTyDu8OUJwFpPFAACwsNlc7h8ZH3270atL8ggMABisBQAkqJUczmGlzN1O0ZacJACmTp0/FQs955w7ItQHAIBAgBAACICOmV3zMPs/Y958nDUklyMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADHSURBVCjPhZFBDoIwEEV/peLWlW5ceAcTvY6ncW9i4pm8hgsT2QgGEFLKdygQkKD2Z9pJ5nUyv1XE7zX5U4euD6WGBTatFVZYwhu5GuDKsko2WWhswU9lPB2xxqRqszU24ZMRUyaiiA/eBbk1iAAV/xLlbo8ZMhAglewsiBLgYmUI4wwRJSxyzFsPO916ndazu/ARClhg0drsPKrGkA/bZHrorkKUE8cBuKI3fMkhAkH4/S+IbjI9Vux/jNof4lmBvowL43Lmb/8gdgK2+FpkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVBgZBcHPi5RlHADwz/POOzu7o21bIWVsiiAR1kYdJOwHdAgKO3QQDMqCTv4XdQikg1BCUnTQCIK6REVdOnWTClIRjAwNCdFy1t1xdnZm3nee59vnkyICAOSTJyu5HCsdR6PESju4fXG6vvFBOxzOVd7r7tn7Zju4vbF58dJnk7Y9VQMAaNu3PbTr03rtyR6hGqw/N/3u+6ct9mYrrx5+cXHfXpHLzqVffn3/2pnPl2oAgNJfPN5de7xnNGK8re733Xf0yCFtq2oKl/+UcO/aE1K3+1YNAJBTtdptC+sbRGHzrqruUDLDIaUw3mbnDlFKrwYAyFujmbZhe8w8kzOzGfM5udDMmGyjaPM86is/HrywuHzgQEoVWKh0ujf2WFjewfUb5DklyC2TGbMpqw+7c/6CzeHdH+oU1WOPPH+2m1IiyPtvWf/oQ/es7ra0Z5Wr19gYkVt6XQ486s6li37/+tvfxpPJido8pkrTm936RG46VMv6x9YMf7rhvzNn7T78soUqsT3R7Fzyx6mPjfdv5eF4/NqRweBmrU0VlHkfYevaOcPL5+nhFa6XL+mhB/TfqfWtdJ796spNqJWqo+oY/X1Fc+cfZbbtgYOvW3nqDUlS5q1mMKEU3fsX1Mv7/HX6GQC1OUnHrhfeJTJRkDWDb8hjZEkjTDSDic6OEwCg1kZEZM2/X6AQgUwUES3RijIhjykTAAC1JgqBIAqRRTTEnGhEmZK3lTwSeQsFANRmUaREFBFzoqXMRJkRU1GmooxF3qJMUAGAOtrSy+NN0oNSSuiITiXpgKRCIhJqeTICAHXMZj9fPf3SIYEEAAAACCSUcg7gf+9HV+4TlzZTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADMSURBVDjLY/z//z8DJYCJgUKAYUBE+440IHYh1gAWLGIzgXgPFINBVFTU/1+/fjH8/v2bAUSD8N69exlBcozIYQCyHUgZAzGIdl1R6bGHVBeEAjW5Qr1QDnOFj4/Pf5jNMHzmzBlUFwA1hQIpkMZ7QKxErCtYoJqVoDaGATXcg/JBBnQAsYmdnR2GC27duoUZBuQAeBhERkZi2IKOYbEAop8/f05lF3h7e/8nZDsy/vz5M5VdYGtr+//nz59Y/QvDf/78QcbUcQHFuREAOJ3Rs6CmnfsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLlZNbSBRRGMe/2XRWZ2/D7G4sSuYaKVurhMZaIRbm6iaGERSSbz0EPfTSQ4j0ZNRLQq8WPaQgPfQaIWmUJWwrSYolkW2ul7S0Rrbcy+zM7vQ/EovJ2uXAj/+c833nu5xzhtN1nXKN+h6Jc1Sqma/fhPHn574cpG2GYTuDt9quHbe0U0vRiZrqXvHZfwXoHqnTfaZWg8ceII90jPy7mo5W9Vjv5fLltrZwa6RJLzbVkstWQys/FiiakEng7TQ6N0iD7x4vhK+mSjb7522NmFb56PRqKF+OyYLbcQQlFtCT8H0aW5ygHUTiX1uYX75WL690C/PRScwyZDDoNCtPU1vlKB0ueGBpvXy76o8BTpUmu1x5CpGWT6Rn0CMrk6fIdIQcXJwaSjMXfjuDqampXk3T6gGpqsqDMq/Xy918eoaUtEJriSjF1QQdiHcmTjYcKhweHo6nUqk5RVEIumrARs3pdHoQzIOFKzzPc8Fg8GWj2EW1+qX209IN8lPn2d0OoXBoaOiuyWQSksnk9YqKCg+ClHGhUGgPx3EfYrFYMQLIYB9YgnEnywTc+I5Ai6CfoS6wZjQal2RZfmTw+Xzh9fX176jgExxaYBhHBr8gCJPQgNlsfg1thr6FPWCz2Zg2ut1u1sKLjXcwiIHJeRhYBeXQZWgJ9COrAMyyOWDrTpyTDCLovm3jFpDhzqYKJlkGq9X6imUURZFVFJAkaQLzJugbBGlGgCUwln2J/f39KgwWOJWy04WWQ2fAXvAezm6wCFzIvB9c7Ovrq8u+RGzIAwk4068ryoJNWdh149ApnU4/zPkv/Mvo6OjgmQ4MDKR+Apt6owU5Oz7IAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALHSURBVDjLbZNdSJNhFMf/m/v+atayydzEFk5rlbrmLBcpRV4OW9hVdNNtV14IuxQqIoLuvI1ouykLE4rdhnNivTmKikywbaBurM19f77v2/O8MJmtBw7PA+97fuec/zlHxPM8Wk8ymTSLxWIvx3FTjUbDQQz1ep0plUrBbDa76Ha7463/i1oBiUTiokgkmpNKpR5yg4BAAdVqFYVCAbFYbCmXyz2anp4ON33Ezcfu7q6ZRJ1TKBQeuVwOCmYYRrBarQalUgmLxeLZ39+fW1hYMLcBSJpeiUQiRKYOFOJ2X8aViQlotVqUy2WQzGAymTx7e3vepp+k+ahUKlMajYbeQrQf20mshVeFTFyuMfQaj1B90NXVhUwmM0Vcnh7KgNTpoD/TemUk+lo4BJ3FCV3fJD5tN6DT6WiWUKvVKBaLjrYSiMqCYDR9EhYcB9SgQoWVwSCLIvX1AfhGHkRECsD/AEw+nwfLsiDtwqWxURTzWZTKWQwr30PVeQ7y4jqi0SjVg2kDEHWDRBzhHQqFIEUZd66ZMHMqDL3xAnTdwxDnGMR+rtIyg22AdDq9uLGxEYzH4yDdQCQSwbs3z5D+tQytQQ829xZG+21YVd9TBg231AYgyruIQCdWVlaEj4ODA7Ad20H3mRnSos9Yf+6HRl+GWVczjPSJHx4C+P3+m6QDfjJ5Q6T+e4FAAMuBJziqlkLbWQJX3SbCcmALH9E3MQu7sXprfPTs/QMAmcCXVqtVptfrYTabY46R87huZ6G3DIErfSG+ZTi8NnC1HSgUmxhw3sCope47ANDhUalU6OnpgdPphOskYOkfh0qbIq37QzamA8zrTRoKXGUTx/t7cdUmwYd5+2lhmXw+H7+1tSUMEbXZyRzcd1+gQ/ybADLEsXVjxehQ2pD4FsHm8vwr0b/rTM/qY0eKZzkVz/Ekfa7F+IObThrxZf4CSlpy3yYZtPsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLjZNdSFNxHIZPnfS+usiborU2JaKIPvAmig0kkYSCCpHKsTnDolLXnBFJBQV9YC2VtDRThKiYzA9coW6abWSTwRixYqPtIqHTWGM7+3Bfb+d/ZEeHXjh4Lt/395x3/CkAlMPhODHzSIUpXTk+KUpAUdSRdbKThPfZ7XZ2zjaLeds0TBeLkU6n1wVfotPpCo1GY83HB3X40l0H04VixOPxPKLRKFiWFQiHw0ilUksF+QYWjFdLVxXkSnJEIhEkk8l8g/F7dZjtUmO8SopEIsFzc9AP3YAfzRzafh+0fT5oOIiFUCAYWJcMxs5Ksbi4yEPCAxYG/RxvzAz6phg09P7iC4hVnsHYXTU+d9Zi9IyEbyesvNrEBRtfeXDtpYffIBaLZdY0GD4t4QciBblPIZCL5NtJOBQKIRgMslzBwWWD1lrMtKswfGq3EG567UNDjxdXuz243PUT9S9+oP65CwzDIBAIrLGB1QJjpZgvIBvkLnO68Bv0sCn2YEJeAHPVDljbroOm6VLBYOSWCtN6JYYqxMKIBBL2vnsKp/Yo4mNPkP1uQvRtI75d2Y9nh+jHeQZ2zsBQvksYkRiQxS3VYsS4MPQngebNwH0R/j48jhEZ/XvZoEUJc5sChrLlAnKdDEe0s/MGrPz9ay3ChGxTdpXBB7kImUyG/ydyBuZz28H2KAEulNBSCHL4L9EYldMMb6DRaESDFXsxdP4w3stE8Hg8cLvdcLlccDqdmGu/ga/qEiw0i8C0FMCr2oDJykJ0lG7spMhzJtRIthy7faDojlK6VbXW0+0t29YxIqcXiDZ3+Q8f5p7zf7M8wtRUBE6BAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ4SURBVDjLpZNLiFJRGMe/q1biA99UpqOilqALmYW6yM2MFLQtwU27bLbNLLSgidEethxcGLRTXIkbFyEYQlQu7qJNMD5AYXxcUZMRMhtf19s5NzRnExMdOPfAOff//f7fOd9HMAwD/zN4/ypIJpPMbDaD+XwOaL1PFAoF1sJisQCaps9M/NP6xEKj0QgOhwO63S6k0+kjHk7B5XKxgr+N6XQKqVSqbbPZ1LVaDbLZ7DEKGONhcrVaBaFQCK1WC9RqNdTrddBqtey+Xq+HSqUCJpMJJBKJutlsQqlUwgEfBAKBPM/tdhP5fJ4RCAQwGAyc6IDs9/vOyWRCIpvO8XhMdjoddm232+z+aDTC6VDYGQd/cH4ikQi7IDFZLBaTmIyIJCbLZDLSYrGAXC4nrVYrBmEHLawlls+YyWQYj8cD6FKh1+s5sRiTsZiiKKdSqSSRfadKpSIbjQaEQiFi5QAPZGm/WCyCwWBgyWazGaRSKUtWKBQkujzAQex2O6aviodYL6REIsEsn2vtrdmp6X6ByxQJvEEPRnwh8GfDJ7dy89fEeSqx4NMFxRp1+PqW9+IlgxVOv+ag+Ok9PSiXdtlKjMfjNxBlDxEfLonrDjZ/jGBzywv82geAjy9AIJGCXqfjnlSY3wFQTl6/378TjUZLSPAICQ+DweDh0kF+++WCf8VAwJ29Pz1wcBW4C0LPphCLxZ4i4XONRsMWEK60crm8cnHz6C1s370HwsY7mJx24CcKMPzOhXINqDN3EIlElo2yGw6HVw4++64dXBCL9jcUMw6P04Lhtzkcd7n0bMw8I87bzgXfxuPRSXuHSxM6mstQSPXmdm7+6heR5oijWAuHSQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVDjLzZPdS1NxGMf3L3TbXV5EEN5030UJpTdClBBKSgh2Y5cyW0QXISY2eiGxklYgGoaE2YtFdTjHvZyO25i6uReOuRc3T7TNnOFOw8bHs2MmZUEQRRefm9+P74fn9zzPzwJY/gTLPxUsjB04Hh06ifq4i+m7R5jp29/82+HFiT2NmmBlZfYpfMrwcXYU+Urte/PS4XDUGLw14Gc8G+4gF7pIaXEcTeylGHzEl4SL4L02fUsQ9vtl0mnVJJOpML9JbITl0AXKRRfFd+3kp84SGWwlMHC6PHXj2N4twYd4PIzH40KSJBOn04lX6GM5eI6yLrM234KeamI1bCNxv54HA/bStyZuCiIoimwG3W430lgvmtf6NdyMnmykEDqPeqsOLSJWnqZ/J0gmY/h8XmRZZnL8KuEXHUbZk+jxVj6nTrFiVKL21zLnFclmMzsFqZRKIODn5VA3c89tzExcI600sBZvIj/dSex2vRmORiPkctq2oNJlQXhlHC6Rzy/xsKcGVhNE75xAsO3GbZTssR8lu+CjUMga5ExEUTAnZPlxZJfaqinJNykp11G6DjFyporB/h5+NeIdC9NwcJfe3bJv/c3luvXX9sPSE2t11f/zF/6KYAOj9QWRU1s5XQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVDjLpVOxSgNBFJxcrkmC+AV+gP5BwEKwtLESW0mZD7CyEyViJVhbG7DURvEXBAsDKgpGxIjIecnF29t9byyyAZu9wkz12HnMm3m7WyGJWRC3Dq7aq83FTpKzMcwyqFNYVczHNrvpDc5XmktrXz9siAJpksCKYK5qs9u7t+3T/fXjysn1q9TrtWhqhCSUAAkMR2PUGzWoAkqCBJST+qF3r4ft5Wo8toyy77En/zQpoSRSk/kaEH+mCoxyiQAARxcvDGHv7DnIbe1ekiQiUQ0uyIkEucJaAEAkUiLgwpzNvUDhyqa4sLiZcFHplBJxN41QNsWWOXDegTFFsMnkJixujI9QlOUMR1DxDopC/hVhentx//Gp2+rkG2IdksEHnDioE4goqOxv7uQLUjiIE6Sf76AI/NPpAkBl1t8YYUb8Ao9lHyy2IyRjAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLlZNbSJNhGMfnTZddJHS4iFJzdhFSRAc6WClJNmbMZrA+0x0+dQesXGpTnDo3aylmSToSgqiMqNTmFC1aOVMHuSG6DS22SK8aMQPZwanj375vMPuoC3vhz3P1/Pi9z/u8LACsqampc6MtJD6ocvBOtBcsFuvwBrObak632Wz+z9Yx2K0WDBelYW1tbUOhISqVapPRaBS+vV2K8a5SDBemIRQKMRIIBOD3++NZWlrC6upqDMA0GMEQwWY0+3w+tKvL0MLZCm3ONqiILHyZm8PKygrTYEhbirGHJRgSsLG8vEynpnselZUN0HN3QHM+EdpoLTu5GdcLL6wD4gYTMYPBS2yEw2E6qqfzqMo7gTtkBh5X5qI8exeq+ftBZiYjGAwwDQYbS/CpsxgD+ak0nUrVk++olpHwOYwIzprw09KBXy4TepoKooBg5J8G/Xmp9IAoAHWNtvudGDdIEXC+QGj2DTwmHWqUCiwuLvqjgIPrBvXFGH1Aop+3J95M1j8HJzcPdTo9tEoh2m4Kobh6A8VSOe62tiIhIeEI02BiBMbcFBpgNpuh092CRCIBn38Rhq5HGBh+Dy6XC5FIBJlcgaPHjhviBqZaEpZ2Cfo4KfQAv907A8szHdSNeiiV5cjn88Hj8VBQQKBILEW3oQme1tMRhoEtatCbk0wbeAfq8bKWi8tiBfR6PTQaDQiCQHNzMwiRFGpxNjwdXM+6QbUEH9tE6M2OAcIhP34sfIW6oQlyuYy+ikAgoGuJ4hoW3C5kpO88+5fB66wkRCIR+iWoQVKrS22jy+WC1+vFnye+BxUVFUndnH3ou3IIrzKT4Ha7MRddV6fTiZmZGUxPT8PhcNB1cnISdrsdVqs1BqBAVISpW07VHdiukbATyf/5zr8BNamLpjmUSloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL5SURBVDjLjZNbSJNhGMd3KdRlN90E1Z0URVfShYKKic7ChFRKyHRNp3lAgq1ppeam5nFuno+JJ8ylzNMSRec3LdFNm7rKPuemznm2nMfl/n3fBw6tiC5+Lw8Pz//H8148LH1VvBNFDIWCgqSwUhxNlETiQ94D9IluHymEbtbGuGtk5eOLClnIuZjcwLNOAFg0LGqYmOsSwzwkw4q2Amu6GqxOVMMyUoZFVSFM73NBtokxWSsAkRcKOd8VlIBwCKZrn00cC5bHyijKsTRcgoUBGea6c0C2ZkDfkAxtWQJUWSGMIC/k/IRDoP5kdB5T9+NbVymm6pMwIgtDn/gOqLVBrY0q7mUUh11AadQVNKQGoFSaDmldl7NDQD99M4fdY/MHWNu2Ye/Qjn2bHes7PzFl3sOocReGtQOQqwdo16xC2mnoPg47BDTK6d13yukd+xw1bN0/gnnLBv3SPmapoPrrDxQpTfaCDoP8ZPiUgKZV+92lTbtFfiS3Ydo4ZMKd4+soVBpnJB2zLr+H/xAcUz+0MqgxWjFq2Ias26j628w/BY1Dy8Pj81aMUQJJ++zgfwvq1cs3mwmT6U1zO7KyslFZWYnUtAwkl/ctCKUK38TERJLupaWlbfB4vKeurq5nHOHaQUtrE7Foz5WWIj8/HxaLBSRJYmBgAOmvc5H4Kg/6z1+O6B5BEMwMm83OZMLVqiVlj24d8s5eCIVCaHQ6iMXp8PPzA4fDgUQigUAgYGpfNtseFBTUSUsSEhK2WA09Oue6QTP6pzchysyBSCRiBDu7e7jl7Y3e3l5oNBqoVCq0tLTA3dMLvCTZDVqQkpKyx9zCpLIYxLAa6ZIKxMbGMQK+8Dk8PDzh5eUFf39/Brr2cHfHwwD3TVrA5XI3Tx3TiCIDnNBgFOTnQP62CXK5HEVFRYiPjwefz2dqutdUV2PLzs7epL6oZ508Z21xBNny8t5u8F1fcDmP8CQqEtEUSfev7r8IvGSO5kXYoqJ4h+Hh4VYfHx+Dm5vb9V9HN9N1j9T0nAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI5SURBVDjLpVM7i1pREJ7rYxXFiKjxVYhIMBhMbWGbIk0wasCsCCkD1vkR5gcEmxSpsrLIxVaQCKYQRAW1kgTxrVEUn7i+bmYO3MUlkRQ5MJwzc2e++Wb4LicIAvzPkZ072WxWgYCv0N6eTqeneD9Bw+epjvcPvD+jZf1+/1Gs4UQGWOzG91ej0fjcbDaDWq0GlUoF9H0+n8NyuYR2uw3j8fg7xsLBYLDHCimBLJPJfGu1WtROuHT2+71QqVSEZDL5RayTiFTQeWYymf45s81mA2zy8o8dYJAhjkYjUCqVoFAoQC6Xs9hms4HpdAq9Xg+cTifLvQggk8lgNpvBdrtl/uFwgMViAXd3d+wbxf4KIM4klUoZA0omw7kZiLhsKj4ej5cZULJYxHEcSxZjEonkMgMRgOYtFArQ6XRAr9eznbjdbpZTq9Wg2WzCcDg0xGKxD/V6/dMDgN1uB+l0mvnRaBTW6zV0u10GSOChUIgtdjAYcKVS6SPqwngvpFQq9QuFY8zn8/Dm+hpSNzdQrVaBROXxeKgIJpMJdQer1brDBlc8z8/vGdCsxWIRNBoN8wOBAPPD4TDodDpYrVakQkgkEuBwOBaYYtBqtYrzEd6hZHlc1hX5NAqxi8fjTNZ0aCRqVC6Xf/p8PgPqYsud/42RSOQFbvzW6/U+QsVxNC8tsdFoMGHZ7XYgtWLOFJcsyeVywwcALpdLarFYPNiRxzkfYxEx5FCF75Fhy2Aw8OjLUVTHfr8/RkavfwO7WaXhrjM2EgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHvSURBVDjLjZI/aFNRFMZ/Ly+GlCYlaMF/1D+4FQRJREigk7OiIAguHSwUkrkgLhVcpIurQjdBcLAITi4FETpIAw46CGIHJ0tFamlt3rvnfA7Ji2kTwQOXe4b7/c73HW4kCYCnc+engU8M1/b88kaFf1T05O65KvAAuFY6epw79xfZ3XoPwPjkFZ4t3uP37i+A58DK/PLGy0FAHli5euPmmbFSmfTrByRhnV0AJDFzcYrcyQtIuvXm1evrwBDg7FhpgmRnk+CBjRePQQLEltoIsb/5jeLk6QJQOBwhD4AbCoFc5QRuAckP5tzfI9neG7mDPIDc8RDwtIOnnZ6D/6seIOCW9ie7Ij7+mGDfYlB3F4oKfD8yTavVWnJ3zAwz+9wDGB5SsICbkYQc8dgkt+cekiTJ4aELkojjOG02m0t9ACFF5ig4bsLN6XQ6rK2toYFIWV+v1wkh8NeBOR4cD4ZbhJkBUK1WDwizXtIgwPHUUHAUDLcc3hO02+2+eBBSr9cxsy6gO70L8CwChqSRDrLqO8CEp97bgSGL8CgAsL6+PiSURKPR6Dt4lybJzPipKeRC7uRTiH+WkUStVhsSZ3cGePR2dbUMXMoeGXl2KpcpFotEUTTyA8VxjJkRjco2OzubM7MFMzvW+zD94+6D58sfRXpka4kRkDcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHySURBVDjLpZNLaFNREIa/k3vTR4qKFdpaxZhFfeBCUEF8oaAiulIkoCtdFATBRcWFG6EgCG5VfFBduBVBFIIQHwga3GlREJVqS4OhrRKjwdxc7z0zLq5JGwwSceCszplv/n/OjFFV/idcgKOXXg4BSWArsB5UUQyixGKGmAERQSyluKtjK5fO34Aopw6uMqgqRy6+GNF/jPO33qiqRgqAbQA3csW6tL8ZG9zSzdvJkl+3gGhf7XKgpx0AY5onv5v2AfCqQVsdoKqJWtX3M35LzVNrzSxA1K1JazXECnMBBiA9/IiqCKKQObub8cK3psmp/gWoWABiESCiffECNq7upeiF9cfzEm0Np24htA0KAChXLYEqFT9sqBhYpZQd4Wv2Gl5+jHzvEtbGdwB7I4D5rcD3A7zAYqtBA6CUvU4wept16UHaU2vwXmXpfPqQB7viJyILc3692WTPZC4wsP0AHR+eYG4eJvHxDqlkN2p0yAWQUBQwAPdzEw3J5cpPwqlJOvpSsO/k7A4ML8YRs9wFsCITQOr11f1/dBsg39NPZTRD173j+N4UFaD83cE6FKJJtHI3febxClXdhMhCkRBUULGohGzu2knb82ckF3XiOnHKn0PGp2OqyGXT6jrnDi07/aNYOOZYk7SOflK4sicbnvsFhzwbXdu8qEIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLlZNbSJNhGMfnTZddJHS4iFJzdhFSRAc6WClJNmbMZrA+0x0+dQesXGpTnDo3aylmSToSgqiMqNTmFC1aOVMHuSG6DS22SK8aMQPZwanj375vMPuoC3vhz3P1/Pi9z/u8LACsqampc6MtJD6ocvBOtBcsFuvwBrObak632Wz+z9Yx2K0WDBelYW1tbUOhISqVapPRaBS+vV2K8a5SDBemIRQKMRIIBOD3++NZWlrC6upqDMA0GMEQwWY0+3w+tKvL0MLZCm3ONqiILHyZm8PKygrTYEhbirGHJRgSsLG8vEynpnselZUN0HN3QHM+EdpoLTu5GdcLL6wD4gYTMYPBS2yEw2E6qqfzqMo7gTtkBh5X5qI8exeq+ftBZiYjGAwwDQYbS/CpsxgD+ak0nUrVk++olpHwOYwIzprw09KBXy4TepoKooBg5J8G/Xmp9IAoAHWNtvudGDdIEXC+QGj2DTwmHWqUCiwuLvqjgIPrBvXFGH1Aop+3J95M1j8HJzcPdTo9tEoh2m4Kobh6A8VSOe62tiIhIeEI02BiBMbcFBpgNpuh092CRCIBn38Rhq5HGBh+Dy6XC5FIBJlcgaPHjhviBqZaEpZ2Cfo4KfQAv907A8szHdSNeiiV5cjn88Hj8VBQQKBILEW3oQme1tMRhoEtatCbk0wbeAfq8bKWi8tiBfR6PTQaDQiCQHNzMwiRFGpxNjwdXM+6QbUEH9tE6M2OAcIhP34sfIW6oQlyuYy+ikAgoGuJ4hoW3C5kpO88+5fB66wkRCIR+iWoQVKrS22jy+WC1+vFnye+BxUVFUndnH3ou3IIrzKT4Ha7MRddV6fTiZmZGUxPT8PhcNB1cnISdrsdVqs1BqBAVISpW07VHdiukbATyf/5zr8BNamLpjmUSloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIHSURBVDjLfZKxa5NBGMZ/35dEamtFMkgGpaAVQcTRLp1LoYubi6MOgqiTZOrQxYKjOIh/gIuim5YqdChKl4KbQ0XESoPYaGq+fHff3fu+DklM2lRfeLg7uOd3z929iZnRL7l9y7hwkbi6isWIiaAhoL2xMj+PvVlj4u1K0veUGaphkw0ZNcbuOkasCMOWA4AQsRhR79EYu6AY/87LhwDSfYAiYN7D1BTiPeo94j3iHMn0NNrJsaL4T4IiLNH+sFhZ2KFy9Qcc8aga0knR3S/oWrO751+A8p332+bSNmfuHmP8PEZKqjlJaKF7HynGHrZ1wW0Pe5L+L8R3p2YwXjL9qGal42hsQvyNSYaJgyQBCbQ36w0puFK7Zhv73sAk1Dl9r2blE1j8BZJj4nrKUP8d04yxczdrYY/6yBU0FrOliUtY3MPU9eR7cph20PCTdPwkIWN25BdUpWppGdMc1PfkBhIH0gYLxILqKEAULIIWg+j902WQCPPE4pA+0ChNCy3MwoHobgBBkaJDyGmOAoJbl90NkqS0P770Rguk6VHyna90WqyPAMSx3N6831C3C6UxzCImvSQoSXmS6BI+PX/VyDOWR/oAYOdxckMCS5OXr9cq1bOQGBYzpGiRfdti6+nrRp6xOPfMnhwKAPj8IJkpWtSjY1Yi1eDBdWi6jHURludedBuoX38Av56vLTwJJBoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALZSURBVDjLfZJrSJNRHMb90Jfoe+GnPkVBF5GKJIKS0gqFbnTX0swaSkqWTdJIBXXqygtMFPRDC29lmuYlp6mgeTfzthTHnHObuoub0/fitvd9Ou+KpWYdePif97z/5/d/OBwvAF7rRWk/hlCq8gZqqkS7PJLH2AZSWWvXM4ul/dHIUqc4eXO/Z0Nrarxp9YcmVtcEp7kHrpUf4JhZ8KwWLtsk2JlGWFqisVBzTW1uEx/YAKBm63asTsv7HaZOcGtaIg0xT4Cjh+Fa7SPqIWdK8A4T7P250MlPWxbbEnZ5AKvKwkx2rp406MGx06TqwLtsAL/mFu+yEtgonMv1AGeB8VM0dJU3Gj2A5SGJzmkdJb3TZNIMeKeZmJbcRrecJvJPQwCfiSrA6gegyvdjPIClr4lrHD0DF9ULFz1E4itJ7DG47MPE0E/uoAtOuwKssQCMPg7cqhaTmb68B2Bui51bW+wj08fBzCWRCemw1obB2iCCtT4C5rJgMLpUUKqbcJiywGgHMJV9+E8Cc0eCxNqbTeKawcyKYSzyAT0bT/QUlFpE6hMY0rdjZSIQPK+C/l0s1EXB7R6ArTt522KDaHJlvJRcoAqmN35uM62LAqUNBa2Jw0LeTnBUB5a/VUGZvJfVVcfu2fAOTF8SfOarQkwrY2WwVUf+ApDJgpnWPEZN8WXEF9zGg9cXEJLmz5xPOJS0ASDI2Bx/RF0ePm8oCQTTFgTOcBac3h+1lZeQ8j4c9eMyfDcokNMShes5B3Es2lvqtflptpenBclSIhxvZc9RmHUc0pdHcSc9ALVjuahV5kNY0tZI5LQ+FADMXwBBL8Qirby0DHJ5BQqLShCc6IvG8WKsX3WjMgGALQHimLvdLa2tMBpNGBwcwomY3chW3EOGIsxtzmgO+3+ClnJJ6NWL56iAgDO8v/9J/tSt/c4r0n14pbjvnixU4XvLO/iXSLOEyC7E/l0lwvlPxOcI8qKVSZYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJaSURBVDjLpZNPSFVREIe/c9/r+tD36vW/IA2rTUYlZbp0FQTRQqmgXFW7loIra+NWCFxFENQmgsyEQnGlSIFUVIsURKuHBZmlWWnee985Z6aNaWa0qFkOwzczv/mNUVX+J9K/J9yAyarSrMIxEWpVQYUnIvSpcCV3Qud/rTe/TuAGTL0KN0xFS6XJ16LhBlCPRtP42Rck4+0FEc6tb9DBVQDXbxo0X38v2NaElq7DL4wiyQzqYjAZgswejA1I3naSTA02bj6t3UsA2282qDKR2n87K8E3fFwAO4e4BPUx32YWePk84kBdJfktNXwdOj8vws7tTfo5AFChOdjZmtUQJCnQdfUZXdfH6L45Ab7I2MgCmRLP8ONxfPKa0r2tWfE0L4kowvHU+jp8PIy6iMYLu1EXoz5BbcyhGhBfRG2M+/KMcOsZxHMcuPQTUEXJWiT6gorlzcgmTDqHQUEVWNTJOXbk7wMJ3lO5NIEKkbo4xDvwRcqPnAUTrjiviqc0v525x12gigip5RU8BWxUDSEqlmy+jCBTsco06mNMUIr4NDbhFUCwuEKPnX6BCStQAff1EahbBbAzg6TXHiSansAW6VkGeDoWRtrmcTmCsJzixwckk7eR4qfFzhHFqV6S991oyUEmH7bN24SOFUb6dMecTG8+2pmpaITUHG72KT56j7oYk86RylXj2cXsaC+zY32nDrXq3VVWnrxljornWllVS2W4cR/BmgDE4RLP98kxPgy1F5zl4uFL2vfHXwB4d9NkxdMiwjHvqXVFcJYnztLnLO01l//yTP8SPwD79F9Uvnnx1AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIJSURBVDjLpZM9SJVRGMd/532vetOswQgjSoW2gj4Gh4ZoiIKGwGi4EtQQ0VxLQhAOEW2NzUVLOQRBBioUakGT5CBiGhZe8aameLv3nPc9H0/DvX7hHQSf4ZzDgf/v/3/O4VEiwl4qYo+VWT/I7EdxxSVEUsRZxFvEpYhLEJ+ANXhnEKfBGg5ef6W2A7yj7lRuh4MIKKgugMBKX/fOBMlqnn0iSNCVCwUiAVAImwQVNSBW12jBOUK6gCt+g5Agklb2kEIwSDBI0NQf6iLYcg2ATwCHBANiq6KtYoOEMohD0hoJ3L/lSuRtzpoQTBWiIeiKiSvtBARvMD9GcMk0+BTE4c0a2bbDFedgEK9BQu038HoZt5Zn/5mbQCCkvyiOvUF8GaRMYXiawvAk5fm3RI2K7/2ZnssD7tkGQIlg/4yzMjTKgfN3UUoRxG6IS1OWs7mHNHScRI8PMDEy+GTwUl0p2vrfzZ23sauLrA4/r4oN4g1zQ2OcuHiD7Mxn1MtuGn++o72tJRYl9zcS4Awqjmg6dwc90U/x63viltNkWy9gl/rItnbA1QebvfceIQ6qXa0P0+LraxJsgjiDWI3TBSAiUoqpT3N0dt2i6fcHEr1AGSiuxUzOkFe7mcbR3NHe+uamR8daXCYTzVFcdMwWYm+NPFa7HecvueM9pb/z92Kv2nwseYEXVwbc0/9TqFA0aM0H7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLxVNLTxNRFP7udDp9TCEtFSzloUBwY4FUF0ZjVDYsTDSw0/gjXBii/gk2GjZudO1G4wONK40CGkQSRKTybqGAfVHa6dy5M/d6WwMhccnCk3yLk3u+L9+55xwihMBRQsERQz2crK+vX3Txyn1SyfXDMnyE24AjwR0Q4qLQw1M82H4vGo1+3OeQ/RZSqdQTV2XnhkKzmqaoYJaJQj4P27LgcQGNdTocRmFzyWiJv2zqil0/EJDkt67C0oAGhtTmJpLpHEwSAPNEwBwCy+bQ7W1EsYlYWxiKdMSjvbPhniu96tra2ohmbAxovILZxCq0E5dh6M1g0jllAqYEZRw7lhRp1ZDdewW9tILAykRPingfk9Ti7BbJJ47viiC645cwNm2gYPAaefhWH4TgGB79JoU4vG6Cu0MNyMx/Bv8+hkzJtlWWW27yRfrQ0dhS+4sq0aAOqHQgOK8JGJbMKZf9/h1asPssyv56sBejqupuinEtEHI5jgNFURCuA5JZB6a0fPvBF1BLClbsmoPT7X5wKVqrbWhFqDMmFFHcKLLiNmzbBmMM7WEFAY2jbDCUJbFsMpQkjgUI4ifVWk21lqaXoBQ2mMJ94adi6wes5AxoMYOw7uBcl4JTEQFVULhhId5GcO2MJtuUEykXQRc+gb1/hLTl/VobY2JmctyfnTvvUwlEqCMPvdGEHrKgevj+wlTrxO8VL1+ebLaSc1gwA2kj9bPlYJGmPrx7bm0lrkbIrhrwewFPPbjbj+pzdSPtUh7YXsRqpiT2gp1T9NfEhcGR1zY5fEzjo3c8ud3SIKV0SJrp1wgCLjiS7/CKaU5LPCOcj918+Gb+n1X+b9f4B22tbKhgZZpBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMGSURBVBgZpcFNaJt1HMDx7/MkbdMkzZK0SZxLmlZc07pN+3KoVcEdehR0ysAd9OZBvCmIIIhMPMjQswheFF+QIVitJytTRi0r2crqbE1dbddtVdq0WdbmyfPy//1MQRS8+vlYqsr/EX767elkvif+QyLankctUMGoYnwf1/XxfR+v6eK6LoHjYpoOntOktrV7e31pdTJczHYtThwr5PtzaQ6IKgeMKCKKUcUYwYhijMGI4hvD5YVf0hfc+lL4SHcsn4mGqKz/QWAM5cU1Hh4bZP5KheHjvQS+cOXnNYaG+rh4cZFCXxZjhIH8ITL3HE6FLQtElbaQxc6e0AgsGqaNnYbP93MrGCOI2nh04lrtVLfrFPMpAhEsy8J68+NZtQMHWxTLDjExWmLXa8eIYEQRgcAIgQiJcIOZmXncvSqB57N1q06oszR5PW7vjUc7aGRzmVgmk7V+W/mVlcoKGxs32LixTnTvJ06Ep3DjIxCJyd3a9tXqnfrmcnnuVUtVOfDSe998Ov5g/5nB+4ocikcpZW0OSOBw69IbxLLjLK5uMl8boTy/OP3ZuRefoMWm5fRbX/V2J+OncpluPAPxDv5RW5umMz1M4vAIqf1ZCgmHtnjPI/zNPvnK55azUzs/2J+LYIXBsklELA54d29SrUzR1ZPE1KcoPPQceWeGviPx1Nijr71Oi33h3Wd1cKh/LJVMsVnzMSJ0tlmgytbSF6TvfxKal7n00SfEkw6xWplirEZXOnmaljAtTU/sze0a1zf3abo9zMxdIx0s81TfDpn+DKb+O6hg9ubpP/ky1W/fJ9peaqfFpiXwfXwjeEHA8upN7uw3OabfkewdRhpXUXEYe6aEeLeJRCocPTHJY4WNo7TYtDQ9D8fxKPR0UMxEmEgsUBoYJdq1jQZVsEKUv6wAgjQrZAaKjCZXQj+ePf6Apao8fuadpdy9ucG2SAwxAS/kPmTi+Q8I2WtosAso/7IJdZb489oCla/PnrdUlf+aPTe2rUaiKoqKoCKoCCqKiqCiIIKqlv8CsLWQKDaepcQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANhSURBVDjLfdPfT5V1AMfx93N+8GPnOYSHhMM5KCEcE5eA0ZAxGm2Uc3O12VV10cZFXhTe4HBu5eyiNVaRcxY012xjtS5QsezHpnPNMlQaRNAhwKNUIiLE4eA5z/P9Pt9znufpwtz0pvcf8Nrn5qO5rsv9jky+rVs51SWV2iWVaJLKQlpyREj1vVfteLfYfSn/w5ejJg+k3Qd6Jw63WVn12ZPFrVVeXwFZzaa0cD3X5qc4Hf+yP6p9MqmyuW6l7I5P91ZffAh4/7dDezb6a06XBCLcUiuMZ6bwuh5a9O18ceV4sjC3pymoPTvSVKOH4n/e5a/bmRcHD9QNAXjeGz8UkkoOlOobGcvM8mPqMqnsGjWFldxZvIlhiLcCbvv+zaUFobJ1BcTKdYRQAzsPDocAPKYluhqL2/SEmGfKnMHMSdZ7Q+jSz5mJk+NR77GrUmT31mwIML0gCRXlE6sI6tIUXf8Bxm6vP5/JzDQqZ1Hk0akr2sLI7M+ItNyXtXxHGzYFvSrrML+imF20CJcEkELuBvCZQm61tBweNBr0J3gsP8rfNxKMJkZPVAUHIkJYjdGSQi7PmpiGjXHXpjbqx5KiCsBnCFOUFTya1xp8ijsLN+kf601ahjp6ePX5vpm1Ud+5wOOJpVW5zYeGaTi4joOlfCghvfcWmGLulz+GG87+PrRsCavnwO2KwfZk4FXXjM88bY4+c3ZrN9KyMU0XYdiUrPNzaymDskTiHmCIz7+aONV/ZD727eY1b5driqnspg26NnsdJ51BCIEpbXLiAuGiiyiZYtkQlEUCa/AavqFEwwnXFD2uKY5lqyvzstWVOLaNb2wSDAPLtFhNfUc4PEJjbRMVoRg/xM/g6j+1NXdGPvC4GcPnpDOvWDsa81SsCjEzjWMInIyBbQgsaZJMfU3Dlnpsj019+XPYWpbmbS0Ab3j8H/ctO2mjQ7s6CvFp/OFyHGFiC4EtJEpIkulF/JrOC7X7ANjffpzq0jqAAg9A4anBk+7MjZ3eb87PceESTmIO25TY0sJSgn9SK058YZie8x0A9Jzr4PrSBIDUHnzjam29bluq21Vql6OyTW4uVxdOLkw2d0beqah65M2WulZi4e1cW/yV4YlLzM+t9T4E/F/NnZEe4HUgCKSBvisfLRz8F8J11bR5XdMKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHUSURBVDjLxZM7a1RhEIafc3J2z6qJkIuCKChItBNSBQ0iIlZiK4gWItj6HwRbC7FRf4CVnSCIkH9gJVjYiCDximCyZ7/zfXOz2A0I2qVwmmFg3rm870wVEezFavZoey7Q3Hv+/Z87qDsiTlZFBJIGKStZlFSCTpyUlAZgfXXfH9BAPTCberVANBB3RAJRR8wp6jzd/DotALA9UcyZgZxis2QNijpZjSJBVqeIszTfkMY65cAjuHxmgSzGlbUFrp1d5ObGErcuLLNxep5hU3H93AqjYcXti4cZZ2OSDU9CnVURddqmIovTDmoev/5GVcGDF585tjzg1JGWo0tDDgxrThxq6XojieOd0nRZ6dVpBxU3zi/T1BVdViKCcTbcYX11ngB6cca9MSlGlprojHqcglycVJyHL79Q1Jn0TgBdb1gEbz9OeL81IYsRAakYvQSeC/WvVOiLE8GsM4xnvsuGe/Do1RY/dpRenIP753hyZxURJ3JQXbr/Lq6uLfLpZ6aIk9XJssv8VK5dNcQcmcl7fKVl89kHmu0dJRVjYTRHGVSMpELaQLVCtEY8EAvMHHUwn067+0LVybtvok9KSODZiaKEOJENihPm01gD3P+62Oq/f+Nv2d9y2D8jLUEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJbSURBVBgZfcE9iFxVGMfh33v3zM7uODMr6iaoqJWypBELZfEDCy3TWElQQRAstLKwMJ1iJVqpaBdCyq1tLCVWsVhihBAwyy4SdWMyc+fjzr33nPP+XWEkW7g+j0niv5z/6vsvhr3eG6OF1swMMzbklCyZOU29uBA4wbDfe/Ods1ubvV7fuGeDpVkT+Xpn9+3ACcqKbq/Xt+u3Jlze/5CN4V9UbeTg8EGef+RTtrcexWzFAicwY5iA5E6/f8h65wGcBl/d589Rhcsx0zBwAomJxMa0ahnVNVlzZrHhblUzogEZEpNw47tnd9eGZ86YFdwjOsVbKxJMa2f/1pN49xqzWDEePcFTp7v8K5iKrcdevNAxMxBHBGakn3/EHcaLzNOnP+KZ/Q/45cYB45c/J8WEADMbBpJqvO02f3xDblegGGI2AJ3CEFd/e58YI1falvbhDu2114kxcu6FK0gQiFbIW3K7ilz44oDF7T3OWsWdS3u8xzErwHqA9UCwCFIZMK15WjD//ZD5zZ9QiljosnXuIimJpolg4A5FARbuY7HzCl/u7Jbz2eJiIBaE9VNsbp9nc9v5h/KENPkBb/aAiOIM5TnyirXHP+ZX4JN3X7qfI4EoKdd4dRXlklxdB0WQI68xE8pjlGcoVyDnuECD5AmPt1EqwQLKM1ACNUgFynM8TVGeghnHBVrJyCjdRWmM0hjlEqUS5RKlKcoTlOfIa7w54EjNUlDro1Td6cXZ6gAfFFIHfAB6COUGaFHRAC1WZHJdS603LAXVzWc3v33tOcSrGAP+jwC73OK6xNLfULttUqzYsnAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADxSURBVDjLY/z//z8DJYCJgUJAsQEsMEZ5efn/f//+Mfz58weOf//+Dce/fv2C0yC8d+9eRpA+RkrDgAWZ07rx3ZVqfyEdEDs2NvY6so3o+MyZM5pwAwL67msqSLCv4WFjgTsHqEgRl2YQhgFG3867mpJirIs0JdlNmBiZGR6++c7QGyXDSKwXwGHgWHldU1KOYy03B8e/2YmSYC94enpegdn28+dPuM0wbz18+FAH7oX97ZrXgZRW9MxnV2Am//jxQwXd2cixgeICqsSCt7f3f3yBhpwmQPjz589UTge2trb/sQUWsq0fPnxgxBoLA5qZANTo8jopO/z6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVBgZpcHda81xHMDx9+d3fudYzuYw2RaZ5yTWolEiuZpCSjGJFEktUUr8A6ZxQZGHmDtqdrGUXHgoeZqSp1F2bLFWjtkOB8PZzvmd7+djv5XaBRfL6yVmxv+QjQeu7l25uuZYJmtxM0AVU8Wpw9RQU8w51AxzDqfKhFjwq6Mjdbj1RN0Zv2ZFzaloUdwrL2Is4r+y7hRwxs8G5mUzPxmrwcA8hvnmjIZtcxmr3Y09hHwzJZQvOAwwNZyCYqgaThVXMFzBCD7fJfv8MpHiKvaV3ePV2f07fMwIiSeIGeYJJoao4HmCiIeIQzPXifY+paJqO4lZi/nWPZ/krabjvlNHyANMBAQiBiqgakQMCunbxHJviM9bQeZdBzHJUzKhguLJlQnf1BghAmZ4gImAgAjk++8jP56QmL2GXG8zsfFCz8skA1mQXKbaU3X8ISIgQsgDcun7FL7cJjFnLUMfLyLRr0SLS4hbhiup5Szd19rpFYKAESKICCERoS95neyHmyTmbmAodQ4vGpAfmEn6YTtTahv4ODiRkGdOCUUAAUSE/uQNfqTaKFu4jvynJiIxIzcwg/SjF1RsOk9R+QJMlZCvqvwhQFdbM4XvrynIVHpfn2ZSWYyhzHS+PUtSueUC0cQ0QmpGyE9197TUnwzq1DnUKbXSxOb6S7xtPkjngzbGVVbzvS/FjaGt9DU8xlRRJdTCMDEzRjuyZ1FwaFe9j+d4eecaPd1dPxNTSlfWHm1v5y/EzBitblXp4JLZ5f6yBbOwaK5tsD+9c33jq/f8w2+mRSjOllPhkAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIiSURBVDjLpdNdSFNhGAdw6baL7qUuuonA6Cojoiw6qwth0VUsDIxKggohIXGtpA+1DxQhwoltsXKjNpbruC9q5jypMwf2sdlqbc120ixzfqzV8Lhz/r3vWRw0yAt38eeF857nx/McnlMEoKiQ/Pei5ayluP2YnzUdeZd8XpMWzef4hRtV24zXNRtA4iQpXxGwMvPSgFbEzHsJU6+BoTrgUVUIi9lZ+Bq2y4gM3DplWePdK3R59giCu0yAk4TdLeCjXUI6CWRTQJoH5hJAn8sEvqcJ5pqtFDguAy0nrGtd+3L9Yy5gzAt8Iue3IJCKAJMvSWEc+BoAvvgBfXUpxrlWtFZupECxDNyp9GxyqMQQBQIXgUEdEDHlsR9hYJpkYpA8M4uwa0sRc1TTYigf0aAJHGLV4BNuMmc9yRXy8n0g6QNmoqSLYQL0A7GeDPqaGQJfWg48PBhrjNowP2oEgg0kTQTozLecmQS+j+S7eOVNImy8gKHbBygwqgDdqp/dCSdytHWuFggbAL4XmHpDxnBLIqfL/uZqc4v+q7N429aJJ/U7KXBNATxMbjj+GPj8jOQpaXcA8J0UYVNlJPZ8fCRqFTVcY+peyfrNCLVr0XG6hAJlCtBx9MVdm5r/5WAyUheTlizlEwv6Ci6wdCdIAWM4swWRB4eXzb/iIv0D3GQv7yoI+BDUqwsC5OLe5v3KCq8KsOt2UKBuNUDb37+QnuuW3v0BGUzmBpilPwcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ4SURBVDjLpZNdaM1xGMc//5fDZqTZ2c6Y9mIkmZelll2hlCVF3FDKlZRyQWJXmsKNCzeLcqdE5D0mL/M2s6HlJSlhs2Rv51iYOZ3z+/2ex8X/zHZJfvX0/J6b7+/zfH/P46kq/3NCgNNt3w6ost2pzBYRnIAVwTnBiWKdTAiHs4oTeX5467y6EEBUd22qmxb/l5ebzn1Y/IfAicQBCi7uBFVwFsSBMdE9mwGThYwBYxhtvIcxbvIEgTEfFGYVg9go1OZEMmAyYLPwth8AY924B85JTsCDviSoRCQiEYkby0AiAUA2J4Cq0nyzX3+mjZ5pG1RV1XOPB1RV9fyTqL7QEdVXOqOc/J7Wbceeq6pGBMYJokoYwMWOIYLA51LnEGEAV58N0T54iEdXBBUh1tXEgrIpZE1E4I+1oEAYeGyqLyH0YePyEmI+rK8rwfcC5lfPxfcD1i5LRF9rZdwD4wQVCH243pXkWeooT1sUVSV8sR/f94i13KHh1Utam0+iRaUsKVwH1OcErKCqxAJoqC2mowXmVFTS3fuJhtpi8p6WUTTcxbyte5lctZD069tMb2vlzurYLh+iqQMIfI+7r1IA9PT24uFx73WKzP0TzF2xgbyPD/BObWFK92WqKgpRT3eHANbayAMfVi2KEwb7WFkT5+GbFCtq4rR+/UxeaRWs3TO+A00zCcSrHPdAlZryqfQPp6lO5NMz8JOywkm8+/wdnZHg18sbFFzbSSY9wC9g5EeAC+jLDZK2Hzz7fmnWSYGxDmMdzgrGCdZZ6ks3MrXzFhUz8gmDGCNJS8+gr4oc9/52nds3lzeODvftCJxX4QL9onBizW175DdAmHVGgBeCfwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLlZNBiBJRGMf/r9FZc6lcjLBQdzaElI25LNWhSx0kiD1FUMEegyAqakHYS7hG7C261TEQETpEEoRgS7QDRXgQkShmrVCi1W3JUMcZRx2nN4+0kDlsH3x8w8z3/d57//k/YpomJiOZTAYNw9jo9XpCv9+HpmnfFEWJJhIJebLXAZvQdf2h3+8X3G43LEClUgmUy+UH9NPiZO8eO0C73fbl83kUi0UGcLlcaDabQbteWwBtRjweJ7VajQG63S7LXQN4nmeVEMIAI8iuAVQDxGIx0+PxgArJ0npnF7YiUsUhiiKcTidKpRK8Xu//7YA2m9aKsixDVDu4uLONjZMLx3H7Zo7mVdsdpNNpgRZ5OBzyNNn5A4EAzpgD+C5dAdG7pFepRj+nn0bXlpaOpFKpe0wny0jWMK1yOBzms9ksCoUCqtUqO/eqOA9x4QS0nyUom6/R/bUN1b0PZW1qfXm9FmUAStMjkQhPAWi1WmyQum+c/ffPMFPP49jZC5iam4dWyuGD9ApN+dMtdgTaxFPrIpPJWCZigqmqOgac/vgEp27chevLG0C6D/cBD44Ksyhsmnccf0RjqzYaDfY8Gux0Oqzu1xW4fHPA+eW/4q0eBjckwmgHDBAKhdg/t4zzb9V/PIdafInpF9eha3Wolt1bHAwOWwxgCSZJ0tg0k7l4aBoz7yQIB/fCwTnR3hnga53AhPmI2F1nu3h7ObjSaWxd4wwya3Dmdzr1+FxusPYbDlZf5OWGzT4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLpZM5aFRRGIW/+2bmZYzJTEzMuCbRGIjRiAsYEIKNIoIiWGgluCCChZ3aCyJqK6hFxMLCpbKxERE3DIpFEgtjonGJYSYzMcYsb7nvvvtbTMC9yil/OB8/nHOUiDAXOcxRcwYkAQbube5JZ9asUepXnhBOvR+OzcQWIPzNpQCYad392iQBlDirGzqvp5RSIGUzSmGCsebRnjPDMnsFSLgZkTgqTucfngLuJAEwEmB1RVi4QqwT4GRQqpr00m0s7bjgIgJYvPwjvjy5SaJqXaM/tvB23+X2dBkQKUesJtYuYgXrfyaaGWW6+IhUeglIhJkZxPjLWbzuANmVG5n40Er//a6LZYCStDU+2gPRM0RTk1SvPki6rg1Q+IX7SFKRWb6R8fdvcJWmOrOYqrrG7OwHDsl5OWrajgIWRBAsVo/gDXdhojTZ5p2E+Vu4lYpPPf2Y0Bff89fPAkQkDrBeHxJ/R+IpxEzgjfUiUkW2ZRfByFUc15CqamK+/YhHKWo/0T1Qzi1ExBpsVMLqElaPUhh4RuBXkm3ZQzByBScVoSdXUHrSTW3nIRwT259F0iKKGDHjiPlK8d1LPL+O3Npd6EIXCVcIJ5soPe2mZm2eivoGML8USbT9ZryvldG0Wz3UN+gkKpZhVI7860ssyLkE4w18e/GK2g2rSKRbiYNARNvwJyAILw5d3duBsL3fydXvO36Nt7dOMvD0ORWN67GlflmYMrr4uCAIoJ5prNwoB/jHGs8ea49OHzmexInpeXCXTx8Gp7P1tZ07zvX2/msLfwH2b631NzUvSna0rURS4XO/WDq8+3zf0P/G9AOyUDsBCTaamwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLhZHLaxNRGMUjaRDBjQtBxAdZFEQE/wEFUaurLm1FfEGzENwpturG6qIFrYUKXbUudOODNqIiTWqvFEwXKo1UUVRqS2NM0kmaZPKYPKbJ8XzTiUQxceDH3HvnO+e73xnH8X7fLjJInjbgEekiOwA4/sbBD0Ov5sIqY5SVXiO/Rpospw01HphXrOttZPBMxCkWJ3NltZItq3i2pOKZklrWi9Z5SMuKwf2GBtJVxJotiqWLKpIqqHCyYO3/Z/A8UyirBDtLcZTi6Y+RdxdHAsnTAy/NM0TerCuRlE2Y9El+YjCWoLBkViyxdL40OpNmLuBo0Gvk12AuYC5gLqB2XAw8A2NBFZzXVHm1YnHq1qQpYs4PjgbmAuYC5gLe0jrnWGLwzZqDi33ksSTunw3JvKZ0FbFmi5gLeDswF2v/h4Ftcm8yaIl9JMtcwFys4midOJQwEOX6ZyInBos18QYJk0yQVhJjLiiald/iTw+GMHN2N6YOuTB9YieCozfE4EvNYDO5Ttz2vn/Q+x5zC3EwEyw9GcaH7v0ovLiN6mcf8g8v4O35vRg+edTr+Ne/tU2OEV03SvB3uGFQjDvtQM8moM+N+M0D8B92LjQ0sE2+MhdMHXShOutF/ZO6toXnLdVm4o1yA1KYOLI+lrvbBVBU7HYgSZbOOeFvc4abGWwjXrLndefW3jeeVjPS44Z2xYXvnnVQ7S2rvjbn1aYj1BPo3H6ZHRfl2nz/ELGc/wJRo/MQHUFwBgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLhZNdSJNhFMfPM9eW+3BjbGIKuik5toZCgYRIF/axEUbSRQUjiqigi7roIiiCrrwIwusKbybtJuquZLSBWcSaFU0slC0/arbC6PVjn+/Htv7PKKlwduDH/32ec55zzvPxskqlQpvZtUf7K2JJpJXCGuXkfPnBubm6zeJUVMMYUxSv+zwNdl2iYkmqFVY7AalLamIqqjAiheSacep/J25HBlazcoFaTd3V/OUyI4fFTbuH6zOZvCgmb5StWyao2yaZ3OZeajLtoeVMitYKAvXZj2FPOsPT2Ynif7ew8PlW92xunOaFCbLom8lqbKP48nNKrRupd/t968CVu11bJhi0F6+rl4ZoMveEZn6EaEZ4Rq9TyfXG7Cmysjz128sX/jrs6enpO4qi7AMky7IGtHs8HvZwbFwM2c5oVYKTLrcM08t4onCkf299JBLJS5L0SRRFgn5XYaFis9lcSObCxFWNRsOi0eirjh1m7YnVkZOnDTcpkUgcb7Pq6sPh8Iher9cVi8Uhp9PpQpJ2FovFOhhjH3O5XAsSCMAN0nA28krAge9FaDP0G7QJrGi12rQgCGOqnp6euWw2u44OviDgMBxvUeGgTqebgvoMBsM7qBf6AX6fyWTiesDhcPAtvGD8KYdgGJyFg3fQCf0KbYXO8w7AAh8DPm/DOQlgEbs/Wr0FVLj3RwdTvEJDQ8MbXtFsNvOOfBaLJY7xIeh7JPEiQRpMst8/0+joqAyHEUF2frrQTmgS7AQJBDvAEmhC5V3gYiAQ6Nt4iVigBgUE068r2gCLNuDXjUOnUqn0uPoOav3OW5nf79dwDQaD0k8mKaZoCMdoNAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLfZPLa1RnGIef75zv3OLEDObWqcaYYJUWgqa40MmilioE2kI3XVXRFsmqUAqi/4G7brpxpaLgpUIEcaEW23RbKRYqASfKJOIlMbfJZDyTc/kuXaS1BmNfeBcv/Hjeuzh/494PxoivmpkJU8WbZteGnoTQ49yxLz78HkAaKw59NtTTGYahEMLl/ywxoFXOtV8fHQVWAc3UBEEQigu/1UhYoCEq9HXPEnl1lDUsLkeMP2qjxb6PpJ3jX/ahjRD/QmWmwHFcHAGZM0NfxyyB/5h62kBphQwC+ntKTFY3UPQ7MGZtVRLAAI4jSO0cvldjaaVOqhMypVA2JggC4jSiPXKw2DWD+Q8gBFYZUp2TqJSVPCUzCm0AkWONRjoCa+2bFVi7CgjppBFPY12P1MRkSuO5EXGjQKtfYjC/RH53li1Jvw+DADivAI6g4G7m2Uw3yUKBFruJVrEJtdjOzJMSZa9K+YMapfIRBrvuh/dO7RgGkPZ1gNfFu9EgT/8co1h4jtAaL+nk455eDvRVadt5kPjxTTZs7BVqa3305nf9x161UFkYQRuDNoYd6Rz7enoxQHX6BZG9QXHgW3RznLBjC4l+Sumj3S0qrp2W1loEMLx6WAC4A0s04wXC6b/oKI9QmLpDXpvCcecRToy/cR6SJi+nU1eKde5VR0V0VMT4Hu88vIgXWYyawTFL4LRi84wHVyrJeGV5RIaeqGPytl3de0GIf1CWpHqLZOoXuvYMYbOfEbrBg9spMk3Ic20nqsuHDl+eHJW+FD+NjlX3ZdoOvL7i/eJ64b2hT9xs/jRStjE+ltm7zU8TubWc++QXj57cP7qay9p1/cm14d/TF6dsXPnc/vFjuXHm6+2H19PJt33e88n5O8v1sW3NxXhlYmLuxDdnH15dT/c3MC9g0QGCji8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGkSURBVDjLpZM/T8JAGMZf/gRU0lgU1EZDok5KSIwOfgKJhsGlgyaOfAE/Abo7dNfQ1W9AmNk0kjYO6ISLk4tBDJb27nzfKyWNFhLjJZeXlnue5/feXWNCCPjPSEa9bLfbpud5Z67rJrECVjmHwyHVW13XTyMNbNueR8GNqqp6Oj0HDoqAc5CMSJrNqtBsNk7w6beBZVmHJM7lcquZTAa6L69A6ZwL4IKjkQCGZo7jRLeAixuFQkH+Hgy+wEXxo/2ABnw8D8pHso1IA+oxlUpBr9fzkxmD7eKOTBejdNrwiQTkzFBEi+hgCN227rEymU7/aZXj6QT+Xgm5mAyKpV2ZHlCIiD2IhwkCA2lCyczv/U3pQv3dAB5aF9nCWDwSBun152v4/PDk80QDQgtuJYn4CJnju/PFC+ALRMfHrUYS0CkkEgk/mXEpIAOfxN/cnwTxEMFdq9WCfr8PiqLAzGwab2BMGjHh0xDhRIJqtbpvGEal0+lcapq2t76xCUv5NSkIWltZzss7Eh6xqK+xVquVUXiFsxR8TFRp4hE/maa5NdXgL+Mbb/xsAcKofWEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJuSURBVBgZpcH7a05xHMDx9/ecI/OcXWzZRDPCqMlcFqklKZeSwi9spIRcSwrDL5K/QFJLSoTIJX4yJOQ6lkSYjfV4MGwe2549l7Pn+z3nfIz8INlPe72UiDAYFoNkMUgO/WT/njXAEcCmnwQhBAFifMT3EeMj2iDaIMYgWeOHWu90b1w7o8J9u1cCJ9T8BS55+eC6EImAMYSdHXS3f8EKApwwJMhqUl4GuroZfvdBWrRe4wB1qnyyizbQ3g4VFZBOQ1sbNDbiJZPYvk+OCEE2S2cigVtdTd+MSrf43qOjDrBBWpqPE/8+S5WOhdxcKCuDRAKiUWzPwxbBVtA1qZuixaMJXj1mxN2v30SbXfbB+w875HrDJelJVOJ55UopKCgAY+DpU7TnMUQp0mN6yF07m5K5Wwj8J2Hc+7yvtOHlSSUi/OJv3Zwv2j9nFRcvsZcvh7w85PBhemMxsuP7UKvHUThtEenPbfjJkMT7l5mWphcbLf5w6o/1hllda6IfrpkrV/mtsBDH9/GrRlIwdSlB5h05I0bjRGDUvOmRCRVl9UpE+Ju3bEW+aHPJqZq5cMjUKQSxGN+CRgpXzcGyYyhrGBLEwWRoPvsppUSEf6XmLywVbe4wb/LEVHkH5ASSW1WkHKsHZeURGs3b8y19r9/2rlciwv98OFS1V7lDD5SsXBcRfRMVJHnTkEjbyTBlK8Xr1s7tNaeilx0GYFWU1Iysro3oeD2OU0Dz7XTmWVN8x9g+72KOa1Nz6mOSfg4DsGy0stuxhxbz5saP1Ivnnds2nXl/mn84DOBLNH6rN3FnXKYr7bW2fq9bf+LdBf7jJ8/eN9kzWRDgAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACuSURBVCjPvdChDcMwFATQD4rKwgxNwypjAxNTN6hmNakMKkWKFGDqEQo6QEbICH+EjBBeXnoFUQ0MAqOjT7rTEWg/dAhInDi9Eo9TP8dvWP3LsZ31pNa228CSLskM6DMofPwbZFkzqM0yb6ADjeaJmEE+OgnSrBgEEl3Z0JsHQv73Km65GhnNHb6AlmUNgrnBFSBZ1MCbK2wBYmlq4CbLelYGBBJDw2c+DUdevZ8ffsX6A70Y4hwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL5SURBVDjLjZNbSJNhGMd3KdRlN90E1Z0URVfShYKKic7ChFRKyHRNp3lAgq1ppeam5nFuno+JJ8ylzNMSRec3LdFNm7rKPuemznm2nMfl/n3fBw6tiC5+Lw8Pz//H8148LH1VvBNFDIWCgqSwUhxNlETiQ94D9IluHymEbtbGuGtk5eOLClnIuZjcwLNOAFg0LGqYmOsSwzwkw4q2Amu6GqxOVMMyUoZFVSFM73NBtokxWSsAkRcKOd8VlIBwCKZrn00cC5bHyijKsTRcgoUBGea6c0C2ZkDfkAxtWQJUWSGMIC/k/IRDoP5kdB5T9+NbVymm6pMwIgtDn/gOqLVBrY0q7mUUh11AadQVNKQGoFSaDmldl7NDQD99M4fdY/MHWNu2Ye/Qjn2bHes7PzFl3sOocReGtQOQqwdo16xC2mnoPg47BDTK6d13yukd+xw1bN0/gnnLBv3SPmapoPrrDxQpTfaCDoP8ZPiUgKZV+92lTbtFfiS3Ydo4ZMKd4+soVBpnJB2zLr+H/xAcUz+0MqgxWjFq2Ias26j628w/BY1Dy8Pj81aMUQJJ++zgfwvq1cs3mwmT6U1zO7KyslFZWYnUtAwkl/ctCKUK38TERJLupaWlbfB4vKeurq5nHOHaQUtrE7Foz5WWIj8/HxaLBSRJYmBgAOmvc5H4Kg/6z1+O6B5BEMwMm83OZMLVqiVlj24d8s5eCIVCaHQ6iMXp8PPzA4fDgUQigUAgYGpfNtseFBTUSUsSEhK2WA09Oue6QTP6pzchysyBSCRiBDu7e7jl7Y3e3l5oNBqoVCq0tLTA3dMLvCTZDVqQkpKyx9zCpLIYxLAa6ZIKxMbGMQK+8Dk8PDzh5eUFf39/Brr2cHfHwwD3TVrA5XI3Tx3TiCIDnNBgFOTnQP62CXK5HEVFRYiPjwefz2dqutdUV2PLzs7epL6oZ508Z21xBNny8t5u8F1fcDmP8CQqEtEUSfev7r8IvGSO5kXYoqJ4h+Hh4VYfHx+Dm5vb9V9HN9N1j9T0nAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxCcMwEAXQAxcuIoIFAUMgqtypcyXSqBIYNy4M0gSZQBNoAm2QCW6DTOBFbg1HTo6QyqW5QsU9vj4HK+wPHAJ88uhxDiuMwaFFk/qksUOF7cAJnmb8+rKmFXiN8sxgpomBwb6A7qUe7e2vw0Tj4qKNJvaLLkDRhRoS+QdGcpxQwml7pRaxpiowcGQZdHilVssoyu9VhsjAkmGgsCEZT1Rv/RHuH2BTqYa6xKlQmqPIda6ekGA47tT78wZ72Oy4vOPLEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVBgZBcHda5V1AADg5/d73/d42g66bF8ZTgbbxcpoKaNJXWQ3fUJJdRF5JxRF5EGEboIZ/QPiTeFNGF03GFiRUSZiUGxlSlnqtsZya6ustY9z3vPx9jyhfkRXacCEVBVARARABAA0ccvJfME7aWnAhOGDVX37STJiSgjEQIjEQAxICAgoWtz6rlr6ZEoqVdW3n3pC/xgJVn7izxliJImIJAiRoqDSTe8+eqeqKUgyYpkHDwEO0djg+jlunKW1jkBRIHB7mfJdtInaCCmbS1yZZPYiG6tkndz7HE+eYtc4INBoUGvQzMlJRcTA5hJXPyIG0kj3KKOH2THAQ0eZOc2Nc9Sb5HUaLWpEERH9Y7zwIY+9y9CzrM3y5VssXAD2vULfKPU6tSaNJjlRGxICsk56RnjgZZ44Rdcg0+8zfx44cJRiG7UGjRY1ooiAvy/z6ZtMn2ZjlayDR96mcg8XTrK+TKnC3meoNWm0yUlFxEgR2Vph4SuWvuX+w+x5lAPH+fgNi++9ZvHarzZ+uy4rp3avtw3mpNoQSArGj5NVWPiamQ/oHqHSZ3EluL2ybPT5I7YN3mfrx8/9fPEL6WYUQSzo2cuuMXpG2P0wa/9wZRLMTX9j6OCLyjfPC2de0jE7ac/ATvONIAUCWys0Nsk6WL1Jvc7vv4B89Q/l/kGeOgYgPXG3vB2kchRNtPjsGNkOFi5TbzL7PWdelXWWbf5wVufU6+pbyzbx31oiTUhODOvSf8e4O4cpVYgF23vZ0UdXHzEKMTN/7aqYRY1kw79/FeaWEt3t9qVQf1xXqd+EflVtNFFDjhw1NFm03dz6hrwVZElhZywuDa20n/4fCNbrcsCV4KMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLpVPJqiJBEHwf1f/UH+DydBTtLxBRUAS9eFH04MGTINIHUQQRt3I5eHBfW20XFBVzKgq75TGPNwxTEFSTXREZmVn1QUQf/4M/Av1+X+r1ekq321U7nY7GGNNarZbabDaVer0u/SjAyTIns/V6TefzmR6Ph8DpdKLFYkG1Wo1Vq1X5W4EXWb9er4SF/XA4kK7rdLlcRAyilUpFL5fL8heBl21mkHe7HW23W1ouV7Tf72mz2RBcGSKqqrJCoSCZArxexThgkEejMbndbrLb7S+xpQDWYDCgbDarmAK8WSqUYVXTNJrNZoJos9nJ6fzFd5uIow/oBwTT6bRqCrTbbQ3Ngl0c/Px0CDKIgMPhJKvVKsqAi9vtRolEQjMF+JiEAOzj0Gq1Mi0jKxxNp1MBw0U8Hn8LNBoNFR1HGSAhKzICFotFwOVy0WQyEZMZDocUi8XeJfD5Kvj5fD5FBq/XS4qikMfjMXfERqMR3e93KpVKFIlE3k3kc5WKxSJDD7AMuxAdj8eCiKxIgG9OZhzSl4uUz+flXC6nY+Y4eDwehZv5fC4uEzJDhBP1YDAof3uVM5mMnEqlGC9JNA49Qc2YO788xInM7/fLPz6mZDIpRaNRJRwOq6FQSAsEAhonqT6fT+Hf0l9f47/iN5+1McdPrPQwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH4SURBVDjLpZPJiiJBEIb7oeqd6qQgoiNaavoCIgqKoBcvih48eBJE8iCKIOKWLgcP7mup5YKiYnRG0l2OdNPNMAlBlZn+X/wRkfUGAG//E182er2e1O12SafToe12W2WMqc1mkzYaDVKr1aQfAVwsczFbrVZwOp3gfr+LOB6PMJ/PoVqtskqlIn8L+BBrl8sFcOFzv9+DpmlwPp/FHkLL5bJWKpXkF8CHbfYp3m63sFgsQFVVEev1GqbTqQ6hlLJ8Pi/pAF4vQdt/i51O54tYURSxj6vf70MmkyE6gDeLIhmtYq1W6x8BQOhkMgGj0SgAeIb92Gw2kEqlqA5otVoqNgsPLBYLD6sQYGaDwcDDCA6HQ/xGF9frFeLxuKoD+JgEYLfbgdtNwGw2CwACbTYbmEwmsNvtws2ni1gs9gTU63WKHccylssluFxuXoILZrOZECBMUZwwHo/FZAaDAUSj0WcJfL4EDx+PhxCgTY/HIzJioHVCCAyHQ7jdblAsFiEcDj+byOcqFQoFhiXgQhFmR+hoNBJCfGICfOdixkN6uUi5XE7OZrMajg3/eDgchBsE4WXCzGidC7VAICB/e5XT6bScTCYZL0nYxp5gzTh3fnmAC5nP55N//JgSiYQUiURIKBSiwWBQ9fv9KhdRr9dL+Lv069f4r/EO4RAxpm00KCQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLjdFNTNJxHAZw69CWHjp16O2AZB3S1ovOObaI8NBYuuZAhqjIQkzJoSIZBmSCpVuK/sE/WimU6N9SDM0R66IHbabie1hrg0MK3Zo5a8vwidgym8w8PKffvp89e35RAKJ2ipp7WDxvjltZ6jwCr5W2bpHHtqUnx+77877jsZxzlO3roAWXuw5ha1pl9MZdAW2ig8RyXyL8rnx8G6uH387AMnUMC2b6l10BJPdAfWDGhZVREuszT7D6hsTStBNDurO+XQEZnEypx1a28XW2F8HFPqwtOBAYJlCde9EeEZCy4sTN4ksrRA4LZB57vZCfMElUyH4E7Ap86r+LwIAGIy03cDr/lDNJGR/zDyBiHGc3i1ODjUIWtqbdIIexVY86kwZ3HijR/86GmqFqJGhPWs8oTkRvAgb+uZGHhVfRV3UNni41OhU8EDlstBSkwjKjhnmqAg3uUtS6y9Dzvg0ljmKkFCaRm4CJT+/5OERtG4yqZMEwdQt1biV0EyW4PVEE1dsiiMk8eMn0/w9Wp+PCNK1CQ6iBYeommkIpH5Qhy5AF/6Mrf4G955tUJlXxtsHieeWQ2LJxvVuAAkoASUcmLugZPqW0qsprEQjDx3sY3ZIMhXt1+DNw77kdmnYKSsKKx+PfoTQtYX9KtzWG2Rod6aujaJwWHk8+uDawGITeA+SPA7nDQOYgwKcAYhQQajyIY9eQEYE5feLPyV4jFC8CELkAkWMDQmoDPGsQaWYgzRjEU8vL8GARAV8T099bUwqBdgzS14D4VaiBA8gZALJ/t6j1Qqu4Hx4sIvChoyDFWZ1RmcyzORJLJsDSzoUyD5Z6FsxKN+iXn/mM5ZLwYJGAX0F/sgCQt3xBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK3SURBVDjLdVM9TFNRFP5e+0p/KcQIrZZXYCCBdIMoaGqESGxCTBqCg5suxsRF44IjgzG6mZjYwTB2Mg6YOLQdNKUFTKwYEJ2koYZSqi20j9ff91rPvbEEbXzJyb03Oef7vvOd84Rms4mTXzablXQ63Vyj0fCpqjpGgXq9niiVSqFCofDa6/X+OJkvnATY39+/IAjCvMFg8NMJAgIDqFarODo6QiqVWioWi09nZ2dXWzW61mVvb08i1nmTyeQ3Go1gwIlEgketVoPZbIbb7fYfHh7OBwIBqQ2AZM6JosiZWQED8Xov4fLkJDo7O1Eul0HK4HK5/JlMZq5VJ7YulUrFZ7PZ2MnZviWzWFtd4UrGxyfQ7+xi/qC3txcHBwc+Knn2lwLqc4wls347iH1tNQ67+xzsg1P4mFRht9uZSlitViiKMtamgFzmhjH5RItGA6jBAk3rQE3o4jmapoFMZABo84AAErIs8yQaFy5OnIciF1AoVXBluIlcLsfzdnZ2mB+JNgByN0Tm8Hs8HocBZdycduH2lA11JYNoNMoVrq+vszZDbXuwuLgokYqXHo/Hx9rJ5/O8Zxot3wfn7gcYv4Qg5NJQ9UgLaD6/GlafHHtAzo/TCB2xWGxpdHTUPzIywntlBKatCMzyFoZv3YNx0IPyRvjs1+XIo8i0QeEKgsHgdcIIEmPH5uamm5YqxVhZ38yT21jDtfsLMH9/D+zGgK5u/BL78Sm8nOQKSOaroaEhMA8kSUo5nU5YLBak02k+nVMb72ByDgIzD47dFxfOQN8QBsQ/S8QL+vr60NPTw98sHA4HP2vb3Sh9fgvrm7uoljMoUY1c1EMjLzhAMplEJBLhS8SiBcCCvWdOm9G9EsUAnaLeAPmniu0M2YjmC+Hf3/l/X/yG+6GST9/Ra0K/pm/uUlXAF1Yf/wakxYbML/JgHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGcSURBVDjLxVM7SEJRGP5vmVfpAWGFERJUONQWLtEQOUQRbUK09IDW1mp1KKPBsdGlWqKIqGiLoq0aggqxraFARMpX95535xxCNLouDh04cM7//3yvwzGEEFDPaoA6l6vyEj3MaDmcc0CMX23NdY9X9iPxlxijsHK8GmxxUMAh1O+BAb8bEKZVnZntVMyisFYiotnRgkU4UMaByC0Hy/XpzWQ80GGuTwy1GUULO1tQrIQJQBLIsriuTW4kE71d3qWg3wNM9gqIOYeoWDHlGuALYQhHn/cCPnNpsMeEjyIBW9bzP8B/KlCsSAJ4TQNyiI0M97WaPe1NkM4TyJco+FpcQC3irECxYsVuM/iyaBFTplltzHU+6sx/KagCKCDlX0A6R5TXp5O77NHl4wd43QYYoOwJEAg7A6iEEZHsMijpVbzuhCLPqdzBzcMnNHsadT7CZrUUMB2gjVnZ6/v+6GzqMbt7e5/V+fBaIaqEbfUKEqByMH0enu8cu+AE0QVBqDOAYk2cvUmfUiqrHsxcTy36QqcE3K7lyrrx77/xG/TSBY2ALCinAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH0SURBVDjLxdPPS9tgGAfwgH/ATmPD0w5jMFa3IXOMFImsOKnbmCUTacW1WZM2Mf1ho6OBrohkIdJfWm9aLKhM6GF4Lz3No/+AMC/PYQXBXL1+95oxh1jGhsgOX/LywvN5n/fN+3IAuKuEuzagVFoO27b1/Z+BcrnUx4otx7FPLWsJvYpIM2SS9H4PqNWqfK1W8VKplHlW/G1zs4G9vS9YXPx4CaDkXOFES4Om4gceUK2WsbZWR72+gtXVFezsbKHVamF7ewtm/sMFgBJZhd6pvm4kDndaAo2KOmt5Gfv7X9HpdNBut9FsNmFZFgPrMHKZc4DkjHyi6KC3MZNehTOuGAH5Xx5ybK/Y3f0Mx3Fg2zaKxSIMw2DjT0inNQ84nogcUUQJHIfZquNT3hzx46DBALizg2o01qEoCqLRKERRRDAYhKYlWRK/AJdCMwH2BY28+Qk8fg667wdXKJjY2FiHaeaRzWYQCk1AEASGzSCZjP/ewtik5r6eBD0dM+nRSMb1j4LuPDnkFhZymJ/PsmLdazmV0jxEkqKsK+niIQ69mKUBwdd9OAx3SADdHtC53FyK12dVXlVlPpF4zytK7OgMyucNyHLs8m+8+2zJHRwG3fId9LxIbNU+OR6zWU57AR5y84FKN+71//EqM2iapfv/HtPf5gcdtKR8VW88PgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLzZLdS9NRGMf3Fwy6jLrPKKerSAsqXzKn0xY4ZrIhbvulKwtrOCdYuWDOza02Ai96AxEEaXixTMkllDdKUjhrrmDMlMFGuLbTXO7N/b6d3+rCYFLQTQ98eTiH83yel/PwAPD+Rbz/A8D2dsupvlIRTjmdluS0XWT7WifJXu4gGUZN0q2tJHWxhSSbpGSrQRJJnKtT5AE0QEaVwMwLYH4eWF4G/H7A50Pu9StExsYQHR1FfGQEsQcPEXQ4ELzdj83T1Yl4+SkJB3iLJ4+AyUnA6QRWVgCPB5iYQE6nQ1CjQYhhEFWrsaFQ4F1jIz6ZzfB33QARlgU5QAnbo11kLSaAZsP6OvI2N4ecVIqQWIwv9fX4RrVaVYWPAwNYZdpBSo6HYweFsvwMaL97aL/TOUM/4HIB4TCwtARWLkeEBsYoJCYSIWAy4bOSAREcC0SLSkt/+4Wspp2fUammtvV6YGEB8HrB0tJJTQ0StbXYGBrCGg2OHT4aiB4QFBf8xpRcwU/KmqcyPfqfADqDRGUlUlYrnhoYdNtlbPs9CVqMFfG6XsHNgnuwdf4C/7tI7E733QI7Po6sxQKnQYk7TiWee4fhCblhf3kFzfZilHXutRVcjs2Ks/vjJ8/409puJK9roTJWw/XBAZfvfn6+ttlLsM92cIDkrhtGjpQfov2+of2uNfQJMe19jJ327P0wB/i7dT1xdV/S6lZh0N2WDx6caftzBTtFHxqbbEW462bymTnPnXedwS4QM1WcK/uXN3P3PwAfNsr5/6zP/QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLfVI7aJpRFD7/7y8qdlDwQdQYwQYJJdCSNmSwlBQcQjK4Zil0KIUgXVwFUeji1Lk4dLGh7RCoDhYtRQoODnUqjVY0SJKKT3zg83/03Jv+YlLMhcO595zzffe8GEmSQD7CK580sztgmkgAtYsiSETwTrTq4ADg23fQfv3CyBgOFo7E8/NgGTgnkYmms0UIsNcIZvwVQBCoDDY24PzwcP6mJLcSoFOaToFdX6eAhtsNo50dGJpMwLpcAOMx9d9GEGYuLkHhcICwtQW91VXQ6/XQ2N0Fbm0NxF+/acxSAtXx+yBc/gnDWRXaSGBaWQGdTgc1ux3E0xJIxXJY9/NHcBHDkMbk83kNz/MuFMVsNgPHh08vzx67X9i2H9GgWq0G0vHH+On9zRDxT7EM1A2/31+lBLlc7lypVFoFrBtJqJDUWZaFyWQCHMdBvV6HZrNJgNTf6/Wg3W4/o2NE49FoNIpZrdY7JOVutwvD4ZAK+YAQm81mcDqdoFKpyIdQqVQ+I+6EkRcplUrdRUPCYrG41Go19Pt9CqSzRyE2EceYTCYFjAuGQqHX15ro8XhKWNvDYrF4QtJUKBQUIP5bICyRgNsYsyeD/5uC1+sdYECq1WpRAtIDohmGoSTYj0E4HE4tHSM5GLRvMBhoylqtFndnTBtK7qjt2PnNpQTRaFSDGTy12WxQrVYhHo+XMpnMu2w2C51OBxy4YFje/lICBD8xGo0arJV0+i2+HwSDweeFQmEvFotdkH7cJOBupG8tl8sVBB4FAoGkbI9EIkmfz3cvnU6/wR3YXsT8BaM2jDnYpij1AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLhVNNTxNhEH52u7RLFyi1QiCGNLWkptFAqGk86E0TDAl/wIM/gLOJBy9evHiy5x71RLyS4M2DxFRDQ6AS+qWRgkJMdAm17XY/Xmde2AUTjJM8mXffmXnm452FEAIMEiWbzd4rFAofMpnMffrW+O4UWi6Xu1MsFt+zD9/5cfLQVBTxg71WVnBlbg6t9XV4i4sYw4mwLbK6iomZGXzf2EB/YUHa0kIoqkLCTkYkAiMWg+u6GIrHMRgKIa6qEjq56MPD0jY4MgL9lJhj1dMzdE3DTrMpnar1OjwiaY+Ooj00BFfXsVOtSttOrRYQwO+xAXgxyr45OYl6u41pyp6i1lQKELYNy3HwmXSTcNXzkCPdIfs0oGrnK7iRSOC6YUD0+3DIyWMQWZiIrg0MIENaIUSOj9Eh0qCKUqkkHMf5J2zbFt1uV4KF7ziGYzVcIJZlYXt7G+l0Go1GQ/Z+dHSE+fl5/8kDUS8i4OC9vT0M0+RnZ2eRSqUQjUZBmQP4REEFbz+ZeP56F27fxptnN9FqteAvS6VSAS0QqBVZjXOuf0mw+U3BcvkLJhJhtJq//yrTNE14NHkOPjw8lGdGUMHdJx8fLJc8jI9FoNHCOJ0zdnbidmi1ZeZkMsnLI6vT6NV4oKoRxqtxyqypArblwO1YMniRVpkJ8vk8DHpazsrB+/v7AZEconnQfdiqmmj/tGD3XLg9Rxp9hGgPWHMFnHlqagq9Xk+2BP+vevT0pVirXEYiaeCg9gsvHicuepyAlMm2trawtLR0sgfxgd21Wxn79rvKJVlquVzG/4R25SvrPyvWchiOM0HOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALsSURBVDjLjdBbTJJhGAdw6qKLuuiqi04XZoeLsnXQOecFfWGu8ECQJs08UCADLMQvUVI0UcksQj4NzM1DU6RUEFtj1eZMR02nkOWxNeUiFdfWTM1sKv2Lb+u0WvPivz173vf5bc/DAMD4X/LitgkGTXvmJs3bMVEfsFIn31UTG7prw4/3/w7L2TtYnoYA31TTVvyeu7LA8jUBNSlbqClbMKYfi/C5R4dpazimLDsxZAqcXRNgjNus8w48xtxzI1YG7mHhhRGTLx3oLDrsWRPAY59NG2nM/Dr/qhW+URsWh+zwPqOgST5m/SeQRuwR3BEcn6OSCBhTWSuShKB+Klu27LWSeNdeCO9DNZxV6Tgo2u8IyTqw6Q8gJXw3644gwleeSOD31OrlqLhbjBuVahTcykL7cCNKOjUIyt9Xf4jcu/EnoE844qyWnIbt2kWMNOXBTMaDSmKhShyBuoE8mNzZuO1SoNSViZaxGmTYLyFMEmL8CVQmBLa87bT8dTDLVQJ6dw5uuLJQ1JeB3D4pVL1SCIypmDDG/n2w930WPDXrcausFLW1tchXZ+PmUyVuPlei4Hou3SsuLYIgXwCPKeoXsP6oQUVlpy9XqJJhMBgwMzOD8fFxdHV1Qa3Ng1JLYmRsmO45nU76z+UUziN6eF34fSGPdC1U2p/hilIJ9+AgUiWXEB0dA5FIBIqioFKp6DoqKmqVz+c7/AhJkh8ZAeyq+Hj5o8WHoz7w1eUoLNbSwFn7FxyLOImOjg643W50d3fDarWCyWQucDicjX5Ao9EsMV4XB6/2t1aAbPOCXfAAaekZNHBGXAiCdQKRkZHgcrl0/DVBEMs8Hu+JHxCLxbMMj4E53VqiwLn8HpxvGMfpZAnK9JUwt9hhs9lgMpmgUCiQk5ND1/5ec3PzB51ONxsTEzPKeNMgDnNoeFdD4xvtwfJeEJkOnOIm4oJIAqnsMqTS9K+kMKmtOpevlclk89+zJBQKP7HZbM/3dQ59A+o8mPeL9bcZAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH3SURBVDjLhZNJjxJhEIb7T8xVw78g6fh75mJGY/SqTjRGTXTcbu7xxtItPew2YxMgbGkCNMgSQkgDAiHRKNpkWPL61ZfQGcLioS5V9T711tfVQrVaRaVSQblcRqlUQrFYRKFQgK7ryOfzBwCEfSEYhoHlcrkRvV6PQzKZzF6IQJNJYJomn9zpdGwI5ZgLJJPJnRCBLFMzTaNELpfTJ5MJ5vM5zxMwnU5D07StEIGmrhqZ+JxZNqfTKUY/u4gbMq+1220kEgnEYrENiECTV5YXiwVIPP71Hc9Or+ORdAjNkHit1WqRC0QikTWIwHa0xuMxb5rNZhj+6OLk9Bpef7mN92f38JyBVpBms0kuEAgEbIiQzWavsB2t0WjEm76ZOTyWD/FWvYtP2kN8OLu/Bmk0GuQCPp+PQzgllUqJbEdrOBzypnq3gKe+I7xTj23IiXKEWMnF67VajVxAkqQDe5d4PC6yHa3BYLAB+fj1AV4Fb+KlcgvzxYy7CIVC8Hg8l9delO0nqqpq9ft9G/Lk81W88N/Am+gx/vz9fVHssFe4GNFoVAyHwxZdIrdr6kx8B9Nzyxa73W6H/YjbjiMYDIp+v9+iS1x9YhKz/Jp4J4BCURQne2mLDqxer28V7wVQyLLs9Hq9FoldLpdj6yn/73dlU51MfGlX/R/5GCirExPTUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIfSURBVDjLpZPNS5RRFMZ/577v+L5jmlmNoBgE4iLIWkgxmTtx4R8QLXLRB1GYG4lAwlWkCH1sShcRuIgWYUQoBIUVgojLyowWLSRhSCNtchzn672nxYxT6hRBD/cuzuW5D+c5H6Kq/A9cgM6+0VtBTk4tJwM/kS7BspvDsAc7w4w8uXGyxwUIrHRev9AcqYlERMRFAS3+E1RBdSNWglyGs9eenwbyAsuJwIvsjUjX7QfU7duF51gC9cBUYYT8NYJjhM8fZ+nvuUg2EClaSKbBGJfGhv0cjLbiGAfVAMQFEYwIIgZjDCHHYO2WGmzY9DwfP1yRz/cv0KLJLQLZTIpsah1EULVYDbDWIICq4khALpNE1W7PQBW+xmN8W4qTtTmsBvxIL5IJ6pECp8ZbYX0tDmpKC3xZLCe0kPr1oBFUU0XyCmEWFnT7HNgC3zhlGMcr6TtITJBLvKK6+jtX7z/ElDV4cGJzBn9COv6MPZXTNDcfpX53I6/nnrL+ftKPdtfddAHUWgRYmp8rKRAKPabtSAeBCThc287Eh1GiTS3Mfxq75OZnLd+coYG+YvQ7rtzpJyQVdBw4B8DltnuMzw4DY74LsDNs4jaXqqotl3wLC4KFw+panLnYNG9jU/S2jzD44gx+vlYpF2CHZx6dH3h5LJnVJmtL7dJxf+bdtNdyqJXx2WHKxGXqzSTAkPzrOke76waBLqASWAWGZ+7Gen8CJf/dMYh8E3AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLjZNNaBNREMf/25Q1Lqmk2NYamo+amI+mREOhFhRS0CKKN8FT8NSeiiBIDiJYk4MXEcGTwVtI48FQouLNix48RCoh4GETqAmioTFG0qT52HT3ObtgqiGHPBgGdmd+M2/m/zjGGPpPLBazyLL8XpIkW7fbRavV+tZoNFbC4bDYHzuKAafT6TyZmZmxCYIAFVAoFMz5fP4x/brWHzsyCFCv16fT6TQymYwG0Ov1qNVqlkGxAwEUjI2NDa5UKmmAdrut2dAAnuc1z3GcBvgLGRpAM0AoFGJGoxE0SM3Ub0MDaOLwer2gQSKbzeKEoYIHa1P2nXfBqaEA1C5TK4qiCL/UwOLxInznbgiGgi6N27dWB64xkUjYyImKovBk2v3NZjOW2E8I7ss4dtKPnYmktdIsPX8YDJri8Xik14GaTIISXS4XTztHuVxGNBrF1otnqBt3MTZhhLz3GpO+m4C7C+dpezgQCNzvdUAVRY/Hw7vdbphMJgSDQVJfEwfFBKZP+elOn5HefIWltbuQxvdx3jqOl8lqmFIjGoCkypN0kUqlVBFpKzOw77h05gjGxptU/SvAFMiNT5hdvoO9t0/B5PbhENUEdWjValUDNOo12PU5GC1noTSzlNvCwnUXFOkHqTIHm+8qVuZ0hwDqQAM4HA44nU4sziqwzy9DGKuAHfwiRemwvZVTLwulncOk04qLrlF8iMzPceprXF9fZ8VisSeae1c6uLC6Cd1IgQC/KZH9t3ndURd2v2SQexNJcoOe88dHCxUmKwJTGLWv/GOs56F6xrb/AFceRXFTtLBJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH9SURBVDjLpZM9aFRREIW/ue9FF2IULDQuaYIGtTBRWGFJAgqSUsEmjZVgo4mFWBiwVVjBHwjGwsbCShExIAghoEUMARGNGFJYhIC7isXGRbORvJ0Zi/dWY5fFCwOnuHz3nDsz4u78z5HTlx6NDB4v3KjWvd0dMMPNUFPcHHPDVTF3XBU1Y/uWZHVxsXzl6e3hibgwUBhvy7WH3bmWHm5fres4MBHXEw/16s+Wra8lHgBiV+f6mX0tA86VlkkBbgCsNxQH3Bw1MBwzR83Qhqflxro63Z0dqGkKIOuCBEHc8SC4OGJCCIJIQESRyIksEDfS+9bIAE1SAFwEBCIHEzBzIocgEbGAiqMhdWxqWQTL5kAE3P8BiYCrYwIuQBAii1JAM0JTpAxJxQaQxUJsxvTbSV7NP6e2ukLSSFjT/cBJ4kaS/HEggLsjIvgG0Is3T3hfnuLYwFG6dvbwcuEZcx+nKY7mbwbPskSAZC4k00GEIMLk64ccPtCHBqVvzxAqCcVD/QAjwcz+Rsg+M4gQbahv37/QJts4dfAiAJdP3Gfvrl6AXFxeWn58/k4ybKqYGqqKmaFJgplh7lRrKyxUZpmvzDA29IDS1Fly0VaAX7KZbSyO5q91de+42t87SE/nET59fcfshxk+L9VuyWbXuTiaLwEXgA7gB3Bv7m5l7Dd8kw6XoJxL0wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIfSURBVDjLpZNPaBNBGMXfbrubzBqbg4kL0lJLgiVKE/AP6Kl6UUFQNAeDIAjVS08aELx59GQPAREV/4BeiqcqROpRD4pUNCJSS21OgloISWMEZ/aPb6ARdNeTCz92mO+9N9/w7RphGOJ/nsH+olqtvg+CYJR8q9VquThxuVz+oJTKeZ63Uq/XC38E0Jj3ff8+OVupVGLbolkzQw5HOqAxQU4wXWWnZrykmYD0QsgAOJe9hpEUcPr8i0GaJ8n2vs/sL2h8R66TpVfWTdETHWE6GRGKjGiiKNLii5BSLpN7pBHpgMYhMkm8tPUWz3sL2D1wFaY/jvnWcTTaE5DyjMfTT5J0XIAiTRYn3ASwZ1MKbTmN7z+KaHUOYqmb1fcPiNa4kQBuyvWAHYfcHGzDgYcx9NKrwJYHCAyF21JiPWBnXMAQOea6bmn+4ueYGZi8gtymNVobF7BG5prNpjd+eW6X4BSUD0gOdCpzA8MpA/v2v15kl4+pK0emwHSbjJGBlz+vYM1fQeDrYOBTdzOGvDf6EFNr+LYjHbBgsaCLxr+moNQjU2vYhRXpgIUOmSWWnsJRfjlOZhrexgtYDZ/gWbetNRbNs6QT10GJglNk64HMaGgbAkoMo5fiFNy7CKDQUGqE5r38YktxAfSqW7Zt33l66WtkAkACjuNsaLVaDxlw5HdJ/86aYrG4WCgUZD6fX+jv/U0ymfxoWVZomuZyf+8XqfGP49CCrBUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADVSURBVDjLY/z//z8DJYCJgUIw8AawgIj58+c7A6lWIDYnUt89IC5MTEzcxAIVmKyvr6kpLi4C5jAygkkoG0FD2IwMr1+/VTp9+uJUIAdugIiQED/Do0cvGX7//gvxGxMTXBMIw/gsLCwM0tLCYD1wL0AAIwMzMzPD37//4YqRDUEYwAxkM6OGAcxGZmYWoAIGFA3oNDMziGbCNAAkCJL8/58Fp+0QS1ANYJw3b95/BQVZBj09bXjgIQIMxkelQeD8+UsM9+49gLjgwYPHYEwOYBzNCwwAGT0uf+Tb34kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLjZJNiI1RGMd/59x35l5T7x2DGRGJ0CBfpUlRJMlCSRZsUExTsxpr1lIWyupakIUFFnbSNAnJRlJMhhmM7zHkcr/vvO95zzmPxR3urHRPnc7p6fx/z/88/ZWI0Mp6m9ukSQXn0wu698Q/py6vGXx5FQARaWmPX1p3Ov9kSJLKE5keOfLr2bk1+0UE1YqDsVzfxZ4NvUNdm/fp2tdJbMVTejdan3j6oj9oxX6QTvd1bjygXX2MzKJlRO4rS3Zt6bC1Qq4lgDP2U1L4uEOn8ihdoz2bh6hOdTpOqYk7255nsuvXK6XnSIS4MvnFT5cGM+GS80G2Y2G4Mrsi0EWUDvGJYfzmRDQ2Xj4ZKNG9y3dea1NKgTTEKEXx1a1VheKV4e7th5WYEZT7zuvhKkE975S11Tfvy6eO3fhwO8BKhDfp+HsOZ1KgsygVMjP1kKW7jyuTzxEEnUw8snRsGGB130E3eXfft6NnPtwG0CRKizc40454jat9ZubHfbz5gUpNkUp3M/6gjursYXHXKKRMuw5k+b8BoyTj7QymDmJqJJUyYe8JurauBaBtwSBbBpqzUcF8cDpoAhJNMK+H+ev6AQ8iCB5vprDFe4grIbaE2DLiqmSWnYW4mZ2ARERchK+PNh67CmKL+KSAuBLY4my9jLgaSAzJnIwQI+ItPvnZ6ORKiC3O3guzncv/ACIW4rkAI6JwiP09Kyw2bbsSYitNsY8a37RzAGJ8wdZ/dSTV9hAfapE28CHIIsTFgEF041Ta4aJIxPi4CYjiC+8vH+pD2Isi/G+mBVCPDV6u/y39AQ7XjBmT8uenAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHwSURBVDjLpZM9a1RBFIafM/fevfcmC7uQjWEjUZKAYBHEVEb/gIWFjVVSWEj6gI0/wt8gprPQykIsTP5BQLAIhBVBzRf52Gw22bk7c8YiZslugggZppuZ55z3nfdICIHrrBhg+ePaa1WZPyk0s+6KWwM1khiyhDcvns4uxQAaZOHJo4nRLMtEJPpnxY6Cd10+fNl4DpwBTqymaZrJ8uoBHfZoyTqTYzvkSRMXlP2jnG8bFYbCXWJGePlsEq8iPQmFA2MijEBhtpis7ZCWftC0LZx3xGnK1ESd741hqqUaqgMeAChgjGDDLqXkgMPTJtZ3KJzDhTZpmtK2OSO5IRB6xvQDRAhOsb5Lx1lOu5ZCHV4B6RLUExvh4s+ZntHhDJAxSqs9TCDBqsc6j0iJdqtMuTROFBkIcllCCGcSytFNfm1tU8k2GRo2pOI43h9ie6tOvTJFbORyDsJFQHKD8fw+P9dWqJZ/I96TdEa5Nb1AOavjVfti0dfB+t4iXhWvyh27y9zEbRRobG7z6fgVeqSoKvB5oIMQEODx7FLvIJo55KS9R7b5ldrDReajpC+Z5z7GAHJFXn1exedVbG36ijwOmJgl0kS7lXtjD0DkLyqc70uPnSuIIwk9QCmWd+9XGnOFDzP/M5xxBInhLYBcd5z/AAZv2pOvFcS/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH5SURBVDjLpZK/a5NhEMe/748kRqypmqQQgz/oUPUPECpCoEVwyNStIA6COFR33boIjg6mg4uL0k0EO1RFISKImkHQxlbQRAsx0dgKJm/e53nunnOwViR5leJnuZs+973jHBHB/+D/ah7X2LXWloilyMw5YgtD3CDiBWN4Zno8bQcJHBFBucauZfsolZDCru0OfFcAAUISrLZDfPzSKxuiibOT+T6JCwDMtrQzYQvZHQ5Cw2h3GK0OI9AWBzJJZFOxgtJUGpTABQAiLu5OOviuGIEWkBUwC7pasNZj7N2ThNJUjBQY4pznAoEWsBWwxU+JFXSVRTzmQWvKRR5RG4KVGMgKrAVYflexAAugDCEygdbUCI2F7zobk7FZY76DIDQgrT9HCwwt1FsBhhIu4p4D3kiS8B0MJz28ftfGSPfl8MPLxbGBAqVpptbslJc+fEPMA7JDPrIpH3FX8LzaROdrE5O51jalgid3Lh4b6/sDALh6971riErGcFET58gwDPGndG9JT6ReHcwfPorGygu8rdxvGxMeP3XtzcofgigWZ0/EtQ7n0/sOTe0/Mo7V5WeoVu61z1yvZzZX+BsnZx9opYLpevXp7eXKIrL5UWit0n0r/Isb50bjRGreiyWmgs76lfM31y5tSQAAc6czHjONXLi13thygih+AEq4N6GqMsuhAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHBSURBVDjLlVM9aMJQEP6eNEF0sbiUouLgoLRkKXS1IG4dC6Xg2LXQRXATHbqVzq4iQjc3sVscnUSnYIdIB9GC4L/xL333IEFsBj04jpf77nt3l+8x0zRxaMViMbTdbtXVahVer9dYLBY/0+k0mcvltEPsGRzMMIyPQCAQ9ng8IAJd14OdTuedp+4PsS4ngslkctFoNNBsNgWB2+3GaDQKOWEdCTgY2WyW9Xo9QbBcLoUfTSDLsoiMMUFgkRxNwHeAdDpt+nw+8EUKp29O5rhEvnEoigJJktBqteD3+0/rgINNulHTNCjzGR5++1Bvb67x+vLF/dmxg3K5HOZB2+12MncxfzAYxJ25wcXjE5ixZCu9m/wufybfUqnLUqmUtwmomAtKi0ajcrVaxWAwQKFQEHOfK1dQajUwrwdSrw8ZEiKRSC4ej0NV1TwjJXI2IxaLyZwA4/FYFHL12T6fz+3o9XrhcrmQyWTQbreZ6IAnZS5dVCoVEpFYmFVEPpvNxJm+0zmRSIhoj0AJunU4HNogq3C/EwtHuqBfaxNQkhJ8NpGwAPtxs9n8c5ug2+2iXq/bojl0S41URKPuv2Dm9JxPsT8W0mO2IJm2EgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjL3VNNaJIBGBaCDnXqVlEQO0ixrE1a26G2uYU0tyVaA2lsHtS5HzuYhTkl0CHZmpT/0coO0UVS6AdrkCPFkC0am+ambea2GjOYuubmN9vG0/eNLl1s0K0XHnh53h8eXp6XBoD2L6D9Jwuqq6v3dnd3X9fr9Rmn0wmNRjMnk8kqSewn8wTFUTWqh+r9YwGTydzd1NTUbzKZkEqlkEgk4Pf7odVqv6jV6kA8Hl+nuGAwCNfgVcSeCjD9XI/xR2xM2ErbaeXl5RcUCsVyNBrNCAQCb2Nj46ZEIoHZbIZKpQKVU5xVWzu+OKzEcvgVkFtANvwMoYHzKUpBv06nIywWi5TL5e6pqanJ+Xw+jI2NIRAIwO12Q9lZQWSiNwuFry+w+O4O8hEPNmeDiDzuIGgMBqNLKpVm7Xb7NT6fP8RisX6y2WzweLxtKDrOIB3RYCsfRD4hQ3r0CqaeiBAebFsaNfPotGNkNDc3TxmNxqzL5Up7PB44HA7I5XLYDEJkIipsESGszQhBzLdiZbIXM47apY/Gc2XbR6TT6btI2WUcDicpFotXe3p6CBKFu3KmdfGD8vdwO4i5y/jxSY1pa91qxFBxuqgPvH0HLk6+URS28gEQSRHW59uwTCqZttXnYwNVR4oa6WHXYVHU24uJ1/fwbaQFa8lWpMdv4LOV9T1mrCr5qxNdt+uBlVnEHlzCcO9BvL/fAL/u1ELYUHl8R1buk5RuFEJWFEZMGNGz4BIfyg2pTpzc8S+0nN1H3BIe3fAZGjbeGuv8L5WMkmK/8AtkdLda3u0iOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLddM9aFRBFIbh98zM3WyybnYVf4KSQjBJJVZBixhRixSaShtBMKUoWomgnaCxsJdgIQSstE4nEhNREgyoZYhpkogkuMa4/3fuHIu7gpLd00wz52POMzMydu/Dy958dMwYioomIIgqDa+VnWrzebNUejY/NV6nQ8nlR4ufXt0fzm2WgxUgqBInAWdhemGbpcWNN9/XN27PPb1QbRdgjEhPqap2ZUv5+iOwvJnweT1mT5djZKjI6Ej/udz+wt1OJzAKYgWyDjJWyFghmzFsbtcY2gsTJwv09/Vc7RTgAEQgsqAKaoWsM8wu/z7a8B7vA8cHD3Fr+ktFgspO3a+vrdVfNEulJ/NT4zWngCBYY1oqSghKI465fvYwW+VAatPX07IZmF7YfrC0uDE8emPmilOFkHYiBKxAxhmSRPlZVVa2FGOU2Ad2ap4zg92MDBXJZczFmdflx05VEcAZMGIIClZASdesS2cU/dcm4sTBArNzXTcNakiCb3/HLRsn4Fo2qyXh3WqDXzUlcgYnam3Dl4Hif82dbOiyiBGstSjg4majEpl8rpCNUQUjgkia0M5GVAlBEBFUwflEv12b/Hig6SmA1iDtzhcsE6eP7LIxAchAtwNVxc1MnhprN/+lh0txErxrPZVdFdRDEEzHT6LWpTbtq+HLSDDiOm2o1uqlyOT37bIhHdKaXoL6pqhq24Dzd96/tUYGwPSBVv7atFglaFIu5KLuPxeX/xsp7aR6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJVSURBVDjLpZNLSJRhFIafGf/QTJ008zKKIWTgQkdByMxW5SJQgmjVToKCcNNlIQTRosCNu3IhgbsWCSG6ELwUlJi1KS3FCymUDCWh43VG5zvntPgnaxMIfXA23+J9H973nICZ8T/PG3l0+p8KqoaqIWo4UUQUJ4pzihP/zwMoqalERcAMMwMLYoAJmBmmijpFRVA1UDCCTL6f9AVUHLHlH8TXNg7knB3KoTBc9IfAxIivbTB84R1m+O721wD3w7fIOlwGKD0PujleUICIEgTQVAqjO12M7jxhNzCHKLjUJAXerkbQ+BSmezhRLJVB0Gf2sWuPLrEb6OXl9g2SGsMJJB04B1O7TQyunGFj6wsiiiqIWoogJeDEUZcdQUR4nbhEknlfRGBuq4S+2HVuLz7dJ1A1PFVDnfiBaZLpjSmaS/KJbifYTmtmdbOGXL3Ct5WzbCWKUJdGtZrfyt8CTpRI/k+qjhUTzjhJdUhRq+Zr9jzKM8p2n5OIecR3Enw8dYJEfB0P8EQNdYaIUphejpribA81xVCKM8qIzqyTuRXkXGMdpXkVvJruY+LzG7xMxXOiqBgZR7JIdA5g4ov5nfs7sFhRzuWWFiQoRIqbGJnppb6qgd6FfjwRBQsQys0nJycPVb/Syqt32V4eBJShF8McCmRxsfIaAHfOdzPwqQsJ9PsEi7Oz+7v923myvdUnUCMWckxHx5mMjtHe1EPHUCsZaemkGQQOco31beGHpeWhew3VjVQU1bLw/QPjU2MsL613Bg56zvVt4Q7gJpANbAJdE4+j7b8A7WGuGfrlZ+8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVBgZpcE/a1NhGMbh3/OeN56cKq2Dp6AoCOKmk4uCn8DNycEOIojilr2TaBfRzVnESQR3Bz+FFDoWA2IjtkRqmpyc97k9qYl/IQV7XSaJw4g0VlZfP0m13dwepPbuiH85fyhyWCx4/ubxjU6kkdxWHt69VC6XpZlFBAhwJgwJJHAmRKorbj94ewvoRBrbuykvT5R2/+lLTp05Tp45STmEJYJBMAjByILxYeM9jzr3GCczGpHGYAQhRM6fO8uFy1fJQoaUwCKYEcwwC4QQaGUBd36KTDmQ523axTGQmEcIEBORKQfG1ZDxcA/MkBxXwj1ggCQyS9TVAMmZiUxJ8Ln/kS+9PmOvcSW+jrao0mmMH5bzHfa+9UGBmciUBJ+2Fmh1h+yTQCXSkJkdCrpd8btIwwEJQnaEkOXMk7XaiF8CUxL/JdKQOwb0Ntc5SG9zHXQNd/ZFGsaEeLa2ChjzXQcqZiKNxSL0vR4unVwwMENMCATib0ZdV+QtE41I42geXt1Ze3dlMNZFdw6Ut6CIvKBhkjiM79Pyq1YUmtkKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKXSURBVDjLpZNdSFNhGMefdzues7ODc2wqW5ofE5WVqNgHdRM0AkPsSykWlBddGHXhRRdRBuFNQRR0E/QduG4kjCDSCx0omKzBpNmyi5XuVG5N5o6207ZztrOdnkkJXWRCB/78zvvx/7/veZ/zElVV4X8ezUaDfr+f9vl87EZzyN920Pf0bQ+XT97ZXUlp5n4YIC5KfbdPtT3Z1A7Q3M0w+cGcrqh4PsVxCqXhKFp9fPrWSPc/A9DcDHl5uMTEQmzhC9hIZHZ1aRkKbQ0ow50X7jdvGHC0Ruq3UDLwH3io5JSZrs721hIl7i20S0kKHDX53j/OIBAI3FMUZR8KstksjbI1NTWR4dFJubWhkuF5HiwWC0z7g+lDjj2s2+1OZTKZz7IsAzKmQaNSVlZmxzA7dlykaZp4PJ43ddYSJhQKOVmWhWAweKK6VM+Oj48/4jhOL0nStcbGRjuG2IjX660jhHxKJpMVGCCgtqEiOFheWAlVi+88cgsyirSgVhiGiQiCMLpWxomJie8YYhBFsVun0z2PxWI9uJIrGo06DQbDUDgcdtpW3g8Z517FVTFhzhRphXTLEZNbNF2mCgeByR5MPYMUEolEC/IbcidyAbljl//hYZPVnG3o7Tcztdsh/W7MNDflhr1fV6vWqoDf9AARRkMHbm0WeQBX9iEPGo3GmXR88Vy943iRbn4SyOBJ0C+8gNpqE5RLkY71P9HlcmVxF8VoqimcLrIB+RFVv99zY9px8xkhbcfWy7c6YIWZqWWV+t2BBgqVRgP8KtG6kjoOUv4R4F6eBzkdhRTOFxNayGkhQjZzG187KwboYu7KVrNCUZpFEGMK8EvaXFZSr5LNXudpZ9WlpBA5q82R6pxWDaPrbvuYcv0nJj6CVSYYRbYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLnVNLa1phED1X1CS+Aokv0Ks0D2jQnbRJi6UJLdidBLsvXfQ3ZFnaXXfd5Re4KiG4DNKNaI1YUVDoUryVxIiPGOP71ZmvGBKkm14Y7nyXOWfOnG+uNJvNcP+pVquySqUKTafTwHg89lFgNBplut3uWavVOvH7/b/v10v3Ca6urp5JknSk0WiC9AYRgQkGgwFub2+hKErk5ubmy+HhYXKOUc2Ty8tLmboeLS8vB5eWlsDEmUxGxHA4xMrKClwuV/D6+vro+PhYXiAgmSG1Wi06M4BJ/P4XeLm/D6PRiF6vB1IGh8MRrFQqoTlOPU/6/X7AYDDwW3T7VaziPPlDKNnd3YPbvsr+wGq1otlsBgjy9YECmtPHxTyvlrqfJxMwuZ7A9OgAP4tjmEwmVgm9Xo9Op+NbUEAuC8NYPrXFdAoMocNkosVQWhU1k8kEZCITYMEDIsi0221RRNeF53tP0Wm30Or28erxDPV6XdSVSiX2I7NAQO6ekTkiTyQS0KCHd68d+HBgwKhTQSwWEwqz2SyPebYwQqPROCmXy288Hk+AbgO5XA7pdJpGmYp9YGP5TATf6dvJggIq2CWDbPF4PMLnnZ0dbG5uYmtrC16vF0SO09PTyPr6uo125f2DTQyHw28pD5PL2nw+76KlUrgrz82eaLVa1Go1kDKX2WxWiASpVOpjoVD4LEYgSd+2t7fBHsiyrNjtduh0OlxcXIjb4QUqFotsnrK2toaNjQ1Eo9FPBP1LwMvDAKfTCYvFIs4cNpvtLne73eKKeRfYFzb0zkRmJ0axRBxzEMf8G4MZxOB//o3/8/wBTrxxLgOn/DMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMoSURBVDjLndPLb5RVHMbx5515pxfnnaadQi9MSykzRSFSqyWjITVoUIMhLmClLky6YcempKBGgitDJEgaIlVjMGkkLkCqIUTjyo7YQs00dYYZpsNoufReaWn7nvM757yX4wJJJBoXfv+AT57NY2it8bBT2fct6aoeodQeoSgplISQYpSE+i6onv2gWr9e/tEbMY6/ZTwETmaO7ZKO+uKZ6q7WoFkBx/BQV7keN6fyuJj7qj9mfJJVjturlNf9+YH40CPAiV+P7tsYSlysDW/AtLqHcTuPoA5gp/U0zl39bKnS3ZeMGC+NJhNWNHdrFbdn7f3nD7cPAkDgw/GjUaHEQJ21EWN2Ean7I7jvrCBR2YL5ubtgjN4L692HttRVROtrKtDWaIFIDbzy9nAUAAJcUk9n9S6rRFPI8wlwV2B9MApLhPBN5sJ4LHj6miDnQKI5jMKMQLSqHG1NEUtw6vkLYHuDoXJk7QKUK1EVsNBe9QRGiz+D1sRBR5p9HZsjQeX4mLqnUJyTaKgNQ5DYCwAmJ7FNGi4CMNBhPYlN5THc+b2EdCl9tjUysIFIdsZqKzFS5ODMA1v1sDUWghTUCgAmI071FevKuiI7MD9zF/1jJ5ckU33Hll87M7GSNn8IP15aWBbbTRjgzIf2fUhlQpEIPljAafKXG8Mdl64PLkqSxw/PNp3fvRR+S/PcxPM8/cKlbb0Q0gPnGsQ81NaEML1gQ0kqPQAYfflt5uv+U1Ntl7esBHs0p7yzudkyir/BX7NBRODCA3ENYbtojj+G4aslOJIuA4A5WOo4qzkd15xOO/GWMifeAt/zYI5lAcYguYSQHoiAzu0RFCbnkcllbM9RfQBgapuZPuNvqp3JMremGuJGHqHGJvg2g2YEKThIeEjEwigUp1HM3YQrRffs0JFFAAiEPj6z6K+xbuNaGsgVEGpohE8cHhE8ElAksMocXEll8FMqNTkzd+vV2aEjF/7xhbWuF1/WQnyq4pta3fp1CPw4Ar3wR/tzO9455ylJrqu+91x1Yj71rv2vZwKA5a1PWZ5UvVqpPb5yktp12xuWZrL4jx4B/k9/AolT0+iTfsOYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIQSURBVDjLjZPbbtNAFEVLvoNK/ENRv6W/guChbzwXJRJBDRIgVQglUjClddxUpCEF00RJE8fgXKBtZGzHud+vzWbOgE2gRdTSfrBn9jr7nPGsAFghsec20xrT+n90h8nj+pYAa+PxuD2bzS7n8zmuE1uH1+vdWoYsA9bJ3O/3MRgMXHU6HbRaLVSrVQ4xTRM+n8+FOOZbjHy/VCohnU4jmUwim81C13X0ej20223Yts0Bw+EQVMTv9/+E5HI5TyaTeZhKpRbNZpNvJFOj0YAkScjn8zxFrVa70hKfCTNvkHk0GoGkqiq63S5YO1yCIKBcLnNIvV7nBQzD+A1gZpGqKYrCo1JE0mQy4QDLshCLxfg8CEzzoP0uQJblCg2Geh/2WwiFQjw6GS4qOooXFl69OeQnQGBqj0AuIJF4XzHKu9BST9EzJeztBxGPx3FudZA4PUNKM7ATPsB0OuWpnIQugMUTbbMAw/yK/PckTvWPOLeLMCwbn5QznHzWIURivB0CkCiNC4hGoxu7EWGRN5I4+XaEY+0AcTUCtaigatexvfMaXwolnoBE5j8Aoih6gnsvHz1/+3hxXIhCLr3Dh8IhZC2GQCAANiNe1QE4cgHOj/Rg897m/pGAF8I2noWfICwFoRU09zj/1hUAvbCPi3/dg2t06QJ+Qe6yqANauImZ7e3x27sEWCXIDa6zI7r6qz8AeSLtQ3VwWP8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJXSURBVDjLlZDhS1NhFIeF/oJBEK5ISiIJsaxkTAQTR8wSacY0xdlmbZqkTZ3cmmKprU3naltOd2u5UtFSAiuSaAUVGEKDvphtXuVu79xttfB7Ef16FwRhG+mH8+H9Hc7zPuekAUj7u9omQ2ieIGj0hqB1B76s76+vf4KmCeFh3wzBxekYVGykYdMALbsEtZsfrR+NQ+mK5m8KUOchUNk/vqlk41srB6MosxLDhgHqkdhAw/AilKb3/YrO+cKqQQK5OTS2IYDKE9uvcQZQ3u0vSrz1r7T3au/3obh3Zf6/gGp3dEjpJFCYPuC4Tdimf33Wa39ngfVtLxS3ulHuKdkid1RFi52EOWInvgIb8eVbyZTUHNYlPWLj89M2y9wVzC7PoPNZO446rn8/NrQKzVgMBVaCmhEBFx58RgW7igM9vC6pVvWkot842wL73CyUtwVox2OQ9hFLopd3lbdovAJOuaPY17HCpNytxFH0rfXxC9TejUHS8/JnnokXJfKcLp7VUIsyZxh7GE6XajhaaJJCYszFQeNl5Fxy/aC6vuwuHiecEVx7EkcWs4yMVk6U0kBiDouorq+Cqp50/db172W4qTN3BDTRlXbqg/6kR/xTuT28v4oVoBxeRVYHxySyXQaOKR0Io8QaxvbzASYlgOrKZDYCy9OvyDYuI9PAiajubvrrSsu4gMM0E9cHZCkBVFdXeiOM3kdxlDkiyGxbQpZhCXJLCPrRT6i5GcGhdg7iukVZUgC9rojqshn6IHY0BxO6fvG5AEN/ZcTaxTU6uJZet8CmqxdEvwDWpa/ASC8BSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIkSURBVDjLpVNNiFJRFP7eU1E0KSLTMpAwYSxyaidDtChm0WYQ3NSutv2s2kwwm2igNgMtooUQEQhhA9GqhSDTQsZZFDbNDBgVg5bSw9J8rzFF33udc+HGg0ladOHj3nPe+b7zc99VbNvG/yy30yiVSl4SnCNcsixrivYEgY7WJu0faX9EKGUyGVNyFFkBkY/T+WkoFEpFIhEEAgH4/X7w916vB8Mw0Gg00G63y+S7mM1mm4LIAYxisbhSr9c5nT1pjUYju1qt2oVC4YnkqbIUMk6Ew+F/9hyNRkFJLuyaATmFoqZp8Pl88Hq98Hg8wtfv99HpdNBsNhGPx0XsRAG3241ut4vBYCDs8XgMXdcxHA7FN/b9VUD25HK5RAUczKC+hYgcNpNN05xcAQdLkqIoIlj6VFWdXIEUkAQGV8M2k2vaG3z6sYGfVR39XzsHlm/dX3h5d31xlwAHM5goBd5+LuO75z3OnU3jyP4EVrZeKGub2p309cP7VKcAQ2Znoiz3deMVTk1Nw1RNTB+ahamMkD45w7RrfwSYwFdFf6K4Quf6pmvwKHswl7wh7Jvnc4gfTPHR52zhcqVSeZZMJgOxWEyI8BC5CmOnh63WKtZbZczPPsa94hX4XCLJQHG+xnw+f5SEFghZmvhefgvcTqn2HN3gBmZSZ5CInMaHr1Wsvivjy3ZvSZn0nHO5XJDIxwgWDbW2vL10m9xXCUGCQXi49qA1/xvyq6BCh7yZeQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpVPLahNRGP5mcrWZhGgaLEwtJFJJqQEXgoKIkKBkKfoAeYKA4M7S4kLyDF34AF4eIIOQMC7sooqbECExImnSGgwqTTtmcubm+Y9MSAWh0AM//7l9l/9cJM/zcJYm44wt6Hfa7XbdcZwCD9i2DcuyZsEYm8V0OqXcKJfLRcJJVAIH3wmHw3o6nRab/m3zZYZCIei6jl6vV6xUKg3hgCtuJZNJDIdDRCKRGWgeSP3BYIBEIoFMJkOiG3y6ITWbTaGeSqUwHo9P2KVSCChJEgKBgFCPx+OIxWLQNA3dbrcYJHWyTrXSpmg0KsJXn3dC2XVdmKaJfD6PVqu1ESQlwzAwGo3EAfmb6DAp+2PtZxUTy0Ap+QSR0DkoiiJcEkGB2GlAIF6SsCzL8gkHE2WK5fQaXu1v4uHiU6iqSphCkFSpVgoioCCCL6nXXJlfoWuD8TX1/CrWlm7gyDTwvP8Im+pLUbYg8IFkNZfLidz9xXB3vQzH4+W4fA0eDg77yC/fwjGb4PHbEq449/8S0A0QgW+XwhwxAe79+AyLu7C5G8uxMJ4e4dql2zi2fmN38gJBfqJarVYrzb0ykc20CduxcTGxwsGOIPt2uIcLyhI+9t9ht/Meq8PijvS/z/RgO+ua9B5cBtNmuLy4Lt3M3sOHvR3UO2+GzEbxoOp9kk77G68+k43rK4UFvVPfZ64At2d/4TQtuyUZjhtYmLhO9nvV++rP/wHfnZcUJl+kcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLjZNvLNRxHMd/Tft50AOPqs1aTapJzp/8yYWaLM5k+a/F1F3FxXAidnIc53adc7j5uxo6OqX8PxcdZY7uWhJRD1pqrXWPCveb8ATvfq4yitaD95Pvvq/X5/t9f/clABCbpSv5CEnHWsNjWGvSncit9m0Jq3kMoybdcbEny3lRm33UqM11I/9LoE5xIGnQpJOxMN6UiNfNKdCXh6Kv4Jipr9CT/KdAk+ZI9mQ6m4bkQZh4wKOThomWDEy2Z2O4Ogo9BUyTJo9JbirQZDiRvXwXargsGJMP06GvCINW5IXHYm/oKqMw1iJAvyISLXxP6l66B7lB0JvlQmqzXSm9IgSTrZnQV0agX+qLt28mzOkW+aJPHgmDKgtdhSGo47pSVRddzBKCLoikC6L05WGYbOPTR42EVnIKL0deYHp6GrOzs5h6/w5NmT5oEwbjya0kNFwPgCyCQRWesSeJvjwPg74y/Nc9o2nYD+Njo5iZmTHDv5Oq8sGVehfUXvNDZ3EsKi57I9v3kIGgm2VpC5nLuqpoqIUnVj59nFqbvD7cBk/kq88jusYOJWwm+CcOLtNh/Swwj8nqyPUcUpTKVxYWFtYmJjceQ4LSDexaZ+S0R+LBiAIZD8/idMlu8AL3h/71jDKZbI6iKLMgiYY7XlWhdbTCDN4fKUNZfwaUhiJwVf5wl1guM0TbrDYIxGLxnMlkMgsu0fddhUu0qZD2JkH8KB5CNRsFmgTU6ESIveONg3nEEpH8lO3I6TwXE6UM7o+ShyzdHWzAqiTm9mE0vyiD6rkcSn0R6p7dpCWJqNYVIF7Fgm2uxTxDsC+NoOEvvO54CAauIbmbA44iDkajEaHVNghU7IFf6S54yawQV38cVYNCcBr9YSfagfDaADjx7L8T9OSBQIXvZy+hu+Ekz4sKvhr0lcvlfpBIJJBKpaB7QXFxMRzyt69cUPrBNsdyxV3gMEHD3w5cshkgtvqmf8ZGQMzvvWGBnXzCZv36D8sKlHMs9WAJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEXSURBVDjLY/j//z8DJZiBLgZkz37Ynjrz4ReyDEideb89afrDf5ET7v4n2YCEqXf7qpY9/T9r76v/Xu03STMgasLteaVLHv+fufvl/6k7X/y3qrlCvAHBvTeXFC54ANbctv7p/95Nz/5rFZ0nzoCAzpuPsuc++D91x4v/jasf/y9aeP9/89rH/6VTTxJngGPDtc3xU+/879789H/5kgf/02fd+V+17OF/yZhjxBmgVXCaRT3v7BqP1mv/a1Y+/J824/b/woX3/osHHSAtECVjjqy0Lb/wP2/+3f+Zs+/8F3XfS3o0inntXWSeffJ/0tRb/0Ucdv4nKyEJW25ZYBh/5L+w5fb/ZCdlQYMNs4WMt/wfuMyEDwMA0Irn/pDRT58AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLhZHLaxNRGMUjaRDBjQtBxAdZFEQE/wEFUaurLm1FfEGzENwpturG6qIFrYUKXbUudOODNqIiTWqvFEwXKo1UUVRqS2NM0kmaZPKYPKbJ8XzTiUQxceDH3HvnO+e73xnH8X7fLjJInjbgEekiOwA4/sbBD0Ov5sIqY5SVXiO/Rpospw01HphXrOttZPBMxCkWJ3NltZItq3i2pOKZklrWi9Z5SMuKwf2GBtJVxJotiqWLKpIqqHCyYO3/Z/A8UyirBDtLcZTi6Y+RdxdHAsnTAy/NM0TerCuRlE2Y9El+YjCWoLBkViyxdL40OpNmLuBo0Gvk12AuYC5gLqB2XAw8A2NBFZzXVHm1YnHq1qQpYs4PjgbmAuYC5gLe0jrnWGLwzZqDi33ksSTunw3JvKZ0FbFmi5gLeDswF2v/h4Ftcm8yaIl9JMtcwFys4midOJQwEOX6ZyInBos18QYJk0yQVhJjLiiald/iTw+GMHN2N6YOuTB9YieCozfE4EvNYDO5Ttz2vn/Q+x5zC3EwEyw9GcaH7v0ovLiN6mcf8g8v4O35vRg+edTr+Ne/tU2OEV03SvB3uGFQjDvtQM8moM+N+M0D8B92LjQ0sE2+MhdMHXShOutF/ZO6toXnLdVm4o1yA1KYOLI+lrvbBVBU7HYgSZbOOeFvc4abGWwjXrLndefW3jeeVjPS44Z2xYXvnnVQ7S2rvjbn1aYj1BPo3H6ZHRfl2nz/ELGc/wJRo/MQHUFwBgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLVdNNaBx1GMfx78zO7Lu765qQWIPteqiH+IKCjTmkClIVPHi0pVDSXBT0sGhLUOvJl0OL4AuVBC+CLXpoD1KqweBBWFFajOChSTU20q2h6e66nX2Znfm/ejCJ8Qff6+fy8DjWWgCmz9f3AR/cV0pPhtIQSoM0hoEyAdAFmoAG2kAL+Bz41mNzRqmJh0fzk689MczO9YUphsIU25EeExK6sebPZo9v/ugfAKo7gZFC0gGgflvjOw6eAwkPUr7LvSmXhOviJ+CRsQy7irnyp5fW33e3AC1loWQilIGucAgkdDoRQQRBBK0B3OppAF4/e53JSo4HhvzhbSAfBiP7v5pHHZ2mH2kqJ2cZ+uxjwqBPNzb0IstAgAEc3eGna22WrgfrLoA4Ol2eXfrimZw3QDoeYWyRePh0GZ0/RdTu0o8NfWnAwkYn5sPF1Y4WYtoVR44cNGH01+iwXzT1FvVj76CApUNVxI2ApNNn77EZUrXviZSDsaB9jRKicv7lxxZdM4jm433jabO0Asdn6eTLOC7oQpnfX3gFfrmKnBjnnrmTuFJiLag4RotYA7gmHLyY+LoWmcounBNvYm81cLEkgyaVuXdRe+7GuVijPlPFSfpIren1Q6WE6AC42YsXvjy9e//EtdXbyHyKyqszYOH+946TKHiEbcOVuXMEUwfI+NDqxahYbCy89awFcAEWhvaKj6YO48WQaDTAcXGbDcIA1k6cQuaKYCHruTTaA7SI17eu501Vzw4Bbz84OU6veobvlgW5rubHTy6Q9i2+B8nEvxWysFoPUUJsbANaiKeA535eXqM98OjFFqktsXQQyqC0wVhLuVjkpadHudkK0UI0/gOkfPT5Jx/KvHH48f/9gLYgtUUowMLphXWyPnR7IVrK1k5g7WYz4MziMqV8hlIhTSmXophLcUc2SSrpkvJcDk2NkPKg8XcXLeWNbcAoda52eWWsdnllN3DXZnduVkwnfT+d9inkMpQKWX69Wv8N+GEL+AdfSH+n2ppttwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALJSURBVDjLpZBrTJJhFMdfxUzazHQzp5aK84IgysULmNc5SXMFloVp09CJqDOXt+XMiViKlnkpxVZG5ijLlZZmZpeZpjVdfelrwqsfa3nJlAB5T680kNba2vzwe852nvP/PWcPAgDIdjAeIRXTkCGfS92WIKZ6WsRrn7tnebmUlt6Egy4JTn7Cyfy3oHwK2A0oK6ZRZYi7rCJu9lYO8ye/847qcGaWU47N4ehxFnC8/xaUvQU/yQIhsAbV0mvRkbXouIYfsfHYajw30jS4yk3yXklMXlk8xF9PvopK/hCwSifB+6Bkv3vFfFPe6QHdGpOtWQ/jdFi+xKpBm8Nr1QaOVK2PrFdro2VqzCxglk6AafArhYPNMxK0lmGvYrTPp0Sl9y9VKTTMUN91VhjczZDJtwQl40aBfq+bUuu6Tx91ZEyzS4i222fPE/Zkq0cdhaqf+XcidLkKBmR104haCm1cQw1aNgvoZ19DFZ0fbLB3xDZ2O9UjaegFRICCtQA1EAQoZntCLchRMNZqh9JB0EUGXocnUUvy0W0Jil8BWO3ggbXtZ9PaxcooKOplY3k9LEzYHQznB47Dg9k2KOvnQUKLi2HR023YLAg+8wK0iE2qHrFxMQkKe8Nh8GMnPPxwzRjsm22F1pdl0POuCcRKLoQ27DTQ6qwcjMNBRc/hpjM51hSOkzE78ZWN4StjxdA4WggXR0QgGRKC9GkedE3UwanbkeBbg2wYA7TCZ8ApC3Rll1Ovh5fTFvD6LeNGANyfaQXl+2bomW6CW1MyXFIA8gkpiJSJQKpGvrhXIvTfgoIRYIoDeAyxP9efz0nAKzFFTsKS2tyx+BZn7MAlByxTEQGdbySQ3csFzyrrFY9zdiHmP6DmDwNVPAQU8ROcx0ARDeIMQMAmuY+AjEOV2kFWTzx4VTqBn6gNyDn9YBb8D/jKax5VBHCuREiW/V/ef2+t0gzxSwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKfSURBVDjLfVNNaBNREP52s0m0cc2PUaiWQLGKYtWKCkUPohJJFfTiIQcv2tKDCB56sAfPUjyUFKQHrS2e1NaCthapSFuxlFyMifYHRWkvDZHapj/aZLubXWfeJgV/X5g3u5uZ7/tm5j3Jsiz8byUSiS7DMC7puq6QB3lha2tr7B9J/wJIpVJeSujw+XwX3e4yaJQE04SIphy/34fBwRdQ/pacTCYjnBwMBnd4PB5Mz8yC2U3TgmmZBGShQGCapkGZmprSCoWCi0wElWSyz2azv0vGwkKWgEyEz9SJbwonV1SEsLi4JNgt/lms0hLGL8SJgN+L/r5n2Fd9SLDzf0IBo3LyjY4EhUmQJNrtTXi2leVl3G48KhjfJeJgteXnLtgKWCqzcqA/sAWyLEMik4vGzwxgmTZj9YEj4tkq9kBmBfROADIcDscvJhc9L24eM86p0+hcjImyhAK9OB5JluBQlHV24bkE8vbkbMbOj/fwY8UQKgQAb9wQLoEZK7eVifrtJSG9ZNgHauYN5ryTqJoPIpfPYWi8V0xFAMjFOtm+fPrzXGz2TmAmN4vwyeOoCOzC8MRTxMe7kdcCNoDTqaClvkaMR9cNrK5qQrLL5aQyLLQPP0DNnggKcgEHy8N4NdmD2v3H0P35ORSqq3VkZOhE6aCQD6iqWsnTyWQyGqlzf8t9hVPahLq99UJR0+m76P/QTo3sgxKNRptKUtva2q4TyPmdVbsrVdWH3icPTZr5/ez3+SsT6TEplR5Fc7gLLS8vY4PDTR2SLbmUHIvFthJbLBI5eyoUCkFVPWhoaNyYz+ejhqXfir8fg4uuDjO7JAWjydd0eszW9ctE0hfI3vb0PD5cOv/FezEZv5O+WXttu9I9PXAVGFApfIWsnb43/wTyL6VPiDb06AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLjZNNaBNREMf/25Q1Lqmk2NYamo+amI+mREOhFhRS0CKKN8FT8NSeiiBIDiJYk4MXEcGTwVtI48FQouLNix48RCoh4GETqAmioTFG0qT52HT3ObtgqiGHPBgGdmd+M2/m/zjGGPpPLBazyLL8XpIkW7fbRavV+tZoNFbC4bDYHzuKAafT6TyZmZmxCYIAFVAoFMz5fP4x/brWHzsyCFCv16fT6TQymYwG0Ov1qNVqlkGxAwEUjI2NDa5UKmmAdrut2dAAnuc1z3GcBvgLGRpAM0AoFGJGoxE0SM3Ub0MDaOLwer2gQSKbzeKEoYIHa1P2nXfBqaEA1C5TK4qiCL/UwOLxInznbgiGgi6N27dWB64xkUjYyImKovBk2v3NZjOW2E8I7ss4dtKPnYmktdIsPX8YDJri8Xik14GaTIISXS4XTztHuVxGNBrF1otnqBt3MTZhhLz3GpO+m4C7C+dpezgQCNzvdUAVRY/Hw7vdbphMJgSDQVJfEwfFBKZP+elOn5HefIWltbuQxvdx3jqOl8lqmFIjGoCkypN0kUqlVBFpKzOw77h05gjGxptU/SvAFMiNT5hdvoO9t0/B5PbhENUEdWjValUDNOo12PU5GC1noTSzlNvCwnUXFOkHqTIHm+8qVuZ0hwDqQAM4HA44nU4sziqwzy9DGKuAHfwiRemwvZVTLwulncOk04qLrlF8iMzPceprXF9fZ8VisSeae1c6uLC6Cd1IgQC/KZH9t3ndURd2v2SQexNJcoOe88dHCxUmKwJTGLWv/GOs56F6xrb/AFceRXFTtLBJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLhZJfSFNxFMcHPUUP0aP0EoSEVEaY5QixFzMTRtLDCH1QqIbEKBCzTEyxPwotsbLUETSHmTUTm86mrk03N9eW253Oua2pW8OcS6Z3d7uzWd/uZi0qaQfOww/O93N+53wPCwDr7yyoJ0oqRG61oM9P3u3xkUUCQp3C7SnZqnZLsUDqXzK6wpjxrGPKHcHYDAVei3NpW86TkqSAcqZzTOz8vI4PLhp6ZxjmBRpycxAZZXJ1UkBjr4+c9myKJxw0NLYQlNMUxmcpFDZayaSAum4fScxHMGEPQx0XhzBMUBhlxsivI5IDCutNaqU1CNM8jRELhUFTrHsIL3Wr2J7XmXyEnQVdNUUCKz06E4LUSOK1fg1ygpmfPxpl7eI3/xdwmK/j8oUum/jtHERDC2iQeHHrhQePemfR2mNBToV6hZVyu2ZLwH6e4tClNqdVwyzL5o3AOEfD8DEMLfN96ZtevOuqhk7WAKXkJoRVJ+1VnPTcPwDZFTqhbHINVg/N+B6C0RUD0Bjol8KqbYduahEq8wqGDH7I9XY8rT0VOp994EQCUNpkd4zbg1BaSIxZKbxnuusdYfQ/vYIxsxerwa+4U1mNWCwGIuge1OAa56AqAeAL3bTBEYJ42AcV47uOsTG2fZnoKmSG5bjwFyC6sYEOlRvNl9mrCQCvxRXR2kPoVCxDYQlu3sAUhVcPStGtWcT3n4BYfmMeDwdmcY+XGUgAcq+bXGKlH31afxygYm5BbiZxv/wcOmUqfApE45BYzH+J4nHHM5SxUxW/7Tgmzd/B1beWNdsxwgjHbRSzTBIdXQo08dkQSSR4PkRAPDCJdlEbqjhpgTOZaex/Dmk3d3gpg2/w5t0gAjmVRDT1gi6653Rr8OzxPLq2+OhGfXF64GLWXjnnyL6sWP0PKd/8SStdk8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLpVJda5JhGPYH9Ac66bSdFHTydtDhIAiCiA6CEbGiL1bUTgaO9pHk1+y11ymyNT/wYypMxzanqa8Km9PJxg5EJcWBJq7OzUHIRlfP/VQyKWLRCzcP78113dd1X8+jAKD4n/pngtfrhdPpxMLCAqxW6x1FLpcD1dbWFjY2NpBOpyHLMmKxGNbX17GysoJgMIhAIACPx8OxR0dHODg4gMlkKiuy2SyOj4/R7Xb/Wp1OBw6H41O73Ua1WoUkSQ2DwTCiyGQyvNFqtZDP59FsNkG9RqOBZDKJ/f19RCIRjgmFQiiXy9zRzMzMYC+DVCqF7e1tRKNRYXNzE8vLywKRFxcXBVrDZrMJRDabzYLP5+P7q9Xqgd6AeDyOYrHIM6jX6zwDUiZypVLpKbOBKBQKpI6pqakzfbewurqKw8NDJBIJsKSFcDhMSgLZZWEJRNbpdILdbicyfrtGBpzY3d1FrVYDkUl5aWkJpVKJBnJltgr29vagVCq//fEduN1uShrz8/OwWCyUNFjS0Gg0UBqe44VlCI/e3sDQ60FcU16cOPVDeiLdfKUK3kOkbEXhswwpOYLb0gVcfnpW5ACXy3We2Xs3NzdHScNoNEKv11PSmJ6exl3dVayVTFj7YKbdIaYeQko9pgFf+QAWFrczOzs7KoriR0YePeng+stLeF+24+QXLlppwA8Ae9MTLGl+XTs7O/D7/Tzp8fFxjI2N4cqzc3gj34dOHuZkXWK438Gv0mq1UKlUmJyc7HPAgOpb4gCM8gOuTCf99zI4TTGwntUXsv3z1FP/O6UL4ZoSeea0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJaSURBVDjLpZM7aFRREIa/u7mbNW5IjEQ3WQlBIkaLiBYWvkBi7H0EDGgjaiNY+uoECwlop2glWGknNnZBIRKCZMWooCz4Im6uya5iNnsf555z5lishYVKwCmH4Zv//5nxnHP8T/l/al66X3VWhNSAtUJqBGWEe2f7vBUBVCrs3bIaI4I4MNbxaKa+cgWxFlIrVJcM2jo621poxLJyQBgbUiMkWjDWofwMy7H5M8BdPt9MUQSnDU4boo0XUakj0Q5thFVZSz2x/1BwYARE8KzFs5blWUEZR6ws2kJb1lH/mwWnDZ4x8KIERsO27TTilEQLUdq0kLR6mFj/BaDSJkAloA1ow5JyKC3EStDW0Z4TJBTOTZx0OjWkqUYnGqU0viSKjDGQKNCaJIoohDN45a/sKqyl/GmRSIZpTVN6ZjZRXF9ksbaI35Pj6dJjfIl/bVYKrRQPXr/h0JZ+jh07QRiGDAx8YWLyGQf7YPTwKFk/SxAElEolzDvwJUogTSGOmap95/1AF0eHh7lw9Q7fPpco9vYwNDSEDgNuXL9BEAR0b17H6SOn+Dj3Ad9FMfyyMFtfJt/R0Qxn63Eab6cYGxujq6uLRqNBtVrl5u1b9O1szqzpWIMvUQxaw+499Lx6zXQQALD88i4ZTxgfHyefzzcPLAzJ4KGfR9AHc5UveFdGrjnRBqcMdfWDSqHCjv37KBY30NmeYWFhgXK5TC6Xo7+/n0KhQD1MmK9UeDI5jff7Ow8ODrb09vYO5fP5h8VicV0ul2sBMrVa7QxQ6e7ufghklVJ2fn6+Gobh4Z8+rmPjNq74hgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLfZNLaFx1HIW/e2fuzJ00w0ymkpQpiUKfMT7SblzU4kayELEptRChUEFEqKALUaRUV2YhlCLYjYq4FBeuiqZgC6FIQzBpEGpDkzHNs5PMTJtmHnfu6//7uSh2IYNnffg23zmWqtIpd395YwiRL1Q0qyIfD56cmOvUs/4LWJg40auiH6jI+7v3ncybdo2Hy9ebKvqNGrn03Nj1+x0Bi1dHHVV9W0U+ye4d2d83+Ca2GJrlGZx0gkppkkfrsysqclFFvh8++3v7CWDh6ugIohfSPcPH+w6fwu05ABoSby9yb3Kc/mePYXc9TdCqslWapVGdn1Zjxo++O33Fujtx4gdEzj61f8xyC8/jN2rsVOcxYZOoVSZtBewZOAT+NonuAWw3S728wFZpFm975cekGjlz8NXLVtSo0SxPImGdtFfFq5epr21wdOxrnMwuaC2jrRJWfYHdxRfIFeDWr0unkyrSUqxcyk2TLQzQrt6hqydPvidDBg/8VTAp8DegvYa3OU1z+SbuM6dQI62kioAAVgondwAnncWvzCDNCk4CLO9vsJVw8xqN+iPiTB5SaTSKURGSaoTHHgxoAMlduL1HiFMZXP8BsvkbO1GD2O3GpLOIF0KsSBijxmCrMY+FqgGJQDzQgGT3XrJ7DuI5EKZd4iDG+CHG84m8AIki1Ai2imRsx4FEBtQHCUB8MG1wi8QKGhjEC4mbAVHTx8kNYSuoiGurkRtLN76ivb0K6SIkusCEoBEgaCQYPyT2QhKpAXKHTiMmQ2lmChWZTrw32v9TsLOyVlu8Nhi2G4Vs32HsTC9IA2KPRuU2Erp097+O5RRYvz3H1r3JldivfY7IR0+mfOu7l3pV5EM1cq744mi+OPwaRD71tSk0Vsp3/uLB6s2minyrIpeOf7a00fFMf1w+MqRGzqvIW/teecdqV5a5P/8ncXv9ZxUdf/lCae5/3/hvpi4OjajIp4ikVOTLY+cXr3Tq/QPcssKNXib9yAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpZNNSJRBGMd/s7q50ZoWISZSRAgF5VpELFJ0CK9RneokEl1qO3URpFNCXqIO0aFLEF0iiAj6JBB0WYwOoikRJiXUYqbsumv7zvu+M/N02BV30YPgc5h5GPh/zMz/USLCVirCFqt+tZGfb8UUFxEJEBMiNkRMgBgfsT6EGms0YjwINU0Xn6haAmuIHrm0TkEEFFQWQCD3/PJ6B37+N9tFEOeVDxSIOEAhrDGoSAMSehtcwRhcMI8pfgLnIxKUdxeA04jTiPPYtucCLixtQGB9wCBOg4QVUDVYI64EYpBgAwdmZalsuUbZwzldIfHAeWUR8289gbMaPTOK8b+DDUAMVheI7W8pKzuNWA/E1byBWg3S4oteibZ0EO86DzhcMEdx/BkN+3aBlBie1YzMOZY9j6CU489K/tabOxOD9VVMhAuT5D6m2dl9FaUUTkKQEu+/FZny45w5fYL23R0MT79kbGr0djLV1hyp/u/Gk72E+b/kR+5VwBqxmtdfc3QdSmAjlsTeHqwKSR7tBri+FmWjUXURdhy/gphmiplX1MUSxFr7WCgsEVVxzh2+AcDNs4842NIJEKvKgSb37j5iNBJ6BN4XmM1Q+vyUQiFgOpthIpumv+cxQx/6iNU1AGi1mWlMptoG2w80DXR3nqKj9Rgz8+NkJtP8+rF8V212nJOptiHgGtAIFIGHYw+y/f8B3ntD1Kp2NbQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLhZHfT1JhHMb9F7ptXXXR2lw/Llp3blnNZauLtmwtp15oWsu6oJZ5bKyFQiGIEIRIKoEsJtikWM1JmiQhtpieo3ISUoEINiJNE2SgT5x3ZiVZ3+15v3t/PJ89+755APJ4PJ64s7MzZDKZYDabYbFY0NvbSzq35867u7uh1WpjfD5fwXl+iixqtXoi2xfw/0ppNJrPOQC9Xp/O9vXTvCf4l7jKJkUOgIvH1bmGPlQ1D6Na+gY1Micut77FFcUoapVj5I4rnU6XCzAYDJuAmqz50hbzNdUvQJfu8d8BmUwGMzMz8Hq9oGkaHo8HbrcbTqcTDocDQ0ND+B62gzWeh8/ahPGOIkyo8ssJYCMWmXxLSwtYloXRaIRYLCag6I3rmKUKERmswyJtA5bDWKAtcElORAmgo4MMBqFQCIFAAH6/Hz6fj6RhGAasuw3xqTtIhZ4h8roZCeYpMvMjYLqqkwSgaW8nAKvVCrlcjmAwSNLIZDLM0ibEJ29jLTGCxMdaxMeuwmuoBK0t+zKmOLOHAFQqFQFEo1FEIhGEw2GSZp4x4ytTj7WkCyv+CiSDpViapjCnORJ9Lz1+cHOIcrmCAGw2G5RKJYHY9HxE3tVtmMuRDFzAt8kGsKoifJAcPvTHLzRLJAQQi8WI2FEjpvtvZmM7kJyrxGqwDIvZJH7NSTyUCnK/USgUpocdjnW73Y6+R3xMvaAw8bIVn9wlWJkrRXz8FrzqUxgZ6FsXikSJHABFUYxA0LgiFIrQc/8YsDQPtv0sBqmdcLYVY0BQgAfCetwVNK5m37pyAL9LcDE/nXIpkXLL4W4qRE/VruX++v0Htr7bFlBSsCMpqtibfnWvOG2XHh1+Xrdv93ZmTj8Aff0H4WdEl0kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZO7T1NhGMY7Mji6uJgYt8bElTjof6CDg4sMSqIxJsRGB5F4TwQSIg1QKC0KWmkZEEsKtEcSxF5ohV5pKSicXqX3aqGn957z+PUEGopiGJ583/A+v3znvPkJAAjWR0VNJG0kGhKahCFhXcN3YBFfx8Kry6ym4xIzce88/fbWGY2k5WRb77UTTbWuYA9gDGg7EVmSIOF4g5T7HZKuMcSW5djWDyL0uRf0dCc8inYYxTcw9fAiCMBYB3gVj1z7gLhNTjKCqHkYP79KENC9Bq3uxrrqORzy+9D3tPAAccspVx1gWg0KbaZFbGllWFM+xrKkFQudV0CeDfJsjN4+C2nracjunoPq5VXIBrowMK4V1gG1LGyWdbZwCalsBYUyh2KFQzpXxVqkAGswD3+qBDpZwow9iYE5v26/VwfUQnnznyhvjguQYabIIpKpYD1ahI8UTT92MUSFuP5Z/9TBTgOgFrVjp3nakaG/0VmEfpX58pwzjUEquNk362s+PP8XYD/KpYTBHmRg9Wch0QX1R80dCZhYipudYQY2Auib8RmODVCa4hfUK4ngaiiLNFNFdKeCWWscXZMbWy9Unv9/gsIQU09a4pwvUeA3Uapy2C2wCKXL0DqTePLexbWPOv79E8f0UWrencZ2poxciUWZlKssB4bcHeE83NsFuMgpo2iIpMuNa1TNu4XjhggWvb+R2K3wZdLlAZl8Fd9jRb5sD+Xx0RJBx5gdom6VsMEFDyWF0WyCeSOFcDKPnRxZYTQL5Rc/nn1w4oFsBaIhC3r6FRh5erPRhYMyHdeFw4C6zkRhmijM7CnMu0AUZonCDCnRJBqSus5/ABD6Ba5CkQS8AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJMSURBVDjLpVPPaxNBGH3ZJCQkVSEkJJja0MSCabHoSUEKerAgggRy0ZP9F4QeDAhepKeeBA8GPFQCEutdCMRSSYkimouIVqUkNW1iyJZN0mR/zvrNwtbUGjw48JiZb773vvfN7jhM08T/DNfwplgsekjwBuEWY+wMzVMEWrKPNH+j+QmhmEqlDJvjsB0QeZrWz0Kh0GwkEoHf74fP5wM/lyQJ3W4XtVoNrVarRLGb6XS6bhF5AkehUFirVqu8nDlqaJpmVioVM5/Pr9g8wbZCm5lwOPzPnqPRKKjItSN3QEFLsdlswuv1wuPxwO12W7F+vw9RFFGv15FIJKzckQIulwt7e3uQZdna67qOTqcDRVGsMx77q4Ddk9PptBzwZA7q2xJZrWYw0PaRmXwBwzj4CL/vwHbAkzmJgydy8JiiqxgPJpF5eR0aUxwjW7AJD98swGQaVKZDpf3JwBSSkQvoyvtY/XE/+HT57tjrRbF3RMCurjMVV2duwzAZDGaATrEjbePs+CX01AHe19al2QdC4JAAB6/OIZNlTq62v5JlipEbzdDQUbo4d2oOPa0vvN0qtQ8EuHX+qehPRKPRIAEZuqEjfHyCyIYltivVEBiL4MP2Bja+l1qqjvlhBwvlcvl5Mpn0x2IxDHQFK+VlugPVchMPTuNifB7vqiWsbRbbso7LO0vmJ8fwa8zlcpMkdI+QFgThBH8LvB3u7LF4xzw/MedY33y1qzDzCpG/HHpMf45sNnuMyKcJjC718yNpUTSY0zdgRvznkrll5/0CZpfQA8IRXj8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHYSURBVDjLjZPLSxtRFMa1f0UXCl0VN66igg80kQZtsLiUWhe14MKFIFHbIEF8BNFFKYVkkT9GKFJooXTToq2gLkQT82oyjzuvO8nXe65mmIkRHfg2c+/3O+d8l9MBoIMkvi6hkNDAA3om9MTz+QAhy7JqnPO667poJ3GOdDr92Q/xAwbIrOs6GGOeFEVBtVpFoVCQkHw+j0wm40Ga5k4C0AXTNGHbNsxv32Hu7YNtp1Cr1VAsFiXAMAxQkWw2ewNpBZDZPjiA+XYebioJ9nIKqqqiVCrdGUlm0gpwzs5hzrwGX1uGMTMLtvrBG6VcLstOcrncPQDOYW3tgCffw0isg4uqnP6J8AhCnVAelUqlPYD/PYE59wZ67BXsL4fg/6ryYhNC82uaJkFtAdbHT+CJFbgbCagjYbDNlDev4zgyH4KQ7gA2n/fMUWWeiAtzBMrgWABAXciAhaibAKAYnXyaGx3/5cSXoIajsH/8hHP8B87llTSSqAMSmQMAfSL2VYtET5WRCLcW3oHt7Aaq+s1+eQAt/EJXh8MNe2kRSmwa/LoQeOsmpFUeQB0ag9I/jIve0G/n6Lhx3x60Ud3L4DbIPhEQo4PHmMVdTW6vD9BNkEesc1O0+t3/AXamvvzW7S+UAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGKSURBVCjPPVFNSwJRFH1SPyR00V+xIqJVREIEUm6VFm1ahFvLiiI/oE1QRlQgUtgHlKhp41dlokVFpKmjo41M69MZlbi8d+Gec8897z4BoYcwREdj67fJsHqunkp728cjvToR/UoYs66I9og6OvjEA0o41FzeXWOfkB+6CZQIqajhGz/MRWQRh+dg3USCMNyvvbG3xVDQ5JFRJkXFNZZ8JNyZw1qbfTrUZuhwk1mihktbGRNxd45QqxvtroqMBip4pZcYHB4Rkhr44oh2H9bzJ/srHBLEYkoE1RZF5X8PLZ4qnmm3SqsOlQSpC1X6KhU+ssacwxlvW0ccSWnObOCdkK7ygUcSmijQ5BNsKeH1FMnOkK2wWOCtII9LDlCxBeuWCJh3tTynKVRJItG1meUOyqTMaTMT3KTTdwUNUYa+i3uCMvcSgR+2VTFAwo5xcz/EV6dps06VKLu/EMDUyeRw/7NcRoffqcXp+4I2X+DB9K/VbTH9/6Yey6MLfrtkV62d2cz8hmVcDPbqfy6NlFRFHkA7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLfZLPi1JRFMffPzGLNkW7Ni1aJUitI4IWLVpm0RTUohazqkVU0GhjGcGU1NA6dFQ0FX09QVHxVzr+eE9RRMw0NVslPcmn8517nulkOj44XO6953y+33Pf4SRJgiiKyOfzyOVyyGazyGQySKfTSKVSawC4VcEVCgWMx+OFaDabKiQej6+EcKRMBY1GQ1Wu1+szCJ0xF4hEIkdCOLJMyaRGB8lkMt3v96EoinpOwFgshmAwuBTCkeo0kRX/YZYbg8EAnb6CwLeJk1qthnA4jEAgsADhSHlqeTQagYp//B7j+d4+nn4BhMbkrlqtkgv4/f45CMd6lHu9npo0HA7RZsqGzD7eiMA7CdjaO4RUKhVyAY/HM4NwiUTiHOtR7na7alKhp6jKZgb4UALeF+ch5XKZXMDpdKoQlRKNRrWsR7nT6ahJxZ8K9OkxzNIhxJAB+K8TSKlUIhew2+1rs15CoZCW9Si32+0FyA4DPPpkx/23Otx6eRk6/QU8MW9gd3f3xNyLsv60giDIrVZrBnnGIA8cH/HYeh1ucRvZ7zxMn+/gquk0zt49Zlz4rzzPa30+n0yTSBCJQa4ZLsJZeAVn8TXNCozCOkzCbQIMlk6X1+vVut1umSaRIJcenoFX3MG/nyu/TYCjZ9zlcmnYS8s0YOfvncQWfwObvE4t3vTrVjuYhsPh0NhsNnnDtI4rxlN4wd9UlWml/dI3+D+sVqvGYrEcZ8l6Fr/I9t9VT/cHUXogzRNu46kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG8SURBVDjLjZNJS8NAGIarv0PBuzcV/4MHwYMHL/4CPQsexYvoSW2RioiguJ9cigtFKhpxqVtBXGqtVRO62TbJNFMb+zpfNKJVMQMPCWTeZ+YdMi4ALjGqBPWCxn+oEVRSxsb1IajnnGeLxeKraZr4DfEdbrd7sFxiCxoprOs6GGOf5HI5ZDIZxONxS6IoCjwezzcJjQoS0ATDMFAoFKwnoWkastksEomEJcjn86BFvF6vJfkhoLANCSigqiqSyeSPSh9nUvFNIGp8TqB36m1XSaVS1k5kWf5bUM5XCe2EziOdTjsXmGYRgVAMi9I1JrbuMbPzBF/wAS8F5kywfX6PlWAcNwrDXYpj/1bF2mkS/pOYM8G8JOPiUcNBNA8pwrArCMkcs9vR/wXUf9wfRTjBId3q2Anr8F9qCMY4pgKPzgSzovPFE0Pg+j1MHD1wjPqunFUIhBTsh1Uci9Be1MChWH35TIN3cgl97XU95YJSueBZ4zi8ecaCOIu5XRljm3cYmfQhtDYGabidTXfWttl3oUH8fUyE/rxMNpGD1dLReEcpsj4EX28TswXVJHFwnS26mqu6NwdajY3+FrwBN5GpoomTEloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKXSURBVBgZBcFNiJR1HADg5//Ou767jblWM9qOyWZSXlqCNMpYWbKo3VMEhYJKEn1Rlzx0CSmIIq20o5fCQ3QSskOXCPqEuhQWXkLsg3V3xtVN23LW2Z1531/PkyICAAAAAAAAAOSw//CpY+Ug7buyXA5fWwEAQAUAjBSsG3Hy0/f2HMqhrNL+t17Y3tzQbKaUcoFABZIIIqhAKAernnnzi4M4lMOVa2XRbDTTS8c/1tq8XlGrlFGQjcoSWSLLklqWzP521tuHXtQvU4IcllfIstydW2939wOTallNREnKSUmWkpQyWZYZqmWqCoAcoEJRDBseWUsEAAAACIEAOUCF/mpPv3edlERUqihVVSYhItRSabC6LKICkANEcHmp7e9LS/rVQBWlf1cWrJa3SYANxVXXu0tEBiAHiODiwg2GLvSACKIpogfgqhEXLgQAyKFCBFltDRVl+4zG6h9aG27x+9wlvc0PS8OjivOfmdnS8MnJE26OKKampuo5QARRlRZ//dy9t4Y9Bw/odru2zs356ofv9a2x76nHFUO5TqdjzdDPw1/+te6NHKKqJLTPfmPHlhvt2n3AK4eP+O/iea2xMRMTEzqdeR8ce1+73XHf/Ts9snvK7Ozs8xkkEB7afpfGTevBa6+/o98f2Lt3r8nJSTMzM6anp/UHA08/+zIYHR0tclg3ki1Vg97oHZuafjnzEzj14RFVWTp69Kh6vQ663a6qCh+dOG76sUfNz8/3UkR48tVT7w6qtHPpn4V71l79sb7rwR2ptWmT+nCeFhYWnDt3TlEUxsfHbdy40XJvEJ323Op33379Z4oIANu2bauNjY1N1Ov1061Wq1kURQ3Z4uLic5hvNBqnMbSyslK22+3L3W73if8BE1ob/QNlaFEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLnZPPS1RRFMe/b3zk5DCVmlq+0ZBCoTEXWkEELmzhqiCocNWyTav+gfoX2gq2bhET/VgUIczKoVUGxthIKqX1tAmG+cGM7/56nXvezDCtDC9czpl7z+ec7zlznxOGIY6y5p/N3ZVKLcb+J/j+23uphczt6x3wLYKfe0Nne53DFBB8QQiZFkK8FFLNSynjBL86MzDY9X13t3qoAoJ7Cc6kBrwYwR8Ifn3OSzFM19POYu4xSzAmpG2gaRutQYFQStOW+H1Qhh9WcTKZRK1exy9/D+nEEI4hBjdtPAwPX2pXtC2FoWlu6yv2Pxe/YulLBk7o4MnVBzgdP4H19WW4LTAIqgxYFRGsyddtez7ej0cX71AFg+NaQWsJKRtRAgtYsKfnFEZGplGvl7C/X8Do6BU6l1hbe4PJyZuY6nKxsZFFqfSDz5UKELM92grGKIa3tz/SxQHBl7G1tYJa7Q/Gxq5xcKGwTEX6eC6RAkqgteI+7YFdlYqPzc0VNBolTEzMIZHog+/nkUwOYnz8Bsrlnxxri9pCMWMa0NyTTQS+tBXy+ffI5ZZ4Lp43hWz2KXZ2PnErVn7EBHCtDCtfa8FDmZlZYGlC1EhuP99VKnuYnX3IfrH4jeGobQ3X9hZlE1hdfdGeRyug85+wtjXwyCq4QRCwpO7uREewafqm/bv1LujJNW30CZCCBvX7jvtWys4hIGvfg+AkkVzFQGT/Xc5RP+fW+gsEgchGXj0/PQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALGSURBVDjLpZNdSNNRGMZ330V2GXXVRXVTICRd2IVIIFGSoJDWRUssRREJiswP1La16aab3x8tyoWl+T11tqmYmJbZh61pfvWFKZmoqZmp236dv1MxKrrowMP5n/95n+d5z3veIwNk/4PND1dz8z5nY2P0al1d0nJVVdhSebnXxt5cYeGO2ezsmGmtduyLUtnxOTn5+C8CLosl1tnQMONsseJsa2WlvpbF0lLHgtHoPVdQsHfWYLB/M91mtbuTH1YL0+lqxuLi7nyIitomkQOd5jrcQwMwMgQDDhgdZqW9jbn8/I8zen3/ktjHYYdHD0GISDEz+kzeyuVK2arZbHU/fwovn0FTI5jNUFMj1r24ertxdgpSbw/cugU3b0JREZSZcD59zHBo6Lhsubr6k3tkEKzNUCecagW5shLu3vUIPmgCo1GgBAoKBPIg24DrSRdvgoIWZKJYX9yD/VAvyBUVUH4PTCaPY8k6KU+QcnIEUQ8ZGaBR4+psp//YsTnZosk06nK8gmrhWnrbk+YGMTcXDAbQ6SA9HVQquJYG1xW4ujqw+/svyBZu3Cherr4PPV2e9La6abXCUQNKJaSmQnISXL4kjljGpEpBn69vsexrXt6emays90uSiFClpNDjJEFxTRBT1ohWVSSXc09zIesk51RH0YYd+v7Cx2fXWh9MqdUHJ1NTe+ezM3FJV1UjCphwFRITIP4KDSlnSas8R6Mjn74JG/qWaE7pD3A4ZqdusxMn4uO3j128qPgYHT0/byyGZnGdyUIkLpZwTQD1rw3UD4ijiaFrPY++NVISWPqtt9+Fhx8aOXPm8VSSILfboNXCiURvLA4jW4fZni8J/PmBDIWEeA0EBuY6AgLc4xFyjsTsdmpt4aht8jWy2ir/ewZbYffzCxaVjhOBymDdfjJtEWvO0iytf6nBvyCCNQLzUtrrs0b6/xNhTevE6BlD4wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLfZLNi01xGMc/zzm/c9/NDMZLudOENGPyLkphw5aFkrKgLFhbWZCV/AeyVBMlpCQbFEWRBRKGMcMMo7yOe+fOueeec+7v91jc8TLT8Cy/PX2+377PI6rKbDN0/XhQ7Gw7XChkDmWydrm6sGDDcWsnK9V6JboZ1jix4sCl9zIbYOTW6Uxbh3++1LVqr18sI0EB8Qzqmrhogvj9fcLh26MTSecuM5t7Pp+cKpU37g0617cE9UEASfFKUFy9GzLzu+3jCzv/AYgOmfYeIAWKYHIIPuAghWb0inx3L/HQvCOzAjwXtUuQxTXGkKCE/RGCKprW8doNLnqOV1qKZOb1mMEbm57m2vr6RLw/CeKmn4vqoCNEr+/i6lnED3CNGl4mxZQNfn4ztvoFI+r1dm09F4gIKIAy+fYO0evLFNftIR29SG7zGrwgRjJdTFy7Qn7lMWovBpj4/PWhoakNXJKNP53FJj54bfjBHMI4QF7cI+hYi+cUsTkkVbKLN1AfjKg87P+47Oi9LYa0ld01C1PuD6i+fDK9lIGZLQ2w4uijMoDBeT6eT+3dIMn4B1xcZ/6mfXSs248gVGuKw8e5Bs4F5AslPvXv+I0yNEHwWbDtJKgFdYAl+XYVbEi9YvFziwkycxmvxLypLmThX1kMqaqqJfnc37qzKtACqaYUsvBmdIxqOMa37yHbdxwkfPY3IFHXql9b7mpRTUCboAlZ02BVdx1na6idpLikzNC0BLE6RKYcm6ApuBh1MWgDdQ3UhaidBBcB3rQ6jaYua8MKyCJEBPBR35t6XRA8QEAFMNioNgMQx3eHz+zcgrb2/ju/dpx78Ev6CYWKMs7gLifFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIRSURBVDjLhZM7a5RBFIafme9bv2TjxkS8IN5SWGgKu8QmhYWFbf6DtT8kVoGAKQRBC8HextrGQhDBxoioSJSV7Gbdze53OTOvxV6yaogHXoY5HJ55z5kZJ4mjwjl3BTgPuHEKGBc3ga+SIpKOFLBSlmVhZppWnufa2traBJYAfxxg1cw0GAzU7XbVbrfVbDZlZur3+9re3t4EltwxLaya2WszI8aImVEUBYuLi5OaNE1vef4TSZLgvSdJErIso9Pp0Gq1DiEfXqy8nZlfXnZumiWePbjZHDkhSZKxK5xzmNkhwMlfv7z2uOacG81Y4BxXeXlxqh2SJME5N9lPAJhyYpkVPx4SygT8PM418MnC3zP5BzQEVM7HUGBFDUVRtd/T//6Rxm6TLztzSAFZCUR8fQEUSE6d5tLdpyOA04xCTjVwqDyg6omzaxsspheoz51k+pbGJ39+vj7twJPOnmPhxj0ggoSIFDv36ac1UPhjuLPXHiGJEEIPCCmVpJAT++9Q6KDQRbZPYXWqQY7HhmACMQbK1i69vW/Ksuw20EwpkKIRq5/IOkOI7VOfdZC5oSMZqEKxot6oMZN5k/Rm2EIpOQKyFrL9oUIH4mAE66LwC4UDFHNQDjb5VKQqY9v6e/Wqd6JBbHipBrEBOoNCAZTID1fnA6HoSWUsDgF5sfFpe30VcQdH49h3LcC9Kol6Mk79BmoIbLI/IOsSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLlZLrS1NxGMd90ZvovdEfEBEUEhZIb0xMjdyLIuyGkiHGUFKydFKKJiRegjIyFJRwojMxzfJSaVOYeTfxtpSNuZ1tXnY2z27nsss5334uWloG9uLD7/A7z/fzPPx4IgBE7ISl3qWyelUvu9JIueZqeOdUmcCMFDgcQ3fntjSK0j/rwx+csesIZ3jbL1j6EbCPIej5DpE3QRIoBJ3LEFb74BjIxkbXVYNdrTixS8Ca3h/y6pSTfloD0UcRjCS8BJGbRdA7QRgjd1pIfhruyeewKOMdm+rCw2GBV1tXKZh7SIEVoqAjpwVS0AlIvhBSkCGyeQRcPYDogO1DNixvrveFBa6ZCkuAmSe1OtJpFVLATkJboWCIAE3+GYngI6ENgnUK+hcxfFiw9fWRT+RWEWTHEeRmyPhaMvYCgu5ZEpgkbzCCgPszBNsr8NY8iF4Ky5WnpLDArs41+zYnSPdF8OYi0qEcTHc6mF45mJ4M2Ftl4C1lYPU34KerwFNTWKmO/j2BfbiwghmvJuPawZsUsNVHgTPlEx6ANcjJeR9r5QfhWUqEJOlhbc+FoV42FBY4R0sPbPbKlz2LLeQB9aCbYkJhzpIFlkoDZ8zDRk0kRHYYrm8d0JYeEyyduUd37QH9pTBqvSOV9iy0wtmZ+VNAOm+HOeM92JtlYDQN0JYcD1BtmTf/WqRtbJ/yTxtUt9fXGhPBq5MhriVBtMYhoLkMQ1Ek5sqi3eb2O4l7buIvhlRPkmsfZ/ibax+iruosnpacQUFOOq7Fn5TUypJz/1zlnRQr5JSypRVKZRvq6htR/ewlriTH03vV7ilQ5NwaHRgchM1GY3p6Bq+bmpEii9XtWzCgqkhLuXSBTUg4L8XFxUoXk2K57obirH0L/ocfNQ8V8wE+uE0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJBSURBVDjLhdKxa5NBGMfx713yvkmbJnaoFiSF4mJTh06Kg4OgiyCCRXCof4YIdXdxFhQVHPo3OFSoUx0FySQttaVKYq2NbdO8ed/L3fM4JG3tYPvAcfBw9+HHPWdUlf/V0tLSqKo+EpEHInJFRIohhDUR+RBCeDM7O7ua55QSkRfVanVufHyckZERrLV0Op2Zra2tmXq9fg+YsmcAdyYnJykUCke9OI6ZmJgghHAZ4KwE3ntPs9mkVCohIjQaDWq1GiEEAM5KoHEcY62lVCrRarUoFotUKpUjIL/y/uqXYmV62ph/LSVrr30P4bEFcM4B0Ov1jk547/uAUTs1ceNdZIwB7V/GGHz6+9LXxY96eDiEgHMOY8xJAK8p4grZz5cElwNbwZgyxYu3EFM01lriOCZJEqIoIooiALIsGwA9Y1UcwcWoKNLdpLu9zvbnBWqNBhuvn5EDUmB0EH/1E2TZw5U+YLQovkun+Ytsaw1xCbnCOap334LC7s4Oe/ttvA+ICLmhMXRxDufczUECS37oAuevPwUEVFFp4/eXkXSdYc2IopSepnjtUh5/wg9gfn6+OQBUNaRIUkfDHhraSLoBKqikIF3yHJDLHaAkFOLciVHnyVAVj/S2Ub/XRyQD9aAZKgkaOohvo6ENgykcA07VEFDfQv1uf4W9Y8y30bCPhg4qKZJtMnjTPqBO/vhkZ7h3EJeRslWNQMqgY2jIAIfa/m5sIKSpqpPsGEiz599e3b+GchtD+bSvjQJm2SG6cNj6C+QmaxAek5tyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLbZNNaFRXFMd/72U+dDLNRItGUSeJiagTJ6IQhdhaWoopFCJiF10UBAXpSlHcddHi0oUbkXYRFURE/NiIIjSkpCpdtGoTJG20iUMsMZJokhmqee/de8/p4jmDggcuFw73/s7/nPu/nqrSe/hch6peUZhD6VYUVUCVeNPaEmcwYbn06/nv1gIkiA8cVNhQLOS96ZkyqtVLEMMEFZgvv2IhVEQTrbyJGAA7i4U13qeda8ivLKIxAVGJq0pcfVljhsyiBDt2f8s7AFSXFDuauXVvjLm516gIAFJVoYqKMl95TRBGvB1vWsBLpBKs29RMe9NSnANVQURxTnEiWFEWAsPlq4PvAyjOCRPTFVJ+kiAIMGGElThvqSORTFFID3Oy+xfqdnUyfLZHvWByX3UGiBOsM4RhyJ5t7bH8WB2qyp27fWxLP2dx8RtyrVuYL61n9Oe+EzUFxgnOWKzzuTD4F6GxWKc4K7Sk/2DPpjINuR3Mjv9Nyov4oGEF2Q/zuRrAWiEyhkhA/TReMgm+sjr1gL0bZ2lc20M4dYlUxmNiaBQTRC+Dhf+6q0PEWIcNLKFxWCcYJ6zkPl93lMi19RJM/oSfsiSzzQSzI4j1P+862v/YrylwggkNoXEExrGkfJuv2sbJtfcSTP6InzRElRaeDtzj+4EGth7tHwLw327BRDGgsXKXL/LPWN7xJdHzPupSSlhpZur2fX4Y+Yyx+XTtGf2qYSLrsKGl/lk/vflphFVMPTyFEPBqdhWlwYdcW3SYF1H2vUaKDRM5CjpA4aMzPLp0jMd3fiOd30x5ZoqbyYNkMktRxhCRp+8oUFXwfbq2d/JofIZo5Aatmz+mvn49//75D0NNh8g2tWGtoAphENbs6Kkqn+w/3afKAUVZ8eQ4W1uX0bWhhYmonqulTuZMtvYzUa7/fvHI7irgf/y+taODWkwAAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVBgZBcHda5V1AADg5/d733Oc7tjOaNs5GC6KdrEwmpPRxG7spoKghOim7oK8y0MIEQRL+geGEIQ3UXQvSJ8IafZxUbjQhRDZoU60iYsSc9t5v87b84TsVe3mrBWpHoCICIAIACixYTUfOJM2Z62YO97TOULSIKaEQAyESAzEgISAgLpi48de87MLUqmezhGyhO4SCW7f4O81YiSJiCQIkbqmNcXMIjMXeilIGsQxDp8AnKDY5teL3PyU6h4CdY3Av7cYu58R0QghZWeT9fP0v2V7i8Y4j77As2c5sAwIFAXDgjInJxURAzub/PwxMZBGphZYeIWJWZ44xdo5bl4kK8kzioohUUREd4kXP+Kpd3nkee72+epNBleAxdfoLJBlDEuKkpxoBAkBjXGm53n8ZZ45S/shrr7P75eBo6eo9zAsKCqGRBEB/1zj89e5eo7tLRr7ePJtWg9wZZV7t2i2OPQcw5JiRE4UESN1ZPc2g0tceos/LtPYx9HTaPDNe8Dhl9gtyStyUiMIJDXLp2m0GHzN2gdMzdPq0F3k+pcc/4+x/UwepKzIiSDWTB/iwBLT8xw8xt07rJ8HHj7GbkX/B+DBxyhrciIQ2N2i2AG2fiPL+OsXoNVlWPDnDaC5l6qiJJWjLlHxxRs0JhhcIyvp/8SHJylKdiu++4Tr31NW7B8nkrwzp627d9nkHM0Wsea+GSY6tDvESEyY6TIxyZ4GSUp/nTubqyF7WrvZtaKrZ4QSQ+TIMUSJHCVypGhaHW448z+h1tLAgvKk7gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMFSURBVDjLXZNbaFxVFIa/c84kPZM4M0lNE2svw1g1KG1NEKt9kAYLZbRKlBrQvhYbURG0L1V8MQYUES/QIhrQJwXvtAbxJQVHYiC9DYWCTpVOgkwzzSSTuZ199jln7+1DQDr5YL2t9a/FWuu3jDG0kZsaBI6j1AEcPUQYggrz6OA3hPycZ97+69Z0q00gN/U6Sk3S3RvHjQM2GAWtBoR1qBQFOnyLsY8+bBfITXVizBnc7iydLtSXwauBpUD6oANwNkGiB2oVqCz8ShSM8uK3gQ2AUu8T784CsHxdIVYP4ntdZN+0GJ2wEM0uajcOUswrlAI3mUW23l2f4NzpPVjqMvE+h+qCQspdmHAFFZxEh48RSNDyHJ54Dyu8nUD+w8A9DsWLCh3ujaH8Y8R7HbybIL1DmCAiCq/Q1ZuhsQK2BbHUfrzVo0j5KFIeonxths07HJauHrOJ/Cx2J9RuQiTm8Jof46YylK99R31phNXSSD1anCulk5lIy08xYo5qCdwEeF7WxvcyYCD0wG8FKHGYtRsQeqcvDJ9Ind/7vFjp67jTvfsp1lIdj+O1AmQLrBgQbrOJxPqWZQtEvROvFae1tExqm5JS/mCL4h+J9JPp5NZhqgk39vfg9v2YaP1CtnFsRGOR8p8gGgLZUviNA4z/1D+7fWz8oU3/xpLyspPo60HVz9I3fBypzUnj6BKL8wCLMbzmKURVEMhveOVsAORmZ2c3+754Ol+eZ9fuZ8G/xPxXZ3jkhTcIZfBEfmd6bHihWAH6Y4x//Qkb8H1/kkahq78nTqLXQ9Wvg9Go5nkyIyeswi+T78xvGXh436tzDXtj8czMzJAvmuO31X63e3YOob0rGC148MggOijhugUG9jx3XySD11h/9naEEB90rF1QW+/aR1eigolWwHK4+GMB0Gi/wJZ70ygZvpyb2H1/m5mmp6cPCyE+27F0KvHA0S+Tjl3ERFXgVsfaOPFBylfzFH6e+D62ofuo7/svab/5xaWpI8Jog9H6/9Aax2gNWiu0xhhzx3/je6YQnMUxcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK4SURBVDjLjZPrT1JhHMfPq/NH+K6ty2bhJcswzUa2hTMaEmCsZmWuUU0HQuAVEWHMgCnLy2yOhiOKIs0L08ByXgab1TTRNlO7ULwylTOZ9iL9djiVrdLmi++bZ7/P5znP93kOAYDYKt1F+0k6cR4ZK86jSCS3m9sW7pGxwh5FwlqfOmnNW34w7NUcInck6Ck+QNJgZNjExYTzOl67iuG/nQuf7kjEp2eT/xV45AlknyopMmLJweRDGR05Jt1KBDvLMdoiRp8uLeKpTiO3FHiUiWR/WTI12sBD8JEC/kYBvLXpeGrIwHCTGOPuKgxYRXCXsan7ilTyD0G/Opn0lqdQfisfwccq+JuEGKjjYHpqkklvLQc+iwiBe2p06/mwSVOo5kvJjISgCyLpgij/bQGCHWX0p4rgNZ7AyxdjWFxcxPLyMuZmZ+BUHUOHlodnd26g/eYpmIQsSn86niR81akBf9PZn+fMo+EsTIy/wtLSEgP/yuzbGbQUsnFXdhJd5gtoLMxAOWdvgKCb5Xr1aevDzXno0WZufHg3t7nz3/n08T1qclhouHgUZZl71ulwfxRYncZ9omGPWOstG6urq8ywUqmESqWCWq1GaWkpsxaNRmEx3YKaEz8Vg/+5RpPJtEJRFDMcA1tbW9HW1obKyspNQUwqkUj2bfkODAbDSiQSYYYrKipgs9lgt9tRU1OzKZDL5RAKhb8FRc8vJxR0nTsvtvMGxBb+N8dQO2ISjUYDh8MBp9MJWsysPXhjR0GnBGIbbzrbytGmaw/zCRr+LOu9iqrBEhT1FqDAmo9wOAydTgeXywW32426ujqEQiFoBlSoH9NDO6REvkOERFl8lKB3HqRtIdoWOC5Lp3jXchakUum80WhkQLoXmM1mCASC+dySMwvZtVlf0zWpYzT8ZfeVXYPEdr/pTvMdjX2sh+52/VQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVDjL7dI9C0FxHMXx8zruG2SSUjKgXwklw2WxSB4yGC2iDFyDpwj1T1LK00jq+hduOt6AwU02w1k/deoLkvhm+APvAVRpoEpBxVEoaoX8SZDbG24AkcWTrZ3D+ubByPBCmEv5HCjfVXPrMNq/0WdpZuaaSI3U50DhomrrG/2WpqdzZWJiE7G2CyB3lPDgTHOmGR/bDHUPRLDk4kJ2ZSA9FSR7CtJQCOQF3rjxL/FHwAu8X+2ABKJChQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKYSURBVBgZBcFNiFZlGADQ87z3zjfjzDiMk5VimERmBmFpKgVRVATRQLRo5aaNhFA7pZW0qV1Ci0BoUVRQtLc2UmQaJVhBVChUhP2YDuow5sz3c7/36Zx46uipF9fNTR4oYQ82oC+QQVZdrb8tX83PY+X6kdPHF4cAAPHMG2dOf/jKnp2lxHymBiAT0tJ/Ix+dW/bvxcHqLz+dXzhzfHEAAG1pYkevbeZ/vqIpJWRlnFXXpbXR2OPb19t/T+tsXZrOeu/1x17+dMOpt58dAJSImM3MptcUbdAUmiCCIlBtnutZ3LvZtrsn17VzM+8BQEkCCkqEEqFEKBFKEy5dW3Pn7Mh9C+Hgw7doJpoXAKCFTNoGEeo4KaFt6GXx69U0rJ1ahx69a1K0pQOANpNEG0WVooTA+ycuWD/J6rCzYbbnnytrPivs2jQ7dfidH/P6ypovfvh7f5uoiKAIiaysrfY9sW+H53bPOvHtX44e2AkAPvhySa1xttSOTCoyE6kUVgcj12504OS5ywD6HSsDlpaHIqq21pzKTBIASSmhSUbj6tih3WpNiUaabhkMBlZuDrWjYfZHNade+24oI2UGlYWJoj8Yef2TP5SgG1d1XCUyk2R6omq7bmw8ZvPchAduLcbJODh7IQ3GnaZMIIWxiJA1ZVZdNzIcdtpuUGtXaw7H4ptLnRTgxurIRLQOLa7X1SEKSUY11fa8+fFFV1duakf98eWZXrPx1fuHM1mzVMCRU6kxoVrz7vcv2Ti9VSiWVv90cO9biimrg6E2Io89ffir5yPiwZQL6Eu2b52d2raJ22dveHLXPvO9LRSW+1vcNtOZ7tFGiMwEAAAPHTr59fY71j0yPzlvqp3T1ZGoVeRYjVXnL/7uysrI/62cRssvlMuuAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFoSURBVDjL1ZMxSBxREIa/WdecLssuRFRUiGkiNmKbaGlhY2UjooVoaZVAiqQTLFUQYi2Wkso2tZ2NioXtqQiKuO557u3u896kMAdecEG4yqlm3sx8vJ+ZEVWlFXNo0VoGuM+Dn7/+rAeeNxfVtENEECFUS9zIi1iytLa98W3y64uAwPfml6aGuz3Pl2fPYcOpZoat34cLwMuAOKHkeb6cXlbYL38nDG5IcsPZdRdj/at8Hh5ApE0KJYgQPAKP1uL713S2v8eSYd+VuYoSrFpENCgEqFJRJbxPcqI0pa4PVE3GbZISkYEKqlQKAf8g3KeW8uUnbOmEqkm4iwYZ6i29YoxCYC3c1eqM9v5gMe5h4tBh4uMaruuigIgUS0AVQTm+WMYYw0Gek/e1k5/MYIxhdvyA/xfXbf6OPdd6/mFleo+nOm1qMMaAalwISJJ0d3P36IvFGXEcQSBUiGlAxPJQre00qX77x/QXu32e+E+qGcwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALWSURBVBgZBcHLi1V1AADg73fuuXMd5947jzuO+WgSylIhdROEJNFIkBptclmEuza1yPBfyHWLKBcJLdq0KFBMEotKxCBSNDVJ0xzHxzyqM/ec+z739H3hwKH95xozjblSqQQAAgCAIAACBvnQ8uLy93FjpjH3+ccnhCgYDPsACIJCIYBWP0VQFJFiWCjkPjx6ZC4ulUpyA6H/pezsJZPnWpaOzhqrVd28ecGN7LgHS4lare7xSqIUl61mHe8cKJTjkgggSVYk20espqnWmevS9KE0TYXuJd12U7vV1Gun2u3UoJMJYYggDoDx8XUUfWvfn+Kj31TenDazYaPR/m3twVa1iZqRUiQuj0hbHSF0EURAkCSJNG36bya3OjnQ/uoW+VDR+lm/m2o1M/1uS7eT6XVbQihADDA+PkPRNzFel7y7w+SnKwYvb1CZ7prtrShXn7S2UlIeKWu2elglEBFAp9OVpS3JaqI5lvv3WTpf/KXIO6LeaZ12qtfNdLLUsJcJIIgDYHR0QrWeGa/XQfmtLUY/OC/On7KxcU1ntG1T9YrKyJJe+65S9LaAOACaSSZNu8j8uvDIvX5k/TO5507ctHAw83j+M1fvzUvbbb120ws7KgJiIQioTzxhddB1udVyt1c2NTnl0b5g3+mBk38OtWvL5vbutXlqqx+ufeOn37+WDesiKIrCL/N3nLp13f1/VnQ6HWmaSbtdF7cVbjx6YPe2XfIot2vDq/LQ9+LzeywP74oCWoPMUt5XGakaGx23pjKmuqZqy3xi8/0FS9mKcqh6Y/t74Mi+456e2akwFBGEEKmpq4aaSj5qbahaf2PRxoW2O3t2Sporrj244NjZw+DYd4fdXrwiEokHg1ye5zZN7bapQQBB2IpXmA7B/seJi1dO2bPzJSevfmIkxM5f/tGUWeH1Qwe/XTcz/VqpHCMIgAAAeDj8w/Lwb0MDkVjDrGhx8sz/ABdNCpr3mlcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVBgZBcFLLkNRAADQc1/fU6qkhFRMMNIQn8TUQCJWYBE2YBkWYQWMJIZmNuAXCSoGFUGIInJf33VOSAAAAIAcgLOFt3079flaEdTS50M6nT7YeggJwPFle6nhAoVhc370rnaXcwBSp62GTdxoGdPrkAPQD5OSbRFr6oLvjByA53CqY9YUvjy68YQcgELTuTd/khENbQk5ANGqFUSFnq6WW2QA5Op4VuhreJVEZACUAKiJkogMgIEKANFARAZAKQKolColMgA+f7vVkBkRSeYjvf6QAfB1cnnXNWTUhHHrXuLoESEBYO/aYjNUSqX3snk/2DjshwQAAAD4B9GUWR0G4scKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPtS1NxFMfPH+Arwb+jFz1Q9GK+aLBXkWQvgoRehRDYAyxEY2StB8SILBJnWZY4HyhDrbR06YssW3O54dRNr7a2Zbq2u3u33bt7b347LhhqYlA/OJwfB87nd873nB8BoP+xPwK6i4q0EbLl3tC4MkRGdpCMzEsalwfIJvVR0Y4ATjZpwyToQSuMlR7o4gj05GtosQ4o01aIz0lIPCPTtgB9hMo0jwlG1MFJXVCjdcgKVcgETyETqoLytRGqcBepURNWuqhsE4BLLs4Nk2x8d0JbbcbQncNorzHD3VkOt/No/j54y4z07Dkoi61Y7iA51k7FBQD3a9dDtfyyE2qkOp8guCry/vf9RN6LHw8xpBaStxaRNrIXACyW14j3IfftGpSlM8guVCIzdxLpwHHIU2WQPBZOLkXy3X6IHyzILrYh3EreAiDzinKGPMp9XoC/7xL8/TfhH9hi/Q3w9dYgMbaHAQ4stpBYAKRfkKgnB/n184hO9SMZCUCMzW2y9VjE48SPt7tY3GYsNJNcAPB8vfpKLwOqIS5046euYesxNBXxqQau4ADSoQeYbdzQAs/Xng3YoMbuQQqchppa4vDahvQ1KPFpxF37WMBKrL63wd+wQcTEUyqJ95Cshp+wgBch+SqQCXdCk4LQUjOQ5x1c+l4W8AhSgSb46kmevEolmxaJl6M84TIjO9/EItVDmjzGqh/kknezL2XoWSR9jRC6LfDYqXzbVeblMPN8haTbiozwiKfyGMqXVsjBFiyPWfH5BgmfrpBlx88UfkhFS/epTnDQRKiJMHOb1vud8F6nOvflv3ymf7Ff4B/4xZL2LgEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKySURBVDjLpVNfSFNRGP+de++2a66Fm3PNdKArUnCaiSijPzCR6qGg3i2itygQetDHXiIf6qWaYBA9+BL0EGhPlZUwQoQo1mpsAxss1Klzc3O72527t+9cUXor6MDvfBfu9/u+3/l95zBd1/E/S+Lb1NTUvXK5HKhWq3W1Wo1VKhWToihmHjVNYxaLRbXb7a/HxsZGef7IyEgfhZ/T09ObLBgMHhJFMdfb2wuuhggGol/e4urFY1CXnuHR+w7YXJ2IxxPXstnsYyLbCFz6gOj1eiNdXV12l8uFVCqF1dVVbGxsoNnTgY+f1xErnERP32kwxrCysnJZEASLLMuQJInl8/kzEnU9arPZEIlE0NTUBJ/PBzoK6ChwOp2IRqMIhUJwOBwIBAJIp9PI5XJGTiwWOy7xxLW1NTQ2NqJa78GDOQXFHQaN9FmYCWdb2mEvFEh+HFwlJyYSCbjdbuOoAt+KxSJaW1sx+01FRRcgmwhmATXBhPlf9QYxk8kYZFVVQQbvq5R4AXLbwHbNTEQRkkAOkUWMNlU3gyZkgJN5Hv/m0VDAq+xV5UvXtV0yFREIosBQKpWMnD8V7BXYV0COwqzXYUeTIfAJ6bsqzFCwtbUFq4chXJpDqW4bB/ryWM8uGQXE7u7uu1ar1XDW46xHWjGjysTdW6YpOKJ+R2L5A9r9NpzqH8BQ/3lU5QxSahjZ3DYk3p134ONxZLMYaGszzOFyC+R+OByG5NvEiQ4/mVpDj3sY7368xKDPj2R8FhJ1Hk0mk/dJjqWhoYEtLi4yXoDL45EM0w97a8zErLjQecNQdmfoKU1skkya4Ub//TH5b7coVy6dk3fodowPP8fEm+uQRQtevJopC//y4jRde7gQ/kSGSkZnM5MQ+jrPfwXZvz7nwVvNExRuEg4SCoTJhSfL478BoeOJpjqa+ZsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALBSURBVDjLbVNLSFRRGP7uw3lpw5TaNCZ5R6eEhIhahBFRoIsetEgJImhRUBQTUpCLFhK5dN8ycDESLSqCULLoSVZYDZYDTo7TOCTJTOk4zeu+Tv+5OjZWB37uOf/5/+9833fOFRhjqBxDQ0M1pmleNQyjnWIDBSh+Uozpuj7Q09Pzq7JeqAQIhUI7qfluQ0OD3+12QxRF0BrFYhGpVApxGgR0vLe3N/wPADXX0ObHlpaWgKqqSCaTyOVy/HTIsgyv12vVRSKRacrt6OvrK/C1WEai5AWfzxfQNA3RaHQmm80qNLfx4POpqak5DkzsAiQlWO6TyxNKtrtcLsRiMVDT0WAwmKiQmujv7+9IJBIRRVGs2v8B1HPNdBqfx/HX4DnOjtcQ2/o1Hsy+OsPGYq2YzzgtzcfaxiExDczQwfTl0DQDg+FdlqlexwKObB5H67kPwjIDAunuOgiBLBEkJ30PAaZA/Bx8kwzSYOhZ3OjMUV6zWqZvv/4jgZ/EC/X0Hcj2OghCDRVWAU4PpU0gn4Gx9AVq4RtMPQ+nPwimlioAiCJMfpKKxcn3pLManu17kRwZoP6N2LK/E/H7z5GemEExnYFc/xZ2zxoAzZLBiKqndRtEWx25Y8IoGfiUdkJ8+gbqoozdp6/B7m9DYeIRIi9HMdpRdcl6B4zcZcywtC58DhOLd/RCdJhFE6VCCfGRxwgc6IYj9gzC4Em4Zu5BaaoFE9hluQzAtTKS4NmqQHLVEoCK5lPn0azpeHJiGI5NfuDwldVrla/7IJmCsgKgkgcmGcQ9mCSAdYCDjJRtlNchue3Ihx+i+sFFYvQdeerJLkkwJMytAnAJ9sazcDZJEGz25SsU6SZMA81ddYi8GEbjeidkqQrZlI6v8wLdG7tpPaTorT2MG2l5YT0cbSX01a/6Q0ZmdgGgX4g5GBwehn0hQ/gNd0qgkPVltHcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLjZO9apVBEIaf2f2iRxMJUfEHFEStBCtRC0sLSzsbEcFCrQQVL0AvQAgkd2FhZyOkNRAsrERQRMFwonDM/35nd/a1OCfHRKI4MEwx7LMvM++YJADM7ARwFIj8O5aAL5IqAJIYQi6klH7mnL2Uot0ypaSZmZlp4BQQJO0AXMo5+9ramtbX10e5vLysXq+nbrerUooWFxc1Ozs7gjRD+TasIcZICIFaK7nCSomkYlAinQydiUlu3rr9IDZjdv/e3ecmaQtwsZQyv9F3Pq8ZH1eNzSzGGzEenA4txw8eYH+ETgNjASb2Npeb7dNZ+A5vfzTkKvYE6EQIDgEjhDGWeqvsC06jwvEjhwEYAR6+/PBo7pshREDkAKVCFQwQYBGMQCdGNot+A57O5ye56noqQgwa0USJRqngMg7vNcZiZLNAJbDSH3zcPFuoU1n2uHWFKDEAi2hw/iCcnTTOTRm1DjbmLlYzpKHypnVdzc5Uv4IJXKIKbpwxrhyz0XzMDEnEGJkM4lAz6DV953TfZX2HiihVXDsZuHLMtvwxMpyZUWvdYcsmuazvCn2XXIPBnRjf6d3toBDCjl5oXbQOrWOtQ3Lx6msdyd6qf+Y2AL3WZcnFpotUxJtuZfqd//XxEFABQip6nQYqLLlIDq2LF5+cO3OZ9z3tdpHV3TcAt23nfHJ4zoH/CweWfgFQJVPOGSHTggAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLhZNNSFRRFIC/N++9eWMzhkl/ZJqFMQMRFvTvImkXSdKiVRAURBRRW1eZA9EqaNOiFlZEtQxKyrJwUS0K+qEQzaTE/AtLHR3HmffuvafFNINDWGdz7z2c7+Nyzr2WiFAIffaMBDW1+B0diAgYgxiDiCDG4DU1QfcLos+fWAXGYUGIUsXiAliUFER+sBAhVCIIVB7QGtEat1oTbcwVz2LMfwR+gPg+oY0bEa3x6sHdUoVdniMUj0M2i/j+PwVJa2QUu7YWp34D7mqNWdNApD6Ks24dpvcL4gfJRQXevbutjI4lGRzCS9iYukPo5dvxVqWQvn6k/2uyoudd60LGEhG43VBGyI4j2ADZ7vDJ8DZ9Img4hw4cvO/3UZ1vH3p7lrWRLwGVneD4y6G84NaOYSoTVYIFIiAGvXI3OWctJv0TW03jZb5gZSfzl9YBpMcIzUwdzQsuVR9EyR3TeCqm6w5jZiZQMz8xsxOYzDTi50AMVngJNgrnUweRbwMPiLpHrOJDOl9Vh6HD7GyO52qa0VPj6MwUJpNC5mYQS/DUJLH3zzRp1cqN8YulTUyODBBzt4X6Ou870z2I8ZHsHJLLYNQ8jusQ6+2exJf9BfivKdAymKZiaVdodhBRAagAjIbgzxp20lwb6Vp0jADYkQO6IpHfuoqInSJUVoE2HrpyRQ1tic2LC9p3lSHWPh2rJfL1MeVP2weWvHp8s3ziNZ49i1q6HrR1YHGBNnt1dG2Z++gC4TdvrqNkK1eHj7ljQ/ujHx6NyPw8BFIiKPmNpKar7P7xb/zyT9P+o7OYvzzYSUt8U+TzxytodixEfgN3CFlQMNAcMgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLpZI9T1RBFIaf3buAoBgJ8rl6QVBJVNDCShMLOhBj6T+wNUaDjY0WmpBIgYpAjL/AShJ+gVYYYRPIony5IETkQxZ2770zc2fGYpflQy2MJzk5J5M5z/vO5ESstfxPxA4erL4Zuh4pLnoaiUZdq7XAGKzRJVbIBZ3JPLJaD9c/eCj/CFgZfNl5qK5q8EhTXdxxLKgQjAFr0NK0ppOpt9n51D2gd2cmsvOElVcvOoprKvuPtriNzsY8rH+H0ECoQEg4WklY1czP8akZby51p6G3b6QAWBl43llSVTlUfuZE3NmYh9Vl0HkHSuVq4ENFNWFdC+uJ5JI/9/V2Y//rkShA1HF6yk/VxJ0f07CcgkCB7+fSC8Dzcy7mp4l9/khlUzwecaI9hT+wRrsOISylcsphCFLl1RXIvBMpYDZJrKYRjHELACNEgC/KCQQofWBQ5nuV64UAP8AEfrDrQEiLlJD18+p7BguwfAoBUmKEsLsAGZSiFWxtgWWP4gGAkuB5YDRWylKAKIDJZBa1H8Kx47C1Cdls7qLnQTZffQ+20lB7EiU1ent7sQBQ6+vdq2PJ5dC9ABW1sJnOQbL5Qc/HpNOYehf/4lW+jY4vh2tr3fsWafrWzRtlDW5f9aVzjUVj72FmCqzBypBQCKzbjLp8jZUPo7OZyYm7bYkvw/sAAFMd7V3lp5sGqs+fjRcZhVYKY0xupwysfpogk0jcb5ucffbbKu9Esv1Kl1N2+Ekk5rg2DIXRmog1Jdr3F/Tm5mO0edc6MSP/CvjX+AV0DoH1Z+D54gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI4SURBVDjLlVJNaBNBFP52d2J+tB5iGjFpvUgJtaVGhIA/p+pBsRcRD4o38ejdQ5F66C235CKYg3goCh4KCh7sRVoETQwGhBhFCfgTG9GC2WazO7Pjm9E0S7CgDz7e23n7vvfeN2PcffrjhpS4KqQ/5vs+hA9w5YWKJTj5AQQEl3Tuv1i8PJEDGfOlvHY+N5LAf9jCvXcz/ZgRmy5efn+HOnPqwuGR94Q38HTWz10/ugjPE+EAgdTBpYNX/qm77RApFxgQqKXJllbXty1iooPwzwac6DjOHs/ADRLwPwTKLp5I4v7aV1w4lkSn09FnT161Edl8g6mZKdRqNXz8NIKItFEqlQ57nveBeURAQoJZwINn67AsE49W69jDNugmBBKUG5+cRCqVgrqlRqOO2TEbnO9+2Wq1VvQKSgVmGTiXG8Xy8zai7mdMZ3OIxWK6SIG6IZlMaujRGUOhUDipJ5C0BTOBh5U2TQB0u11dzDnXxZKmGPYKruvC9PjvgxAVzh0ZRYQZW4Vqhe28qlFTMfXqlFmmQYJ90zH3DfR6PR0Pdw/GegLVTWtAK5w6lNBihkMmHMfRPw53D5KoCUytAX1M79+FL9+7OLA3CnvTIS0smKap0d+5L14oFNKemgu6Bbl2c+lt1hX+TvXCFCZ2AIlKZatzJpNBPB5Hs9lEtVqFbdtaJ8Ito88ctGKxuI+Sp9WIBDOdTt/OZrMol8uo1+tzlNtQxITXfyUYtvn5+VkqWiGcyefzj4O5Xx9ItHsmdOWEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADNSURBVCjPhZBNCsIwFIQnWvAGunHhSrBbQT2Op3EvCJ7JCxTcuhB0YytaW9N0fElbbIs/GZI8eF+GzFPE79X504dXXEq1GyytFYYYoPvh6RkH5raYJqE2GZtKuFljhI61mWlz55URY95FES88CXIsEQEs/xCl7rwx5FmAWKqtIEqAncEe2gWiyOCJRZVh7hVZ/erv0rYKkSNDv4qpELzjSTt3e1yfg1+fgAMMWAeCxghyB02+ORRf5W8HC/mfHdi61XJ162WoS7utXc30BXX/jFnkwiD5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpVPPaxNREP7ebna3bX62aZMmYnVLxZRSior1IFVIC1at3uo1ePRQ8CB4EDyr/4AHFS8SCl4FC9IQf1WRhmij2Ei1Dabp0rSxRsMmm23WnZWEWBQPHRjmvcd83zfz3htmGAZ2Yxx2abb6Ip1Oz25vb4dNh67rqFarDdc0reGVSoViLBKJjBKOUQsm+KQoivGuri4raac1tykIAuLxODKZzOjU1FTMqsBUvO7xeKAoCiRJaoCagbTOZrNwuVyQZZlEr5nHMZZKpSx1r9eLYrH4R7nUCgEZY+B5Hm3VBfDLT8A7BlHaeIq1rdpNlkwmZwOBQJgSCVRXbY7k3I8YWgpLaO0cgVs+hK3lV0jN3NdsBCqVSsjn89YFUXKtVgNdJkXaO2sJhHo0OA4cR+HzR4hMg9PVDXfnHhsRhEmJiAhktmSVzHG/X9jXuoKjwy3w9I6jsjYNsY0h83YRVZ1D9J2ZRqrUKzkR1J32HcISxoYFePrOopy7AyZ8g+BwgldzqOyfwGbJgI0I6iAqORQKWRGFNzjSL8Hddx7l1dvgBB1aUYbybB6L9tPwt/qtP2IR0AsQQf3C1NxzuPwqfAPnoCl3wYsGyt/3Yf1FAsWBy/BL7QgGg1aVLBqNPjb7H6//MmwkET7WDZ354O14iXafaIL34ms8gQefgthUuUbFptgM2zlMD2+NGZOX7iE9fQW5lTlIPUPQ1/O5dpE/NXj19fv/DlN6SdG1D48gD43Abj+I1fnUz7KqnfkbuDELzXbhRId6uNdvG+6XYQiVOXU9f3HixsKXf03jL2qvd7dZXvRWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIrSURBVDjLpdNfSFNhGMdx6Q9RDoIuLAQtYVuWpZSunKQXjYIKwdBqkJkEYRhIBEFRRmVbGYNB2hTnVKaGzWFq/im0mLgyLTNjpdSFJkX/hCxYY26db+ecYliQF3rx44Xz8nzO8748bxgQNp/8d8OoS41s0Ca0uBPXvu3VqMYbk+Parx5Nsl3RRyHmjpjdswKfosOF6ey9CENPEFqdBNM2MaKNJ+D7StflLTIiA8bUrQu8sUuavOrF017lIrwxYqIXErSWwOsR+PgBhgZhoA9XWw0T3UbqTsZLwBEZMKUkhvtUS3uxW6G+GmrEtfsuPH0MXR3gGf79vfIGZQUa3vWYMR+OkYBIGbBpN6r9qxUvZEBsmYMZUHwR6sSiPjf0P4RaG1OnTvidZzS8uV0gFRO6xBaNMiOgXjmB3QY5WZB7AK5dAkc9PBdb7+oUu6pgpLRkymXazlhn4d/AYMIqg2Axf8NQCHnZcCwHTAZodsD4GPTch3vtDJeX88q+n77rOyXAEwK+rFe0in8Iyq1n7oKic9B0C9wugjerf34/lPXDr08PuPJyZKD5fIoEFIUAX2x4v2AthYZaMXaEjlb8Og2TaxTCs317BgMWs/59fm7V5qgIPFWZVOTHSUBaCGhMXmd9GR/hnVQuEz6LGVWt8DuSYh/NnAmxQFd5fIPcwczzzzpI/wDFLRe2zQsYHShLnxcgFz8w7QiN8JwA59lkCTg9F8Dy5xVK6/KZe78AQiW2y4SvvaoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH/SURBVDjLpZPLiupAEIbnofJOeQCjoqusJjoLEQVF0I0bRVEXrgSRFnMUQcRbe1m48H6NGi8oKtbpasbIcIY5HE6gSOj0/9VfVd1vAPD2P/HHQq/XE7rdrtzpdEi73dYopVqz2SSNRkOu1WrCjwAmFpmYrlYrOJ1OcL/feRyPR5jP51CtVmmlUhG/BXyK9cvlAvjge7/fg67rcD6f+RpCy+WyXiqVxC+AT9v0KVbVX7DZbEDTNB7r9RrQ1RNCCKG5XE4wAKxe+blhu92C1WqFQqFgiM1mCzidH9wNPv1+H9LptGwAWLMIktEqiiwWKwsL5PN5WC6XDGDmgN1ux/uB7uLxODEArVZLw2bhBgRgRgy73Q6JRAIkyQwOh5O7WywWcL1eIRKJaAaAjYkDcAOWgmKbzcYzJ5NJMJkkUBQH/4/TQBfhcPgFqNfrBDuOZWAGFGNWdDSdThnAxAFoHfcNBgMIhUKvEth85fF4DI/Hg2eQJImLJ5MJD0VR4P1d4eXdbjcoFosQCAReTWRzFVRVpSh6TgKFCB2NRsY4UTwcDlFMWQhfDlI2mxUzmYyOY0Mnh8OBu5nNZnx8KEbrTKh7vV7x26OcSqXEWCxGWUm8duwJ1oxzZ4cHmJC63W7xx8sUjUaFYDAo+/1+4vP5NI/HozERcblcMvsW/nob/zV+A0hzMNxKeHjMAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLzVNbSJNRHBd660Go597qJQrEl4qgCIoopyk0ZstN0G22EZu1dAuEbA/Otb0Iu+jciinsaUiI7uJgF4cojkIdXtYG0TbYFuk86Ly0+e3X+QY9CCZEL33we/nOOb//+V1ODYCaf0HN/0FQed3TRrFFQVgwvUrCKLvJkfw5KcuekZJYRH62t5PDJ3xy8JhL9hubN4v3HwqqBPQAj6KIGR8wPw+srADJJLC+DiYcwqbTicL4OHYcDmxbR5EZGkLmTT92b98t7ty41cwSfMJ7GzA1BbhcwNoasLwMTEyA6e1FRipFVixGQSTCD4EAn5uaENfpkOx+CVJ/PcMS1FVUymjlnRag05BKofrNzoLhcpHlcPC9oQF+txvT09PYGBjAV3EXSN213Pblel7VA6r3HNXrYd72A5OTQC4HLC3hm8GAgNeLTEcHwuEwgsEgYj0qfBy1lV1mi+tYCmVpV22ps9N9pFYDCwvA6ir8fj8SiQRCoRC1ZB3xeBw+n48urUJHZWi12rPHIjlsE9Qe8FrdJZW6SrAxPIxYLEatcUGj0UCv11dlRKNRGI3GDyf2YP9RS+3eA47/98Z8Ps9OAtV7ULh0tcViseyl02l4PB4MDg6eXI7dO/cuOKmhXqo/RU212+3YuniFx66ZzWayRpOyWq2QSCR/btgX3tObsy9eZRcXFxEIBDAyMrJnMpmIm6YRiUQgl8vtlOD8qTV10PKwBOxtWDnswbGxMczNzbEEUCgUZ04loBptMpkMfX19jeO0jQYaK53aKhQKGT6fP/NXj0mpVEIgYOt//P8vZQLgm35VBV4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJuSURBVDjLjZDLa1x1GIafc8uZqUlMMmmsLV7SC2hLCoJQ6tou3Lj0T+jGtQjusnLlP1Bw01UJgrqUoAiC2aixDUQl2oC9TjuZSWbOOTPn/L6La5MRfOHbvTy8zxe5O8fT3Hv9opt/784ZN0vcqN18F2P9hesPv/5X2d1P3Hj71VF4ctu92nEvttyPNj10b/vwh7N/Hu+mTImrzaYLb8PkMcgAwoA4n8PELhzvTgWYgtUPicIh+AQd70Mdo3JS9z8WODr8mdD9BqsLrDoi61zDBP7nAiPOz5HNv4nXT7HsFOaGip0E1Nuvzbv5rpudcSNx9TryCBn9hvR38EmBViPa569OVzC1T9KVj85lL70PPgEt81D+RfXHOu3ld/DWU5J8AC5oYBrAP05X3gMZgg5BC9L2CqE8IIl38fEILUdk0QoapiioAFbiUoA3WP0cmjEixsyLF/HWMzTvk8wuoNOeaGJouYce/oI1Xbx+QDJ/Hm2cuv87XpVEzQAvH3F6Keboq2VXpVaxXVPWUw1OlHVI2qvE2SKedXAfIMHJFy9hrS5N7znt618Qp7PABA/DfHJ0963ed59+FqsYURwj1R4yvIcMfyWdvYI0Tih7NAfP0EaJ82UIAxg/Ipo8obVwiabxC7EGNsa9bbK5y6Rzl8mWrlEd3CfJl9BTZ2m98S6Wv0z14A7uExxB5JDR/gZN7RupBNuq+3c/iE9fIckSwrig6O9RHfa+LX/8csHF12Zmom5n7qdXoCBOHSkfU3T/JtS+Fd2/01k14aap3VBlzYQdU9805dbVDwf7APufL66K+E0NfkOFNRXfUWPThFv/APJzrlrFns7aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLnZO9a1RBEMB/++5d1LxgPjQYkpxdLEVItFEU0mgay/wDCtfpvyBpIgommCoHqSy0s5Jgo2kEjRa2R/CrM0HzJd7lvZndsXiX8+VDFIddZncZfjOzM+PMjHq9biEEQgh47/Heo6ptXdwi0taTk5MuBvDeMzg4zOb2NphBvsAMA8ysfcaM3t4eFhefAdAGbG5tcevhK/5F7lfPk2XZb4CqtlzCcOU0XZ0dVPoTjh6J2RFDNCAevMHr5fdYMNI0BSACEJE8TMA5R2NH+bq5QyP1mIF6I9NAqrmNGXsjEBHCbnzO4ZzjR0MJltKTlInjElEwrAUIFg4CLOQIV4A0M08mgaSzg1IpInK5DwuHACik4JzLIYA5RyP1uMjydyDsTyHLMqJSBMCXz5/+WoVSXDoI6CjH3L15Du+NcrnM2uoqSddxzIyNjW8MnBqg2Wy2fj4cADxYWnp5pdBlfSLyYmho6IaqsrKysqCq4yKyXujKpwBut3xFmZmZua2q1y9eujze3d3Lk8ePmqp6Z3p6+t5+2z2Aubm5fhFZGxk5Q9+Jk3h1iCpJcoyPH+osL7/5OTs721UExMVLmqZjlUqFiYlrqCpmhpkRRRFjo2dZX/+eVKvVq/Pz888PjQBgamrqnYiM7p/C1mS+rdVqF/6Ywv/IL/azYiamBPboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLpZNdSFNhGMf/787Ome8SF7mxvuecJGU6SLuWIGZ0E7WgFRiBdZFE1CDwJoyI6iYvhIqKoqibrsIgwUkUjDCkC7UQ03IW5EfS8muTvec95/SsXE3dXQd+8HLO8/+d5zkPh1mWhf+57LlDNBr9YJqmj/je3t4eKFQcDocHdV0PSClHOzs7ty8TULDCMIzHxMlIJFKwLQpnaSP2reqAgg7iENl1T1ObLLI5IKQFYQKnPDexpRhoPNdjp3A9sSOXs+UOFBwgbhPDvepdnuKz3OZ0c4u7eQI13MUnuRDiE/GQ6F/VAQVLiHpCutQ+xFPvUKfcgM2oRFfyIPpnqiHECUlvP0K4Cgl0IkEPq70OYHdpMWZEMxbSNUjOhjA878nObxLZGu8qAd0US4KqBm8AGnNCwo+UaxrY+AQm03FfCCwJdhUSlBAHvF5vsOvCtwI7sNEIYlu2JltbSDBHdCQSCVnZ2lHLaQu6AQhaaJP7Dpy9PRiaG1ecmYXgT4vpsZC9JRST1/8KyK6RwE8obzPXUKsdh8Mo/y2ZfPkem74MI3TmoubwV2FxIKYOxruvdO9VU7Y8gUr4CfZnC2cxo3+kzoDFVzFU1B9G0efXYI+Owjn6DGW+UsVi1vn8EWaJp8TplVsoSY6haL0f2B/99w9c2gDFZGX5IwQpfIwo2+P2WRrj0PlmpIqnkXE7WLrvBdY8b0ZmcRJpqp+fU2AoGM8XUFa/p2nag1jL1LLvL9hOrOuJw1fKYVdUzE9LjE0xw4J1i+V+52AwOESCcmJgZGSkbuUS30S2tnydmLjssUP9YVhyrYbWhpi8+gtmOYLutSnwxAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLpZM9a1RhEIWfu3eNYVcLiYqrmA8QjPgrBFGws4uCrYKdVgFBAorYWFtYBe0FiQqbRlBbERGDhUEwxkRBiCEbZd85x2LvfrFbBDLVFHMezplhMtvspkrsssrt5sHCj44V2RiIAAyWkCHU6kNw5/J41gcAOHpgBGMsMGAZGdwDkWB5vTHoIGzsQiCwjV24KUCSkUw0h0SIaFnERiqE7V79kGZoEOBQa9AgCYtCoI6wDUxpCCAJFEbFUGu43avrxKDkQYCSCLmT0z2ZXURqO0nDAClBhDr5+yFQW3rMwY/zlH4uc6J6mPrLtdlz9XS/C4ggolxsvRC6dcra0hNObbxg+spV9k6dZvtDnU+vF+8unt2zVeo6MBFGCSLcukqIFGbfu0ecPHOR0S+vyOYvUVl+yuTEWO7MN3ocuNhB/8ZtU9lYYfTIFFy42c0+VyNXNtmzA/H5W6OTWRIOI2C6cojG++dUn13n3/YaDWDzT07krGY7+cY3M8fmRvZXbx0fS+VyaYXNX4mv63k0//p2ttN3fjszPrv1e/VaHtlE5P5ueHi+nu79Bx7reDBYdnW7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJASURBVDjLhZLNa9NwGMe/WRKXpp19L6WrdVsZHgq9aBF2cFDRDi8WxJPssqMXDx4H+xuGFDz1YC+eBvUgnWDc0FqoL+CmHlylthurdWqG7bY0zUvtL5CSxYOBh+f5/fJ8P89LQg0GA9ifu68XMzOB8INJ/kL8WKGwf/y5WW817z/KrBXtuZQdMBRfuz5z+emcb4E97LvwtXsG3aMOfiiP1Y0Pwu3ineenIGN24nm//+GsN8U2dQ3bf4BnByJe0luIhsKM1+Fatecz9ovZs9NT7+QaPFoKG3sStOgOPrFPQP92YtoTif4XoOkyTmTgTUvHN5EBdxKFo7sEyr2Jnlr7Z1+jEarVqlCpVAa7P0U6pEg4kmqgxjgcfPdAP9xDnAPqu7/oQqEwyOfzwinAUDzvcDjSyWQSVzxZ7Oy/RSZE45JXw9w5BTeTW/jSfo+l1D1ks1kEAoF0LpdLj0ZQVXXF5/Oh3W4jPD6Ji+O3UNxeg6q9AsP28bHVwo2pRfBdHo1GA/F4HPV6fXkofUGVy+V5nuc3Y7EYOp0O+v3+yIZgkM9MURRomgbLspiYmIDT6YQgCAR2lVEUZSUYDGLojSSO4wwz/w/irbGu6+j1ekgkEqjVassMqSJJEkRRhCzLoyRN0wxvns07cmYYBm632+iQANKkMmnZTLAL7GfiXS4X6TpNRjBIxMyq1sp2iPnO1DGm0BTbIfZRzJ2Q2AAQkt/vH1WyJpjLI7F1ocQikcgIsF4qlRbMlqwjWWPrmJau1/8CtF7RM3ksOU0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAILSURBVDjLrVM7ixNhFB2LFKJV+v0L24nabIogtmItin9ALBS3tXNt3CWgVlpMsAgrWRexkCSTd0KimYS8Q94vsnlrikAec7z34hSibON+cJjXPeee79xvFADK/0C5UIFyubxLUEulklooFNR8Pn+Sy+VOstmsmslk1HQ6raZSqd2/BCqVyh4RW/V6HePxGJPJRDCdTuU6Go0EZ2dnIFEkk8lWIpHYEwEi24lszGYzjHptfPvsgvbuEJ9ePMPH548Epwf70N4f4fuXY6rpYDgcIh6PG7FYzM62dSav12spfHXn2rk4fbmPxWIhIpFIRFfIzk+v1wvDMLAhka9vD+B88gCv79lxdPeG4M39W/jw9KF8q+oJzOdz2VIoFPqhOJ3O7mAwwHK5xGazketqtRKws3+Bto1arYZgMFhTHA6HC78XW6P0wYJmcAy2y+9arRYoPCHTpOD3+w8Vm8122xTgQhobqtUqms0mGo0GeDLckdOnESIcDqPdbnN3aJp2VbFarTfN7kxmUqfTkSLuyM8syB3pLMj7fr8Pn883kTFaLJbr1EHfbrdilwm9Xg/dblfABNMF3/NWisUiKPjHIkDrMou43e4CF+m6LkUMU4idcFc+WJwRkbU/TiKtS4QrgUDgmGZrcEcelXkKORsWJ9sGkV3n/kzRaHSHgtrQjEGCHJSAyBuPx7Nz4X/jL/ZqKRurPTy6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKdSURBVDjLbZNNTFxVFMd/781jICiCCFoSC5YgGGAQG/E7EhckJFqMe5suNI27Ji7r3qXbLk2rSRuFhU1asESgxvoRm5qQoIAikECMdcIMAzO8++6957h4MyjKSW5OcnPv7/z/554bqCoTFz4eUNXPFQooLymKKqBKmvRwibdYs7t++8oH3QAR6YHzCk/l+juD+3/tolq7BClMUIHibpkDo4hGp6hGCoBXc/0ng9eGTtLZkUNTAqKSVpW0entLI40NES+/+R5HAKg+nBvoYvrubxQKFVQEAKmpUEVFKZYqxCbh31G1QBBlI54c7KLnsVa8B1VBRPFe8SI4UQ5iy2eTC8cBFO+FzfslsmEdcRxjTYKTdN+RIarL0vZAPaJ6DAAQLzhvMcbw1nM9qfxUHarK5flfeOJgkovPrjJZKfxfgfWCtw7nQz5d+BljHc4r3gmOgCE3zzODJZr73+fEIx9x78Pe8dMXV2cOAc4JibUkAhrWE9TVQahIIPTG84z1rNLcN0Z5c5rWR/vIdJqp6Qvd79aaiHUeFzuM9TgvWC/VrHSGv9KSex1fWaKh7XFiv0XH6HCjKxcu/aPAC9ZYjPWpHa8kVcifrhVb2CDM5AnCMtmH8hBX2P/DZI5YsEkKcKIkTmhz64w/+CVNTYq4bUIpQtiE2oTlayvx0krpfFQbmMR5nHEYK1gR+twPjETf8PQrY2hyi8DvsXjzgKRQJBDL1kbp7bNX16cOe+C94hOfWhDhheafGB49Q5K/RBQ1sziXMLv3Bl9vRuTX7mzdu/3t1JFnJAwZeX4IDQK8V7JkCTLbZOrbWby1z1flCXbaX8Ss3aVYcXP/nYPZmRvfv5P+vOr8n7CY/B1KO4ZPlvtZtQHKd6Bc//3HL87VAH8DX5rXmGdCnY8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLnZNPaNJhGMd/ohkRQd0i6DCoY4fOdYjWOgQ777LLSGIRLQn/zJC5GnPQECK97FDbwUFbw2EQ/lke/MM2bYFNpzDTcIrYYjmdP3X++/Y+L/zGqA6xBx5+8PJ+v9/P8/D+BADCSTsQCPSeSLi2tqb0+XxGp9NZ/OeFRCJxLh6Pm6PR6EY4HHaypJvHUq+7WC0tLYlzc3N/i7e2ts4w8UYul8PBwQGKxSIikQjcbrdnZWXlFUvNbG9vIxQKwWKxzP+ZrIzFYqvZbBZU3W4XUiWTSSwuLoqMAFardW9qamrEaDSelYQyduHB5uZmLpPJoNVqodPpcAPq/f19iKKIQqEAm80Gs9k8qNPplKQlZBlrx87ODkcmAWHT5WazCaJJpVKoVqvc1Ov1YnJyUitRC2xR4xKyhE0E6XQajAz5fB71ep03GdL8JpPJdWSwvr4eIkQJl1La7TZqtRqfm5ZJ+ERHxiwQBoPBd2Tg9/t3Dw8Pj4SU0mg0eCIZk4C+WYcV/sEr+HRbAdfd0z88ffJRbhBcXt6lNHKXhFJiuVzmhl/fTiCquYH6Rwu6CTfEd0/x+dG1trdX8ViIzMwEaAeUflxIqdLMH+6db9SYGK/7Af0FwNyDny9vwXNHnhFSet2sOD2NZjDIBZVKhTeNRUZ2u52wu90vDhyvkukiPxeyKpXi25OR1drEC740Si6VSmBvAgsLC9Bqtc/ZvLnqm/sAEzV0An6xzg7Lwc7zfJOZoSFF7OHwrFOvD8xrNXtjY2MFtun3Go1mUK1Wy4IDl8bDqqutgr4Hu4ZTSKtk8PUr2u4++bP//gNDA5dHWeJ3wiYiEtP5byK4FJQG5P/0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVBgZBcFNiJVVGADg5z3fmTujY5NZBANBIVkZ2J9IKkZFGKRuglq1KaqVtoqoVbSKFi1LoY2QEVSbcqiFWWJqPxL044wUGESQVqJOKerce7/z9jyRmba++tXTy2YmnyphPaYQIJBBNuPWfls8l1/EfxdeOrJnxxAgMtO2148d2ffC+rWlxMqkkwBkQjp7aeT97xf99cfS5ZPzv6w6umfHElQoXdw+qN3KhX90JYIgG30243G6Muo9tOYa999WfdfOLs92x4UHd3163eG3ti8ViIgVmdkNumKiUIOu0AURFIFmdmZgx4ZZt9w6uazOTO+FAklAQQlKhBKhRCgRShfOnL/i5hUjd64Kz2+6XjfRPQkVIJPaEUJGaH1SQu0YZHHqXBq2sdaGHlg9KWoZQ4VMEjWKlBJRQiAb2RUGlBZa66RCFFAh0RBBCIlENiY6QBTRhyypIROo0MZk0hDITFAKWqhdkkGSQt/oG1ChtZSZJCkBSCCEE79+Yv7UnIuXLxiNR8rwnsomFfpGn2SjAUjQkuPzHzp98XMPb9ngplVrHFr42OX5ubpx1943K7Rxaple+2EopBZkBo2MNL3wnie2P6ovvbtntzp48iMb1232+6n9OyuMx72+Z3Zmwn03Fi3pkz5oyWffnjERKzy29lnw4iPvmDuxG/unKoyXWhu3lsNefPNnr0VKAVpy/tK/Fk5/7afTR72yda83DjxjqpuEqxVGV/u/pwfdDS+vG05nZpE0wLXLqn2Lzzn287s237XF3IndBlEd/fEwvB2ZacPOgzvHo3w8Iu5NuRxAkkhpovug1u5Q5SoGfWurDxzf/eW2/wEnITFm/fHryQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALrSURBVDjLbZJZSFRhGIYNRyK6iC7aLiK8qG4MifZuylxaVOymjZQKDYbEJE1nskITEpeCFAy98KIJl8LUyn0Hzd3EbVKcxlnOuMyZcUads4xzznn7Z4JJzQMv3+E/3/t87/n4fQD4rBdjqIlmNOV1zHSJYXk0n7MPZvK27lSrtSNhdKlLkbG53/vC6qoPsNovDTzVAJelF8LqL4icHhJvgGCfAj9bD2tLPBaqb2ot7YqADQBG/22nY0Y1sEZ3QXQaiHTEPAmRHYHg6CfqJWdqSGs0VgbegVIFWxfblfu8AIe6KIc31pIGE0R+hlQKkmAHJKdHkmAjsDG4lmsB0Qrz93hQn27XewHLw9mUyzZGemfIpFlILgsxLXmMHrlo8k1HAI1EFeBNg9AUnOW8gKUfz50iOwuB6YPADpP4ahJ7HMLKCDEMkB10w7XSDN78HpwpCaLDgKmc45IXYGlPNDoX+8n0CXDGF2RCFmxf78NWJ4etNhaWsghwVCYYzR2s0bngDIOYzjvxL4GlU5lt68sjcS3g9AqYiwPB6lOInoLRyklNxlzWDqxOhkGSNDB9ToS2OKLDC7D3ZMgW6+RTqxOlZIEa0B/Oesws9QiMIQasLgkL+XshMp1Y/lkJdcZRnqpKPLzhHtBtysD5ymh6dbwM9qqHfwFkstvM6p5gOuM0eu4eQuslGVqubrc0hfoqNwDcMjelnNSWP5ifKwkD1x4Oce4yRFMQ9PnnMJp8BlzdW0jqRjAVSRiMPyY0B8sSfDZfzY7y1+GFr2LXPhamoSj3PN6kn0LNtV1giRkFkYBiN5DlDzr3IppCfLX/Adx6qZAbVKVlUKkqUFRcQmL7QRquwvrHlr7f/TvSlgDF43s9La2tMJtpDA0Noz5qDxwlsQAx8ak+WCLSy31B9kBtCWgpz465cf0KExoaIgUFXZCyowJc/XFHxDmFP8zP/PA7bhvaImVCY6hv2paArdR966CSTJx1xybV6Da7z/8A2VoHSyUsj6sAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALsSURBVBgZBcFtaJVlGMDx/3U/9znz7LjjfMGXYiq1VkkrUiRoZQUhhoOKrAi/hEH0IUHFZQSREu1TQh8CP0TaEBQtIYikfRD3ciSWc0rlWpuzEmbT5TZ1O8fzPPd9Xf1+8uLHvW8XSnXbnbABWAAIAAKYgClBdXz2lp2ROzMd/YfaUwAAAHnps3L/0Z0bHnVOGg0SDAAAzACMqbmMY4OzTF6rVYZ/H1lSPtReAwDwLpGH8z5pvHyTxImAgClEU0Iwqlnk+YcaeKrFM6BT9aaPzDz3/o+Le7/cWgNwIrLQzJJ84sg58AKJg0RABBwCKKtKeYorvmdtc67gS8UjAADOQAAc4AScCE4EJ4ITwSXCv9NV1izMmKtOEOq+JsklrwMAeAAz8AkIgomg0biRjjH03w9cn/uDMB4JaaCpYTVZmKd+5QkHzwLgzcAALw7DMGCyNsb5qe+4r34Jjy9tR02JFlGLBI1UKgNuyxcvXPlp19lmb4ACIiAIBozdHmBZvsjywgqGJgYZmxwlSwNNi1cTQ2T4SqrdHWebAZwGMAMFDDAzrs5cYuj6BU799i3zFcfuZ06ye9Mpbk1XCRVHqLyTtu3fWADwqoaZgYFhAOxYdxAzUIOokeODnWxb/xGL8is58MonvNw5yLlPz1cBfFSIBqagAAAYQVOEHF+V93G3OosavNV2gA+Ovsdc7ZcFT+wKFrLwj9dgqBn7L6YIhgqYCagjvfkhTQ23qcsH9nzzNFkaeLBpLdu3vcHwyJ/09p/r9iFEYoRVpRzrlzvUIBqc7nuN+xtLtDa3Ei3yWMs6okXUIqNXx+npK1+IIR73oaYaVC2NyM8TERXDEJa2nOTvy3uozA+QhcDwyAghDYQsouGBGELc+1fXtR6f3Ys3ivlk2b7WtGhmDgMFABZt/JyOrnep3Jmm3PkrImgh7+627uieGO3a0gPgRezg5r19r4rIk4bVAwBgYIDxJjE5nGvbeSYD7qnqkHccAwD4HyXFhGV2sNBxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJfSURBVDjLpZNNbxJRFIb7A/wF/A5YunTDrpouujNxY8LGxEVTVyU11UVjCmEsUUyb1gYqEWuqtqmRWukUimksH6UMHwIW6FCYwWFgYBjKcc6FGam68ybvZuY87/m4544BwNiobiyCQZVJlVnV5FDm4TfDn/Gj4DVVxgdvBIvv4IwKHafp2MkpF40nuP2jJP1qL0dNeXkLxmDsFYMhfN0TKFujp1mGrQkgSl1QLvtEjZYMpQoPwaM4s7STtWKsZqIZGBGOJ7+L7Y4CeCS5B7zYBU5Vs9Mj30RJhv1wRHRtpdDESAywLywbM2twVZCh8lOGt+EKsHUZyvUOlPiObrKzG2TurbHYjgENTD76B4Vlj8II3noYgI3DCoHPam0iPMncOTi8IQpZNDAHv6Vo7BlLRVDLenN2j+h1iCVwodoGoaXARV2C5fV3NLJoMBmJnXA4rFqjS2DMWOTaKvyZaOJRCPwxDnIViRjJyiWsudc5ZInBcTRODLB8DcZAAs8dwPiMn/zLstKwii4sr7zUDcxfviboutiBhqTovWLgxBx9Bc6ct8jNpIt1cLjcegsmtz9DFUo16PeBgPkLiZQ7PvOJwAimyy1IlVrQ7fVh9zABVucHfYiG+56qxR8IM5wwmDJmQyGsgclSkyTIqNntz1aZO8704Bq1RXJsRK2bHwMiyw8C601FrwaXCTOnizzYXB5x2rH1e5FGV3neHbauejeZUCQDBVYgM8GeE3kOtgNRmHcsMVP293+v8uhjuvsib5l9vk09WVyhHU+d3IKd4h7bXPS0zUfdppL/fkz/85x/AR14FVfMwp4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK3SURBVDjLdVM9TFNRFP5e+0p/KcQIrZZXYCCBdIMoaGqESGxCTBqCg5suxsRF44IjgzG6mZjYwTB2Mg6YOLQdNKUFTKwYEJ2koYZSqi20j9ff91rPvbEEbXzJyb03Oef7vvOd84Rms4mTXzablXQ63Vyj0fCpqjpGgXq9niiVSqFCofDa6/X+OJkvnATY39+/IAjCvMFg8NMJAgIDqFarODo6QiqVWioWi09nZ2dXWzW61mVvb08i1nmTyeQ3Go1gwIlEgketVoPZbIbb7fYfHh7OBwIBqQ2AZM6JosiZWQED8Xov4fLkJDo7O1Eul0HK4HK5/JlMZq5VJ7YulUrFZ7PZ2MnZviWzWFtd4UrGxyfQ7+xi/qC3txcHBwc+Knn2lwLqc4wls347iH1tNQ67+xzsg1P4mFRht9uZSlitViiKMtamgFzmhjH5RItGA6jBAk3rQE3o4jmapoFMZABo84AAErIs8yQaFy5OnIciF1AoVXBluIlcLsfzdnZ2mB+JNgByN0Tm8Hs8HocBZdycduH2lA11JYNoNMoVrq+vszZDbXuwuLgokYqXHo/Hx9rJ5/O8Zxot3wfn7gcYv4Qg5NJQ9UgLaD6/GlafHHtAzo/TCB2xWGxpdHTUPzIywntlBKatCMzyFoZv3YNx0IPyRvjs1+XIo8i0QeEKgsHgdcIIEmPH5uamm5YqxVhZ38yT21jDtfsLMH9/D+zGgK5u/BL78Sm8nOQKSOaroaEhMA8kSUo5nU5YLBak02k+nVMb72ByDgIzD47dFxfOQN8QBsQ/S8QL+vr60NPTw98sHA4HP2vb3Sh9fgvrm7uoljMoUY1c1EMjLzhAMplEJBLhS8SiBcCCvWdOm9G9EsUAnaLeAPmniu0M2YjmC+Hf3/l/X/yG+6GST9/Ra0K/pm/uUlXAF1Yf/wakxYbML/JgHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLpdNdSFNhGAdwKSNyg6ALC8GLoE8so49VRHVRFFQISlJeREXQBxWSSZDUpNrOTDoxSGvhmokV1TazLeekTBda9rVKmW5lYq6slgutOI7j1vn3vKc4rCAv3MXDgfPy/73Pc3hOEoCkROq/B6v2GdIWHLnhmK1v7ZtZ3PIuo9DmOr17iaUkLx1Ud6g2jgqo+JCU4x7Bs5AEe4+EhbYYMsv9iEYGcU+/VEZkYNkew7iJnHBrgl4YSeYEJJcIGF8qoKw9Bv8g8GkY8IaBthDgqatCsNGAq4czGbBLBhbv5VWT+EiL2Q9cfg2YA0DDe+AxBeqDQPvX3+/PdwKmfA0+PDDCuGM6A9JkYP5Byyy1SexgQM5dIJvqpJdCb4DWz8BDKguhhzxDor1Ig+7afBaG8hFnFDiyp1ZFgxa6JbcR2NoEnCLg2ltqfQBwUzcVhJc1+4c8/Br0urV/A9OKvJyxQ/qmfQ5so/D2ZoB7CVh7gN4fwP1+wEWjGK/XoKt6C9rOrWeATwHUugEn3RBjrW9oAI4TdJPCno80RlfsZ27d9+Eslxitcdpk4HbxCgboFEB1JvKk3CfhSjdQTXM7+yRorCLUZ8PSposvvMZX0bydtf2Vi9JT4avcjIr9GQxYrQBzC2zmVG2nkGIISyncF2mKLiDOKbQ+it8JCqy9dGCe3EH8/KMu0j9AqePEyoSAwFNTVkKAHG7i1ykrPCbAfmw5A46OBbjw5y9kz8nxZ78A90vOcDVd+i0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVBgZBcG/r55zGAfg6/4+z3va01NHlYgzEfE7MdCIGISFgS4Gk8ViYyM2Mdlsko4GSf8Do0FLRCIkghhYJA3aVBtEz3nP89wf11VJvPDepdd390+8Nso5nESBQoq0pfvXm9fzWf19453LF85vASqJlz748vInb517dIw6EyYBIIG49u+xi9/c9MdvR//99MPPZ7+4cP4IZhhTPbwzT2d+vGoaVRRp1rRliVvHq+cfvM3TD82+7mun0o/ceO7NT+/4/KOXjwZU1ekk0840bAZzMQ2mooqh0A72d5x/6sB9D5zYnff3PoYBoWBgFKPKqDKqjCpjKr//dcu9p489dra88cydps30KswACfNEKanSaxhlntjJ8Mv12Paie+vZ+0+oeSwwQ0Iw1xAR1CiFNJkGO4wu3ZMY1AAzBI0qSgmCNJsJUEOtJSMaCTBDLyQ0CknAGOgyTyFFiLI2awMzdEcSQgSAAKVUmAeNkxvWJWCGtVlDmgYQ0GFtgg4pNtOwbBcwQy/Rife/2yrRRVI0qYCEBly8Z+P4qMEMy7JaVw72N568e+iwhrXoECQkfH91kY7jwwXMsBx1L93ZruqrK6uuiAIdSnTIKKPLPFcvay8ww/Hh+ufeznTXu49v95IMoQG3784gYXdTqvRmqn/Wpa/ADFX58MW3L71SVU9ETgEIQQQIOOzub+fhIvwPRDgeVjWDahIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAETSURBVBgZfcExS0JRGIDh996OFIQEgSRhTS1Bg0trw937B9UPCAT3hnJ1kYbGhrv0BxoaXSsMhBCsyUEcoiTKUM/3HU8Fce4Q+DyRZz5DcOkdiqIIiiAo7xiCMXs4HI4ZisPhOMcQOJQbOoxxKHm22UUxBBbHM1cRfw58GUtMIAieTIwgxAQWRclMEZSYwCIIGYsixASCYsl4pgiGwDFF+HWUaDopbfCGHRp+nCWSTktFXvFDOKyuNNYp4LhFriPPaXW5UWAV5Y6HNH+/dbHJIjN6NHlJzMnxWqNIDqFHh8/U7hiEJbp0+ar0m2a4MGFEjie6jCrtJs1y57FuI21R6w8g8uwnH/VJJK1ZrT3gn8gz3zcVUYEwGmDcvQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLdVI9a1RBFD3z9r3sVwrdWCwYUkSLWKaQWOwf0EpIKSIi6QSxWyxSrE3+gUVEQREsU1ooiIRImhSCCImNIcj6kcVNNm/fzP2yeJu46yYXDpdh7jlzOHOdmeG47r+7azeuXMdWZwNiClEZQMHKuHqhgedrL/Dm4Xt3zIkxVEwMtXxYVMCqg/4PIfAw5T+BwDADSGRIJIeq5neeRgSi4QMFRhEVFKMSSBhBCEEIJIxioYyyTYICne2AArc62x+X72Q/MXXQRplzu2kUoV2ZwttvH0CBW2cKvLJfe/3v+7147vYkTc/gSCIYZ3CcYrq/i1s7r3tLs25vmOOOf8FeXlsA3FqYf1T3oQhN/4CzIxhlMA6AK6BYcqhsP2mD7Gby4PPmaAbCTZ67V/dchqRdSMiJRgGapeDub6SdLrKZxboeSnMsRFNuUHUW2j/MiRwAJih5GAco9cEH++hzBfDSGM9AraZWgFEG5QATgnJOljAQ8RnEM1Rc7ZRvNJgIlOnE+glk0DnAxMP0lD0wtY6jHqAyap19ngN5AAqwBwidcQdC63H3C1ycQCWMWM9fFkRJGSX/AxywPu6gryvx1rN24lJESQlQhQnBiAAzFMpVFKsJ4k8bbdNoZWwPACA8vrwERivML9aziYsQVphPAUoxcbSLeGujreyWz63urJ4qAABZ89KC9rgJ0oaaq0EAM9dRxrpOJCvnn37dHJ7/C8hDreOQ71qxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJPSURBVDjLjZJPSFRRFMZ/7804ODhT42iaxZR/NiEFFVESGFHWTilo1SoqEGplQUQEtnSV4KrARRAELZKgVRshgoggUKgoDCUEIxumxpyZ996995wWM/knDfrgwoUDv++c7xxPVQG4f7mjG3jPRhUHx+cy/EPevUvtB4E7QH8q28r5W8OU8m8AaGg+zMPhm1RKSwCPgInB8bknawFxYOLkmbO7kqk0ZnYKVcWFJQBUld59Ofy2LlT13POnzwaADYDdydQWol+LWLHMPR4FVUDJ61sUJVicp755ZwJI/D1CHABxqLX4me2Is6jK+jmDMlGxvGkGcQAVQaxFTIiYsNbB/6kGsIgz65zvLl8jZpYJIks6244ECgeGuDL2TsUK1ijOuj8Ah1gDziLOgYJvK4xe7SMe8zd1LhQjbox9WAVgDeoEtYKqopGhLuZz+8EnioGjuyXJzEKFdF2MTCrG9GwZZxR/pQMnOCs46xDrEKcoEIRKQj1yrUl+lIRtmThB6NAIvFWAIMahtSdG0KgaZD0gofJ6+icmEha+hXyZj+jZ24BvawBxUnW1DrHVv4uqgZpQ+Vp25AuGjOcxs+DwPeX00VbE1QA4RYwgVlDrUOuQSEGhVBH8UDl1JEt2a5xk0ufYoUaaMgnEKXHgpYmi3oYdOVQUFQEFCnX4MXCR0NFUR//xNqY+LpFWy4meFmK+h2gVMPJicjIN7F+7pqXYAPlCyMjQHlCoBJbrF7pW6t8LITZSPP3H1fVdfPU5Cmxow6C+M9fYKVINWxVUFBEPVPgN0HNzn605xt0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLzZHfS5NRGMeFoIsCoX/CEpq6GeWNGypO24/WpuliQ0hf3dyQta3lvGkibthgpF4kFYkI3igKIoleSCmiEDUVf5ZMk4Eazr0nXU3n3n07Z3eL7rrpwBcenuf7fM7znJMFIOtflPV/AFLuJwaqYyrCJLgcRHDYSLLFSi6aTSTBNZDzujpypn9I4lXV5JdKE4nJ7xrTANpQQxXD9BSwsACsrADb28DGBoQP7xEZGkJ0cBAnAwPgX71GuLsb4WcenErLYidFxRoG+IS3b4CJCWBkBFhfB5aXgdFRCC4XwmYz9jkO0YYGHBmN+KxWY6urC9s2O4j4TpgB8lNPHR9Tz30AvQ17e0if2VkI1dXYVyrxXaHAD6qd0lJser3Y4ZpA8m8f8LnimvQb0H2v0X0nhXYPMD4OHBwAS0tIGQyI0EaeQvjKSoR8Puw+4kDyboWiNwoKMn7hwtyUnaivf5dsbQUWF4G1NaTo6KS8HLGKChz5/fhGm/mbhaHo9TzRX7/xzGDMjjyomZp6bEeANvT398NP3+FrZyc2W2zwO5xJlvN6vVGLxeKSSqVXMwASieRylUrV3dPTg8PDQ4RCIfoUs3jh8eCl2SJ82dpKsNz8/DyYR6VS+TMAYrH4ntPpJMHVVbTf1/1U090bGxvR29uLtra2dKxUKpN6vX6SQZj3zwn8HR0dcQZYLiouLJfKkjMzMwgGg5ibm6M/OwqZTHaq0WiuMADzZgBEIlGzyWTiGUCn002XlJQk5HI5tFptWixmOVZjAObNAOTSo1arNwOBAD88PHw8NjaGvr4+2O12uN3udMxyrMY8zJsByMnJuURHLFAoFLscx8WsVmuc6ry2traOqozGJyzHaszDvL8B+W6qBSeP34AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHuSURBVDjLpZM7iyJBFIXnR/V/6nADdaINOprWDUQUFEETE0VxDIwEkRJEEUR8lY/AwLeirbYPFBXv1ilmWmSHWZZtuHR1dZ2vzr236oWIXv4n/pjo9XpKt9vVOp0Oa7fbBufcaDabrNFoaLVaTfkWIMSqEPPlcknH45Fut5uMw+FA8/mcqtUqr1Qq6peAD7F5Pp8JD9673Y5M06TT6STnAC2Xy2apVFKfAB+2+acYDlarFRmGIQPjfD5vQRhjPJfLKRZA5KtBhAc7Ohyv5HL9ehLrupMWi4Vc0+/3KZ1OaxZAFIuBDKvb7VYAHBIAKGN5+mH/KQGoA+qxXq8pkUgwC9BqtQwUC+LNZkN2u4OcThclk0k5RgAwnU6li8vlQtFo1LAAok0SADHCZrNLwft76gkwmUwsF5FI5AGo1+sMFUcasGez2aRgNptJV5+A8XgsOzMYDCgcDj9SEP3V8PN+v8vC6bpOb2+63BEBVwAMh0O6Xq9ULBYpGAw+iij6qhQKBY7dsOCzfaPRSAaE+MYGGAsxF6E8HaRsNqtmMhkTbcPC/X4v80UaaC3AsC6Eps/nU788yqlUSo3H41ykJCuOmiBn9F0cHhJC7vF41G8vUywWU0KhkBYIBJjf7ze8Xq8hRMztdmtirPz1Nv5r/AZMKDFYuHxjqwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLpZNrSNNRGIeVuaSLrW2NCozlSsrCvqifKrG1vyznRDLQMi9TsamsUCzvSWJKC0Ms0/I2hratmVbi3bLIysRZlgh9qFGuCKOF5KaonV9n+yAGokIHHs7hhd/zvofDcQHg8j8sW0wN2FpQJuVNl8u2QC3loEDMtUX7CYrXJDjrx8u6FcYlNVE83KbciOCiNISD9MDNRHaQf3lVQZWMgwYaVNNQqcwBF1dCBbhwlIczfpypVQWlgZvQVZUPS6cag7XpOBckQIZkB9IYEZIPcee02XL3FQU1scKfM98/YOpFFb72XseooRDm9quwmk3QKXdPvdOkrltRUBG9f8A6dBeTw0bY3+ooeufZatLhToLv8IpX2CZrYnsfTtXqVP6YHa7FzFirE/ubJrRk+sM3UHlfwNSsX1YgCNG586WNKZ7SPox9mYYhLwz6PLkTx/n5+G94Bj8BT1x3ni+u3vCPgH/c4OoRbIgXhg5g3GJHowXIGANSXgOJT4G4DkBTXolnMT7oFbPxgNlo7WDYuYuCAxH14ZKTahgHF1A9CqheESj7CZK6CWIfElwrqsRI5hHMtJeBjHfBps/AUJrvn55jbiqnYCR/38JkWzZu1rchvpN2pR0VjwhimglONREYw/fATsOokANZXKDECz/UQeiWsD45BaMFPsTaU4So5AYU99oQ3Qyc1hNEagkiagn66NjE1IKl61fhdlp3I07Be60qx5TjPa9QlMwHxPdDQUdPWELrCSGm6xIBGpq96AIr5bOShW6GZVl8BbM+xeNSbjF/V3hbtTBIMyFi7tlEwc1zIolxLjM0bv5l4l58y/LCZA4bH5Nc8VjuttDFsHLX/G0HIndm045mx9h0n3CEHfW/dpehdpL0UXsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB4SURBVCjPzZChCoAwFEX3GSbBLzMaDOblBduqrAlDYcKCqNFiF39Gp8iDq91plhPvgQOXgX3D/iRM50gDWdKkSNJDmNJxHmbb6kN10gjjTdhA7z2kE6E3cc9rDYsC3GWRR9BbhQYVSuRIFo+gICHAkSFB7H765BsXhQcRTCg+5ikAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJySURBVBgZpcFNbNN1HMDhT//9d926NWRb65BtB8MWAZGwZIGRcNAZD2qA6E6cOKDhAjFmBzwYYzQeOXHHiwfFAOHAZScUEmeUAPFlWzMDyOtm27XdoF1/3xdZ0iYcvBCeJ+HuvIiYlm+vVD535yN1GzIz1EDMUDXUHFFD1BA1RBUVR81+jWkx9xNTe7I5nsMX3y/uimnpjW7mGn+fYa1RxtQwMUwFF2VdI37s2kvVU4gJosKn+74mBE3HPFW6MZncnHybdGaAzKadeBA8CNqsU1+Zp2f0KK8PvguJiLbHDSGIEvOUqw0PRZdJdR1Aqr8RdY6hWqJRKfBnOMTS7T1wu8izDo730RQlLl57o8PVPuzuHQWSWP0RxOuU78zQ9+rHTL5ymA3nZpeYmhigrVhrEESJTXXMxY6ls6O41CH5MoSASJK/CvNY4SsiWSfv3Vy6+h6SGiAVw/bBDM2gxC52urN/PFcvzWNidGRGwGLyQ2/RUyqgoUlt6Qb3XjrJO3tHiFIZNiw+qCFixCZ69vH9n3/6vX5oevdwmpXCRXLDbyKNCs0nRR7KNmrbP6Oa2MKFa6vEiVUM2LGlE8fA3XF3vjx7y8srZV88N+YPZt73ue/2eWXhB2+bub7stSfB2+b/qfiRU7Me0yJmrF3/hHRnH8uNPKXRU9yrZ+FmkSgBweDK3AptW/MdqBoxLZvtF0LtDsv9x5nYP8XlP4pM7szRdn72Xz6YyNO2cLdKMoKYlqr0kh0/TbZnhIflOlsHurj1aA1VQ815bbCDhbtVnmXmlnB3Nkx/M3dVgu5uqnUHUYIoKkZQQ1T4P5XVxsWEu/Mi/gPrlHrAGd9XNQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxVNNS0JRED3qA0MRoqCFouBGN9Yia9HGRa3b9x/6M62jf9CuTS0EV0arXASG0gcUYWIgmvi6792P7sz1WUI7Fw0Mc70z59wz88aYMQbLWBxL2tIEXrN5+mcPWkvrBsZQVNYDSKmglLTZ0J4lwjCER8XZ7OYcSDMxRs/cEdCZSKKoNeUU7u/rjoBMiE8GuKQrcCA1A0XuFK2sZKwC3xE4Zo1UahX5/Dam0yH6/Q4KhV17H+Lu7gKVyiESCQ/dbgPD4QvfSykQlzKcMxP4+fnGJr4seAdPT01MJh8oFve4uNOp20fWQBilQqvAEtBQqE+6IBuPe3h8bML3hyiX95FOr6HXayOT2UCpdIDR6I1r6VF6KK61z5N1ROAkvdBuX+H6+oznksttodE4wevrLbdC8h1GwCMZJF+pgIdSrR6xtCCYWLnrnBuP31GrHfN5MHhgcDRUj3pzbAFarfOFSUf++4tEA3dRwhNCsKRkMv2r+Oe7R7+jvbArNotu/6wC3/Z7yX3TdhkjbDS8eUTi5EoGuLhosX//N34Dm6aVPfzbYjIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGxSURBVDjLpVM9a8JQFL0vUUGFfowFpw4dxM2vf9G5newv6OIvEDoVOnUQf0G7CEYQHVzUVZQoaKFugoW20EUaTd5L+u6NSQORdvDC5dyEd+499ySPOY4Dh0TEK8rl8n0mk7lOJBIpVVWBMUaJAzCFEMA5B8MwPpfL5VOlUrklonegWq3qEr+c/2Nbq9VWHs9XkEwm0xLUy/Lzn5KbD1exaDR6FlpBURSq4/E4HJ2c4jMwmYpcw6vf31be2bAHQTPVHYEFyAr7VeEACzfAQKPuSmlCy7LINBcteifSx3ROWutzlCAZ3Z9Op9ButyEWi8F8Poder0drXTQ1SNUeqalt22EFQrgvC4UC5HI5mow1EjA/SjdEjEQiYAd+HV8BF5xwNBpBo9EgBZPJBDqdDimYzWbQ7XapmeA8rIDLiRjFYpEm4zTEfD7v19lslhSgJ2EFXBAOh0Oo1+vk/ng8Bk3TyBtd16HVarkrCRFWYFqmrwAzqMDzBhMVWNaeFSzT5P3BQJXI3G+9P14XC8c0t5tQg/V6/dLv9c+l3ATDFrvL5HZyCBxpv5Rvboxv3eOxQ6/zD+IbEqvBQWgxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjLhZNdSJNhFMedDj8QFT9QQlFIEHexi+ZFFwrddJERRHTRRTdb9AFJ0E0QiBfBQrLVmvBCsVAG3RXvMN1Ya03YJvsqFbMJNXNjsBbhhox9r/17zrMpih8d+L/nPc95zu+c93nftwpAFYmZRCaTndfpdL6BgYELLJbSWkVShUIxotfr3bSH1vbq6BJkzs3kN5kQjUbhnZ/ncbAiul+2WHjui9m8l6s0rpJQsFZXh4DLhUgkgm/Mr9bUYLu6mmtFIkFgaYnnaM9KBVCZrgz43tgI0WBAKBSCODuL5Y4OhNvaEG5uxueGBogzM+Uc8xtHAf60tODT4CBe9vTA1teHzd5ebHV342dnJzYYyNTUhOn6eizU1iLKJjoESLa34/fwMGJDQ/gllyPCYOH+fmwx0CYDBbu68INNFWxtxbZUehDg9XpRLBaPVaFQQCaT4SKjNao5FpBKpeD3+xGPx+Hz+eB2u2Fhb4GsVCr9H0DFRqORd87lcojFYnA4HDzO5/PIZrPweDyHAbRhFyKK4t5mm82Gd3YDHrxS4vbzy1A9GcWUYeJowK52AdRd9+YxHr1VYWFdwGrUCu3Hu7imlePs2CnNiQAa3263QzU1irmvLzAXmObnoLHdgtZ2hwAZ/ikTgBX93Q8g0fjJZBKXxs/AvP4a++39mkCA8g9Bz5hIJHYIsv8waYJ0Oo1z90/jqfUGJq1KXjz5QXlwAkEQsLi4CKfTeaTGhTFc1QzimfUm70yeYn4GBFCr1S72G+MkqSauYOReHx+b/PWHF3eo9h8NpaVzO3ihRAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE3SURBVCjPfZHNSgJhFIa/C3AldD2ugraCF2E2OdX6c0ZtQAj7nUJoUxZtKn+mwE20CoRW4/hTTukg3xUIugmCp8UMYhs5u/M+L+fwvgKxegRCCSWUcOKO1XSb08as4dat+lq4XQBOsjXvEqBQBHg8z2upJcBJvDFmwhgfn28CRtyxvxEBzVhLjQjwGfLBgD59XrEpBoVYCBgeE4YLucste1xSplBACESjHTCKxB5dbthFx8Im/44QiPqv4jPyelTZQSeLRgWTBTCgF8k6OttobHGBEQK19hgfjw7XkVcjg8kxRnji0XAZ0+Fq4c2Q5pwSufDJh9iT+uKFbCRuksamjAxkLArqPlHllAp5NHRy2BxSRK4vRZ1PmrMDTrA544gSciZT/7pQwowbluHmfuRUutKSy2Wtnj+jSVcdCo7izAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG7SURBVDjLjZMxi1NREIXPC9HCKGGN2MgWdio2utZxA0KKVPkBwqaR/IS0dqYx/0LIVpsuBMFKA5LdQotF1kJWcMvYmBfemzPH4r4X3+pDMjDM3MvMx5m53Gg4HJ5L2pV0OhgMHmAL6/f779I03Sd5WgGw2+l0QPIetrQ4jvd7vR7iOL5fJXkymUweXb1+OzparCQATiCPDsAFkMDz5rUIANbr9dvRaPTMzN5HkgAAR4uVdmoVQKFJHhqlEC9+Og6eBkDRqnlCD8V5Q+4S4A6Yl4+zAeSFyiS7/wVhOWEzwuGHlW7eqEACPp0vgyoJJCA6zAE3hxlgJF4d3I0uKTABLIxwZ+dKUOECXXCGSApff6QlO2BBNpWdBXcHHSAdZAAkqZcABFwsHXQPxS44HSSyuz9K0lT/AopP9PJwKZpvJNMdbgp7oMOsBFA0M8EKkjc7yHIz/h+QJoRZddNoVLZMhxOXFXS73UWSJHskj6fT6RMASM1x9v0XUgdoDiNgRjjD03588wK3Xn+RmZ2h3W5rNpup2WxKErbxRqOh8XisWq2mqNVqHSdJ8pjkyXw+39vmN9br9c9m9pDkt98JJaJgEg+kbwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ7SURBVDjLpVNLSFRRGP7u3Dt3JnMsdcAeNjrgAyoqWiQUZBYi6aYiFbEWbdsZJNEqaBO0bxdkENRKMXobmQVa4SPBfMyoPdQp9To6zfvec07/vTo4TbPrwMd/zn/v9/2vcyQhBP5nKekHbbjmvuDioikqOAc4Wba+t5DaM/69uG6o5B8BIrdu87aaFmDmj2wTBkN0+RPia75wivyXwPLgiZuqq9wGCqxrnRC6Aa7rEEkddvc5xFfHTTIjsis9qG0zOm93bj8IFp2wogl9HXb3GSTDc4it+sAZr8zsgSWw9PH4eXuOR4WkgkXGLAHODMi5hymLCEWfAkuEGjz1I9NZBSj6PUqfiBGCsVGzAZvDg1hw0szgqqdh5Gm2KUi/+o9Vyap7wFV8GsnlbnCqWVDtPB6HWnQWmu+BoK4nUxPgVnMtrJVf8Bcp9KFbdVWQQ4eSV0fWsEoADUIYHPklTZIwdMf6NDjCS0OUlS/KdXbUmgKpOsILbxNpM7ZsvrfZEZ99RG3ZDXvBESy8eQ1tcBKJxRCYLDTiNlZewi0p20389vhAb96uU9WKWkhZ6JjreQZjUUZFTSMc3n2Ijb7El3evWHBivM2WrTGURbXicCOyNArN34VA3+e1ciI7p3shdbQgZ6YTpSWFspBEm5JJ/tq1f9jpKkM4MICoNrVCYnsR5QHnDi9Qf2XzDdzYCZlLpUoGORfCdigW9IPpydtlLVPtpn+mQ5mPjjwp3tp9GYnYT0TJ9zskUy+wYMtI/QMRFwmuFNlcOQVFd8f6+4xAfAtCsh3BFQn+eYnajjuwXt4G/A8rq9LP6XjfvOfai1p5tuekwsn+eF4rXzf9fwCYD6X48OnVRgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHoSURBVDjLpVM9awJBEB2DKIoocoI2goXVgVhoYam9bep0XqX+DU1pZ6EhpZ2FYGsnot2BqJUgaiGCd/j9tZlZvc2ZjyZZGPZmb+bNe49dC2MM/rOsXw9Go1EcQdMYSYwIDbheryruLdwb0Wi0Z663mBlgs4J5TpIk2el0gt1u5+f7/R7W6zXMZrM+gpRisVhZNBEAxXA4VAaDgYbFjBbtuq4zTdPYbrfjZ5vNhnU6Ha3dbitGH2dwp/0eCoVkmrparQSweYjP54PtdgvdbpeYvKRSqd4TFWCSJtpGc6FQgEqlKpqLxVeoVt8AGQFJCwaDMrJJCxPJMPpBWhEMboPZ/ZvxbwMMG8Hr9VJtks4MBhGafjgcHigbAIRhnBGAy+WC8/kcEQBmrdR0+3402VxzPB7hdDqBmYFK5thstjsAExI+81szSV0ulwSgCoDL5dIigxwOBy+SJN+DBHLfYEE10+mUJLSEiai9MR6Pn1Gb7Pf7QVEy4p7QBcpkbrnb7Yb5fA6qqvYxbQgGiUSih66W8JLoRM/j8YDVauWm0k5BzXgTodls6uhBCUF7365yvV5XUFsuHA7LgUCAA6E8WCwWMJlM+GTMS/l8vvzjW6BVq9XiSDuNQPwxoVZuMkYLmTSy2ezvj+kv6wM24KX3CYk6PAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJUSURBVDjLpZNbaJJhHMZHUES51SoiqssWm5SMQekoFwvnYR4RP02dh/yMMhJpW3PaFOuzURfNi8GUDusw3QGDgl0k0Y3QcbjVqtsY3cVAu9uMwqf3ey+EwXBFFw/vgef58X94eesA1P2P1r284DDfDp/ajUhHPQZOCuBr3wXWrLv/VwAf64pFtM0YO3sUN1U7MOo+gr4OAdzSA2Cd1pENASGjGKO2JgyQ0A3TIRJuQJw5DF/HXhha91Q2BJw/3ojLaiHGr2gwwp6A/VgjrhqbYW0/CKZtJ0b6zmyvCRhU7ltdfH4XxfcT+P76AeYf9ePrs2tYmB1DVLP/56eHF7fUBCQcre9Kc5NYLmSx8nGKaJruS/NTuOMRFWpWaJP7tkql0ux4oBPlwj2sfnlKtfIhg8mBTojF4iei0+e2rQtQKpUNKpWKU6vVSKVS6OnpwcQQQ6XRaOidTqfj93HiFawBkOCmYDB4izfypmQyCavVimw2i0wmA5PJhOHhYXg8HnR3d1dkMtkggWyuAkjwEsuySKfTMBgMMBqNsNvtyOVyyOfzsFgs0Gq1sNlsiEajcLvdFblc3lcFLAw1/16eHUQ4HAbHcdTkcDhAJqPjMwwDr9cLl8sFv9+PYi6Kt/0t5SpgMdJSKb24Tg2JRIKCSCVq5iv19vYiEAggHo9T2I+XHOaCwkoV8PmxPzQfavrldDqh1+upkVcsFqP9+an4M+mPrq4uLERFZZLh1rzC0rSvnnRsIs/4ivRdIuOXFQoFePEhshYlEskbs9ks/Dbjq6/5G/9FfwAGy37p9rgYIQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpVNfSFNRHP7u3MiHZqJCumZZamVRaSas0V40i4gKeoreIjKI3iK40GsPEpQEIRRBj/17kYKMSodlZk8rmy42mUjjLrfVnPt/77nn9jt3NSFfFH/w8f3OOfd+v3/nSIZhYD1mwTrN+s8JBoOXNU0bIBTJcoVCIZ3P5+OEL7lcLkacIg4R3sqyzFYI0Ad36UcQZI/Hc3/NGWQyGRtFHSahp2spQRoLsx/EzmzICxJA9Z7j0HUOZkKHxnQwTYdKrGlizUxWS35ECBibremyopiKGAwX4Ia51omFL/Z0zk2f9DEW+L08hRaHHZFYFq1bqjC/kMbuxiqElSXsbapGKJJCe0sNAvNJdO2qM/dEhqrKIHlnVcogg0g8ayqLAxGRiSjlUowytzfX4uDOWoz6ohiZisPCWCml7o4GHO10UK0cJ12NKKo6znqaUFA5zvc0Q0m8R0i5hYev+3Dpzml8mnls9kN65c8ajso85qJLYExEXo4qMtCIo79GUGH3obPtEJw1rfBOD2HS/wHFpBtWs8sU9dThrXgyGsa57h0rRtU3cB1nuo5Bt+g40NCLdzPP4drnxrOhYVhVjYHZOD5/T2BbvR0f/QtmhznnJaYpxBajsEkbcaLtoil4recBXn4bpLMXsBZVlghkjbr/5lvy/96BZHoR08oEvirjkHsfof/NBVRWbIAk2QxpNa/RddVx07l90w33/iNore9A6KcPE1PjiMylbkurfc4k0k90hWAniJs3OHlPkf8A2YeC/G6HEpkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLbZNrSFNxGIcPCJNBIAQRISRGYQWF0g27OJgQVmQFmpViZHhLaiaGeCtTQ1OW09QtS83NiR2XF0bZZZjKXNYq8kMUBX7qU30JIsM68+ldUpH64eXA4f/83ud9z/krgPJfjbVFSZkZsb5grEXDY9F4WP+C4Stm+i9GLTy/EC4QcIZnvTA1JOWG14Mw4YDRFnBdmEHNL1gcMNamY/TGMJPd8Molh61wvxbpCoPl0F8EQxdh5BoMlMDN1GGsybp/ASNWC88EDgY8rNcENIqu/m8nZ54ee6aRjnQNl4Q5csGy3zwfMNKyiSdNGpM90rFGY7AigoHSZaJbLbo+unN92DOqsR1fxo2kCK4f1FBlijqDRu3OjQqPzRa8HaJnCeoaGSgKp69gmntV0JsPPWfkeR5sh6dp2hdOvdEoIXArDapjzIrovsPXPT+bq1Avun24LyO6Km3HDDQfNoiuiiNLusb1URerp3ILYgYlUW8U0Z3FJ1tW84MvQ0R3BkcOomvw+/2JXq93o+gaiuyxZHbGQMXmEErXg/OsBKz5oojuLN52WUxmcLt6bClB3U/0mnYL/NPj8fygNSnhXHtM4LL7BCk2gUvWzo9WFvlVke1+4O4FRHdGdHWiGxfcrsm5B1N3LLn2bWS0R8+VDSSj+hsp7DtEQsNK5mq3BgNkBNtxk+hmyWLC/nw26bw8z7GDwVet3H3Z/Bvs9VuweArpelpHjnMv22tCtUBZ5FFl0a8sJdqtp2XeIHztkYmrD/K4cj+LCvcpKu9lYxuvIu32btZdUmaXgqPdbncg9eYG7jy34Jw00+Wro2OiVkLOYB2vJMuZQGS58ja8WNEvChDYo6rq9yPWNXP7GsMD8Q0rArvqw+bSO3fSOlZBhmMvEeXK1KpiJXTRZRL4gMAf7XZ72cLgzVW6bye74llbEvpeYN2St1HgNoETl9qLKH9eXRrC6ZyMg9nZ2SF/3v8CIIKyHGFPw/kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLpZNfaM0BFMc/v7s/pv25tnsXlrzo2nav3d3y4CaelqLw4l1JEVaUl1GeUHtQXpiSUvKqZFFWJtFajO62K/KwlXQn7syfe+3PPX883AkNKefl1KnzOed8zzmBu/M/Vvm74OnMiayZJlTNVfXO2fT5nX8ChJYm9zRhJFrrWok1xAJRTf+tgyWAU6neDwuyUCx5ieJCEREZ+xsgcHfOjJ50M0XV0LL39sa2QEwYnRr7JKKqqiER4cru641LNFBT1tfGMDfMHccCNcMd4s3xsLribjyeePp7EVUVdcPcyBVe83HuI+KCuRMKKjBz1oVjiMgfAKJk81kaqsKsrG3h/dc86loex+dRUwQlUhdhz7VdLiKIKLcPDATBz3dwbPCgx5vjZKczqBnmirihrjRUhVlTvxYzxzEGRx5w99Bg8MsdiCjqimjZ62KymmIz87x5+YLZ2SLF+QJuxR8jHL13wEWUFTUrUDNKXiprYoqYUZ13ossr2Lh1E2uaYtx/fpPh7EPS3S3nQt8rJ1a2syq8isnPE8SbkiSakiQiKTqiKWSqSKqtEw0pnau3oUGJdMdmgCOVACURBCXz7hkbop1MvJ0kl59CVYmGo8x8zlMV1LGjfT8Ax7su0z/eB9yqqQSQkqBmJCJJRI1cfoobe/sDgO2XurxQmOZ5bojR3CN6tl2ld2AfNRXLAObKABGevBpBVFlc0dwPYcWorw2Gx4aCzckt9I/3UR1U8ijzAOBi8K/vnO5u6QUOA/XAF6Bv+EKu5xvVXGolRpHH+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpZNrSJMBFIY/u40wW5sNkS7LiaCJgakF3tDUMZ2aYZE4M6c0p2KiGLl0ec+cqLPErTTnbW1zltHwkgqSaYo6zRKjX0IZlJEg6Uwne/vcjyhKDfrxwOHA+3AOh0MAIP6HPxrJHgfF5Rz6kpR7ABIOFeIztGWeG6PonwSJbvTrNeE0U20UHfdI7kbSUBJCRbrvfhP3hHX+tgIZlwoFGZSQoRLuBjQUhzJwzZ+OGDfq4raCEt996JblYK5LgpG6dFz1YyAj0BYpQSwIvGhrTVlhlC0FtbHMryuf3mFxSIaPvRWY0uRitqMUC7N6qIT2i68bkvdsKbjDOz64MPoQ8+NaGF6pSNTmekGvwv14l/EtV7DhKnc7eCc3qVLd8X28DivT7WYMk0o8znSH8IHn6hWFK/4qYISoKNaclqTDnD5Mv1+CJjsc6uwwMxv1i5lvuCT3Rr4uGhfljr9JCOtgjYUVWxPHDB3EzJwBLXNAxjSQpvRBarMnEhtPgV9/EjntF9A6VoVM7VkEVdoYfcpoFmaBc2R9ROB5CbQj65BPAanDJgj7TUhpPo0nEzV4pK82B9VjUkj7MtE4LIFQyYZHCcXoUmhhQUzkOK7P67JQXa9DXBeQ0Anwn5qQQO67Ea7oSUNpdwqKOwXI0/FR0JEI+UAhYhq84ZBLrBJTYifTQk8BogQKFPUug9cGRKtN4NU6QTMqhXKkHI0vJagfuk1KkiEbKIBAyYGdmHh7SETsJd40pYr0Igcjn3/L6BHXD/4zE+JJzsnsEVx1BAGVNvAqoyFW4Yma53mIb2bDNd/ys62IoPy8wqw6yermjSLrYxE6OdOv4QMrqHWZxW5bYwVq1+z8VQamj2LeOc9y7XJjAFg5OybJ8J5Nv3EzyJG/HM3eCYaI2PVr/we4bY/dzdCujgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVDjL7dI9C0FxHMXx8zruG2SSUjKgXwklw2WxSB4yGC2iDFyDpwj1T1LK00jq+hduOt6AwU02w1k/deoLkvhm+APvAVRpoEpBxVEoaoX8SZDbG24AkcWTrZ3D+ubByPBCmEv5HCjfVXPrMNq/0WdpZuaaSI3U50DhomrrG/2WpqdzZWJiE7G2CyB3lPDgTHOmGR/bDHUPRLDk4kJ2ZSA9FSR7CtJQCOQF3rjxL/FHwAu8X+2ABKJChQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLdZI/aNNBFMc/vySSpLZFg5QguvgHcXHTImQu6OQq6CDoIDjoIpk6dLHgKA7iIOjgotjNLqJCKXQpooMOFSlWGpRGU/NLLnf33nNIQtKmPvjyOO7e57537yVmRj9uvblmF09fYLW+jJgiKj0pUSNnD1V4svCUxTvvkn5NjqGIIaLWPSwqRNVeHsj7OFyyC+AjZhBEhiBdqWp3rxN2ADLDi+AjecbIZwoEiXgJeAkEieSzRYo2TvDh/w6Cj3P19fezV/OfKYV1CuZQNZqa5Zce5u0nJfg491/As2MfNlrxY7M4dXucsVMYGRJtMxkajG9/4WD9QfPyebcxXJP0uxCXj0xjLHDiYdmyk2isQ/yLSYqJgyQBCTRXqzXxXCpfsZUdf2ASqhy9W7bcASz+AWlj4npK0c5PTFMKJ2+WwzbVkSdo9JXs/jNY3MbU9dTpyWHaQsNvMmNThJTKSBdUpWSZHKZt0E5PbiBxIE2wQPSURgGiYBHUD6z3b5eBI6xD9HvMgUapW2hgFnZZdwMIivgWoU19FBDckmytkCTZnfally2QyRRpb36n1WBpBCCO+ebqvZq6LcgWMIuY9JygJLkJokv4+vJ1rZ0yPzIHAJuPkhsSmJs4d728r3QcEsNiivgG6Y811p4v1topszMv7PGeAIBv95Np36AaHRWJlEIHXIu6S1kSYX7mVXeA+vEP7PyqQia3ZfwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIySURBVDjLpdNdTFJhGAdw120X3XXR5kU33fQxS0+5Yl24lFnQKsvl2nJLM0fmXLNASceKgAv8yBGgJPEhkcIShEEYKuKU1IxcTm0WUDiJ1Fpbm1tZ/855186oLS/k4r/34n2e355z9rwZADLSyX8vCm+WU6fqT38+21S4ztPy1rmK4lXF5Ry//Hwm6LjoHN8QOGOgUOe9iGByCJ7FJ5BMX0ORiosfa1/wTHqQIAQ4VCHbwpXL53iWHPAe7QefJAvq4G2MLY9gcnUcQ0kf/AkvAm4DPvhl6Lq+jwEuESD7inLrCWXJ10BygC56SgpHlofxfGUMjvhjDH7sR1e0Hfq3VmiqKSwOt6CldCcD7CDA3qrOXfRo37tjRojC5SRt81KYIxp4lxx0+mCOaqEON8NeR2Ght5ppBvsTT9Yqai60F/y0vTehPlyBW+FKAliiOvQnPGQKY+Q+TOOdCCjzEPU2/A1wxIaH3a8N0C20ouGVAI3TVVC9kcEa0yO0MgrfkptM0mprwqypGKG2AgaYYYEsqfGFI94D4csy1E6VonlWgt64Fb6EG7aYGTdGK1ETEv6yu+wEcDQeZoA7LHBEJfxkiejQQxczccZtEE8JwHNRKLMK1rRzng6R3xU8kLkdM/oidAh2M8BRFsi7W/Iu38wBty8bXCcdSy6OyfjfUneCbjj34OoeMkHq92+4SP8A95wSTlrA/ISGnxZAmgeV+ewKbwqwi3MZQLQZQP3nFTLnttS73y9CuFIqo/imAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANLSURBVDjLVZBrTFN3GMZPlpgli/Gb8ZNftkRE42VsWYxuJsZFzZKZmPjBDYzhw7ZothgciMplRWe4WMGQrRNEwMJA24rSFjBLa8uhVDqGba1QaksrlFvphV44pxekz95TtdGT/M755/2/z/Oe92EAMCt9zAeEiLAS/xIfCvV3odqmN/cmIudtnVnuYdYRdSuj+bOpgA6R0QKfSfmtoViT0hPBN+hHlMfYqPl0gJ8oD1K/idicMfB1M2UR08m55GIf/E8Kl/+T7Y3VGAL4Y9SH25aFDMK5nnXDIsvjwrYqLmb5dYl0Y8Q6xtvOVESt5cHFocJlY+fe1cYnM7hnnUcX+xKSnnE0ysfRrnWjyzyL1kEd7MrDa7xX/mrxYa6DtDnMVBPz1WTzR47hlp1cnc6NbtMMenQeuLwRBCIx+CMrcMxE0PGPC61DHtzrFcPatScx0bzhKWlzMkEU31ZdK71vQ7PBAxlNE55QOIwXcwuI01kglgZuql2Q6J2olLE402a8mslAeOU3jelLFDbcHHBggiZzq2nEOA5/trbBR0aBuWHYNEUw2L2olj2D0CtosgbHb7DBoq6nqP3bCh+fQiixhiRdXBRVofuBAmO9pxB0ymG3tOOcxAShV9BkDY5WDwR/bDFB1GbGTCxFJmvwhqP4XXwdd5t/ht/eidUVFyZUBbgi6YHQK2iyBkcqFfoTDTpUdYxh0BnGPC3tjaageayEnUQJvxqJ+XqEpvrQLz2L7xu0EDRZgwMld0TfiB7i7C0jamQO+CmwUDINz8h1BBwKJLyXwdZ8hlRQAXPrQZTUiiFosgb7fpF8TowfqlChqIlFrWwSFrMeHm0ZkktS8K5CsNWfIj5dirC7H/0NhxPfFV/enzUQ+OIH8U+nazq4ry88QKH4ETQtBVim4OIvi8G9OPEa50la5QamBxsxXJdX+Z6B0Wg8YLPZoNWxry5UlmCarUdy8a/MdM6ZTyvkZb68+wz4hV6wV3b4Bqu2b8uI1Wr1RiLmdDqhVKmC+vovo3xgCsmQFoklymBJ/g73sRp7jtmRTjwu2yLPGEil0vXEJJEkttPvBQzVu/mhq7t4msTTJF7/Wy6vq9ga15ZvS2su5aa1pZ/ENec/HvofoDruXRuQqRYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpVO7a1NRGP/dm9ubpGlMioGiLdFBHCyFtksHZ6tiQZAMEbqZwTGgkw7B3cmugoOL/0ATujadlIZchCwGWlERF5XbNOc+zsPvnNvUQmMWAx8f5+b8Ht/jWEop/M/POXvodDpvOOebcRw7lEHZRBRFOr+rVCoPxxJ4nlcgwOtisVhJp6cREghSwngjh7OzRezstKp0Ok/Q7XbvaHCpVJrP5XI4OPwGrS6lglSSiBQEkYVhOL4Eutwql8vmwFiAmMAfvX0ikKdxa/2uKWMsga7RdV34vp8oC4Ebi8tGXZ2o60b/04FmFgTSl/RAtHWv+4GyMOr6v0v37k92kPRKmcuaYHFp1aiPXKgJPbBHzIkDbZlIxEn9dgRf/UT6+wGezRxCvXqsxNMN/xzBKVj8bZwm2vq0gha7jedf1oCpLHBxgZTsqUe96gzFpiHQ1kbbqC2b8ckkz81lca1gwc24oPEAEcWx0Fd/2Zbztuo9+GEc6CmkUqmk7rMuIglOFfIhfWccKiTwkIPx2CmggCAILmgH79vtNgaDAfL5PDLZNG2gZYhiAvKQSjsmhwE1m+ngBAzJTEx7E2bsWq221u/3N5rN5v7e3i7SroWrVxZQLs9DDEmdaQIYIAJyEQmwIMBRNEAcxclbqNfr25S2G43Geq/Xe0mjXdJLJS6/AM9RbwIaJyP700TCpdlY3z4CCxmsSc955clnZSnznnDz967KOrC+Dp2wc104yh6mZJzlfwCf3q+o0qkR9wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJXSURBVDjLlZDhS1NhFIeF/oJBEK5ISiIJsaxkTAQTR8wSacY0xdlmbZqkTZ3cmmKprU3naltOd2u5UtFSAiuSaAUVGEKDvphtXuVu79xttfB7Ef16FwRhG+mH8+H9Hc7zPuekAUj7u9omQ2ieIGj0hqB1B76s76+vf4KmCeFh3wzBxekYVGykYdMALbsEtZsfrR+NQ+mK5m8KUOchUNk/vqlk41srB6MosxLDhgHqkdhAw/AilKb3/YrO+cKqQQK5OTS2IYDKE9uvcQZQ3u0vSrz1r7T3au/3obh3Zf6/gGp3dEjpJFCYPuC4Tdimf33Wa39ngfVtLxS3ulHuKdkid1RFi52EOWInvgIb8eVbyZTUHNYlPWLj89M2y9wVzC7PoPNZO446rn8/NrQKzVgMBVaCmhEBFx58RgW7igM9vC6pVvWkot842wL73CyUtwVox2OQ9hFLopd3lbdovAJOuaPY17HCpNytxFH0rfXxC9TejUHS8/JnnokXJfKcLp7VUIsyZxh7GE6XajhaaJJCYszFQeNl5Fxy/aC6vuwuHiecEVx7EkcWs4yMVk6U0kBiDouorq+Cqp50/db172W4qTN3BDTRlXbqg/6kR/xTuT28v4oVoBxeRVYHxySyXQaOKR0Io8QaxvbzASYlgOrKZDYCy9OvyDYuI9PAiajubvrrSsu4gMM0E9cHZCkBVFdXeiOM3kdxlDkiyGxbQpZhCXJLCPrRT6i5GcGhdg7iukVZUgC9rojqshn6IHY0BxO6fvG5AEN/ZcTaxTU6uJZet8CmqxdEvwDWpa/ASC8BSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKuSURBVDjLlZLLS5RRGMbf7zrzebdw8FaSqJAbF0GgRBvptinoPxDKRdDKQjBw2TKClgVJCwmUyMBKydDKS9TCME2tRhs1cZwZ57ud853bfB0HiiAVOvBuDuf5ve/7nEcJwxAOOgPTtk4Fr6ZU1OCAVyBCm2Td9jEdcxG5pBwEeDyZtaRwjAvWSpkAxjkITsGKqJBIuvB903upH9QdE3rd1MLW0gIVCMsBoYq8U8H2CUQNBdJZp33fCe6PbJo+4XZVmRHFhEDKCXaB4Accii0NFlfT8GNt56a6X/er56qog/Cd1aQjRRQictasR8B2EXgIQyblAbX95X9WeDSRPiriz3oZY1pvZ2dH590Z7GB+q7LcjBZHVdhMBaCpEfBsCXDR9p8V+t9lLGlUP7PXLxyJbkUMw4DZ2dm+rq6ujjPdz09xTEZrY8VWYZEh/WAwNxWHwEV1eYDsqsuOCxFDaYRQwGZ8ljeUE31+fr4PY3xFVulM5mQzC4LRypoSy037kEykvuZytDnvAQ5oNSa8scAE0JQcGIeb9LcrJl02Tj+U4gcIoanG8MU35qKzK58SaCux9ZSLoGVxvJvnPfAQrQEQEhTCRhpBYVQB61CNyZY+v6qvrzdisRgMDg6O1+kjbUt+23EpTPz2LA9wMa7QFJBuhxIWQHKHQWmBDrXHGozJuTfQ4sWBEDI9NDSUkc8zf5ueB9gubiqyVJBacBDZXQm2MhSiugZW7QkYfj/NuGi5ttd3a9uxi6bM9FhFmak5fgCmHEXqQFcVEDkBiZVt+edhz8fh7om9AHrWxV5JgWoImXMfE1jbsMHd8QF7AQQyONjxp4UQ9/YLnJ710JgaGucXUi6sr2cY84MeQfmyCOg2p3RD5PjPL69v8H0ByEWXnSR7IoPSzjEt+jDQQeE/zi9kq6pv7shelwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIiSURBVBgZpcHfa81hHMDx9/l+n82x0zadyBabMFtKSS03XGxXUlMspqxcufGrcOMPQHHhR1v8B26Wxi7ccOlKLUlqTJvQ0H5gv8737DzP5/OxJ5RcyPJ6OTPjf7juCwOn93a0X/tSsoIZoIqpIiqYGmqKiaBmmAiiSl21XxwZmbg4eKPntmvf095XlS8k6/OsRGGxJH3AbVfylpS+LLBSmbeEZc7EuNLbwkqduPqOyJkpUSUIBoT5Z5Q/9mMSMFE0KCaKeI9Rg990mc3NWxEVIocZUS7JkVNB5p6wqmY9adU6zAfMB6SSkX19hTX0UFVoINIgRE5UiBJAwhSV6UfUbugizA6T5HchMkP52yhp4zFcQxdiSqSiRM7U+EFYmnpIdW0LkKLZZ3BLzH54zOotZ8g3HUINUk2JVIXIqQpRKI1S/nSfuqZ9WMggbQTvMXXownsWR26hPsOSOvJtR1BVIhe8J1oYv0l1/TaymVdoUKprWkAd9Q2dZDMvEF9h7uNzirsvka5aQ/CByJkoUb7YSShPQ5KQSyt8HR+irrGDUP5GpTRNUr+T5u7ruNomkjTFVImcqhIVNvbyi4YFZl/fpTT5kvL8JMUd56hvPczv1IzITbx9N3Dypu9REVQUEaF3Yz9ta4s8fZMw9Pks2XCKySBqiqmiSjTAMjd4o+cocJSfxu9t369e7mQzcv7gqbEHB/k7xx/Uy4R6OdB6fOwl/+A7Obk497M21x8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVDjL7dI9C0FxHMXx8zruG2SSUjKgXwklw2WxSB4yGC2iDFyDpwj1T1LK00jq+hduOt6AwU02w1k/deoLkvhm+APvAVRpoEpBxVEoaoX8SZDbG24AkcWTrZ3D+ubByPBCmEv5HCjfVXPrMNq/0WdpZuaaSI3U50DhomrrG/2WpqdzZWJiE7G2CyB3lPDgTHOmGR/bDHUPRLDk4kJ2ZSA9FSR7CtJQCOQF3rjxL/FHwAu8X+2ABKJChQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLpZNdSFNhGMf/787Ome8SF7mxvuecJGU6SLuWIGZ0E7WgFRiBdZFE1CDwJoyI6iYvhIqKoqibrsIgwUkUjDCkC7UQ03IW5EfS8muTvec95/SsXE3dXQd+8HLO8/+d5zkPh1mWhf+57LlDNBr9YJqmj/je3t4eKFQcDocHdV0PSClHOzs7ty8TULDCMIzHxMlIJFKwLQpnaSP2reqAgg7iENl1T1ObLLI5IKQFYQKnPDexpRhoPNdjp3A9sSOXs+UOFBwgbhPDvepdnuKz3OZ0c4u7eQI13MUnuRDiE/GQ6F/VAQVLiHpCutQ+xFPvUKfcgM2oRFfyIPpnqiHECUlvP0K4Cgl0IkEPq70OYHdpMWZEMxbSNUjOhjA878nObxLZGu8qAd0US4KqBm8AGnNCwo+UaxrY+AQm03FfCCwJdhUSlBAHvF5vsOvCtwI7sNEIYlu2JltbSDBHdCQSCVnZ2lHLaQu6AQhaaJP7Dpy9PRiaG1ecmYXgT4vpsZC9JRST1/8KyK6RwE8obzPXUKsdh8Mo/y2ZfPkem74MI3TmoubwV2FxIKYOxruvdO9VU7Y8gUr4CfZnC2cxo3+kzoDFVzFU1B9G0efXYI+Owjn6DGW+UsVi1vn8EWaJp8TplVsoSY6haL0f2B/99w9c2gDFZGX5IwQpfIwo2+P2WRrj0PlmpIqnkXE7WLrvBdY8b0ZmcRJpqp+fU2AoGM8XUFa/p2nag1jL1LLvL9hOrOuJw1fKYVdUzE9LjE0xw4J1i+V+52AwOESCcmJgZGSkbuUS30S2tnydmLjssUP9YVhyrYbWhpi8+gtmOYLutSnwxAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLpdNdSFNhGAfww0Cri+gyKLowpMC+LsooEy+SgqJuKqRIiIQKkryoi4zaUmbWSHKdPkYz05xdnKNobmwW6Vi6tbk2TDYl82PTTSr3PXe2s2T+O+dgYwV54S7+vBcvz4/neXleAgCRTf570UXdLda9ORUytW1LDbbkp1TK8h8PLu1rvn92C7houBxfEbA/E+Hn4C6wAQMYTxO8vbkwvMjBYiKED3X7BUQAaFqao6XLgxZyDaxyAp9JArYnBCLjd5CM2bDIupCI6MEEtRjQtWK2rx7t13fzQMUfYHNfx7H4wtQ9xFwPEZuuR+I7jWSgH9H5FrBRI4KeGgTcN6CoKoT3YyMaL+TxwCYBoOi6M5+6i37xgM9YICQ8elnAmKCai4YDJHCPnEDnrUJMdFfxxUg/Ik2JlSPq7anYtAw+0x74zXs54AqYGRLxMN9FK/yem5hySpcMDYfh6hX/DXRR15yhcclS2FEBv+Ugl0OIjFWCmVUgGR9FzE8h6mvGF7MMY21lMJNHecCZBrRUWXhhcrn9ga0IOy4Kxey8BoGZWnwbKsCkbSOGX+cJwFtJEQ9I04C+o5SNTojBuOXc3I8Qn1Nh7v062BUiWHXnWLtD+1TVTxt7anPhfHUayqs7eKAkDajbz3tN5HpYH4swJBfBQq7Fu6aSROZOcAWlLyt3Ch1kzr/iIv0DyHpqirMCvloVJ7MChGJ9w5H0Cq8K6Lx9gAeqVwM8X/6F/Lkh8+43zznRPkqpYfEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFOSURBVDjLtVK7SgNRED0b9iuM2lr4QK1DQIyk0FZsJAj+gH+ilRZb2NjaRHTLmA9QFKz9huzm7t37Hu+u7IJgQjR6YLjDzOXMmcMERIR5EE5qXA4z4sqACYWEC5wfLQXf/WtMIuDSoL0A7DZDjBj/uYI0l8jzEEJYJMkvCEZM4PqZIxlzpGk+kSCY18TGtGYcx9Tv96dOqBUMBgNyzsFaC621312Ac+59yJFlGRhj5VvVoigKvniglEK32w1mkd3r9ejPPAjOhqdknYX18p1/rzo3pYqTh0OSRkJI5UMgPn4s61sX66SkhtEGcISGsQad5gH2FvehfV5BaIF2cwet5RZyKeu68pe5ubKG7dUNP5AQGltMN57Mosgr5EIiVQmYGvtc1PVicqHY+dXpk8Dg7v22XKFo1ARe9v1bDOlXKKKCs4Sn1xdU1v3vIc2CD3bN4xJjfJWvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLpZNLiI1xGMZ/3/edOWZojjkiudbMuEVMM4SMBVlbSUpZyAIhG4qlkcJWycZOSslCMTNFuYVpRrkzLuMy5tA4xulcv//t/Vt80ZTLxltvz7N43vd5F+8TeO/5n0r9JNLTs9A7t8FbO0WsfSvWdtdv2VIAKJ45kxWtt4rWh5xSQ6LUyeldXVcAAu890t29zzt3hPp0ljBCyiVMofhMjNkmWldE64t1U5qWTpjXiiuVqDx8RDX35ZxTalfgrl7d6K2+HC5cQBBGYAyk05jhYWrPX350WpcbWpsX17e0QGEMwgiasnzv7eX7oyfHUmLt3mjWTIJqFXJfwAlYS13zHKKV7XN9rInqG6D/AYgkBo0TyXSuId/Xvz0lxiyJMhkYegfGghdwDl68JpycgSiAwTeAgLYJ5scIWgUXx5mUGJPGOYgVKJUs0CZZMpIDaxNnEfAOlAFxYDSilKRE66K3dlpgDcQ1sC4ZtjbB8dxacBZSIYQhTqkwFKWu28FBmD0TKmWo1SCOwagEdZxgrZYYlEowv4X8jVuIUudDp9SJyodP7+NPI9C2FNJRIipXk4FqDVQM1QrUhbB2FYXRMXJXusdE667Ae0/++PFlotTZhmzjiknLlxOO5mDgCQRBcnq1Cm2L8M3zGO3p5fPte0/FmN0d/f13gp+v/Pnw4clOqQOi1P5sR1tj46wZcPceFMuwdjXFbwXen7+gRevTYsyxjoGB/K9PHF/vduxY4ZQ61dQ8d/XUDevBWfJ37jJy/eaQaL2z/f79a+P1wZ/C9Grz5ian1FHRek92zozg68s3l0Trg+19fUO/ib33f+3H69ZtetjZuf9fmuB/4/wDFoO2ZVesLdkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKKSURBVDjLjZJLaFNBFIa/ufcmJjHa1tYoiCIiPhCfoNKVoCIuFAWFLqS+QKXo1qUg4lLBhYIgNiiCBBRBxbe0Iqjgo7WgFsWmtmbRhlhNSczNnTnj4ta0xY0Dszhwzj/f+f9R1lq6u7u3jj65cF8XcuihLFvSvev5vzOsurq6VhhjXkhQmepiyF88zObLH/5r2vO89V4mk+ltbm4+Fvt4L51sBCwEQTCpUUSw1k6q4/F4KNLS0rLEGHNeUq24aIrPOv55yXEcRKRWK6VqgjWCaM+99LSUBQkbAE7dHEIELIQDAgKc3N00vkaNYGYrrtL8etpZExCBZXPjYwLhfd9fAsAYA4Db0NAwUldXN1h5eWOnU+yhku1n4a6jHG//QkxVGRj6hV/x+fS1QG64SMyt0tEzws3n3/lW0C8nEOzFVZqRJyHB73KFjesWs2NNkruvvnNiz9JJvlztzCPS1u5kMpneXC53LP/wCqW318BarLWU/YAfoxqAx2+GaoMVDUUf8j+rKCUTPdiHi2bkUceY8wrXQmCEs21rELFYwMWS8MD3fYql6ngKzus76ekpi5jQ8VjEoeIHnM704yjQRhAj44lYSEQmEezHQVO434FSCi0W32hcJwJYFCbMXyzWCloHVKt6AsGr2+lkSiBMh9FyQER5tG2bhpYq4IAFq4SYF+XM9QEKxdIEgu0HQoK7nbiuixGLSwThN+3vjtCUmIfCIV8e5NDaczjEKPtjHmitl6/+9KAvMSOOtZDNZvE8l/mzYVZylE0r11EfnQMO/KzMITVVk4iCpxTq758+sKhxw7xkdGOuFAxe/lzoWXXw1qUlC5pW1E+pJ+ZNR0uAEkFZg6gyvQN9DBcD/gCIAXUVRPlHKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALFSURBVDjLjZPfS1phGMeFXdef0bVXMeiiQS0hNeeCuuhKUFzKEnU/lDEKxZazaEop20Ub1QpaRhdrjFVgGY4RyEYuj80y7SfMNH9l/vzufV9mrO1mBx7Oc77n+X7e533OeXkAeH+Gz+dr8ng8Y8vLy/6lpaWfi4uLybm5udD09LTr7ZTr1t/1V8nm5mYdMTuJuRiLxZBIJJBOp5HL5ZBKpRAMbsM1bim9dJqnxhxD9dcAv80fd3d3Ua1Wkc/nQSHRaBTxeBzlchnV8gVKFyF4VmZgsz72Dj17Wn8FoCtTc7FYBL1KpRLoczgcxvn5OYMWLo5xmd1G5fIHPn14A1P//SkGIOabpO1KNptlhkwmwyBHR0fgOA5UL5dLyKU4FLJB1kWRhE57r/JAr27iEbPz4OAANEKhEDPRPVPQyckJywuXKQIIEGOM5GekwwK8Xi+USqWTx+fz8b9BZ0PByWQSe3t7kMlkXxkgEAhgZ2cHGxsbmJycZMX0fnh4yPSaRgcbiUSwv7+P09NT9PT0xBmAFtVMFEKDajW9dvd9j+BLIMyCix5D2tl19g9gYmICs7OzsNlsLNfr9VhfX0djYyMsQ1amWZ/bMP56BoKOTu7aFtbW1tDc3Ay73c5apJ+SahaLBb29veDIkKlGO6Q1QpH42z9D1Gg08G9tQSwWQygUQqFQwOFwwGg0slxEdGO/mUF0Ol2G/UikwElXGrSa2WoU4Oc+o63tNlZXV+H3+9k23G43BAIBLPZXDGAymfIMMDw8XGceNK08eqJHn6aPAR4a9GhtbSWQNkilUhY0b2lpgUQiiVMA+Q+SV4dpYGCgTqGUv5PelVZHX4xi3j2PhYUFuFwuaLVaGAwGllONnM7EyMhIkmwzeO1oNjQ03Oju7pKJRKK0XC6vqNSqqkqlIp/rzqFE2vFerVbnSOTJu2x7e3uEDJz/C4Myz4QSsAdYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALLSURBVDjLpZPfT1JhGMfprnnd39B1986rtja3TEWGBJocEYbya+oBzgJRt8xwKjoCf1SgqKSiGUqlYiZzGpY6XebMXFOxocIFK8p1c76d8zpXq9lNF8/27H2f7+f5Pu8PAQDB/8RfC2/u1WVErHTmS1oniyko7Bfmk4iVlmCG1t6KWOhMvuZcwCpTHU0a9EioVTjiRCmGQYqmSZ7QlCNZacCyuSp6LuCjVMR+sVpx4uzAkboMMYmQBJ/za/zeB3EOGzbqLhNAndeWYXRVZxocWpl5UI9d4XWkfT4ktRU45kbgRWewY5UScaqIGykXHOAKAdz2GKMNIStsYyYwAQP2RDfwIxjCN7cLiQoVsZys0uNzkZSI+VH2Jfm/AJqeMtYxfRe+xS5YR2lC5wFpdwfSTidSLc04lBcR8SFVfAr43YHSW4zZzSk4phvBjFRi52YB6Zx2d+JreztSTXbES2REyAMOuO5bomzWZHNfNTf7MwTqHjmWPi1gaiOE4aV+dAfqMa+jsCvJIzfBu+DP4kAmwY4wG7MKOWrtflR2R6BpGIgKyntLsbA9h4m1UQRXA/BHPTAN62CzuBClpNwN5GFXnItoiQR3mDao2sJwTKzD4ltELjPECjReBTu2MoSRZT+GlnzwLnSBHtIg1/oET6M7qPe+grJlkoj44AHq9hnIm15AaAtCUOXQZ2nd6ri2T4WuOSf6X3vIWeTbxjCzFkNgfhueyXeo6XsNQ2cERfbnRFzaOg1RXfD08ZycnFwwtOkUSheVrvApUN5LEfrkyh4G5rbwmItH0xuQN08SMcU54gHEwZ8vUd+qvaR3aC+Ka0dZb/g9POFNPOQc3OfsF9tPO/MAcf04coyD7Lm/TGXtyJJZeuISrtAeeAtXaB2K1jCkjc+QYw5AbHyQoEzOa//8qvxo6pruskKmNy2uG+csj6HA2PtdbnZVn9X8BLLktmdBdpY6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADMSURBVDjLY/z//z8DJYCJgUKAYUBE+440IHYh1gAWLGIzgXgPFINBVFTU/1+/fjH8/v2bAUSD8N69exlBcozIYQCyHUgZAzGIdl1R6bGHVBeEAjW5Qr1QDnOFj4/Pf5jNMHzmzBlUFwA1hQIpkMZ7QKxErCtYoJqVoDaGATXcg/JBBnQAsYmdnR2GC27duoUZBuQAeBhERkZi2IKOYbEAop8/f05lF3h7e/8nZDsy/vz5M5VdYGtr+//nz59Y/QvDf/78QcbUcQHFuREAOJ3Rs6CmnfsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLdZPfS5NRGMf9B/wL+keCbr3wStArL/RKEdQLCxGEGqLJgkQx0A31IsUmKRbohSxds2Ws0ja3ynLzR20sdb1be3/YptPt03OmSRN64fOel/f5Pt/znPOcUwFU/Ev9A/ctYUQICpqQESKCU8Wu6/9NrBQcQv5FIMbnuMG31Ck/rDMS6WNWgnFU7FJTWWZwmex2rUY4LxRJGPB83eTZR5N36VNyIioIKqY0SvvX5K+BQwX0PKXHEvW0T2fS/4uwXqAo/2TAKFzEL00cJQP5uCkUYuk8029TRFMXoqVADufLFLvHlCo4kpcl46miWFQGBZVbmn1Z1rf00WDCpzG2qvEpATtH8DZqyXJOSJ9AUgwMKSVzDqawfLEnDmUQCsd0pt78FIMkzldJFoMGc2u7SnComH+zhyVJTqeTr9oZ4R/nhGOGioeUQWor8VtmTjImyeNi8n7PUsED4cYlB+MTE3i9XoYejTC3npYqs0qTujJwepM4PEeMeA5Z3y83eDw5ic/nwzAMPB4P9+0PCcWsK4NQ6HsGh/ewlDz7QZeNLKLKVuW7XC78fj+WZbG1tUUmk2FhYYG7th7q7Uvhq0307+cIJyGehT1T0GFmZoaNjQ2y2SzxeJxIJEI0GkXXdZRxc3MzV23MS2uS0qPtDAQO4XUMpqafMCFrHx0dZXh4mIGBAex2O729vdy+fYeGhsZs2UHSpF1hDdYkeXmnyOKXM+bDOWaDWVwbFk8DJuuxfPlBun6UE2aRTalgZeecwcFB+vr6sNlsdHV10d7eTmtrK42NjdTW1uZqamr472UKfjfo7+/H7XZjmibb29sEAgE2NzfRNI2hoSGqq6vLr+b163zP1lPs7u6ms7OTjo4O2traaGlpoampibq6urOqqqrjPwDsCp2+T9HiAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKiSURBVDjLpVNdSBRhFD07M7nF+rc67s+ILqS4ubBpEERoIFKwC0IIlfYQRlE+lz3UQyFElBD1VA8R9NhDP/YmkYbUQ1T4oCStC7rF6G5ri5o6rePOfNOdb7YfH4KgGQ6XuXPvOefe+cZlWRb+55JGr+37KwNjFodJMEwGk2BHw7Cjk5PswtrWZjDTBMgNd2QJsFktnqIcY2DUZNfYhGCUh4DJd5MOATMNrMxnkV9e/Sflsopy+JXAbwcWJe3mFwffghsAnPgT9HxFOYfSHfU2PR4M3kONz8eJBa5Y3MLY97uEO9BdM6QOGEUUaJQ3Sy1g+SkaZ5MrW8UdCI5nx/aeyhQ1P8JLrR8FtkIF1GwQCWFKP4SRxf1YXZ/lyrQWPqLjoEhg0C72lrVQgYlXG4dRQNIhIcys1+LZylmcn7v/y4HdI/GFURVfGCtgenUKXbUy0toGNLELS2ut8LIjUBfbsL4RoFoRu3kP20pgs7bIOURKAxA/1qM65YW/+hhS2RlYbY/REH4IPG/CTt8uZJr6kPhGe7JckExOYPG5ZDGED6NZ1NPdc6IHmqahYb4Br9+PgZXoONrdhxLJjUymCRMT1VCTKUi2MqN5tntKMX15BKKvEwdOduLqhVP4vOxCUFEQjUaRSWdw6+ZtigsIVQk43n8R6qdZCLYyyEqFV8aay4vyCi//MJeuD6BQyKO3txft7e2Ix+OIxWLQ8xriIZ3XlFd6HQdziQQ/YZtrQHpB5S8HB27wkzc0NASPx8Nz9kj23E8SDKdjQIZqXX/+jZFIpLmxsfFpR0dHoK6ujkmSVJXNZpFMJuF2uxEKheD3+4nYWFJVVRgfH/+yhSAcDovBYDBKisOKotRQk0hpIZfLnaG4IMvyMMVtuq6b6XT6Kznq/gFyr64cpzvFtgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLhZNPTBNBFMa/3e0/ty1tiZUChkZAESnGA54k4WRATQxJL2piYpR4UBNvnrwZPXjwiiHRBCVBUMJJ0UrlYtJEjI2JBCkEbLGhWGxh2+5u6W7XmY1LCkJ8ybcz+2bm9968mWE0TUM4HLaS9jzRxXK5fJS0h4lIt/yNtAukfUIU7u3tVbHDmMnJyWNk0rDX6z3u8/lgt9vB8zwoeGNjA7lcDolEAul0+iPxXQgGg8lthFAoNBWPx2k4bS8rlUpaNBrVRkZGBim4Uiz5tNXU1OB/Vl9fDxLkzE6/iTh10urqKmw2G6xWK8xms+4TRRGZTAbJZBJNTU0UgD0BJpMJ2WwWsizr/4qiQBAEFItFfYz6dgOwxl44jtMzcDgc8Hg8cLvdejEtFgtYlkVZVdFQnLInXnVPz/cHrm0BjAxoRFIsXSqZTGX4aL+0MI62didf13Ovw9kcePjlwZGebVswFlDRbPRFf4Gu/DQc3nm4Wk6jEJ+A2dlS7W4ojk3cbuzbAlRGNwBGBryyBFf7OajiDGz7D0JWf6K26wSvFLL9OoDKiG4AKzMT1SqUsj/Acmtg2AIsVWuALCK/UuRMdAI9KnITkUqlIEnSVoUt8jICmMK+WlJEJUMKtk6q5oRW2sT3F3PyzJxwnWZwJRKJjLa2ttr9fr9+DxiGgbj4Frz0Hgc6OqFthsCoOcy8FiRTbkXgyHhsUbh5eXhpjKFpDg0NHSKgu0RBcmQuenxt2jgaO7uxudZP7oELsx/y0udI6pZfll7a7By6BhM5/TFRQKUNDAw4SS2az/rePKvrPBVQ1iOYffc7/zX668bVp/PP/3mNOwGGfXp08r6j2tMnZgpSLJa+c+lxbHS3eX8A58zTPyvL4X4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLzZNvLNRxHMc96qGt5z3uH3FIrEUlItel5VLtbjbcdJhwOBoiRpy1zhNNVsymKbNl0mit0hbTH0dDtRul21iju19cjuN+r760tbWVZT3pu70ffl7f9+fzeX+8AK9/kdf/AZAL8zRCX4SkNXnyDZLHkCWtZmZIK2nnJbcuRVpOTJSWzp6TXPFqafF43Jzz6DHtOkAUJAg56e2B/n4YGQGrFcbH8Tx9wlxrK/aWFuabm3E03MBmNmO7VMpC+BHnfGhY3BrgFTcboasL2tthbAyGh6GjA09+Pja9nmmdDntKCrNaLa9VKt5VV2PNykEKCLGtAfxlo+GFXFMF4jemplh/fX141GqmlUo+x8byVWgyIoK3lZVM6lKR/PfNOHYFJKzPQPS7VfT7wFNWCp2dMDMDFguyRsOcKHQIiCMmhomqKj4k6ZD89k7YdyoUv2xhRZ/q7U5O7l4tKICBARgdRRbWpagonNHRzJpMfBTFDt+gCfsOvz2/XeOSRuvtSjjT7TYW/ACIGTgPH2aptpZPmVmUN6rd+junhzbMweKJk97fYpQPl4tKkNvaWKmpwZ5toKRRLRc/zqWw9wLxt5SWDYO0cChy2/z+g9ZlQx5OgwFjU7xc9CiHpjf1NFjqSLubRGRt2PvwipAtf0yYFBjqI/odrLimciXePuXOvZ/O9SEzdS9NZN9L50BZsCv4oqLnryOrqo/CPFiNqb+c2KuRBBn9Qjd1C8IyV55fpvxZMYF5vmz6mIRlhGUUOT7sztj+E/Ad9GPLsXC6ErkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEwSURBVDjLpZMxSkNBFEXPD2IhVmKlS8gGXIBdsHQRkt5dWGYfFmYXtsHaQkTQRlDIzHv3WsyPIfiDSh4MU8zlzJ375nW22aX2fhPc3D1v3JA21xcn3Z8BAKdH+9hgm8fXMuzg9v7TBpRgwIbLs4MOQDYSWCarhgEpOD4cIcCCl/cmzDRKkEzKlNgCsCHddhlWugiRaVIiE+oyhwGRNJs9IHtdTTeITOZPByOA6XRq9Q5C6zWZTFyLqSFqiAhRqhiPx94AzGazbuWgLaMU8/m8KyWJFFlFDVOLWCwWP9sYakHKbhn0Tyghovr7CXVbiJki1a0z6E3WZbMvNU0t3hKi4ektyb4jqx9eQkQay62V3gK4Oj/shn5hrUmGkVcQ/W8WIszD4weyBs+7XadxxI71BUieEw+8ru7iAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLjZNNSFRRFMd/970ZNbX8KCHUCVxM4CYSDaKkoAgywk3gPoyCyFq0cW0bSUTIcNEm2uWqUEIIrEUqUoFZuZAEFcPGD9LRGOe9+3FajE5jCnW4l3O53Ps7/3PPPUpEmJ6eFucczjmstVhrMcZkfe7UWmd9S0uLigBYa6msrGZ9YwNEIDNABAFEJLtGhLKyUoaGXgGQBawnk9x9NMr/WNetU4Rh+AdgjNkOCdWxYxQX5hGrKKIgP0JaC9o4tAUrMP7+E+KEIAgA8AC01hmZgFKKVNqQWE+TCiwiYKwQGkdgMmdE2K1Aa43b0acUSik2UwYnAaVFUSIRH88Jsg1w4vYCxGUQKgeyFVpC7SgqzMP3PTyViSFuHwA5KSilMhBAlCIVWJQnmX3A/Z1CGIZ4vgfA/NzsP6vgR/y9gLxohM4bJ7FWiEajLC8tUVR8CBFhbW2VRDDD5MIom1tJugaeIfZARrGI0N/f3621Pp/zy8q11m+qqqpajTF8WBieKKmxdfW1DVSXx3k79ZLxr++Ym1ntVjvly7Wenp57xpjms43nLpSUlPFwoI1rV6+A79Fc20b38E18PJ6/GEhHci/29vZWaK2X4/HjlB8+gtGQSKzw89cKUVVMU20rAPcvPmHwSx8wULALEARBQywWo6npMsYYRAQR4cFgkqnFMSYXR2i/9JTO19cp8PMB0ntS6Ojo+Ki1rs/twHk9iVfzgzMnGokfreNbYoKxzyN8n03u/wb72ek7lZ3AbeAgsAn0jT9ebP8NoAhq3YVujicAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJISURBVDjLpZLLS5RxFIaf7/NCZqiZYYW1sEbTKWsTDUS0sFpF/0K7aBftulCbTIQWQi1r0aK/IKhFIBUodlNKKtBIy2qsKUPLacbvdy4tRmuhSdDZHDhw3nOelzdyd/6nypcbXnx25oWZplXNVfXOpUzvkb8JxEuXT9djpFvXtJKqSUWimlnpgyUC53f3fEskyQcP5JM8IjKykkDk7nQ9P+tmiqqhpe5ta7dHYsLzqZFZEVVVjUWE60dvrl3igZrSUp3C3DB3HIvUDHdoX99eq664G4/Hh5Y3UVVRN8yN7NwkM8UZxAVzJ47KMHO21qYQkeURzj085apKTUUtjdWNvJoeQV1LOF7Cqsy9ZT4pMB1vQkQRUW4fvxvFAJcyvVHPvitRbi6HmhIsEFQQE4IJwYVCmKepoY2Kwhsy6T2IytIciCjqiqhS+fktZglugoqwsb6Ftg17+VHMc2/wGlq27Y/Ayb7jLqLUrapDzQgeiC3hUPrYbwTDyc6+Z2fTPuaSAkOTD+joimvLFy+nG9tQnInv47TXd/Dywyjqxrvp1wQTxAJBA9/nf7B7837mwk8eTfRPlwMEEQTlWW6YHQ27GP80QVGKiAqNNVuQBTOnZiepX7OB4fcDDLzp/5IIh0sfBEHNSK/rQNTIfp3Cpeg3Bi+TWBIVJWFrQ5pM82GevOunb+zup0TozHb7qwUE4cnYU0QVEUFEi7dOjFcBHLx6QCtQhj88jKO4ivtjfR8TozPb7aO/c/Av1XwhyquVrS6YNue6fWJx/gvSRpXk80tR+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpZPPS1RRFMc/970341N7Ehjij/wVQWqrFgmBiyAhiDYtAqNFmyAIWhSEgSC2CeofsF20bVMIblRkAtsPCgmGEpk246+ZcX6/d+89LcZf0UbwbO7lcM7nfM+95ygR4SzmcEY7M8ADWJm+nvSbBgaUOskTqvnVdaOzN4DqP1kKgOKVu0vaA1Di9HUOfYgppUBqySiFruxcSidfr8uBF8CNN4mYaKvwZ/4l8MkDQEsFG9ZVU5OY0AWnCaUC/PZbtA++jSMCWBALCMo51/pjamj8GBApR2yICeOIFWz5F1ExTWErQcxvA4nAhohoQBP0jcYR2330BijxrS4TlkDCIlF+n6DvEX5z/0HDhwqkpsA7D8bxjgGRg1ffwvn+x0eBgsWGG+jsHGJyiM4heh8xBfyLY1AVTgBExFSwpcVasMkjOouNMojJgc6SSiyR+rpMaXOPWMs89R2ux8NDQBURq7HRdq2SySE6e3DPkE4sU1jRXBsZpa73KuXFGb4vzHqzw7FntY8PRRQG0XuI3kWindqpdxGdYX0uyeWb9/FXE6iPD2hY+0xPVzOi5LkHIKHN6NJuQ1SIB9jAEYmBDUAuIKZKtPMFv7UX7rw4nsCJNlyremqASvXd2vt7gwjDKIL/5rXerSslp1Xj1FOq5RQlIL/vYlw21Wm2cWGkYyIeNI51NmvPc36T39b8TLsmqsi4Ou06fxvpelXc23ziGtVtXNkQmLw9o9/8BXTmMmWfiWeXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpZNNSFRRGIafc2fGP3Iaw58SSVyYJRHGCJUVtGldJLZoUS3atIqkdYStwkWLWhjiJghCpIWRLSKMQENFC/uhhsixn0HLTFPn3uvc+30tprlOIVH0wuEsDuf53vc73zGqyv8oDHD6+tPzQC1wAIiDKopBFMsyWAZEBPFZiIT1bUNNtBlRLrRuN6gqp65NdOs/6krvK1XVrAPgIEDP0Hxg7U/BzuzfxOv3C24QAdHNucP6ykIAjFn/8ptZFwDbyRQEAFUtyVVNfHb/qnnq+2YNIBrOWVtPK19GWZweoGpXO6GCaNa0L+QDDEDbpYc4IojCvcuHmUotgjjou9vEqltITvZiVbdRV70RFR8AKwvI0ubsDHt2VDFve0H1yMIg0co40S278WYeIctT2QjeL4Bsz5ccn4wqaTcLUDvFyvQApeUx/O/9VDaeYDXZh4qHiLcGMD8duG4GO+PjOxlQJfOhn/L6I+BMMHrzFhtiNu6nERanh1FvNc9B3qvnJnt5ZoJCWaK0LI24U6CCvzxG3aF2Pj65QcSk1wDiSUC4P5QkbITUWA+xrU1IehIVm3hrA7KaoqgoQbRmL83FYxoAfJEkwPOuo7zoPsaDcyGKyuopKZ1Dva9gQozfSQCCOAkqttXSFBnRxx07G42qcvzi4FVV3aaq+xApO1vRScvJLkJWEvW+/TbYFqHiBmZfPiNxt6PPrPedhzvjc+pLiYqiInlLgx0RVHX8BxTzXjKQ0/OBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLpZPdT5JhGMb9W+BPaK3matVqndXWOOigA6fmJ9DUcrUMlrN0mNMsKTUznQpq6pyKAm8CIogmypcg8GIiX8rHRHjhVbPt6o01nMvZWge/k3vP9duuZ/edAyDnf/hjoCMP2Vr3gUDj3CdV6zT1xZ6iFDaKnLEkBFOmPfaZArWT5sw60iFP+BAbOzTcQSqDZzsNRyCNkcVoaGghzDlVQKylOHJrMrUZ2Yf52y6kc36IxpyoH1lHF7EBgyMKV4jCJ5U/1UVscU4IZOYEa3I1HtwI01hwxlDLhDoJD/wxGr5YGmOLAdRIrVCuhmD3JdA6SQabx12srGB0KSpc86ew4olDOGjH4x4z0gdHDD9+c4TaQQtq+k2Yt0egXYugTmoVZgV9cyHSxXTtJjZR3WNCVfcK/NE0ppYDUNu2QTMCtS0IbrsOrVMOWL27eNJtJLOCDoWXdgeTEEosqPxoBK/TwDzWY9rowy51gJ1dGr2zLpS2aVH5QQ+Hbw88sZ7OClrGXbQrkMTTAQu4HXqUv9eh7J0OSfo7tiIU+GItilpUuM/AF2tg98eR36Q+FryQ2kjbVhximQu8dgPKxPMoeTuH4tfqDIWvCBQ2KlDQKEe9dBlGTwR36+THFZg+QoUxAL0jgsoOQzYYS+wjskcjTzSToVAkA7Hqg4Spc6tm4vgT+eIFVvmb+eCSMwLlih/cNg0KmpRoGzdl+BXOb5jAsMYNjSWAm9VjwesPR1knFilPNMu510CkdPZtqK1BvJQsoaRZjqLGaTzv1UNp9EJl9uNqxefU5QdDnFNX+Y5Qxrn9bDLUR6zjqzsMizeWYdG5gy6ZDbk8aehiuYRz5jHdeDTKvlY1IrhSMUxe4g9SuVwpdaFsgDxf2i84V9zH/us1/is/AdevBaK9Tb3EAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALASURBVDjLhZJdSFNhGMcPSMJACLr1wptAkIIuC6zFKjJDb6QurNiFaCH2gWiFNh1rLodNJ/iBS5k5RdvcSSunpTYrc+QHSHFwbmzNbWd+bE7FWFgnn/6TFrKsLh4OvLy///N7nvMyRMTsrq7xUCpK0/EuNK23BgXd66DQPLw8XW9Z0jwcCKTG34+HiwFG+mfWaGh2g4Y/bdDL2XVip1apfSxI91k+UmHki/8IAJjYOR4aZCfD9GJmnTreBqnx1RKhK9U8D5DqKY/vIrUMr1B1f4Cu6z2DV1vdib8D0FXLfgiTeXKNoCsAlEBXFOtS3uMTlXZ5JbceewRVH09lPV663OTS7ATo3wQPt2LOvukwNQwtCbWWQIr6WSAJukroTtzt9k0Ud3iVhXpPUoHOnSJtdgnyXp5y6pxCdo0jjWkZWdY+sYXo0ehKVFdSxfLJchPvrhtYokqTn8q6fSTv9VNes8t9qcGVfLHeKUEI3Wj30FmVXcNA185OhUndz5PCzIuga6odWCToGgvb3OK8FpcYusbbXV7KqXWYstQOUYZ6HsFeEis4joHulhnLgy5BNwG6kTvoCl2xzWbLtlqtadAVX2l0UabaHjldNZdwUsGRzOijYzJunYHuVvf7VSrt9Ea3K7rW9jmqu1Jn/pgO+LvFYvlWrR/NgO7CKeUcHVdwovRKbme0o+XcJoPtOpWsn6AbgW4idE9EtwvYYJ93kH3eSQaDoSN6ll7BHULXfQD951Tz0QCOwXZvQrcAi9kf+22AD6Dzptls3ga8rdPpeK1Wm7T7AQEWoy4w8U8zWoCbAAs+/yIteHkCLKhUqgd73d0LPgL4x6/O44DHAW/LZLIvJSUlB/8bAHgE8FfArbEzwAbAm0VFRew/AwCfB+wHfC/+ImB5fn7+mFQqPfPXAMBgddl7zRotwFm5ubmZqITY2U/WPMCPgs5K+QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJMSURBVDjLpVPPaxNBGH3ZJCQkVSEkJJja0MSCabHoSUEKerAgggRy0ZP9F4QeDAhepKeeBA8GPFQCEutdCMRSSYkimouIVqUkNW1iyJZN0mR/zvrNwtbUGjw48JiZb773vvfN7jhM08T/DNfwplgsekjwBuEWY+wMzVMEWrKPNH+j+QmhmEqlDJvjsB0QeZrWz0Kh0GwkEoHf74fP5wM/lyQJ3W4XtVoNrVarRLGb6XS6bhF5AkehUFirVqu8nDlqaJpmVioVM5/Pr9g8wbZCm5lwOPzPnqPRKKjItSN3QEFLsdlswuv1wuPxwO12W7F+vw9RFFGv15FIJKzckQIulwt7e3uQZdna67qOTqcDRVGsMx77q4Ddk9PptBzwZA7q2xJZrWYw0PaRmXwBwzj4CL/vwHbAkzmJgydy8JiiqxgPJpF5eR0aUxwjW7AJD98swGQaVKZDpf3JwBSSkQvoyvtY/XE/+HT57tjrRbF3RMCurjMVV2duwzAZDGaATrEjbePs+CX01AHe19al2QdC4JAAB6/OIZNlTq62v5JlipEbzdDQUbo4d2oOPa0vvN0qtQ8EuHX+qehPRKPRIAEZuqEjfHyCyIYltivVEBiL4MP2Bja+l1qqjvlhBwvlcvl5Mpn0x2IxDHQFK+VlugPVchMPTuNifB7vqiWsbRbbso7LO0vmJ8fwa8zlcpMkdI+QFgThBH8LvB3u7LF4xzw/MedY33y1qzDzCpG/HHpMf45sNnuMyKcJjC718yNpUTSY0zdgRvznkrll5/0CZpfQA8IRXj8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK5SURBVDjLjZBbSNNxHMVXDz3UQ0892AVSs4Q0shQRA5uzCFGL5Rxqc1u5mZpNnWNN533eaDr976blZeFllc7mMLMl6IOGqdOpS4vAPaRbb6FiQjpPm5QahvmFw5cfP87nezgkAKS9JI4+zp5Wey3Ot57AnMZ9rYnn0RAV6HHoz/+eZl74SYq12d2x0OaGnapL9azeF6CBeYxY6PSHrZeDH8OVsOmCsaA9BYva8/u+AKroo5V2cy8Wh1RYMz/D8nsV5id60F/sZ90XgBoew51pydxYmuyAY7YTKxY97AMEihKu6v4J4JK92Ep26CLBIEPFoqwl033HCGHqT7uOj69dhbAbcjFY+wAXOOd7AgQ+R/4CMIPPUJTsMEd1PBk71SjjQV4nQYUiF/lSAbo+tqCkvwi+eec0F/lnD28BZPRLg0+Sb6Gz4B5m2sRo5dNAMCioTQpDk1kM9bgQVaYMlJsy0f6pAen6NAQlB6i2AAq6Z/uXfu2uwrTZZMjGH6HCJEDxaDpyRlMg+pACtoqFOVXU/wurKI6GYkKEfMN9pKvjwK26ibjSUFAl12B7GrENOHi5RqQQpe0qzIeWBW5dDArb2ei2KGG2GSF7lwK6zBcMoffrTfOB4OeJVL5peeAbUPpSh9xGLQSEBvUjqxAo5hFfcn29a7oaXTMEXCPt40DWl4TAVLdVknt4LY3G614xzDogmQE4I0DCABDTDdC1ADEEROT4ocdSj51jmFK6ACBNSfzXxzrk4L+yg9kLMPUbiNdugKZxIFINRModuPLwNB4b76LMyNo0l71lbSew1oTYOkoyEJs3DK4RYL9xJtADDANwx5WifA6xvCjclnqj0pi4edm1XW8nQEr63JwU1FNEzQ6ktej900dBzptyahpk8SRCsk3wvPHCKs9KLEgQehuchiVX7N+73NXfL+Zkqi9OGtlWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLpZPJS5RxGMc/77wzlTM6pthuGhMSaVhBQaAdzOzQoShoAYug/oEgizoUHcJbENEhCDoFXYLo0q5tOpm26CXRcslRMffRGd93fmuHCKKNwA88PPA9PJfn83WstcyHAPNk3geCAPbc6VrgKuACWG1Aa6xUWKW+byG/j5TYjFRGiJORR/dvOeZs3UHgplO1M0JOFCIRCIdBSszoV6aGhgloTdAYdEaQ8uZgcorFz5vSVojaIHDGKVkXQUgYGoLSUkinoacHWlrwZmdxlWKRtehMhtFkkkhFBf7m8siSl/FrQeCE7eq8wfjYVqewGLKzoagIkkno68P1PFxrcYFp3ydcXc2Cz73kt7WPWCFPuRdfNX+1Dx/csdPJcjyvxHEcyM0FKaG1FeF5hByHiwcmadyYorJjIQVt7b1GyD15nR8aAgCBy1emrJSH9UDivo7Hob8fQiHIyiIoJSGl8K2isGA957fGSWR7h/I6P7QDOD+LlDlyNGqlvO2uWbP79MY41giEVgitWZlfQnlhJa39jXQMthhfidyXdZMp51cTvb37olbIO2dqx2tqyo6hrUEbjcEykhwkL7KU171PeTfwwvhK5Ad/FSPr3t2ZVFXNcV+JhLaGLxOfkEahjERqyUxmlk2rt5OSc4E3fU0TfzQx+9mTQV/5KK1YFi1iebSYFbkxQm4WS3JW8T7RTHNP09icYIvztzLtvx4zvhAII/CVYG1BmbMttou3A3Eauh+PCEX1cL396PxvGzdcCqS3FO0IP+9uGBKG6uF62/XbF/5F7IKT1sYNe0bHRutt34/8G0frVWL/2YcDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJYSURBVDjLlZNdSFNhGMcH3nrl3ZAgyr4YoiPTNXJ30UVBUOTGXGVin6OLLrqQ6KIwJrm2KBUjE5xRaEnNpuZxpLCLpG7KHbfpprPmPt3a99r3v/cchxi5Wi/8eDnvOf/f85z3nJcDgLMd/pnGsnX9EdpHCQ2e94fLij3HKXaDhHvC9D2Evt6Fe7zh6n8JSLjCSwkjuXQY6eACXGOHAmtvDlaULPBOCXURSzfy2SjyaTdCRjUcr/m9JQlIuNYzKcghl0LK2430+gCR+PFtuCa7+qK69p8CEqZj9mGSD8A0JGLJxmmEzRqsDPEMfxV4JgTSwNwNIJ9CzHYOCxoRS2xRhnwmAOf0FVj790q3FZBwuUtX7//pm0Mu7UJs6SwWBhtZImYxstGPiDlmsfikas3Su6v8D4HrXf1IaF5JKvmQdHUTgQzL2mMFQRPiVhlyyRW4Z2+DVu1Q/CYg4Sqnti6Tz0SRiRiQsMlYQcLehvXPYkRMZ6CbbMLNvmZcUp3E+Q4RpO081abA+bbuU9j8jGycG0lnFxJWKRE0b77C6Ngp3Hl1ATq6B19cFNTT1yBWV6NBzlUy4eOemVbyzWPkpxlHfEnCErWQymYJqS5B6/2j0BofQmt6BGYo9Reh1l+GQM5NcRyjfEfc8YEV5DNBwo8NssENyNqJW3xM0P3YOsbme5gOwPk+UqNZfVkN+3MelgcPwDawD0tP92CxbzdMj3fCqKyE6HoluqhWKKgWNqyYamE7EMq52aKHaSukUsdp5X48oNrYyszMXLN7UIqgIOkkRJi2C3Mns/4Lp3nrFHdnUnEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB4SURBVCjPzZChCoAwFEX3GSbBLzMaDOblBduqrAlDYcKCqNFiF39Gp8iDq91plhPvgQOXgX3D/iRM50gDWdKkSNJDmNJxHmbb6kN10gjjTdhA7z2kE6E3cc9rDYsC3GWRR9BbhQYVSuRIFo+gICHAkSFB7H765BsXhQcRTCg+5ikAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJJSURBVDjLpVM9ixNRFD1vvhLzxUiMCitiCjFWwrJuYaGQICgIgl2wSCWSIr9AFAsbQcVfYGEj9kICizGFgoUIIUENBDFrkLiDukw22fke7501MetHtY+58x6Pd+455973RBiG2MuQsMehzBa9Xu+57/tFCnieB9d15+E4zjxs2+a5WalUSowTbIHA5zRNa+VyuejQn2PRpqqqaLVaGAwGpVqt1owUEOMtXdcxGo0Qi8XmoEUgr4fDITKZDPL5PJPeoO2m6HQ6EXs2m4VpmrvkshUGCiEgy3LEnk6nkUwm0Wg00O/3Swqzs3T2yofi8XgUD+pbSJOYqeNhf0rDl41tCMlHKjFGEG7hh1mAZw7vKsw0mUxgGEZUIGYMggDb0wyKqydweTmFZ6+HuHn15K66PG4ZeBGcX5EoQZE3OBF3oN1uo9vtYmq7+D72osNrb77OgRZtmTZgbDpkLYDCrOyVgxNwsGdJIt9UQ9cPcL+6TKqoqJRApn+CSs84c+LsJJgBWXqhUIjmdz0JFqm48/QTKBc8ShRQhLO20pdQfyngDnCCWes4vPc2bN+DLKkMgcCOspCVhAEp5gvmQbEsq1Gv1y8s3LJoHrtnoQoF1UtpeIGzc+uZmHzHFQ33nqzjmzmBUi6XL/7rjl+5/TKkzoP6gUdvr+NA4iipkGBMP+Pa6Ye0ilOhnd9v4a9Hosg4dhg4lBqjdGoVurYUidi0lnAw6SGh0RmyJP73nFeqa6+OH9l3Ro/pJDlDNlwIKq4Iqdhiig/rH7FhuvgJMpVtkQoe5WAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLnVNLa1phED1X1CS+Aokv0Ks0D2jQnbRJi6UJLdidBLsvXfQ3ZFnaXXfd5Re4KiG4DNKNaI1YUVDoUryVxIiPGOP71ZmvGBKkm14Y7nyXOWfOnG+uNJvNcP+pVquySqUKTafTwHg89lFgNBplut3uWavVOvH7/b/v10v3Ca6urp5JknSk0WiC9AYRgQkGgwFub2+hKErk5ubmy+HhYXKOUc2Ty8tLmboeLS8vB5eWlsDEmUxGxHA4xMrKClwuV/D6+vro+PhYXiAgmSG1Wi06M4BJ/P4XeLm/D6PRiF6vB1IGh8MRrFQqoTlOPU/6/X7AYDDwW3T7VaziPPlDKNnd3YPbvsr+wGq1otlsBgjy9YECmtPHxTyvlrqfJxMwuZ7A9OgAP4tjmEwmVgm9Xo9Op+NbUEAuC8NYPrXFdAoMocNkosVQWhU1k8kEZCITYMEDIsi0221RRNeF53tP0Wm30Or28erxDPV6XdSVSiX2I7NAQO6ekTkiTyQS0KCHd68d+HBgwKhTQSwWEwqz2SyPebYwQqPROCmXy288Hk+AbgO5XA7pdJpGmYp9YGP5TATf6dvJggIq2CWDbPF4PMLnnZ0dbG5uYmtrC16vF0SO09PTyPr6uo125f2DTQyHw28pD5PL2nw+76KlUrgrz82eaLVa1Go1kDKX2WxWiASpVOpjoVD4LEYgSd+2t7fBHsiyrNjtduh0OlxcXIjb4QUqFotsnrK2toaNjQ1Eo9FPBP1LwMvDAKfTCYvFIs4cNpvtLne73eKKeRfYFzb0zkRmJ0axRBxzEMf8G4MZxOB//o3/8/wBTrxxLgOn/DMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADqSURBVDjLY/j//z8DJZiBKgbkzH9cMHXX6wcgmiwDQJq3nv/4H0SD+OXl5dlA/L+kpOR/QUHB/+zs7P+pqan/ExIS/kdGRv4PDg7+T10XDHwgpsx8VNC56eWDkJ675Hmhbf3zB0uPvP1fuvQpOBDj4uKyIyIi/gcGBv738vL67+zs/N/Gxua/iYnJf11d3f9qamqogRjQcaugZPHjB66V14ZqINrmXyqIn3bvgXXeJfK8ANLcv+3lfxAN4hsZGWVra2v/V1FR+S8nJ/dfXFz8v5CQ0H8eHp7/7Ozs/5mZmVEDEWQzRS6gBAMAYBDQP57x26IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHkSURBVDjL3ZNvT1JhGMafb3G+TQqKECNFRIEDcvgXmB5IPNJmTdbC1SQ0S1xzZKXyT41TdpCOMyYtiXS9aW2uD8EbPsHV87RRmyLrdc92vbt/1/U8930/ZLYxASbpSwgz9SCin2+CHtJJwYoLgbITvvcOeN7a4S6NgTB45+cmCucvu8JMFOZCZQHpr0tYO12Ga9cKwpJz5xvIfH+GR2dxRGp+uSOs8Jxv39GKV+/gYS2OlXoSfNECMnMSRKw+hdS3BLI/Mlho3MPUR88lE+++ozlfjWG1kYJUCcNRsMCWM4NM02vf/hTgwsf+1uLpfTw4mcOtQ0G9aCDINiWmRiAdiAz+HTC6Nfi3QKx6uckjT3Pi0K1c1QPnzojahtsi3Zr2L/rfDGin5fE3o+pVxeYXRmVw3dA0Pddzfwz8Co82LFVERMuTbEyXJjGUMaqBgoBQ0Qfjmq5lWO3n9E/76IK8s4PCYHCytoDZgwhsWXPzosGNdYPszY1jTonBnxVgSuuhe6KhyfRDJGsJ3P0gQSqLDG7RBeE6PeF6Wie7X/MI5N2YLonoX+oFce1ZsXicQOJoHs68FdbNznBbAytaREthSHIE2lQPCF8cgT0/jLHtIQbD8sqEbrBuWYM+mqx93ANN8hp+AQOPtI0tirA3AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpZPtT5JhFMafrW997I9rscA+FFu2QRurtlw5cQ4InLpwBogIPNFSiNJ4C+JVkj0QTBHQKFPQlJfwlanY1tXz3ARkn2jd27Wz++yc33XOvd0UAOp/RNGR/X5zeH9rOlTDVKAK3fsqJrxlqN27GHPuYHh+G4rXRQzZNjEws47Hli/oo/PxNsAU3qvWT3/gX3TPuHrWBhiC30nSktXDtKLB1NI4NKkxqBMqjDByPFkcxNBCPwbCfXgUeEBq705m0AZM+qsk2e3hau88W+4ANOy+XPLFQrkrcbW31KkOYJx9rBaAOzPR0gVHW6x593q9cDgcqB6e4sZoogMYdXzD0ck5ZhfLsHGKVfAqVoadKcMdzcLr82PuwwZCoRACgQCWVzdhoK2gaVpDAMNzWzhkAXamQpze/I4t13w+j2AwiFwuh7W1NXg8HmQyGSgUCshkssuU3F7AQf0c84kK3n68KFc4hXQ6DavVCqlUCqVSSdaIx+NQq9UGMsHg7Ab2jxtwp5rOvqUqia3CUqnEObWn0mp1KBaLcLlckMvloPpfrhOAl230/SGLxQK3241CoQC9Xg9nskKk1emQzWZZkBZCoRBU3/NP2GMBgXTTObjSjI1GA8lkEgzDwO/3E4iObXY6nYhEIhCJRHoWcIW6b1pF7egMlYNT7NROUKzU8XX3GJ+3D2E0GgmAm4Zbh2s0mUyIRqMcAGKx+BIlMeSiYu1K/fbEMm4+TaFnJIHrSgZX5TFIZNPo7e1Fj9QOs9kMlUqFaw9pCASCnzwe7x15xG6/rUQiAZ/Px9/5XyhZOMVGKlOdAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALqSURBVBgZpcFLaFxlGIDh9z/nTDJJJsmkM5OkOMlkSklT6w3FSxW0XooibioUKuK6qKBYXbgsqMULdFnRrWBd6KLSIBYjtcZaDW1C0zSxbdoG2lyaS0OSzplzzv9/nxNQEd0IPo9RVf6P4Pn3+rPFfOaHlsa6ImpABaeKSxKiKCFJEuJqRBRF2DDCVUPisMry/M3pqfHLTwWl9ubR7du6iuWODawTVdY5UUQUp4pzghPFOYcTJXGOMyPnNxyPVsaD23JNxUKjz4WpWaxznB69ykP39TE0fIF77ujGJsLwuats3drD4OAoXT3tOCf0FlspdG5sC4wBUSXlG5bWhIo1VFyKpUrC96cu4pwg6hHTQGTqWFxYoVRsw4pgjMHs/+ykejbEE8V4Ptvv3cLNuA4nghNFBKwTrAgtQYWBgSGitUVsnDB/fYXgl7Gpl/oK+n6utckvFIodfl2Dmb44zvTsIrF1WOtwTkgc7Hz8ATbfvkkmx1ZHZ1ZX5NL4rweNqrLu1YNHP3/wrvILfZtKtGYa2dLu8XefHD1LurGB+YU5Tg+N9h/+6OXnqPGo2f3Oke5cNrOro5AjdpCp51/y2WYmphZpy+ZIZfIP8wdvx5tfmHBp+cu+ckcaE4DxaEkb/qlj/Cse/eZFej64m93Dr7V9+MSd31JjVJW3Pj3hnry/15tbVcqdzTyyOUPg8ZdrRw6xdPIwvY/tor68jfDsMcZ+/E6XJ86/HlBTjcWbWVhmcuYW1SjPwKkxwmqMdUKUOHYOHOCZvftITx6HE+/S2JqlXCqZM7/pGwE1NklInBBby8TlazhRrBXEKdYKLWs3SHeW4dl9/CnYvxFfTE9ATTWOCcOYrnw9zgaIKuIEay2qKcLmHJWRfpq+foUonKUCrK74OJ/pgJorI+cmKjfm+1LpJsRZRARJHGpjxCqp7A7yPw9SyjUQ+ClW5y1X5jxV5JBRVf6Ln/Z0v31raXqv70zJ+Xpd4eOnj9kDvwPD/42l5s+BKQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLpVNLaxNRFP6STmaKdFqrgYKWlGLSgoiKCwsKVnFRtBsVUSTNyj/gxv4Bl678AyKCoCulgmtd+W7romgzKT4QMW1G+5hMpnPnnuuZm6ZNawoVBw7n3pn5vvP4zkkopfA/j9F8cafO3FekCjGpIgKIvayftTXOkr71jkz2/UXA4HxXfz72gIx/lBsWSfiVtwiWHK8B3kRQeX/6lmnnkuDAwn0MJSKQEFChQCp9CcHixxgsGWw3B01uRKfx9t1HIP1POpoSdUulLyD0vqO26IAkDW7tgSZYeHPqcmpXxkTChKzOaAKSEdo6jnEWVY5ehFxdHs2cn55rScDR73H6DKyyRWs1R0haGdR+z8YZ3MyMTj9rpUKi/PLkUJuZfmX3nkNYmQBxzYprpyCA2XMRrvNAcdfDhgKkm6ttKTdW6jH4w4RpD/ALAaNzhH2kSwALoSJCd9+VhIqEVVeD4C1MclaOT0Ke0Cowq+X9eLHapLH23f1XreDzI27LfqT2HIfvzsRAyLB2N1coXV8vodUkfn16+HnnvrPDhrmXsxBY+fmOwcVlJh/IFebK207iuqSShg0rjer8B9TcWY7q38nmnRstm7g1gy9PDk2129mjinjy3OIvJjvI4PJ2u7CJgMEdUMmVuA9ShLez14rj/7RMDHzNAzTP/gCDvR2to968NSs9HBxqvu/E/gBCSoxk53STJQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKKSURBVDjLjZPdS1NxHId31R9QF0lXmW0GRRC9eVNiL6ZIRoVCSFNzL+BNiIe1ZCzLKKRAyLIc+Y6hFcpMmUo4NXXszbUIy9p0Dp1ORGRnO2dzG5/O7wyPDQs88Fwdvs95vj9+RwRA5HA4csafyTCizsVw6RGIRKIzu+QgGT5us9mCFtME7KYxDBanIxaL7Qpeolar9+j1+pKhp0pM6pQYlKaDZdkkQqEQgsGgQCAQQDQaTQiSC0ZhKJLsEGxJtqBpGpubm8kFhholJhoVMNySIBwO81R1LkDdsYB7HKp2D1StHlAcpEIQCAVTiYKBQgkikQgPGe4YXUU7R5txFa0jq6honucFpCqpYOCRAl8a5OgvEPN2wt9fpZrn8F5XDUuXHP7pTjAME/9nQd8NMX9ARLC1CsFvacKa+S6itBkrI3ew+LWf5QQntwseyDH+Uoa+64eF4coWDyqa3Gh80wD/mBTRjQ5sfK/GmkmLuXeFqLmWokkumBqFPj+NF5AzIBKy69JnFSLr3Qj7tAiv6LDh1ILxVmOm4TwtFHzSyDD2ogy9eWnCIRK4XeGbqEPQXQvGUw7WWwlmvhjMrwJYtWeZpAIbV9CTe0g4xMCiA0tD5Vg2yhGYlYL5nQ/WXYTQzwJMPz4FKnO/ZrvgfhmMdaXoyU4I1n/o4e3lhryNCLlugpnNhq3+HJzPL2OmLgcec//Oe0AKPl5MRTweh2+4nNu5DYFvGWBmrsD+OguWviZEGRoxlgZ5hHtAUVRqZ94x9N4+jQ8XUuFyubBgUCDif4LQ7FXYXmXB2F0Pp9MJq9UKu90Ok8mUEBARoUS8N1N7IuVhmWSfjLzoUh1tcb69tD5Zm7FM5R6o+t/v/AcPwsfW2HYHkwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALKSURBVDjLldNbaJt1HMbx73tok7Q5tukhmzXNShuHXgwvlIEIgpp5pgqiIN5PUPBw4RClKjjwxhvZcDeCeKEgu1mKMUWYVFQUPFRZOrtmW0zWxKZdm3fNm/f0/3nVguIm/u6fz83veTQR4f/cSjFf9FwpWM2geOdzq7PmfwbO5EcUjOgaV5TIy2E99lAqPERtc/VhgBsC1VL+AzQeEJ+EpyQaiyT1+vm2oFyt60jpukC1lJ9WwlI8Uwgn9j+GJgH2HyXctZ+JRzyturY19/jbF9/8V6Bayj9hhIc/i4/Nkkjfhl0/RbDTxmu3EC1KenKY2p9bTwN/B6qlfAb4KJK+/d7YyCx9hoN9+X2UY6NcBz0SRnwbzCFGo+bUbs68MJ+f1g2+CnzGU5NPacmJR3A3vsC6soiybfyeg73dJdQv9JuCBIJlK7UH+I6cTE8fysRHjxA4K3jNE+jeNuK5dDYsvB0Xr+dhJjUwTFSg2N5RrT3As+RgaDCNs9Ng+dsi/f2KPokSAuKJPmprFoYIhmjogzfT63RxXPl+F9Dta2q+WfkV33cZGJiiXonTbA1wqbZO91qPqVuimLpis+Lx+4c/sXLiOxJLjbvL95uvAmgiwuJ7B76JZVKHp+44wpenihSOPou91eaHcpGU0WHIN+mujzBzz5OEcrdiL5U5t7gQXF2uvKjtVnnh+IHz8X3JGdQMo9mbGM8lqJ+r8PmnRQ5edbjr6HEiq2eh8TUkkrTNLD+WFy/uvfG+Y9X8mbnc6cHE8uyFzcv8smAxlh3DVILeVYTHc/DgS3t9MecyGEqb1P45ptOv5QqIlDLZFBOH9mMGPr+9e5bDjz7DYG0ex27SBayOwfIqDe16a/zklcm3UPL66L4YqY6P11RMDPmYeh1r3edSywi8nryh3WjOH7+QNVxHjnkezw87Eh3YaGkhT8KBIQ2Bk4Wy/85fhGJYxwKt7REAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLlZLNi1JhFMaHiP6AvN0Ls4vob2jauYiIFoGBtnFlG1fSws1gDBdXLhIhdaEuvILfjtfK0cyvRflBeHWUEBW1nHGKpmkcpWw+ani6r9DCutn0wuGFl/P8znPOeZcALP0ekUhE7vf7HR6PZ+ByuQZ2u91hsVjkUrl/PITDYbnP5xMajQb6/T46nQ5KpRJMJpNgNBrlkoB4PL7M8zwbCoWaXq93RMStVguVSgXlchmCICCXy8FgMDgkAdFolK1Wq+j1emi326jX6ygUCsjn80ilUkgkEigWi9Dr9ac6nY7TarUrc4BAINDsdruo1WpzQtEZRDiCwSDE1pDJZBCLxaDRaLg5gDispnhmvRKrJJFU/SUWBwqO4+B2u5HNZqFWq8dzAKfTyRIh6ZVAksnkrDpxkk6nIW4F4nxmrghMpVLNO7Barctms5m12Wx46bw23XRf/TF5JsP4qQwHT2QYRWXYW7+Ix6vXT5VKJadQKFYk1/g1x5z/kmUU0+otnHy04Hi4hu8HHD4n6elegr7/z38wyTA3xy+Y7mHvAb69UWDauI0PiSuQEkoCRil663CwhuMddlad3EfbD/F+4zIWAvaf0+dEm48+bdDYjdMYC3dn4snmvYViya9MYoe/NNx/fQdb69R4EKGYMwOGPHVhO0qt7r66gXdhKrJIKAkQq6nehqijflCmOov4ry38T/wEpFjkJMz8PioAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPLaxNRFIfHLrpx10WbghXxH7DQx6p14cadiCs31Y2LLizYhdBFWyhYaFUaUxLUQFCxL61E+0gofWGLRUqGqoWp2JpGG8g4ybTJJJm86897Ls4QJIm98DED9/6+mXNmjiAIwhlGE6P1P5xjVAEQiqHVlMlkYvl8/rhQKKAUbB92u91WSkKrlcLJZBK6rptomoZoNApFUbhElmU4HA4u8YzU1PsmWryroxYrF9CBdDqNbDbLr0QikUAsFkM4HOaCVCoFesjzpwMuaeXuthYcw4rtvG4KKGxAAgrE43FEIhGzlJQWxE/RirQ6i8/T7XjXV2szBawM8yDdU91GKaqqInQgwf9xCNmoB7LYgZn+Oud0T121KfiXYokqf8X+5jAyR3NQvtzEq96z4os7lhqzieW6TxJN3UVg8yEPqzu38P7xRVy+cPoay52qKDhUf0HaWsC3xRvstd3Qvt9mTWtEOPAJf/+L8oKAfwfLnil43z7Bkusqdr2X4Btvg1+c5fsVBZJ/H9aXbix/2EAouAVx4zVmHl2BtOrkPako2DsIwulexKhnG/cmfbg+uIbukXkooR/I5XKcioLu+8/QNTyGzqE36OidQNeDJayLe7yZBuUEv8t9iRIcU6Z4FprZ36fTxknC7GyCBrBY0ECSE4yzAY1+gyH4Ay9cw2Ifwv9mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKLSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZn4mZ7P82dEv4trc//f2SLw6cp/mrX4Abo5+3+/5OBJeQ3A4s4TLPXTEsvj5mWLzxmmT+ImuJ+rXF14v8tV6b+v/Bs1//+3Vn/w/t1/5tnS/aAFevl7vw/R1TDAabZscNommOn0UeHLsNFDj2GPLHtLt83Xp7wf+O1SaCw+t+zJ/V//550kAHfwRp0s7f/tyzRkbQo1Z5pXqr7CEi/tSjTyYAZ6FNt+H/blTn/kcGmS1NBBkAU6GZt+2+UoelvmKHuph5g6QqkwalRWMNDFkRb5kh/796V9L99VwJYc/vOBFQXaGdu+a+dsfm/VsYmIN74XyttAxCv/68Jwqnr/htkJP4P7tH437srBWwziAbx4WFADAYq7gDiTyBnQ+kOkDgAwll4PHHRgLAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJTSURBVDjLpVPPbxJBFP5md4Gl/HAJULHogRqUJiVpw8GYmFjhoDcPHIzRBO+Gk8c2HvwTjCfryaQcjDZR08hFwsWD1DZGQhSLaUk4UDkYUQSWZdd504Ct4dZJvrzZzXzv+957M8yyLBxnSTjmUkabarX6djgcJjlgGAYGg8EYuq6P0e/3KRYymUyKeIxK4OTLdru9GAwGxaH/1+EybTYbisUi6vV6KpvNFoQDrnhf0zQ0m004HI4x6TCR9o1GA16vF5FIhESX+e8CK5fLQt3v96Pdbh+xS6UQkTEGWZaFusfjgcvlQj6fR61WSymkTtapVjqkqqrASF3ETgX4+Q6m9yZM00Sv10M8HkelUllWSKnT6aDVaokGEYEOUTMpMkvHGbaB6dkUdqrraBqLUBQFbrdbuKQESVKiDyLxkoRlSTqY8FmtjkDiErynFjH16RnsmEF3GEA4HCZOUiJVqpVACUagb5W1EXbuwRPQMGy/wumFO/DpWxga+njEIsGIRJZjsRii0ShmZyOYD7UwM38D6G2j9HQNbq0LtfsNU/quOEsJFEpAE6AEo9EJ/PoCTZ+Cx/eHq+/ybvK+/N5EZOkeBoVVnJxOC5csl8u94bVcO3TLMNC7uODbxELqNlTbe5h64+AyMBtkVwL7OxLWX25gs+nPs0mPafvx0t3A3PVHoXNOrlrijnRsvfiMRHoOTD4BOK/iw5OV75ZpXpmYoPTwYiN+ay0sS3uwjB90G468P9l5HvuVj/j6+sFzZdILM/q6ur2a7lom7wVv1j9Y4wiKlhX6C0eqiNj1HMM7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPNS5RRFMZ/7zgzWmqTFpObMiuyKDOFCoJaCUKKUFAUBRKtWrSpoP8gwk1BixbpppURtIigqAjKkgSp0KJP86NGbaYZpxmd9773ve89LTTKj1bdxblw4Pmd53Kf44gI/3PCADJyT0z+ByIaMT4S+IjRiPGQwANfERiFGBd8RezQDWc+IDBEth9dRBcBB+YKIDB169hiB142wTIRxLqzXQdELOAg/CE4oWLEd5d4gjFYPYnJ94H1ENGzt9VgFWIVYl2iqw9i/cISgMADDGIViD8n+lusEFvATfaTLq4ie+eizPx4gqMS7WEAM52etTxvsou1ag7ionPDeD+XU1V3glhNA9nhWt4/6OwIA9hAoT71YLzPEGgQQ6BylFTHEVtA58agpIHK+C4yQ++IOpryFVWUrVoXCwMEbhqTS1C28zhgsXqU/KubSFDAn/kGxTuI1TTjTXQTXe4w+vo9vtJp5U7vDQE4IvjJAaYenScofILAx4qPl/+KhLcS29iCGr+OE5kiUlZOSWHou5+baNp15vbH0O//Lt/djp9NkX16GSs+mfQ42m4htqkNlbhGKOKjc+tJPn6OzhdaG88+fA0QAsAonKIQpY2nELOSsftd2JV7iG9rQU92UhQVvFw1qWf9RFJ9bD7X178gB4qp+1cQoxhLZihrbMNInInBq1TEo6jMWjJPewinX2K1mpcDZ+Ey3epoksOnu/jQfZ7xkV6K19VjkqnximhRc92FF28Wxj20sPHh86TRb+9SU7+P0tJaEv2D08rVB5YSL+ngyP5Kt3HDmvDurTVIxOt1k6mTrZcGvvxrnX8BwNty8Brb9FgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKvSURBVDjLpZJdSFNhGMcnIX4GhglGKHlRemHhYBoSiEkgZhgaIjqwNaqBGuxiF5FFhDOHzRmZlGBdhI5SopQInZOJtXkTKGYyN+fm5s7mOW7HtjHHhv17zynLqDDowMN7znOe/+/5egUABP9jewY4VlePOp3OG3a7/YnVaq32er37/hlgXlq65fF6wbIsb263G2azmZqdnU3fE/Bhbq7d7fEgGo0iEokgGAwiHA7D7/eDAFjjzEziXwEGo/Gu3eXixaFQiM/OMAzW19d5kNVmw3uTSfFHgMFgUFpIACfmgrmMnJj0zrfAGbOxAcP0tO83gHVgoI3S6xElgkAgAJ/Px4s9pJW1tTU4HA7YCJzzj01O4heAp7W1LTg0hNjUFLY6O7FpMICmaVAUBRdph2wBy8vLPJBsBi9HR5d+AKz19TK2vx8xQt1SqRBsacFnqRT04CDICrGysgKyQqwSITeHsfFxPNNqs3iAMTs7wdbUhBhxhpVKBMj7pkQCf10dmKoquNRqWCwWvJh4CsXji7iqOY8G5elwxfUTN3nAWE7OMbtcjujwMAIyGTYbG+GrrQVTWQlvWRmo4mJou67hzvAlvFnoxRylQ/dEE+q6j+Nk8yG14Hlm5pFFki3S1wdWLIavpgZ0RQW8paWgiopAE4C0/QxGPt7HyOIDbnBQ66+gWy/jAFuCntTUuNd5efOMXP4lpFCALi+Hp6QEbpEINAGwhYU41yrE24V+7H5G53s5wLcN9KSlHTSJRE5GLI6GGhpAE0CAVOAXCvEpPx+nmg9H7+mk6NBJeHHHuORnBTtr1KSkHBjIyHi1WFDAuoXCbVtu7va7rKyYNj39LAlUXlDnoUt3mc/Mndw3P4PdF+l2fHycJjFR9Cg5WfEwKalak5Cwf+cfCVYRC3Blfz9VnP8rovbZoQ8oWiIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLpZPPS1RRHMU/982bGUcZLemHkAougmhhIhgqtUqKgggXtWnt0mUg4V9gKNGmwKJFbYMwoxDaRAsXLrQyUlMricSycmbee/e9++79tvBHZNGmLxwOnMXhcDhfJSL8z/m7hcHBwSHgyraxiOzAGMPw8LDq7+8XrTWjo6NK7U4wMDAgvb29LCwsUKlUGBsb4+HNyyRLd7h0rYrm5mbq6+uJoojl5eV3fySoqalhZmaGtrY2amtr6e7u5tmbT0xOnqSvr40gCFhZWSGfzxMEQbM//7hjuqr26FGlPACKxWO0trby6EM9T997QI6TDY20Hz7MxMQEXV1dzM3N0djYiDEm5yvxjjSduJtVSoFA/tUtCoUCTxY9SioPHjz/Ch0NGUqlElproigijmPSNMUnFY1L8vHqTWySIQwN5XIZkRrEA5VRiKdYW1sjDMO/GBjliUuwSQ5xwvr6OqsLk1yrm6ZJ5n/r51wPwH3OnoGR14cQEXyUVLk0Ivi8RrA0xam6iJZMNbnz1/EzWUwSo7UmSRKy2Sz56j0k4xcJwxBjDD7Gwy8cYH/nVfZ3Og5GEVU5w/iDEcTGAGgdYFONtZrs3gu0A1NTUwDjPkZErMaFLxG7gRe+JRHD6RP7EKdRSnDGIdYi1lBo6WHx9g1mZ2fV5hJjRFyKM1+QdAOUj9gKSAoSI+IhNsClZcSWQaldU05EFBZJvyHpj03YDSTd2OIyYkuIDRCncfFHAL1jIIn7nobr1aaSK+KKnkgWXBFk31YHCeJtsvIsVmuRxMW/DHQ8tHSr9zhCD4riP19PAPUiwcm9bUn97zv/BLX9cx0txHrHAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLhZP9S1NRHIf3D+gfURRhL2gFFQYFiSkEIkZFI8kfyjIUNNFCrOnMFxKJMTfCKNEl5AxUVCx1bm6NdMMkx97ci5vTjTn3otvdy9326dxbiinRhQ/n3MN9nnO+557DAcDZH7VanSuXy4VTU1OL4+Pjm8PDw4HBwUGTRCIRf+wXXz34/V5Ho9FkEFhE4ITT6YTf78f29jYikQhCoRAMBj3E3a/otyJ+v1DQnvmX4A88abVakU6nEY1GwUgcDgd8Ph+SySTSSQo0ZYJ8egCvO+qV7W2NmXsCZmYGTiQSYB6apsG8WywWBINBVhqnNhAL65GKreDrRC+aX1b2swICXyTLToXDYRbY2dlhJevr6zAajWDGk0kakZAR8bCBXUWCpKb6Uar26ZNcDoFFa2trYGIymViIqZkRud1uth+PhYhAR0An6W+RFcahVCpRXl4u4mRnZ+N/qbh/BZMfShDZ9rLiQCAAm82GsrKyJVag0+lgNpuhUqnQ19fHQkzrcrlgNi5DN/EAWytS2Ba6Ybfbsbq6Co/HAy6X62MFDLwLMRImzBiTlppr2DRIQIct0I/chVY7i3mdBUbHBopLbm0dEjDZhc3LKmgGihDbHENsowt+6zgWx+qh0jvwRWtEQdFN/aESdkU5OUQ8y4fPNITYWjPm2s8hsTWEH+/zMK8exTvpBApuFPX8cxNLiy/APtOAuLcPlKUMc205iDrqEbRNYKH3NvILC1N5+dcvsQdJIBCIFAoFPEHyK9d/Qm/XYklaigDZuOhqLSLmO7+zco+U8gYOhQDC6lzt3kns7OzM4Lc2T38alcDmNUD3TQjHXBfiHjE7e2SFS0o4y7aUrQKUewQK/mmvoulk1t5l4vF4Gc8a6noeVz2k1d15oHxWxP0ziHnJHnil+/IZ9I4Oru8SyBqOSzkHr2dVVeVlRcf5qKI1JyVvyU7Lms6kZbxTKdmLLFrWeCJGIGrm+TFqpv4oNV13RPkLngD4bMIOcuMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJoSURBVDjLhZJZTxNhFIbnRq/9E/4Rf4JRE+PChV4YYjQxLglRQkgDWhGXRo2VNJWu0IWh0hY6iEvpjl1AWuoImqFCO6V0uqRrzOt8H0mxBvQkTyYnOfOcd775mPn5+WMcx12dm5v74Ha7806ns+JwOOIsyyptNttxAMy/YDwejz6ZTKJQKKDZbKLdbkOSJKTTaVgslrX/CmZnZwu1Wg3VarUjID3BbDZD5d7GE+cWRhwZ3J8SoLD+wMDEOu4ZvqFP9zXMuFyuXLlcphszmQwEQUAwGESpVILBYEC13j6Um9pUg5mZmck2Gg3wPI9isYh4PE4hNT4+DlXkIUZDw3jgH4TC24+Bj324u3CbCq6//gJmenqaClZXV6kgEolQSGk0GhxWRND7MgHGbrdTQSKRwM7ODnw+H/x+Px1Sq9UwenMHQgSXVVEwVqtVarVaSKVS9PvD4TBisRgVqFSqzkZrINuVIF+qo+dxBMyEXCSyKIr095EDJUmI6OlzNeyhHFgZIiBPNpiFcymLje0yziqDYIxG41GdTtc7pp/CpMWCMa0eJpMJYyYXKpXKoQn4nyWcHvLvXQatVntEaV0Dv7GJCW4Ztk882MAm3i6JFHdUpAKaQk5gl1kTJJwaWty/UYOT31GsNOkwKS6e79roiYko19qdngh6HgX3Bf3mdSrwyC9yf/EukYfzs9gFEZxX+vcFffo0dmXBwvLe5vcr3QlsAbGrpwlG/hDcepNCodyAKNWxVahBEKvySVfAZ0p0+CAuKH2/OoIbmuTitVcr1SsvErj0LIqLoxGcU4ZwZjiAkwrvgZy4w7G/AXhUV4qmXai6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAM9SURBVDjLdZPrS1NhHMcPREH/QC96nxURWS+iktC8bEt3skHoi95EbYk5KStqdtPGLKcuczSELnYhK0bzhpfK5nSZed1MPZtzzpq3pnN5tOY2p+fbsxMEUj3wgx9fvr8Pz+X7UACof9VwPb1juC6l2l6T/N5WJdr9P99fgqPxyCYyrLLXpczPMg/xrbcQzOukH0P6xJLBl/Gb/wsYaUpdT4Zlw/Vi55RVi5XgNLilCSy6qhGYrIO79Tw+P4/92v/soNz6JGbjGoCjKVXgaDhi/tpxA4Hvn4m0BHAswr4ejBiOImAvRsitx6JNB2fdSVge7e/su7+X5gFk+LGjgeZ8jkr4vQPwjbVgrIsYP6hhe3MOrreZ8Nvvwm/NQ9D5CMsTesx1q8C8kKBHt+dF5LLCXNCNkLcPvgEtvL0qTJnOwlmbhs57MVieswB+BzD7FtwXHcBcBiYrER5VoUu7K0yRy2JXg+PAjyEsT9ZgwXoL/v48UgpM1op5DTONgPsBOJsCfmMcZhoOYoG5i87SnSxlqznMri4RwM8RAmEArxEBRg1/VyZm6sUIj2iA0RKE2kWYa9wHj0kET3Mq2P4SfNLsYCnGIGRXeIAdWCTbne8kkHcIO7VYaEtDyCwCa4zB3EchZoxJmG6Ix3StEN+7C9FRtI2lyPv+BpAjgO1CYOoNmqu10JQUoqKiAkUFl2AlRxltFKJIdZHXim/no+aBAibV1gVq8FV8iAt/Iy/nwrK3BRW66ygrK4PH44HL5UJbWxvuqHOhU8vhGGZ4rb29nfcoTx9YoQYq45pHjZexNGVC67uXuHpFAcvgIArz5aBpMWQyGbRaLXJzc/meFouRf/4ED7l08VyYIsnaQJIlI+FwKi8cw60CFQ8IjldCJEyA0WiExWKB2WyGwWCAICEOLcot7ghAqVQG/kSZJGtTzvHopuwzUi4CuHnjApISEyEQCCCRSPiK9Anxh1bTjh1tjQAyMjLm13yM7WRJUsVjpRp16PWrp6iqqkJ5eTlycnKgUCj4PqLp9XqfRqOZp2navgYQFRW1LjY2Njo5OfmLTHoqkC3PXM2Wn+GuZQhK09PTE7KyshZJBaRS6c+IJ+L9BchY24ysm0a5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpVNLaBNRFD2TjIq/TdGM0OJGXPhBFENq0aUrtQYJCJaC4GdZxI1IF1XBdiEuXSooBNKKisXfTkGtFqsIdmOxdaEUaSIlTtp05v2u902aTgIuKr3wuOfdee/c88685xARVhJu/k25jznOazJtxhhoAyibtcUExTkeGloR181Yf/f2TERgiHpymY2b/qfr1aHJPUsKmC3aPPz9HndW3EVBcpZaxplr9W+XO/ohpV7TQFDzoGvn2WV1nw+YVOnYA3tWG4W3xWURHE+3QDQSqEUCG6cOpXB/ZAYnD3pLtYejM8gdiOe//aBZgWQCNhJukhe/LyKZTODRaBFOAkgsLhr+wOp4zSoX2NG6DkLGBAl7BOuCm3SQ60jB5V13P3fjRCaFLA8bNmfbPRzZ79V+rTLNCojnduPTTyXc/tgFJVSEH09fgBQSD/ISYRAiXBAIqiECxulLgmzNlcxmb2NnejOO3TqMLS0eS5S48bwTSipcPzPAXTWqsoo5OYdK6KMifMbzGMwPwekbnKKLR9swNuXDYUkDL7LcVeFK9hnujJ9r7lytYVsTgYzUoTc/QbOVkF5+KZGNV+Mlau/dR/VgY6kxvv4o0+mb7yyMlNc8YLB76wb8ml3ANm8tCj2vMTntR4btal2NiZ9/mu6CMWQaLhKNXCt82yu0WW//rx2afZHR41H/vEzlSvCkjp2VPue/lFt5YsuGFGsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI6SURBVDjLpZJbaJJxGMaHgdcFXURdBLtZrGitiFh0uhjRVRTVWI1as7mQakhjyyEkRAcaHSCrj0xrWGuuoVsr25qzfeYObh6yJJdzavoZs3Sy8PhJ8vR9EoHkotXFA/+b3+//vC9vEYCi/8mvh8H7nTM8kyF0LpoacCazLxzxbM/bb1S3OUo8GQtz/iggGfi1O0NaAzS8kQwCURqBORrTX9LQf5jHQ3KWlA1RnAUFeneGsATSoKIZOGdTsAWSMPuTsFNJeL7SEOoF4GtrUKuuShUUvJpKUd4wnYMtDDj5KQGTN4FRTyInOvH8MDonL6BKuRcFBey8fqYyC0/4Ehhn4JGZOBp1AtT1VkOkrYfMKIKgsxq7b+zErssV0TyBxjaf9UVomBh4jPnVyMCG6ThbGfKRVtwebsK1wdO4+JIPce8xbBGXI0+gMkWoqZ/137jjIBlY/zEGnqoO+2R7wGvfj/N9x3FAWonNojKUCUtTeQKlMUT02+fgCqVzs7OwzhnLyd4HU2xlCLsOYlPz+sI7uK8Pcu4O+EnNRAhWfwKOzym8Y2LyxCAf9GGHZDvKm9Zha2NptudcRUnBQ7rZ5+G0aVzEpS4nJelwZMXt9myL3Bpskyq9FmUzQuZu2B63QCXcEH50ak3Jb4KF0i+p5D5r3aYeJeoRNCgwfq8BCv7q8F8L2Dw9u5HbcWateuj6IXi0V0HUrsCiBGweNBRzZbxVasXJYkhrll1ZtIDNnaPLl9w6snRlwSX+a34AgPPwSZzC+6wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGvSURBVDjLxZPbSgJRGIV9BB+h+yikuomIJigo6UBnKtJOUFSkSBIhMUZmBywUNDtQG6KMCrITXVnzCANSYUNNOoMzzEjuR/jbXWjQjN0UdLFuNnt9e/9r8RsAwPAbGf4c0BsSi8b2JOS5UN9cpwo7d6Kw82fqW19IRK0rqaIfAb1B0eS7zeC1mwzu9AtU7pwYKfe5iukzBZsXeJMuoCcoGH3EGI5loXPjy5yTeZGnCBhmj2Vc53oxagBdfsG+y2BwRhS20LzD2yK7eq0C5eTsGsD0gczs3GeBfJcuBKid5WjvpQrta0lGA5hAEhO+y0KThy8IqHZw9GJUJY/oALr8KRSOvUN3QIgWApjdr1FPVPkcAWkAjW6eWr7KwExExj9kgB2HEpSNPlK6NTYv8WjpQoGaGW7wu7li7GnQeSRDtf0Z6dbYHUgxxGhqcPNofD+NK6cS+arKR5+M/SEBV9kSqNT6YKp3cdoMnBEZquzPdOV0gupYT7JtvmS+zhYvz5Jw2RJLnCoeiNPWTRE0AMeRBLYDCaZQGiaJxvfS+Usj2yIMEVm3RLAQ84Ae4N+28QM8btMbbDzl6wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpZNNSJRBGMd/s7q50ZoWISZSRAgF5VpELFJ0CK9RneokEl1qO3URpFNCXqIO0aFLEF0iiAj6JBB0WYwOoikRJiXUYqbsumv7zvu+M/N02BV30YPgc5h5GPh/zMz/USLCVirCFqt+tZGfb8UUFxEJEBMiNkRMgBgfsT6EGms0YjwINU0Xn6haAmuIHrm0TkEEFFQWQCD3/PJ6B37+N9tFEOeVDxSIOEAhrDGoSAMSehtcwRhcMI8pfgLnIxKUdxeA04jTiPPYtucCLixtQGB9wCBOg4QVUDVYI64EYpBgAwdmZalsuUbZwzldIfHAeWUR8289gbMaPTOK8b+DDUAMVheI7W8pKzuNWA/E1byBWg3S4oteibZ0EO86DzhcMEdx/BkN+3aBlBie1YzMOZY9j6CU489K/tabOxOD9VVMhAuT5D6m2dl9FaUUTkKQEu+/FZny45w5fYL23R0MT79kbGr0djLV1hyp/u/Gk72E+b/kR+5VwBqxmtdfc3QdSmAjlsTeHqwKSR7tBri+FmWjUXURdhy/gphmiplX1MUSxFr7WCgsEVVxzh2+AcDNs4842NIJEKvKgSb37j5iNBJ6BN4XmM1Q+vyUQiFgOpthIpumv+cxQx/6iNU1AGi1mWlMptoG2w80DXR3nqKj9Rgz8+NkJtP8+rF8V212nJOptiHgGtAIFIGHYw+y/f8B3ntD1Kp2NbQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHFSURBVDjLpZI/aFNRFMa/m/eI0eBUBNuYhgrqICg4l0Jra0AFp2C7BMFBdBKngiCdxM2tHSIUwbUIkRpIh1jUVYoUB8HiUEuLUPL+3L/vnnvdooIpqT3jOYff9/Gdw7z3OEqF/QaL69wLY5Eqg0goPL9dZv/ay/UDCG0xMQJcLYXopuLwDmKpIWUIpQhR9B+Abqqw/EkgSgTiWPYFsKOGmDto2Gq1fLPZPFCh56DT6XjnHIgIWZZBKQUhBKSU4JwjTVNwznu9RqPB/srAGINqtcoGsV2v1/2hM/g4V5m3vHvfclGmwG8DWLzWts/Yw/W7nhyBnINzhKXpVwwA7ryteW01lDa48mUPt5KCOT9Vyx8buwj5uY3N92t4ke0iZ8liunQTM2duICPbU1SZwkRpEuOj47iw8RXnpmr5wrd3YC/ncGLrNc5WhjC5EyO0RCBn4TzBEvUAUmnEJkJqElyODQqnx4Drj34/0MIwTglCaMnizdYKyDmQ+wOgFVY3W9Da4FIxgNhYRbH5AFruQgBI4gD7x4PBQvwwW1rInyw+Lg/ZMMxtI/lp8X0voEz5J4NfYXZ0nu/v3AuIVSjwPzywVG3bp78AeAkDORpY/RgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLfZPLa1RnGIef75zv3OLEDObWqcaYYJUWgqa40MmilioE2kI3XVXRFsmqUAqi/4G7brpxpaLgpUIEcaEW23RbKRYqASfKJOIlMbfJZDyTc/kuXaS1BmNfeBcv/Hjeuzh/494PxoivmpkJU8WbZteGnoTQ49yxLz78HkAaKw59NtTTGYahEMLl/ywxoFXOtV8fHQVWAc3UBEEQigu/1UhYoCEq9HXPEnl1lDUsLkeMP2qjxb6PpJ3jX/ahjRD/QmWmwHFcHAGZM0NfxyyB/5h62kBphQwC+ntKTFY3UPQ7MGZtVRLAAI4jSO0cvldjaaVOqhMypVA2JggC4jSiPXKw2DWD+Q8gBFYZUp2TqJSVPCUzCm0AkWONRjoCa+2bFVi7CgjppBFPY12P1MRkSuO5EXGjQKtfYjC/RH53li1Jvw+DADivAI6g4G7m2Uw3yUKBFruJVrEJtdjOzJMSZa9K+YMapfIRBrvuh/dO7RgGkPZ1gNfFu9EgT/8co1h4jtAaL+nk455eDvRVadt5kPjxTTZs7BVqa3305nf9x161UFkYQRuDNoYd6Rz7enoxQHX6BZG9QXHgW3RznLBjC4l+Sumj3S0qrp2W1loEMLx6WAC4A0s04wXC6b/oKI9QmLpDXpvCcecRToy/cR6SJi+nU1eKde5VR0V0VMT4Hu88vIgXWYyawTFL4LRi84wHVyrJeGV5RIaeqGPytl3de0GIf1CWpHqLZOoXuvYMYbOfEbrBg9spMk3Ic20nqsuHDl+eHJW+FD+NjlX3ZdoOvL7i/eJ64b2hT9xs/jRStjE+ltm7zU8TubWc++QXj57cP7qay9p1/cm14d/TF6dsXPnc/vFjuXHm6+2H19PJt33e88n5O8v1sW3NxXhlYmLuxDdnH15dT/c3MC9g0QGCji8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGGSURBVDjLpZM7a1VREIW/fXKTIhAfVSQIIY2PWkEELe0FiZVgWkvBVhCsrLUQ/AdpxCKIhelstRCiAcFExEbRhAu5j71nLYtzvSeHXF9kYLOb2d+etWYm2eYw0QFYefTmNrAIXALOgY1JyFRVokogCQU70x1/OH3yyHlk7lw7k7DNzYevn/g/48Hqhm3XFQCXAW6sXscIy4SEJCKCCBEKIgJJvLi1zvtPO4OxBOQTAMM8ZH7h2B81b25sA9Dr55kxwPYsQM6Zz9tfsY0MViC51m/j0Q3giNQA5A7A05W1f3ZfIfYDEsDyvZf0JWRYu3+Fj192Jz5eWjiKFQBUNaCmfetlLpyd53uvjJPnZmda51e4tAC1rm4/yDZ7g9L6MYfJ0R44qTSANKpgMMj0chD9/FcPXIb7PKChT5rs6al0EODSAFRkIAE8f7XVSuzuDSdXMOpnByCkLWDp7eOrB9z+rQT7RzOJoWfLd9dP2b6IdFwqYGEFVgEHlqg31wZ1oXoHkA67zj8BVEcprN9nEQAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLhZNfSN1lGMc/7+939ORU1C0iszwSG2duOFqNBQ2meJUoY4MixiiKiCCGMMauZYJ00252uYIuRlsgKJRsDLE/VBIhu3B/knVmInpy/jnrpB71fX+/99uFO3KkrAfei/fh+Xx4eJ/nNZIoRtx9Vq6xCTs0hCTwHnmPJOQ9ya4u+PYHKkdumSKToCQURVvFRXBLUhRZV4oQbBO4aBOIYxTHBOlVyt6Y3brL+/8RWIesJdi3D8UxiWN5glfrYM8yQToN6+vI2v8U9JrZLGFTE+HLKcwLqwS72wmOGRKpFP7X35B1vTsKktev9ZD9o5epacJX1gga3iKofQ2lsmjiAXow2Vt773ZPKWMk4X5KVUhhWl6hF/j+5z5U2+IHZUcvQFCOnf4SNzD+tVrDi1KA9yJ2hYX6N+enjSTs9/Uz2tXcIPFkCiKoOw67Usg9Ri6PWxonLswjDN457PIUNrf4jpFEYcCc8I4vwgMfVSUaTiM7h7eP8S4HcQEUgUlgEtX4yJEfu0Zu7O5XJDljiouUv2r2+pih8v2n0uHzJ5F9hKJV5AsoXgMTEuWyzN3sj+0yPYcuq2/bI9a8rQxJjqz/Pjjo/7oPEtIG8hsgiyHk0Tf9ObdBRxH+xxTqTmvFVFQOu3wGGUAegwFtLhEhKy2faHjHMQKIpzrL6l7CmASKImwuiynbTVBeQ/kzzzbeuWhaSuu3/YWlwacrvGgPaw+Q/+USS6OjGQw/Vqb3vlu9v41k/UFyD+c6gTv/2kEcR62m6sWKhaHzLHw3eiVyHG7+WO/9OZHpmBz4bNauWdZX6dzesrR1Zj7l/Uwfk3fP8XppXhI/d1MzcobPb5ziXmn+b0pcjPW7AMpFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAENSURBVDjLpZM/SwNREMTnxBRpFYmctaKCfwrBSCrRLuL3iEW6+EEUG8XvIVjYWNgJdhFjIXamv3s7u/ssrtO7hFy2fcOPmd03SYwR88xi1cPgpRdjjDB1mBquju+TMt1CFcDd0V7q4GilAwpnd2A0qCvcHRSdHUBqAYgOyaUGIBQAc4fkNSJIIGgGj4ZQx4EEAY3waPUiSC5FhLoOQkbQCJvioPQfnN2ctpuNJugKNUWYsMR/gO71yYPk8tRaboGmoCvS1RQ7/c1sq7f+OBUQcjkPGb9+xmOoF6ckCQb9pmj3rz6pKtPB5e5rmq7tmxk+hqO34e1or0yXTGrj9sXGs1Ib73efh1WaZN46/wI8JLfHaN24FwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHaSURBVDjLlZO7a1NRHMfzfzhIKQ5OHR1ddRRBLA6lg4iTd5PSas37YR56Y2JiHgg21uoFxSatCVFjbl5iNBBiMmUJgWwZhCB4pR9/V4QKfSQdDufF5/v7nu85xwJYprV0Oq0kk8luIpEw4vG48f/eVDiVSikCTobDIePxmGg0yokEBO4OBgNGoxH5fJ5wOHwygVgsZpjVW60WqqqWzbVgMIjf78fn8xlTBcTy736/T7VaJRQKfQoEArqmafR6Pdxu9/ECkUjkglje63Q6NBoNisUihUKBcrlMpVLB6XR2D4df3VQnmRstsWzU63WazSZmX6vV0HWdUqmEw+GY2Gw25SC8dV1l1wrZNX5s3qLdbpPL5fB6vXumZalq2O32rtVqVQ6GuGnCd+HbFnx9AZrC+MkSHo/np8vlmj/M7f4ks6yysyawgB8fwPv70HgKG8v8cp/7fFRO/+AllewqNJ/DhyBsi9A7J1QTkF4E69mXRws8u6ayvSJwRqoG4K2Md+ygxyF5FdbPaMfdlIXUZfiyAUWx/OY25O4JHBP4CtyZ16a9EwuRi1CXs+5K1ew6lB9DXERX517P8tEsPDzfNIP6C5YeQewSrJyeCd4P0bnwXYISy3MCn5oZNtsf3pH46e7XBJcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLjZNLSFRhGIYn1IULF+2CiJA2tWob1CIKa+WqoghaRBERrYKS2kSLCoKIQmbQKAwLSs3FRDbeM03TmmnGG3kZc3ScizPjzJnRuTlznr7/eGFMgg485xzO977v//2XYwJMhZx7aDssVAsOISREhQnBomp/6wuNZYJZyLbaPYzOafwOZ1hIrOKNLNPumEPV1jVlWwLWzbY33RPk8jpeDZqH4rwfjvMtkiElorygakqjtBshGwFmVYhlMa6EqOt7YtT1L+GK5dHlmzzQ8mv19RCzESAvh4S8J5KlfiDMZHhN1GJPYekMM72M0UFAbgl5ZhS6rgLyymuM3ibzaxnWeN4ToqY7xIgXpgIwMJmQ6aSJpCEoAZq0Es1BXGhbWxOzCnC6PDFe9S1KQBDL5yBWh0ZD77QS+BVNfW4SYlqQbiaXwLWQw+XRVN2pAsJj3hUZOUiNmGslZNCdUEWfsHsd30QgjVUWtfFHzGDEm1Sa8GaApSuIuSNAdYefoZntASPzSRrtGq8Ho0KE4YIAp3M2irnLb5jfSfpkWEe1vTGFhl43fS+f0nXhAB3HS2g9s5evlnubUzAWsX8mhSsIc0lwx4UYTCymGfWl6a+rxnnzCKmPj9HHbay8vcH36wd5cvFU7+Y2ZmVrgrJHv6Jg98MXD7RP5/gwluHT2X0kxcyzSqjaCQ/KCT06SsuJ0oUtBykk2+UKQa+Y26Z0rOOrNLlSRtu6vZnCK3p3Fx3HivVtR9kb1/kpHbRP5bCOZGhyJrGd3sPyi0sgpvQtE0uC52oRrRVF3n/+TI5ZjXF/xliDgdr7DF7Zj6+qnMXbJbgv76Czsjhnqyi6Y/qP31nhqL12vr/lZKlPtS0jzyuz0v8BvOcGre/IsB0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJfSURBVDjLpZNNbxJRFIb7A/wF/A5YunTDrpouujNxY8LGxEVTVyU11UVjCmEsUUyb1gYqEWuqtqmRWukUimksH6UMHwIW6FCYwWFgYBjKcc6FGam68ybvZuY87/m4544BwNiobiyCQZVJlVnV5FDm4TfDn/Gj4DVVxgdvBIvv4IwKHafp2MkpF40nuP2jJP1qL0dNeXkLxmDsFYMhfN0TKFujp1mGrQkgSl1QLvtEjZYMpQoPwaM4s7STtWKsZqIZGBGOJ7+L7Y4CeCS5B7zYBU5Vs9Mj30RJhv1wRHRtpdDESAywLywbM2twVZCh8lOGt+EKsHUZyvUOlPiObrKzG2TurbHYjgENTD76B4Vlj8II3noYgI3DCoHPam0iPMncOTi8IQpZNDAHv6Vo7BlLRVDLenN2j+h1iCVwodoGoaXARV2C5fV3NLJoMBmJnXA4rFqjS2DMWOTaKvyZaOJRCPwxDnIViRjJyiWsudc5ZInBcTRODLB8DcZAAs8dwPiMn/zLstKwii4sr7zUDcxfviboutiBhqTovWLgxBx9Bc6ct8jNpIt1cLjcegsmtz9DFUo16PeBgPkLiZQ7PvOJwAimyy1IlVrQ7fVh9zABVucHfYiG+56qxR8IM5wwmDJmQyGsgclSkyTIqNntz1aZO8704Bq1RXJsRK2bHwMiyw8C601FrwaXCTOnizzYXB5x2rH1e5FGV3neHbauejeZUCQDBVYgM8GeE3kOtgNRmHcsMVP293+v8uhjuvsib5l9vk09WVyhHU+d3IKd4h7bXPS0zUfdppL/fkz/85x/AR14FVfMwp4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIASURBVDjLpVPPaxNREJ6Vt01caH4oWk1T0ZKlGIo9RG+BUsEK4kEP/Q8qPXnpqRdPBf8A8Wahhx7FQ0GF9FJ6UksqwfTSBDGyB5HkkphC9tfb7jfbtyQQTx142byZ75v5ZnZWC4KALmICPy+2DkvKIX2f/POz83LxCL7nrz+WPNcll49DrhM9v7xdO9JW330DuXrrqkFSgig5iR2Cfv3t3gNxOnv5BwU+eZ5HuON5/PMPJZKJ+yKQfpW0S7TxdC6WJaWkyvff1LDaFRAeLZj05MHsiPTS6hua0PUqtwC5sHq9zv9RYWl+nu5cETcnJ1M0M5WlWq3GsX6/T+VymRzHDluZiGYAAsw0TQahV8uyyGq1qFgskm0bHIO/1+sx1rFtchJhArwEyIQ1Gg2WD2A6nWawHQJVDIWgIJfLhQowTIeE9D0mKAU8qPC0220afsWFQoH93W6X7yCDJ+DEBeBmsxnPIJVKxWQVUwry+XyUwBlKMKwA8jqdDhOVCqVAzQDVvXAXhOdGBFgymYwrGoZBmUyGjxCCdF0fSahaFdgoTHRxfTveMCXvWfkuE3Y+f40qhgT/nMitupzApdvT18bu+YeDQwY9Xl4aG9/d/URiMBhQq/dvZMeVghtT17lSZW9/rAKsvPa/r9Fc2dw+Pe0/xI6kM9mT5vtXy+Nw2kU/5zOGRpvuMIu0YAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKySURBVDjLpVNfSFNRGP+de++2a66Fm3PNdKArUnCaiSijPzCR6qGg3i2itygQetDHXiIf6qWaYBA9+BL0EGhPlZUwQoQo1mpsAxss1Klzc3O72527t+9cUXor6MDvfBfu9/u+3/l95zBd1/E/S+Lb1NTUvXK5HKhWq3W1Wo1VKhWToihmHjVNYxaLRbXb7a/HxsZGef7IyEgfhZ/T09ObLBgMHhJFMdfb2wuuhggGol/e4urFY1CXnuHR+w7YXJ2IxxPXstnsYyLbCFz6gOj1eiNdXV12l8uFVCqF1dVVbGxsoNnTgY+f1xErnERP32kwxrCysnJZEASLLMuQJInl8/kzEnU9arPZEIlE0NTUBJ/PBzoK6ChwOp2IRqMIhUJwOBwIBAJIp9PI5XJGTiwWOy7xxLW1NTQ2NqJa78GDOQXFHQaN9FmYCWdb2mEvFEh+HFwlJyYSCbjdbuOoAt+KxSJaW1sx+01FRRcgmwhmATXBhPlf9QYxk8kYZFVVQQbvq5R4AXLbwHbNTEQRkkAOkUWMNlU3gyZkgJN5Hv/m0VDAq+xV5UvXtV0yFREIosBQKpWMnD8V7BXYV0COwqzXYUeTIfAJ6bsqzFCwtbUFq4chXJpDqW4bB/ryWM8uGQXE7u7uu1ar1XDW46xHWjGjysTdW6YpOKJ+R2L5A9r9NpzqH8BQ/3lU5QxSahjZ3DYk3p134ONxZLMYaGszzOFyC+R+OByG5NvEiQ4/mVpDj3sY7368xKDPj2R8FhJ1Hk0mk/dJjqWhoYEtLi4yXoDL45EM0w97a8zErLjQecNQdmfoKU1skkya4Ub//TH5b7coVy6dk3fodowPP8fEm+uQRQtevJopC//y4jRde7gQ/kSGSkZnM5MQ+jrPfwXZvz7nwVvNExRuEg4SCoTJhSfL478BoeOJpjqa+ZsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGaSURBVBgZpcG9alRRGIXh99vnKIGgrbaCl5BOC2/BJgi2NmIlFoK9oI1CIJ39kInxhxReh1VKCZmfQkiVTOLs863l7GAau5DnCdtcRzx+ufPi4aON98cLr9uAhCVSiWVk4Uxk40xS4vbNenpwMH395cPmdr/xYGPrxtp6ubPGVayfLnIL2O4X1WVxfMJVnVUXVnqnefv0Plf17N0hTW+LZjkkBiyTAmEkkxI5mBxMWizT3Lt7i1TS9Ng0UYKwcQkcJhSUEkQUIpLoTKdCP5hGQ9L0qaQpgCMgoDMoQDKdoURHH5BhsohGKZpimdFoxGQyYXdnh9nREXvjMbPphO97u8ynE/a/7jKbT/ix/5nf8zmj0QgpufDq0083g+RB8iC5Zrpmepnp80z/qdVny+rFsvrkvLp58uabV+iHWrkQQQC2iQjMik1hpRQ6IG1KmGaoA03vFE0HmJUIsGkigksCuggs0Vii6SVxKYBgJYL/dfzTdTSyafrpr8Px8491U5koRWYiiawVScjGSpxGFpaQaMashG2uo3BNfwFx+DLsFQ4W2wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLjdFNTNJxHAZw69CWHjp16O2AZB3S1ovOObaI8NBYuuZAhqjIQkzJoSIZBmSCpVuK/sE/WimU6N9SDM0R66IHbabie1hrg0MK3Zo5a8vwidgym8w8PKffvp89e35RAKJ2ipp7WDxvjltZ6jwCr5W2bpHHtqUnx+77877jsZxzlO3roAWXuw5ha1pl9MZdAW2ig8RyXyL8rnx8G6uH387AMnUMC2b6l10BJPdAfWDGhZVREuszT7D6hsTStBNDurO+XQEZnEypx1a28XW2F8HFPqwtOBAYJlCde9EeEZCy4sTN4ksrRA4LZB57vZCfMElUyH4E7Ap86r+LwIAGIy03cDr/lDNJGR/zDyBiHGc3i1ODjUIWtqbdIIexVY86kwZ3HijR/86GmqFqJGhPWs8oTkRvAgb+uZGHhVfRV3UNni41OhU8EDlstBSkwjKjhnmqAg3uUtS6y9Dzvg0ljmKkFCaRm4CJT+/5OERtG4yqZMEwdQt1biV0EyW4PVEE1dsiiMk8eMn0/w9Wp+PCNK1CQ6iBYeommkIpH5Qhy5AF/6Mrf4G955tUJlXxtsHieeWQ2LJxvVuAAkoASUcmLugZPqW0qsprEQjDx3sY3ZIMhXt1+DNw77kdmnYKSsKKx+PfoTQtYX9KtzWG2Rod6aujaJwWHk8+uDawGITeA+SPA7nDQOYgwKcAYhQQajyIY9eQEYE5feLPyV4jFC8CELkAkWMDQmoDPGsQaWYgzRjEU8vL8GARAV8T099bUwqBdgzS14D4VaiBA8gZALJ/t6j1Qqu4Hx4sIvChoyDFWZ1RmcyzORJLJsDSzoUyD5Z6FsxKN+iXn/mM5ZLwYJGAX0F/sgCQt3xBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH0SURBVDjLxZPPS1RxFMU/7800vglR0hkNRDKHUAwpgyxSiSgwsiFqEbRIWkW47l+IYNa1aOGqoFYJYRiBkeAwYQjmj5GBHJOyVAYZR6b3Zt73e78tZMDKnQsPXDjcczlwL+daxhj2A5t94uANghUST6SiwHMR6RQtIa00O6UcpZSvfbWgfP3o89Nb7/Y0AFK97ZHY6ZYj2FhoEZSABZSVJru61fti7MtbIPCfQTyRqg7axJzNBV5OLHIxfo/ZqQl8bVhd+Ur31btkUyNszGVsuP33CvFE6qiIjHa11vNtNklNQwsFV1H0FGvfsygxbBUVoqGpoYbmSw9NVaQto5W+sTzyIGNdezz5uq8tevNCe5SldY980aeshLIylHyh5O/w2sMBYo1hlIZPM0u8n5ibWnkzdC4oWgbOnoiQ+elScBUlJZR9oayEkm92zHyh8Ntnec1FDPSebOFjarG7+fqTuqBWOmQMFH/MMPbqGaEqhzN9A5w6348Sg9KCFlian2JydJhgKMyv8H1ChwJ4HtVW15U7Rm2vo7Y3iEbqsG2b9Vweq7YV4+aoRN0qbRKN1CMi5PJFtNOE29h/zKoMdHR0ZHt6eo47jsP4+Ph8Op3u3H3tiu55HtPT0x/S6fTlf3MwmEwmE4ALDO8Rut36UKVpHfg3/gGTgwnlYQ1oPAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVDjLpVLdS9NhFH724WbTWcpKiTUxWyJKRTdGURaSUt5URDcW3XYZ9AER1UXhTQT9CREE3URi1EUkaGhq5ZSgDzc1tWmaGzrd5m/v+55zurBy6u468MD54Dzn0yYi+B9xZhvxwWOPheWCiECYARYIrejCvKoTT/qbQuUbCISlZXNFC4QFIIYQrcIQ0rEPsBKR5N/kNQSxgaN3Xd6gHQzo+HOINmCtIUojz3cG1sJXWIkI+ZtC3uyi9tXqfD1/y15Q+hvEEESvIM93CioZxfJCBExctX4HdgCYe3/kbJ4n4ILNBUp9hhgCk4GjcD9Yp2AthEGZxebAyaHRnATC/MjlDUJMCmLMn5kN7O4AlueHoZLRa4HmoVe5rmCb7T1U53D5+rz+E1CxdrDSEK3BlgVX6WnEI09EiNXDxQJ3yihc8aQzDmIIcSJ4fqTUKSTtLu9uCGk4i5ogZCCGAAHEMIrLz9nEaHfm00v4fdW4MxVy3y7gtEPTQQBwCrM7Od2VyboxhBkP5ovcwgqKDZQhbC8JorqsDktWCpejffmWUbNvAdhyfeLEiz2d9xOe+uM1F0HCICYwBDOJKIoLtqF37A0GJrvYMqrEmWsxQlxvGQUSxkQ8As0GhjU0aSxmlrBvx2Ekddre/707voFgvK12MN+7C1YsDEMGpUUBGCaQMH4mJlFSWIbQjx70jHbPKYPGNSOMt9UWQuxLQoyrsTSWlRLFCpZRqPTV2A7sbMTHyXfoCL+eUQYN063yxbmu9X4m80uIK59dGktmx2rv2VM2+yZPZ7hjSjEapltleCVJ5B9GnlbVZdvZqLiFVOCmQ7beQEW2/zeRQcHUmJPKOgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLhVNdSJNRGH6++enSTc3Rl9Y0KzRcoSHShURERRldlLGLMsqrCO2iLuwuL7qKLr0MoQvDHJigJkEbG5mGdzKU1PnvN7I2Fgu33Or7W+858YkrpRee8x7ec97n/TtHyGQyCAQCVtJXCS2GYdSQribQ1vhEeon0C0KgublZx18i+P3+43TJI0lSXVlZGWw2GwoKCsCINzY2kEwmEQ6HEYvFPpLtptvtXs9i8Pl872VZZuEyu4mqqplgMJh57O1Ya/e25jByExZaTpSWluJ/4nQ6kdZSTlXRAtvtIkXmTNPT07Db7RwlJSVYSS7infwGa8llaJoOTdXhLCwX7Zr97C3PdW9fy2BTFoHD4WB1IhKJIJH3HZPKBA4UOXHh4GXoGR0GQTd0vk+l0peuPW9aGm7zVolmLSyyKIoUTUMgPoN9uRIk635MRYNY+bYMVVFRXlTBz0PhBf/Ifd9FloHFzIAdULM4FhMh7jiyMIREfBOte9vwtLEL65+/anNyaFz5qTSdf3Y6P6sEXdc5CcO9Qw85UTQaRfJHktvYnTzFqpPzOV/HmEG+6awMzOgmyRahquHtlyF+p0FoTJCz/s8UGExHk1DRflHjDAxHBpBSNrldURQ0djaMUT/O0DgZuSyySPF4HPQS+QTS6fQfZksuBuQ+5BXlQFDzceflDWqkJh2tOCydqq/H7Pw8xsYnvILH47lC7P0ul8tWWVkJq9UKQRBw99VtFBcW4+Sx2q3xmeNcWl2F3z86qWv6I4Gl29vbe4RIOglui8VSzP4CK2dQfo09ksgf0kxoDhpPm/VG/0DOT1Z7wqOcYLt0d3cXknMVwaCmhjzRHi+l7pjqmq3b8Y1v/xg7ofZBTY6rvbp/t/PfI0AjgZ0qo+wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIbSURBVDjLjVPPaxNREJ79Qena1EO6u/GQ9CiFouCp5FQQET0KQvBQbA/tqf+BCEXoyauCl7KFHkoOvYimUpToRTyISVtsliImpCwkLUGqxvzY3bfOvO2+bOgljx32vdn5Zr4336wUBAGUy+V7f96/3PVaDnjNKty17DkYbZ1KpVLppu/7n5nbnVDAh7NXK3Bn4/tIaFVV59R8Pm9ns9nV8aOClZhCbwDguu5QIGMMiGn8rGlamCSXy80ggxfMXAAFPPj9qXipkizLHBQtSZJEQsFg7KBgTZroZGEArWc7TSAchXIA4w+sPdQH1xAMDGQgeXD+4aNIQODZjHaRILT9Wpt/Q8wwA3X/rXVVD3glkQD3h7V/vGrA8Bvz0Rf2AK/F7zRQoY8qIAPn+TLczx/xRPF709nzPOFHayeTyfkBg29vrEkj5BkFPdlu4NtHugH4wYUSqNBaziQGE5hXifXgMVfh115RdHr90TUOIkPNBZtutwvVahUURZFlYuA4zmqzsAl/v24BFhQSRXJFDYvAlUoFUqkU+VmMwSLIyKC1W4ypwISRr9PpgG3bkMlkQNf1YRXkL6+thIlN8y9PIDGgygROp9NgGMZgqOIqEIPa0yV4sPeDgwlIne/1etBoNHhV0zTjExn+Cxh041bl3c8rSY0PCzWIgGQRCxpnSlKv1/m+3++HSaKGLV2fmp9OjN122u7JxnHrYNTf+T+76nzVPsi2lQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEoSURBVDjLnZIxS8NAGIabf5JfURf/g2NxyCCEbAGXcuCWIQSC3C4hZHPXttopKI5S6KaC2E2umDRSg6SXwGcubeAuCeVs4F0e3nu43Pf1AKDXTPmpZfpc1K5e1e04rLBDRVEAS5ZlsE+yVxBFEdSinUT5lyBNU0iS5HBBnudAKT1cwEdawE9B1/XYMIxY6hHDMMS+7xOMMXEch9i2TYIgGLiuO7AsiyCEqpimSUoxFgTsap7nEf6Ku19RupimaYRj7aWRZbWguTRHZU4kWC3eCsKXGBbxpn7xMzbC9fMNFJ+vArtdjuAjW/CT2Qqe3tfw8JYI5d/5HfzMRgK7X01h/DVpCy4fv+FiuhLK9Poc6NWpwIZLBEOC2oLG0lRlCdbvmgLLsSRT/wAPFzLO5ovpLAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL0SURBVDjLhZNbSNNhGMb/EqGGUEEUUhgWUkmWQpFZ1oUkdZNQhFAeMkktQY288EgeKk+l05zHdI41tZNO5mHTEJ3OmTrPh8imTvM0tTxs6qbb07c/OTSjLp7v4uV9frzw8aMGWI9MSAJI+CQyEiWJtiv7AZoZbqh9fl3LD7+sLA46Lcv3seQz3fcFpLiamQCg9KHIcuNIVRwmmphQdORhtoeNma4CTLXkYlyUgdHqFMjK4tDLCUUjwwslIZdAAI0GQD8nrGsDMC3NJXmNSUk2vtczMSJIhoyXgIGiaHTkPobohTsNYLibdxkA4m65tVRch29VOegrjEQL0xu1cS4gZ4OcDZbvUWR5WyDH/ySKYm8iJz0e6dwqawNA/9QOagTSMTVml9awotFhdU2HOdU6+iZW0CZfxvCsGrIZNcrbZ5BeOSzYKBsA+gj7l0uF/SrdCFlWrmoxMb+GgclVDJGi+OsiMoWjulcVwyWby1sA+vA6FuzLOuZln2VLGP2hocuVnXPIEMoH0yqG7P8sbwNspLBJ0dAuV6JteAlMgVykn/lzzqnus+zgmWdj+l9AcdO0pHNMCSkBpJUPNehn3iw7VTT/NlyzjsOFedj0r4BC8bQDr1Uh7x5dQiDXEQFvzsOPfQZeebaIKL2Fd62pCH7vgispB7SOSXvNtgA4DVO8D83TuiHFCv0T5GTw2jPwUZpOF4tbGWB8CgZbkgg/rjPOxhlrbWKNdtPlAtGksKZnDuPzGqjUWmjWdSAn0+Xk6kAkCPzxrNIHUXwvxFT4IksUC7eCi7B6Qq1TRTU91tyGCdT1/4RicY0ua3XAndwTeNvCALf5JdhNicgXxxPIQ2SKYuDDvQrLSEpxMJSypV3oFWahUSKG5MssxmaWsaDS4EbmEVxLPQSnlP24kLQHHiwHZNRH4R7HGcfCjNTmoZT1Npn+5YLd053wZDvhVLgxQjx2STfbaNCZKCwjCit/K0y7QBTWEoWVVhGUziJ8B4LumkZv1vkXO/PSRSy+XJ4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxZO/axRRFIW/N7o7CZIIKhosAoIIopWNqEX0L7ARG0EU0V4UVLBJJVjY2FgsgiykCOY/SIw2tgHJqEELUUzQJpudcd/c9+M+ixBYhNkmhae7X3E498AxKSV2o4xdau/wMfv6V6XK89mrRx4N8zud78ve6UXxivjAwv0TpinBvqg8uNf98WQYWqucmh7j0ukJSknNL1ivnDmWm8OT7Ye3Xnx7tsMH4hAfcV6prGs2EBdQYPpgm6n97buXn669BCglYV1CvFJKbO7gj0+4oPRt5PhUi02b3zz/+EMbDLUbo24Z+labDaxVJCi9QSAzcPLoOC24tlj0ZHI8Q3wkWN9sMBCH80rtInsMZCZRB6USrco65hmgoxKUkhCfIEGeG94WW6x87S+QOPR7080cmGiRZESJld1uO28Zllb7rKz15n92zl5Rq0kk4oKS6jgqQUS88q7oUXwpu+vdc9cBkjiC2+5n5At9qywXPT593nq1Pnfhxg5PdcR7xUcl+dBsEKzn42rZ2ZifuT3M1Srv32yQgvLv+Mx/X+Nfknb5JPA+HGwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALjSURBVDjLfZNfSN11FMA/3/v7ea/36prXWWirTZdlKtiC6CGi4BLVCqJB2/BFNmKMfInVQw8RK4lVD/VoEL2UWL0Za8HQJHNL5ya17lZz4aItXb957/V6r9v13t/3z+nBNBm0A4dzXs7n/FciAsCz747LgRdambyyiDOCtQ5rHc46jHE8ft8W+gd/Yrr/JcUG8dccZy3OCUb/G2hWrTWraoxgjeVWiaw569m0xYSW9qrT9NxxFB1atLarwNsBnLHcLGnu3hRDh5ZU4mseqb9Mo8xw7+Y4N0oVrL1tBbbv7PnrNMR8OpNFdkTTROpTPFU7yl01UaZ+nsMZ2/e/gPEPdh258Humbyod8Gjie/ymPUTqHqMzMsKZc1c4fynouzi4/8itABWe2hYX8drEiecE3vqx59ChrhMHt3UdhEiU8OpXDJz0vtnXkX5HJIJzgtWlTNOehasAqjLWOCeJ9q0iICKIEyLJJyCxHdF5RBfQuTS2tICgcFoTLv9JuJjtaXlFBnyTC3pdEAx6Hb21/tZuJAxwYR6ns2BLoBxVd+4k6m/CGU1h+gvy09ljxBgCUCJCYUC1Osvx6IO727x7XkTC64i5ibgSYldAeQTfTRP88AuVpbJYT+aA/qeHzftq7RLzX6paB5/HH3pjt4rV40wesSVwZTKT8yxfyvJAai+xlk5W0sP8dnLE5mcuHl7fQrJbbqh4zYguzCIKEIdCgVj+Gp3k/tReqi+PoT7rJvHHEM3bt3ii5LC/cSVC9fNVyZ0o5eOMQS9dI9rQjM4WqW5sgede++8H3m7Cc6p5HZAbaog7IeXVdVA48yG5iYlZFKdq2lr3e3UJSue+peZYL5WVgBKwXPSwHtc2XKJ5UtXuiGeOv05mbOITo3m4/T05sDQzu6u6nuVfT4/zdzlO0asiv6iYnVdWoH99iPOfqpfLC7xZztLb+ZGc2Nja1KtqcyWTHC3nil2eUb71ZF7g42eGzdF/AONCmjwFNk4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLpZPNS1RhFMZ/5733zkzjR/ZBCUpoJdUiBCkll4m0CUKJIGpVSLjyL2gntDFop6shAolWbcSNIW0ircHBUHCloo3VjNY0jjP3831bWA5ai8Bnfc7vPOfhHDHGcBjZAENji7N1cSj7IcdqY2zkKoiC2qSFNsKPYoXpTPbBynj/4j8BlbLL9c4L3OqoZWLmM4/vXdpX9OJtHq0lBXQdBIgxhvtPZmZ7ui+yspZrjwKfWExxtMbh66YLAgj4geZnyd2YzmT7Vsb75/c5UEqwDLgVl55r57hxuYY3c18Y6mtDgO1KSBBETMwV0VpeA2f3ARKOwvUCcgWX9bzH0NhqvC4Okx9zBzNpPdGQ4OHIrJnOZLtWxvs/2AChNnhRiFIKy8j/ZjILiALYLgc4YnO8zsJSIWUv4Pt2CMBU+tteoxtC0YN8wUdEV1eItMHCIdSagru5l0kQaZ4OdqC1wQAWhqQNnudR3PGrANu2aGmE9FJATSxJwinhegHDr1ZRAmGk0ZHGAMYYMJB0dh0ogOVs6VNqcoGtosYv1+9lYikHERvBQsQCozBGCMIQ3w+rDtKjvQMAd4bfL59vFqYzQasjNoM36wi1vzvHgBFNwo4x8nKNreJOFfBHy9nSXGpyoSPSYOGgqZCae8TJ5BkERb68zsDVZygSlD3/b0B6tPf2byempRFO127T095JQ6wJFBTcJk7VhCRjYItUT/mgrgxOvWtrPtLdEG8gYdcT6gDRGjERWsosrS2TKwbMP78rcth3/gX/0SEvLZFG1QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALrSURBVDjLbZJZSFRhGIYNRyK6iC7aLiK8qG4MifZuylxaVOymjZQKDYbEJE1nskITEpeCFAy98KIJl8LUyn0Hzd3EbVKcxlnOuMyZcUads4xzznn7Z4JJzQMv3+E/3/t87/n4fQD4rBdjqIlmNOV1zHSJYXk0n7MPZvK27lSrtSNhdKlLkbG53/vC6qoPsNovDTzVAJelF8LqL4icHhJvgGCfAj9bD2tLPBaqb2ot7YqADQBG/22nY0Y1sEZ3QXQaiHTEPAmRHYHg6CfqJWdqSGs0VgbegVIFWxfblfu8AIe6KIc31pIGE0R+hlQKkmAHJKdHkmAjsDG4lmsB0Qrz93hQn27XewHLw9mUyzZGemfIpFlILgsxLXmMHrlo8k1HAI1EFeBNg9AUnOW8gKUfz50iOwuB6YPADpP4ahJ7HMLKCDEMkB10w7XSDN78HpwpCaLDgKmc45IXYGlPNDoX+8n0CXDGF2RCFmxf78NWJ4etNhaWsghwVCYYzR2s0bngDIOYzjvxL4GlU5lt68sjcS3g9AqYiwPB6lOInoLRyklNxlzWDqxOhkGSNDB9ToS2OKLDC7D3ZMgW6+RTqxOlZIEa0B/Oesws9QiMIQasLgkL+XshMp1Y/lkJdcZRnqpKPLzhHtBtysD5ymh6dbwM9qqHfwFkstvM6p5gOuM0eu4eQuslGVqubrc0hfoqNwDcMjelnNSWP5ifKwkD1x4Oce4yRFMQ9PnnMJp8BlzdW0jqRjAVSRiMPyY0B8sSfDZfzY7y1+GFr2LXPhamoSj3PN6kn0LNtV1giRkFkYBiN5DlDzr3IppCfLX/Adx6qZAbVKVlUKkqUFRcQmL7QRquwvrHlr7f/TvSlgDF43s9La2tMJtpDA0Noz5qDxwlsQAx8ak+WCLSy31B9kBtCWgpz465cf0KExoaIgUFXZCyowJc/XFHxDmFP8zP/PA7bhvaImVCY6hv2paArdR966CSTJx1xybV6Da7z/8A2VoHSyUsj6sAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI4SURBVDjLhVPNaxNREJ8k2yxuDMGEkGi0QltREC9+HQQPKl5EkBz8D7xI/QDxIh4KpeA5lII3IbeAF6UKHjU5SS2op1JKTFiN5GOD6WY/s/t8M5u3bkvBWWZneJn3m99vdhJrNBqrjLEH3MH3fRBRuOd55NN8qVwuL0PU6vX6N13X2f+s3++zWq1WxwZRlxAZbf37CBiP/IzcxwL4l1+bZcRkvxGAG2DAscxMAIAPRaBXS3NIguu6VNdefHoPDPP97Ku1X1KAynXzwuGuBdudMSiHkmHnoxmJxwRdnEwm0L7/5HkK3BV9bGzwo0uBhKmeTEqGCwvyHimYDwcBgxPq7yKMjTe2Y68cjnsXf1y/s0gMEjEAj1e2h+4e/X5kHv6Xr3C+rS7ounHbNa3HcpJVYGw+JADsfuuMHGok6VNWaMmkDNrnFEx2deAMXpz88DrWvHyzApZ1WkJdwhzHgW63C5qmEeVsNgv5fJ4D8JkguGEBGxtBsWECs20gAPEp8bKqquFC8f2gPJ1Og692QHIdYIb1rHn2yqO0IsHoj70VFwywcDAYUCyVSuQI0uv1KMZuXIVP2SM7YJrrM75XYY4NYNmr8agE0VloF/MRM9mcP95hln1XTjAY/RxuzPW21iQcnJCAmpF2q9UKgfBMAGCzuebm0k7uVAecyVvaxCgDHBh25XtPF3K5HBSLxRBAfKX5wfbLcJXxEH9UFIW8UCjAQYY1B/4XOIOP1Wr1HDLBgmgUecTf7Qf4C2kj+HVimC2aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFOSURBVDjLtVK7SgNRED0b9iuM2lr4QK1DQIyk0FZsJAj+gH+ilRZb2NjaRHTLmA9QFKz9huzm7t37Hu+u7IJgQjR6YLjDzOXMmcMERIR5EE5qXA4z4sqACYWEC5wfLQXf/WtMIuDSoL0A7DZDjBj/uYI0l8jzEEJYJMkvCEZM4PqZIxlzpGk+kSCY18TGtGYcx9Tv96dOqBUMBgNyzsFaC621312Ac+59yJFlGRhj5VvVoigKvniglEK32w1mkd3r9ejPPAjOhqdknYX18p1/rzo3pYqTh0OSRkJI5UMgPn4s61sX66SkhtEGcISGsQad5gH2FvehfV5BaIF2cwet5RZyKeu68pe5ubKG7dUNP5AQGltMN57Mosgr5EIiVQmYGvtc1PVicqHY+dXpk8Dg7v22XKFo1ARe9v1bDOlXKKKCs4Sn1xdU1v3vIc2CD3bN4xJjfJWvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGQSURBVBgZpcG9alRhFIbR5/tRA0Fbbe0tp4tFsHFKLSaNjSIGJlapDIq12BgIxJRaCGIK8QaUNN6BmEJBLNIGCcko55z9bs8WpxlECLNWcnfmkW6uv7l/dXnw9HDii+6AhEuYDJcjF26G3HEzTOLC2fZkf//gwdtnK9t1sDTYOrOwmC8ucBqLJxPbArbrpPU8OTzmtH62ngkPX33xf3n0+qv/z90n771HdRdhvAcjfaBpGobDIVOHx7+wzrHOMReNOZcvncdkhIo7YWeZ3jVm1VJJyUjFKcrUzgnqjFBNRhjvwfUf72jbltFoxFTJkFOhJrDkWBZBJkJ1OWFnmd4NZpUESuAJyImiQpCMUCUjLL2Ae+klTdOwurrKVKqZKiGHDCjxhyRC7dqW8PEOvdvMyvRypgDmTk5O6NqOUN1EuLIJa+eec3R0xMbGBlM5JYKAkhIuEVwiVEmET+v01phVUiIU/iqFIHdCPfj2fXe82a7IDJkwMyRhbcutx5+ROy7DzZELl5AIu/SSuzOPzJx+AwKoFtIrwFHLAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHMSURBVDjLpZNNS1VRGIWf67HQ8MZVEtLserNIsk8JA0f1F8JZ/oRG9RNs3ESaNQscFQ5KCoIiopGhhFDgHZRgZEIRSN3PvddqcI5memZu2Ow1WQ/Pu+Et2OYgp4MDns7tcH9hY0dFNgZiBAyWkCEqzVFw71a58B8AYLD3MMZYYMAyMngXRILPm7X9BtHGzgoC29iZTQaSjGRiO2eEGFNFbKSsuJ31P6Qdtf8THZXSBVFC0Sk0iv7CCtcOPSDxFlEmhBxAEFlJmU2aC7HBaZ4zXBmn4tcoGgXvBygoK21D0nzSbxgsT3B0YJyB8I6euEbIA4TAv6JMiKJbGwyFVxSPlYhbTxm6NM1IWEBq5wBizMrp/I6i3HrB4NhNaCyz+GiOnlKdvvoSw8lKnkGqrAAxmlL7E2f6GhR7a6j5BSzi7/ecunGXiWSexdnJ4h6DTF1GsU2l9phS+QqqrWDVuTo1ilrf6Oqqcu7ydUKzdWePgVhdr7G6/ofk+0sqI+c5UvyBw08oJCzNVwGhRpX+s8PEZvv225kLY4W8bVycnfx6cXruRNKxhsOvdCF2TZ10j7L58QPVZzNPOvM2LDRbXcsPp+qWsbTreudFwvbxvyYHcoBEg0hXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLpZNtSNNRFIcNKunF1rZWBMJqKaSiX9RP1dClsjldA42slW0q5oxZiuHrlqllLayoaJa2jbm1Lc3QUZpKFmmaTMsaRp+kMgjBheSmTL2//kqMBJlFHx44XM7vOfdyuH4A/P6HFQ9zo7cpa/mM6RvCrVDzaVDy6C5JJKv6rwSnIhlFd0R0Up/GwF2KWyl01CTSkM/dQoQRzAurCjRCGnRUUE2FaoSL0HExiYVzsQwcj6RNrSqo4W5Gh6Yc4+1qDDTkIy+GhYK4nTgdz0H2PrrHUJzs71NQn86enPn+CVN9GnzruoYR63mMPbkC59gQzDl7pt7rc9f7FNyUhPY6Bx9gwt4E9zszhWWpdg6ZcS8j3O7zCTuEpnXB+3MNZkUUZu0NmHE8XsL91oSWwiiEc3MeseLrN6woYCWa/Zl8ozyQ3w3Hl2lYy0SwlCUvsVi/Gv2JwITnYPDun2Hy6jYuEzAF1jUBCVYpO6kXo+NuGMeBAgcgfwNkvgBOPgUqXgKvP7rBFvRhE1crp8Vq1noFYSlacVyqGk0D86gbART9BDk9BFnPCNJbCY5aCFL1Cyhtp0RWAp74MsKSrkq9guHyvfMTtmLc1togpZoyqYmyNoITzVTYRJCiXYBIQ3CwFqi83o3JDhX6C0M8XsGIMoQ4OyuRlq1DdZcLkmbgGDX1iIEKNxAcbgTEOqC4ZRaJ6Ub86K7CYFEo8Qo+GBQlQyXBczLZpbloaQ9k1NUz/kD2myBBKxRZpa5hVcQslalatoUxizxAVVrN3CW21bFj9F858Q9dnIRmDyeuybM71uxmH9BNBB1q6zybV7H9s1Ue4PM3/gu/AEbfqfWy2twsAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE4SURBVDjLY/j//z8DJZhh8BhQXl5+oLi4+EBubu6BtLS0A/Hx8Qrh4eEH/Pz8Dri6uh4gaABQcwBQ84eUlJT/QM0TQGJAzQ1AzQtsbGwUiPIC0GYHoOb/kZGR/4GaC/DZjDMMgM6eEBgY+N/Nze0/0GYBkg0A2iwA0uzi4vLfyMhoAskGgJwNtLnA2tr6v4GBwX8FBQUHkHjIlAcKpaueX2jZ/PKDb9fdBgwDQDZDA6wAxNfU1JwAdMF/CQmJD4KCggbJ8x5vAGpU8Gq71dCw/vl/DAOgNh8AORuo2QBo8wGg5gNAzQe4uLgOsLCwGIDUJc56eCFl3qMHZCUk+4prDWGT7l0wz7lkQLIB1kVXApyqry0wybggYJh8wUEv/qwCSQZ4t948kD734f/kWQ/+h028+2HwZCYAjxChYziQ1VwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpZLbT5JhHMdZ1/VP1Cqrtco21kU3zevWVa3NXOuuedVmoU2jUR6CoRwcw1SYHIzJQQxBUXgLXg6Ga+mIwkBBBp08pYGvEOa393nbWC5Xa1389mzPnu/v+/t+nh8PAO9/6p8FBoMBWq0Wvb29UKlU13ihUAikAoEAfD4fKIrC5OQkxsfHMTo6CrvdDovFApPJBL1ez70tl8vI5XKQy+UxXjAYxPb2Nkql0h8rn89Do9G839jYwNzcHGQyWVoikdTzaJrmLrLZLKamppDJZEDu0uk0PB4PkskknE4n98ZqtSIWi3ETicXimgoDr9eLcDgMl8vF9/v9sNlsfCI2Go18EqOvr49PxEqlkj84OMjlb21trao0cLvdiEajHINUKsUxIM5EHI/HQTmUmKcFGHqixezsLHGHUCjcv+sXRkZGUCgUMDExAZY03+FwECf+sNWEhLs2vZq0YMZeZ+zv7ydi/PaNbK6W6elpJBIJEDFxNpvNiIdUWI4bUS7M4/XwFbwKO9DU1LSz5x7odDpCGj09Peju7kafqg1R62UUl50ofujC2oILkaGbENxp2PnrIr21Xdr3xnzRsPLOimL2AehHZ/Ft1YoZbQ1kwutfdzUYGBg4ypJ+rFarCWl0dnZCIxcgTTWjtKQHM38DdMcZbGUasZ4ag6frwveI4tyBSgMWVgs5FQrFLalUuigVtzWwTi+/sOC2Fm9jM3H1ZyXr2ChyZPxKhCTVwkoDdqdb2LXkFiUSiWBM14wM3YXSJzXnvpmsZSNUcyeTqgfz8Snohyc/+0Unju/K3d7eDpFIhJD8/DqzsoDSGoXiEstgyfJL2VDOx5B7YcSz5iOWPQGy460EO04zgbZTDOvEsE6M7/4x5vm9KoYVMdTdwwzVeIjxCg4GfgDxYPxXmKLFvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLbZNrSFNxGIcPCJNBIAQRISRGYQWF0g27OJgQVmQFmpViZHhLaiaGeCtTQ1OW09QtS83NiR2XF0bZZZjKXNYq8kMUBX7qU30JIsM68+ldUpH64eXA4f/83ud9z/krgPJfjbVFSZkZsb5grEXDY9F4WP+C4Stm+i9GLTy/EC4QcIZnvTA1JOWG14Mw4YDRFnBdmEHNL1gcMNamY/TGMJPd8Molh61wvxbpCoPl0F8EQxdh5BoMlMDN1GGsybp/ASNWC88EDgY8rNcENIqu/m8nZ54ee6aRjnQNl4Q5csGy3zwfMNKyiSdNGpM90rFGY7AigoHSZaJbLbo+unN92DOqsR1fxo2kCK4f1FBlijqDRu3OjQqPzRa8HaJnCeoaGSgKp69gmntV0JsPPWfkeR5sh6dp2hdOvdEoIXArDapjzIrovsPXPT+bq1Avun24LyO6Km3HDDQfNoiuiiNLusb1URerp3ILYgYlUW8U0Z3FJ1tW84MvQ0R3BkcOomvw+/2JXq93o+gaiuyxZHbGQMXmEErXg/OsBKz5oojuLN52WUxmcLt6bClB3U/0mnYL/NPj8fygNSnhXHtM4LL7BCk2gUvWzo9WFvlVke1+4O4FRHdGdHWiGxfcrsm5B1N3LLn2bWS0R8+VDSSj+hsp7DtEQsNK5mq3BgNkBNtxk+hmyWLC/nw26bw8z7GDwVet3H3Z/Bvs9VuweArpelpHjnMv22tCtUBZ5FFl0a8sJdqtp2XeIHztkYmrD/K4cj+LCvcpKu9lYxuvIu32btZdUmaXgqPdbncg9eYG7jy34Jw00+Wro2OiVkLOYB2vJMuZQGS58ja8WNEvChDYo6rq9yPWNXP7GsMD8Q0rArvqw+bSO3fSOlZBhmMvEeXK1KpiJXTRZRL4gMAf7XZ72cLgzVW6bye74llbEvpeYN2St1HgNoETl9qLKH9eXRrC6ZyMg9nZ2SF/3v8CIIKyHGFPw/kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADtSURBVBgZBcFBSpVhGAbQ8/18JNEFu1dEW4MbaAFOhDbQPBoE7ag91MhRtYgop9KgIsIfDcQQ3+ftnNEAAACACcCnrzlJ5/zsBQAsAB93fbKzG3kOACwAp+vDbdyrLwDAaJ87ItKHI37eVGUpL7fAJLZaM6Id7bf4DmBSWrtxJ9qiHSgAk/htz8atiAfRNt51KW/G5GzwoZ8oLVpcObDFBSZQIqK1iAgKk/ddHmsRLdpTv6z39SiYlGNtdaS1diVWb/eASWk/PPPHtdg4FAVgocSxuPZqvB6rFgVgUi5FqX9Q+SZ3+QswGgAAAPAfKnCHO1UwyPEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADtSURBVBgZBcFBSpVhGAbQ8/18JNEFu1dEW4MbaAFOhDbQPBoE7ag91MhRtYgop9KgIsIfDcQQ3+ftnNEAAACACcCnrzlJ5/zsBQAsAB93fbKzG3kOACwAp+vDbdyrLwDAaJ87ItKHI37eVGUpL7fAJLZaM6Id7bf4DmBSWrtxJ9qiHSgAk/htz8atiAfRNt51KW/G5GzwoZ8oLVpcObDFBSZQIqK1iAgKk/ddHmsRLdpTv6z39SiYlGNtdaS1diVWb/eASWk/PPPHtdg4FAVgocSxuPZqvB6rFgVgUi5FqX9Q+SZ3+QswGgAAAPAfKnCHO1UwyPEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG2SURBVDjLY/j//z8DJZgsTUdmCkodmSV7eO8EkQayNN8+WPry3YOV/3d2ib0nVbMsUPPrT8/3/n9+Nun/1hbxP6Rolr99sOTtZ6DmD7cLwZrXVUt5kKb5xb7/P17U/b+4xu4/UHMRUYEI1KwK1PwOpvnSOgeQ5vlExQJQs8atA8UfPr+EaL662QWk+diSPDlWnAZsWjufedOaORyHZ0lrgzR/ebkfrPnWbm+Q5odAzYJY0wFQI+OmtXN5N62ZVbJpzYzrB2bIfX5zaxJY86NjYSDN34CaVbEmpN4lK5hWrJonBtS8ddOaeT82rZn9b8vSmn87u6X+393n///gdKP/QM3OOFNi95Jlks0Ll6+bOG/l//OXzv7/8+ny/09PD/zfPD/vHtTmVJxJuXfxErbW+UuyG6Yu+T9t15X/rQt2/k/t2vK/ctKa/0Utk7YuyFeXxpsX6qcvXdswe/3/tpXH/neuv/a/cu7J/9E9V//7Fi57n1w+QY1gZsppnfMvqWb6/8iSyf8Dcyb8907r+R+QO2tbbNHEIKJz46bF5SybFhVZbVqY17BpfqbEpnmpfJvmJfESYwAA/ZPGvT+K5AYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHVSURBVDjLjZPLaiJBFIZNHmJWCeQdMuT1Mi/gYlARBRUkao+abHUhmhgU0QHtARVxJ0bxhvfGa07Of5Iu21yYFPyLrqrz1f+f6rIRkQ3icca6ZF39RxesU1VnAVyuVqvJdrvd73Y7+ky8Tk6n87cVYgVcoXixWNByuVSaTqc0Ho+p1+sJpNvtksvlUhCb3W7/cf/w+BSLxfapVIqSySRlMhnSdZ2GwyHN53OaTCbU7/cFYBgG4RCPx/MKub27+1ur1Xqj0YjW6zWxCyloNBqUSCSkYDab0WAw+BBJeqLFtQpvGoFqAlAEaZomuc0ocAQnnU7nALiJ3uh8whgnttttarVaVCgUpCAUCgnQhMAJ+gG3CsDZa7xh1mw2ZbFSqYgwgsGgbDQhcIWeAHSIoP1pcGeNarUqgFKpJMLw+/0q72azkYhmPAWIRmM6AGbXc7kc5fN5AXi9XgWACwAguLEAojrfsVGv1yV/sVikcrksAIfDIYUQHEAoPgLwT3GdzWYNdBfXh3xwApDP5zsqtkoBwuHwaSAQ+OV2u//F43GKRCLEc5ROpwVoOngvBXj7jU/wwZPPX72DT7RXgDfIT27QEgvfKea9c3m9FsA5IN94zqbw9M9fAEuW+zzj8uLvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFrSURBVDjLpZO/SmNREMZ/uVxFCGy7L+AjpAgoIUW4hZjCCDZCbCQgVlY+gaDNLghibbmy2EgQTCOp8gaWYmFrpbE4Z+azuPe6UVE2ZGBgzoHz/Zk5U5HELFFZ2/uzu9ysHT2OVZUAd+SOuSEXLkdmuITMMHd+zIfn29uH/YtfGydpbal2PLdQTX4uTEVcfR7bMXCSjoOS8ePT1NJfghKAVCYONhenBtg+vCcHkAOwcwOnTRiNRkjCzHD3TwmQZRnmlgNQTOG0mSPX6/V3TJNTmqw9FgAl0tY1nGUwHA4xM2KMbyom1Uii0+ng5oUFz1HPshy50Wh8yTp59tJCWaxfwt9VMRgMiDG+y48Kut3uWz/SGAKQP5ZEq9X6lrmMGGJhofCyclGhvyb6/T4hBEIIxBgJIXyaQq/XQ6WC8vJqHSCh3W7/1z/wQlH6cHd/vvM7bLgZbv86biWzhNyQFXvhTsF5DlCZdRsTZoxXOgYqlSAcLRcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLfVPRS1NhFP/du+suJLFN3VRcrQjZQxor7DECwSh6CHHgMgNB6kF871+IHtxeJTFiENFLVA/hy9yLYLWtLbSRFGbqbJtt624T57Z7O+fbEozqG+c7996d8/v9zjnfJxmGgf+tWCz2qFarjVerVYU8yAs7ODhg/1T6F0AikbBQwpzVavWq6jFUKAm6DhFNOTabFQsLr6H8LTkej1/l5I6Ojp7W1lasf90Gs+u6Ad3QCchAncAqlQqUZDJZqdfrZjIR9Fsm+3w+/6dk5HJ5AtIxdOWa+KZwstN5EoXCT8Fu8M9glYYwfiFOtNksePXyBc72nRfs/J9QwKicfG8uRmESJIn2xiY8W1HT8ODuRcH4PrYMVtt9/UZDAUtlVg60tbVDlmVIZHLT+JkBDL3B2HduQDwbzR7IrIDeCUCGyWQ6YnLT8+LmMWP2+DrmCwFRllBQbY5HkiWYFOWQXXgugXxjcg3G+U8PUS7WhAoBwBs3hEtgxhM2E7TUKtTKNroc7fjyLQ3VaEepvIf9/X2M1yeRKWWRiEcbTWQAuVmnVsjj848PGBrowejEbZTLZZzZ2oIRWsKb5SWMjY1BVVXs7OwgGo0ik8k0AFpaFNyf9CASiSCZNOHS4CBm/AF8XF1Fd3cX+vv7RZLf7xe+t9eNkZFhbGxsQCEZM+Fw6DIDLS4uOt1ut4PnefqUC5F3b+Hz+ejY2lAqlZDNZjE7O4tR3y3UqnuwWCw4che8Xu8zh8MxfGdqSnnyOEgXKQKFGsvHmReXxGOnGExPTyMYDNYPAQKBgF3TtAzL8ng86HE66VgB6XQaa2tronaXy4XOzk4GyW1ubsrhcPj74WWiEnI0iRjdvguhUAh2ux1ms1lMcHd3d4L8drFYfL6ystJCZaupVCpLim7+AjUfrZnK+fliAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIySURBVDjLpdNdTFJhGAdw120X3XXR5kU33fQxS0+5Yl24lFnQKsvl2nJLM0fmXLNASceKgAv8yBGgJPEhkcIShEEYKuKU1IxcTm0WUDiJ1Fpbm1tZ/855186oLS/k4r/34n2e355z9rwZADLSyX8vCm+WU6fqT38+21S4ztPy1rmK4lXF5Ry//Hwm6LjoHN8QOGOgUOe9iGByCJ7FJ5BMX0ORiosfa1/wTHqQIAQ4VCHbwpXL53iWHPAe7QefJAvq4G2MLY9gcnUcQ0kf/AkvAm4DPvhl6Lq+jwEuESD7inLrCWXJ10BygC56SgpHlofxfGUMjvhjDH7sR1e0Hfq3VmiqKSwOt6CldCcD7CDA3qrOXfRo37tjRojC5SRt81KYIxp4lxx0+mCOaqEON8NeR2Ght5ppBvsTT9Yqai60F/y0vTehPlyBW+FKAliiOvQnPGQKY+Q+TOOdCCjzEPU2/A1wxIaH3a8N0C20ouGVAI3TVVC9kcEa0yO0MgrfkptM0mprwqypGKG2AgaYYYEsqfGFI94D4csy1E6VonlWgt64Fb6EG7aYGTdGK1ETEv6yu+wEcDQeZoA7LHBEJfxkiejQQxczccZtEE8JwHNRKLMK1rRzng6R3xU8kLkdM/oidAh2M8BRFsi7W/Iu38wBty8bXCcdSy6OyfjfUneCbjj34OoeMkHq92+4SP8A95wSTlrA/ISGnxZAmgeV+ewKbwqwi3MZQLQZQP3nFTLnttS73y9CuFIqo/imAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALhSURBVDjLdVNLSBtRFL1vZpKYTCQdUZNUMGahJbTF0roxG7NoqXQZKG6EQrV0Z6kLF0pDDSguxO7aRejKLLW7brRgiSWKVcFgq2JDSUJsYmKi0fw0M+m9Aw0KNnBnwnv3nHPPeW9YtVqF637r6+sDlUqlX5ZluLi48Ltcro/X9bHLBKFQyIGAONYZghOtra1NtL+6upoyGAwWXDMiWYvb7d75h+EugX0I3MamPWwyY8nlchmotFqtTGvn5+d7WNt+v993hWBra2tMFMVBm83GSZJESvtY5lKpBMViERRFIcJ93LegFa6xsXFwenp6jLACPZCVSyQS5IWRotlsFjmOI++qisPhoHWR9iKRCAQCgSqSc1cyCAaDEyaTaZRUKbiTkxOIRqOg0WjAbreDIAgqYaFQILuTIyMj6gQMA9rAcZuxRIvFIuXzechms0S4gv89Op0O0Ja3q6urm8TQKiwtLWWRLI+YQwEf99rb27mjoyNVlRSTySSgBc/U1NQXUvH5fLS2iAJAfU6nU0Kb0szMzE2OxiJvSKSOTipGoxHQTu14qYf2MUy1BzMDmpTssNnZ2Y10Ot2MY4qdnZ0SpY7HRj5XEOghMJb3AYt3K2ufoJKIwZm2TtnTtp2uaTrCtRDn5+cnrFbrKClRYHQKsVhMVWxJboIpHoQOlxt09ttQDC3Az+VFObu781olmJube4Mq4zgBOz4+ViegohOhsfPv+sD57BXow18B4t8ATDcgLdhgc2H5t3oPMAMFA2J6vZ4uFYTD4TxOYOjp6WFEAOkDqLPYAZ4M13IR3lqBV1hbzYLX6/VlMpnnGM5hQ0PD/fr6+s3e3l66lZAcfyQ/fNrHi9HPUC4moID9pzkedsMQr30LHo/nBb7u4Oi3MIMkKvO5XA5SqRREpLvlHyuByp+SHnK8BrIZBr/iTEbp9+x/n/PQ0NAAgvvpiBlj/mHN96Z85uAlLzObzFfjiPrweKEy+RdV4845vRqFoQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLfVLPTxNREP52C+mvbSKE2FYkkIiJioo9KMT0QKImnAwHPXjk1IPoxUsPaoiaSDw0MTEe/Cs4mWhVLGCDlWgwFCMJiYeCSGstu9ttt/vLeS9dLBCc5MvMezvzzcz3VnAcB8ys2xMOTp2GmU7DMU04lgXbMGA3ffvoKJw37xF8+0pAi7W5QWuR01Jos3vXNwzstX8EhslJbF3nyZyI+WbcdgCBuENAHx0qRm8vLEZCYN6q1yH098PWapTT+M8EDeNBvV6/X752HWpIQt3jgcFGVxT4Sr8RnplFiHIOJFi7d7fgaJra2d0t+ehs2zZcgYkYnz0eVbs8Urixh0BgSSsrK0OmaU6Hw+GIQh1rtRonYBBFEV6vlyOTyWzquj6WSCQ+7tKARk12dXVFZFmGpmmw6AUYGAFbQ1VVfh+LxSI0TXKfiJQUZ5OwziZTvdmdwSWrVqsIBoOgCeL7Vshms1ZPT49YLBZ5EVo0cM/5nzl8L36BrFWgaNtKRS0/efl46REXsUHP4ya3ejdeWs+iJH7DSPwCjnYex0x+OrSwPPdweOLIIb4CjVXe+aWbu7vjM//pxzucOzEIS7QwGL0CSzAwfOYiS7/pEsyz/ZnSbtdWlORfaBckXD15ize5c+kFjh0+y0Kf2HznqcXFxU2fz4dAILBLA0EQIKsV5DeymEqP829Tr8extvWVl3omJycxMDCwnsvl5NXV1fPRaFTq6OiAJElcdb/fj4r8h3SYRV+4DyWtgO3qFj4szUGu6E8Fd3dmqVRqiNZJkqhxQicTl564TJhfRlrRBXWM0kIEhfB84dlG8i8v6tBqmkd4owAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGSSURBVDjLlZO7S8NQGMVb/weRgoI4iIuCVuoiuBfBwUFwaosPqJODk5OLBVutSlMsuDg4OVWkYO3o4Cha/BNS+qLP9K3HnEtT07f94HATcs8v33eSawBgUGtSlVmVZYimVY3Ro8nQBJgrlUq2Xq9/NxoN9JL6HD6f76oTogEsNBeLRSiK0lIul0Mmk0E8HheQWCwGSZLaICwjAdxQLpdRrVbFShUKBWSzWSQSCQEolUrgSwKBgIB0AWjWRAAN+XweyWSya6RmJsY2gDpGawOvObc2SiqVEp3Istwf0Ck9hJ0wj3Q6/X+AHsJxmAlBIwGoWq0mciGEGhnALkJvDzgK2LB3sQH7mRWrjtmbgQCaNAVf73HyYMdTVMK7HIb3xYkt7zxWDkyeoQC273BbEfy8RPDrGixPZBfeyD4B5aFfgVo/XkQoegt9PX5IBEAP+OmXwdrhDNxhB1xhmzC7nm1/HTR/x2U1ZUXd3PMw+YOn2PTM4Ty8I97MlfcigyZgipBBR3lhe/zO4jQpbJvrkn3CT+8vh7avwsYhJlIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHYSURBVDjLjZPLSxtRFMa1f0UXCl0VN66igg80kQZtsLiUWhe14MKFIFHbIEF8BNFFKYVkkT9GKFJooXTToq2gLkQT82oyjzuvO8nXe65mmIkRHfg2c+/3O+d8l9MBoIMkvi6hkNDAA3om9MTz+QAhy7JqnPO667poJ3GOdDr92Q/xAwbIrOs6GGOeFEVBtVpFoVCQkHw+j0wm40Ga5k4C0AXTNGHbNsxv32Hu7YNtp1Cr1VAsFiXAMAxQkWw2ewNpBZDZPjiA+XYebioJ9nIKqqqiVCrdGUlm0gpwzs5hzrwGX1uGMTMLtvrBG6VcLstOcrncPQDOYW3tgCffw0isg4uqnP6J8AhCnVAelUqlPYD/PYE59wZ67BXsL4fg/6ryYhNC82uaJkFtAdbHT+CJFbgbCagjYbDNlDev4zgyH4KQ7gA2n/fMUWWeiAtzBMrgWABAXciAhaibAKAYnXyaGx3/5cSXoIajsH/8hHP8B87llTSSqAMSmQMAfSL2VYtET5WRCLcW3oHt7Aaq+s1+eQAt/EJXh8MNe2kRSmwa/LoQeOsmpFUeQB0ag9I/jIve0G/n6Lhx3x60Ud3L4DbIPhEQo4PHmMVdTW6vD9BNkEesc1O0+t3/AXamvvzW7S+UAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGGSURBVDjLxZO/alRBFMZ/c6MmomKhBLv4AIJiYekjCFopKSzyCnkGW99BbMTOQhsrBcFKsLCJhRYBNYYsWXNn5s6Z81nMGu+626XwFDOHge/PmfkmSOIk1XHCOvWn0ZdXsulPpAFZQbUgG5BlVDOURLWELEJJXLz3JMwTVOP0tfsLChIEmC2A4OD5g0UHebLLWQl5bAcBJAcC4i9D6FZRiUtGMMOHb9j0PXhGGtruA3hCnpBHzly+i5d+CUHNgCFPoDIDjcEJeQ8yNCxxYL/2m+U55Yh7mpFE8NhE7GiRwGsi7bzF8meoA8io6ZC1jfWm7AnVCPLld1DjPna4y/kbm4Djw1emH56h2oN6VFNzIKOOCI6DFCTKj48cvN6m9jtQC64yAjcXrjrnoBu/94VbDymTPSZvHs/A6RgsT0gZqC1M/46AJcJKx7mbW8RPL5m+e8HKpeusXbmNI1AFDHBkmZHzFpO9p3fkJSNLqEQsfgc6uhCQJRgy7qlF2ypXHynMEfy33/gbubc6XKsT2+MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH9SURBVDjLpZM9aFRREIW/ue9FF2IULDQuaYIGtTBRWGFJAgqSUsEmjZVgo4mFWBiwVVjBHwjGwsbCShExIAghoEUMARGNGFJYhIC7isXGRbORvJ0Zi/dWY5fFCwOnuHz3nDsz4u78z5HTlx6NDB4v3KjWvd0dMMPNUFPcHHPDVTF3XBU1Y/uWZHVxsXzl6e3hibgwUBhvy7WH3bmWHm5fres4MBHXEw/16s+Wra8lHgBiV+f6mX0tA86VlkkBbgCsNxQH3Bw1MBwzR83Qhqflxro63Z0dqGkKIOuCBEHc8SC4OGJCCIJIQESRyIksEDfS+9bIAE1SAFwEBCIHEzBzIocgEbGAiqMhdWxqWQTL5kAE3P8BiYCrYwIuQBAii1JAM0JTpAxJxQaQxUJsxvTbSV7NP6e2ukLSSFjT/cBJ4kaS/HEggLsjIvgG0Is3T3hfnuLYwFG6dvbwcuEZcx+nKY7mbwbPskSAZC4k00GEIMLk64ccPtCHBqVvzxAqCcVD/QAjwcz+Rsg+M4gQbahv37/QJts4dfAiAJdP3Gfvrl6AXFxeWn58/k4ybKqYGqqKmaFJgplh7lRrKyxUZpmvzDA29IDS1Fly0VaAX7KZbSyO5q91de+42t87SE/nET59fcfshxk+L9VuyWbXuTiaLwEXgA7gB3Bv7m5l7Dd8kw6XoJxL0wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAILSURBVDjLrVM7ixNhFB2LFKJV+v0L24nabIogtmItin9ALBS3tXNt3CWgVlpMsAgrWRexkCSTd0KimYS8Q94vsnlrikAec7z34hSibON+cJjXPeee79xvFADK/0C5UIFyubxLUEulklooFNR8Pn+Sy+VOstmsmslk1HQ6raZSqd2/BCqVyh4RW/V6HePxGJPJRDCdTuU6Go0EZ2dnIFEkk8lWIpHYEwEi24lszGYzjHptfPvsgvbuEJ9ePMPH548Epwf70N4f4fuXY6rpYDgcIh6PG7FYzM62dSav12spfHXn2rk4fbmPxWIhIpFIRFfIzk+v1wvDMLAhka9vD+B88gCv79lxdPeG4M39W/jw9KF8q+oJzOdz2VIoFPqhOJ3O7mAwwHK5xGazketqtRKws3+Bto1arYZgMFhTHA6HC78XW6P0wYJmcAy2y+9arRYoPCHTpOD3+w8Vm8122xTgQhobqtUqms0mGo0GeDLckdOnESIcDqPdbnN3aJp2VbFarTfN7kxmUqfTkSLuyM8syB3pLMj7fr8Pn883kTFaLJbr1EHfbrdilwm9Xg/dblfABNMF3/NWisUiKPjHIkDrMou43e4CF+m6LkUMU4idcFc+WJwRkbU/TiKtS4QrgUDgmGZrcEcelXkKORsWJ9sGkV3n/kzRaHSHgtrQjEGCHJSAyBuPx7Nz4X/jL/ZqKRurPTy6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKdSURBVDjLbZNNTFxVFMd/781jICiCCFoSC5YgGGAQG/E7EhckJFqMe5suNI27Ji7r3qXbLk2rSRuFhU1asESgxvoRm5qQoIAikECMdcIMAzO8++6957h4MyjKSW5OcnPv7/z/554bqCoTFz4eUNXPFQooLymKKqBKmvRwibdYs7t++8oH3QAR6YHzCk/l+juD+3/tolq7BClMUIHibpkDo4hGp6hGCoBXc/0ng9eGTtLZkUNTAqKSVpW0entLI40NES+/+R5HAKg+nBvoYvrubxQKFVQEAKmpUEVFKZYqxCbh31G1QBBlI54c7KLnsVa8B1VBRPFe8SI4UQ5iy2eTC8cBFO+FzfslsmEdcRxjTYKTdN+RIarL0vZAPaJ6DAAQLzhvMcbw1nM9qfxUHarK5flfeOJgkovPrjJZKfxfgfWCtw7nQz5d+BljHc4r3gmOgCE3zzODJZr73+fEIx9x78Pe8dMXV2cOAc4JibUkAhrWE9TVQahIIPTG84z1rNLcN0Z5c5rWR/vIdJqp6Qvd79aaiHUeFzuM9TgvWC/VrHSGv9KSex1fWaKh7XFiv0XH6HCjKxcu/aPAC9ZYjPWpHa8kVcifrhVb2CDM5AnCMtmH8hBX2P/DZI5YsEkKcKIkTmhz64w/+CVNTYq4bUIpQtiE2oTlayvx0krpfFQbmMR5nHEYK1gR+twPjETf8PQrY2hyi8DvsXjzgKRQJBDL1kbp7bNX16cOe+C94hOfWhDhheafGB49Q5K/RBQ1sziXMLv3Bl9vRuTX7mzdu/3t1JFnJAwZeX4IDQK8V7JkCTLbZOrbWby1z1flCXbaX8Ss3aVYcXP/nYPZmRvfv5P+vOr8n7CY/B1KO4ZPlvtZtQHKd6Bc//3HL87VAH8DX5rXmGdCnY8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI2SURBVDjLhVPfa1JRHPepnnrrT/Al6KG/YG9RD0EPFXsJCkaMHjMKIamVNQhqQW3LFqtZq9Yg1KXVcBhdZ9ZDgyblT9y8Z1fdvXo3Ua9D1E/ne6c3bUIHPtxzPr++5164JgCmDsJ+0/FI2BTu5v6n9xgSEZNWLh0BN9r6FfTTewyx1f3QqsOIre5r9ZvY0aM/d/U9Be+WHiO4PIg5n70mCEIizgM0MRQ4W+Bn93PPOJY+n8H4G6vUU8BFM8fYtL8I17ctTH7IQ9M0GBP5s1AowP5WguOjjIsTSYUyRsFXweNkjOHJooL5oIoJrwJazve7E2c8o/r52ksJDxc2YZlKgzJGQVAINPjC6y8qN8jwr5T0wJ35LByfZNx4JelnhyuPq9MMroCMZWFxxygICb5WvV7Hv+v6rIRH3k1YXzCDazabkGUZye+2hlHAVizNRDwKeo3Oohs53DlYnzEsCEWdU1UV8dhv5NM+KOFDfwu2QgcatcxtpJJR/WPlcjkwcQ0bG0wHFSuKgvW1FEqZpyAvZYyC7MjhVmFmGJXUXShMQEmcRU0cNaCJ97HN5lAV70FL2UFeyhgFRe/BhvzgHCTLKSiTQ9j2XkLlh003E2hPHGnkIS9lul9hp5a5hVLgCpSpC8jaBiEOncD66aM6aE8caeQhL2W6C5zlXye5cLPn6n3BPeSlTHeBmWOMo1aOHEMlfh5a+jI3j+igPXGkkaftNe/5Fzg5wGHjcHMkOKptJNocaQPdmT/bXw90YXDpsgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNdaFJhGMcX9EExPVNn3Xcd3Ui3urnJbK4guiioiyjKPFm2QRSINZl2RDuprTZNaTLQ06ajizVhDILW+tpmYxXW6mKNXTSKGS2Xm+foP18vBjLRoosfLzzv//nxPC+8NQBq/oeyRfpAvYXVStMeXR2cWgoWtWT1hEJu+yuBXiG92nNYkg8cl8JfoPuoBEwrhXalOK/bL7NWFXRrqSSrEYNR1YJRi8DoJLC3yXGlUYqTCupnVQGjrIVLU4/RrmN4F7Ph85gfj90GXNDshaOByvdfO7SjqiCzMIVfk31YnuKwnBjE0qswUvMJuNQU3obo7RUFDpUol5qMIDUTQ3p2sEAU36ajSCU4uJrqhIor7NGFt9mVYv514CLWpoPIvH9U5PdMGM/vnoKjSb4m1wR2lhXIW7nibp2q3eCffMK4z1gCP/YB5uZ9IBmZ2rerRCA7OLCFnG/OMPCdbUAu/hHCracQrCMQLEMQbnDI9Y4g2HEEJEOyVGPv1pIJyEV2dBzpoQkIwWfgncPgLRyynWEIbBRZsw+CNwrhXmhDsiEgIxb3vd2HOdqNjDOGdWsY39vv4IvJidXrfqx3sJg7bUOmJ1LMkp5NghVXAMl2LxZNbnw1schc9mDF6MAizWBJb0fyEosfN/2bBS/uGxOkED9nz0/oHeDNkbKQ0eP6LoFkCz2zJW8w/9AgCrXQHq7NNEyC5ehvPv/yQQvtXRgwiCr+xn/hD7c3w4UciyonAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVBgZpcHda45xGMDx7/3yzB6ebc3ayJS8rBDTkixRMsoByoE/wIkDcbQTckJRTnYmB07kiPIaRa28JM2iaLLJS0mYtzLbnvu597t/1++6TCknitrnE5kZMxEzQzEzlB679M34C1HFe8WJ4D3kYuROcF7ICyPzSp4LKdPWd5T5wxA1QjBEDQmGF8Or4r3hRfFBKUQ5c+cLKb9N1ISgIGpIUIpgeFG8GIUoTgKFN5wohVfmVlLyqpAybfuaCv1Dk/SsrjBeC1wYGGNPdzPlughjmsHQuxr3RsbZu3keTpRz976iuSd2ItSc0lxJUIVZpZi8CJTrIvpufCICjl58z6LWOla2l2lvqWNxWz25VzQT4swJD99krFs6m6uPx6gvRezb2kqaRFRdwIDMBVRh4/JGfpmcCjgfsCyQVnNjy8oG7g5PsK2zkZpTTlz5yOHd7WRTATPIpgKDI9d59OIm1XyMQgqqsgl1XaTjeYEPxv2RCdYumYMZVJ1gZmQugEEk/bz89oQtm9axcG4Hd4evMfj8PC3zXhH1HB+xnV3NfPjuKLziRHHeKERxohSiNGkve3ZshyRm14qD9N3eR0LM+cu3iCcmhbwINNQnNMxOaConNFcSWioJrZWUtsYSP6pfKEUVdq04yC+9PWdY2tZJFHvS77nn1M2PmDfUKVYI5hVzAQrFgrJs1RjDowMMjT7g0LaznOzfS30yC9MSkZnxL90HFhxfuLjpyIbOjXTM7+L156cMPHvAh7fjfZGZ8T+6Dyw4CewHGoBJ4PTgqdFDPwHX2V3XB5aEeQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHbSURBVDjLdVK9qhpREJ7j7vrLGlhRiaCFFikkT2BxQZs8Q7pgJ9rcVuIj3MYHSJdXUAj+FDa2wSaIIihcJVUs1t91c75z7yyLd+8Hw5k5M9/MnDkjXNclYDqdDhzHqV6vV5In4fTL5XLx68N6vV4DTyCBJD/EYrFxsVik8/lM9+AigGEYNBqNaL1e15rN5lDHpczasSyLttstRSIRj+QnQt9sNpRMJqlUKtFyuWzL66GYTCYP8Xh8XCgUaL/fqw5Y0C6IQgjSNE1VN02TEokEDQYDWq1WNV2+p5NOp9UbERSNRpVwdX8nOG+3Gx2PRyqXyzSfz9s6qhwOB9rtdmTbtkeAcAcgASgCW9d1ymQyyo8EVVSezWaqVSbjCaFQyEsAMvsBDFzeVXX+nnw+T6fTSQVDkBQ+fCnPATZ8sJmn87/LqaqKnIBnwglgc0cAYlQCOFKpFFUqFS+Yg2BzMMh+fy6X8xL0e73eF27pbuPebCRvKU4pfeFfFkar1focDod/Z7NZZcutu3W7XY0CIBqNhhvkIC1inzVLraXh/LOFY5tBYWqVsZr3WCwW8WK1ofTNr+/mOzEvCaDc469buHywHYN1GWQEPiFoBsDHr3+e5PHt1fzx/PPTY1Dcf079mla6MmR7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLjZNLSJRRFMd/3/eN6eSDGCeLHkLRy8SoTSZhUfRclVC4Ep1FLcJ9QQUSEUHQqqCCmFXELCrooWFFBRVB4WMi7YVjipqJiWOT4/fde26LL2ea2njhLi6c87+/c/7nWMYYurq69k09vtymxodQown2RD9UM7fz3ers7NygtX4lXrrQQTN25Si7rr+fU3YgEKgOxGKxDzU1Nc0FPa3RolLAgOd5OYEigjEm5x0MBn2R+vr6dVrrS1LWgIMi+fzpfz/Zto2IZN6WZWUEMwTz4q3R4jID4gcAnLk1iggY8BMEBGg5FM6WkSFY2IBjKSafPMsIiEDl8uAfAf9296cA0FrnEgS6H0RLwgZjTFbAGN71/0IAIwYjGjF+D2zbFoCsC2660LEUQxeOsD/WgzEmp+4Tt/eSmkly/mA7jpWHiKRCodD2LEHH/WjxQp9zNvnkzW+IaLQ2pPJmKA9XcCxWy8UDj8jPCxYCzl89aMRBMdHuu3D81m5MnsIVhWsplixYRcXiaqbSKSKxzZzddgfHcewMgf3mXrSkzCDa77gSl92VjWgjaNEIhuHJQaqWbeWnO01z+w7yl+r5fxE0YaMYb3uKZVmklYs2wtfxz3iiUOLhaY/kzBQbl9fy0/vFROTFoyzB67vRojIB3x3SKo3SikUl5SjRaCOMTA4QKlpMx+BLekc+MvqMxhwXbBT9pyPUtX/h8LXVpF0XV1zSymVleD1bVu7h7cAr4sNxbjQ9Ye2iSn8XlFJVm3of9s0PBTEGEokE53a0opTK7EHkwRYsO0h8IE5L7VV+9CX9sZ6d6cia0u3lRfN2DqW8weufxuP/7sOKUzzXxikYa9N10x0Mz67zb4UIk7Pj5YsYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjLpZNLSJRhFIaff+Y3x3S8pKmjpBlRSKQGQUTbLhBCmxbSrk1CiyCJEAJxUe6qVQURtGvTJooQNLtYEbVKoVDJMUrFS6iMzs35zjkt/indBEIfnM23eM/Ded/XMzP+5/kvbhz5p4KqoWqIGk4UEcWJ4pziJPjzAerbmlERMMPMwEIYYAJmhqmiTlERVA0UjBAjn0YCARXHyvQ86eXEljZHy0qpqavdIDAx0ssJBo9/xIxgu20aoKfuMiVFDYDysPc+O6urEVFCAJq/wlDqLkOpO2S9cUTB5Scn8GGpFU2PYrqOE8XyNwgFzAH2ofIpst5jXiY7yekKTiDnwDkYzZ6gf+EoibVJRBRVELU8QV7AieNwtBURYThzhhwTgYjA+Fo9T1Yu0BV/8JdA1fBVDXUSHExzfEmM0l5fxWwyQzLcztJqGxV6lp8Lx1jL1KIuTIta4MpmASdKa9UvDlbGqIvspaVMUWvhR3QC5REn47eIvYnjzy6T8UPIVCQIkqihzhBRagqbUFOcraOmGEos0kDlqwn2TITY39FNYdMB0qMDfH07SHV6Ed+JomJEikvI3HyGSSAWeB5koGB2hn2X+ohMvobh62wvK2d3YyNz38bxRRTMo6yiitLSHagGljafu0Jyuh9QJq/eJlLbBKe7NjrQG6MopwFBfGzsb7b/bB7pPh8QqNHse6Q+P6f46UWy6TlSwGoiTKYgjLeVNr7rqO/dFi2+tqvS+X5omtVFx/f5sOQy1uNttc7vOxq6k0uznWHxGiVsMwb3Tg24vt9oKbFtb+0ZHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZNNaBNBFMffJNumS61t1cRYUYwGvHgRj+pNUYmkh54UPFnEgrESaA0oloKC1UuEKmoRD6HgoSIRK1ooUhUMoYpaBWvS9IvmUCMFYbs7Xzu+bU2s9kOwC392Zva937z57xuilILVPK5/BbSkmtzR16di/w0QXNzhlB9f7jtZ6QjNA41xf8WmZoTAyHTuG6fsLbX4c2axh4+b+iZXBJx9cfLyxgr/hR01QZC2BIMZUPjxHfKFPAyPfk0ipGPgYuqNtlTy+cR4iG1g5czFgEkGM+YMaO5y0DwabNu8HUCR+vS7Qdgd3RVZ5EFrYlyX0o7fPpJozeazne9HP4BlUchMZIDimwoK671eqPPX1VOTNiyqAJNbUEFn3H3sUeRo54E1Q8Of9mDJ/Xj+hv17921xKqmurQFG+aE/ANH7uYC0VQwBpTXTsBoxOfaqLX0FS4anvc/OcSZAoKSQh8ExsahIVybZ0TOmTt/6opx5zyBLogILY/5WyYNIVza0rtIdLiP4739XELYVfH6QZpe6U0xftpHO3M2gcTLuwZlhyRIAk2Gnj+i+KtIupPp476UVWhLgGOerKgtyboPFbCh6gH7MQao9BLbWkuBanTy52W8mb/TNBooADc87Zxx2FJiYjDstAAAwoXANwO0i4K0kzo7hsYI4eK3XuIp51zUsN44DPTc9+2tHlD3fnQ5saAqh9vy4KATrGNuOYSfIaq/zT68cX09iiVY0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJMSURBVBgZpcFLiI1hGMDx//ed78yZ4RzTzGHcRpEZUpqajbsmaYpcdpRYYGEhbGwUG2VhMwslScnCwoZSChE2khW5LliImDFk3M4333nf93mfB6VsFDW/X2JmTETKBKVMUHb04kfjL0SVEBQnQghQiFE4wQWh8EYelKIQMn5a2tvGH4aoEaMhakg0ghhBlRCMIEqIihflzO1RMn77Ni5EBVFDouKjEUQJYnhRnER8MJwoPiid1YyiIaT8pGYM9tVwIbKhv8bW5R3sWNnJzoE6KxdWackStq2YSmtLwu41XTRcZNxFtAikToQgSiVLcEGplFNO3/xAksDQlRG662UWzKwwu7OFyS0pc6dVyJuRIiiaC1nuhKYolXLC9tV1sjQhd4KZ0XARVVjaW8WAZlAazci4j7iQYnkkaxSG80rhlRNXRzmwfjrjTcWAvBmJZjx5XfBm5DqjI9c4cvYLk0OTsU8DqOsn+1p4mr4NM8idYAYNJ5hB7iKqxrmb5+mZ84DBgSV0d/Zy59ll7j+9QH36C5K1x57bpv4O3o45fFCcKC4YXhQnihelXQ+yZeM6KKVsXrSfoVt7KJFy4dI10m/fhcJHaq0lapNKtLeV6KiWqFdLTKtmdE0p86UxSjmpsnnRfn45uPYM87v6SNJANlYETl59hwVDnWJesKCYi+AVi0rP4s88G77Ho+G7HBo8x/Ebu2gtVTAtk5gZ/7Js36xj3fPaD6/oW0XvjH5evn/Ivcd3efvq61BiZvyPZftmHQf2AjXgO3Dq/snhQz8A9uxhvZij7OIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIDSURBVDjLpZJPSJRRFMXPN46GWqRjZjkOhILU2lXUotzYqglmEQURZLtQbFEK2VLIlQVu2kXQIsOghDaFZS1yI4Vhf3CcwWSgNlmRY3z3nPu10GxEF2UXHo97ee/AuecXRFGE/6nYvzw+M5LpO3XnRNmWBRjqNI03S2dBqYXuZ50pp2ckdYhqE1VPCjKBFBprknAKc4XcjbELj3vWCXQ/7TwoqTdZ1ZSurUygurwa8VgcigS5w11gJJiIN9lpZD/ODTy59KI/DgBd4+dSLu/dnziQbqjeg2UWEQvKQBe0ejzSWm9G0FgBAHEAEJVJbm9K11ftBp0ISWQ/v0P+Ux5rFoxo3JWEJMzN54Ynrry8XCrQsXNbDYq2BMkx/nZ8QdToyNmxi6ULax88PC3j1ET/ZNe6FEi1VZZXIUAMhS8F0Ljh80oKvGvG86WzOADQCIoIggAmgiE3jfH51cmBTUFiqKnFH4tYtiISO+pgxsyx60eH/oaNIIoinLx9vKexNjnUsrcFihxLy0uYnZ9FfiEP2h8ORK30EmaGPwRrFsw4mivkjlSUVaTrEw0IEaK1uRXN+1rgkeDuoAsOh9zx8N7Yegv3Ox8tWMjBV+9fP5jJzuDb1+8o/iyu7EOCuaBI4CpQojZHuf3aoRRNGZIdMrWRqpMpJgqS4/ftcuRuzQcbBLZSvwCJx2jrjVn/uwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALTSURBVBgZBcFNaNdlHADwz/P8fpvbfJnO+M+XtKz1ovSqSEaJIUWRXoQKIoI81MU6dAgPQXQphS4dIiOQhMp7h4hAD84iArVSK8FU0NRtbro52+b2/z3fPp8UEZ77YPCN7kXzXsvJBnQhgYRIRNEu5dz4WBxON2+8d3Tf9lmAFBFe/Pjno1+/s2FtzmlxUAkAIiBcuzXn4LFxQxdvT/11+kzfT/u234YacpUe6KyrxX+OqHJKJKLQRNFuh+m5xjP3LfTE/bVfy7WeKA/e2PL290uOfLbtdoaU0oKIqDqrrCNTJ6pMlUiJLKFYvqjT9o3L3T0wr7teNP8ryBAkyMiJnJKckpySnJJcJVevT7trwZx1fcmbTy5VdVQvQw0QQV2RJJGS0gQ5qSs6I/tnLMyWtlJmbb5nnlTnNtQQQaBOWQiBlJOEKESVTV0aFHOzuga2CpmUQQ2BgpRIkkDgv9GLJkcuWLDyUV3zOpWOWpm+7sih4zYt1QEZSpsICgIRgTBx9azVq+40ffWkVqtlxYoV2sOnDQzcq+fm39WePXt6aiglRARBCAA9favMzMwYHR01ODiou7vbunXrTE1NGc2rm092vzqVoSk0QRSaQlM4f/wHnWVSq9Vy9uxZ23a+b8sr7/r38hXLli2z9aHF1d69e6OG0g4lwoe/zUpCSeyYmFBVlf7+fq1Wy0e/zynYWpLJyUmXLl1y/vx5NbTbjaZh+aIO61tZCabbL7l89bS+oSFr1qzx/LlvtUuxZvVKY2NjDp+82fTSqqF9u5R2KTHbSL9cbpQUQuXpK6foXWtoaMj6xx4xMzPjwoULent79eeLVerunqhhbqYZnt9Z3bH74dn5EZEFBcfGlzpw4ICdb+1y5tQJw8PDNj21Ob784vM03iy59d03nzYpImzcdWhXey52pJQeD9EDIAiE8OzCH7tGRkac7Hp9vJRyInPwj/0v7P8f4TBXams7dlUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGkSURBVDjLxZPPi81RGMY/59zvN1chC0lSViZJzJQk/4BYTWNBkyhZsrDCgprl7JQFpSxsbEZdG5qFJjvKRLFTU4MsrGjouvf9ZXHOnTKyugtvnc6PzvnU8zzvSRHBOJUZs8YGNCxM/UODgziogDrIENTKmQHDgAE0AOyb3fDW/xzmYFbWYnWt8OJRBQCsfQF3wuoFVcIURAmVshchVEGFdud+6McIEBABR26Q2q3E23uEGfnwJdA+9uwq+eRtUttFl+aJT29ApAJUi7ZwaLcRL+dIx26RbIC/vgvm5KOXQX4iT67QOXQWXV1eB2RECsADcgNb9oIr8f0z+fh18tRF/MMiaccEzen7+MdX4EUigyDT/1X0uQOQDl4gVhZhuIY9niUI8oEZ5MEp/H2P5sRcMVOtAgZaaO7ggi/fIU1Mw4+vdGYekrrbsXcLtOd7dCbPoE9vVoCCQIr53cHkOYJvxXVVQorTIdX9UQqqYEaYsWnzHug9p6EfIEKyLmkUoVnJPqq52aFjkAIaL4nVSnFtVyCx3llYwHDDrJTu87+bNv333/gbANMZYUMccT8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLjZNPSFRRFMZ/9707o0SOOshM0x/JFtUmisKBooVEEUThsgi3KS0CN0G2lagWEYkSUdsRWgSFG9sVFAW1EIwQqRZiiDOZY804b967954249hUpB98y/PjO5zzKREBQCm1E0gDPv9XHpgTEQeAiFCDHAmCoBhFkTXGyL8cBIGMjo7eA3YDnog0ALJRFNlSqSTlcrnulZUVWV5elsXFRTHGyMLCgoyNjdUhanCyV9ayOSeIdTgnOCtY43DWYY3j9ulxkskkYRjinCOXy40MDAzcZXCyVzZS38MeKRQKf60EZPXSXInL9y+wLZMkCMs0RR28mJ2grSWJEo+lH9/IpNPE43GKxSLOOYwxpFIpAPTWjiaOtZ+gLdFKlJlD8u00xWP8lO/M5+e5efEB18b70VqjlMJai++vH8qLqoa+nn4+fJmiNNPCvMzQnIjzZuo1V88Ns3/HAcKKwfd9tNZorYnFYuuAMLDMfJ3m+fQznr7L0Vk9zGpLmezB4zx++YggqhAFEZ7n4ft+HVQHVMoB5++cJNWaRrQwMjHM9qCLTFcnJJq59WSIMLAopQDwfR/P8+oAbaqWK2eGSGxpxVrDnvQ+3s++4tPnj4SewYscUdUgIiilcM41/uXZG9kNz9h9aa+EYdjg+hnDwHDq+iGsaXwcZ6XhsdZW+FOqFk0B3caYt4Bic3Ja66NerVACOGttBXCbGbbWrgJW/VbnXbU6e5tMYIH8L54Xq0cq018+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKSSURBVDjLnVPdSxRRFP/N7Pq1U+q2an5tPqSVPQjhF1hYrElJBBE9RPQY7Ev00h9Q7EMLRSAGhUIP0UNqQkaYCOVDUJEZ9iDqurhGsaDpbOvq7uzO3I/uzK7rWi/R4f44Z2bu+Z3fmXuuxDmHaYFAgDPGYIJSaoEQkvW5MAwj6+3ImLmxuroW0VgMMEnTy4q55Xg2Nr3TWYrx8bHdBNGNDdzoe49/sXveVui6vkNgp/NwREdx59wWbLINjDLBKsAIknohRlevI85dkGUZi/Nz4IwjlUqlCdSvHlsBaYfDVYODrnJwg1igugbt1wJe/uxCgjkhyRIgSch0YSmQrQfK3AqbRl5RHVh8TmxUhAJRObqIV8udmE90gEuyyJUsmMY4SxOsfzmVLwiuFZUeFq+FdG1FqE5hbXkCY6E2zCZO7iSaPtOyOLL0P2CUHuOEeQv2NoATTXBUQZyPWDJK5FV0OAZhYzqSVEEQp5GQKjIK0i3YRfKDQldLmaYuiMoM+Y568dWOqrpulKpBUENHNDyD598vYDb+AzpftQhsdltGAaHD8fDHd2Gt/WZlRTliwddw1naBJKPQE+vYIAeQOvIIHXV5uLi/EpqmWQQy0i1I25M4NDR0n5NNT2thX5OjuF6OrCyR5c3GD8mKS53m1AWDwcfCe8T0RXKm8kWWwLTQyNG3+Y5qj6Z+G55Ur87EDKX7+IlOT0mJE4PPnmoi4bbf77+bO1BZgtBIYw8z6MMtvfjWpHrlSUPDIexzlYESCYaopihFCC0FMDX1Kd7b27snO4DbgUgOC5x/s3bZ7XbXoKfnrCXTLGDCnMCW5iZEIqri9XrP9Pf3T+xSkGs+n29a9Nr85y3M3MzPAwMDbX+18L/2G23Jn5HeUDltAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHiSURBVDjLhZPJbhpBEIbnJXxNxFsgjfJ8VixjYscXx7EdKzdWgdgFDggQm0CsZhFCCIEAcRx7EN2Mfnd1xATEkkNdqvr/6q/uaqXVaqHZbKJer6NWq6FaraJSqaBcLqNUKp0BUE6F0mg0YBjGXozHYwnJ5/MnIQp1JsFoNJKdh8OhCaGccIFMJnMUopBlOkzdKFEsFsuapoFzLvMEzOVySCaTByEKdd0cFOKVsDxaLpfg8xlY6o+sDQYDpNNpJBKJPYhCnTeW1+s1SLxeLMC+2cC+noMlX2St3++TC0Sj0R2IImbUF0JAhxhj4DPR2W4Dv78Df3oAu74yIb1ej1wgGAyaEKVQKHwRM+rz+fwv5LUFdnEO/nAP/vsZ/NfjDqTb7ZIL+Hw+CZGUbDarihn1meguIZ0OVleX4I9bEPslWCIu6+12m1zA4/GcmbOkUilVzKhPp9N9yPMT2O0NtO/XMMTrkItwOAyXy/V550bFfGo8Htcnk8k/iO0C7MaO958/sHrTtsUWc4TtiMViaiQS0WkTJaT9ipUQG+J1NmKn02kxL/HQcoRCITUQCOi0iZsnJrHI74iPAij8fr9V3LROC9YRoxwSnwRQeL1eq9vt1knscDgsB1f5f99VdLUK8adj9Q9ogTPkuLLcmwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjL3VNNaJIBGBaCDnXqVlEQO0ixrE1a26G2uYU0tyVaA2lsHtS5HzuYhTkl0CHZmpT/0coO0UVS6AdrkCPFkC0am+ambea2GjOYuubmN9vG0/eNLl1s0K0XHnh53h8eXp6XBoD2L6D9Jwuqq6v3dnd3X9fr9Rmn0wmNRjMnk8kqSewn8wTFUTWqh+r9YwGTydzd1NTUbzKZkEqlkEgk4Pf7odVqv6jV6kA8Hl+nuGAwCNfgVcSeCjD9XI/xR2xM2ErbaeXl5RcUCsVyNBrNCAQCb2Nj46ZEIoHZbIZKpQKVU5xVWzu+OKzEcvgVkFtANvwMoYHzKUpBv06nIywWi5TL5e6pqanJ+Xw+jI2NIRAIwO12Q9lZQWSiNwuFry+w+O4O8hEPNmeDiDzuIGgMBqNLKpVm7Xb7NT6fP8RisX6y2WzweLxtKDrOIB3RYCsfRD4hQ3r0CqaeiBAebFsaNfPotGNkNDc3TxmNxqzL5Up7PB44HA7I5XLYDEJkIipsESGszQhBzLdiZbIXM47apY/Gc2XbR6TT6btI2WUcDicpFotXe3p6CBKFu3KmdfGD8vdwO4i5y/jxSY1pa91qxFBxuqgPvH0HLk6+URS28gEQSRHW59uwTCqZttXnYwNVR4oa6WHXYVHU24uJ1/fwbaQFa8lWpMdv4LOV9T1mrCr5qxNdt+uBlVnEHlzCcO9BvL/fAL/u1ELYUHl8R1buk5RuFEJWFEZMGNGz4BIfyg2pTpzc8S+0nN1H3BIe3fAZGjbeGuv8L5WMkmK/8AtkdLda3u0iOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJISURBVDjLpZLLS5RxFIaf7/NCZqiZYYW1sEbTKWsTDUS0sFpF/0K7aBftulCbTIQWQi1r0aK/IKhFIBUodlNKKtBIy2qsKUPLacbvdy4tRmuhSdDZHDhw3nOelzdyd/6nypcbXnx25oWZplXNVfXOpUzvkb8JxEuXT9djpFvXtJKqSUWimlnpgyUC53f3fEskyQcP5JM8IjKykkDk7nQ9P+tmiqqhpe5ta7dHYsLzqZFZEVVVjUWE60dvrl3igZrSUp3C3DB3HIvUDHdoX99eq664G4/Hh5Y3UVVRN8yN7NwkM8UZxAVzJ47KMHO21qYQkeURzj085apKTUUtjdWNvJoeQV1LOF7Cqsy9ZT4pMB1vQkQRUW4fvxvFAJcyvVHPvitRbi6HmhIsEFQQE4IJwYVCmKepoY2Kwhsy6T2IytIciCjqiqhS+fktZglugoqwsb6Ftg17+VHMc2/wGlq27Y/Ayb7jLqLUrapDzQgeiC3hUPrYbwTDyc6+Z2fTPuaSAkOTD+joimvLFy+nG9tQnInv47TXd/Dywyjqxrvp1wQTxAJBA9/nf7B7837mwk8eTfRPlwMEEQTlWW6YHQ27GP80QVGKiAqNNVuQBTOnZiepX7OB4fcDDLzp/5IIh0sfBEHNSK/rQNTIfp3Cpeg3Bi+TWBIVJWFrQ5pM82GevOunb+zup0TozHb7qwUE4cnYU0QVEUFEi7dOjFcBHLx6QCtQhj88jKO4ivtjfR8TozPb7aO/c/Av1XwhyquVrS6YNue6fWJx/gvSRpXk80tR+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPLaxNRFIfHLrpx10WbghXxH7DQx6p14cadiCs31Y2LLizYhdBFWyhYaFUaUxLUQFCxL61E+0gofWGLRUqGqoWp2JpGG8g4ybTJJJm86897Ls4QJIm98DED9/6+mXNmjiAIwhlGE6P1P5xjVAEQiqHVlMlkYvl8/rhQKKAUbB92u91WSkKrlcLJZBK6rptomoZoNApFUbhElmU4HA4u8YzU1PsmWryroxYrF9CBdDqNbDbLr0QikUAsFkM4HOaCVCoFesjzpwMuaeXuthYcw4rtvG4KKGxAAgrE43FEIhGzlJQWxE/RirQ6i8/T7XjXV2szBawM8yDdU91GKaqqInQgwf9xCNmoB7LYgZn+Oud0T121KfiXYokqf8X+5jAyR3NQvtzEq96z4os7lhqzieW6TxJN3UVg8yEPqzu38P7xRVy+cPoay52qKDhUf0HaWsC3xRvstd3Qvt9mTWtEOPAJf/+L8oKAfwfLnil43z7Bkusqdr2X4Btvg1+c5fsVBZJ/H9aXbix/2EAouAVx4zVmHl2BtOrkPako2DsIwulexKhnG/cmfbg+uIbukXkooR/I5XKcioLu+8/QNTyGzqE36OidQNeDJayLe7yZBuUEv8t9iRIcU6Z4FprZ36fTxknC7GyCBrBY0ECSE4yzAY1+gyH4Ay9cw2Ifwv9mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHySURBVDjLpVNBaxpBGH2z7rrb6poNG0lSi0VyiA1I6a2XUtBLyD/oyV/gvSD03Gv/Q7El5NZDhBDx1lPpQUyRbg9SoUYTsEs21XVdM9/QWdZePGTgY2beft/33pudYcvlEvcZCu45VLno9Xrni8WizANBEGA+n0fh+34Us9mM5la1Wq1QHSMLvPhVMplsZ7NZkfT/iNvUNA3tdhv9fr9Sq9VaQgFnfGtZFobDIXRdj4rihbQeDAbIZDIoFApEWudwi3U6HcFu2zZc112RS1aokDGGRCIh2E3TRCqVQrPZhOM4FZXYSTp5pSTDMERI9rgSmsMwxHQ6RalUQrfbravE5HkexuOxOCCZRIdJs9xLjPaqqiKdTguV1KBM3WlDCdySkKwoyooC2Sifz4u8XC5HNWWFWMkrBX2QITGJP//2CdbVT1gTB896H6JfrFIDWUQMxWIxkkysEn/y6wJP/3yFzTYxe5TGFceiBvQHpL+4XHl45uf3SO15sPU9oMxg9D0cOCdCHWs0Gqfcy2HslkUzxaF9jH3NwcbONnR3Eziii8Mb/7jF98nDS7buMf1+wRraG7w2sQP92gJecnCDx5jf2Hc3H9c/Jh+j5Rnwd3fELYXA5T/8SwC4GK1X8Jg94E9uAhNJxVeC7ewWYHDkhrcOYd0B0mCFUhT4PX8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMGSURBVDjLVZNLaFx1GMV//3vnzkymk5lEm/GRzWgVOkVcWRcRLK2YVHwg1geFQJfJIgWhmy7UQl24bcxQGjcqRHfiQikmiIKGKEWE1NqkQmjStNVOZ5J53Ll37v/porQkZ33OD77vcIRzjp0yV94bBTFmnRvBqIqVkbDFl+qksn/Lm1+eLx7644edfnEfYC6/VsYvTDkTTXild/PWBysUziqE9xiEGyRr1dBZOWtkuzr4am39AcAsHy3j7flYlN4et2mN6f6MlWs4tYV1D5F59CzdWzOkCy/jy4TuXx/MGRV/OPSOWveEEJ6x/kkxdGxci1X01jQ2XgRzG4hB1cGlUI2rdDZn6MoNspUz46anpwC8xu/H3xLkJm26i21/j7Mt4N5ZwhMgQuT2LxQOfIaJPXq1eXSQxygmNi+IUS8/PDbpP/F+TgRP4hjCWbvrqV4QoJsXSO5cZPDAOWSrQVT/lcLzn+RlmzHP3fg0b5Nr6M4i6UfO4KQPO5sRApFOkTS+wFlFas9heturuHQRIxnxsHK/9T1U4ytMvIkInsMZA9zjOOsAgUj5xP/9RtD/LKqzjcFHSyqe0RFYg3UC3bqMlzuINfZB2FqwBox2aJVgDTgDVktUDJ7VvRUnDU4MosKreH3PYHoaoyxGg5GgI40K+yjsO0747xIiO4CQEUmXFc9ptUQSIdJPITt/Ejz8ItY7TLIVI1sJSTOi195LoXKO8NYlZPMS6fzT6LBG0mVJbH8rRq1x32QPVvOdm+dxci/9+04h/Aw6uoufKeFI07w+T3NtjqDYT7F8gn+mT4cy5lhq4E27UP9azLp27VRQOEKv/hN3lycRYhjnBtBJEy3vgDEExSLZwRfQtWt0t5h95Tu34AEYSbW5eHYurfvJDU/QVzoCGYGxGwi/RVB8nNzwIYrlE/ixZnn68zkrqO4a042qKJuQKWOYGDp6Ou/6Slg/g9MGl4So5m2uzFTDXptZl6H6xkW3vgtwX6sfidGkxZhVjKiEShJBErEiE5aMZv71H93CTv//ct+662PTZOEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJJSURBVDjLpZNNbxJRFIb7A/wF/A5YunRDovsmRk3cmLAxcdG0uiFuXDSmkBlLFNOmtYFKgibUtqlJG6UjiGksU0oZPgQs0KEwMw4Dw8dQjnPuMCNq48abvJub87zn4547BQBTk7q2CDZdDl1OXdNjOcd3tj/jJ8Eruuxzb2RX+NMpHT/MMUfHJwKbSgv7Bxnm9YciPRMSXRiDsb8ZjOGrwWjNzZ4UOL4pg6IOQLsYEbU6fajWRYgdpLilnYIbY00T08COcCrzTen2NMCj9ocgKgMQdLV7Q3KnqH3YTyQV/1YWTezEAPvCsjGzCTfkPtR/9IGXDNWkHlTFnmWysxfj7q/x2I4NDRxh5juNZf8LPm12ifBkimdAheI0smjgjH3NMtgzlmqCNx5tGnq4Abe9LIHLjS7IHQ3OJRWW1zcYZNFgOnl0LOCwmq0BgTEjgqbQoHSuQrGuEqO+dgFrgXUBWWJwyKaIAZaPcEXoWvD1uQjc8rBQ4FUio4oBLK+8sgycH7+kGUnpQUvVrF4xK4KomwuGQf6sQ14mV5GA8gesFhyB3TxdrjZhNAKSwSzXzIpgrtaBbLUDg+EI9j6nwe3btIZoexBsuHajCU6QjSlfBmaqbZIgr2f3Pl/l7vpyxjOai0S9Zd2R91GFF41Aqa1Z1eAyYeZcRQSPP6jMUlu/FmlylecDCfdqKMLFk3ko8zKZCfacLgmwHWVhnlriZrzv/l7lyc9072XJ9fjFNv10cYWhnvmEBS8tPPH4mVlPmL5DZy7/TP/znX8C6zgR9sd1gukAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVBgZBcG/b5R1HADg5717764trfQoVUpasAfU+CtRgmERXEwcHFmMgwwmjo7+BUyOxsXVmGidDHGQEAc1NsEQxQsm4g9sKYWgUErLXe967/f78XmKc+fOPR8RFzE3Pz8/3u/3Tey/SgA5iAiQM6MR25vxz/IXv3agjIj30Ol0Onq9nkajYaZNQBCJrAA7jyHUG8UiQImzCwsLTp486cyZM9rtKRARIAQB1OtN+y5ssI/PP7h+w+Ejr5UR0Z6cnHTp0iV/3vxQTkAEEEEOYKfHO9UByye+Utv8d2mXqRJFrVYzOzvr1DOnKbLIIYSQRQ4RCaS05+tr90GzUdhlpoSIUBSFejkFUvTMHz2tXraUZcvNG5cNhzsiEhHiv3uM1UAJEWE0Gtl6+Lux8WOOP3vWrZvfG/QfaLbGPX38Tdd/WVavZwe3C998vN9wmP74jM0yIqSUpJTAk4cW9Xv3HZ4/pT3Tsbc3cHvtO0c7r1hf/VHkMGVMbXyw9P6uqEWEnLPhcAim2ws2bl1RL1uurnyk37vr3sbPJiZnpVTJgFqzgJka5JyNRiOQo5KrgZwro+FA5EqVBlK1JyKT2YkBgDIi5JxVVQUeb99x4OAxE/tmPPfyW1qtKYsnXvfwwV+yrIyeU8UF8Wi41XR4s4Scs6qqwOrf33rhpbdd++kTT+w/IvJIrRy3cfsHjWZbDqZqT9mZuD891s9RRoSUkpyzKg3AnfUrFpfeECkZVbt+635JnTInABpNmCkhIkSENBrIaWh9bcXa6oooiKBoAFFkge3dW+zCISXA3NycZmubIiOEIJIoQkQGOSWPJgZefXHl0263ez4rpsuIuLy6uvouPB7elREZAeQAoEBwsdvtnoea2Pof+BV374GHrjgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKwSURBVDjLbVPPaxNBGH27m5jdaH5ZjU3SFkRiWkwt0l4qFupFEY/Bg/jj6MGLIPQigtCDf4BXLYZKK6UJSL2Ih4AGLGltTSUh1pgaJBXTEkNMY9NNdtf5Rlva2IFvv9mZN9978z5GMAwDrSMejz+sVCo3y+Wyl/5dLtd3h8MxPjQ0dO8/MBXYHdFo1D01NaUaLYPWJicnva14gT7/GK8yxi5WU2Rs8Pv9CAQCHJTJZLCysgKGIU6dKfrGMM+5IgKw6vXdbPl83ohEIsbS0hKP6elpvtaiiM5A6uvreypJ0gD9tLW18YLLy8toNptgh1AsFmG326FpGjweD3RdRzqdJjWm2dnZgIktXA8Gg6jVamBsYMWwurqKUCi0xyvmDaxWKxqNBsc6nU6USqUrImOs+Xw+dHR0gO5us9ngdruRzWY5G0Xu4wyCh9/BYmqA+QRVVakzpLZm2m6jLMswm82oVqs8k2GpVIq5rEIuvcbRrmHkc69gls/t6Z64XYAysSmKgs7OTq7GYrFAK8Xh8g7C7jkDpZ6CRV/nePKEF2ATRRRFUND9SB5lQRCg13/gQHUetiNOaL9m0N57A+byG+hak5OxszIpeJtIJLhkMolMpE3DYLEWw7EeZmZ9EXPjEzjk3IRU+QTLZha5XI4UJEQGvlwoFG7FYrEvyWSSM1PbhI0srJIGm+s39K2v7I6McWMex4fvQsu/aGz8LIywApeEbQ/C4bCbze+wuN0d8DudxWfwnr4A2ZyArhb+9lIwQzrYj2JWRCERfnB2ZGFUaH1MY2Njpzz6h3Cw+8RA+0mFsc4xqSoWohn0h3ogSA5AuYj3T+6vGbp+XtjvNc49Giz0XpvwSWIeRrNMPdq1K0JSAiimk/j8cjRiwj6juaXKi49Dm4bOek2G7oSxk8GNNtr/AJE93CiYMK0yAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK5SURBVDjLjZBbSNNxHMVXDz3UQ0892AVSs4Q0shQRA5uzCFGL5Rxqc1u5mZpNnWNN533eaDr976blZeFllc7mMLMl6IOGqdOpS4vAPaRbb6FiQjpPm5QahvmFw5cfP87nezgkAKS9JI4+zp5Wey3Ot57AnMZ9rYnn0RAV6HHoz/+eZl74SYq12d2x0OaGnapL9azeF6CBeYxY6PSHrZeDH8OVsOmCsaA9BYva8/u+AKroo5V2cy8Wh1RYMz/D8nsV5id60F/sZ90XgBoew51pydxYmuyAY7YTKxY97AMEihKu6v4J4JK92Ep26CLBIEPFoqwl033HCGHqT7uOj69dhbAbcjFY+wAXOOd7AgQ+R/4CMIPPUJTsMEd1PBk71SjjQV4nQYUiF/lSAbo+tqCkvwi+eec0F/lnD28BZPRLg0+Sb6Gz4B5m2sRo5dNAMCioTQpDk1kM9bgQVaYMlJsy0f6pAen6NAQlB6i2AAq6Z/uXfu2uwrTZZMjGH6HCJEDxaDpyRlMg+pACtoqFOVXU/wurKI6GYkKEfMN9pKvjwK26ibjSUFAl12B7GrENOHi5RqQQpe0qzIeWBW5dDArb2ei2KGG2GSF7lwK6zBcMoffrTfOB4OeJVL5peeAbUPpSh9xGLQSEBvUjqxAo5hFfcn29a7oaXTMEXCPt40DWl4TAVLdVknt4LY3G614xzDogmQE4I0DCABDTDdC1ADEEROT4ocdSj51jmFK6ACBNSfzXxzrk4L+yg9kLMPUbiNdugKZxIFINRModuPLwNB4b76LMyNo0l71lbSew1oTYOkoyEJs3DK4RYL9xJtADDANwx5WifA6xvCjclnqj0pi4edm1XW8nQEr63JwU1FNEzQ6ktej900dBzptyahpk8SRCsk3wvPHCKs9KLEgQehuchiVX7N+73NXfL+Zkqi9OGtlWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLjZJpSNNxHMb/VhTUi3pjVFoyj+wyPDG1sDUTE7ES1zCPuXRbZjZrSk63qVPzKNuc+ncmHmPOeU3nkYkEmnjhlVdaBPoiddGbMDEoj6clZEYlvnhe/fh8+P4eHgIAsVWE/kdY4wVWC7NqE0yXUZZLeebFvs7mu3+9bwnzvE1pMyrK6lzFYWxOYaSFbFuCYqaxfK7OEfOtbHzty8a81g1zmqOYKLD4vC0B6b8/Wz/SioVuEssjSiz2kJh93YL2FLuZbQn8vG9wJssfrH0ZrcXqVB2WJnTQd8ghCbmo/aeAQ7Vi5bMuLciDqSBDacsRDJtB+cPI73otHx8akqFvFKFLcRdn2adbnGLP7PtDwHSzpOWzPFZlgVRsTomUh9zCVGTmiZD4JBYNb8qR1i6Bjdi6zJZ/fO+GQMqw73oWcQ11SWGYrBBCzadDHkyDguuB0hEhotSuYJfaIX0gGjVvixGti4JLhBO5IchjWNS8b9f8VZgmngrpcBzClY5IbroJhuIE4nq5YJGhmCZ9/18YT30B91TnwFU6gFVsC2E9HdUDOYipuYrL0kMIkDIwX+TzW7DDIUeQJ4jaKCxS5QzdMAntUN46WDkgg+xlDJS9Wbit9oRT+p61riIf9jps5FYZ7scfWuz4CDyq1kJUokGY4b8/4adtPGS2RiKthYOkJhYkz7lQdKYgqOw8rBKJFYLiraDTec1LjVOrSJ0E2P1ASAcQWHQSVf0yqA0LVPZkoaQ7wyC5g4JOCThqL1BExCcTAWFLjKU6rgzW5oJfrwezFWDq1hCoWcP1AnNcyTEFTXoQbo8PIKTUFeSrJNxSecJMROgPC4hT6zuYyXGfr027jwBxHzhtAOuF4QIdENwIBDUDjIxpiPnpsE/dBaaSBrMEYtYAW28s8Z2K69Ii8Yt3ppfrHKMHQBWPGTIOqnAU7vFDsPCqmsmNCU+yFBt9O5awE8YCgrJ5vT8AXgaV02he+4MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAM+SURBVBgZBcHLT1xVAMDh333MkxmYAYZOwbGGPqRaHq0gpIBGba3GR2KibjQmsHDXsHDjP2DSmBgTU7swUUk0ajemK1HapjYIoYRqi4DoUAsNjwIyw9wZ7tzHOff4fZpSCgAAgJHJ4UHgPNADZAATKAG3VKAufTb49c8AAACaUgqAkclhExgF3nwtdyaSjmWw7BpsD4R0EGxxfXNMSCGvCiHf/vLlHyoAmlKKkcnhEHCju/HJ/hdzz2E5EVw8li2NsIqwawco4RHDZtOdYHZjdk744pnv3rpS0gGA0VMNx/oHmrspSA9f1xBCpyrC2IQpuBG2nRhrpRCPJp6mO/t4h+f63wMYxbMPBoCP3zn2qjEv99mkSjUQVJwEBTeE5UB+vUxpf59IehetLk9fYxvXF2dav7k1etfoHT756bnm3hOaEWNTF6CaOCgT3N4yqDo6i+sVgmiRyKG/cWvz7ARFzKLkRENOv72yVG8CPbnaFu7YG+xEdZ4wDhMgWN32cJwqdVmFVT/OcrAHriIlIuR3XM48dgrfFe0m0BA3a1i1N9h2bZLxVva8JMViQF3GoSltsyO7sNy7RFSZ8n+7FPbiJGJJfE+kTKWUpinwXAtFDjMkGZv20WIJNpcFuqqlOVMlWR7EWvdxmMX37oNSCCE0U4qgYHlWS4ORIhntZG3HxPFDhKMRok0x7v27izOTIhOeIROdJ+JZlJ0yY1O/IEVQMoUvfl8pPGg5Es9x7eEkqfgRwkYO37FRRopwIk2tO0FbdomnjvfxSP1RbixcYXp+AqNa8XTfExd/XLopDiUymPY6pd0p0mkXU7iENEVENzAr1+hq60Tqks6DZ5GaT1/7aXTPyepfvXJ53HP9n8YXb/JsSxd1Rg3pREBdWFIbdkiGXIqVLUJagtePnwfggxe+4HBTB0BIB/Bd/91f83fm/lz5i3NtPbSmTA7EFY1GmQbdplgusrAxxYWrQwBcGB/i3vYcgKMppQB46fPnk8IXl4Uvz77XP2QisygVR9M1Fv75ltXiFKc7BjiaPUn+4R9Mzf3G2v3SJ5pSCgAAgP6Pet+QQr4vZdAeyCANAJSMatnTveoBIAqUgUvTFzc+/B+ww5qo63KzbgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDDkFmyVWv14kh1PBeoll31f/n/ytUw6rgtUSi76s+L/x/8z/Vd8KFbEomPt16f/1/1f+X/S/7X/qeSwK+v63/K/6X/g/83/S/5hvQywkAdMGCdCoabZeAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLvVO/a9tAFD5ZdWwZg11w2iR1idMhxhm8ZOlS3K1rlwwZRD2EQCd7KIUOpmvoj7E4BBxElw72kMFLh5osBkEp3fwXlMY4TlRJtk4/7kffqW6wcDMFevDxTu/u+/S9d3cS5xzdZMTQDcet6xY6nc7jIAh2AU9830eAz4BP9Xr9dH6f9K8S2u22IL8rFovb6XQaEULQeDxGuq5/A5EXjUbjdMFBt9tdA9I+YAewWiqVbieTSWRZVigg5uVyebvf7+/C9kUBUN7P5/OvM5kMopQiz/OQYRhoZj/MpVIpkd+r1WoJyB02m019XmBH2J1OpwhjfEUEN1fRtm1UqVRipmk+6/V6ghYRCCHIruuGfxQk4URE8S3WJ5MJyuVyYv40coywsT0cDv+cbSyGHMcJhRRFCcEYQ5IkoWw2i0ajkRA4ifQABI4Gg0FYyszNV4AMeDQr4TtAATwEnEBjDxeOsaadvYnJSGEUYRFdj2PGmTLxOSaEKZ7LMCVccWzy8svBJo6U8Pz458pWPlF1A97aXE1UL2zS2rgbr54bQevBnXj114XfKkDevPQO/pIjDuofz94TymU3YNQnXMYeozRgUAKjxGdyABH6KLsOfaV/2MKRt7B39OPe+nJcPbeIVlheUg0j0AorS6p5GWj31xKqZRJtfSOlAvntPPnaq/xfX+NvE6ltVjnyz4AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLhZJdSJNhGIYHkjAQgk49CMMwJKPIkyIcDIJSFA+UkqKDQM0y/CFRdKmlMVGWQ1O3ZR5sKjKXP4wSayyFJYpSdhAEhRDYQXUSGAvry6t7mYU/1cHDBy/vdT/X87yfCTBtqmlPispBuGeB6S6DkNNgsm2BiVsORupTtt7fClcKjDI3BC/GVUFYHIOnPpjqgkBVFH955faAaU88U+4JZvvhWUCXe+BhC+oKY9dhpBrG6yF8G0Zr4e65CXry4/8EhHuczAmOBUy2GQKt0jX/7jRwxYy30ErfBYOAwnwl4Mx0rAeEu9J40mEwO6iOdoOxxr2M1iVIt1m6M/SXzOC92IyrIAF33l46sw38mqLVYtByPNXEY4eTSJ/0nDFdK6PViQxXLvGgCYbKYfCyvhXgyl2i43QibVarQqD3PDQfcZik+4qZ/vXZAtfM0h0meAPp+vGctXAn1yJdP74idc0YpvWYmZtHkRnUprw0SXeVGW3ZXx47jJNuFN8lpGuZn5/PiUQiqdK10JkFTelRGg/FUXcABq4qYN8nk3RXidzTYgpj2zXjOhPT/cBQ2QnB30Kh0Fe6805J9y0NaVC930xt8vpotqQVk7b7mvtVSDcq3XjpZsS2K9jH4iS8eYTf7/f+fA1b8kF13SVwmZb0WIBGcBWUSbdIi9m98WyC96jzSjAYXBO85vV637nd7oRNP50tyaLKN237lVWCuwUbfHwO7+cRbLS3t9t3ursTfFjw91+dI4IjgtfsdvvnhoaG5P8GCA4J/iK4d+NMsE/wSk1Nzcg/AwRnCV4WbNt6UXBjRUXFVGlp6cm/Bgj2CM7ZadZYCc4uLi7OVMVtnP0A9SbJ2btHXdYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLjZNrSFNhGMdHJfVl0peCKAKNoL7NopQ0CCqRQrxlUVoxK6eZk0oy03Ap5rXSYZsiedsWuYhGopgaqNNlrTR0uUtuuOl0lE6n87Kb/857aKJJ0IE/7/M+PP/feZ73nJcBgLFWCoUiuLOzs6K9vb2/ubn5l0wmm5FKpVqxWCyUiIQn/q5fDZRKJZMyCyiz02QywWq1Ym5uDgsLC7DZbFCrhyF8nu+qEuSJKviFvusAf8yter0eKysrWFpaAoEYjUZMTU3B7XZjxb0I16IWnR0vUVKUIS8seOi7CiBvJman0wnyuFwukP3IyAhmZ2dpqGNxAsv2YXiWf6CtpQ65OakiGkCZg6i2PXa7nTbMz8/TELPZDI1GA5J3u11YsGngsKvpLpyU7txO8qTfTQlmUGbB2NgYiLRaLW0iMxPQ5OQkHTuWbRRARRlNVDxNdeiAXC4Hh8MRMFgsFv5X5GwIeGZmBgaDAWw2+xsNUKlU0Ol06OnpQUNDA11M1vHxcTpP4uSaQNyoDYBOr8Xo6CgsFgvi4uKmaAAp8poIhIjkvHmysqsD8KjpEi5UHkDv4HdojBOIijk/vQFARPZpkuPgioLAqTuMhBcsZL+NhVRZjvTXEQgt24WmTwMIizg3vGEELyhFFAhZvwBvvlbQxlfKMpR1pKP+YzGSJKE4WrANp6PC6v95iNeoeYn5aVsailpTkN+SCF4TG7nNHFR25yG+LgT7cxge+kfi8/mCrq4uWGapT2kexLBxAHHVB9H4uQySvieoVxSjpreQgtyEsDsXiZIw7HuwZWl3JoNFA0pLS5l5j3M7Gt+JYfippiHRQn+cKd+DU892IqRkO67UHoOgi4cEUSj8M30cfqnMI+suE4/HY97PuledzE10yd5L0TfUjSHDFwzqlejp/wBW/lZcrT8Jvwwfu98t30MbbqNXXG5qSGLy9arLCfGq2IvR1siYcGt45FmVf/Ym196szdiRyfBbW/8bMwbKi+1SPUYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVDjLpZPNS1VhEIefc7wXTNQopKTM4IKRaB+GliQtKgpau3NjRcsIzEW1EQIR2kRUUP9AtHFhi4rAqKBCUDOEkDIQPzIIWpjX7jnvO+9Mi3uvUBAIDgzMDDMP/JiZyMzYjMVs0jYNyDDc9h8NCl5BPIiCdyChWAuAM0ghA0BTzz+z+rcHhRCKsQ+lWODN4xIAYHUZVLFQahDBgoAXTHwx9x4TAfFkd+yHgpUBBmbQfoMoW4N9fIiFQHzoEkiB8LyP+Nwdomwl8uoWtjgF3pcAIkVtppCtxcZuEnUOEIUUnXgAQYmPXqb/WQ/5NM/dg/3E85PrgBjviwA1iDNQvRdUsJUl4uPXidsuorMvSILQUNfM+fFBnAqIQGpkKCRFfapEQNTai319St/UfUwdzgJOhF3bmmiuP8Zqskb30hgjfjdbUiNDWqKpgnp08h5xx1Vk8jZnWnoJpgQNKMbyyiIHGrrIuwInF0YY1SoyFAxSDyg6egVECE8ukIgjmDL/cxavgqjHB8+vdJXDe06Q97/pOPK2BPCeKFQSlVcYAokkSBB21jYiGgimfF9ZYHt1PR8W3zEzN87w9FYiu1ZveFu/LIKBg+6uahLncOpIxJGra6Ezd5aJhfdMfxrl0UwN+5IKoo1+Y+tgvNbeeKrq9ZeX35xyennIPgMbB+QGorWgFVUFDbkfQzZXrv8BKB9RM6Fzq8AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHdSURBVDjLjZNPaxNBGIdrLwURLznWgkcvIrQhRw9FGgy01IY0TVsQ0q6GFkT0kwjJId9AP4AHP4Q9FO2hJ7El2+yf7OzMbja7Sf0578QdNybFLjwszLu/Z2femZkDMEfI54FkRVL4Dw8l8zqXEawMBgM2HA6vR6MRZiHraDabH7KSrKBA4SAIEIahxvd9eJ6HbrerJKZpotVqaUkavkMC+iCKIsRxrN6EEAKMMViWpQT9fh/0k3a7PZZkBUPmqXAKCSjAOYdt21NLUj1JBYW7C6vi6BC8vKWKQXUXQcNA5Nh6KY7jqJl0Op1JwY/Hi7mLp/lT/uoA/OX2WLC3C9FoQBwfILKulIRmQv1wXfevwHmyuMPXS5Fv1MHrFSTmhSomnUvw/Spo3C+vg3/+pJZDPSGRFvilNV+8PUZvoziKvn+d3LZvJ/BelMDevIZXK2EQCiUhtMDM53bY5rOIGXtwjU3EVz/HM5Az8eplqPFKEfzLR91cOg8TPTgr3MudFx+d9owK7KMNVfQOtyQ1OO9qiHsWkiRRUHhKQLuwfH9+1XpfhVVfU0V3//k4zFwdzjIlSA/Sv8jTOZObBL9uugczuNaCP5K8bFBIhduE5bdC3d6MYIkkt7jOKXT1l34DkIu9e0agZjoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJjSURBVDjLpVPPaxNBGH2zu026piEpTayhJVBzswR/BBVvXiyKiJeACv4LnnsRQ/DqIYcilApevQuWHIpgqIhiSJQiCrEBf9EGarqm2eyP2fGbSZMWjCC4MHwMM+99771vhwkh8D+fcXhTrVYf+75/2/M8gyqoquW6rqxP8vn8rZEE9Xo9RoBH8Xg8Hw4fgUMgBAGUNlI4ORlHubx6k3Z/EtRqtcsSnEgkZiKRCDab3yC7B4FAIAIiEuBE5jjOaAt0eTWdTquNbffgEfh9/S0RBMN1aeGKsjGSQHoMhUKwLKvfmXOcmD+luov97jLovyqQzJxA8pIciJRer72hyimgLsAYGo0owqaG5ZUl8gQmk2nvtKYXF4stpaCflVBEkmA+ewaatYZo6BmMCJ0LDsdOYmv3Ivthxa7R9ae9nn2MassYeOsrkJK5kj4VXsdMbpb2LepJ1qwuxhvPxdef13d1nUm7akiaJBiC+UFw+hgdGiac7fOwv+dgTpiqUdfVlWTf7ys3ZDiDv1EGJy0IGZwG6Bp1TdYphi40Nib7EdBlno/hVJQCOQVd15X0YF8FYwE87mLn8xzeradJnaUA3HPpjq8mpghIwetKpYJOp4NoNIpxM0x/IEMgLToaYqkaTp7dAHqaAuiMjwnuCd/tKNlMyi+VSldpGsVUKpWbO55BLDYFu/UCem+NQjTgenvwHBsvN5JfYtOnZ51u2//QbGVXlh5+ZIdfY6FQWCCiB7Syg8cka+TcXVi2D/PTfS5FKCuZe+LXHhfsX57zjeIr3t7aRDooX2C+lbF5aKJz9M6ytd0UvwHmbqDcpFnnSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEuSURBVDjLpZM9SgRBFIRr/EHXwGVFAxUPYmTgMTyEoblX2NwjGG9i5B0EMTIQFWTBaHTeqyqDHmdX0FlhHzSvO6n+qvp1ZRvL1AqWrLX5w93VuSXBJkhCKovMrpOJk4vr6lcBidg7PgVMWIYkWATEbv9wc/03AZkwiY/3J7i93STcEmxu7yOz6ReQCDFhFTExIRJWgox+gcwot2UUAmY5kzADzkBEL0Er0PUZReUGIhcRNAU5muI/E1JiZzjF4cEbHp+HyIx+C2otdPgqfTodoP5c/w9BgNn8sPD6sgFzFVu76ieIaGYhMtrwWiGVPRkLCLJkYJX0vyms8rQLMigWBqMj2IKZsFSWCbGM83xVtjGZTFzXNeL2spv3+fmf/QnCJu5HZwCA8XhcVct+5y9H3H2zjxE/HwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHOSURBVDjLpZOxa1RBEIe/d/e8FKeFEA2IGBWCICZYBSESBCFglUDSCJZaRBBbK1HQ0s4/QQlCgoKdoBA9sVBshCBETCNRiUUg5PDt7MxY7HuXdxgEycKwyzJ88/vN7Gbuzl5WDvDozeZtd66p21EzQw2iGaqGmhPVaqFodNTs/f0rI+M5gLnfmB0/MPg/le88+TLWU6BmgwDtpevgDhrBFETSORQgAQoBEbZvvUJEB2qAqg8ORw6BxRQeS0gBUkAMsPIdAIm60wNVKwEZrG+AW1JilpRotQNDQwCEOiCWgIXhe1w+f/if3hffrXMhxH4Fooa5kzdT0rNPi3TWlrl6bp7PP1d4ufqCiyNTzIzOUYiz1RWCJECjsuBA3swAmBmdoxu6APza3uDB9EM6a8sAFFEJYsRoOwBRww3yxt+Su6FLq9nqAQuxst11QDTcnX2lhc7XVO3jtw8cOzjMzafzTJ26RJUL0B7Ia020dNlsJAsTJyaZODlZziVj+swsWZb1AarJJUCMeCnn8esfaWruiIKoEtQIkry3mlUx+qfg7owd389prd6+9/7CbsvMrfaQ/O3dhdWzQa0tUZGoaDREjahxV8Dm1u/nANlev/MfAjw0JrMu09AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLfZJNaFxlGIWf7853597JTJzQzDi9U6chPxCaOmi78idIlglEsEJJqFmIaDddlEK7EF3pKmJcdiUU3bmwXQiiGxsQQdBaF9HYUFucZP6SNHWS3uncO9+PiyDNGPDs3s3DOec94rOvflkyRrzRjo0fKQ7L9p6uBN/l2tuvnb4EII0VC7Mvl/K+7wshEvyfOga06nL9u7tvAvuAdmQ8z/PF58sP6fCAPXGH4cImKbeFsoad3RS/3c3SZ08gGeTy2WG0EeJfqIwVOE4CR0DsNBjObeIl/6IV7aG0QnoeI6WA+/fSDCRzGNPrSgIYwHEEkd0i6T7k78ctIt0hVgplQzzPI4xSDKYcLLanmCcAIbDKEOkuHRXxuBsRG4U2gOhijUY6Amt7W3UArN0H+OTZC9NYXCKjiZRGiCThXoZMskgi4YAVhyNYux8hkzhGtdEk69fpSzt4QvFop49mIyDIjiAdcegz0h4EuE9TTJ1i4/ZNBjI1hNa4nTzHRxfI+AHamP/O4omDOw/Oo42hG2uOtCTSfYVc4Rk27q9S2/wAIyMGt07xze5JdpvbT1248OmVlZWVq9JaiwCmT19CK833X/9A//EB5ubmCMOQjdFRfvw5R8JxmD33Kq50qdfr4tYt76NKpZKX4sBeV3/9g/ZWm9lzr/PJ1SV+v71KcDSgXC5Tr9dZ+niJRqPBsZGTauHsrKxUKucd3xUtTJfnCi/waD2ivz8LwOWL79GNFfPz80xOTjIzM8P09DRxHPPsS2dCgGw268mkFF98efPei7G25T83VTLRrvuAePf9D5VSSi4uLpJOpwEIwxCtDT99e631/FsL2Wq12hEHhzExMXFibGzs+tTU1NFSqWSklEeazSZra2t4nsfQ0BCFQgGl1M76+rqzvLzc6AGMj48ngiAop9PpG8ViMe95XgJwtre33wGquVzuBuBGUaRrtdpWGIZn/gGotkJJF2DBHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF5SURBVDjLpZMxa5RBEIafvdu7RPCMhYLBxCoiaqO/IHZWNvkBooh1WrHUwk4s0sTGQrsQwf9gK1gpQoJoY++d5Ludd2YtvlwuaWLODAyzsPu88zLMplorp4n85t3W5vLS4sPc6/VqgMKxIiRRJEoRxYzx2NpajFKMvaaxH993X+flpcXHl169SAv3P/Gge42Nm2//2TUlOH/ubO/p85eXc879dHF1lfmrXe50bgNwfeXKsQJfd37S7XZw95TNxa+7a8Aa94BxKXz+sgOA5JgJuWNyJEfe1m+7gUvkGsGtGyv/NcDt9x8uZCkA2GvGM8Fn5ueIGmR3B2Cu3z/yoNbaJpWI9uwR1NreAXgEuZhmAicJEO5kk2YGD5qFTx1EjRODk4gIsu0LuMeJwSMCxexgIIfhduPSsQI1gjwajYZN0wx+D/8QEfsC00kfdjMxVKn0cwcPV1p/8mx9MFh4BJ1BcU23T0JmyA1JuBlyx2WEO2Y2jPCP6bTf+S96U2WlbWXHPgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLjdFNTNJxHAZw69CWHjp16O2AZB3S1ovOObaI8NBYuuZAhqjIQkzJoSIZBmSCpVuK/sE/WimU6N9SDM0R66IHbabie1hrg0MK3Zo5a8vwidgym8w8PKffvp89e35RAKJ2ipp7WDxvjltZ6jwCr5W2bpHHtqUnx+77877jsZxzlO3roAWXuw5ha1pl9MZdAW2ig8RyXyL8rnx8G6uH387AMnUMC2b6l10BJPdAfWDGhZVREuszT7D6hsTStBNDurO+XQEZnEypx1a28XW2F8HFPqwtOBAYJlCde9EeEZCy4sTN4ksrRA4LZB57vZCfMElUyH4E7Ap86r+LwIAGIy03cDr/lDNJGR/zDyBiHGc3i1ODjUIWtqbdIIexVY86kwZ3HijR/86GmqFqJGhPWs8oTkRvAgb+uZGHhVfRV3UNni41OhU8EDlstBSkwjKjhnmqAg3uUtS6y9Dzvg0ljmKkFCaRm4CJT+/5OERtG4yqZMEwdQt1biV0EyW4PVEE1dsiiMk8eMn0/w9Wp+PCNK1CQ6iBYeommkIpH5Qhy5AF/6Mrf4G955tUJlXxtsHieeWQ2LJxvVuAAkoASUcmLugZPqW0qsprEQjDx3sY3ZIMhXt1+DNw77kdmnYKSsKKx+PfoTQtYX9KtzWG2Rod6aujaJwWHk8+uDawGITeA+SPA7nDQOYgwKcAYhQQajyIY9eQEYE5feLPyV4jFC8CELkAkWMDQmoDPGsQaWYgzRjEU8vL8GARAV8T099bUwqBdgzS14D4VaiBA8gZALJ/t6j1Qqu4Hx4sIvChoyDFWZ1RmcyzORJLJsDSzoUyD5Z6FsxKN+iXn/mM5ZLwYJGAX0F/sgCQt3xBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLfZJNaFxlGIWf7853597JTJzQzDi9U6chPxCaOmi78idIlglEsEJJqFmIaDddlEK7EF3pKmJcdiUU3bmwXQiiGxsQQdBaF9HYUFucZP6SNHWS3uncO9+PiyDNGPDs3s3DOec94rOvflkyRrzRjo0fKQ7L9p6uBN/l2tuvnb4EII0VC7Mvl/K+7wshEvyfOga06nL9u7tvAvuAdmQ8z/PF58sP6fCAPXGH4cImKbeFsoad3RS/3c3SZ08gGeTy2WG0EeJfqIwVOE4CR0DsNBjObeIl/6IV7aG0QnoeI6WA+/fSDCRzGNPrSgIYwHEEkd0i6T7k78ctIt0hVgplQzzPI4xSDKYcLLanmCcAIbDKEOkuHRXxuBsRG4U2gOhijUY6Amt7W3UArN0H+OTZC9NYXCKjiZRGiCThXoZMskgi4YAVhyNYux8hkzhGtdEk69fpSzt4QvFop49mIyDIjiAdcegz0h4EuE9TTJ1i4/ZNBjI1hNa4nTzHRxfI+AHamP/O4omDOw/Oo42hG2uOtCTSfYVc4Rk27q9S2/wAIyMGt07xze5JdpvbT1248OmVlZWVq9JaiwCmT19CK833X/9A//EB5ubmCMOQjdFRfvw5R8JxmD33Kq50qdfr4tYt76NKpZKX4sBeV3/9g/ZWm9lzr/PJ1SV+v71KcDSgXC5Tr9dZ+niJRqPBsZGTauHsrKxUKucd3xUtTJfnCi/waD2ivz8LwOWL79GNFfPz80xOTjIzM8P09DRxHPPsS2dCgGw268mkFF98efPei7G25T83VTLRrvuAePf9D5VSSi4uLpJOpwEIwxCtDT99e631/FsL2Wq12hEHhzExMXFibGzs+tTU1NFSqWSklEeazSZra2t4nsfQ0BCFQgGl1M76+rqzvLzc6AGMj48ngiAop9PpG8ViMe95XgJwtre33wGquVzuBuBGUaRrtdpWGIZn/gGotkJJF2DBHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLhZJfSFNxFMcHPUUP0aP0EoSEVEaY5QixFzMTRtLDCH1QqIbEKBCzTEyxPwotsbLUETSHmTUTm86mrk03N9eW253Oua2pW8OcS6Z3d7uzWd/uZi0qaQfOww/O93N+53wPCwDr7yyoJ0oqRG61oM9P3u3xkUUCQp3C7SnZqnZLsUDqXzK6wpjxrGPKHcHYDAVei3NpW86TkqSAcqZzTOz8vI4PLhp6ZxjmBRpycxAZZXJ1UkBjr4+c9myKJxw0NLYQlNMUxmcpFDZayaSAum4fScxHMGEPQx0XhzBMUBhlxsivI5IDCutNaqU1CNM8jRELhUFTrHsIL3Wr2J7XmXyEnQVdNUUCKz06E4LUSOK1fg1ygpmfPxpl7eI3/xdwmK/j8oUum/jtHERDC2iQeHHrhQePemfR2mNBToV6hZVyu2ZLwH6e4tClNqdVwyzL5o3AOEfD8DEMLfN96ZtevOuqhk7WAKXkJoRVJ+1VnPTcPwDZFTqhbHINVg/N+B6C0RUD0Bjol8KqbYduahEq8wqGDH7I9XY8rT0VOp994EQCUNpkd4zbg1BaSIxZKbxnuusdYfQ/vYIxsxerwa+4U1mNWCwGIuge1OAa56AqAeAL3bTBEYJ42AcV47uOsTG2fZnoKmSG5bjwFyC6sYEOlRvNl9mrCQCvxRXR2kPoVCxDYQlu3sAUhVcPStGtWcT3n4BYfmMeDwdmcY+XGUgAcq+bXGKlH31afxygYm5BbiZxv/wcOmUqfApE45BYzH+J4nHHM5SxUxW/7Tgmzd/B1beWNdsxwgjHbRSzTBIdXQo08dkQSSR4PkRAPDCJdlEbqjhpgTOZaex/Dmk3d3gpg2/w5t0gAjmVRDT1gi6653Rr8OzxPLq2+OhGfXF64GLWXjnnyL6sWP0PKd/8SStdk8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpVLfS1NhGPYP8D6im8DKwrYhUaa1tEyyIXlRWtFFJlZQERIGUZKGI5dO7ZeUEl1YaKUYkyU1J0hE/ppzuOnUDbdpbp7Nue2crZ2J9fSeQ4LhdtUHLx/fx/c87/M+z5cEIOl/6p/DsjGnzWfIhnf0CJjhw2AGD2HpWxY8Xw/CPXAAi/378aNvHxY+p7viEhD416q/FTFfC2JLL8AvPkd0/gl+OhoRsdXDN1gsgLm4CghcE5opw6qvFeHpfHDm4wgZsxEcykLEroZ/tFQAryUcwTsij8WYZ4i6boGz5IE1HkWQxojY6xAwlZN0OVyfZClxCbzD8jMBywXEvC0IT50AazqG4Kgc3ORNcNYqeAYUcGllioQmklnhiKsavLsR3EQuQmPZCAxmitK9388RWFqRMAUCZyyPFSLGvKSOCoTG8xAcycEKOR+eeSSAfzs1e3lHdxo/17WHt79P5W3tO/nZNymMSEAxMezsbepO8y+Q484Gce6IrQ5hqwqsWUmkVQgaKhEYvosFbT4IHJl+vV30I4kyDlLGPGXMU8Y8Oc3P98p4zvoQvl4ZlvWkyliNro4iVDQX40pjIc4rc9iTd6SVm/7Bejl7JAMrhnKwEzUEvo/2tlN40HkJWkszTG4dmvqu4WyTBBnXt6rjEjg+ponSPf1FmPsgxUVV7prG/BiaqacQllp/GU36qwJBNB543KMvhFtXAHvHLr/t7Y4tBffS0Wt5hY2rZ6JZINgETnZ0SzDXmQZyum79PvPGtmi9rhS1uhIRXPulJL4CimmSYmIInLzxnh4qT6t3o0FXJnYWduG8yQP7u9SMRB+GHquoWEH2310l3P8B4M3c7jDaDNsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLnZPfS5NRGMffq/6BIMhuuvRGKLqooItuugiCoi4qiNDoh2RS6BCnkA6mG+3dD0bvHDXB0iTtwm1M4X39sQ0ZqAzJJYGUNWFuMje3vdtSW9u38xxaDOvKA9/3cA7P93Oe9znPEVwul8XpdN4CIBxGwsDAQL3dbp8zm80NhwLQx2Qyafr7+8O9vb3HDgXQ6/VHenp6ZrRa7Vx7e/tR2ltYWDDMz89X/H5/RVGUvcnJSb/b7b7wXwApEAi0tLW1bVksli/BYDDEzD/YACkT8OO7x42xsbG9kZER7T+ASCQiLy8v/1paWtoLhULY3t5GPp/HVlrFuhzEtzOnuJLTCgYHByus6G/+AlZWVsSNjQ1+0vMpLTeqqopEKofG9xXceQcEX3mQcEjIJpM8bnZ2FqIoGjiALYpkymazHFBVJpPBZjKLaCKHXC6HQqHARXCK7evrK7OiXxdYcSoEOGiuKhqNgmUJq9VaIe3s7PAs19bW0NXV9VWYmJgoE7VqqALS6TRkWYbP5wOLQbf52c+nL2/vP7RcRdOLy3grS9BoNBDGx8fz8Xicp0VGSjeVSmFxcRFer5cqj06xFboPTfCtSvgYV2Cdfoyb1gZca70IYXR0dJoqT0YCkNnhcMQ6OjrU5uZmMKl3DZfKnk82eD7bQUOceQDrzCOca6krCcPDw510Et0EAeh3WHvna+/6SvdpTK26UDu8EQlnW45DGBoaOsnuNR8OhxGLxVAsFmGz2cq1gPNPTuyalHswKI3cbJAbeQYMsMsDJEl6zdoUrJnAmgrsXezXAlig/oZYD7Nyn59MM63ZvsgD2GusY42xbjQaS+x+SzqdLnSw51mwkUmltP/MRtr/DeMW8yghqDBkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpVM9TFNRFP7ubWvb1x+QQAtRIFaRmEakaYiGiJaAurioiYsxXXVxMHESB40TJI5OOihxq0sZTDBq6kANikAJNLSBAokQ29q/1x/69673PoSoMS6c5Oa8c979zv2+k3MIYwz7MYp9mvb3IBKJ9HB3T7BSFAXcW8Q3P/KvWOTHXC5XaBdDRDIajZ7jflyn03VYrVYQQnZ+cr9bTJjwyWQSxWJxg+dv9vX1fST81SEevLXZbKRWlLE++wlyfBO5+BZq5ZIK1BkkWGxtsNoPoePUaTCdHqurqxzGLpDl5eVZDu41m8148+QBVoLv/qv5aP8QBm/fR6lUEsznNF6vd2xtbU3vcDhw7IwHBTmrXqxXymC1GpdB0XnSDvfFw7C0n0XXwGUYG5pUOYlEQtJyBrnh4WFLuVwG7wEGvHeg0WjUIoVCAay+jVx4FJbWfjQVMjB1diEej6t3uIQkTafTU3a7HQaDQaUVi8WQSqWQzWZR4wwK3yZhanbD2uZCfuMDVhYDKrharQoWE9Tn8z3f1ScKCGr5fF59XU6uIL8+CUtzI+o5P2zOG6CJ99BpqcqCMxihCwsLOQEWIJE0mUzQ6/WglKC6NYmW7ivA9ldMv3wFc2MJJL2E2o95wS7l8XjyVJZlRXRTkiQIKep4Uop6JowDrAzLwSKUcgxgCur5zzjiuYvU/DhQyYyqd7mWkNPpvOX3+8O8H8hkMqCEoRD1obGjF0oxxLEluK91Q6ls8l5F0OI4D33osX5vEsnO6EmBQOCFVqu92lRbIhKR0XrcyF+d5lormHkd5kVOgGgaAOMlfHk2EmeKMkj+3sZgMNhO5x5u9Fx/Cg1d47OQ5ln2x/5pjN34vjiHyMQjH/nXOk+NuZOsrkhM4YsklmjvsD2PneWa+QnIJn6IP3aTNQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEzSURBVDjLxdOxasJAHAZwwbfKkjlbJVMpJaYmxtSoNVoSsCLlekQSjcZNRUFFIUNxD5nqY7Rr+wiuX89M3a62lA4f3PL97n/HXQ5A7jfJ/Rng+/1LSsn72UAQ+HlWJp5Hj4Q8gguE4VAIw0GWwSAQWPl1sZhjv39Gr/fAB4bDAJNJhCgaYTweYbNZIY5jrNcruM49HwiCPg6HF6RpiiRJsFwuQQhhYAS7WecD7KzY7bbwPA+UUnS7Xdi2zdZPqNVMPnC6qPl8Cl3XoSgKZFmGJEkwTYOlzAc6HRez2RSu66DRqKNQuIAoigy7hmGU+EC73USr1WDlajayZZkZoqoKm0rlA807S6jeVoRKRRPK5RtB14tvJ8hxbGhaEWc/JLZrXisVKcvxR8AX6Irl4/8+03fzCbreyRfHFw9qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLpZPNS1RhFMaff2EWLWo5tGnRaqCFRBAM0cZFwVSQpVHNQAWVMQwaSSZWtimLiKnsO5lEjKzs4y1zRK3oItfMj1FnnJkaUtNrjo45H3eejpCKNa5anMX73vs855zfOS9I4n9i2SHbCpvph8q8A9PNcCzcz76EM9EETj+DmmqENaeBiJ3mRyuzQy5mwyVMKqiFbzNN0MxgKZOd2zj5GMZE/ZL5ooHZAntGW89s7Bw5Ws25llWcfQHrzHPYE/51ZOQ0M4Fiitj4UQdbzhZSb+FJ63ZypJqp7p0UsTf+FN6kvoMMl3GmNY9jj+BckcF8/HoFldLzpZIqxhthJPVdkr2cifdb5sXefyAKLFvyzVJJAssisIxstILZ0DEyeJzpHifHfNBGamFZ+C9yC7bhG7BBxCrZZqWQpoiNP6S1TMBFDh4gA0VMdxfy+0NosftQX+8gGKkBY741HLoGhbnXUOZwKTn+gGa4nOlBN9MDxdJzCTmwj+wvEKPDTPUc5Zx+kOk+NxmqZOJTIXsviYGQVgKLAos/n0CbbIAS0ir1eY9kF4O+3UzpBYzehhaugQpdR3DwKth7EeyqEoO/oYzXwyKwDDN0ipme/VKFi0l9L8M3oYW8SwxWnIKI1XT7Vqb6i/ntLoLTHdulhROcUJsZuJJjCsvEPpyf8m8io5U0VB6FtFNIe6da84XFEcYaNrDzLDw5DUZ9cEwqm6zxGWYGPBTShogtQtoerV0rLA5JKy5+ubya7SdzbKKMyRG7ByPeIfvebKfAWszUdQFavKOI0bqNbCuF4XfneAvzIaStQrpOxEpIL746rQKOD2VQbSXwtLiXg/wNTNvAOhsl8oEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJBSURBVDjLhdKxa5NBGMfx713yvkmbJnaoFiSF4mJTh06Kg4OgiyCCRXCof4YIdXdxFhQVHPo3OFSoUx0FySQttaVKYq2NbdO8ed/L3fM4JG3tYPvAcfBw9+HHPWdUlf/V0tLSqKo+EpEHInJFRIohhDUR+RBCeDM7O7ua55QSkRfVanVufHyckZERrLV0Op2Zra2tmXq9fg+YsmcAdyYnJykUCke9OI6ZmJgghHAZ4KwE3ntPs9mkVCohIjQaDWq1GiEEAM5KoHEcY62lVCrRarUoFotUKpUjIL/y/uqXYmV62ph/LSVrr30P4bEFcM4B0Ov1jk547/uAUTs1ceNdZIwB7V/GGHz6+9LXxY96eDiEgHMOY8xJAK8p4grZz5cElwNbwZgyxYu3EFM01lriOCZJEqIoIooiALIsGwA9Y1UcwcWoKNLdpLu9zvbnBWqNBhuvn5EDUmB0EH/1E2TZw5U+YLQovkun+Ytsaw1xCbnCOap334LC7s4Oe/ttvA+ICLmhMXRxDufczUECS37oAuevPwUEVFFp4/eXkXSdYc2IopSepnjtUh5/wg9gfn6+OQBUNaRIUkfDHhraSLoBKqikIF3yHJDLHaAkFOLciVHnyVAVj/S2Ub/XRyQD9aAZKgkaOohvo6ENgykcA07VEFDfQv1uf4W9Y8y30bCPhg4qKZJtMnjTPqBO/vhkZ7h3EJeRslWNQMqgY2jIAIfa/m5sIKSpqpPsGEiz599e3b+GchtD+bSvjQJm2SG6cNj6C+QmaxAek5tyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEvSURBVDjLY/j//z8DJZiBagZEtO8QAuKlQPwTiP/jwbuAWAWbARtXHrz1//efv//xgS0n74MMuQ3EbHADgBweIP7z99+//x++/fv/8tO//88+/vv/5P2//w/f/ft/782//7df/f1/5xXE8OoFx0GGmCEbIJcz9QBY8gVQ47MP//4/Bmp+8Pbf/7tQzddf/P1/9RnEgM5VZ0EGeGM14ClQ86N3UM2v//2/9RKi+QpQ88UnuA2AewHk/PtAW++8/vv/JlDzted//18Gar7wBGTAH7ABtYtOgAywxBqIIEOQAcg1Fx7/BRuMFoicuKLxDyzK5u64Cjfo/ecfYD5Q/DLWaMSGgQrvPH/3FabxOxDXEp0SgYp7Z267AtL4BYgLSUrKQA1KQHwPiFPolxcGzAAA94sPIr7iagsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI3SURBVDjL3ZLtS1NhGMbPH9CnIOhFIijIIwouMg1rDjOY5cuoKHqhbJzjQqfJMiqW5MbaObKTG+VIlpmWTMuaLpfNuRgtGQhF6WTNuRSDabj0Q32wPsTVcw4VgyKEvvXAxfN237/75noeCgD1L6L+I0BJU2gNkXcfN5JQmoLJvY2BZOFlf7Lgovdzfr1nKe9s/4vtVY+UfwPEeXcM3rEkfGMf8fT1AgZeLcBD5Bqdh+CKIpu9/+2PAJK8SmUJwXanD6d0ZrQH5lDX1I1qsxMqjRHmvhkw5zmsz6vAbwCSvJa0/dLQ+xZ1DRbU8E7YBt+DNdxDKWNAsboRF7qmoNZxyCmrRZriHDYfckQ3qW5ulQAk2cW5JvE8siRVbvbMgu+fgfHhNPTdcdTfjaG2fRINPXF0BBJo8yfACEFsLLWPSgBi2Fd/eBEOciEMzOIqaffKg3e45JyCrjMG7e0oKlsj0LS0oqblJCqby3GCU2IHyyJt/43VFHEbw+OLsHY8wR5lGYrLD0MvdKJn5AO6gvNSVaPzFgy9p+GZsOPNnA/W4SocsWYh58wWByUrOoqs3ELQGZmQy+VQKBSgM7ORkX8A9DY50mW7cdxUBHfYBnfkumgiBD8Lq1+D3Op1X365SdP0NMMw0Gq1IOtwqtMlehkGJ9qQOh6P20UAUgG7iEJEz4iOpQJ2ajcsW3xqcD7pGcENVfzsYHlF35UEmg4K6bjmY6TK4izuybmw4j9PgnmiT2LbP2ZePP8OiAqyZHfdgY0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLjZNdSFNxHIZPnfS+usiborU2JaKIPvAmig0kkYSCCpHKsTnDolLXnBFJBQV9YC2VtDRThKiYzA9coW6abWSTwRixYqPtIqHTWGM7+3Bfb+d/ZEeHXjh4Lt/395x3/CkAlMPhODHzSIUpXTk+KUpAUdSRdbKThPfZ7XZ2zjaLeds0TBeLkU6n1wVfotPpCo1GY83HB3X40l0H04VixOPxPKLRKFiWFQiHw0ilUksF+QYWjFdLVxXkSnJEIhEkk8l8g/F7dZjtUmO8SopEIsFzc9AP3YAfzRzafh+0fT5oOIiFUCAYWJcMxs5Ksbi4yEPCAxYG/RxvzAz6phg09P7iC4hVnsHYXTU+d9Zi9IyEbyesvNrEBRtfeXDtpYffIBaLZdY0GD4t4QciBblPIZCL5NtJOBQKIRgMslzBwWWD1lrMtKswfGq3EG567UNDjxdXuz243PUT9S9+oP65CwzDIBAIrLGB1QJjpZgvIBvkLnO68Bv0sCn2YEJeAHPVDljbroOm6VLBYOSWCtN6JYYqxMKIBBL2vnsKp/Yo4mNPkP1uQvRtI75d2Y9nh+jHeQZ2zsBQvksYkRiQxS3VYsS4MPQngebNwH0R/j48jhEZ/XvZoEUJc5sChrLlAnKdDEe0s/MGrPz9ay3ChGxTdpXBB7kImUyG/ydyBuZz28H2KAEulNBSCHL4L9EYldMMb6DRaESDFXsxdP4w3stE8Hg8cLvdcLlccDqdmGu/ga/qEiw0i8C0FMCr2oDJykJ0lG7spMhzJtRIthy7faDojlK6VbXW0+0t29YxIqcXiDZ3+Q8f5p7zf7M8wtRUBE6BAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLpZNbSNNxFMcN9b3opZce7CHqIagegqAgLB+NyMIMFCRBSX3wPm+Z1ZZZlhpT03ReZs7ZvKDpps7LmKa2uTbTnO7inM3L5vxvc3P+1X37zYeVGBF04Mvvxzmcz+/8Duf4AfD7Hx1yDPIKg0dbHonlnYz1r8JsWt6VRUubk1ZE1Unt7e+yLv8VIOGzylS9jG2jegxry1rYbFZQlAVLCyqopDwI38duNr9JyP0jYIjHLNHIymE1G6A2WPFxQI8ywTRK+d/Q0KPB5NwK9OpRdFfFgcOMSTsAEDUUXJF1ptKWVT0kChNaB/XQGG2w2Bww2zahXrShoVeDtmEdZhU94D6956xiPbzgA/TXZXTPk8D3hXXwxTp4zUpRmPuxjC1y98rhASq6NJAqDejjpqAiJ6LBBxioT1w2GabAFc1jhrzs3PHA4XSCXcPBKgHZ3W4IRAOQzFF42aTE1EQzqrLD9D6AuC5hy2pZQmGjEqsuGlb3HrZJIPNxPritHcjIy0fv6DimKBrJ7HEs6sdRk33H5QMIK2O3LGta5HMUWHTQBLIHI2XHs1dF+8kShQrmHUBmoZFY/BkG7TCqM8N+AQSvo3TaqR4U85UYnqdgIp822ml0D41At27Dyi6gamFjIPIM+oMD0R92HE2RZykfoJYZxRlqZmBUOYcCvhpm0jArDdj3iMh9vq0MqvSr2PpUBM+MEE5eMr7En/P0Xg9I3AdUP48/X/8k3DUrq0djjxwv+LNQ6DfgIP1wOGn0R5yCiySjNBTIOAawgmAuvAbRDX+db5Aq86MZHwruYmasDIMTMrA4Y0gvHUFKsXS/bI+8Fb/bRt4J4g/wHBhldk5kbiXjlqOj/D4mxUzoZrjQTdei7/ZRbFY/AEiSO90PViJDnD9EIf5Lh5aJnRt9qSQtrOlt8k1DeWqoyytBzEVqLOa0x5QRhLXMQGhjjkAcGrArDPHP+ue1lYafZJAX9d6yyWn0Jnv9PwH2GPv45gRecwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHqSURBVDjL3VJBaJJhGDZ+F7Sduo0gYoeEDkJ6iV00t/Yf1H+il99TMPrFUjuY1XQKpeAOggMV9DQPnUTQTg0Xc6B5GSM7WXj4N6QIKdKgNd0yn753B1m3H7r1wQMvz/s8z/fA96kAqP4Fqv8owGAwzHg8nifxeLyXz+cRiUQ6Pp/vFsMsm2XiaEca0v4VoNfrL1qt1kQqlUK324Usy6jVaohGowfhcLjebreHxDUaDZCGtOSZBOh0uuVAIPC91Wr1nE7nlsViGblcLqTTaYRCIdBMHO0KhUKHtOQ53yARi8UGmUzGbbPZpo1G449qtYpms4l6vY5SqQTiaEca0pJnEqDVah+43e5+Npt97HA4tk0m0ynP87Db7WegmTjakYa05JkE3GBHEIQPyWSyXywWv5XLZeRyOfj9fgSDwbO5su7Brnjt987CFF7y06cvTJc2JgEajYZjFW+azeZDSZKOvF7vgOFEFMW7DIvZFX74LjCPwaskxu8r+Fl4hH2vdvR6Uf1Q0Vtv3+HkY2ZGWgBWLwPrc/iauA3GHygK2FlQj8dvyzh/+s9mQbyyBkvcx6PNewAzDZ+q0GPo3OfA+E+KAt6IV57vSdd/fV6dw5fQFGTpAqqCelRZ4tYU//mGeDXIbjyk2tSIzMT/ASTzlHJFEjXFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGqSURBVDjLlZM7S0JhGMfVox+gqYZuQkMETYZNQmi2+QGKligiCBoalFragoqGzDM41NRQQy4VKDhUSyC0NLR1EeKIt7wePV7/vc/BI97NF36cA+f9/97neQ6vCoCKrVGGgWHswyRDQxkFVU1gkCQpWSqVKuVyGZ1g3+Fyuc5aJYrASOFsNgtRFOukUikkEgmEw2FZEgqFwPN8k4SWmgS0IZ/Po1AoyE8ik8kgmUwiEonIglwuBzrE7XbLkjYBhRVIQIF0Oo1oNNrWUm0m6iYBa6O+gd6pb6WVWCwmVyIIQndBK40SqoTmEY/H/y9olFA7NBMSDSQgisWiPBeSEAMLqIrvWyde1mbgt+jwtDIBfl7D9xRQSCHoOceb3YT8wymq716I17sIbM9WfGbtTl8Blf+8OoUcC8NpAxxDwKEe0eMF+Ba5z75/gaCyq68eNK7EwQj8Zm21UVDtNoPH5XFkL9YBFpLsKvwyglscfFbuR7kLc2zKItvc8TJ93ZwgsDkNwaFHZE+Hjw01/DZtxWvl9hXBGEl6XeXLpWH+zsIJVPa9hQtfmbgjyv4BPlWugike25IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANBSURBVDjLXZNrSFNhGMcPQQQRfYv60meJoiCtROuDZRcEA6MP3ckwS0tlZVlptnXRqavMaqZ5Ka1Jq1bOmWiXs466mqZzLs0103CmLp27HOdlaf+es2xFL/xe/jzv8/+/vA/nMACYsWpmDiEmjEQTMU+o/wvVFs+e64mAP3XGoWLmEtljzXv7vSMsXM37bHp1ZEPyK6+WsM+ifa+O4tyGuJHxzjQ79euJpb4AWwWT6tLv/zY1VI3hd9GOD8oQXtowglvNNhS3DfoQ9DWuB23K1R6nSeLh205+J18LMZex3mPOu41p9qH6aIfuQciPvHd9eGQcgIL7CrmqA3mPO3DvdQ8Uhn6UvGXxSb11Ztz6eHro+TIzeQOYLwXMhq7C+ebGopWebLYHFfo+qNhedFtdGHHxGHaNwdznQnldN0rqe/GoUgajIniys3BhK3kDfINILq7KSXlqQmFDL5R0m7BGnU58/jaICdIC/E/gjqYbcq0F6UoO8aW6K74ZCNveghbtqScm3Kkxo5Nu9vz4Cd7jwe2SUtgoyD05iae1b8B9diJT2Q6hV/D4A3bmcnaRohVZD42wjXsxOjmDKTo4K5bggaoSKRckqNPpwQ5acEKuh9ArePwB2zNr7LFFeohLDejjvRQyA6vTjcuyqz4zZ2hHWtMJiOpjkfDmEGLL1BA8/oBt6U+0u66zkJS34K3FiQF6tNXtxQttI3rsLgxNAymNiSjvzsfVVgkSa2MQmXWrxR8Qduq+OEL8HEl3dZAqzRimgY16AfcMQdpBASfZeJSY81BMSBpTEK3cjUj55rW+gNAEeRDRseV8FUQFHLKUXTD0OsDTPHiPF0bShyujkd8hwyXDaeR9lCK57hjCczb8/dbXHpYdiZOWe8LPPMMB2UuIbnJIvtEA0fV6HM9lsU+xG7ntGTjXlIgc40UkaGKwXrxmwh+g0+nCTCYTXrPcdOixIqw5rsC6JJUPQe+4G4Ws1guQGtIRrz6EkPQgb+Dplb+foNFoFhG8xWKBuqrKvmpPmmTFrlQtYZ9FG3Fj84Sk6QyOVh5EcGogDmTv2eEfYllZ2QKii5gilv//KwtslIaORuRuQvC5QEjzM4apb4lQ/wXCx9fe4QKeWQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLjZPfS1NhGMfPXfh3OG/E/yBImNkqrYGCzAthh+WNgXihwQYb2CoYukGwsdRLoYUWQbRAhqzc2Q91IrrVhlhLqznL5Tyb23m3s317z1szBzM68Lk47/N9Pud5XjgcAK7OVfM7/a2piE87HalRoLVHStrp1VKvLVi7fE9wns/WaXi58UgoH4kl/CxIyOZ/cyRKSKRFmF/tw/B4p3jl7utLFwp6baHiySnBxheZUkHkM8HKrgSpUsVGWsaDN/tQG/1PLxT02EIlRbBJBZtfZaztlSF8JEgdFqBMdnh8im7LSqWpYHJysqXHFiS5AkGMfi12UP0zRRm+D6fwxvPI0dWu3Q8QvV7f0iCgzQZKnl4WjqkgcVDDeyrYpqLoXoWtsbxTpLUyrlsFDA4O5vv7+w1MQBu7Z2dnEY1GcXsqjCwVJDM1JCixb1Vs0VXCdIoAXSVLBTcfhhEIBDA+Pg6NRtOtCLbpg0wmA7PZ/F8oWUEQMDAwsKsIiCzLUFhfX4coiv8kFAqhnh8bG6txFosFhBDG4uIiUqkUEzVDqc3Pz5/leZ4HZzKZkEgkGG63G8lkEn6/vylKxuFwnOU7OzvBTUxMwOfzMex2O+LxOJaWlpoSi8VgtVrP8u3t7eDoHvB6vQyXywV6Jwyj0YjR0VE2Zl9fH7q6uqBWq9lZPd/W1gZuZGSk6vF42IHSuPD8JZbfBpvybOEFOjo6WHZubg6tra3gDAbDzNDQ0LZOpwPvCqNYIjg6IfhBOcxJSGdL2PtewKeMiKJUBu8MQ6VSKc1bFFPDv8C7ItXhJ2sYdv/lDmOVodR4Z6R6vucXuxIEyKz+W40AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG2SURBVDjLY/j//z8DJZgsTUdmCkodmSV7eO8EkQayNN8+WPry3YOV/3d2ib0nVbMsUPPrT8/3/n9+Nun/1hbxP6Rolr99sOTtZ6DmD7cLwZrXVUt5kKb5xb7/P17U/b+4xu4/UHMRUYEI1KwK1PwOpvnSOgeQ5vlExQJQs8atA8UfPr+EaL662QWk+diSPDlWnAZsWjufedOaORyHZ0lrgzR/ebkfrPnWbm+Q5odAzYJY0wFQI+OmtXN5N62ZVbJpzYzrB2bIfX5zaxJY86NjYSDN34CaVbEmpN4lK5hWrJonBtS8ddOaeT82rZn9b8vSmn87u6X+393n///gdKP/QM3OOFNi95Jlks0Ll6+bOG/l//OXzv7/8+ny/09PD/zfPD/vHtTmVJxJuXfxErbW+UuyG6Yu+T9t15X/rQt2/k/t2vK/ctKa/0Utk7YuyFeXxpsX6qcvXdswe/3/tpXH/neuv/a/cu7J/9E9V//7Fi57n1w+QY1gZsppnfMvqWb6/8iSyf8Dcyb8907r+R+QO2tbbNHEIKJz46bF5SybFhVZbVqY17BpfqbEpnmpfJvmJfESYwAA/ZPGvT+K5AYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK1SURBVDjLbZJtSFNxFIcHgjAQgr6VhBSFIhhJQa842JdeLBMyVIpSSUtFZpIIaqa5UNTpUKebmR82FZmmzpXiHKawhqKUlUVQCEEE1ZfQmFg3n85VLN8uHC738H9+5/mfTQNoNtR4S7iUidHmacYtCl6zwnD1NEMPTPSWhG8+vxnOEzDAZBe8ckm5YaYfnjtgzAI9+QGcuXlbA8ZbghmzDTHRDi965HAzDFYiU6H/LvQWgKsERmuhrxAeXhmi+XLw/4DRZjOTAqsBw9WKgHrR1f6b1JGtxZ6up+2aQo+EOTLBfM60GjBqieJZvcJEp0ysUOgvDaOvKER0jaLrpz3Tjz3NiDU5BFtCGA0XFJxyiyqdQuWJSA0jJjO+NtEzq7p6+gpC6c6b42k5dOVCZ5a8b4M1fo76s6FU6/USAq1XwRht0ojue/ztq3fruaMV3W7cZYiuk5YkHY3xOtF14siQqTHdVB3Xcv8wYgaF4W81oruEX7bszFWbQaIbwHEL0dVNTU3F+Xy+SNHV0RAL5UcClB4MoigCOnIkYN8Pjegu4Xski0lXt6vFmqjqfqPLcErg316v9xdNCWdE9xP3oqDggJbC/atXK967oJHtfuBxPqIbEN1g0Y1Rtyuwg5lh+OjB6XTaDY3JxYbGpJ8ZtRdJNeqWO0uj1QC5gjXZILoZspgdaz+bwDtl8oLb7V4WeLncWjBf1p3Kk1kLM1881I1kkVgXRaohdECz5a8sJXCTwArfX8LXKa5Xnsb1xozrXT3qU+NNp857k6PZuxa3gw8J/EedbLfbfTabzXe+KJrB2VbWPwOvLWrA1ukCewVeFLh1rXcyZ49S7UmjwpOyAlcMp2xvIHCswJ8FLl7fl4PGSzURmDw3Viarb/Vb+jUbAgRuEThuu73I4cpj2bsDqrbUvPqt9v8CPKvGd70s+8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLpVNNT1NBFD3z3uvHo339gFZoCxpqRAlBJayMG4wLl2hYqT/AhQsT1xoTV65cEFeiG5MuJLpAJTEmWo26oBbUhSIfEUhLsLUt0NL2fc44r0UDhh2T3NyZ5M6Zc8+ZSxhj2M8SsM8l3RybSrpblIFCxfBsqaZAOSEKBotvKGdn8aC0ed4OBmIZRm2zkPmxuCiFg/6uK8M9Ps1gxO0Sd6GT//ekmeuaKdY1K3rxjqYK+bIZ101KEsk1ZAo6qhrDSpEiU6LIblCsbVLkKwyFKoNhAdmijtEXa1ivaoIS7josVDWLuBwCYhEfXk3nsbFloN1H4OBknCKBU7IDCMgExbKO8Q85BFp9aAu4GpyEmmo2KMY7vOhs9+FlOo/1ioGQV2hcdNpAW5+Qm76FiY8/EWrzIR7zgmybJ1RVq6kmL4xHvQgHW/D4bQalig6/m8AjqSgtjEMJ9aNPft+okaUdNlbrTQaEq2MaJtwSxcFYAJOpPLIFFauzE1DCA/BFBhCuvYOzNtdg9ldZoaZZsNnouolcqYKudgUn4kEcORRE+vscaiuT/PUArPIzRPsvQVhOgBoaGv+PERvAZLa/+SK/HFbg9zg5RYLuAzKOS68R6T0PqDNIPUrAG6jDVUxBXXnDrTQ4AGVCtbS6rHEfj3XKLBoU0OqxuIAWlFoabrMEJVgD1ZbsYlhczO6h62j7lUAuX1LLv7NLpO/C3aSzNX7SpXg8kkskElfTwXW4Fnkonj47TNyOKVA9u92zA6JnELkFAYnk/Gbia/wz2WuYZu4PXQ31Dt/r6JH5qyner47pp7MYHOkFEf2AfA7pBzfyjNIzewKkRk9l+y8nYqKwDGau22rtmj9RPorcty+Yf377ibTXhJma7p4ZG6lzjXjrdEewfxl2ZqzjD9JZU0+1XOyXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABhSURBVCjPY/jPgB8y0FHBkb37/+/6v+X/+v8r/y/ei0XB3v+H4HDWfywKtgAl1oLhof8TsClYA5SAgEP/27EpWIxkQj02BbOQ3FCGTcGEdV3/W4B6K/+X/M9fNzAhSbYCAMiTH3pTNa+FAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLhZJLSFRxFMZ/995xXpYzaRn0AsloEUlQLSwqS5ShhGjTwtpZ0Toogly0iB4uWrWIVkLgvsVEi4wKsUULIwQxLGyU8TE6vmbm3v+9/0cLnXA06ducA+c7P74DxzLGUKHB3sPALZQ6h5HHkBKM/Ib2PyH8V3Q8GF1vtyoAg713UOoRsWSMSBQsB4wCtwD+EsxlXEzQzZVnzysBg71hjHlDtDpFVQSWcuAug6XAF6B9cCIQr4FCHhYm3iHEZW689m0AlOohVp0CIDeu8BZa8d04bXctLnVbiGKchalWJocVSkF4ewpRfLKa4OPLo6CHiO90WJ5QlLyDWHIe6d/HBBfWEnxAeE9Rfh2B+El9o0NmSKGDphDK7yKadCjOgldqRwuJkd+JJRso5MGxIVTTTDHfiRBnUH47s2P91O13mB7pslHe6t2FOQjcLwSl24RriuR+9bE000I+28L0jz7iu4rI0nWUO8jitCS6DdxSKoRwG8BAUAJfiJE9bTlL6/HF2vMdWutOpRRaa8JefkbUttW3DD0WBH4BnCTa3xtCuiAFuEVQXqhQtePqseMnT7NZu/v73zfheTaOsbA0WMYJUVzJMDXaiFdwkZ4h8E4A9LydrNi+d3EftrdyCktaGLPM768JIBPi2otD641iYCBS7s8eqQdgfN4HwLUicR4OS+BA2RPamFMp9bcfm/UqZlLKTXdtApRNN5urgVVY+d3Xw8uyt0pg2zbZbJZsNott21sC/pVgEUgmEgkSicRG+OJ/AUqpdDqdblNK1Zd/YK0WtNafN/r/AJRSSvzM+v9SAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ9SURBVDjLfVNLSFRRGP7OeO88fJAMGmqikAaalbUIJ3NRROAiwmjdQmqXFdRmaOGiB4nrMmjRpk1LIQjK7CmmCFHWIAguMpGhnMGZud7XeXXOndF8YAd+/p9z/+873/n+e4iUEnrx6wMSBw+BjY1BMgbJOQSlEKVs9vZCvnmPivFXBJuWsV5sBslNQKH317NPsX39I6AsIBGeFzQHRDqXamMXgtAGgfooFRjNzeCaRIXO3HVBWlshbEf1+P9R4NM7JDM3GDluIXYirL6UlfYJmO3Cn0mBq55dCcLnFpfAQhbtuFTphZvAeUhdQZ3ObJjOIqKh5xbp5kvbCYiegnyW6FLlqH/sdp3nR5TcVTB3TfniKhIlm5QhEiUon3+cBpV95o3U9FYPOEuytst1HouB2zkltQiU1IdwbbDcCuxsDm7TxTpR4MkdJkrBemjFfginUATqU5kaHfWCWlAHLJ+Bw8oBj/fs9EDIuJBlgWShCbieexHM/WL+7OUws5xGPt5RU7h/Or9qZYdfPvh2r2SiLP5EjG5I3wju46OTwUK9gVPtJ9EYP4B3qdGqqR+f7iYGGqpLV5BZQi2lhG+VrlUokvG1NI62dYKHODrrz4ITisThbg29WjKRThi5ORDDVBz+Fuk6/lgrMEklzrdfC9pvnXmClr1HdBktKnDEkPHladokNkJmVCkRgQ/6DUCNOa8MTC1PYmisPyAYet2Phd+zunQDAuPm/LRw+GDk7XA65v+Euaca4Zp9KhoQidfiQm0jpmYnEVaev/g+gjAxMPH1g4Y+IuvPOaBLtnQJiyVBRY+QJA6uBZCsYJi4UsULv4joU21VKgoqRqYeLif/Al7ruK6zYN/dAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE8SURBVDjLpVM9SwNREJzTpx4JaGMn/oJrRMtU/g2xsLD1F/gDbK0lpaAgNmJnI1YWasBOELs0QgQDfsQ4Mxb3vEvgipwuLAsLszszb19iG/+JsHf6dDU3g9WXdzdtABIsAQZowjJkwSRkwyQoYX52+PYx8F0w0FrPFqfuuwP0P1W5ZW2hi9vXpViXsXOyieOtw+b1zUMr2T16tGnYBizYhqR8a2QjquxRkAjJsIhgGhsrg4q9CYDpmGWMerZ//oxgC1mW/clAnl0gIE6UqvXbLlIqJTYaDeibCBRrAX97ACAKwXIt4KgHEhEUGdQBlgOE4Khd0sTAMQZkzoDkxMBiAI1g5gzSNK39jJYQJKHT6SBN00KGpDFGVfJ6vR5kIyQetg8uh9tiH+IIMNb8hPOzNV2cuATAX+3kv9/5B7T5iPkmloFJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLpZNLTxpRFMdd+EX8BixZ6VfxQ9imq3YzSdNVE2MNyEMYAeUNofIKEBjA8CoiM4BCgiQgaJqWtjySAc2/585iogG76eI/czN3/r9z7jnnbgDY+B8pj3w+v5nNZncEQdhLp9N8KpUqJhKJYTwel2OxmByJRIbn5+fFUCjEB4PBPZ/Pt+PxeDZVAJm5SqUCURTRarVUNZtNdd1oNFCtVkHBEA6H4XK5OBWQyWQwnU4xHA7RbrdRr9eVn8vlsiK2ZnC2NxqNMB6PcXZ2BhVAacu3t7eYTCYQbr4jIP2ErzWHt/0I780jnOIUjsoDYlcDjH//UYAOh0NWAXTmbTrzUmpew3bRA196gONqAndrARfJevkLXzJ9fI5dwxkvwG63L09OTrZVABMVTBuNRpfVegPWlIRPvhI+nF7gHZ/FG4sAzl2AP1V8YX4BYKJKa6nSy8srEZakiPeneby1CvjoKeJrurRiXgEwUZu0fr9/+a16iVStC9/FNSLCevNaAJPX69W63e6nxWKhdIfMT+vMrwKYnE6nl7WtVCqB53nbPyfxuSjyFvV4l9pU6Xa7yOVysFgsebPZvGs0GrdeBdBoami6ioFAADQXoPHFYDBQ3lQXUHFxfHwMnU5XPDw81KwAyPxDkiTIsozZbIa7uztFDHJ/f698Y3vJZBIHBwejFQClzbFIhUIBnU4H/X4f8/lcUa/XQ61WU+7A0dER9vf3ubU1sNlsGqvVylGqWZPJ1DEYDNDr9SztLqWdpcgcmTXPPX8BpLUNr3FYePgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKVSURBVDjLfVNLSFRRGP7umTs+xubpTJQO4bRxoUGRZS1CCCa0oghatkpo4aZN0LJttIhx1UZs0aZ0UxaKgSFC0KZxhnxRaGqjiU7eUZur93n6z5lR0Kxz+e93H+f/vu//zzkK5xz/G+l0+rlt23csy1IJQSjDNE2BL5V/EWSz2SAl9IRCoduVlT4YlATXhZxNOeFwCMPDQ1APS85kMu0iORqN1tfU1OD7/BKEuutyuNwlIg6HyAzDgDo9PW04jlNBISft2hSoadpBy1hf14jIRfJKh/ymiuR4/AQKhQ2pzsXFhUsuQ7yQJiLhIN4OvEFT8xmpLv5JB4JVJD/sSdM0BYpC99JNooitzU08uXdOKo6nP0G4PX7tZsmBsCpUxcRwpBaMMSgUrBziWRBwx0WD8xGJBEPeaQQv94AJB9QTImDweDz7gpVRjsUBtLREcDLZhWOBLJzVdMmBVV4ehSnwqOqeukRRAuGFQAZR308EG5MoLgwhGCAHc68R2vZCFSyiIaIEoZg46pP1l4aC5Q0bTZFlBE9dh6NPoioax46TQ92lJiQ3xkoErFyniNmvf++LhmgAljZPAnlyVERFIA/s6Ciu7JQIvF4VjztPy+WxLBu6bpArF9VWDuGtQXirXbj2JJhbAJgf3DIx0zeHd7k4VOrk09HRD227G4Uw4vf7E7XWFHyY4HUdtxRuvofibGFiUIfXKMJDJaqtD7CyOIJ9Z6G7u/s+kdw433rxcrzQi/qWNpj5Z1DVICZGdAxOxqCxGO0DG9s2xH6Y2TsLqVQqRkuWam+/iiN+P5heAcWzBE9lDFPDv35/GV/tetQ79uJgf/YIyPo6xef+/ldnRSmNVWto/rGAoqabudm1zru93/oOO3h/ANOqi32og/qlAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKESURBVDjLjZNPaJJhHMc9ddulU8ei/WkQRQwanbLD1JweDDaI/q2cDhQWOjGNwXTCBk5BbeRczZZjNx1sNWaBS802CNPDOpgo2y4h4kT8O53x7X2eoUvaYYcvPO/vfX6f5/P+3vdlAWBFo1FecGYYm5q7+Pz0Clgs1s0z5iJpvhYOh4vft0P4sR2A90kX6vX6mUIhGo3m3Orq6tCn6RF8mx+B93EXKpVKS0qlEorFYjP5fB5HR0fHgFYDPzYedP4HaEAaKRQKqNVqrQYbhhGEHFJs3O/E4eEhzcvlfWiW9vGCidq1B/XiHlRMiEUT0DTYOjZYH+xEtVqlIc1L/jRcTN5/SWNxMw2Fc5cCiFWLwfqkFF9fS/BxoIPSSf49dYxpVL5N4PmbBJ1BuVz+c6rB2r0OOiACaDwKCTmRPDtpzuVyyGazRQbQc2IwIUFwdhhrovZm89i7PSgWkhidT0DuiEM29wuyVz+RTqeRyWROmcGWH25hO7xeL8xmM5xOJ4xGI2KxGA4ODpo1k8kEl8uFtra2O02DD+PMl2h5Bq3gFqxWK1KpFJLJJAKBACwWCxwOB+LxOK2FQiG6h81mL7UYLMzNQq0YRWRnB1NTUxAKhZBIJLDZbNBqtXQtEAig1+spRKlUFk4MtGKMPeLBoJugADIwHo8Hn8+HSCSCYDAIj8cDLpdLXyMBMKBqi8HMtAFyiZgCdDod+vr6wOFwIBKJaMia1BoGUqk0Tw1UKtWl5f6rcAz04GE/hyqT01ZWVmC326FQKMDso2tSc7vddAZ8Pn+XRX5nkqGO87fHb1yYHLx+Wc+o/xaLxWWZTFaVy+U1Zli63t5eOXNdIjVyj+zp7u7m/wVntrWV38u6ZgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIOSURBVDjLpZM7aFRhEIW/m73r5gWB9UFEzAMsjIIIgkViFzFgJbHR0kqI2Ahi7KzsrEWwCQZsBFFIExWCqJWKClppEDTxEVCym73/a/75LW7AFIksOOXA+eacA5OllPifyTdbTt9dSVEVLxCj4kVxosxM7c3aAjivHNvfjaiiCSQmHrxstO/ABMVHZWVVCDHR11VhzWj7gJYRvCg2KBITLu+gaWRzQLp6uWxRlRSEFIRi+ArOJ2xIBFE6q5GGjf9wMH4cVMliJIuR5lvFScK4SIjQVU00toqQgpCJwOtXIAEOHWbNeGxQCl9GsNsyxIQtAM6XAGchCARh1SVcUIxTQkz01hRtKRefnEvBC94Hgg04F8jVOjpEwDoIAbxnraVYnzBe8bHs4pTc4/TMU+LyF6Rex41OcLv2jVzN+mXnwHsQQUwoHawD9n28w9jgAgfGL1AbPoh5N8+HZ48ZwdChhS2FxoC1EALaUqwvAcYre97fYmR8ks5PC2QzZ+levM/QQJ0jn7+Sp8LAxggiqFHMBgd9zSU6+4fh5KW/5V3bTb0I5FqYUjg6BjGCCMkIXhL9fVVEodGzi+LNHD0Pp3DmOwXQbFT4XcvJb9ROoLM/SU5IIZJCRHsjc7PL4JUUhZ3bJ+l/Mc/Qji7ySpXmirD4o4NH7ihZu+/8/MzAdOvX8vlKzAZjJS0luDkxL9f/ALqCe8YKiajkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLpZNZSNRRGMV//2XGsjFrMg2z0so2K21xIFpepYUiAsGIICLffI8eWiBBeg3qQV+KwBYKLB8qpHUmrahcKLc0QsxldNSxdPz/79LD1ChBUXTh8sG93POdc75zDa01/7NsgGvPR09rzQmpVZZSCqlAKIWUCqk0QqoZWyKFRir1uvxIbsAGUFqXHQqkpP1L57M3Pm5MMJBKpQHUdF9BKIGQAlcJXOlOVykSdye3leO6MmkGQNyHw+uO/1X3bzGBK+S0B1IqAKqDg3986HeCZPffwvJtoNT7lOZLvUdtAPEDAKBkRzo3QwMUb89InN1uGGD3spdE214xe8MRUnM2MfppNW0Pqy7YAK5UKK2xLbhdP4hlmdxpGMQwwQT8ziNiI534c7cT6WrFazikzF2Eb8HS1IQEDdiWwcHAQmpehTkQSAcgNvSMiYFW5uUUMdV3HW+ywefGNqITJsbUUL75k4FWYJtQ+yaMZcXrk1ANk/33mbdiD7EvlRieETy+FJLkMFcjRRSW3emIAwiF1hqPBfu2LGSWbbA1uZ41SfWkrtxPrPcypsfFiWYzFGzGKTjFV28WEJeIUHETLdOgrmkI1VdHpCdEet5enP4qLK9mKrqMgedv6cyrAP+qxOTiUxAi7oEJi8frELoFoTLpa7nI/HQvscgSRt+0kV1SSW7qYtp7xrBMphm4Mi5h/VIfTcEq1u0oJaknSEdNiMYHET7UvcMpPEN31Ed7zxgASmk1I0g6dK66s8CRak5mVxjnfS05+TsZCw/T9baTx1nnGb47DrQksjE6HrsHYPz6nYt3+Sc3L8+wA2tz0J6pF5OD4WP7Kpq7f5fO79DfSxjdtCtDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpZNrSJMBFIY/u40wW5sNkS7LiaCJgakF3tDUMZ2aYZE4M6c0p2KiGLl0ec+cqLPErTTnbW1zltHwkgqSaYo6zRKjX0IZlJEg6Uwne/vcjyhKDfrxwOHA+3AOh0MAIP6HPxrJHgfF5Rz6kpR7ABIOFeIztGWeG6PonwSJbvTrNeE0U20UHfdI7kbSUBJCRbrvfhP3hHX+tgIZlwoFGZSQoRLuBjQUhzJwzZ+OGDfq4raCEt996JblYK5LgpG6dFz1YyAj0BYpQSwIvGhrTVlhlC0FtbHMryuf3mFxSIaPvRWY0uRitqMUC7N6qIT2i68bkvdsKbjDOz64MPoQ8+NaGF6pSNTmekGvwv14l/EtV7DhKnc7eCc3qVLd8X28DivT7WYMk0o8znSH8IHn6hWFK/4qYISoKNaclqTDnD5Mv1+CJjsc6uwwMxv1i5lvuCT3Rr4uGhfljr9JCOtgjYUVWxPHDB3EzJwBLXNAxjSQpvRBarMnEhtPgV9/EjntF9A6VoVM7VkEVdoYfcpoFmaBc2R9ROB5CbQj65BPAanDJgj7TUhpPo0nEzV4pK82B9VjUkj7MtE4LIFQyYZHCcXoUmhhQUzkOK7P67JQXa9DXBeQ0Anwn5qQQO67Ea7oSUNpdwqKOwXI0/FR0JEI+UAhYhq84ZBLrBJTYifTQk8BogQKFPUug9cGRKtN4NU6QTMqhXKkHI0vJagfuk1KkiEbKIBAyYGdmHh7SETsJd40pYr0Igcjn3/L6BHXD/4zE+JJzsnsEVx1BAGVNvAqoyFW4Yma53mIb2bDNd/ys62IoPy8wqw6yermjSLrYxE6OdOv4QMrqHWZxW5bYwVq1+z8VQamj2LeOc9y7XJjAFg5OybJ8J5Nv3EzyJG/HM3eCYaI2PVr/we4bY/dzdCujgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpZPtT5JhFMafrW997I9rscA+FFu2QRurtlw5cQ4InLpwBogIPNFSiNJ4C+JVkj0QTBHQKFPQlJfwlanY1tXz3ARkn2jd27Wz++yc33XOvd0UAOp/RNGR/X5zeH9rOlTDVKAK3fsqJrxlqN27GHPuYHh+G4rXRQzZNjEws47Hli/oo/PxNsAU3qvWT3/gX3TPuHrWBhiC30nSktXDtKLB1NI4NKkxqBMqjDByPFkcxNBCPwbCfXgUeEBq705m0AZM+qsk2e3hau88W+4ANOy+XPLFQrkrcbW31KkOYJx9rBaAOzPR0gVHW6x593q9cDgcqB6e4sZoogMYdXzD0ck5ZhfLsHGKVfAqVoadKcMdzcLr82PuwwZCoRACgQCWVzdhoK2gaVpDAMNzWzhkAXamQpze/I4t13w+j2AwiFwuh7W1NXg8HmQyGSgUCshkssuU3F7AQf0c84kK3n68KFc4hXQ6DavVCqlUCqVSSdaIx+NQq9UGMsHg7Ab2jxtwp5rOvqUqia3CUqnEObWn0mp1KBaLcLlckMvloPpfrhOAl230/SGLxQK3241CoQC9Xg9nskKk1emQzWZZkBZCoRBU3/NP2GMBgXTTObjSjI1GA8lkEgzDwO/3E4iObXY6nYhEIhCJRHoWcIW6b1pF7egMlYNT7NROUKzU8XX3GJ+3D2E0GgmAm4Zbh2s0mUyIRqMcAGKx+BIlMeSiYu1K/fbEMm4+TaFnJIHrSgZX5TFIZNPo7e1Fj9QOs9kMlUqFaw9pCASCnzwe7x15xG6/rUQiAZ/Px9/5XyhZOMVGKlOdAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLpdNdSFNhGAdwKSNyg6ALC8GLoE8so49VRHVRFFQISlJeREXQBxWSSZDUpNrOTDoxSGvhmokV1TazLeekTBda9rVKmW5lYq6slgutOI7j1vn3vKc4rCAv3MXDgfPy/73Pc3hOEoCkROq/B6v2GdIWHLnhmK1v7ZtZ3PIuo9DmOr17iaUkLx1Ud6g2jgqo+JCU4x7Bs5AEe4+EhbYYMsv9iEYGcU+/VEZkYNkew7iJnHBrgl4YSeYEJJcIGF8qoKw9Bv8g8GkY8IaBthDgqatCsNGAq4czGbBLBhbv5VWT+EiL2Q9cfg2YA0DDe+AxBeqDQPvX3+/PdwKmfA0+PDDCuGM6A9JkYP5Byyy1SexgQM5dIJvqpJdCb4DWz8BDKguhhzxDor1Ig+7afBaG8hFnFDiyp1ZFgxa6JbcR2NoEnCLg2ltqfQBwUzcVhJc1+4c8/Br0urV/A9OKvJyxQ/qmfQ5so/D2ZoB7CVh7gN4fwP1+wEWjGK/XoKt6C9rOrWeATwHUugEn3RBjrW9oAI4TdJPCno80RlfsZ27d9+Eslxitcdpk4HbxCgboFEB1JvKk3CfhSjdQTXM7+yRorCLUZ8PSposvvMZX0bydtf2Vi9JT4avcjIr9GQxYrQBzC2zmVG2nkGIISyncF2mKLiDOKbQ+it8JCqy9dGCe3EH8/KMu0j9AqePEyoSAwFNTVkKAHG7i1ykrPCbAfmw5A46OBbjw5y9kz8nxZ78A90vOcDVd+i0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKdSURBVDjLjVNdSFNhGH7OPOtnbicKXVrmbFEg05QS9hPrYlF4E9FuuuzOorsg2IXRTUO6ki6kG28SEm+aELpBkdJIndOyQJpL05HSaNkudG47nt/eb7iRJOGBh3O+77zP8z7vc77D6bqO/12RSERQVfWlpmlzdH/o9/uVv98b9kEOETyKotwjBIeGhvh9CYTDYYEIJbLb7a7u7Oy00PN9QnBgYOBguY7bawRGLnd2uVym2dlZsDqfz4dQKKTRfoTg7+rqkv8RGB0dZeRhmtnNyDMzMygWixAEAR6PB0ajEYODgzmqecYy4fciE0rkeDxeIdefa8fzqTROW82g0cxU4yKYKxmMjIywmYcJFXI+n4fFYgFlgNjKJr6kt/A+mcX1Gzc5Il8gtBjK5HJnukzT09MVstPpxPz8PJayd8Dxd3GxsQqfk8vMxSHCgZLATufLXq/XFIvFdnVmYpQHREVCQ00zXi3cwsKnCYmNEAgExksZ0IIly8uyjLa2NqRSKYTXH2P89RNImgLpt4ITR8+iuc6JnJjH2+JTXoS0GEAA/I4Dl8Ph4MxmMwqFAmw2G5SMhKuO21B1DSQPDTrSG2tobbiELalo+Lga3TgfNBwrO8jncjkLs89mzmQyJcuM/D27BJlcKJoMWZWxuZ1D+ykvtuSCIZ6ayJYzaE8mkzLP84hGo7BarSQgQlEVHBcaUSfYUH/EDmPVYdRaTmJubRKTyxPrBQkdlYPU39/Pvu0K2a8VRREvMg9QlCTKYJu50c/UODiX/Ro+rE5hbPHNT0nBlXSPnth1Evv6+pjIUlNTUx3HcUgkEiKtW7u7u7+1BA35jkaf6d3i2A9JK5G/7vkv9Pb2lkQI1eywMDLbtz/i8qpWZSpqqv1Xj54q1/8B08jE6o+fnvoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpZB/SFNRFMftj5IiW9saIQjGQrBiUagEFWLDydrUhAWzNNuWTZ1oKIUzf4RlzZY6sWyrLZXhfFszQ1eac2SQkYWW0yH0l1AWITSw1IXK+/beK0RBptCFD+fcyz2fc+4NARDyP6x5qInbVVEn5sw2SHdCL2ahQsiey4jhVW9IkBPDKbmfyibN6Rw8oLgrY0MnYaEofgcpPcitWldglLLQQhXqqSKdlIaNm8k8XDnBQWYMa2ZdgS5+O14YyzHVq8eQpQiFCTwUJ4YjX8SH+hh7wapNCQ0qMGdF/gh8/4SZN0Z87a+H13ENk89vwz85AiJ378xYq2ZLUEFjxv5B//t2TA87MT9KUNiZ3D9C4KFKMBz0Cbults1RxzVWoiAWv4ctCPieMsx/tKHzciwE8blPeCLz1jUFPAkRyhW35UWIPfB9noWjLBX2shQGOn898QsRSS/BET66xBWatq0ScE86NoUlORSRyYOYmJpH2xRQ7APy3gEXXgHnewCtsxPFRgXU9acgvyEMiEsOVS4LDsia0xJP6+EcWoLJCxS8JZE7QCK7j0RWFwmlmUCVU4lnviaMfnPD0K+B3CDAkfzwWkbwoTx6adqlxb1mFxS9VFeqo7KbxLkOEmdsVKyRoGu8AV0TjaBXreciDJ4cWhBgBN6KfaTffR3p6hZU988howM4aycht5KQWUgklx1Gj8+Clat7rIkW/P2IcWtB6Uhp1KJSeWsxTjEAJTW6agVHC/m441ZB51Ywxbo+xeoJaCbteWGVV6u5e9JcpsiE1i980eM5flLHAj/RuSCQZy7KaqNR585mOtOR3i//wUagLtdQ/KTH/hdr6PM/RhGjA91Gi1AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLhZNPTBNBFMa/3e0/ty1tiZUChkZAESnGA54k4WRATQxJL2piYpR4UBNvnrwZPXjwiiHRBCVBUMJJ0UrlYtJEjI2JBCkEbLGhWGxh2+5u6W7XmY1LCkJ8ybcz+2bm9968mWE0TUM4HLaS9jzRxXK5fJS0h4lIt/yNtAukfUIU7u3tVbHDmMnJyWNk0rDX6z3u8/lgt9vB8zwoeGNjA7lcDolEAul0+iPxXQgGg8lthFAoNBWPx2k4bS8rlUpaNBrVRkZGBim4Uiz5tNXU1OB/Vl9fDxLkzE6/iTh10urqKmw2G6xWK8xms+4TRRGZTAbJZBJNTU0UgD0BJpMJ2WwWsizr/4qiQBAEFItFfYz6dgOwxl44jtMzcDgc8Hg8cLvdejEtFgtYlkVZVdFQnLInXnVPz/cHrm0BjAxoRFIsXSqZTGX4aL+0MI62didf13Ovw9kcePjlwZGebVswFlDRbPRFf4Gu/DQc3nm4Wk6jEJ+A2dlS7W4ojk3cbuzbAlRGNwBGBryyBFf7OajiDGz7D0JWf6K26wSvFLL9OoDKiG4AKzMT1SqUsj/Acmtg2AIsVWuALCK/UuRMdAI9KnITkUqlIEnSVoUt8jICmMK+WlJEJUMKtk6q5oRW2sT3F3PyzJxwnWZwJRKJjLa2ttr9fr9+DxiGgbj4Frz0Hgc6OqFthsCoOcy8FiRTbkXgyHhsUbh5eXhpjKFpDg0NHSKgu0RBcmQuenxt2jgaO7uxudZP7oELsx/y0udI6pZfll7a7By6BhM5/TFRQKUNDAw4SS2az/rePKvrPBVQ1iOYffc7/zX668bVp/PP/3mNOwGGfXp08r6j2tMnZgpSLJa+c+lxbHS3eX8A58zTPyvL4X4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH5SURBVDjLpZK/a5NhEMe/748kRqypmqQQgz/oUPUPECpCoEVwyNStIA6COFR33boIjg6mg4uL0k0EO1RFISKImkHQxlbQRAsx0dgKJm/e53nunnOwViR5leJnuZs+973jHBHB/+D/ah7X2LXWloilyMw5YgtD3CDiBWN4Zno8bQcJHBFBucauZfsolZDCru0OfFcAAUISrLZDfPzSKxuiibOT+T6JCwDMtrQzYQvZHQ5Cw2h3GK0OI9AWBzJJZFOxgtJUGpTABQAiLu5OOviuGIEWkBUwC7pasNZj7N2ThNJUjBQY4pznAoEWsBWwxU+JFXSVRTzmQWvKRR5RG4KVGMgKrAVYflexAAugDCEygdbUCI2F7zobk7FZY76DIDQgrT9HCwwt1FsBhhIu4p4D3kiS8B0MJz28ftfGSPfl8MPLxbGBAqVpptbslJc+fEPMA7JDPrIpH3FX8LzaROdrE5O51jalgid3Lh4b6/sDALh6971riErGcFET58gwDPGndG9JT6ReHcwfPorGygu8rdxvGxMeP3XtzcofgigWZ0/EtQ7n0/sOTe0/Mo7V5WeoVu61z1yvZzZX+BsnZx9opYLpevXp7eXKIrL5UWit0n0r/Isb50bjRGreiyWmgs76lfM31y5tSQAAc6czHjONXLi13thygih+AEq4N6GqMsuhAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEoSURBVDjLrZMxSgRBEEXfiBiIkRjpRTyAuZGH8ALewmtsbOAVNjM1F0FEwURwZ9vq+t+gZ3aR3RFEC5qGLv6v11XdnW3+ErsAs9nMpRT6vme5XLJYLDZW3/erfCmF+XzeAXT/QgBwc7ewASUYsOHidL+7vn1eVzCkzNX5cbdhkIKjgx0EWPDyrpXu5HAP2Ujw+LrcTmBDuu0y1LV+JVaaSG83qAnS2iBzPDdZQTKZIsqEgQYC6TtBraKmUJoqUaL+TNAMjLI5RIhaW/VMTxNUtUbKbgTDFT7DK4pMU8bExhRSpLp1DzwaJFFFDhQRUwSGp7ckh4mM7ytKUqNVrzIREwSXZwfdtpdWwsRQXWpT2WowFRHZxNl6I+l3BvXT3D98bAjH+PNn+gIL+yQjrYYUIQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLpZNrSJNRGMdlr7qat+zKaoYhjqYphRCWCtKFoCj60CeRpDB0djHUSMOZm0JhGEmlNhczXXunDgy7TNcVcsjGpk6dNsiJyyjWNg3ZnJfef69vMBBkFn34wXMu/995DocTBCDof1h1cvBJnM5RTsBVyYLzBgvfigjopbGDfyUwK+Nfu2RsTNcTDO5aAk4RC1/KQ2BqjetbU+AiOZip/xNyLndQSeCHmMBUIQFzTjDWFDiu0O0qzmJKU4OvPSmYuETAXhKM8WshsOYR0NZlRAUUtOXt+Dk99hYufSu+6x7D8fEAnLozmLEq0V3M8ww1F4QGFEhz+Aa3QQmHsQPeQZJGxdRuEwnp+SRjwCs0FpwIf3guwfayKBE+owxzI50M3oGn0JbuQW323vE7uac2rSpoFB6Pll/M0FjEofDZe2Go2ocu0VGG5dpjUWOEXpPlp72X5h/irhBIcrNYNunp5s+31gFTWmCsAfiQDWiOgXq2H1Q7H1TPSVCfmjBaHY4HFzJfNOQd5vgFZGHmo5n7bEBfQlPMBNGVCqgTQZGxWGjhwivbCKorHb/UybDf5UFekE76Bf3lu5ccz0uxpIgBOvgMlGoXPeZhvnkbHY7GbEMYnHVseKQb4OquQF+JYMEvMIsElFsroTfQL/TqCBYVOzHfsh0++RZ4mqIxJ98Kj2wzc7qtJhLTb6pguJ5A+QXDLZfLTGXxi45762G7TUs6BKtirWZjWByG/opkH52pWvEKEyphRK8oLan9aurkgCSGslRHYVTCwQjNkDgSpptcqrMwafZd2cGUyTZhRMDf+C/8Blefvm4GxFC9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALzSURBVBgZpcFdSN11GMDx7/+cv06Px3ePujrqNHG6RYxazbEaxdquuinoIiLqtoIQ1nUrogiqXdTdroLIIroJ2l1GDW0uNzWcHdGpO2tTm1M3X875v/ye5+kIuwi6Cfp8PDPj//Bf+OB8XbYp/UtNqjyLeWCKmCFxTBjGxHFMFISEYYgrhkhQJCoG3F3dWMrnFp71O5qrp44ebMt2tjSwS83YJWqoGmKGiCJqiAiiRizC+OQfDT+Hmzn/wcaqbCaVZDa/ghPhytR1+h/rZWxilkMPt+NiZeLqdfr69jE8PEXbvmZElJ5sLZnWvfW+54GaUZb0WN9WCs6jIGWsF2J+Gp1DRFFLEFFJ6JWzdmeTjmw9ThXP8/De/fJXS7giCTW8RJKjj+5nIypHVBE1VMGJ4lSp8QsMDY0Rbq/hopjVW5v4l6bzr/Rm7KPG2qpkJpNtSZZXektzOZZW1oic4JwgosQCJ595gu4DXTo/vTW1vLWp13K/nfXMjF1vnv1h8MgjnS/1dnVQm06xvznBP7311XGCeJvu1KdMjM2c//rj15+jJEHJi+9/395Yl36+JdNIJJDew7+ELibb1Mf4xhv41bXHuM9/+vQ3XlrD73qf7KnA88FLUFPhMTB4HDNHpI7IOR6o76av9QhbwQ6/F0/XHT4x+t7loc/OeGbG2+cuyInHexJ/bRmdrdUc604zMNjPyYOvIqaICoqxcu8m9VXNXFz4kSs3LhC4sM6nJIg0sXznLvPLOwRhE0Oj0wQaIabk1+aI1eE0JpaYzXCLQ21PsR0XuLQ4vOZT4uKYWJTIOWYWbiJqBGUBThwtNe04FcSU5Xs3aEi3Mv7nCKOz41Y0DvuUBFFEsRjR1rQHcT5qxq3VkC8ufkKkEYGLeKjpAP1dpxjLDzNybYzmuZfjkW/PTfqULE5enSncXu0tq6hCxaGqJOMzpFxEhTNqTBgvDuAlKhnJXWZv/jXW59c/p8QzM/6Lrne8HdFkqqjSdftDW+S+vwHrxbCSH7ilcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGMSURBVDjLY/j//z8DJZiggtx9Sasyd8Yxk21Axo7YSymbow4QZUDJ8QyHoiNpB/IPJP/P3pPwP3177P+mQ5X/6/aV/o9cFrATrwHFxzIcCg+nnplzacr/TbdW/19/c8X/tTeW/l91bdH/5Vfn/y/ZkvPfb7rbHZwGFBxKnTn9fN//jTdX/W8+XPU/cX34/5iVQf8rtuf/L9mc/d9nqutuvC7I2Zv4AOjf/0D//o9fG3YIJh4wy+OS9xTnQ2699kyO7VacRAUi0L/wUPea5LTGtceW9FgA+ncNyekgfJEfZ9AcTyagfw+59ztcgolbVBsdMi7V/a+Xr/lfK0v1AV4XAP27O2tl0v/UJbH/rRtM/5tVGf6PmB74v/dE0//khdH/VVMUZ+I0AOjflxnLE/5PP9v7f8rprv8TT7X/7zvZ8r/nRON/kLhKssIZxXhZB7wusGu22Bk3N+x/1Mzg//qFWv+1s9X+q6cp/1dOUjigEIeqGWcgAv17AOjfS2RnJt08DWbNTNVVVMmNhDAANau2t3wToKQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGKSURBVCjPPVFNSwJRFH1SPyR00V+xIqJVREIEUm6VFm1ahFvLiiI/oE1QRlQgUtgHlKhp41dlokVFpKmjo41M69MZlbi8d+Gec8897z4BoYcwREdj67fJsHqunkp728cjvToR/UoYs66I9og6OvjEA0o41FzeXWOfkB+6CZQIqajhGz/MRWQRh+dg3USCMNyvvbG3xVDQ5JFRJkXFNZZ8JNyZw1qbfTrUZuhwk1mihktbGRNxd45QqxvtroqMBip4pZcYHB4Rkhr44oh2H9bzJ/srHBLEYkoE1RZF5X8PLZ4qnmm3SqsOlQSpC1X6KhU+ssacwxlvW0ccSWnObOCdkK7ygUcSmijQ5BNsKeH1FMnOkK2wWOCtII9LDlCxBeuWCJh3tTynKVRJItG1meUOyqTMaTMT3KTTdwUNUYa+i3uCMvcSgR+2VTFAwo5xcz/EV6dps06VKLu/EMDUyeRw/7NcRoffqcXp+4I2X+DB9K/VbTH9/6Yey6MLfrtkV62d2cz8hmVcDPbqfy6NlFRFHkA7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLhVPfS1NRHP/ce91wW9MZrjLLKCNxTEgcG9FLj0EgmbApPfQHBEHsL9B6CnrpRcQeQpIiWgwjlN42X3Kza7nKGEXRxFpMhVq7uz/OvZ1z5ubGpL7w5XO+536/n/M53/O9gmVZiEajd/x+/7jT6TwmSRIEQeDOvjEnhMAwDCiKUsjlco8mJiZuoGosYWpq6i3FHev/pk5PT29WiZm3MBKXy+WjIA1HH+NfNn93zG6z2brq9ziBKIocHQ4H2jwdLIZAXaTXqK5/ft/Ebi6aCJiUqkm7BUJdsSjsFVgQmgmYsUbdvubjqOs6b1oFdb5HfO08j7a2gUCsFrPuZzIZLCwswG63Y319HYlEgl+rN/0EPT9moJa2YZpmswJCKpvBYBCBQICfzNZMBdH/oDQo4ODxEfz+9gJmo4CKAoMYPJBlGfF4nCtYW1vD4uIiWhUZnq4Q2roGsf35JZwo7ENAT2QWCoUQDof5dZiCK5fOw8gn4O70gPyah7d/HEdbPiDz8KKtkcAgPFhZWUEsFuPdX12V8enVfXT2jQBlGanZORzwKGgnORhlbbiBQNO1moJIJMIJzvY6carbC3dHCab6hb6fCVJM4+SFKAxVvZW6d85da6KuaUZyaUmiKFTmgsCTn8Xp0GWYpWVaq2BotA+mtolWVxaHB8b6N5Yf3KSpk1xBsVj8mEwklVQqjXQ6jfy7OA71DMHpLsAytujjS3j9LEszTZjlLLxnToCo+vXkpN8n1E9h1ai8jYGrc92S+JUS7PD5q++75OhD/v0bZJ9PPm3Z76cxVK1VnhlVLProFh2cPbdqCIaWdeQvTLNXD529QmkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALhSURBVDjLfZHtT1JhGMbd+kPaNElNnCHqARQ4TmnjRYRVSPk2hShMJ5IK2hQxdDqxZBnVkuYLpgg4TaeuzElutdXogyw/NNeHvrg258t0mCuuzmHLomVnu7frvp9rv+e+nhMHIO6kEsxzIZjlkLTO9Wcrc7xZ4b89MQ35gpfwZ8+fIZA7lT2j7yuM501karlj7L3/AoT0jXOcW7/6HF/2Ic+TtXWtTeQu6uSGuYMZkWIDr/tEAP85sZM7TRxGV/YSu9zxTHDcbHCG2GgN1CPwZQqm3nLItKyGfwKonGTOZBb4E8SOxFsAX8iFhfVR9L22gXk3CeXzcnjeOnHenor07nNIs6VQt04Tu1TO4+xUzojAzcF48B7uLFaiZaYYjTMV4DsJMLuTUTmqQn4R49PxBlTOIyonuM8yh/lu4utlXxHc7+2wzJXB6JOjdCQPao8CE+8eY2C5D2kdyeCpE6diInBG2W+IoQwQrgx4P9xH62wJ6r2FKB0ioRorxMMVG4zjKjx61QlmawpSzIz95MbEmpg3IJ5kHKonlOh9WYM6jwwlT/NwcViKB8sdqBlRoGrwAgXoRkoTA0nGM5GzdQlg3Iz//YDZA6yD675K2BcaUNV1CdaudrhcLjRbmqBxyNExaUBze3N0ZrPZtvV6fUNiVYL1GMB1ZHaxepjQ3q5Af38/Njc3sbGxgZWVFbR3taG6RY/Qx1B0trq6GvVIpdKemN/I0qWHao21CK6tQWMog0QqgVarhcPhgNlsjmqJRIyiK/J1GmI0GndiASxWj8Vq+UEDal06kPkklpaWEAwGEQgE4PP5wBfyI/FXT0e3sFqt4RgAk8m8odPptmmASF0QEeYJIRKJoFAookVrkiSPlErlIg2gvTGAZOqTyWTrdrt92+PxbPn9fjidThgMBphMpqimZ/QZ7aG9MQAGg3FKIBCki8XizxqNZr+6ujpM1Td2Met7mir1gNJ79Iw+oz209ye6Km+xbu69pwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLfZLPi1JRFMffPzGLNkW7Ni1aJUitI4IWLVpm0RTUohazqkVU0GhjGcGU1NA6dFQ0FX09QVHxVzr+eE9RRMw0NVslPcmn8517nulkOj44XO6953y+33Pf4SRJgiiKyOfzyOVyyGazyGQySKfTSKVSawC4VcEVCgWMx+OFaDabKiQej6+EcKRMBY1GQ1Wu1+szCJ0xF4hEIkdCOLJMyaRGB8lkMt3v96EoinpOwFgshmAwuBTCkeo0kRX/YZYbg8EAnb6CwLeJk1qthnA4jEAgsADhSHlqeTQagYp//B7j+d4+nn4BhMbkrlqtkgv4/f45CMd6lHu9npo0HA7RZsqGzD7eiMA7CdjaO4RUKhVyAY/HM4NwiUTiHOtR7na7alKhp6jKZgb4UALeF+ch5XKZXMDpdKoQlRKNRrWsR7nT6ahJxZ8K9OkxzNIhxJAB+K8TSKlUIhew2+1rs15CoZCW9Si32+0FyA4DPPpkx/23Otx6eRk6/QU8MW9gd3f3xNyLsv60giDIrVZrBnnGIA8cH/HYeh1ucRvZ7zxMn+/gquk0zt49Zlz4rzzPa30+n0yTSBCJQa4ZLsJZeAVn8TXNCozCOkzCbQIMlk6X1+vVut1umSaRIJcenoFX3MG/nyu/TYCjZ9zlcmnYS8s0YOfvncQWfwObvE4t3vTrVjuYhsPh0NhsNnnDtI4rxlN4wd9UlWml/dI3+D+sVqvGYrEcZ8l6Fr/I9t9VT/cHUXogzRNu46kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLjZLfS5pRGMf7N3bxslsvtsWuJBi0i4UNRrtYIeIumuwHbAgvXa0mMWGjMDebmSzTQtNuXGZLZr5ZXRQUJjm1jWmGhT9Wr/1UQnQX351zNkbt3cUOPBzO4Xk+z/f5ntMAoOF87O/vc6VSiSd7sFAoiLu7u2ImkwkmEgl+eXmZ+zv/wmFvb6+JFPqPjo5wfHyM09NTHB4eolgsIp1OIxwO+30+X9M/ASSJI+GnRWdnZ6CQxcVFCIKAnZ0d5HI5BhkbG/NbrVZOAiBSeVEUUS6XWXcKqdd/oFavMxW0OJvNIhQKobe3l5cAUqlUkCZSSKVSQXQzC8uoB0M2NyLxDMhoSCaTiMVi0Gq1QQmAmCQeHBwwqbSrZdQNVygN53wBVv83VKtVbGxsMCUajUaUANbW1kRiIra3t1Gr1WAeccMeymNkroTBme8MsL6+jmg0CqVSKQUQw4JbW1usAx0jGk/j3YcvMPhySKaKyOfzDDA1NYW2tjbpCOR56DszwPT0NOLxOE5OTpihVPrk5CRWV1eh0+mgUCikJtrtds5sNs8tLCxgdnYWTqcT5A42m43tA46X4C1qPH57F6pXNyu3n1/TXQB4PJ52h8MR0+v1fgqIRCJYWlpif+G91wi99wECm8P4XBRgmn8Kpekq5M8uGVmx2+1uJ1EbHx9HV1cXp1KpoFar0draipaWFtx/fQszyUHMfDWDLmP4EUzhJxRQZQCXy8Xmo7ObTCYYDAZYLBb09PSA53nceXEdnzbtOL8+JoYp4Jd8Oic1jbq8srJC/zwCgQC8Xi8mJiZwQ3sZA4IGfUInK+4LdV5U0N3djY6ODvo81GE0NzdDLpejsbERMpkMVxQc7hlleCM8ZJ3pTs9/PPifIMn9JMpU9u+9n97/BG848JbqijsUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcHLjxN1AADg79eZttvddttll+WxIGrAV4QYTbxoYsSLgjc5arx68qCGf8G7J+NBEg8e9GqURDEmEiOJAWNUwIi8sryWDbSdmc60Mx2/Lxw78caZ1fXVo1EUAYAAACAIgICymrt/7/6P8er66tHPPzklNIJyPgNAENRqAWSzBEFdN9TzWq3y0ckPj8ZRFKmUwuxL6fcXrJzJbJ18xFKv6/LlX1xMP3Nra6jXW3Z3eyiKm0Zp7t1jtWYcaQAMh9uGT7eMkkR2+m9JcluSJEJxQTEZm2Rj00liMkmUeSqEOYI4APr9ndQzi+/v4OPz2m+tWd+zV2d2xaQ8pDfoaUUNcbMlyXIhFAgaQDAcDiXJ2MP1ymilNPn6X6q5OvvZrEhk49SsyBR5alpkQqhBDNDvr1PPDPrLhu89Y+XTbeUre7TXCo9MtzW7+y22I81W0zibYkSgQQB5XkiTzHA0NF6qPHiC/Iv/1FWuMf1WPklMi1SeJubTVABBHACdzkB3OdVfXgbNtx/V+eCsuDpg7+pf8s7ERvcP7daW6eSaqPGOgDgAxsNUkhRI/bZ5x41Zw66DlSdPXbZ5PLUr+kYx+slg8Yj2uW1hNRPQEIKA5cFuFgZ+z0rXpk2DwU53XjtgX7xisrXXoDuycX1B54dLbrQqdbMFYqjr2rmbV13YvKTb7cnzXJKkkqLw61MNh7+6Ijl/3eZK0+3nHzdqBvtbbRAHZGVqq5ppt7qWOn15MdVd6Or/ed2+W5lWkwfPHnbzsZZ2e8HStKCuQUwQQkPPsknItKuOxdC16+I9rc2Jqy8dURxMvHz2oX/27xa1m5irZqWAuCwrVVXZ2PGcjVUCCMIhvMpaCCC8OPdCNBMttESNSDWvlFUlvHni+Hc719dej5oxggAIAAAIAIGyrGzd3Tr9P5JrNp8Zt4rCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANLSURBVDjLVZBrTFN3GMZPlpgli/Gb8ZNftkRE42VsWYxuJsZFzZKZmPjBDYzhw7ZothgciMplRWe4WMGQrRNEwMJA24rSFjBLa8uhVDqGba1QaksrlFvphV44pxekz95TtdGT/M755/2/z/Oe92EAMCt9zAeEiLAS/xIfCvV3odqmN/cmIudtnVnuYdYRdSuj+bOpgA6R0QKfSfmtoViT0hPBN+hHlMfYqPl0gJ8oD1K/idicMfB1M2UR08m55GIf/E8Kl/+T7Y3VGAL4Y9SH25aFDMK5nnXDIsvjwrYqLmb5dYl0Y8Q6xtvOVESt5cHFocJlY+fe1cYnM7hnnUcX+xKSnnE0ysfRrnWjyzyL1kEd7MrDa7xX/mrxYa6DtDnMVBPz1WTzR47hlp1cnc6NbtMMenQeuLwRBCIx+CMrcMxE0PGPC61DHtzrFcPatScx0bzhKWlzMkEU31ZdK71vQ7PBAxlNE55QOIwXcwuI01kglgZuql2Q6J2olLE402a8mslAeOU3jelLFDbcHHBggiZzq2nEOA5/trbBR0aBuWHYNEUw2L2olj2D0CtosgbHb7DBoq6nqP3bCh+fQiixhiRdXBRVofuBAmO9pxB0ymG3tOOcxAShV9BkDY5WDwR/bDFB1GbGTCxFJmvwhqP4XXwdd5t/ht/eidUVFyZUBbgi6YHQK2iyBkcqFfoTDTpUdYxh0BnGPC3tjaageayEnUQJvxqJ+XqEpvrQLz2L7xu0EDRZgwMld0TfiB7i7C0jamQO+CmwUDINz8h1BBwKJLyXwdZ8hlRQAXPrQZTUiiFosgb7fpF8TowfqlChqIlFrWwSFrMeHm0ZkktS8K5CsNWfIj5dirC7H/0NhxPfFV/enzUQ+OIH8U+nazq4ry88QKH4ETQtBVim4OIvi8G9OPEa50la5QamBxsxXJdX+Z6B0Wg8YLPZoNWxry5UlmCarUdy8a/MdM6ZTyvkZb68+wz4hV6wV3b4Bqu2b8uI1Wr1RiLmdDqhVKmC+vovo3xgCsmQFoklymBJ/g73sRp7jtmRTjwu2yLPGEil0vXEJJEkttPvBQzVu/mhq7t4msTTJF7/Wy6vq9ga15ZvS2su5aa1pZ/ENec/HvofoDruXRuQqRYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHFSURBVDjLpZI/aFNRFMa/m/eI0eBUBNuYhgrqICg4l0Jra0AFp2C7BMFBdBKngiCdxM2tHSIUwbUIkRpIh1jUVYoUB8HiUEuLUPL+3L/vnnvdooIpqT3jOYff9/Gdw7z3OEqF/QaL69wLY5Eqg0goPL9dZv/ay/UDCG0xMQJcLYXopuLwDmKpIWUIpQhR9B+Abqqw/EkgSgTiWPYFsKOGmDto2Gq1fLPZPFCh56DT6XjnHIgIWZZBKQUhBKSU4JwjTVNwznu9RqPB/srAGINqtcoGsV2v1/2hM/g4V5m3vHvfclGmwG8DWLzWts/Yw/W7nhyBnINzhKXpVwwA7ryteW01lDa48mUPt5KCOT9Vyx8buwj5uY3N92t4ke0iZ8liunQTM2duICPbU1SZwkRpEuOj47iw8RXnpmr5wrd3YC/ncGLrNc5WhjC5EyO0RCBn4TzBEvUAUmnEJkJqElyODQqnx4Drj34/0MIwTglCaMnizdYKyDmQ+wOgFVY3W9Da4FIxgNhYRbH5AFruQgBI4gD7x4PBQvwwW1rInyw+Lg/ZMMxtI/lp8X0voEz5J4NfYXZ0nu/v3AuIVSjwPzywVG3bp78AeAkDORpY/RgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHySURBVDjLpZNLaFNREIa/k3vTR4qKFdpaxZhFfeBCUEF8oaAiulIkoCtdFATBRcWFG6EgCG5VfFBduBVBFIIQHwga3GlREJVqS4OhrRKjwdxc7z0zLq5JGwwSceCszplv/n/OjFFV/idcgKOXXg4BSWArsB5UUQyixGKGmAERQSyluKtjK5fO34Aopw6uMqgqRy6+GNF/jPO33qiqRgqAbQA3csW6tL8ZG9zSzdvJkl+3gGhf7XKgpx0AY5onv5v2AfCqQVsdoKqJWtX3M35LzVNrzSxA1K1JazXECnMBBiA9/IiqCKKQObub8cK3psmp/gWoWABiESCiffECNq7upeiF9cfzEm0Np24htA0KAChXLYEqFT9sqBhYpZQd4Wv2Gl5+jHzvEtbGdwB7I4D5rcD3A7zAYqtBA6CUvU4wept16UHaU2vwXmXpfPqQB7viJyILc3692WTPZC4wsP0AHR+eYG4eJvHxDqlkN2p0yAWQUBQwAPdzEw3J5cpPwqlJOvpSsO/k7A4ML8YRs9wFsCITQOr11f1/dBsg39NPZTRD173j+N4UFaD83cE6FKJJtHI3febxClXdhMhCkRBUULGohGzu2knb82ckF3XiOnHKn0PGp2OqyGXT6jrnDi07/aNYOOZYk7SOflK4sicbnvsFhzwbXdu8qEIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHpSURBVDjLhZNbbxJhEIb3T/RWw78g2fjLvLE2ppe1TYNtvGuNRo6BcA4kIBBOgXCU3QXploCAmNQE/VY55PWbj7CWcPBibuab95l3ZmelZrOJRqOBWq2GarWKSqWCcrmMUqmEYrF4BEA6FFK9XsdyudyKfr8vILlc7iBEos4k6PV6orOu6yaEctwF0un0XohElqmYulGiUCiUptMp5vO5yBMwm80ikUjshEjUdV3IxX+45Z5hGPj29RcykbF463a7SKVSiMfjWxCJOq8tLxYLkPj72MCbEw3nz1WkwytIp9MhF4hEIhsQic/IJpOJKJrNZqKz7aWGm7Mu3l/quDppmxBN08gFAoGACZHy+fwzPiMbj1dFSvVBdL49v8PHq/stiKqq5AJer1dABCWTych8RjYajURRu/EDtmMV7y7+QWzHGj4FV++tVotcwO12H5mzJJNJmc/IhsPhFuSDTcfb0w6uTz/zr7MQLkKhEJxO59ONjfL55FgsxgaDgQm5fKHg+lUbtxdt/Jwaj8UWc4THEY1G5XA4zOgSxeLqD7h5/QW/jbkpdjgcFnOJu44jGAzKfr+f0SWuPzGJeX5DvBdA4fP5rHzTjA5MUZSd4oMACo/HY3W5XIzEdrvdsvOU//e78q5WLn6y7/0viZYv/mL7AwwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADhSURBVDjLY/j//z8DJZhhGBhw8uTJ/5RgsAF//vwhC7948QJhADkGDTEDHq2f8v94ktb/Pc6s/w9Gyf+/s6wd1QBCmi+V2f7/vrX3/79rO/5/XVH0/0yu/v8rC9v/M4BMIYT3Ryn9/wbU/H+S7///5YL//7cp/n/d5fB/f6QicYlljxPLv39n1/1HBu/rJf6DxIkyYKcr8+Mvc5P//wdq+lHG8P8dED/MYP4PFH9ClAGHw6UaTqao/n5Wrvj/VSXr/7spjP/3+rL82eHKXEV0mj8SLlsBtPE+yNkgF4E0g8QBOvk+kKwjj48AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAISSURBVDjLfZM9a1RBFIaf2d27H1kLTRUQEtAUojYpxA/yA1JYCKmtxE60XSxSxCb/wCJiY2NpK1GwCIEgpBBCQK1CihVMcM3m7p2ZM+dY3E3YuKsDw5kZ5nnn5Zwzzsw4HenpE+P6TWRjAxPBUkJjRIcxW1rCPnyi/fG9O2VqjIxRyEZAFSn3IliIo8hfAlEwEdR7VKQUEjlb1yYIVM4JhIh5D3NzJO9R70nek4oCNz+P5gMshP84CHHVHe6tNG71ad2tQ606PHdIXhA+75JCXP2nQP3+/gFS6ccbDy/4+iwpVTApcJKTDfZpVt723b10MMq40yrYmzu3wb0LC89nfGig+S+kOMFigUkAV6XRdEx9fdkl2oPs2e72+Rwk6ci1RzNeWqS8RwolaDGgRY70fpIf9Shml2f0OHXGkmgqi7F9BR0cl6AEkIhGj0lA4wD5fchApsCnxfEcqE2rVbFYoBKwFFEp4RSGIr4geUGTm55QRiubSOKZ9bOZhlECljymE/rA1I5c7IOm89bFl3mIHlAQD5GjcQcpbtZ6e7hahqZwznr5cqKStWj6H0hgc9zBQNdqO6+7mcupZE1QxVL5JzCj2mrTaGfUvmx1TStrY30AEF7MP0ZYDQvLM0X9MkkU8znEnPrJPrWdra6KW7m4/m19ogBA0bl6W/vSIeqimpsmgZk7UmFT69napVfft0fv/wFUf661fqqpcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGxSURBVDjLpVM9a8JQFL0vUUGFfowFpw4dxM2vf9G5newv6OIvEDoVOnUQf0G7CEYQHVzUVZQoaKFugoW20EUaTd5L+u6NSQORdvDC5dyEd+499ySPOY4Dh0TEK8rl8n0mk7lOJBIpVVWBMUaJAzCFEMA5B8MwPpfL5VOlUrklonegWq3qEr+c/2Nbq9VWHs9XkEwm0xLUy/Lzn5KbD1exaDR6FlpBURSq4/E4HJ2c4jMwmYpcw6vf31be2bAHQTPVHYEFyAr7VeEACzfAQKPuSmlCy7LINBcteifSx3ROWutzlCAZ3Z9Op9ButyEWi8F8Poder0drXTQ1SNUeqalt22EFQrgvC4UC5HI5mow1EjA/SjdEjEQiYAd+HV8BF5xwNBpBo9EgBZPJBDqdDimYzWbQ7XapmeA8rIDLiRjFYpEm4zTEfD7v19lslhSgJ2EFXBAOh0Oo1+vk/ng8Bk3TyBtd16HVarkrCRFWYFqmrwAzqMDzBhMVWNaeFSzT5P3BQJXI3G+9P14XC8c0t5tQg/V6/dLv9c+l3ATDFrvL5HZyCBxpv5Rvboxv3eOxQ6/zD+IbEqvBQWgxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGGSURBVDjLxZO/alRBFMZ/c6MmomKhBLv4AIJiYekjCFopKSzyCnkGW99BbMTOQhsrBcFKsLCJhRYBNYYsWXNn5s6Z81nMGu+626XwFDOHge/PmfkmSOIk1XHCOvWn0ZdXsulPpAFZQbUgG5BlVDOURLWELEJJXLz3JMwTVOP0tfsLChIEmC2A4OD5g0UHebLLWQl5bAcBJAcC4i9D6FZRiUtGMMOHb9j0PXhGGtruA3hCnpBHzly+i5d+CUHNgCFPoDIDjcEJeQ8yNCxxYL/2m+U55Yh7mpFE8NhE7GiRwGsi7bzF8meoA8io6ZC1jfWm7AnVCPLld1DjPna4y/kbm4Djw1emH56h2oN6VFNzIKOOCI6DFCTKj48cvN6m9jtQC64yAjcXrjrnoBu/94VbDymTPSZvHs/A6RgsT0gZqC1M/46AJcJKx7mbW8RPL5m+e8HKpeusXbmNI1AFDHBkmZHzFpO9p3fkJSNLqEQsfgc6uhCQJRgy7qlF2ypXHynMEfy33/gbubc6XKsT2+MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLdZJdSFNxGMafc3Y2PdN2pGYjsdS2WFu1oiy8KKSINPqAGtgwhMgKrMAkiIigu7oIvRDCPjCKgj7og27sg6ALg75EW2roMldGpbk2t7nV/uer90RF2Drwuznv+zzn+f+fwzU1NfVpmlZCfGltbXUiy+P3+1/LsuxUFGW4o6PD8/dMIKFLVdVLxK5AIKBnMyCxQQtRPXUmkDCH2ErucmF9i5LL54ApOpgG7C48hdn5QN2BJwKJKwnvVAOehK+INiL03HxWTIlxkbfaRV20i2H4REkcFRljQ8QFIvhPAhLaiEpCkcwv0ZnqQrmpGbzqxv3oFgQnFoGxHQp9fRshZTOQiTANFzlygOUz8jHB9mIy7UM0vg6hZKFxfo0wdhz/GNBL9stgQZXDCQtnhYIypKRxoOgyNE5GO2PQVPld/Spu/ciNqheZ8Y+n5zX0tRsGXE1NzQiJow6HY3EsFstWAnp7e7/5l6ixxsbqIslbi8iTluinF93blx4J3TMSJIg74XBYcR+7s0ykFmQVYFRovf0MivM5nDz4KrJ/z4piyV2O1Pu7ME9zTy+Yk7l5t3HuLp5u1kKUEaanmRNIqMMU1+geeJucCZvSg3K31Vbg28ip6TfItRdBsAKzKpdYnd45bQIJzZSgjOD+10Lex81Mjr0Db4qA41Ow2CLA9zQmP2dMxhHixDWiYWoL1i9erGFPYVtTWqAp/eC1CfpzpkGXGQauDn7vH0zsMRIsJnEtUbraXqJbOBGyWAwpGcLcTA/nrqiFzh6YOXUU3bdjyMt8HjNxHELDiX11V8I3DQPSyucsFsv5B4fH/tz8gbUaPBt2gkXaIAgS+h9OZo62D6mHF4rzcvNMCFwcSf5c9Pl8Ax6Ph7lcri5d1/GbD7eqn2XGjuupwU364+YKdaW7QOd5fujvHQMhGAzOz9b9p3DkYSL+qDQdTX17H/p6qHMgdj3b3g+UOcQZKOdjkwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMOSURBVDjLVZNNaBxlAIafb+ab2Z3N7Oxv/nYTEyv2LzQJpKBgrQqNUKmY4kUIXqUHT70p9iB48CKIiN5E0It6KFiwiv9FpAVpKUggNc3mZ7vpJpv9n93ZnZ35PNRI+8B7e9/n9gqlFAeIVUfPeN3zh0R0eVpYM1OanhvTCEY0f3tU79+ctnpfHM73fuQhxIHAWHnmkOGXPjgZyS09l5hnNv4YOdMhoQmigzqGt4nhfeub1fpnVsl/e+hMv/q/QKy+Me0EO5dfso/OvzB8grgV4HGXJC7jwAQ2oxxDuC36xZ+Rhe+v6iutZf2iqklReNe0tPSHZ2Nz84ujR7ht3iJKjcexiOIQI8SiixxcR7QtRORFlK7O9t0rlyy4KBEj5+YisVeez85wy9zGIUeGDDYhDhYOITYuoh2BvTJ68y7B0GnCym8XGq+KL2U0MrE8Z2SRVhqdPmlCsvgk8RlCkgAivRbUNKj1YPMeeu4wcnjRql7/+jVpyvxsPjbK3whi5LEAB0WWgBRgqwAaFah04X4V7puwdwddz+FXjJMSbXI8aSTYCgU2oKMwEdgCEoDhug/G5SjsmFDUoV+DXJ7BnpiUVCNBaJqEXfDVfwG6CjoKnF4crZGCVvNBug0IPXzPZOCnAunfk8W6ro7H2gK3A02gGoDeA1MDGx2nkYG6C24bvDaMSzq7ZfxBsiC7O+aNDaWOn0oLfl0HMwDlQRCAHYUkEGvFkLsp2G9Bo0n41AiNG6sMBvY1yZr6/JsV//XZZ3WZaEp2t6DvgWFA1QRHQbwjSDeTUGvCiSPU1ovU/typQPIrTV0yrrl3vE+/+8XlaCIgq8H+BtSLUN2C2ibsl8ArR+HYGE0rwvbvRTr96HsL6od1CUDDf+enK92JwT+982cWEswvRmiug6qAr0E4AV4uoFXosnV1g8bN5kcp7E8eOZOYKtmUqm/ZiDdfPhV3Zp6IM5k0SIUBstwmXKvCX5UdM6y9n2b34wV1IXxEcEBU3J4dprU0zODpjFBTIyoIxgjXxlB/PIl1eUmdLjzc/xceOVXddrB6BQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZPLS1RhFMB/M/eOr0YzH2mjghPjwoWGInWTMDCkmVZB/QPVrty1GXAVtHATLRIXtWgRBGGB2iKxIEgbopJhTMse9Jrpjoz4zuudx/d9LWxGh1oIHjicc+B8v/PgOw6lFHsRJ3uUPQP0eDweBM4DSClRSiGlzFMhxD/2r95zmKaZqaqq0gB27iPr/89m/UgkInSllOZyubg5JUhZ6yx/fIFKb+Csbuagt4Uz7i/4fD6C4ytYdgprM4Vlp3lw0YcQQtN3Vm2fu0XGfMOPaJTvCxaqbxqAdDrNtZPFSFmYGwtACIGeDQDSNW10tdbRXaDz8u0MEU3LJU5MTOQtz+/3bwGEEFuPM5LXCQ+6voy7rIyp1DGWlmxwbwEMw8hVz3ad18FK9BPV3sM80ttZ+pmiqKKA2o1fucT7Y3f4ujLDb3sNO7mJ/+g5ykXDdgd1+9aYXSxHVpRzoKYAe82mVC4AxTwND7PomqO7y6C+oonns8OMTA9QK9q3AVcCx3PzWZZFMplEygaklIyNDnE2cBrhFBw51MOz90MYLZ08HHmyDYhGoyQSCSorK2lsbKSkpCQHXFidx+VwE2i+BMDVU7d5/G6QjBxFF0J8CIfDzUIIOjo6HKFQSMVisbxft7q+zKwZImJOEuy5S//4BYq0QjSnrhy7uUaj13O93ru/r7P1BE21bXyeDxOaniT2bfWGY7fnbPR6+oHLQCmwDgy+GjCDfwBGL0x8usOKBQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHdSURBVDjLjZNLS+NgFIad+R0KwuzcSQddunTWXraKA4KCuFKcWYqgVbE4TKJWNyqC2oHKoDBeEBF04UpFUVQqUoemSVOTJr2lrb5+5xsTUy+jgYdc3yfnnOQrAVBCsK2U4WFUvUE546OTcwk82WxWz+fzt4VCAS/B7kMQhB9uiVtQReFkMolUKuWQSCSgaRpkWeYSSZIgiqIjscMfSEAPZDIZWJbF94RpmtB1HYqicEE6nQa9xO/3/5OQoM57/qm2a3PGtyzDtxzF/FYMe6c6F1DAMAzEYrFnLfGZ1A9devqC8o2wpmL8jwJhRcbw7ygGAxJYS7xvuxVVVXklkUjkUdAshgP+DRVfureXbPPcuoKe2b/QDKtIQpXQPOLx+KOgf0nGCCu9smHiu7u8IGuDBHRsS6gdmgmJHEHfLwn9wSgqagc6Xvt8RC6X48MlCeEI2ibDIS8TVDYGBHfAO3ONowvTOacqSEBQNY6gpvOkp3cxgq8/Q8ZxyISWsDAwfY32sSscnhk8SFAFBIWLBPQZq1sOvjX5LozOqTBaxSu0jF5iYVV+FnZTJLB/pN0DDTv7WlHvtuQpLwrYxbv/DfIJt47gQfKZDShFN94TZs+afPW6BGUkecdytqGlX3YPTr7momspN0YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALISURBVBgZfcFLbFRVHMDh37mPeXQ6M8VaGSvYilRgqmLSKErcSdSVaGIQoytkx0pDQjRx5Up3btSY+IjGFRhWJCQaNYZEQA1YMGWqlXYs6XPK3LnzuI9zzt8aazQG+T4lItzMK8/uHbuzMnhkqNz/mGDMStD+cnZh9YO3Pz8/xTolIvyfNw7tO7T9js2vj+24e3TzsICUWF3qUb9aW7g0t/Tmldnld5SI8F8vPzXhjG0f+WR8pHywujXj3rLN4A7WsEmOYP5FbMZn5soP5uTX3x/0uIFto8PvP/LAxAvjlSYqvkBad6Cvn05q+Tj+jLzOs3/Lk+79u5ZecriB4YHC8zsv/Y4+eQ1ty9jsKK35A9Rr47iOQNLDj0KGSvmqN33qwYu5UrWqlMPfstmCLwnYjEen+AS1qXOtUt+kL5Vd+RNzeyiYhOcGariKoqfE2bn10Y98pRQI64SL3x5m9fE99PuWsLnGYmO6P1hzVd9glR4lHGmDsoB4HloibJKNF9/FJC44JbxNBS78eBbfRty3e4J779nr+K5DLpzhWOMcI7dvIfTz/Lpy/ZRHqhyxCSbJIFawvToT1Tad5QZ6eZFoZgqfv0TA7gLQmuS7a3ed/+Ls9KseSnJW9+gsLBMvzWCTLm62zMjTH6JQzP/yEznTJe/n0CYldgq0vjrKiW9+PnD89OU5j9TBy9/G0MOvARZEEBuiW2ew0VXKuQ6NxSZtkyKqy6axo/zp+OnLc6zzSEXERNjuJGICxITYaBbEIjYi4/SoVBLEtBHTJT9QZpV/eMSIWI1NVxAdICZAbAyiQWLEdhHTweoQMSEoxb95JCIKg+g1RDcR3URMgOgAMQGiQ8S0ENNBbISN66yL2OBJYq/rbqMvbWeK2KIj4oMtgtyKmBhIECcGEpRjMFEkktiYDZ5E8Vu/vffMQwj7UBS5GQHUmQQrn7LhDzEafwIN5+bTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFESURBVBgZBcG9S9RxAAfg565DI51uCBocpGhoqM1VaAjByXAImvoXDtr6D4JAaG2oyXtpKJGEltYcGntDErEhEI3kvDP7fb+fnqcVAAAAQAeg39XLqsVcyl62bTw8AkTE5tqb8WHOU1MzzUFej1+uR4SIzeWPOcu/TPI7JznNecZ5ngcrEa3YnJ/7fHehY6Kqqiq+eedgP7cH4zZ6dxZmnamKoiqGnpjTXcxj2tSVq/4qGkXRGOlrfDcvK7TJ0qypoiiKob5G9cWsukSHoCiqamQgiiqKoE12p2YUxVBf0aiK6ybs0qbu/HJZMTRQFEWjuOFU3aFNnn06vLCnr1EURbHq1PF+ntIKXiz/+fDTFV/90HHNTWdOTO69fU8rYH0tr7rzc2YUF8aOx3m0NYJWAPe76VmttzK1bzsbW0dAKwAAAID/tYu/URIDsoEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLpVNNT1NBFD3z3uvHo339gFZoCxpqRAlBJayMG4wLl2hYqT/AhQsT1xoTV65cEFeiG5MuJLpAJTEmWo26oBbUhSIfEUhLsLUt0NL2fc44r0UDhh2T3NyZ5M6Zc8+ZSxhj2M8SsM8l3RybSrpblIFCxfBsqaZAOSEKBotvKGdn8aC0ed4OBmIZRm2zkPmxuCiFg/6uK8M9Ps1gxO0Sd6GT//ekmeuaKdY1K3rxjqYK+bIZ101KEsk1ZAo6qhrDSpEiU6LIblCsbVLkKwyFKoNhAdmijtEXa1ivaoIS7josVDWLuBwCYhEfXk3nsbFloN1H4OBknCKBU7IDCMgExbKO8Q85BFp9aAu4GpyEmmo2KMY7vOhs9+FlOo/1ioGQV2hcdNpAW5+Qm76FiY8/EWrzIR7zgmybJ1RVq6kmL4xHvQgHW/D4bQalig6/m8AjqSgtjEMJ9aNPft+okaUdNlbrTQaEq2MaJtwSxcFYAJOpPLIFFauzE1DCA/BFBhCuvYOzNtdg9ldZoaZZsNnouolcqYKudgUn4kEcORRE+vscaiuT/PUArPIzRPsvQVhOgBoaGv+PERvAZLa/+SK/HFbg9zg5RYLuAzKOS68R6T0PqDNIPUrAG6jDVUxBXXnDrTQ4AGVCtbS6rHEfj3XKLBoU0OqxuIAWlFoabrMEJVgD1ZbsYlhczO6h62j7lUAuX1LLv7NLpO/C3aSzNX7SpXg8kkskElfTwXW4Fnkonj47TNyOKVA9u92zA6JnELkFAYnk/Gbia/wz2WuYZu4PXQ31Dt/r6JH5qyner47pp7MYHOkFEf2AfA7pBzfyjNIzewKkRk9l+y8nYqKwDGau22rtmj9RPorcty+Yf377ibTXhJma7p4ZG6lzjXjrdEewfxl2ZqzjD9JZU0+1XOyXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALWSURBVDjLhVNrTJJRGLZB/a9ftbl5R8WgEpEPUFTy0jS85UKbpuElUykFE8mmLW+joZXTLOclUMwLSKKkpmnaD93M+tPqR6vWdP2wVdo0yTmePtwyLbWzvTvn3Tnv8z7Pc86xA2C3UwQM8BDQzw2yrf17OLF+et+Vv89sSYKG+S6bc4GJgL+RY8qqjnTmd7LTee0+33cFCLR1NHPzf+d+Bo6F3+X7JaMkVBddwVvhNbGs8Xl81Y4Agj5iwb+XsKxT1hOLvA42uDofcDU+KJ6QYWLWiEJ1MkTp3pe3BSB1Bvl1+0LQSSxE6ENgeNWMwTdtqH5WDsZNDyQPRKFrqh7Hqg7jqMoLzHI62bWXWCR1bmgndVoDdFx0vLiFsiEJikzxKDClQFBPgKHyhKRNjOBo2tsNBqTOVVIneA/YWoGOmD9tiIbueRWumc9CbohCUqsQCV0x6JxuQN1YNZilnuAnuBm3SOC2+UwSGhaIZhb0L2tR3J8ImT4SSZogiNsjcXe8HPIOMe6NVoBRTAddSVvyLHCTbvGAaGRZEjpjoR6RIrdLhMQWIeK0J3FnrBTS1hikNoWRACrQFTR4yF2t7rkuoOU4/zGQU+e9nGmQ4PaoAkn3g3GqJQLq/kJkaSMhaQxDa2U4HokPYVhIxWAIZW4ohFLokuF4dQOAV8Ou9FYzcN2sQFyzCOo+JbI0IqQ0hEJbEY4ZOYEVcxWsrwex3CHDdDZj7fFxqnTLNbIqj4y75Dui6WktrhtzcJ4EKnuYi96YA/hBFqNGBCj2AxVO+HwjEEPBlPf/vH9mEX2cqaTjkiYTcm02mHn0ddrWmR5sHt9KDmJESLVu+4m85DSNu9R5zfWCE0id6D6x7+dSUypAFlkK7PCVjI+ZFJA+zNnt9htt4XzOYVJ2xh5TaW5rnxROmFfuxbu0PXgioq6RZl75L4AtHBLsVy+K7S1kxw822uQ8ayu27f0CZyF3rEtmMUcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKKSURBVDjLjZJLaFNBFIa/ufcmJjHa1tYoiCIiPhCfoNKVoCIuFAWFLqS+QKXo1qUg4lLBhYIgNiiCBBRBxbe0Iqjgo7WgFsWmtmbRhlhNSczNnTnj4ta0xY0Dszhwzj/f+f9R1lq6u7u3jj65cF8XcuihLFvSvev5vzOsurq6VhhjXkhQmepiyF88zObLH/5r2vO89V4mk+ltbm4+Fvt4L51sBCwEQTCpUUSw1k6q4/F4KNLS0rLEGHNeUq24aIrPOv55yXEcRKRWK6VqgjWCaM+99LSUBQkbAE7dHEIELIQDAgKc3N00vkaNYGYrrtL8etpZExCBZXPjYwLhfd9fAsAYA4Db0NAwUldXN1h5eWOnU+yhku1n4a6jHG//QkxVGRj6hV/x+fS1QG64SMyt0tEzws3n3/lW0C8nEOzFVZqRJyHB73KFjesWs2NNkruvvnNiz9JJvlztzCPS1u5kMpneXC53LP/wCqW318BarLWU/YAfoxqAx2+GaoMVDUUf8j+rKCUTPdiHi2bkUceY8wrXQmCEs21rELFYwMWS8MD3fYql6ngKzus76ekpi5jQ8VjEoeIHnM704yjQRhAj44lYSEQmEezHQVO434FSCi0W32hcJwJYFCbMXyzWCloHVKt6AsGr2+lkSiBMh9FyQER5tG2bhpYq4IAFq4SYF+XM9QEKxdIEgu0HQoK7nbiuixGLSwThN+3vjtCUmIfCIV8e5NDaczjEKPtjHmitl6/+9KAvMSOOtZDNZvE8l/mzYVZylE0r11EfnQMO/KzMITVVk4iCpxTq758+sKhxw7xkdGOuFAxe/lzoWXXw1qUlC5pW1E+pJ+ZNR0uAEkFZg6gyvQN9DBcD/gCIAXUVRPlHKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF/SURBVDjLpZN/S8JgEMd9i1JURPSDIoIkS1FQI4iQgihStExrhGmydGObyZyyYRaybBRFQb/8vxcgBIF92275ApoHx7jjns/37p49LgCuQdzlXmEXd8RON1L4QPjM9NwbQtkXBE+eEWCe4D9+hC99j+XDO3j3b+FJ3CCcvu5a5wgQLXV6ceUT/3Xv3mWPAJayE5/fboAA4dw7nNjspmoDQqevlDAMA+12G61WC1/fP1BVFfV6HbIsUyyKIgRBAMdxVD8drf0BzIU5scl12QZY27ZM13VSbzQapFir1VCtViFJEsUsy6JQKCCfz1P9xFrFBlhX5cTGVyUb4D96oESz2SR1RVFIsVKpoFwuo1gsUpzNZsEwDDKZDNWPhQUb4D0wHHUwHCjZgKVEmxKaptHc/ZmtL8/zNLMVp1IpJJNJxGIxqh/yn9sAT1x31IHbx6L/FtiF3Sv6s+a2NMxE65jaUMwtX9CixiIiRkM8RoKc2XbRVGZhnrGcJcDAr3FQwC803UMOARws7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJCSURBVDjLjZPNTxNBGIerBy/eOAgmYoz/gCYoJ/XgxZsxnrygFw8eJJGDiQc0MZEElFBL2igkoBBEFLUWaYNQiB+gKd1WbVKUCgVp2O3H2N3tfvYDf+5s7KbGNjLJc5r5PTPvm3ltNpttn0GTQfN/OGCwE4CtErqadF0XisXiVqlUQjWMfTidTkc1CV3NNCzLMhRFsRBFETzPI5VKmRKO4+ByuUyJt6dub3D0qG+ut8FuCugBTdOQz+ehqBoERYMkSRAEAel02hSoqgp6ycO+mwPR2asRMTGCWcdBxRLQcELUEE6qWGRlsKKCXC6HTCZjlaKKCfxg7NDIBD6PH8fL63sclsAoA1GiY35TxfuEjDAnW6UQQsBuRLH6sRN53guOaYHnRn3/+LX6XZaAEud1TK9LeL2WQ4hTzOZRCeG+Ih7ogp59hdSXC3jSvp8ZutJQZzWxLFjJavAs83B/yyIp5c1XiSSGtUC3GSZLF/Hm3gmcOrT7rJHb8Y/AHxcwFsnAvUTwkyQRDU9hefq88ewXEFcuG007jPTaJ/z5F38LYkTFcDiJwUUWUwEGfu8YfO77mBk4g5jvJIKPjmGVmTAvqioIbebQ92EDdl8Q3UPP4Z9fAJsIg1l4Cs/d04jO9Zs9qSnISLoRDqFjeBK93ghuPQ7iXMdbtPVMIsWuo1AomNQUUNpuP0Br1wgudT5DS/soWu/M4B3z3WxmmVqCX7XmoApbNFM5C0eMX6jQje2EjbMSHcBKQSOVbGOcy9DRbywLfgOaoblOxI0zHQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpZLbT5JhHMdZ1/VP1Cqrtco21kU3zevWVa3NXOuuedVmoU2jUR6CoRwcw1SYHIzJQQxBUXgLXg6Ga+mIwkBBBp08pYGvEOa393nbWC5Xa1389mzPnu/v+/t+nh8PAO9/6p8FBoMBWq0Wvb29UKlU13ihUAikAoEAfD4fKIrC5OQkxsfHMTo6CrvdDovFApPJBL1ez70tl8vI5XKQy+UxXjAYxPb2Nkql0h8rn89Do9G839jYwNzcHGQyWVoikdTzaJrmLrLZLKamppDJZEDu0uk0PB4PkskknE4n98ZqtSIWi3ETicXimgoDr9eLcDgMl8vF9/v9sNlsfCI2Go18EqOvr49PxEqlkj84OMjlb21trao0cLvdiEajHINUKsUxIM5EHI/HQTmUmKcFGHqixezsLHGHUCjcv+sXRkZGUCgUMDExAZY03+FwECf+sNWEhLs2vZq0YMZeZ+zv7ydi/PaNbK6W6elpJBIJEDFxNpvNiIdUWI4bUS7M4/XwFbwKO9DU1LSz5x7odDpCGj09Peju7kafqg1R62UUl50ofujC2oILkaGbENxp2PnrIr21Xdr3xnzRsPLOimL2AehHZ/Ft1YoZbQ1kwutfdzUYGBg4ypJ+rFarCWl0dnZCIxcgTTWjtKQHM38DdMcZbGUasZ4ag6frwveI4tyBSgMWVgs5FQrFLalUuigVtzWwTi+/sOC2Fm9jM3H1ZyXr2ChyZPxKhCTVwkoDdqdb2LXkFiUSiWBM14wM3YXSJzXnvpmsZSNUcyeTqgfz8Snohyc/+0Unju/K3d7eDpFIhJD8/DqzsoDSGoXiEstgyfJL2VDOx5B7YcSz5iOWPQGy460EO04zgbZTDOvEsE6M7/4x5vm9KoYVMdTdwwzVeIjxCg4GfgDxYPxXmKLFvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKvSURBVBgZBcG7ixx1AADg77czu5vL7Su3d5fEmHBBElBBEkvBVyqNdgYrwdbKRsm/YG8lFgoiNpYWChJBI4IPTAKSByQm5p17aOZ2ZnZ2Z2bH7wunz7x+brw+PhVFEQAIAACCAAio6oXtze0f4vH6+NRnH38utIJqUQIgCBqNAPIyRdA0Lc2i0ah9ePaDU3EURWqVUH4l+/6CfedyW2ePWO73XLv2iyvZp+5vJfr9gUc7iShu280K755utONICyBJdiRPd+ymqfy7y9L0gTRNhdkFs+nENJ+YT1PTaaoqMiEsEMQBMByu0ZT2vr/CR3/qvrVq/eATlsobptUx/VFfJ2qJ2x1pXghhhqAFBEmSSNOJx+u13X2V6dfXqRea/LxylsonmXKWmxWZ+SwXQgNigOFwnaY0Gg4k7z1j3yc7qpcP6q7OHJnvaPcO29uNtDttk3yOXQIxARTFTJbmQmhMlmvRcaZf/O2nk6dNm4Xi/lWdOBZVie7SqiBGEAfA0tJIb5AZDgag/c6G8192LK++5IWn9mt3YpvJ3KPtxKNbP4paJwTEATBJMmk6Q+aPew/dLluqw297ZWPN43lLVdSaENl4ctXtf44KWS6gJQQBg9EB9oxczCu35m2j0ZqiXOh2O6p6YbFoFPOFsg6aqKtpd0AMTdP49c5NF+5d1ev1FUUhTTPdKChmpbIOqkUDmkAxLTSdMYgD8iqzVZe6nZ7lpaFiNtfb05MlFz3cPGg0HitF4lbw4N9SnN1x9/fLICYIoaVvYBpy3XrJ3tCz/8qm0cO/XL9BdfM5ragjn5VayR0vHvjP1qWf7ckm4qqq1XXt0MoJh8YEEIRjeJWjIYCVycJm1HL30o7ta785cvx5z979RnjzzBvfrq2vvha1YwQBEAAAEACd/IGTK7WimPkf4mk8xSgTQvcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNPSFVBFMZ/9859+C9J9PmPwpeUi8qyIB5JLQqEoqAQIUqCFiFB4aJWrsIgW0TLyHYRBFJgYBiUKUkmPYwio02kuZBMny8JzT95Z860uI93n62MBoaPc4b5zne+meNYa/mf5QE8GPp51VpajJXNIoIR0CIYIxixaCNZ22C0xYi87ThbE/cAxNrWpnhh9F8qtz8c251RYESiAD1f76NFo43GF41v/BCNzpy11Xfg+yYniyDwoXnH+XVVX1zR+NqEHhgjAHS9Tq6L4MS+YlazCXSaAODMwTIeDc9w6kB5JtedmKFpfxin5lfWKvCNINbiKeh+k0Qpl8eJJI4LbvpSz0gSrCXiwfZN+az6f7VgAU85NMZL6RmZ5WS8bI2C7Hhsah6tZa0CK+C50PtuFqUChCAH8Oz2TXIS95DpcZxoJXVFx4H6NIEWrLVEFBzdW0r/aIqGuvBbDN69RclkLzXNLeRU72T5Yx+FQwO8aIi0BiZKIEe5Dv2jKYAMug74LzvZdu4SueOD8Oo6+RuLqI7FeP/ZXg4ItA48cOHwriiDn1Icqg0VDPyYJLeiGo5dCWegvRIlzpbQA2uprdrA97lltpbnMTH9KzMLlFSw9OEpBU8u8nt5miVgYV5hFFPpV7DD17q+7Fk1UuBrg68NRgu+EbTR1Jc3UpB4Tqw4D09FWJjVTMy41iJ3nPWO8/DpqrbFuakLyjgxo+w3C51H+vSNP9H7LzNBaB8uAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLxZM7S0NBEIW/fWCnQgyIT0QQDKJBFBRbsRCt/Ae3VRs7wVpIY6WxkqTXxgek8IGIIQRsYjR2SkhAMJoipDAkXNfi6k18YcDCA8vMLDtnds7uCGMMf4Hkj/h/Ag0QDocngVVgrM68O2DJsqx9/bax7vf7fK2tXgCEABBvftU6vuDxMd97cXEZBFwCr8fTTCbzQKViO71J6SYJIdxYa01HRwuA123BgUAphW0b93AtSZVAIaX6qMF7RaU0WvMh4bNVSiKE/EoghEQpiTH62+qJTIzLbIzic4FypYxXdmuwEKFQyPT0dDE0NOCKVxXMiU8SB6Seooz4Run09HGa2iV+fU5Tsd+5QTqdJZ3O/vhmZ7lt5mamsaWNv22K45sdxgcn2NmLgDHm1zW7Mmwi11umFvvJoBlbaDN1/cR8IVdK3ccIHFkABA4tbnNJgFJdBC/mZS2ejNGA5uBqkwahiSbOAIKi3nEeX2wPAPNAI1AENuMb98uviwGZtIAuD3IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKVSURBVDjLZZJPaFRXFIe/92aSyYyTZGL9lygxcYwBi1hcqQtRIYoobtpNaVcVLIHArIKb4EJEwazEveAiQSq4EASzcCOiICqCDjHRWFQsmAYyZjIzzrv3nNPFs/EZDxzu3ZyP3/nuDcyMZE1OTuZVdVRE9onIWhHBOdflnNtdKpWWWVVBEjAxMfGTqt7s6enp7+joIAxDVJWZmRnm5+dr3vtdpbtnRgGXmbISQDoxnBeRG8VisT+KIqanp6nVaogIZsZAunH1yNTYXWADcOL/uRWAiAx3d3dvd84xOzv7xnt/WET+ERF+vXdxuKu+MA68AjZlpmz5O4D3fl8ul2Nubg7n3ImRkZG3AM2jwXHgEnD1ytD45Xw+f3vh/HkbGxs7uBqwPgxDqtUq3vu/E54+AL9f2Hv2VrC83Ozs7KRerz/6RuK7+3/Yw7lBPn7KIiKc/PExKXOYeMzH7Zxw7dkeVJWNbYsc3/yYwdNPgziBGb/8fIiAkCCVJeAYaADpNsBAHOKrnBuqgToAXl9/8NWBiQcMv/AX6cw6giAP2gLZAphC/ROy9Iqo8QH1dbL9I1jUTAC8BzWQiEr5CWG4hsLO/by/M47pBnoPDFF5WSZqLNLe14WZYC5KAhyYYeIoDO4gbF0HgSJN4flCll4iCsV+PtcymK+D6QogBDDnMBMQx+KLZ1TKjyD06Gel2WiCRVRmpqnMvovXVcWcSyRwLqZKRGGgj1TuBwgjtv32J9uch6WPdBZ7aF1qiROorQZEoIr6iEq5TCrXDm15SLeCeliq0Fj8F1er0t7bgaHx2kmAmZDZcors1hRBayZ+wrAFVCBq0N6oIq6JqcS+vE8AoiZvbo7GLrzHvPvSfuVEJP5YIvFdBYD/ALt6pUq4OEUGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLnZNPaNJhGMd/ohkRQd0i6DCoY4fOdYjWOgQ777LLSGIRLQn/zJC5GnPQECK97FDbwUFbw2EQ/lke/MM2bYFNpzDTcIrYYjmdP3X++/Y+L/zGqA6xBx5+8PJ+v9/P8/D+BADCSTsQCPSeSLi2tqb0+XxGp9NZ/OeFRCJxLh6Pm6PR6EY4HHaypJvHUq+7WC0tLYlzc3N/i7e2ts4w8UYul8PBwQGKxSIikQjcbrdnZWXlFUvNbG9vIxQKwWKxzP+ZrIzFYqvZbBZU3W4XUiWTSSwuLoqMAFardW9qamrEaDSelYQyduHB5uZmLpPJoNVqodPpcAPq/f19iKKIQqEAm80Gs9k8qNPplKQlZBlrx87ODkcmAWHT5WazCaJJpVKoVqvc1Ov1YnJyUitRC2xR4xKyhE0E6XQajAz5fB71ep03GdL8JpPJdWSwvr4eIkQJl1La7TZqtRqfm5ZJ+ERHxiwQBoPBd2Tg9/t3Dw8Pj4SU0mg0eCIZk4C+WYcV/sEr+HRbAdfd0z88ffJRbhBcXt6lNHKXhFJiuVzmhl/fTiCquYH6Rwu6CTfEd0/x+dG1trdX8ViIzMwEaAeUflxIqdLMH+6db9SYGK/7Af0FwNyDny9vwXNHnhFSet2sOD2NZjDIBZVKhTeNRUZ2u52wu90vDhyvkukiPxeyKpXi25OR1drEC740Si6VSmBvAgsLC9Bqtc/ZvLnqm/sAEzV0An6xzg7Lwc7zfJOZoSFF7OHwrFOvD8xrNXtjY2MFtun3Go1mUK1Wy4IDl8bDqqutgr4Hu4ZTSKtk8PUr2u4++bP//gNDA5dHWeJ3wiYiEtP5byK4FJQG5P/0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFFSURBVDjLfZNNasMwEEafHfcA7coUsigEssmZep2ue5VCobfIJgsbuklLS6DrLhJrvulClpF/0gExI8v6ZkZ6Kk6nk0siH2Y287vdrmDBKjOjruulNdwdgMPhwDWrJAGQ/HRzWZaY2XWB6WLamMdT8cUKAJ7ffobY3DEDNyHVvL5/eBCEYDw9PhSzCooifru/vcEdJJAck0dv0b9/hXkLTdPE0/Y7TOByJDAJM5AJ60XO3bjlarvdDuW8tN+eMsl82GQSMjA5XedjgXwSJCwIE1ifNQkl300ryCddJ7rQZ3Oh4ASlFuJthOC0besJsLHAxQihGmUcWupHMGez2QyAjQTOF9F8/qLQt2Px2mJFjguciHsCrMjBye14PPp6vR4gmgK2Wq3Y7/eU1wjLAVuiE5ifQW45YAmypX/+FRgA65/1NJbEH0d3cad+jVEKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZM7aBRhEMd/3+7t7W7OmJjnxRjDKUYNnPEJHjZqo4WIEAQhFhY+asVGsLIUbGwVRMFGfKDpRWzEqCEKIko0GlQ0MV4e5u5279sZi+AjRh0Yhml+zPznP+Zy/+A5EdNXiiWILAtD57deCgKPS4f3bTwOkBI1B/ds62gOgsAY4/K/qAgktsrNu8OHgDlAKRLf9wNz5V6RChPMmJfkWscIvSmsCl+nQ54P11Gja0nRyMn9ORIx5gc0FVtwHBfHQOx8Itc0hp9+x1Q0g00sKd9nRUcbI28y1KebEJk/VQpAAMcxRDpO2isyWZ4iSirE1mJ1Ft/3mY1CGkMHRecJ8wtgDGqFKKlSsRHlakQslkQAU0UlIeUYVOer6gCozgECmpmZzaB4RJIQ2QRj0rRUXI6tGiXjlUHNPwCOYZHbzodPrVQmFlGjDdSaBkyxgbzOsKZrO93+/QWXcfR3gNfC0nADxaEi9ukIDL0lP/mF3MqdLG7bwDJ9gJ1+vVBEVXg5cZREhESErmicQkcn6oJTE1PbVE8yfYdl6/oYH76GYe8vgKpigN1zxgLAzU9Smv1C5v1dsvkDUBlk4Optth45xbvRBzT4OQ82z61g/uLXJKxHPJfMkhXULikh0QiokHx7RG77Cdqn+4OB84VaACfwzBRSpad1Kz3ZAuuyBfItm6kbfUj98vVI6RkqZTb1rkbijwTBKzq7dzg2io8DmIu3Bs+KmkKcaP7Hidui++ktnRJmu0KSbwOoxjy58YJNvWsxbh2Eu3h88fSYiuwwfxoDYOB84X2+72q767xFbfGPFR3ccDWfnw/xqv/M9dTfvs5GcTB4obesoqjIb6k/KyKoavY7re8z/KbjU2AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVBgZBcFLiJZlGADQ87zfP/Or4wyjeWkgMSvH0lqYSUg3CSIoISoKokVtgsjaBG0jXES1CwJpFRgF0Y2ScKNBmoVWJpQhUlaWVuo4Nphz+7736ZzITPe8uP/JhSP9x0vYhAUIEMggq7bWXy5O5L6YmnzhwM5tcwCRme57+eCBt5/bdEMpMZo0EoBMSOcuzXv324v+PjV7+acfjy/9cue2WehBaWLdYK8ZPXZWUyIIstJl1bZper6zde2wW8d7DtVzi7JeP3nXs58t+eKN+2cLRMTizGwGm2Kg0AuaQhNEUASqsZFB2zaPufq6/sLeyNBbUCAJKChBiVAilAglQmnCXxemrV48b/3S8NSWKzQDzSPQA8ik1xBCRqhdUkKvYTCLnyfSXG3VOueOa/qiV1ookEmiF0WJUNCUMNCEXoThmSNWXXjVUHPZgsEBqRAFFEhURFAilAglQmQYjBlD5z+0fOVNRv/do98rKjKBArUlk4pEZiKVwsD5PZas3GhkbKPBs3v1Z0/qKl0FCtSaMpMkMwHE5T85vdvwslHd1Keu3PCY/h/v6Tedrk1QoKt0SVa6SlfpalVPvW/5+APMHHF41zsWj07LMwfNnjmknWtBD2qbaqaXvp8TUg2unT/q6eFJw0tW6KZ+Javu0jfWbH3e71+9qcw/AXrQtp2uY2xkwM0riqyt8R92Gd1wt3r5kKzTNj28Tp07Y8HQCaOrtrjz2Oc97lWgna21rTXnOr4+3Zk6/omrxtZaNHxethNE47uPTqCqMycsH1/ttv6BZv+OG9dHZrrlmX0n97xy+7L/5nMoM8vEx4/a8NDrmvKbbCeRACiahev8c+yoE7t3fBCZafP2vdvb+XwwIjamXPTamh39gZyNrClrlbXKWmVNWWuqNUu2bWR3+H8rUk+Grcb3xQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLjZLbi1JRFMb9N3ro8mYgPqSBCIEPoQSGYYVREkxxTLQsREkjlRG18doxZbyGF7y8HAONQUgnENEHQyFmJqEnoQf/gBDKl/na+1RDEz6cDYvF3uz1W9/+9hIBEP0f1Wr1XKlUWuRyOaTTaUSj0W8+n0+86a5o02GhUHjX7XYxGAzQ7/dRLBZhMpn2BAMSicR4e3sbyWQSFFSr1WAwGA4EA4jcMc0ulwudTodXoNPphAOCwSAPcLvdaLVayGQy0Gg0wgFer3fsdDoRDofRbDb5p6hUKuEAu90+LpfLqNfroCpisRgUCoVwgMViGdEvJErQfGrD4rkTP23WYzx70iPBbAQ0Go0LJNbUcbPZjHw+D/KdWHpe4PiQNJ9+wrrF4cvN2zAajb5TAFpM5K6n0ykCgQD0ej1kMhkkEgm4uwZ8jcfQzLjhTN/Do9c3YAxehZq5/PEEQLryxavVCsvlEovFAvP5HLPZDKPRCG/qIfi5B9g72sXnZQ9s34o7rBSKx2fifycPk8mENy2bzYJlWYRCIXg8HjgcDtx/pUbnMInOPAW64vsmsPtmCvjBA1KpFIbDIWgmcw+/38+7b7PZwDAMrr+8hO7RW/y73h/sUsBvIyKRCD/zdGzb7TY4jgPxBZVKhTfyiu08Yr2H2Olt8cU7H7ZOK7BardBqtVCr1XRgoFQqIZfLIZVKIRaLIb12FrfiF5HoMXxnmun+xAMhQS6HSXynsv/kMD3/Bc9MubHqnCOyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVBgZBcFLLkNRAADQc1/fU6qkhFRMMNIQn8TUQCJWYBE2YBkWYQWMJIZmNuAXCSoGFUGIInJf33VOSAAAAIAcgLOFt3079flaEdTS50M6nT7YeggJwPFle6nhAoVhc370rnaXcwBSp62GTdxoGdPrkAPQD5OSbRFr6oLvjByA53CqY9YUvjy68YQcgELTuTd/khENbQk5ANGqFUSFnq6WW2QA5Op4VuhreJVEZACUAKiJkogMgIEKANFARAZAKQKolColMgA+f7vVkBkRSeYjvf6QAfB1cnnXNWTUhHHrXuLoESEBYO/aYjNUSqX3snk/2DjshwQAAAD4B9GUWR0G4scKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLnZPPS1RRFMe/b3zk5DCVmlq+0ZBCoTEXWkEELmzhqiCocNWyTav+gfoX2gq2bhET/VgUIczKoVUGxthIKqX1tAmG+cGM7/56nXvezDCtDC9czpl7z+ec7zlznxOGIY6y5p/N3ZVKLcb+J/j+23uphczt6x3wLYKfe0Nne53DFBB8QQiZFkK8FFLNSynjBL86MzDY9X13t3qoAoJ7Cc6kBrwYwR8Ifn3OSzFM19POYu4xSzAmpG2gaRutQYFQStOW+H1Qhh9WcTKZRK1exy9/D+nEEI4hBjdtPAwPX2pXtC2FoWlu6yv2Pxe/YulLBk7o4MnVBzgdP4H19WW4LTAIqgxYFRGsyddtez7ej0cX71AFg+NaQWsJKRtRAgtYsKfnFEZGplGvl7C/X8Do6BU6l1hbe4PJyZuY6nKxsZFFqfSDz5UKELM92grGKIa3tz/SxQHBl7G1tYJa7Q/Gxq5xcKGwTEX6eC6RAkqgteI+7YFdlYqPzc0VNBolTEzMIZHog+/nkUwOYnz8Bsrlnxxri9pCMWMa0NyTTQS+tBXy+ffI5ZZ4Lp43hWz2KXZ2PnErVn7EBHCtDCtfa8FDmZlZYGlC1EhuP99VKnuYnX3IfrH4jeGobQ3X9hZlE1hdfdGeRyug85+wtjXwyCq4QRCwpO7uREewafqm/bv1LujJNW30CZCCBvX7jvtWys4hIGvfg+AkkVzFQGT/Xc5RP+fW+gsEgchGXj0/PQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPLaxNRFIfHLrpx10WbghXxH7DQx6p14cadiCs31Y2LLizYhdBFWyhYaFUaUxLUQFCxL61E+0gofWGLRUqGqoWp2JpGG8g4ybTJJJm86897Ls4QJIm98DED9/6+mXNmjiAIwhlGE6P1P5xjVAEQiqHVlMlkYvl8/rhQKKAUbB92u91WSkKrlcLJZBK6rptomoZoNApFUbhElmU4HA4u8YzU1PsmWryroxYrF9CBdDqNbDbLr0QikUAsFkM4HOaCVCoFesjzpwMuaeXuthYcw4rtvG4KKGxAAgrE43FEIhGzlJQWxE/RirQ6i8/T7XjXV2szBawM8yDdU91GKaqqInQgwf9xCNmoB7LYgZn+Oud0T121KfiXYokqf8X+5jAyR3NQvtzEq96z4os7lhqzieW6TxJN3UVg8yEPqzu38P7xRVy+cPoay52qKDhUf0HaWsC3xRvstd3Qvt9mTWtEOPAJf/+L8oKAfwfLnil43z7Bkusqdr2X4Btvg1+c5fsVBZJ/H9aXbix/2EAouAVx4zVmHl2BtOrkPako2DsIwulexKhnG/cmfbg+uIbukXkooR/I5XKcioLu+8/QNTyGzqE36OidQNeDJayLe7yZBuUEv8t9iRIcU6Z4FprZ36fTxknC7GyCBrBY0ECSE4yzAY1+gyH4Ay9cw2Ifwv9mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKcSURBVDjLrZNLTBNRFIbHBQujG1mauDEuTIysNOpCiDZKZINRSYwoLIhGE18LYxHjgigRVCINRlEjYqZqKChP8dVObQMptAhtp522MPZBQR6lLdLACG3n984NmBgjLvQkf+7m/t/955w5DADmX8T8V4DP58siYr1eLysIAut2u1tdLlcrz/Osw+Fg7XY7OzAwkPUbYGhoKJsYQ36/H9PT04hGo1SxWIyekUiEanJyEgQKm80Wslqt2RRAzCpiluPxOCJjI+jv1MFYX4O2SjVelZ+naq8qhfGpBp+7msmdMKamptDb2ytbLBaVEntQMSeTSXrx7sHtf1TjhW3wPj+K4bYK2J/sh7XtRoghcWYNBgNkWUaKQD7UVUF7qRj3j6ugObST6kHRPujv5GGcU2PG2QkkxhB3NsOiOSwzWq12dGJiApIkIZVK0XNxcZFKSUY/TWxCTCjHQrgd459uY55/jVSwG3zDGZmpra3VYakSiQRI96EAfzZO7EDMdQ3p+W7MfzmLqPUcPGwJnA2nYH7z4hmTk5OTuwxQmkPGBlEUEQwG4Xc0IsZfQVqyYE4shjRSiFmhDIGGfHS/I802GtcymZmZu5ZfV8yBQADhcBi8uR7jNvWSuQhS6Bi+ua5CfJiHsMsMjuOidIwZGRk7yCgH0+k0jawAhB4WwvvLJLYZUqAE30dOYIYkGa47gK+iEx6PB6TxFymA1GoF0tLSIhAQPr68BXdXGRxvazDaV4C5QCGi9lIMP85HJCTQHhGz8Zc/kdQqojUmk6lZV6UCZoPwPjoCrmw9esirPdW58PVzSmyZmHUrLtP1k1uSC5Z7WOjToK9iD5pObwLXrlXMKb1ev+Gv21iwe510s3hz0lB5IKmv3mvqUG/duNI2/gDNuAiQNZy2IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADNSURBVCjPhZBNCsIwFIQnWvAGunHhSrBbQT2Op3EvCJ7JCxTcuhB0YytaW9N0fElbbIs/GZI8eF+GzFPE79X504dXXEq1GyytFYYYoPvh6RkH5raYJqE2GZtKuFljhI61mWlz55URY95FES88CXIsEQEs/xCl7rwx5FmAWKqtIEqAncEe2gWiyOCJRZVh7hVZ/erv0rYKkSNDv4qpELzjSTt3e1yfg1+fgAMMWAeCxghyB02+ORRf5W8HC/mfHdi61XJ162WoS7utXc30BXX/jFnkwiD5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH9SURBVDjLpZM9aFRREIW/ue9FF2IULDQuaYIGtTBRWGFJAgqSUsEmjZVgo4mFWBiwVVjBHwjGwsbCShExIAghoEUMARGNGFJYhIC7isXGRbORvJ0Zi/dWY5fFCwOnuHz3nDsz4u78z5HTlx6NDB4v3KjWvd0dMMPNUFPcHHPDVTF3XBU1Y/uWZHVxsXzl6e3hibgwUBhvy7WH3bmWHm5fres4MBHXEw/16s+Wra8lHgBiV+f6mX0tA86VlkkBbgCsNxQH3Bw1MBwzR83Qhqflxro63Z0dqGkKIOuCBEHc8SC4OGJCCIJIQESRyIksEDfS+9bIAE1SAFwEBCIHEzBzIocgEbGAiqMhdWxqWQTL5kAE3P8BiYCrYwIuQBAii1JAM0JTpAxJxQaQxUJsxvTbSV7NP6e2ukLSSFjT/cBJ4kaS/HEggLsjIvgG0Is3T3hfnuLYwFG6dvbwcuEZcx+nKY7mbwbPskSAZC4k00GEIMLk64ccPtCHBqVvzxAqCcVD/QAjwcz+Rsg+M4gQbahv37/QJts4dfAiAJdP3Gfvrl6AXFxeWn58/k4ybKqYGqqKmaFJgplh7lRrKyxUZpmvzDA29IDS1Fly0VaAX7KZbSyO5q91de+42t87SE/nET59fcfshxk+L9VuyWbXuTiaLwEXgA7gB3Bv7m5l7Dd8kw6XoJxL0wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLbZPLb01RFIe/c3pbvdU2RYsmfUS1KrdaqkGQCANDzyZMjEhEYiBiYGCkf4LExEQiDDxiQARh4DWoegxERG4IQkQ8cnsb2rPP3mstg6OlcleyspKdtb71++2dHZkZ24+c7TOzywYljA2GYQaYkRWbSRWPd+V398+d6ALIkTUcNFjeX+iIvn4rYzY9BBlMMYXx8i+mnKGWW8KfyACwqb/QHm0ZaKejtR/LCKhptlWz7S1NddTV5ti44xCzAJjN6+/r5ObTN5RKk5gqADqtwgxTY3xiksSl/Bt/LBDlanL0rOike9F8RMBMUTVEDFElqDGVeC5duVcJYIgoH75OUBNXkyQJ3qUEzc4DVeSqa2ieOwc1qwAAVJQgHuccu9Z2Z/IzdVj5Gd/eXuSF7OW/+b8KvCjiA0Fizt97hfOBIEYsCduar7C0Zwul4iPM8rMA8TQgBCX1nlTB4jlE1XmozlOof0nnkg00tg7Smo7R3jheCQA+CCEJOC8kQUi8kJcv9DJKQ3MTMnGNtoF9bG17TVVcSYEo3vkM4AXvhYI9pK1vNyTPGTt3gfqmKZbVf2R1m6tswacZIA3KAimyclFEw7xJ1L0DU+TnE7o2H2NXocTYqfUNMwA1Iw1CcAHnldSnrJbbNHWsQidfYDrF0HAvmn6mtrbI4MZhgkuPzroDEUNSwXmh24/S2zNIXcN3LPyAqIpnV4uAokmRlmWdiPOHH4ysKMw8I3HMmnUDWBQx9OkuLYXTEL8nbmwBjLX7d864rsovpWvr8YXF6yMnpwF3bt0YPZD9PGNoeZnHZ/ZgapjqrBppkNgkRRUzW/wbVUOsic+TyncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLpZNtSNNRFIcNKunF1rZWBMJqKaSiX9RP1dClsjldA42slW0q5oxZiuHrlqllLayoaJa2jbm1Lc3QUZpKFmmaTMsaRp+kMgjBheSmTL2//kqMBJlFHx44XM7vOfdyuH4A/P6HFQ9zo7cpa/mM6RvCrVDzaVDy6C5JJKv6rwSnIhlFd0R0Up/GwF2KWyl01CTSkM/dQoQRzAurCjRCGnRUUE2FaoSL0HExiYVzsQwcj6RNrSqo4W5Gh6Yc4+1qDDTkIy+GhYK4nTgdz0H2PrrHUJzs71NQn86enPn+CVN9GnzruoYR63mMPbkC59gQzDl7pt7rc9f7FNyUhPY6Bx9gwt4E9zszhWWpdg6ZcS8j3O7zCTuEpnXB+3MNZkUUZu0NmHE8XsL91oSWwiiEc3MeseLrN6woYCWa/Zl8ozyQ3w3Hl2lYy0SwlCUvsVi/Gv2JwITnYPDun2Hy6jYuEzAF1jUBCVYpO6kXo+NuGMeBAgcgfwNkvgBOPgUqXgKvP7rBFvRhE1crp8Vq1noFYSlacVyqGk0D86gbART9BDk9BFnPCNJbCY5aCFL1Cyhtp0RWAp74MsKSrkq9guHyvfMTtmLc1togpZoyqYmyNoITzVTYRJCiXYBIQ3CwFqi83o3JDhX6C0M8XsGIMoQ4OyuRlq1DdZcLkmbgGDX1iIEKNxAcbgTEOqC4ZRaJ6Ub86K7CYFEo8Qo+GBQlQyXBczLZpbloaQ9k1NUz/kD2myBBKxRZpa5hVcQslalatoUxizxAVVrN3CW21bFj9F858Q9dnIRmDyeuybM71uxmH9BNBB1q6zybV7H9s1Ue4PM3/gu/AEbfqfWy2twsAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLpVO7T1NRGP/dR18iF+iTQktEkHdDCjHgIGAX40AMMhrkD3AxcWBxMnExTigDPhYJcdFFHHxEo5HBVKlaCk1bFJJiaQuhpbS0ve29x3Ov0jiweZLf+ZKT7/t9v+9xGEII/ufwyjU7O3urUCh4SqWSQZIkplgsavL5vFaxsiwzOp1ONBqNL6ampq4p/hMTE/3UrM/Nze0yMzMzNRzHpd1uNxQ1NEBF8OsbXBk9BfHnI0y/64Bg60Q4HJlMpVJ3abBAoUgf4FpaWgI9PT1Gm82GaDSKeDyOnZ0dNDR14P3SNkL7fejtPwuGYbC1tTXGsqxOr9eD53kmk8kM8TRrqyAICAQCsFqtcLlcoKWAlgKLxYJgMIjFxUWYTCZ4PB4kEgmk02nVJxQKtfOKYzKZhNlsRqmqCXfe5pErM5CpPh2jwbDjJIz7+1R+GIpKJTASicBut6ulssqVy+XgdDqxsCyiSFjoNRRaFhKrwYfNKnQ4JYwNboNIWYiiCNrgikqVgHZbRVZiaW0cBQsN+wccR2Dl/ejuuwgLG1T96MRUqypQWA5ZlUOIDGU1GBag8RgUPsF2YhiC3Y065geq2JTqWyE4VEA7Ci0RUZZp/TKh8giMbBJu7UdUm2shZZ6jsXcSrcIGyqWiWkKFQGH0+/1w18TBlQ9QpG8SxWnNazi7LwEFH7yP53G8Ng8Ll0CbtVQh4JXse3t76nhMqRQGmpvV5lQjBredoLrugGZfp7VR0uxnNI9cx4Xd23jyPasScA6HI722tjYci8U4umXKPjCrK8sYaoqifWAUnOwDKe+ioctMOQ6gPaaDQd+FoPcVWf1Veskc9Zl890eumjsv3qtvM9CsXtpUEUvPgugf7wTD1QCG8/jy8EaSyPK5Iwm802c2XZfnGzl2g2ZP/V37w0NHa2hHYuUbwgs3n/JHfdFyUdT7HoznCZ0GzfIPSMVCsYTU/wbkK6iCy8xjQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZNNaBNBFMffJNumS61t1cRYUYwGvHgRj+pNUYmkh54UPFnEgrESaA0oloKC1UuEKmoRD6HgoSIRK1ooUhUMoYpaBWvS9IvmUCMFYbs7Xzu+bU2s9kOwC392Zva937z57xuilILVPK5/BbSkmtzR16di/w0QXNzhlB9f7jtZ6QjNA41xf8WmZoTAyHTuG6fsLbX4c2axh4+b+iZXBJx9cfLyxgr/hR01QZC2BIMZUPjxHfKFPAyPfk0ipGPgYuqNtlTy+cR4iG1g5czFgEkGM+YMaO5y0DwabNu8HUCR+vS7Qdgd3RVZ5EFrYlyX0o7fPpJozeazne9HP4BlUchMZIDimwoK671eqPPX1VOTNiyqAJNbUEFn3H3sUeRo54E1Q8Of9mDJ/Xj+hv17921xKqmurQFG+aE/ANH7uYC0VQwBpTXTsBoxOfaqLX0FS4anvc/OcSZAoKSQh8ExsahIVybZ0TOmTt/6opx5zyBLogILY/5WyYNIVza0rtIdLiP4739XELYVfH6QZpe6U0xftpHO3M2gcTLuwZlhyRIAk2Gnj+i+KtIupPp476UVWhLgGOerKgtyboPFbCh6gH7MQao9BLbWkuBanTy52W8mb/TNBooADc87Zxx2FJiYjDstAAAwoXANwO0i4K0kzo7hsYI4eK3XuIp51zUsN44DPTc9+2tHlD3fnQ5saAqh9vy4KATrGNuOYSfIaq/zT68cX09iiVY0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADMSURBVDjLY/z//z8DJYCJgUKAYUBE+440IHYh1gAWLGIzgXgPFINBVFTU/1+/fjH8/v2bAUSD8N69exlBcozIYQCyHUgZAzGIdl1R6bGHVBeEAjW5Qr1QDnOFj4/Pf5jNMHzmzBlUFwA1hQIpkMZ7QKxErCtYoJqVoDaGATXcg/JBBnQAsYmdnR2GC27duoUZBuQAeBhERkZi2IKOYbEAop8/f05lF3h7e/8nZDsy/vz5M5VdYGtr+//nz59Y/QvDf/78QcbUcQHFuREAOJ3Rs6CmnfsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALqSURBVDjLjVPbS9NRHN9T/0BWFBQUVIQKXigCpVIyygcDJUrnZdNEc5hlmZc0TdSF0bxszs3LvM3pXE6Xa3NL0TJTl7pcTY1Ec5rX/WxqCrHhp7NBPaRGD5+Xw/lczud8vzQAtJ0wWhLp+4kbUThSFGrQFwTrB59dE+ryA/3+vreNOMaPOmLkMeUT4mTMaoph1klh7pPApOLAUH4LPTn+X7qzLwXsKDDGj0wy8hibM+oCrI9pYTWGA0ZnWEd8sWZQYvXDC5g0XAzyo6BJP5f/R2C89OYeErlquiUPP9vogNgF1iYfbH10B0zxRMQFC4oszMsz8F3XBOqdBKqUs7a2B6fdHAIkMnu6le1w3WrwBLrjHSKWrhhYh72w2kVHjTIIae3eKFJexkp/I0YlKWhJdKsgZIanoTjMtlHPxSY9BD/YgbA2eGPteRjmWzOJazrmZKl4rL4AQT8TD4nIfPMjzKgKIUtwNtJIyxXftISclICN3GxYfHyw3FEEy1ALLIPNsOhkWGzLw5umCHCUflBLr2O29i4WXgnQwDpB0YY5NyapASmoxlxQrGAsFrAIWQ6D6Da0GecxXBaLFfLmuHI+TgrkCBCIYKqIwVKHEHWxxzZp758GbTrc9AqYu4WYb8kkRcnsLcPejzL5DKi3dfAQSEFX9RKRZkzxQklKIaqjD4PW9+QqVy+IxmdpOkwvOaB6xVjpa8QQOSMtY4DHAPW6GuLSVFwprUJxSQYWlRyMS9JQGXlw3PELZDB8OzN9c0hkdXua1/pYfTKonloHkeoWYVachCkuHZNFwZhrTMeCmov2rIsoY+wL2TaJJLKr4r6HzUyIpso4R9yp4mB8LWFgScPHtJyNjhx/CCOcCnccZTua77jKRkiJy51lmKlJxJK2lJBLoOMxiet+myDcKWXXXbBDGn/KTcI6brO7TUgzMcBl4Pk9d3tkhSB8r+s/l+k36mKOJpKW10VRh/TlzAOFJLLnTvd2Ffhf/AKfTM1hskDhXAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALFSURBVDjLjZPfS1phGMeFXdef0bVXMeiiQS0hNeeCuuhKUFzKEnU/lDEKxZazaEop20Ub1QpaRhdrjFVgGY4RyEYuj80y7SfMNH9l/vzufV9mrO1mBx7Oc77n+X7e533OeXkAeH+Gz+dr8ng8Y8vLy/6lpaWfi4uLybm5udD09LTr7ZTr1t/1V8nm5mYdMTuJuRiLxZBIJJBOp5HL5ZBKpRAMbsM1bim9dJqnxhxD9dcAv80fd3d3Ua1Wkc/nQSHRaBTxeBzlchnV8gVKFyF4VmZgsz72Dj17Wn8FoCtTc7FYBL1KpRLoczgcxvn5OYMWLo5xmd1G5fIHPn14A1P//SkGIOabpO1KNptlhkwmwyBHR0fgOA5UL5dLyKU4FLJB1kWRhE57r/JAr27iEbPz4OAANEKhEDPRPVPQyckJywuXKQIIEGOM5GekwwK8Xi+USqWTx+fz8b9BZ0PByWQSe3t7kMlkXxkgEAhgZ2cHGxsbmJycZMX0fnh4yPSaRgcbiUSwv7+P09NT9PT0xBmAFtVMFEKDajW9dvd9j+BLIMyCix5D2tl19g9gYmICs7OzsNlsLNfr9VhfX0djYyMsQ1amWZ/bMP56BoKOTu7aFtbW1tDc3Ay73c5apJ+SahaLBb29veDIkKlGO6Q1QpH42z9D1Gg08G9tQSwWQygUQqFQwOFwwGg0slxEdGO/mUF0Ol2G/UikwElXGrSa2WoU4Oc+o63tNlZXV+H3+9k23G43BAIBLPZXDGAymfIMMDw8XGceNK08eqJHn6aPAR4a9GhtbSWQNkilUhY0b2lpgUQiiVMA+Q+SV4dpYGCgTqGUv5PelVZHX4xi3j2PhYUFuFwuaLVaGAwGllONnM7EyMhIkmwzeO1oNjQ03Oju7pKJRKK0XC6vqNSqqkqlIp/rzqFE2vFerVbnSOTJu2x7e3uEDJz/C4Myz4QSsAdYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHlSURBVDjLpVPLShxBFD3T3WOUUUGYByhkI+50o6Bmo3ErAVG3Qvb5giyThets8gmC+DYQzEaGBMUnBhQRJAEXQuZJ8Mlodz28t6rbGY2b4IXqU1XcOvfc01UxrTWeEx5/ptbOssQzILVylVKQChCMkucagrA6JKTQtK+uJyc6Gg2B0npwvLfJ+Z/KH2Z+J+4VEJs5nFh4B3BLUhCrBILAzv1bmvvAbWD2rt9nCSRqCCIfCFtTdFjYoUVIwgQ0BJEc5UxmIGoJuGkTMeBPiQ4qq4R8MEpkhJSSyZhMPyQA/4XP33L6qhLoKGbW8wZnNwoG5zftennLYum8ot9+2uWpVRBQBTISc5tFsBmu62BxqwjPBb7sFNFQ52DlZwnxOOFeAe3pevihB07UArvguTGMv0rDo92x/jQoHyO9aZM43J2y2GNbEEJVCVgBt80Hv+5RJdLFFR0nZpAjwqXtQmh3LQGxcT9xkvymJ/WwIiEridajfVZB4oVXJeBbx+FSxdX98oOK2YMyAoV/lER/zrP9COsB0Q11JfH9sIzXnUn8IBwkfBzHp+dUrOYtGA+ohc6Xjcj9raA904CT/BXaWupM8lOhwssXXiR98XH6V7NPRHzDeEjyJTCPRzxJcHZ5kzdX77nP+Q6ZHT+VaotBJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC3SURBVCjPvdCxDYMwEAVQSxQ0CImKKldE19FRITeu3LihiGQGYYKbIBtkgtuACdiACW4NcgEnpKJE11j6T98+m9Wcj7kERIqsM6ymHwJ7dvQJmhvSryFK5N1rLFtc4gT8Bx4JOO42gC+Y6wM8pJ/D6Ec3dnOrAJ9ga64O0EtIDS3fBS0sGi/FklMCQXwCjQIoa1vZYsqnrEnAi0sAGWQ/5Zx9r/CkT+NW18QBWMu39TIydN1Xn88bUK7xEQPM95QAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI8SURBVDjLpVNNiFJRFP70ac80w6FEJ2FqsDKmSRpmU6taBRGE4aaCYPatat1qtu3aRosJI4Ro0Q+EIP0QCTM4WhSBBqmkJJr2cvx53vfu69w3vXIapUUPPs69553zne+ee67NMAz8z+cY3aTTaZkIzxMucc6PkD1EoCV/T/YT2TuEdCwW060cm6WAkudofd/v90eDwSA8Hg/cbjfEf0VR0Ol0UKlU0Gg0XpPvYjwer5qJIkAglUo9L5fLopwx6WOMGblczkgmkytWnt2SQpujgUDgn2cOhUKgIme39YCcJmO9XofL5YIsy3A6naav1+uh1WqhWq0iHA6bsRMJHA4H2u02BoOBudc0DUzJw8PygHTG9I0lsM4kSZKpQBAJMHUDanMNe2ZOQS3lKXkeuv77Ev70wFJgVmTMhAjUGi8xte8Edk8vwNl9C32jtEXBNgIziUhMdGsYfn0B714f9B+PMH3sCvrlJ+A6m0xgVdc0BvXLM/gjF4DBOlbv3sMuXx+DWhZevSSPJRCwquvKR8i2IbxTPXD1MzWJk/w1zJ6+jiBb96zeOundQiCki6uiSYS8QwKvPIVv5jh47x3l9rEYj4APa9TgAg5Ez0maOrz2t4KlTCbTLRaLcH7PUuOicHubMLRvNPASsg8LIgp8UID/8H7oKrv6anl+zjb6GhOJxCwR3TiorCwtXL5tl+wlImiLSx6ZRTuknRHUP+RReLz8wDbuOb+5udg0dO6mY9sN0Vyu801Ls/LLYrPp2Z9W3anPTwD1kQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACtSURBVDjL7dIxCwFxHMbxX8mmDAa67tV4D7wDZTolMlzpn+QoouNlyMZ0Vyc5g1v/JQPdYlJGmb5egbpLNsOzfuqprwDyzeQPfABc08A1FdOSZlLQODlFL2OkARThGGIfLhsIujxtUcmBWVETe3AcQNCGaMG9KTo5MMprTkvYdsCzYD/kWk8D9LMK34ZoDqED6waHaooLL1uMR0vUzRJ9roneVUStymL8S/wR8AaM7e7IrixORwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFGSURBVDjLY/j//z8DJZhhcBtwa5ou062Zhp0PV7udvjVNO5lkA25M1Cx4czL//+/PJ/8/3xX+9myrqgfRBtycppf26mDs398fFv//cKXh/5vjdf/vLg74ui1PMZIoA+4utF7/893K/z+e1f3/8WLW/w8X6/5/e9Tw/+YM+w9EGXBrpknbl7ud/789yPr//VHx/2/34/9/uxX6/2y9xWe8BtycqmvycJXbqac7Au59uhn3/9ttv//f70b//3oDqLlB7/uiCAXcXrg1wyDm7jyrc98ezfz/9U7w/2833f6fmWD+5Xyz6YtLLWYvlscpBOMNxIerPc7/eLbw/6dLFv+/XXP/f3aK9deZ0cpJO4KleA/EyfISjMbH6zxO/nzZ9v/rTd//ZyZZfZ6bqBJLUkI62WvSenW+68vTvVYPlqarhg2DvEAMBgD1ZuZTUbWrEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC5SURBVDjLY/j//z8DJZhh1ADsBjjsspIC4gb77ZZX7TdbXLVda9Zgs8xEihQDGmZfm/7/0KOD/3ff3/V/6plJ/y3mGjYQbYD9NsurBx4e+D/10tT/nWc6/i+5sui/+RS9q0QbYLfB/OrWO1v+d5/p+t96qvn/3Auz/pt0aRNvgPVyk4appyf+X3xl4f/ZF2b+n3Co579+mSrxXrCcZyhlMV2/wbRP56pRq+ZV3SLlBq1EOanRlEgjAwAXIuIDq5qm/AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxDYMwEAXQkyhoEBGKIipcRHTuXFk0riwhGgoke4JMwARMkA2Y4G+QCdggE9waxAKHkhJd+Z++z0crnQ9dAtzk4DD4lTpvYaAnJeVcQ7RHg+MBuzdQrCq51JP4PLioIhi4j0DjydLXISibG2dNBD13ix3NqEe1SN5pgeyb5hF0bGODRL2B4p0hlccOlk0EYTXe4tdKSU7/HQzrCATuXDShHAlooXYDZtJQkOGbwpcIb89bDJqvO/X5/ABgCuuOdgJr8AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKLSURBVBgZBcFJaFxlAADg7/3zZkjbYBfTZIg1SNVCFjW2hgbUQwWXHkQDHkUPgkcdiuBFiEVvXoJ4kHiqiHhQLAUXqCjGiNGaSG1Ra9pqp5JI4tY0y5u3+n1R5xm7GgMmxVoAAgIAAgAgx5KptO143Bgw6fYjLX2HqNUJMVFEiIgCISJEqBEhQlWwdKbV+PiUWKyl7xCdGs0xalj5ib8WCIFaQKCGKFBVdPfQe5DeU60Y1OqELu6eAEyQbbB4mosfUawjoqoQ8e+fdN1ISVAiitlc5tyHXJ5lY5X6DoYe5+jr9I8DIrKMJCNPSYkFhIjNZc6/Q4iIAz2jjD7JzgEOP8/CNBdP08lJO2QFCUFAQHOMJ97mgVe47THWLvP5i7RngIPP0jdKp0OSk+WkxEqoEaG+g72D7B1kaILZV5l/k7J0bO5l68maN6oBjWSLrCAhCIjwz1k+eY75aTZWqW/nvpfovomZKUnWsa9n0FPlBWknIytJiQWEQBXYWqH9Bcvfaa39qqpyaZlJ80z/ngMGm4ddTzY8ujXnZGfEtpRYCRG1ivEXqHfT/lL+33kPDj+tqEpFWShVlq5ddce+e62nW460T/isIAahYu8I/WNAlUvOTSuq0pW/F2VlLi8zWZFZ61w3evP91rNNY3fOioGIrRWyTerbWb0kyRN5keu7YUBeFoqqtHytbU9308LVr/382/fe/4FYiipHwafHqO+kfdZWmTjxzWvSMpXkqf09w8b3P+TMlVk/Ls54d/cjDiQnxf4wZenblt4xulBk3HKXD7IRsoK0ICvc8/tborDNL5fmvLf7qFvbbRqmos7DdjWaJjW1lMiRIEWKBDnDQ6yr+Wq+MFCgYSpZcvx/t+Akg61CC8wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpVNLSJRhFD2f/+QThVHKJ41Ti0pblCAKrtJQ7LGT0E21CUEisFUtioIeIEGLICkwahUtooW4aAQTcahNBWE1gWOY4yQIio8c5/vuo8X8jYuCBO/mfmdxD+ee+x2jqthJ5WCHFYg97U8wc7UIg5nA7EDkQGSz3TkLIhs5dWu84y8CZq7e09IJVYayQIUgwlAmKDsIE5QJH4aftP9TAZGDCCG9koQyQchB2GU6WQhZ5JVU4lHxAAZvvlEmBhMzOeqbvHfycYDIorzu9H935fExXO9pAIsisbjuPXj5/i6ADMG1kRnEkmtgKyDLYMugNGfxwaoikCNYUtSHgjgaDuL+83elABBwLo3e3ZPYyJn1JTuwL/0PLiwL4UKiESUFBrMLyzhQE4SzDlkCcRZsU/6gyw4K2YyR5OCsgyPBl8Q6Upa3CKzdBJNFbnF5xnHynRfyL8BQcji29hru9lWEk3HY0gq0ppsAnIM5c/yIqgpEBKoC9buoZrAqmosFnfWVqGvrQl64HqlPEUxNjGLl29dLOS9GP5qppPse3N+MqsOtiC2aVKihEyW1TZheyh0bjsZNI8/NHGrrQn58HOZZDwpnXmFfbRnUaH/Av9LZaDQ6ACAFYCgSiVz0330A4IkJ51eEgROXtz7QjUp4YmrNdsIUaQ/MtXSfryn6MYJ0agEbANZWPcTimN9WmApLy4c+v52gn5sFWPV2YXnJYHresAIPzXbjHO3ee+XXUrLXYxNiT+cVGOyI0J3frMiI4RHtXVwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGvSURBVDjLpZO7alZREEbXiSdqJJDKYJNCkPBXYq12prHwBezSCpaidnY+graCYO0DpLRTQcR3EFLl8p+9525xgkRIJJApB2bN+gZmqCouU+NZzVef9isyUYeIRD0RTz482xouBBBNHi5u4JlkgUfx+evhxQ2aJRrJ/oFjUWysXeG45cUBy+aoJ90Sj0LGFY6anw2o1y/mK2ZS5pQ50+2XiBbdCvPk+mpw2OM/Bo92IJMhgiGCox+JeNEksIC11eLwvAhlzuAO37+BG9y9x3FTuiWTzhH61QFvdg5AdAZIB3Mw50AKsaRJYlGsX0tymTzf2y1TR9WwbogYY3ZhxR26gBmocrxMuhZNE435FtmSx1tP8QgiHEvj45d3jNlONouAKrjjzWaDv4CkmmNu/Pz9CzVh++Yd2rIz5tTnwdZmAzNymXT9F5AtMFeaTogJYkJfdsaaGpyO4E62pJ0yUCtKQFxo0hAT1JU2CWNOJ5vvP4AIcKeao17c2ljFE8SKEkVdWWxu42GYK9KE4c3O20pzSpyyoCx4v/6ECkCTCqccKorNxR5uSXgQnmQkw2Xf+Q+0iqQ9Ap64TwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLbZNNaFRXFMd/72U+dDLNRItGUSeJiagTJ6IQhdhaWoopFCJiF10UBAXpSlHcddHi0oUbkXYRFURE/NiIIjSkpCpdtGoTJG20iUMsMZJokhmqee/de8/p4jmDggcuFw73/s7/nPu/nqrSe/hch6peUZhD6VYUVUCVeNPaEmcwYbn06/nv1gIkiA8cVNhQLOS96ZkyqtVLEMMEFZgvv2IhVEQTrbyJGAA7i4U13qeda8ivLKIxAVGJq0pcfVljhsyiBDt2f8s7AFSXFDuauXVvjLm516gIAFJVoYqKMl95TRBGvB1vWsBLpBKs29RMe9NSnANVQURxTnEiWFEWAsPlq4PvAyjOCRPTFVJ+kiAIMGGElThvqSORTFFID3Oy+xfqdnUyfLZHvWByX3UGiBOsM4RhyJ5t7bH8WB2qyp27fWxLP2dx8RtyrVuYL61n9Oe+EzUFxgnOWKzzuTD4F6GxWKc4K7Sk/2DPpjINuR3Mjv9Nyov4oGEF2Q/zuRrAWiEyhkhA/TReMgm+sjr1gL0bZ2lc20M4dYlUxmNiaBQTRC+Dhf+6q0PEWIcNLKFxWCcYJ6zkPl93lMi19RJM/oSfsiSzzQSzI4j1P+862v/YrylwggkNoXEExrGkfJuv2sbJtfcSTP6InzRElRaeDtzj+4EGth7tHwLw327BRDGgsXKXL/LPWN7xJdHzPupSSlhpZur2fX4Y+Yyx+XTtGf2qYSLrsKGl/lk/vflphFVMPTyFEPBqdhWlwYdcW3SYF1H2vUaKDRM5CjpA4aMzPLp0jMd3fiOd30x5ZoqbyYNkMktRxhCRp+8oUFXwfbq2d/JofIZo5Aatmz+mvn49//75D0NNh8g2tWGtoAphENbs6Kkqn+w/3afKAUVZ8eQ4W1uX0bWhhYmonqulTuZMtvYzUa7/fvHI7irgf/y+taODWkwAAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK8SURBVDjLbZFPbFRVFIe/897rdDpgKqKTDi6GtmOLg67cuGwixsSNoQujhLDSjYkLumhQg+BCTFgpCxeCJDZKQggxmrjQxoRgjG2thRaskkxptECYEmWG6fzpu+/c42LKaNWb3Jvf4n7fyTlHzIwDb55JPTm0YymKJH1p8WZh4ti+Kv9znnvx7d5dTwyUarVGa3FhdnDq69OxmBnAJsmPC78Vzhw/sEnyzOih3qHdg6V6o9FavDwzOPvtZzFARwCw/41PU8WBR5YwS09PLxa++HisCjDywsHewuOPlRr1ZuuXKzODly6cje8zmwQAe189kRoeypXUJz0/Tc0V4rjBUHG4VF9rNn/9ebYwf/Fc/M//YmaMj4+/A7x1X2ZmZLPZEEBV8d5TLpfVzDAzVJV6vf7uxMTEkWgDOFx46T3599DMQA28N3xTw5v3HE0FA+6e3ncYOBIAZDIZyW4RAvkvnKhxq+pYqToSL4QCAeCcE2hnzIx0BH1bhSj4G27FykolphZ7QhHCoA0EIqgqHYFzDqdtcFtaEGnDd9YSzLMBCwFCIEJgdAQRQBzHxB7YqJwSo9pSQBAxAmD46kn65z8iVS5R680x3Ubbr6riFLyBek/NeTKpAKdGEEBh/hRP/3GeXftfobt/N82Fb9hxcZLJPV2vBwBJkrCuRpwYa7Ghvt1nVwhmQt/MCYZH9pJeuoB88jKZ658zsHM7Jnaw00J93XAems5IFNQMNcHEeODu76T7+uH5sc6WoqM5Qi87I4Du7m4qk8dZXl7m2LVrjOXzOOcoFotcnZtjpGcrjctfseXL11hv3qYB1O6FaMitqLMF58jlcryfzfKoKqpKpVIhn89zo7bGlR++I7+9hyjsonYn4Xo5wPAfipkxOjpqq6ureO8718w25WcfavCUrPAwCX8S8n39QT6Yui1/AWOZi6sZoXAuAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLjZJpSNNxHMb/VhTUi3pjVFoyj+wyPDG1sDUTE7ES1zCPuXRbZjZrSk63qVPzKNuc+ncmHmPOeU3nkYkEmnjhlVdaBPoiddGbMDEoj6clZEYlvnhe/fh8+P4eHgIAsVWE/kdY4wVWC7NqE0yXUZZLeebFvs7mu3+9bwnzvE1pMyrK6lzFYWxOYaSFbFuCYqaxfK7OEfOtbHzty8a81g1zmqOYKLD4vC0B6b8/Wz/SioVuEssjSiz2kJh93YL2FLuZbQn8vG9wJssfrH0ZrcXqVB2WJnTQd8ghCbmo/aeAQ7Vi5bMuLciDqSBDacsRDJtB+cPI73otHx8akqFvFKFLcRdn2adbnGLP7PtDwHSzpOWzPFZlgVRsTomUh9zCVGTmiZD4JBYNb8qR1i6Bjdi6zJZ/fO+GQMqw73oWcQ11SWGYrBBCzadDHkyDguuB0hEhotSuYJfaIX0gGjVvixGti4JLhBO5IchjWNS8b9f8VZgmngrpcBzClY5IbroJhuIE4nq5YJGhmCZ9/18YT30B91TnwFU6gFVsC2E9HdUDOYipuYrL0kMIkDIwX+TzW7DDIUeQJ4jaKCxS5QzdMAntUN46WDkgg+xlDJS9Wbit9oRT+p61riIf9jps5FYZ7scfWuz4CDyq1kJUokGY4b8/4adtPGS2RiKthYOkJhYkz7lQdKYgqOw8rBKJFYLiraDTec1LjVOrSJ0E2P1ASAcQWHQSVf0yqA0LVPZkoaQ7wyC5g4JOCThqL1BExCcTAWFLjKU6rgzW5oJfrwezFWDq1hCoWcP1AnNcyTEFTXoQbo8PIKTUFeSrJNxSecJMROgPC4hT6zuYyXGfr027jwBxHzhtAOuF4QIdENwIBDUDjIxpiPnpsE/dBaaSBrMEYtYAW28s8Z2K69Ii8Yt3ppfrHKMHQBWPGTIOqnAU7vFDsPCqmsmNCU+yFBt9O5awE8YCgrJ5vT8AXgaV02he+4MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcHLjxN1AADg79eZttvddttll+WxIGrAV4QYTbxoYsSLgjc5arx68qCGf8G7J+NBEg8e9GqURDEmEiOJAWNUwIi8sryWDbSdmc60Mx2/Lxw78caZ1fXVo1EUAYAAACAIgICymrt/7/6P8er66tHPPzklNIJyPgNAENRqAWSzBEFdN9TzWq3y0ckPj8ZRFKmUwuxL6fcXrJzJbJ18xFKv6/LlX1xMP3Nra6jXW3Z3eyiKm0Zp7t1jtWYcaQAMh9uGT7eMkkR2+m9JcluSJEJxQTEZm2Rj00liMkmUeSqEOYI4APr9ndQzi+/v4OPz2m+tWd+zV2d2xaQ8pDfoaUUNcbMlyXIhFAgaQDAcDiXJ2MP1ymilNPn6X6q5OvvZrEhk49SsyBR5alpkQqhBDNDvr1PPDPrLhu89Y+XTbeUre7TXCo9MtzW7+y22I81W0zibYkSgQQB5XkiTzHA0NF6qPHiC/Iv/1FWuMf1WPklMi1SeJubTVABBHACdzkB3OdVfXgbNtx/V+eCsuDpg7+pf8s7ERvcP7daW6eSaqPGOgDgAxsNUkhRI/bZ5x41Zw66DlSdPXbZ5PLUr+kYx+slg8Yj2uW1hNRPQEIKA5cFuFgZ+z0rXpk2DwU53XjtgX7xisrXXoDuycX1B54dLbrQqdbMFYqjr2rmbV13YvKTb7cnzXJKkkqLw61MNh7+6Ijl/3eZK0+3nHzdqBvtbbRAHZGVqq5ppt7qWOn15MdVd6Or/ed2+W5lWkwfPHnbzsZZ2e8HStKCuQUwQQkPPsknItKuOxdC16+I9rc2Jqy8dURxMvHz2oX/27xa1m5irZqWAuCwrVVXZ2PGcjVUCCMIhvMpaCCC8OPdCNBMttESNSDWvlFUlvHni+Hc719dej5oxggAIAAAIAIGyrGzd3Tr9P5JrNp8Zt4rCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVBgZBcExbFRlAADg7//fu7teC3elQEoMgeDkYDQ6oMQQTYyGxMHZuDA6Ypw0cWI20cHJUdl0cJLIiomR6OACGhUCpqGWtlzbu/b97/3v9/tCKQVc/e7RRXz+7OrSpUXbW7S9tu8ddv0M+3iCjF1s42v8WAP0XffKi2eOXfro9dMAYJ766SL1092jfDa17DfZgycHfvh7/hau1QB9161PhgE8epoNQlAHqprRIDo3iqoYDSpeOjv2zHRl7atfNj6LALltJys1Xc9+CmYtTxtmR8yO2D7kv4MMPr7x0KULK54/NThdA+S2XTs+jOYN86MsxqBGVRErKkEV6BHynp//2fXbw9lGDZBTWp+OK7PDzqIpYiyqSMxBFakUVYVS2dxrfHHrrz1crQG6lM6vTwZmR0UHhSoHsSBTKeoS9YU8yLrUXfj+w9d2IkBOzfkz05F5KkKkCkFERACEQil0TSOnJkMNV67fHNdVHI4GUcpZVFAUZAEExEibs4P5osMeROiadHoUiIEeCgFREAoRBOMB2weNrkmbNz+9UiBCTs1yrVdHqhgIkRL0EOj7QGG5jrZ2D+XUbADEy9dunOpSun7xuXMe7xUPNrOd/WyeyKUIoRgOGS8xWWZ7b6FLaROgzim9iXd+vXvf7mHtoCnaXDRtkLpel3t9KdamUx+8fcbj7YWc0hZAndv25XffeGH8yfuvAoBcaHOROhS+vLlhecD+wUJu222AOrft/cdPZr65ddfqsbHVyZLVlZHpysjx5aHRMBrV0XuX141qtnb25bb9F6Duu+7b23funb195955nMRJnMAJTJeGg8HS0sBkZWx1suz3Px79iZ8A/gd7ijssEaZF9QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK7SURBVDjLbZFNaJxlEICfeb+vu5tYCApd3CgsdLdpu9pWEKEUEaEUb4o5iBQpePCkHqwQqlKLB6sUDyLoQbBC0IoI4g8iKv5SSlpj2qYmWtgapCaSiGY3m9399nt33vGwydaoAwNzmOcZZkbMjENPn8rsGhm+EseSOz87Xx4/frDO/8Q9Dzw7tOPWrdVGo5XMTk+WJj47mYqZAWyQfD/9a/nUiUMbJPtHjwyN3FKqNlutZPbCudLkl2+nAH0BwENPvZWpbN1yBbPc2bOz5Q/fOFwHuPu+J4bKO7dVW8128tOlc6Xz37ybrjMbBAD3P/JKZvtIoaqhO/DDxFQ5TVuMVLZXm6vt9s8zk+WL372X/rNfzIyxsbHngGfWZWZGPp+PAFSVEAKLi4tqZpgZqkqz2Xx+fHz8WLwGHC0/+IL8+2hmoAYhGKGt0fyKp61gwPLJg0eBYw5gcHBQ8tcJTv4Ld9VYqHuu1j3dIEQCDvDeC/RqzIxcDDduFmJ3DU5S5WotpZEGIhEi1wOcCKpKX+C9x2sPvD4niPTgP1a7WGANFhyCE8EZfUEMkKYpaQDWJmfEqCcKCCKGA6z2CdHKpyTJMu0kxRWa1wSqilcIBhoCDR8YzDi8Gs5BZ+l9tgx8xe133cHNN2zj65kPmBj4jb2PDb/kALrdLh010q6xmhoaentuisBMWFl4h9t27EGdsqdwABXP3l37AB516ys0O0a9Y9QTY7UDLW+oCSbwV+N3Nslm7t35OABP7n+dUn43QC4GyGaz1L44wdzcHMcvX+ZwsYj3nkqlwo9TUywX/2Rm4QwXF05z5MCbvPj5w+SiLEAS97/gPYVCgZfzeW5SRVWp1WoUi0VcWGFi+gz7dt/Jx5deIyMxpy98C/CqmBmjo6O2tLRECKGfZrahjooN4uEEiQxTwc9nmfroF/kb8GeNaWNAJ70AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIfSURBVDjLjZNNSJRRFIafcRJSnGEszTQddQZUJCGTCiGjXLkaiIKgTUhECK6K1oGroE20adEmQnfVIqEYhKRgyiwlFBkcqVzYHzNiVo7f982957QQpxk08cDhcA+c57735R5Uld3kt+5u3a5fwi5jtL9/275PVfOHZDKp1lqMMWxWYwzpdJpEIkFdXR3RaJRYLObbnNlTSMvlckQiEQAKwapKb28vqko8Hi9SUAQwxgAwPr/xMqtgBUQFa6Gv3eC67v8Bnuehqhw9uLKtkRDaHWBiqRJRwciGgko7Tb0dI9hxBcdxdgYAHKvN/LvZOujSY0LhHrJf4jsrcF0XVeXl4j6sKkagMTdKZ/g4wdpO0uM3KfOFiwBF/2DV/kRVOdmQ5lRDmjM1szS4zwhUhbC/nnKg/SLR4Cdmh/tKtwBuTAw0zYXeo6qICCPDwyy8uU9161lwppl8OEJFaJ0afwbjeLEtABFpLin1k1ydRVWpDfymrfkQgcos4n4GFeyfdzSfvs6a692ZvNsdyAOuJa4Gsb4X+0urGFt6jtgcLRUfCYWPINkZVNbpOteKeF/ZuzdFuONC/XfP3MoDrLEDrufpQnqeteUsM2/v0dTWQ3kgg5pl8PmZepICBHFSVLc0UuZ4l18NHW73qSqDg4NaaOb5yAwnLj3AX7KImhVAi3z3l7XyY+4DqdGhR0XLtBmvb3dl1Eq5iqIiBan5igiqOvUX9fhxNiezxvQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpVNLaBNRFD2TjIq/TdGM0OJGXPhBFENq0aUrtQYJCJaC4GdZxI1IF1XBdiEuXSooBNKKisXfTkGtFqsIdmOxdaEUaSIlTtp05v2u902aTgIuKr3wuOfdee/c88685xARVhJu/k25jznOazJtxhhoAyibtcUExTkeGloR181Yf/f2TERgiHpymY2b/qfr1aHJPUsKmC3aPPz9HndW3EVBcpZaxplr9W+XO/ohpV7TQFDzoGvn2WV1nw+YVOnYA3tWG4W3xWURHE+3QDQSqEUCG6cOpXB/ZAYnD3pLtYejM8gdiOe//aBZgWQCNhJukhe/LyKZTODRaBFOAkgsLhr+wOp4zSoX2NG6DkLGBAl7BOuCm3SQ60jB5V13P3fjRCaFLA8bNmfbPRzZ79V+rTLNCojnduPTTyXc/tgFJVSEH09fgBQSD/ISYRAiXBAIqiECxulLgmzNlcxmb2NnejOO3TqMLS0eS5S48bwTSipcPzPAXTWqsoo5OYdK6KMifMbzGMwPwekbnKKLR9swNuXDYUkDL7LcVeFK9hnujJ9r7lytYVsTgYzUoTc/QbOVkF5+KZGNV+Mlau/dR/VgY6kxvv4o0+mb7yyMlNc8YLB76wb8ml3ANm8tCj2vMTntR4btal2NiZ9/mu6CMWQaLhKNXCt82yu0WW//rx2afZHR41H/vEzlSvCkjp2VPue/lFt5YsuGFGsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVBgZBcHLi1VlAADw3/edc+fRmOP4YEzERxQYZGaQaQ8qRDCK+gPcGC1rYbjRWtqiTaAULWrRItwVVAaFBUIvhqjAyixIE41JB8fxzsy9c+855ztfv1/IOYPDH1/bg5N3rxnb169b/bpVt62Vpu1iCTeRsIB5fIizJUDbNI/s2rhq39EnNwCAXtVO9qt2cmGQNlc1S8Pkys1lX1zqHcCREqBtmunVIwFcu510QlAGipLRTrRlNCpi1CnYvXncpsmJte//OPtWBEh1vXqipGlZqoJuze0h3QHdAfMrzC0ncPz0Vfu2T7h/fWdDCZDqeu2dI1FvSG+QxBiUKApiQSEoAi1CWjRzecEvV7uzJUCqqunJ8UJ3pdEfZjFmRSSmoIgUsqJALtxYHDr11d+LOFwCNFW1dXp1R3eQNZApUhAzEoWszFGbSZ2kqZrtn7762K0IkKrh1o2To3pVFiJFCCIiAiBkcqYZDqVqmKCEgye+HC+LODLaiaqURBlZRhJAQIzUKVnu9RssQgnNsNowMTEmBlrIhEAU5EwIXLx0xl+XP7fUXzAV+0V3+cbrHHyjhFQN7ygnRpSRIgapDeSsRQj8+udH5vtfe/rxh21ee69zFz4JM79fP7H3lU1r4hNHTq9vqurEnh1bXF/MrtxIbi0lvYqUsxCyny6c9uCOXVJMdt11QAq1vTsfhZfLVFX78ezPF/+xsFJaHmZ1yoZ1UDWtJrWWuv/phFWeue8lcHT/e8789i4+GytTXT/0wlMPjL92aC8ASJk6ZVXD88e7Lsz+4Pzsd44d+MCbZ180VozCoNi48+A9U5MTz80v1a7O9cwtDiz2a3WTFTEa6QQpDX3zxxnbpre52f9Xtzfn+/PfWrw9PBV2Hzq5HkewFeuwDlOYwuTYSKczNtYRRs5ZSTPaPEDok9+eeWf22P/PLlOL9Py8xgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpZB/SFNRFMftj5IiW9saIQjGQrBiUagEFWLDydrUhAWzNNuWTZ1oKIUzf4RlzZY6sWyrLZXhfFszQ1eac2SQkYWW0yH0l1AWITSw1IXK+/beK0RBptCFD+fcyz2fc+4NARDyP6x5qInbVVEn5sw2SHdCL2ahQsiey4jhVW9IkBPDKbmfyibN6Rw8oLgrY0MnYaEofgcpPcitWldglLLQQhXqqSKdlIaNm8k8XDnBQWYMa2ZdgS5+O14YyzHVq8eQpQiFCTwUJ4YjX8SH+hh7wapNCQ0qMGdF/gh8/4SZN0Z87a+H13ENk89vwz85AiJ378xYq2ZLUEFjxv5B//t2TA87MT9KUNiZ3D9C4KFKMBz0Cbults1RxzVWoiAWv4ctCPieMsx/tKHzciwE8blPeCLz1jUFPAkRyhW35UWIPfB9noWjLBX2shQGOn898QsRSS/BET66xBWatq0ScE86NoUlORSRyYOYmJpH2xRQ7APy3gEXXgHnewCtsxPFRgXU9acgvyEMiEsOVS4LDsia0xJP6+EcWoLJCxS8JZE7QCK7j0RWFwmlmUCVU4lnviaMfnPD0K+B3CDAkfzwWkbwoTx6adqlxb1mFxS9VFeqo7KbxLkOEmdsVKyRoGu8AV0TjaBXreciDJ4cWhBgBN6KfaTffR3p6hZU988howM4aycht5KQWUgklx1Gj8+Clat7rIkW/P2IcWtB6Uhp1KJSeWsxTjEAJTW6agVHC/m441ZB51Ywxbo+xeoJaCbteWGVV6u5e9JcpsiE1i980eM5flLHAj/RuSCQZy7KaqNR585mOtOR3i//wUagLtdQ/KTH/hdr6PM/RhGjA91Gi1AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKNSURBVDjLpZLLa1NBFMa/m/uITfpIKzFJYxGaxkQDFnFRsrLgxm5i3dWl+Ae46Kr+DWbZTcBNhboQ1KW1uYhQhVKECFE0SEvSBrXR2Nyb+37EmYHG0hZceOEww5n5fvOdcw/X6/XwP59wWlKW5SABF0jc8X0/S9Y0CbL1q2T9StZHJOT5+XmPO+6AiC+T3JNoNHolHo8jHA4jFAqB3ut0OlBVFY1GA61Wa4PkFk4A1tfXX2cymdmJiQlwHHeqbdd1Ua1WUavVVgLHDwkwF4vF/ll7MpkEKWPuRA+cnhjY3NyEpmnI5/MIBoMQRZGVoOs62u02ms0mUqkUBfxt4upGe8B2vFXXGBnje/uQJAnlchm5XI6JqW1FUWBZFgRBYLk+YOXNL8FxnA9BkUsLkTg+7vzAZESB53msiVRAATQOe0bF9Jz1wDDtccNy0yEJ4Dkf/Fga7+pBJFJXsba2huXlZZAHGICuVHjogAG6up20bJuCsNvSIPI+pMg4Ss+3mOXp6WkUi0XY5M4hiAL6DlTDiOpErJHo6iZ2vik4IwKJCym8/aJje3sbiUSCCY4C6J4BOqpx0XYs6KYDRbegaiZqe20cqBYGzl/Dy/c+Crdu91+lAGqfOuJb5wqSqltyNCLxChFKPAeBJzMe4OD5Hho7Lczlp3BpMsJ+4+joKLLZLJvGer2uCweq0R0OBUSPUDXDwm6TjOtvDUbXhNm1MJUI497CDCSRZ2XQUaZTWKlUvhMnBeGgq8uBnnjz008Ve3ttx9HMB7EhvzOTQeHsMHd9ZNAeksuvmG06RKZpUuFjUsrDpaWlfW72/osB13CeuYZ1wzXswa2nd+2jk1kqlYaIYIqET5r2eXFx0Tp6/ge8rrdXLiWBdQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJBSURBVDjLhdKxa5NBGMfx713yvkmbJnaoFiSF4mJTh06Kg4OgiyCCRXCof4YIdXdxFhQVHPo3OFSoUx0FySQttaVKYq2NbdO8ed/L3fM4JG3tYPvAcfBw9+HHPWdUlf/V0tLSqKo+EpEHInJFRIohhDUR+RBCeDM7O7ua55QSkRfVanVufHyckZERrLV0Op2Zra2tmXq9fg+YsmcAdyYnJykUCke9OI6ZmJgghHAZ4KwE3ntPs9mkVCohIjQaDWq1GiEEAM5KoHEcY62lVCrRarUoFotUKpUjIL/y/uqXYmV62ph/LSVrr30P4bEFcM4B0Ov1jk547/uAUTs1ceNdZIwB7V/GGHz6+9LXxY96eDiEgHMOY8xJAK8p4grZz5cElwNbwZgyxYu3EFM01lriOCZJEqIoIooiALIsGwA9Y1UcwcWoKNLdpLu9zvbnBWqNBhuvn5EDUmB0EH/1E2TZw5U+YLQovkun+Ytsaw1xCbnCOap334LC7s4Oe/ttvA+ICLmhMXRxDufczUECS37oAuevPwUEVFFp4/eXkXSdYc2IopSepnjtUh5/wg9gfn6+OQBUNaRIUkfDHhraSLoBKqikIF3yHJDLHaAkFOLciVHnyVAVj/S2Ub/XRyQD9aAZKgkaOohvo6ENgykcA07VEFDfQv1uf4W9Y8y30bCPhg4qKZJtMnjTPqBO/vhkZ7h3EJeRslWNQMqgY2jIAIfa/m5sIKSpqpPsGEiz599e3b+GchtD+bSvjQJm2SG6cNj6C+QmaxAek5tyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKcSURBVDjLrZNLTBNRFIbHBQujG1mauDEuTIysNOpCiDZKZINRSYwoLIhGE18LYxHjgigRVCINRlEjYqZqKChP8dVObQMptAhtp522MPZBQR6lLdLACG3n984NmBgjLvQkf+7m/t/955w5DADmX8T8V4DP58siYr1eLysIAut2u1tdLlcrz/Osw+Fg7XY7OzAwkPUbYGhoKJsYQ36/H9PT04hGo1SxWIyekUiEanJyEgQKm80Wslqt2RRAzCpiluPxOCJjI+jv1MFYX4O2SjVelZ+naq8qhfGpBp+7msmdMKamptDb2ytbLBaVEntQMSeTSXrx7sHtf1TjhW3wPj+K4bYK2J/sh7XtRoghcWYNBgNkWUaKQD7UVUF7qRj3j6ugObST6kHRPujv5GGcU2PG2QkkxhB3NsOiOSwzWq12dGJiApIkIZVK0XNxcZFKSUY/TWxCTCjHQrgd459uY55/jVSwG3zDGZmpra3VYakSiQRI96EAfzZO7EDMdQ3p+W7MfzmLqPUcPGwJnA2nYH7z4hmTk5OTuwxQmkPGBlEUEQwG4Xc0IsZfQVqyYE4shjRSiFmhDIGGfHS/I802GtcymZmZu5ZfV8yBQADhcBi8uR7jNvWSuQhS6Bi+ua5CfJiHsMsMjuOidIwZGRk7yCgH0+k0jawAhB4WwvvLJLYZUqAE30dOYIYkGa47gK+iEx6PB6TxFymA1GoF0tLSIhAQPr68BXdXGRxvazDaV4C5QCGi9lIMP85HJCTQHhGz8Zc/kdQqojUmk6lZV6UCZoPwPjoCrmw9esirPdW58PVzSmyZmHUrLtP1k1uSC5Z7WOjToK9iD5pObwLXrlXMKb1ev+Gv21iwe510s3hz0lB5IKmv3mvqUG/duNI2/gDNuAiQNZy2IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLlZJZSJRRFMd/39JipZXZmCURrRBjKshkJW20CFGSQlAotENQr9FT1IP2HoFPFRFhCSMYGS1GEUUrkZHY2DItUs30kTnjrN9dehhzFAzqwuHcc+6f3z3ncIyL9/uPa80BqVWxUgqpQCiFlAqpNEKqESaRQiOVetZYv8gHYCutj9T5cgv4j3Piyrtlf+62VKoAoP3DBYQSCClwlcCVbtZLMfx2bEUjrisnjABoAHYt3fdPv8eSAldIsgCpAGh5EP4nwLaKfNIjAWIIALCzykPrwxA7VhUO5/yPQ9RVZmMnkhxdgSsVSmtsC/yPwliWSdvjMIYJ5pCo/WkYtKIodJ7C8V/wMh+oAMCUUqEB2zKoW+HBNqG20sN2n4canweAGp+H1RNusWBWiDlVu6ld8poXTYurAYxTbZ/0oU1F3O/5hWGM7tc2IZZS5DvX8ebdY3rpRmJ97xFRxcC7V/HAs679tisUWmvGWVBdPpPOLocNpdm1uP3yB4tzAkwt2YKMdzOxoJik7KNoTdkkEetvtoXKDNEyDTq7HIBhbxrgKuiLz2Ba/0dMy8EwY4zPcyAZZ/BbyrKFEJkZmLCupIB7rx3WejMVJMPdBB+dIX+6RokEpvoFZi7aTfPmciDZHYgctF2ZacE7dwrffiZYUJhD8Psg8vMNjM9Xmbe8Cp2+hSGj9NxMYSWTJFKSjx8i9Q0tQb8tpX54suVtWVqqya6QuEIiheLw7A7K128g7TRj21N5dSfNpU+bCedVMBiNd1y7UOMHQGs9pn1pq36SCjXpWGCrfn56ZfTsnoUNY+nsv63s16DTGRm4Oy/+M5bo7f1xdO+5t61j6X4DmUx477d3qncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI3SURBVDjLpZNNSJRxEMaf1XVVyA/8iH1fKdEKIzwpSIeCLmkRUaaXSsE6tB3qYLIQeTUMCwqEKNI6hJHRNamwEDSXCENKoaKNNjLCd9PDRuX7f2b+HUSzcLs4t2Hm+Q0zPBOw1mItkbEy6RiP9LSPnuhK19x6r6nn8MDBrlUBHc8iveFsN+rkOJ2nnhy78q+4ZbCp180ri7qFbmfjjb3L9UDH+MlMq9oXznHaNuVvgYjg3dwbJOYT/UKJkAIx0ucUlLVVOVWgJabiU4jPxPtpJBJU1bMqWpuFEFQVFhakgEbqhBKlkUyStUJCrEBVEQxmwfisEyPRgLUWp58e3xgKhBJ1znaoKh6/fYRbjYOBlSscuN5g62vrQSsYjg0j9T1VPnIu9ikDAISyOFUEtITS4sidxtCy+FpDSI2CSlAJYwj68ueIQoEYQixBEYTzwqBh9xLA+Ox2SlwYXazTX4QAQBAASJlZMP6cl/KK8nMLUF5agR+/fp7Zf3V3tVDgFLv1lRsqQCVmkx5SqdQcKTMAEFgyUsvdQ82kDFSUVIbcYhcKC2/egwhRWFAEqkH84wdMTU/7Qjk6cfHV/b8AANB8c99mGukk2bq1fFvm+uJSqAo+f/2CickJEcptGjn/8tLr98s+WM3Key7v2rEuN2+0proGYhWx5zF4yeTOFxcmx/5r5aV42D4y5n1LLvhi4NNg1vMWVhOnBQAAfWarVSgUNJKdri+YFmCIB0NDECMQStpvDKz1nX8D4+Fd1+gIFK0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLfZJNaFxlGIWf7853597JTJzQzDi9U6chPxCaOmi78idIlglEsEJJqFmIaDddlEK7EF3pKmJcdiUU3bmwXQiiGxsQQdBaF9HYUFucZP6SNHWS3uncO9+PiyDNGPDs3s3DOec94rOvflkyRrzRjo0fKQ7L9p6uBN/l2tuvnb4EII0VC7Mvl/K+7wshEvyfOga06nL9u7tvAvuAdmQ8z/PF58sP6fCAPXGH4cImKbeFsoad3RS/3c3SZ08gGeTy2WG0EeJfqIwVOE4CR0DsNBjObeIl/6IV7aG0QnoeI6WA+/fSDCRzGNPrSgIYwHEEkd0i6T7k78ctIt0hVgplQzzPI4xSDKYcLLanmCcAIbDKEOkuHRXxuBsRG4U2gOhijUY6Amt7W3UArN0H+OTZC9NYXCKjiZRGiCThXoZMskgi4YAVhyNYux8hkzhGtdEk69fpSzt4QvFop49mIyDIjiAdcegz0h4EuE9TTJ1i4/ZNBjI1hNa4nTzHRxfI+AHamP/O4omDOw/Oo42hG2uOtCTSfYVc4Rk27q9S2/wAIyMGt07xze5JdpvbT1248OmVlZWVq9JaiwCmT19CK833X/9A//EB5ubmCMOQjdFRfvw5R8JxmD33Kq50qdfr4tYt76NKpZKX4sBeV3/9g/ZWm9lzr/PJ1SV+v71KcDSgXC5Tr9dZ+niJRqPBsZGTauHsrKxUKucd3xUtTJfnCi/waD2ivz8LwOWL79GNFfPz80xOTjIzM8P09DRxHPPsS2dCgGw268mkFF98efPei7G25T83VTLRrvuAePf9D5VSSi4uLpJOpwEIwxCtDT99e631/FsL2Wq12hEHhzExMXFibGzs+tTU1NFSqWSklEeazSZra2t4nsfQ0BCFQgGl1M76+rqzvLzc6AGMj48ngiAop9PpG8ViMe95XgJwtre33wGquVzuBuBGUaRrtdpWGIZn/gGotkJJF2DBHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF/SURBVDjLpZN/S8JgEMd9i1JURPSDIoIkS1FQI4iQgihStExrhGmydGObyZyyYRaybBRFQb/8vxcgBIF92275ApoHx7jjns/37p49LgCuQdzlXmEXd8RON1L4QPjM9NwbQtkXBE+eEWCe4D9+hC99j+XDO3j3b+FJ3CCcvu5a5wgQLXV6ceUT/3Xv3mWPAJayE5/fboAA4dw7nNjspmoDQqevlDAMA+12G61WC1/fP1BVFfV6HbIsUyyKIgRBAMdxVD8drf0BzIU5scl12QZY27ZM13VSbzQapFir1VCtViFJEsUsy6JQKCCfz1P9xFrFBlhX5cTGVyUb4D96oESz2SR1RVFIsVKpoFwuo1gsUpzNZsEwDDKZDNWPhQUb4D0wHHUwHCjZgKVEmxKaptHc/ZmtL8/zNLMVp1IpJJNJxGIxqh/yn9sAT1x31IHbx6L/FtiF3Sv6s+a2NMxE65jaUMwtX9CixiIiRkM8RoKc2XbRVGZhnrGcJcDAr3FQwC803UMOARws7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADHSURBVCjPhZFBDoIwEEV/peLWlW5ceAcTvY6ncW9i4pm8hgsT2QgGEFLKdygQkKD2Z9pJ5nUyv1XE7zX5U4euD6WGBTatFVZYwhu5GuDKsko2WWhswU9lPB2xxqRqszU24ZMRUyaiiA/eBbk1iAAV/xLlbo8ZMhAglewsiBLgYmUI4wwRJSxyzFsPO916ndazu/ARClhg0drsPKrGkA/bZHrorkKUE8cBuKI3fMkhAkH4/S+IbjI9Vux/jNof4lmBvowL43Lmb/8gdgK2+FpkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpdPbT9IBAMXx/qR6qNbWUy89WS5rmVtutbZalwcNgyRLLMyuoomaZpRQCt5yNRELL0TkBSXUTBT5hZSXQPwBAvor/fZGazlb6+G8nIfP0znbgG3/kz+Knsbb+xxNV63DLxVLHzqV0vCrfMluzFmw1OW8ePEwf8+WgM1UXDnapVgLePr5Nj9DJBJGFEN8+TzKqL2RzkenV4yl5ws2BXob1WVeZxXhoB+PP0xzt0Bly0fKTePozV5GphYQPA46as+gU5/K+w2w6Ev2Ol/KpNCigM01R2uPgDcQIRSJEYys4JmNoO/y0tbnY9JlxnA9M15bfHZHCnjzVN4x7TLz6fMSJqsPgLAoMvV1niSQBGIbUP3Ki93t57XhItVXjulTQHf9hfk5/xgGyzQTgQjx7xvE4nG0j3UsiiLR1VVaLN3YpkTuNLgZGzRSq8wQUoD16flkOPSF28/cLCYkwqvrrAGXC1UYWtuRX1PR5RhgTJTI1Q4wKwzwWHk4kQI6a04nQ99mUOlczMYkFhPrBMQoN+7eQ35Nhc01SvA7OEMSFzTv8c/0UXc54xfQcj/bNzNmRmNy0zctMpeEQFSio/cdvqUICz9AiEPb+DLK2gE+2MrR5qXPpoAn6mxdr1GBwz1FiclDcAPCEkTXIboByz8guA75eg8WxxDtFZloZIdNKaDu5rnt9UVHE5POep6Zh7llmsQlLBNLSMTiEm5hGXXDJ6qb3zJiLaIiJy1Zpjy587ch1ahOKJ6XHGGiv5KeQSfFun4ulb/josZOYY0di/0tw9YCquX7KZVnFW46Ze2V4wU1ivRYe1UWI1Y1vgkDvo9PGLIoabp7kIrctJXSS8eKtjyTtuDErrK8jIYHuQf8VbK0RJUsLfEg94BfIztkLMvP3v3XN/5rfgIYvAvmgKE6GAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNdaFJhGMcX9EExPVNn3Xcd3Ui3urnJbK4guiioiyjKPFm2QRSINZl2RDuprTZNaTLQ06ajizVhDILW+tpmYxXW6mKNXTSKGS2Xm+foP18vBjLRoosfLzzv//nxPC+8NQBq/oeyRfpAvYXVStMeXR2cWgoWtWT1hEJu+yuBXiG92nNYkg8cl8JfoPuoBEwrhXalOK/bL7NWFXRrqSSrEYNR1YJRi8DoJLC3yXGlUYqTCupnVQGjrIVLU4/RrmN4F7Ph85gfj90GXNDshaOByvdfO7SjqiCzMIVfk31YnuKwnBjE0qswUvMJuNQU3obo7RUFDpUol5qMIDUTQ3p2sEAU36ajSCU4uJrqhIor7NGFt9mVYv514CLWpoPIvH9U5PdMGM/vnoKjSb4m1wR2lhXIW7nibp2q3eCffMK4z1gCP/YB5uZ9IBmZ2rerRCA7OLCFnG/OMPCdbUAu/hHCracQrCMQLEMQbnDI9Y4g2HEEJEOyVGPv1pIJyEV2dBzpoQkIwWfgncPgLRyynWEIbBRZsw+CNwrhXmhDsiEgIxb3vd2HOdqNjDOGdWsY39vv4IvJidXrfqx3sJg7bUOmJ1LMkp5NghVXAMl2LxZNbnw1schc9mDF6MAizWBJb0fyEosfN/2bBS/uGxOkED9nz0/oHeDNkbKQ0eP6LoFkCz2zJW8w/9AgCrXQHq7NNEyC5ehvPv/yQQvtXRgwiCr+xn/hD7c3w4UciyonAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGgSURBVDjLY/j//z8DJZgsTV+9fAu+uHo8+GzvXECWAV+c3R//mTn9/ydLu4eka3ZyY/ts63T3k4Xt+4/GlqS74JONY+9Hc5tdH4wsmAmGgWv9xQKX2nMPnapOF4A1WzsEfjSzefLB0FwUHoi/szPX/05P/f0rOWk9ugHONWefzNl44X/B/L3/o7LXnn1h4fitN6i22Tx7W5tpxqYHxmnrChh+p6X+/rd10/+fsbF/f0REmiE0n7F3rDz5wb7s6Bu3gt3Vz80db69zTd1mlr11tUnGxt89Cw/8N0ha9YDhZ2LC+p8xMb9/hEdc+h4Ucu+br//JFXFNi5zKjz20KztiDzIMGFgzP+iZboQZbpSypsAgaeUjvfilqIEI9C9bf8rk3Wd8kz59sHV+BQysa8DA+vNe1+Trew0DfrwJCehfCceqU8fsy48ttS05xAkMLANgYP39N23K/3fq+n9wpkTXugsFQP8+B/r3DdC/pciS77WN1r9T0/v9Vkl7PU4DnKrPPJi85uJ/oH9fkpUXHCqOF9iVHn5gU7S/gG6ZiaoGAADG9LhB7Kzu8AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLfZO9a5RBEIefvfcuucRUanGiJkYjiNoEET9II0gUsRC0sbASO1G0MVhIiCL+BdoJYmOnjYWJQsA0QRBRYkBUJESJ+dJLzvfe3Z3dsXiTS6LowDKzC7+H3ww7RlUBCJcuKrv3IkNDqAgaAtF74lIuHT+OPh9m3YtnhlVRXC5Wi3SVMIrkdxHUef6MFYAXVIRoLVEkB4k06uI/AIUGwHnUWujoIFhLtJZgLSHLMF1dxLSOOvcfB84PmLnxG837a7QcaoJisvRukDTDvRojOD/wT0DTyYlJpFDze8612aZ2QiigkmEkpVSfoFx4VDOHw+SfAKOq6MODB8A8cd3XK9Y1E9OfSPYL9RkqDkxCc9nQ+uHeFF5PlS6Pja6dQZA+2XW+YqWFkFYJLheqd8QsRaqzpPNVsvbTlbgY+v4aokbp8eu2E+uLuVAciCd6i4oj+jqyMEddWsGGnr9nEHV91AT1GVEcGjxRcnFwea5+GqP6Ypxsempj6C1OAHd7B+XO0hA1/0TiG9YbJziqn8eJUmPfuSs0d+6h/nZw6/uXQ7eGjpZ+LbWg88bXIIa11sWi3jEzNsrOI2cofxrGPDhL6+fHbOvYkKjRK7mD4EeK1fFTrriZGNwa6yqOWKtRrnTCiasrvfdvIolmW+6gHu8UX9+fKpmUQqkMMaIh3wlUMW2tpG+eQv8m7DXDj2uGhe8zhES/meVtdDe7LiAMuO7TlaxpM0EialPwKdV3wyzMTrNlg1AsTLI4I3z5ngSf6Y0GACDr23Eg1qQPH3uimvUEUDXzURj5KHybm/16IgmmIyT6VeHesUG5/Rt5eNFI8xvNdAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKQSURBVDjLbZNNaJxVFIafe7/5KTPzpUloNK0tIsowCtbiQgRRQReudCMVqYrdiLgQ01UrWUgXXZQumoU2myyKii66dOFCEUo3IiL+VRMFHactYpsMmsy0mbnnx8X8tEn7wuHAudyH97zcG9wdgKWl9zNgl7vvrVar51T1PndHVQHDzBCRFGNhqd1ePXb06PF1gALAhbONF+7PanPtymtP9G2iVK3WmJjYibtjZuNupsWVlYtviaRTwABw4WzjEPDRVGMy/vt3QLpCu73G2toqZoKZE2Mkz3PyfBKxgKplDFUA3rz7wL5Y2lnigdrHiDhuRlaoYJslrv3cWb7cfehka/3BxUY93+EGqolbAU/tqz+K2V/MzFQAHZYQ4146v55v/NPd81UxL6uKQgyY2RgQB025fOUPCC9COAjhJVqt38BlcKpKb/M65kbq9YfB3nQAGOVSxqXWCXDBSZTLBWAAMDOKsYibYURE0naAMjOzC5gc2Pc0vDwApJTQGx3UDJHNLQ7GK1xq/Q7hFQivQjzMn82LY4CqhiwWw8BBQNW2OxBK5Yxm812whNNnx5YVtBBkoxICkLqYbcugt9Fh9+xj4/RHtblxA7EMVZsOYZC+qqMqWwBHfvr829OjgRNIWkIsIhb54cr+r7Ms+3Bqanr0GjHzm4AnDy8vAAujwfz83NTs7O7z3W7nYTOjH3uPp7RuWZYNHdhtDrZIVda/8+fPWa06nfWvfjJxdfFTEd2zvPzLZyn1CCHSrx954/UPWi8DC2H0G2/VM8ebzeceqd375fer/9WvnTgDVET0oLsWzJDmPe/lzx64K//ix43WHQH1t1fmgLkC/TNPy8lFM4vuWhGx6G72TXX+UAqVd4DT/wMfm3vSJoP5ygAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG5SURBVDjLpdHNa9MAGMfx/BtBvO/i26XBw0DEocLUSift2Lp2LupYFh2CVLA6rIMVmqaiqxDZxaJQNehSspCksdYXRNGJzOKmNz0IDpRSvH+9SBVEaNgDD8/hgQ8Pv0cAhM30fxfl5k8KfpvZ2gYz1S+EBgpem1etNk9XfpBeXA8PXFz6RvP1d9xnGxwtvg0PqLc/kzLWiGor7L30PDyw6RABwXEcLMuiJ6DRaBAEAZ7nYds2pmlSqVQwDANd18nlcmQyGVRVRZZl/gFc16XXs5PJJKEzOLMwnD29kOic1I8wPLenc/D89iwgCDNPJlAfp5l6NMZkfaQrp5aHSFiHiN7bT8I4wOX749itMu+++pTqU8RL29hxbivCdCOF9cnk4ce7TLjxLhBfGuTGGx3t5RVG8/uw3l/F+nANAC04QSk4RWRaRJisj/JgvYq5dofU8lAXOFwdIP9ilmzzLIMXduG0Fvm7aqtlJEVEkN0E484xxuwYI7VoFxi41U//zQiR6zvZrW6h4B9n3k8DMO+l/1zQS4CSIs7FtD6KvkxttUzRl4lpfUiKqPX8BUkR85IidiRF5PfMA8IvzWTWMhb2/CMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJzSURBVDjLpZNLbxJRFMf7AfwEfA5YunTDTnwk3RlfMWFj4qKpKyfV2EVjhMwAUUyb1gYqCdWgQmqkRToFaRoLBcoUEGiB8hoQpgzPcpxzgREfO2/y39yc/++87p0CgKlJXTKCQpJKklrS9Ejq0Z3iz/hJ4wVJyofrda1954Tx78fZg8ghHwpH+e29GPvGk2JmbFUtxmDsb4CR+aLVm6dCh0muUKmDIHahdz4gajQ7kCtWwbcX5hY3khTGjiFjgBLN4dh3odXuAR6x04eq0AVe0lm7T+4EsQPbgaBgdh4hREkA2BeWjZnHZsduCYo/OlCoDZWvtSFXbcuQjU0fd3+1gO0oEKCys8cMlo2nXO/A1SdeeBcoymbNnAfuGiOkGjyx1CnQNj+DXgSofd+OWOwZS0XTlcdeSR5Y9xchy7ckwBYBVBpdqDd7UKqJsLT2nkUvAqaDBxEeh4UBCMCMqOvzfmCcGdBQW3DHECbVnVRa0Omdw6pljUcvAeyHwgSAAdgrmq893SGZDa5juPzIDbeZISBTbklVdGFp+bUMUH/ZjbI1oQ0NsUcyELOUFStKFUUJ8JkAcLC4mXi2BrTZIregsrgTTCZXgcEASAYN5SbmZEEkQvNNOkza6/YHsPk1CpTpozxExQNrWev2Bji+3pI3gcbEaRPi+aa8TjQnpOz6FyvcLVN8uMbxQ6LfhijHJ69QqJ6RSmpnPVJNuiSS9aE5nq2CzmwVZmnnr4c0+ZQXLAFqxebg/MEEZAp1MhPsOZrmweUNwQK9yM3oP/z9lCc/071Xae3cSxfzzLjM0gYT/1zP8PM6MzurszM3mNi/P9P/fOefb4UIeuRftTUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVBgZpcE/SJRxHMfx9+/uuT8qlgR6mvTHqyGwKMWpbmhvskFa2spFRJxaGlprKBQcKmhqcWloaQ2ixcFaDhUKLDDJSFHvT+fzfD/ffJC2Go5er+Du/I8wPrs4Vbk+9nC74V3ugIRLmAyXIxduhtxxM0ziWD6ur6xs3Hv1eGIhGrs2Np8rdmVKRdrRVW/YPLAQNWLPNLZrtKsZe4ZDkZtz/+Yg7Zqe+0IqchfujpNycCAEPiwv8y+jIyOYjFSEO2bG5Nw6fzyfOUuqUqnwN7VaDSVGKjIZcufp9BkIDh6QO0ecd9UNtvaa1FoFCrmI4x3i6lABmUhFLkcmQgAXhxyCMzw8zNuP69TVxeWhE0S5LFu7B+zst1j6XEMyUhnJkIzEDJMhGUpEtVrlR7NIudTJTiuwuWckIctgXzfbzYAkUlESx5gZM8++88fcZIlUrXlAPp8jaSXIoZU4xShL4hFJnJCK3IQkntzpA5yUJFKdhRwHsREbJHJSHqBRr+MSqUgSkgMiAM6RcvkcvzZj9ptGd0eeljlRJrC5HeM/1zifXSMVxmcXF0unTk7IDJkwMyRhcUwuH9Hf18PoxdPIYbfWwrZWqPR+Y/fT++Tr6tLt4O604/WDG3f7B/of9Q5d6VldetMI7k67Xk5duDVQvvRCSjp+A5XMMGcdZp9aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK7SURBVDjLbZFNaJxlEICfeb+vu5tYCApd3CgsdLdpu9pWEKEUEaEUb4o5iBQpePCkHqwQqlKLB6sUDyLoQbBC0IoI4g8iKv5SSlpj2qYmWtgapCaSiGY3m9399nt33vGwydaoAwNzmOcZZkbMjENPn8rsGhm+EseSOz87Xx4/frDO/8Q9Dzw7tOPWrdVGo5XMTk+WJj47mYqZAWyQfD/9a/nUiUMbJPtHjwyN3FKqNlutZPbCudLkl2+nAH0BwENPvZWpbN1yBbPc2bOz5Q/fOFwHuPu+J4bKO7dVW8128tOlc6Xz37ybrjMbBAD3P/JKZvtIoaqhO/DDxFQ5TVuMVLZXm6vt9s8zk+WL372X/rNfzIyxsbHngGfWZWZGPp+PAFSVEAKLi4tqZpgZqkqz2Xx+fHz8WLwGHC0/+IL8+2hmoAYhGKGt0fyKp61gwPLJg0eBYw5gcHBQ8tcJTv4Ld9VYqHuu1j3dIEQCDvDeC/RqzIxcDDduFmJ3DU5S5WotpZEGIhEi1wOcCKpKX+C9x2sPvD4niPTgP1a7WGANFhyCE8EZfUEMkKYpaQDWJmfEqCcKCCKGA6z2CdHKpyTJMu0kxRWa1wSqilcIBhoCDR8YzDi8Gs5BZ+l9tgx8xe133cHNN2zj65kPmBj4jb2PDb/kALrdLh010q6xmhoaentuisBMWFl4h9t27EGdsqdwABXP3l37AB516ys0O0a9Y9QTY7UDLW+oCSbwV+N3Nslm7t35OABP7n+dUn43QC4GyGaz1L44wdzcHMcvX+ZwsYj3nkqlwo9TUywX/2Rm4QwXF05z5MCbvPj5w+SiLEAS97/gPYVCgZfzeW5SRVWp1WoUi0VcWGFi+gz7dt/Jx5deIyMxpy98C/CqmBmjo6O2tLRECKGfZrahjooN4uEEiQxTwc9nmfroF/kb8GeNaWNAJ70AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIiSURBVBgZpcE7SJZhFMDx/3neV/u8ZlhoVxAkESoyJYoa3BojDCFc25psaS8CWxoEhxAagiCpHCpqaa3AyiIISwjTtHIou3wX/b73nFOPIEG0SL+fuDv/Q04Mjp052ttz6WvR69wBM9wMNcXNMTdcFXPHVVEzGqsrhamphXPjl/tH0p4jPcNVubrQkmM96gpFHQZG0mLFQ/FrnvUqVTzwW+rqXBxoZ71OD80Spe5GVM4UB9wcNTAcM0fN0MzRzFE3yuq0tTagpkQBdyIJQhAIQQgJJCKkIZAmKf7zBeV3Q1RJidqqlMgyJQpqShQAEUGCkAQhJIIECF5ieW6c+uZ9VD7dJ60ORKZGFNycVSJEAQgihCAkiVD88IDa5i4at3ZRmHsI+RkiMyUKZsoaEQERogBofoFv7+7RsLkJ/XGHLZ2n+P72Bm4ZZkYUskqFVSKICJGIEH15c5Pm9uOwPMnEtevUN5X4MfOI77OPySoZUXA1ogQQQEQQoPB5Ei0s0bCpiK3MgBuaf0pb71nmn1yhimWiYGasESAA4sris6s07dqPFV/hVqK7rwMrfySXm6ZxxyG6aiaI5MTg2FjLzm39poqpoars2fCUkwdztO6uQfMTuJd5fnuK7r5OJNkINcd4NHphpdpLB8Td+dvE8OH5vQPXtyfhPZ4tAc4fgaSmg8XXL5m+e/5Wyj9kK+Xc5Ghfyc1xM9wMN8PNcTPcHMxw99ZfSC4lgw+6sSMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIuSURBVDjLpVNNaBNBFP62u8nGhpCU5GAQk67ipaEgFQS9KKipsQcRcmjBmwfP1UtPpgXpyUNuPbRUvNWTJwlNKQihF4sh6x96qK3FtGqwamqTbHZnxplJNy01FcGFx2Nn3ve97703T2GM4X8+7eBBsVh86DjOTdu2Ne7BvbRmsyn8XDqdHulIYJpmkANmQqFQWte7YXEQKIXUx1X29IQwP58b5n9/EpRKpasCHIlEjvn9fqyulSGyU8pAGeVEDISTWZbVuQQenIvFYvKgXm/A5uBX5gtOQNt2JZmSZXQkEDV6vV5Uq9VWZkLQlzgts7Pd7KLZhyoQzISDRJAYipBulpa5JzK7uIsOXf+7glavmAwWBIn+AZndVcEO6UGXq8AlkCQiM2nVXgmsYvZHFnRfXEeCNpjsNU4Qzb6fxsfKJqylOZx/PYPFSx6aT2rr3MbaJQhp7osUkumuZMrPRsPj0Ddz0L8t4sKtu9CNhFJ/mT/+trBwf+GyZ6etQExBVdVW3ftUyLew/BinLt6Ab+UZlEcj6P7wBL3xsMoUNuoqeF4oFM4ahoFAIADfkZ+o1RpynKJ27ftX+I4awLU7e90fj0KlSq/iSs9ms0N8GhPRaPSMceIkgsGwnI6435ocxLlUCv71p7Dqn1Hj8dtVFe9WUFYObmMmk0ly4ANu/e4y9f16gwHPBuJhG1rXJ2xXHKx9UYndYPeUf13npeHY2M7Wxm2VKHGisjJHTQ3mncnfQiCLpXc8FWIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALpSURBVDjLdZNrSFNhGMf/Z9uZnjldy+lKKF2ThsqULgZdLAIrKTHKMLvYhS4fgiKLoi/Rx6LID0aIaRAUpQSFEcIMiS6mhoFmN0duVpo6azd1m+852+lZSeSlF36fHv7/532e//ty5eXl7yKRSCrhqqysNGOWU1xc/EEURbMkSY7GxsaMf2sqEqaHw+HbxOHS0lJ5NgMSR6kgCqbXVCSMIbaTu5h0qEKKVcSASTJYBDiSdB0LtEDZyVYVidcRmdMNFCR8S1QR9tf8DWFc8AkKjUGQBYPgRLagE4YExthn4hbRNeMGJEwg1hGSju/Ei/EOLFdehSJsgc29DV1eKxg7IFH3nYRuNgORcFLRaowBchO18LJjGAtkw+3bCPtoUnT+COFcnRU299zdJSu1Voz/eAYuNLA/OhubNMjaZDRDzWkgwYRx3QiQcgcRTsRNxrAnPxC3d/O2+YIhDzrTEnidFnxqqr0cNUggthqNxhzbmYFZMlBgZUYwY/++kmydfgXcvR+pCUN8wjxoExfqogZ+osHpdEqWCw3LBEpBDAOMAj1kqEaK3AellK7WmwswMVgHtYbDl85PEEPsZyg4tkpBm1UTJkLZNnER/rADkXA0e2BkxA1e4qBPL0Toew043gNeG4/YQO+w6B/Mzz3+wB414CcNuD8pnIBX7MG84UewxvqgSy9CaKAKCl4E86fB9bRtlI0GCpeeetL5e0C6vo+oJ/hoCkX0csxiGXbMeY7krC1gQ7VQqmVM+FPR39wakYKB7MWn2zv+xkidc0i8m0hbb0iVld3fkavawElcMga7r0GfrEbIvQBfm1tCJRVdsfZ+b9+UFZOBSNTwPK9pOjfMaT56uMw1RxHz7SXsDS3otLnx4p4NVx72nu1zBbwzMiKxg6j2eDxv6urquJ7PQxJ7/ximnDzExVkw0NE9dr7e+eV+u6uS/szP6QacLE/9gCVr5waXLjKqVmSYIPMTr4KukYOFl9468J/zC7f3tq13JhENAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLlZLrS1NxGMd90ZvovdEfEBEUEhZIb0xMjdyLIuyGkiHGUFKydFKKJiRegjIyFJRwojMxzfJSaVOYeTfxtpSNuZ1tXnY2z27nsss5334uWloG9uLD7/A7z/fzPPx4IgBE7ISl3qWyelUvu9JIueZqeOdUmcCMFDgcQ3fntjSK0j/rwx+csesIZ3jbL1j6EbCPIej5DpE3QRIoBJ3LEFb74BjIxkbXVYNdrTixS8Ca3h/y6pSTfloD0UcRjCS8BJGbRdA7QRgjd1pIfhruyeewKOMdm+rCw2GBV1tXKZh7SIEVoqAjpwVS0AlIvhBSkCGyeQRcPYDogO1DNixvrveFBa6ZCkuAmSe1OtJpFVLATkJboWCIAE3+GYngI6ENgnUK+hcxfFiw9fWRT+RWEWTHEeRmyPhaMvYCgu5ZEpgkbzCCgPszBNsr8NY8iF4Ky5WnpLDArs41+zYnSPdF8OYi0qEcTHc6mF45mJ4M2Ftl4C1lYPU34KerwFNTWKmO/j2BfbiwghmvJuPawZsUsNVHgTPlEx6ANcjJeR9r5QfhWUqEJOlhbc+FoV42FBY4R0sPbPbKlz2LLeQB9aCbYkJhzpIFlkoDZ8zDRk0kRHYYrm8d0JYeEyyduUd37QH9pTBqvSOV9iy0wtmZ+VNAOm+HOeM92JtlYDQN0JYcD1BtmTf/WqRtbJ/yTxtUt9fXGhPBq5MhriVBtMYhoLkMQ1Ek5sqi3eb2O4l7buIvhlRPkmsfZ/ibax+iruosnpacQUFOOq7Fn5TUypJz/1zlnRQr5JSypRVKZRvq6htR/ewlriTH03vV7ilQ5NwaHRgchM1GY3p6Bq+bmpEii9XtWzCgqkhLuXSBTUg4L8XFxUoXk2K57obirH0L/ocfNQ8V8wE+uE0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLpZNLSNRRFIe/O81o+WjISM0epuarEHuDqIFEDyoqEFtFD4gWQVDQoo0QhFARbowKNNpKi0DJRYVGqRmY5oPUBs3S1GnMcdR0/v8Z554WM44RGURne7nf+X6cc5SI8D9lBTh79/0VIBkoAHaCCIJCCxaLwqJAa40O4LFZpT9z/cpdaOFqcZZCRDhT0V4p/1i3HveIiAQNgEKAh83usNrfgp3Pj6NvyGOGI6AlceExPT4SAKX+/PnjNxMAr+GPCANEJGqhq8NlLtk53myk0FlN/0QO19a+Ul33Lp4OArRYF9SWqrmxWqb7WliRcwp7ynY8g5n0Pa+6vQBQACXX6zG0RgvU3djP4OhUMI7nBXZ6iEvPxz3QS4TyEbsykZjVG+0hgAbgu9fPvm1J1LWNhDtH+1qxSRf21IOYY9VERCm+dPQxPatQvolcS8gAgBkjgF+EOXM+OImpZmw/GrCnHcYYrUTZJrHFxBItbh4N5bH70hOHBUCFDEzTj9cfIGD4cfbWEjX7GvvmYxgj97HY/PimN+Fq7GTNgTKchh2AoMEvUxeBnKgOPF+bid96BJ+zimURgjmdzHhTO6qonOUJ2YjMLwL0vA4ThluqKT0UwBdIYqy7Ao3BrHsdrre9qKJyVHQCodgSBgS0/gzQ/eAExWntbCm4QORwE46aZjqeuXG87GTD8TukZmSRkmQPmcrk4iYGdE1JaUOGiOTlulyrfB+ekpJbyNT4BANtDupjLzNe9g6R1lBIPQOWXgD1+zmf3Bvn3ZGaYN2TnYLYzDde1/i5oze7Pi21YD8BVSdMJ0n4cQkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVDjLlZNNSwJRFIa1Tf8hElq1qCDJxk22CdsErVvbLotQbGFkZBYWRqCghqv2tXHRokACw4IICvoHbRS/8HPGGbXe7hkcGTU/uvAwA3Pf555zhqsBoGFrkmFgGIcwxRijjIKmJTCIolhsNBrfzWYTf8G+IxgMBrolisBI4Wq1Cp7n25RKJRQKBaTTaVmSSqUQCoU6JLS0JKANtVoNkiTJT6JSqaBYLCKTycgCQRBAh0QiEVnSI6CwAgkoUC6Xkc1me1pqzUTbIWBttDfQO/WttJLL5eRKkslkf0E3aglVQvPI5/OjC9QSaodmQqJ/CYh6vS7PhSTEvwVUBQm8iUOcxl2jCSikQBW44064Hh1wPuzCEd0ZXVATBThjNhzE7Lj+DCPyEcDWjQUr3qUvzj4/PvQv+BInsNxuwHFnxdW7H4E3H2xRK0xHnMTt6+/Vgp9Bc1gPr8L/eg7fiwdrl2bozBOb6ruwyIbEs419L5P5Yhlnz8fwPLmwsDdHIYNaoCPJoKtscnNgJUNvn8XM9jSFdJT9BVHxpMfQmzHDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFlSURBVBgZpcGxTpNhGIbh+20+DUkTRhkcNLBIOmG6+Q+egg4cgWExhDi5sDm5SErCoB4BDB4KjnVTBpooCTKUOvx9n4d+ISQOQNL0usI2i4hX7w7fNi/7H88n7tqAhCVSiWVk4Uxk40xSYvlhezkcnr7/9mnzoPRf9PcfLHU7K0vMo3s5yX3goExadybnY+b1r3WHmeI0u68fM6/twQlVsYVtTGUwEMH342Pu8nxjg1RSFWwyk63BL2583XlK1TQNtxmPx2iaVCWVyObz9hMIgwPZ3EcSSlEVyyhFBFjMGML0ej0uLv5i858ATABSUhUpkRJzLZgxDH8Mucuz9XUkUZVp25KZ7Hz5zY3B1gpV0zTc5uzsD9N2SlWcQhJ7bx4BppLEfTKFJaoiCcmACMBcW11dYzQaAQFhgsCGCIMD2VTl9OfJ0YfDdlOZKEVmIolsWyQhGytxGllYQqI6YiZss4gOC7oC3Q3wOtNMt7AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVBgZpcE/a1NhGMbh3/OeN56cKq2Dp6AoCOKmk4uCn8DNycEOIojilr2TaBfRzVnESQR3Bz+FFDoWA2IjtkRqmpyc97k9qYl/IQV7XSaJw4g0VlZfP0m13dwepPbuiH85fyhyWCx4/ubxjU6kkdxWHt69VC6XpZlFBAhwJgwJJHAmRKorbj94ewvoRBrbuykvT5R2/+lLTp05Tp45STmEJYJBMAjByILxYeM9jzr3GCczGpHGYAQhRM6fO8uFy1fJQoaUwCKYEcwwC4QQaGUBd36KTDmQ523axTGQmEcIEBORKQfG1ZDxcA/MkBxXwj1ggCQyS9TVAMmZiUxJ8Ln/kS+9PmOvcSW+jrao0mmMH5bzHfa+9UGBmciUBJ+2Fmh1h+yTQCXSkJkdCrpd8btIwwEJQnaEkOXMk7XaiF8CUxL/JdKQOwb0Ntc5SG9zHXQNd/ZFGsaEeLa2ChjzXQcqZiKNxSL0vR4unVwwMENMCATib0ZdV+QtE41I42geXt1Ze3dlMNZFdw6Ut6CIvKBhkjiM79Pyq1YUmtkKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLfZPta9V1GMY/39/vbGdnTubEhsOcFIPjDEdCvijEwletQWRRYFIoEkFEIv4Bw4EEYm96WYFQ+ACCixINxFKokWFmakvwzESX7fGnR7ezne/T1Yu2OqPWDRc33Pd9XdzcD0YS8/bu2Z16obObS9kAQZEQwxwiPno2rtjEoc8/5as958w8J0eNeeeJ+qs4xICPcc7/A2t9LYVkgYD1SOBCwAZPh/2Dl6cvYIPDh7lc1S0u4KwnTyP5pAEXPE9Xh+hKEx6ZnSCfFiioCWf/X6Bv8NavrM530CrR7iZIlm9h49QwjzUUufTzZZz1fYsKHHm9v/f84Dd9Y8MZm6mQa3uNZNkzdM3cYfTGOKcvnOr78cCV3lqOkYT7bk1BSouKSqPgwFDr2ztWV95aWdwNST329jGO/nT5y1fa6/ZJCTGK4Crjba+O3TaSsOfbhtXYuUoCSSiKpGUzNK5B7h5yZdzkFUJlDGGIzmEf3sJmE28aSVROmBej43C67p2m3KptyI4Q7T2iyyBUQB5MDpNbSvSO8sUjZBevfUGe7Wb+kMqfmY4YOFm/dmsxffQlZEeRn0axgsIMmBSf3WXk9PFgH9Lb9aH2Lxhi8xsqkeep2d/6++ODQZCQqihWQRZDyujXxzNXpXue/K8ttGzTlCksOePKJWQARQwGFFCMkDK1/qDOLLpGANHQU9fyJMbkkPfY7C6mbjlJfTP1rSvbr+4z62vrF/zCZP+KQhRb0mXrKP/wAZMDAyUM3y4pduxYuvY58m1PkA2N9ABX/7ODEPyzpunxwvjJvYyfG/jIOzZ0vq+d96+Xum+e+OR3O2OZnaZnYcvS3xj+mF2l/dy8tofna+OS+P49ms9u59CprfxSG/8TX76Rzx39RVIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIdSURBVDjLpdNfSFNxFAfwX+GbSGjhg+JDED2YBYVGSPiQJigYRRZGUBD0UuBDT2rkIjOV/LsH5/5oIlE9yHSbFsy5TV3zH3soZcQWtD+CmjPXcru62f127q9YM8gH93D4wf1xPuece89lAFgy8d+LrtOyLGO2WudOe+t1pQ55LJnq0ea7+b1NVTmgMFCU7wmEmE1EmRewh4E3G0DeZwQz5hETNjD29CxHOCDPlR2MsnHtFjNFBTYOgVkQYVag7SuwIAD+GDBL51QY1pF++EzP8PLBKQm4wwHlsYZUkb2fQs86oPkG9FCMhgAbVTbQ6RB+P5cHoKguwNJEBzpuH5WALA5os9uPI+XDRw5c8gEVFPWrlERtWwmZoFDR3a3l7cHaAriHqqVkxF/idJrmMtKdPqioyhU/ULkEyFaAgSC1HgFGqAvFOjxNzqC19QK+vHu0G/AzbSOer31HHVW9QcBNAp7Q/K8JcEcB4w9AH8Jwiw7OgeuYlpdKwGIcCLMxPVXY4a2X0luvJegVJZs2AWXgJ0q8EZR4YjPX9BwYri+UgIa/e3DANovOANBPM7+gMbTU8kkXfQm76M2fdKB5rWqrzNV3JicTi31Xobp3QgKK4oDliFK9ygzhTWYWQ8wkrjDjtvmwxp64E5RQrLmfxztInH/PRfoHaNE9Pp8U8GlOUZEUwJPNrRfjK7wvYPDhOQmo2Q/Q/ecvlM5DiXe/ADHD2LkNLqYxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJnSURBVDjLpZLvSxNxHMf9C3rqw6QHcVaIKHVEKQQuVtuaOrelbldTj5mrliQjYUtreqUrbYaObf6k9oOmTAIz8TbS6c7FdqPChBCLIq64hz0+Pn2/MaI6C6EHLziO7+f1eX8+328RABT9Dz8/+LCJ5CNUnI9YxHy0TeLDLVJ2xixujBvj6TEd+U8BHzHT+ahF4MMUn51pcmYmjMRG0EBsBPROLmDkOZ9RWPXW0rsKcGdcnHvczOQ/fitFNCDsiMsIDeJAylvLpLw6ITmgliUpyoWpeC5E8egggbiE6EY4EF2ITkQzomRlSMsnBtTxXRJcFLPTjU50qB5xo1B8vVCMU3QgahKMypkc0IgyQT7SImXGjbi77ZeuP0awPjOBZd4Ipmg9LN9SEslBrSQfIWSROL8eC6yFwqsFWfuFOQOENydAN6mC5zcVRIJRywWZqWaR8zXgEZSFwo7Wp41AxRrAsXgFJl+Ngm22FWo8VVDtxjv8Q5D2G9A96/ESSxAGBI0jT732QSA/Asy6Cx68vAuetBuOdpfLBamROnJtVC+sDGvxNe5HnMKRNWMKoCMUeLh+aArqoNJRBmX2Upi3n2yUPaQX987Rq8O1QnJQw7N9Z5xLPaeJRZeCwJFvr7qgousIfMr6YWftPrBuLcy2Hy+WPWW2/yyJiLOMWsTLYvtUEo5c3nkYDtkOwpfNR/B1KwTvlnsh1lYlRVuOFf8m+Bvz16rNK0Pn4f36MAhvpuED9xAyQQvcURLbexJg5jpOmNm+OthacMHbhR5IeQ0Qs5I7exZgntBkU8hU+XmpV4lGILdDVMU+/P87L+2y1u3sopMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIbSURBVDjLjVPPaxNREJ79Qena1EO6u/GQ9CiFouCp5FQQET0KQvBQbA/tqf+BCEXoyauCl7KFHkoOvYimUpToRTyISVtsliImpCwkLUGqxvzY3bfOvO2+bOgljx32vdn5Zr4336wUBAGUy+V7f96/3PVaDnjNKty17DkYbZ1KpVLppu/7n5nbnVDAh7NXK3Bn4/tIaFVV59R8Pm9ns9nV8aOClZhCbwDguu5QIGMMiGn8rGlamCSXy80ggxfMXAAFPPj9qXipkizLHBQtSZJEQsFg7KBgTZroZGEArWc7TSAchXIA4w+sPdQH1xAMDGQgeXD+4aNIQODZjHaRILT9Wpt/Q8wwA3X/rXVVD3glkQD3h7V/vGrA8Bvz0Rf2AK/F7zRQoY8qIAPn+TLczx/xRPF709nzPOFHayeTyfkBg29vrEkj5BkFPdlu4NtHugH4wYUSqNBaziQGE5hXifXgMVfh115RdHr90TUOIkPNBZtutwvVahUURZFlYuA4zmqzsAl/v24BFhQSRXJFDYvAlUoFUqkU+VmMwSLIyKC1W4ypwISRr9PpgG3bkMlkQNf1YRXkL6+thIlN8y9PIDGgygROp9NgGMZgqOIqEIPa0yV4sPeDgwlIne/1etBoNHhV0zTjExn+Cxh041bl3c8rSY0PCzWIgGQRCxpnSlKv1/m+3++HSaKGLV2fmp9OjN122u7JxnHrYNTf+T+76nzVPsi2lQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLjZNdSFNhGMdPqJU3QXdCQXhT3XUdQqS0rNR2sRB3YWxMIyxEYtM22MJKY+kCo7ESgi5CK8MgWrimTN1xm24izuWGKUutOdP5se+zj/PvPackFxW98Ls45zz/3/s878uhAFA7nFGPSKo6HGZhp4MlQKhzJISd44lK7Rhb0kw/2l27Q87D+XY6tR5OYCOaRCjyg/VwEt5AGOq3S5B1zcVPXXu376+CSq0tvh1jMLmcIaTh+MxgdD6JZDqLyUAGd98voUxp6fmroEJrS3CCKSKY+pLBxGIK9AID/2oUXGermzEINKPpPwpaW1sLK7RjzFaUwQzZbWYl+7OLFMyzMRg9EWyR0c7etjISiaQwR0DCMkKEHBY2icC7wuIjEbiJyLWY5scYmouTbymcu0NDLBZHRCKRjBeQoKC7uxsulwsXO+wIEYEvyMJLmPmaxTQZxU66sJJRQkRwoc0Oq9UKuVyO8vJyASdwk4VgMAi1Wv1fcLU0TaO6unqeEzCZTAYcTqcT4XD4n9hsNuzUNzU1sZRGowHDMDx9fX3w+/286HccehXoy8cwWFaAYfERfHreBqlUCkqlUsHr9fIYDAb4fD5YLJYcRh7IMa0oQcKoAzs7gNiLG3BePwF56VFQCoUCZrOZR6fTwePxwGQy5XLpEOIkjIdVQMtBoL0Ya/dPo6d0PygyB4xGI49erwc5Ex6lUonGxka+zcGyfLCT/di9Nm8VwUzeUw0NDdne3l5ewAVfvX6DoeGxHEyiIkSfkmsnoWQzhQ3C4tU8vCzdC0omkz2pra1119TUQKq3I55gsL7NYI2wupVEIJSA+9k9jF85jkBLMb4pC7BQtweDVfls28kDH3L+Baneka1/PIF6wy/qeMbRpbyJfuFh/hZMgrzlAUGeist8B7UP+hUJif4NAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLjdJLSNRBHMDx78yqLZaKS75DPdgDDaFDbdJmde5QlhCJGxgpRJfqEEKnIsJLB7skQYQKZaSmdLaopPCgEvSCShCMzR5a7oq7/3l12RVtjfzBMA/4fWZ+MyOccwBM3g8HEbIdfCEhfAFnLVapOa28Uevpjrqz/WOsERJgsu9Uq5CZQzgqrJfo9BajNd5irEYn4p3OUiFExtCLmw2tawFi4l5zUMjMIau9u7K+qxeoAcoAA0wDb2OPwmfA16LiiaOHLj1edRLpkO3WmIis7+oBDgJbgQ2AH6gC6jY19N62RkcctKeVIJAhp9QgUA3kJXdONZVcq9JxPSgQoXRAyIDRth8oAXQyKdWnoCKrTD9CBv4GMqx1WGNZkeRWJKbG2hiD1Cb9FbTnzWFdY/LCdLKlgNQ84gyNKqHm0gDjqVHnxDHgA/B9RQkpaB6YklkZl62np9KBhOqwjpKFgeY2YAz4BESBWHI8Hhs6PVVSvc3v98ye4fP7T676B845nt040ip98qpWJmI9PWiU6bfWgXGN2YHcKwU7tsuc4kpUPMbU0+f8+vKt+Pitl7PLAMDI9cNBoB0hQwICzjqUp6MZvsy8yvp95BRuQUjJ75mPvH4wYo1NlJ64Mza7DPwrhi8cCOeXl/aUB4P4c/NJxKLMvpngycCrzxVFG2v/CwAMnguF80oLe8p27cQh+fnpPV/fTc95S6piXQDAw7a9YbWkezZXFbAwMx/xPFXb1D3+Y90AQF/L7kAsri9mZ4lrTd0TcYA/Kakr+x2JSPUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpVPLahNRGP5mcrWZhGgaLEwtJFJJqQEXgoKIkKBkKfoAeYKA4M7S4kLyDF34AF4eIIOQMC7sooqbECExImnSGgwqTTtmcubm+Y9MSAWh0AM//7l9l/9cJM/zcJYm44wt6Hfa7XbdcZwCD9i2DcuyZsEYm8V0OqXcKJfLRcJJVAIH3wmHw3o6nRab/m3zZYZCIei6jl6vV6xUKg3hgCtuJZNJDIdDRCKRGWgeSP3BYIBEIoFMJkOiG3y6ITWbTaGeSqUwHo9P2KVSCChJEgKBgFCPx+OIxWLQNA3dbrcYJHWyTrXSpmg0KsJXn3dC2XVdmKaJfD6PVqu1ESQlwzAwGo3EAfmb6DAp+2PtZxUTy0Ap+QSR0DkoiiJcEkGB2GlAIF6SsCzL8gkHE2WK5fQaXu1v4uHiU6iqSphCkFSpVgoioCCCL6nXXJlfoWuD8TX1/CrWlm7gyDTwvP8Im+pLUbYg8IFkNZfLidz9xXB3vQzH4+W4fA0eDg77yC/fwjGb4PHbEq449/8S0A0QgW+XwhwxAe79+AyLu7C5G8uxMJ4e4dql2zi2fmN38gJBfqJarVYrzb0ykc20CduxcTGxwsGOIPt2uIcLyhI+9t9ht/Meq8PijvS/z/RgO+ua9B5cBtNmuLy4Lt3M3sOHvR3UO2+GzEbxoOp9kk77G68+k43rK4UFvVPfZ64At2d/4TQtuyUZjhtYmLhO9nvV++rP/wHfnZcUJl+kcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLjZPbaxNBFMarf4cFwb9AIgXBR18Enyw+i1gs4g01kphSlPjQeAtNzNqGNLVpNCGhEvBS21Rr0ZIK6ovFiKbNbXNpdpNsstncUz9nNiauErEDHwMz8/1mzjlz+gD0UZGxh0hFNPAf7SXa3fUpAKparVZoNpvbrVYLvUT2YbFYTEqIEjBAzZIkoVwud1UsFiEIAjKZjAxJp9NgGKYL6Zh3UQA9UK1WUa/X5ZmqVCqhUCiA4zgZUKlUQC+xWq1tCAUM3v6+74hu2cH4eUz6OcwFcvgYEmUANYiiiFF3Aq5XHIJRCeqHLOJbFcg5OW6Mqm495fL2NznYl7OwveYxsZSF6QUHEpIc9+eQgOvuFL6EMjC6wrg4GZZfIwOGbazX8TaPY/qAr5Ms72oOBt8WknwVem8KWmcCY0/S0E1HcXYyhjNMBAYH2waYF8izl3I4eGLqmjLjz9by+PRNxCMS0k0C0c+yMDjj0MwmMOGJ4+Vqtg0Yn+dwf5HH/sG75/4uWzAiwbfCQ+dMYSGQxdhMHMPmMFY+8MgX623AiDu9+YAADg35LErzHU8SGkcSI4+T0DoSuGRnoZ5mcdIUwdC9zd85OHpjQzP+nMOVmZj4NSZBKNVh9LbN6xslnGai8CxmMP+Ol81criwntgugZTysDmovTEXEUVcKV8lt520s5kjJvP4MTpkjyApVXCZmvTWKRqMh6w9A5yO9Xy9ijUgZCi1lL/UEkMUf/+qDHtruAn5BDpAvXKYbOzGTsyW5exWAfgrZQTt3RFu//yfHVsX/fi5tjwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLpVNLTxNRGOUH+Av6O2Dp0oVdGEE37EzcmHShiRoCMWqDJiQSI6QjREtAHilQU0lQ3hawjEUM2pZSOn1QHi0M0GmdDp2+oMf5LnSsj503OZubc853vu9+twZATTUudcGgoU6DUUPjOYznd4Y/+dXCCxpqW97JJsfnXW7ZE+bX1jcknz8gLa0G+dHFGNdkT5mIQ9zfDM7FF4dde2bfRlQQkzIUtYjSaZkhky0gcZCCe9Uv9M5EzcStmFQMaknsD24quXwJdNTCCVJKEZKG4/wJu1PUApZWvIp1MkQmtcyA+qLYVLkiPpILOPhRgJg+w146j0Qqr5vMzLuFO0MitWMggzoHv8NRbDo9c3Fcf+rSce3JIkND6wJaBkOME4ztw2Jf5khLBkb39xBPPVNUEjnXJL1qXMphN5nDrCeJBrMTcraEw7SKvpH3PGnJoNG7ti7RsJKZIjOoFsYOVNzu2cD6roL6xx/ZXaF0iiHbiERaZuDx+ZkB9U5x57xJRozsZ5m4/tEs3rpFZrB9lNNSFNHXP6gbGD99DfBpJY+MWkLX9A4u3xtlxIGFBBNffTiNKw8mcP9NkL1MOJ6GxWrTW6izOSPcdiKJchlMuHWosuhRUcWzsRgz8MQyCCWyKJ6UMf8lAHP3hD5Ew93hI5PTtSJIco5NmYQEaiG8l0WbYxPfojIrENGqd74aEG52h8+esbJIljGfeXzWpYipY0ZMH5f0NLRMVDkcT6HDOqw0WyZ/LVL1KrfbVswD9nFh2RvBtiizmVDPgS0JUy4f2i29QlPnh79Xufoz3erZMrW+nuKed/Xzlpfd0otOTmrrsPLNHQ7uBhf892f6n+/8E/bIBuJgfmmXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLfZO9a5RBEIefvfcuucRUanGiJkYjiNoEET9II0gUsRC0sbASO1G0MVhIiCL+BdoJYmOnjYWJQsA0QRBRYkBUJESJ+dJLzvfe3Z3dsXiTS6LowDKzC7+H3ww7RlUBCJcuKrv3IkNDqAgaAtF74lIuHT+OPh9m3YtnhlVRXC5Wi3SVMIrkdxHUef6MFYAXVIRoLVEkB4k06uI/AIUGwHnUWujoIFhLtJZgLSHLMF1dxLSOOvcfB84PmLnxG837a7QcaoJisvRukDTDvRojOD/wT0DTyYlJpFDze8612aZ2QiigkmEkpVSfoFx4VDOHw+SfAKOq6MODB8A8cd3XK9Y1E9OfSPYL9RkqDkxCc9nQ+uHeFF5PlS6Pja6dQZA+2XW+YqWFkFYJLheqd8QsRaqzpPNVsvbTlbgY+v4aokbp8eu2E+uLuVAciCd6i4oj+jqyMEddWsGGnr9nEHV91AT1GVEcGjxRcnFwea5+GqP6Ypxsempj6C1OAHd7B+XO0hA1/0TiG9YbJziqn8eJUmPfuSs0d+6h/nZw6/uXQ7eGjpZ+LbWg88bXIIa11sWi3jEzNsrOI2cofxrGPDhL6+fHbOvYkKjRK7mD4EeK1fFTrriZGNwa6yqOWKtRrnTCiasrvfdvIolmW+6gHu8UX9+fKpmUQqkMMaIh3wlUMW2tpG+eQv8m7DXDj2uGhe8zhES/meVtdDe7LiAMuO7TlaxpM0EialPwKdV3wyzMTrNlg1AsTLI4I3z5ngSf6Y0GACDr23Eg1qQPH3uimvUEUDXzURj5KHybm/16IgmmIyT6VeHesUG5/Rt5eNFI8xvNdAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLdVNNTxphEH5YVhZFRCCNmB6UYmgIRSJJD6QcS0QTT7145NT/4KUXY4yJHjzzB/gDJl68NE0IJCbaA+GzJBQBQ1RU1ALLbmfeAqmJTjJ5331n5pl5Zmah6zpYSQw+n+/z4eFhxuv1xuhb5rehyqFQKJJIJFLsw2+jOHEpGwx6i72OjvB2ZQW/T0+hbWzgDf4J25TjY7iWl9E4O0NvfV3YPLpukAwk7GRRFFhsNgwGA0zb7Zg0GmGXJKFmcjFbrcI2OTMD8xCYY6XhHWZZRq5cFk75YhEagXRmZ9GZnsbAbEYunxe2XKEwBsCIYwnQbJT95/w8ip0Olii7m6hJFKD3++iqKn7RWSZ9p2kI0flI9iVAkv+v4IPTCb/FAr3Xg0pOGiuBmQjo/cQEvHQaSJX7ezwS6LiKdDqtq6r6qvb7ff3p6UkoC79xDMfKeEG63S6y2Sw8Hg9KpZLgfnt7i9XV1dHIxyK9BMDBtVoNVup8MBiE2+3G1NQUKPNYR0DPKuBHzn59fY08df3m5gZXV1dYXFwUQLRkcDgcwm6nKYXDYcszAOKKZDKJh4cHxONxcXIlqVQKzWYTG7RcMjW70WjglJbN6XR+ewbAjpVKBV82N7G3tyf4u1wuBAIB1Ot17O/vCyBaa0SjUVSr1a+SPiRDh3Z+fg4LjZFle3tbVLRJYJFIBGtra4jFYujRiLe2toQP7Y4iKrinuXZIKJs1k8mI1T44OBDd50pGoEyJ8+3u7ooKLi4u/ggAbpjRaJxhfu12G99PTuD3+0Xpl5eXKND6KvSvLCwsYG5uDhptIyViWk3xN+7s7PygkX3i+93dHZgKNQgmk0lknqV/gu+tVktUwDTortI0Pv4FgnWCE6f7EysAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLhZNfSN1lGMc/7+939ORU1C0iszwSG2duOFqNBQ2meJUoY4MixiiKiCCGMMauZYJ00252uYIuRlsgKJRsDLE/VBIhu3B/knVmInpy/jnrpB71fX+/99uFO3KkrAfei/fh+Xx4eJ/nNZIoRtx9Vq6xCTs0hCTwHnmPJOQ9ya4u+PYHKkdumSKToCQURVvFRXBLUhRZV4oQbBO4aBOIYxTHBOlVyt6Y3brL+/8RWIesJdi3D8UxiWN5glfrYM8yQToN6+vI2v8U9JrZLGFTE+HLKcwLqwS72wmOGRKpFP7X35B1vTsKktev9ZD9o5epacJX1gga3iKofQ2lsmjiAXow2Vt773ZPKWMk4X5KVUhhWl6hF/j+5z5U2+IHZUcvQFCOnf4SNzD+tVrDi1KA9yJ2hYX6N+enjSTs9/Uz2tXcIPFkCiKoOw67Usg9Ri6PWxonLswjDN457PIUNrf4jpFEYcCc8I4vwgMfVSUaTiM7h7eP8S4HcQEUgUlgEtX4yJEfu0Zu7O5XJDljiouUv2r2+pih8v2n0uHzJ5F9hKJV5AsoXgMTEuWyzN3sj+0yPYcuq2/bI9a8rQxJjqz/Pjjo/7oPEtIG8hsgiyHk0Tf9ObdBRxH+xxTqTmvFVFQOu3wGGUAegwFtLhEhKy2faHjHMQKIpzrL6l7CmASKImwuiynbTVBeQ/kzzzbeuWhaSuu3/YWlwacrvGgPaw+Q/+USS6OjGQw/Vqb3vlu9v41k/UFyD+c6gTv/2kEcR62m6sWKhaHzLHw3eiVyHG7+WO/9OZHpmBz4bNauWdZX6dzesrR1Zj7l/Uwfk3fP8XppXhI/d1MzcobPb5ziXmn+b0pcjPW7AMpFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpZLbT5JhHMdZ1/VP1Cqrtco21kU3zevWVa3NXOuuedVmoU2jUR6CoRwcw1SYHIzJQQxBUXgLXg6Ga+mIwkBBBp08pYGvEOa393nbWC5Xa1389mzPnu/v+/t+nh8PAO9/6p8FBoMBWq0Wvb29UKlU13ihUAikAoEAfD4fKIrC5OQkxsfHMTo6CrvdDovFApPJBL1ez70tl8vI5XKQy+UxXjAYxPb2Nkql0h8rn89Do9G839jYwNzcHGQyWVoikdTzaJrmLrLZLKamppDJZEDu0uk0PB4PkskknE4n98ZqtSIWi3ETicXimgoDr9eLcDgMl8vF9/v9sNlsfCI2Go18EqOvr49PxEqlkj84OMjlb21trao0cLvdiEajHINUKsUxIM5EHI/HQTmUmKcFGHqixezsLHGHUCjcv+sXRkZGUCgUMDExAZY03+FwECf+sNWEhLs2vZq0YMZeZ+zv7ydi/PaNbK6W6elpJBIJEDFxNpvNiIdUWI4bUS7M4/XwFbwKO9DU1LSz5x7odDpCGj09Peju7kafqg1R62UUl50ofujC2oILkaGbENxp2PnrIr21Xdr3xnzRsPLOimL2AehHZ/Ft1YoZbQ1kwutfdzUYGBg4ypJ+rFarCWl0dnZCIxcgTTWjtKQHM38DdMcZbGUasZ4ag6frwveI4tyBSgMWVgs5FQrFLalUuigVtzWwTi+/sOC2Fm9jM3H1ZyXr2ChyZPxKhCTVwkoDdqdb2LXkFiUSiWBM14wM3YXSJzXnvpmsZSNUcyeTqgfz8Snohyc/+0Unju/K3d7eDpFIhJD8/DqzsoDSGoXiEstgyfJL2VDOx5B7YcSz5iOWPQGy460EO04zgbZTDOvEsE6M7/4x5vm9KoYVMdTdwwzVeIjxCg4GfgDxYPxXmKLFvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLpZNrSJNRGMdlr7qat+zKaoYhjqYphRCWCtKFoCj60CeRpDB0djHUSMOZm0JhGEmlNhczXXunDgy7TNcVcsjGpk6dNsiJyyjWNg3ZnJfef69vMBBkFn34wXMu/995DocTBCDof1h1cvBJnM5RTsBVyYLzBgvfigjopbGDfyUwK+Nfu2RsTNcTDO5aAk4RC1/KQ2BqjetbU+AiOZip/xNyLndQSeCHmMBUIQFzTjDWFDiu0O0qzmJKU4OvPSmYuETAXhKM8WshsOYR0NZlRAUUtOXt+Dk99hYufSu+6x7D8fEAnLozmLEq0V3M8ww1F4QGFEhz+Aa3QQmHsQPeQZJGxdRuEwnp+SRjwCs0FpwIf3guwfayKBE+owxzI50M3oGn0JbuQW323vE7uac2rSpoFB6Pll/M0FjEofDZe2Go2ocu0VGG5dpjUWOEXpPlp72X5h/irhBIcrNYNunp5s+31gFTWmCsAfiQDWiOgXq2H1Q7H1TPSVCfmjBaHY4HFzJfNOQd5vgFZGHmo5n7bEBfQlPMBNGVCqgTQZGxWGjhwivbCKorHb/UybDf5UFekE76Bf3lu5ccz0uxpIgBOvgMlGoXPeZhvnkbHY7GbEMYnHVseKQb4OquQF+JYMEvMIsElFsroTfQL/TqCBYVOzHfsh0++RZ4mqIxJ98Kj2wzc7qtJhLTb6pguJ5A+QXDLZfLTGXxi45762G7TUs6BKtirWZjWByG/opkH52pWvEKEyphRK8oLan9aurkgCSGslRHYVTCwQjNkDgSpptcqrMwafZd2cGUyTZhRMDf+C/8Blefvm4GxFC9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpVNNaBNREP42Wck2MVUilJr+YJC2KG0kViGWHsTSS0HBg+DVq+hJkIJXD714E8FePHnKpdSDf4EebEJOBq1NSbUNiCYNRmPSmHSz+/Y587YpCB4KGfiYx5uZb76Z3adJKdGNedCldU2gp1KL/53BcWyChJTsBaEN2xYQwqaoRWcblmVB5+RweOKgkHcipbMPl4DPTNLxjsMxgY2NpEvAZpq7qsANuglukdgv6sBVZBhBUtByCVxmB37/cQwNnUezWUW5nMfw8EW6t7C2tozx8avwenVsbq6gWv2q7m3bhMe2rQNmLi4UMhTYo+IL2N5OodGoIBK5pJLz+SQ1CYFrhLBIARHwUnhOvmCr10vY2kqh1apibOwKAoEQSqUcgsE+jI7OoFb7rnK5KTfSHaelNusSQQWFEMjlXqmkWOwGBgaieJq4jy+/dlBv1rFn/sHZ/lPwCxM6y2D5QrTVUiYnbypp7XaD5J5QseX0c5S1Ci5PxzEYGsHK+hIyn97B+OlA59lcBW1ks4l/Nt3B6/dvcX1uDsIjcO7kLJK5BOITU0gsvYDHNE21UZ8voGAYAfWJGD09vaSiF5X6DxzRjuLambtqT/dmFnG6LwpBM5OCFs37Um2W/y4pTfJS/XncndX9JoL1YhofiquYn32GhTe3YHh98GoatMO8xvid8MPByLEHU9FpjPTH8Hkni/THVXwr1B5ph33ORLJA7jYhSNglPMk8Ls7/Be/8gsufCT5oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKMSURBVDjLjZNtSBNxAIcHQt+rL9GnlU2FIigo+lJRQTYGoaFRDd/Y1IL81JhzvVqaiEQZEmn2omtIZdr5Nh2lc04v3ZbOLRVS3NR8g9nci7ebk193Z16uQXjwfPw999z/7gQABIODg+eMZXJ0qsTQZyVAIBAc3SJCdnzQYrH4B0gTrGQ32jPiEQ6HtwQnUalU2wiCyOwoyUVvVS7a0+NBUVQEgUAAfr+fx+v1YnV1dV0QWWCAThoXJdiQbODz+RAKhSILdA9yYarMge5yHILBIIda64JK40I+g7LWCeUbJxQMbAUv4Av61gtaL8aBpmkOdqwxLKKWoaZrES0dDRjTXsIPohhDL8+iMk94jy9ovZ+DnmfZaEkVcXaWzXd9UVeNuc58eIZbAN9P/BquR09pojuqoOmCiDsgVrDxKMtTBJZGCkFPN2HOUIYVewPCThNsr7LpvwV3s2GskKMpeR8/vvHaifK37+B23MbaigkrE9fhHsjDqEYGR81VSE+LUiIL+gwgzsdyAvYMPNN6LNkLsEaRCIxngJqSwjuihqsmCUOmNsTExBzjC5pvydH9VIZGSSw3nh7+iDlz/p9xOijXFSw7bmKiSgLLlw+Yn5+PfgsWpqBBvBczdgKjeiWTbQQ1KUNwKg0epmT8uRgWYztmZ2ejv8TmAhm6HmehLkWI721q2HRPMNOfisCkFO4hFcark5ixjhuzh8wL/i14X3oG8DoxVpWCTvVu9DJ37X2UCMdXPRYWFrD54gsUCsUereQAGtOOoEi+HzRZAbq/HP3Fp1B/TQRrdzPsdjtsNhvMZjOsVitIklwXsCKWTNGOk3cO7SpMPb499DAjIfy5RBz+VHTim+TwzuT//c6/ASolxdSxQ5KqAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALhSURBVDjLdVNLSBtRFL1vZpKYTCQdUZNUMGahJbTF0roxG7NoqXQZKG6EQrV0Z6kLF0pDDSguxO7aRejKLLW7brRgiSWKVcFgq2JDSUJsYmKi0fw0M+m9Aw0KNnBnwnv3nHPPeW9YtVqF637r6+sDlUqlX5ZluLi48Ltcro/X9bHLBKFQyIGAONYZghOtra1NtL+6upoyGAwWXDMiWYvb7d75h+EugX0I3MamPWwyY8nlchmotFqtTGvn5+d7WNt+v993hWBra2tMFMVBm83GSZJESvtY5lKpBMViERRFIcJ93LegFa6xsXFwenp6jLACPZCVSyQS5IWRotlsFjmOI++qisPhoHWR9iKRCAQCgSqSc1cyCAaDEyaTaZRUKbiTkxOIRqOg0WjAbreDIAgqYaFQILuTIyMj6gQMA9rAcZuxRIvFIuXzechms0S4gv89Op0O0Ja3q6urm8TQKiwtLWWRLI+YQwEf99rb27mjoyNVlRSTySSgBc/U1NQXUvH5fLS2iAJAfU6nU0Kb0szMzE2OxiJvSKSOTipGoxHQTu14qYf2MUy1BzMDmpTssNnZ2Y10Ot2MY4qdnZ0SpY7HRj5XEOghMJb3AYt3K2ufoJKIwZm2TtnTtp2uaTrCtRDn5+cnrFbrKClRYHQKsVhMVWxJboIpHoQOlxt09ttQDC3Az+VFObu781olmJube4Mq4zgBOz4+ViegohOhsfPv+sD57BXow18B4t8ATDcgLdhgc2H5t3oPMAMFA2J6vZ4uFYTD4TxOYOjp6WFEAOkDqLPYAZ4M13IR3lqBV1hbzYLX6/VlMpnnGM5hQ0PD/fr6+s3e3l66lZAcfyQ/fNrHi9HPUC4moID9pzkedsMQr30LHo/nBb7u4Oi3MIMkKvO5XA5SqRREpLvlHyuByp+SHnK8BrIZBr/iTEbp9+x/n/PQ0NAAgvvpiBlj/mHN96Z85uAlLzObzFfjiPrweKEy+RdV4845vRqFoQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHcSURBVDjLhZPZihpREIb7JeY2wbcQmjxZbrIQ5nKSIYQ8gyuKOwqKihuKKy5xnJ5GRzteTIjTp51e+HPqDDaKSy7qoqvq/+qvYykNBgP0+310u110Oh202220Wi00m000Go0rANKlkHq9HhzHOYr5fC4g1Wr1IkSiySRQVVVMVhTFhVCOu0CpVDoLkcgyNdM0StTr9eZms4FlWSJPwEqlgnw+fxIi0dRdIxe/cMuqYRgw2SO2v9OiNpvNUCwWkcvljiASTd5Ztm0bJLa3GvTpZ+iT9xySErXpdEoukE6nDyAS35Gt12vRZJomTP0R+q9PYPc3MB6+C9AOMplMyAXi8bgLkWq12ju+I9M0TTRtnzp45pOZ8g2G+vMIMh6PyQUikYiACEq5XJb5jmy1Wr1C/vQ55CMM5XYPwr+1hKgPh0NygVAodOXuUigUZL4jWy6Xx5CHH2B313gaXcOxLeEimUwiEAi8PXhRvp+czWbZYrHYg3yAfvcFf6e3eDE2+2KPu8J+ZDIZOZVKMbrEV0gPz/df4ViGK/b7/R73EU8dRyKRkGOxGKNL3P3EJOb5A/FZAEU0GvXyl2Z0YKPR6KT4IoAiHA57g8EgI7HP5/OcPOX//V35VC8XvzlX/we1NDqN64FopAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI4SURBVDjLlVJNaBNBFP52d2J+tB5iGjFpvUgJtaVGhIA/p+pBsRcRD4o38ejdQ5F66C235CKYg3goCh4KCh7sRVoETQwGhBhFCfgTG9GC2WazO7Pjm9E0S7CgDz7e23n7vvfeN2PcffrjhpS4KqQ/5vs+hA9w5YWKJTj5AQQEl3Tuv1i8PJEDGfOlvHY+N5LAf9jCvXcz/ZgRmy5efn+HOnPqwuGR94Q38HTWz10/ugjPE+EAgdTBpYNX/qm77RApFxgQqKXJllbXty1iooPwzwac6DjOHs/ADRLwPwTKLp5I4v7aV1w4lkSn09FnT161Edl8g6mZKdRqNXz8NIKItFEqlQ57nveBeURAQoJZwINn67AsE49W69jDNugmBBKUG5+cRCqVgrqlRqOO2TEbnO9+2Wq1VvQKSgVmGTiXG8Xy8zai7mdMZ3OIxWK6SIG6IZlMaujRGUOhUDipJ5C0BTOBh5U2TQB0u11dzDnXxZKmGPYKruvC9PjvgxAVzh0ZRYQZW4Vqhe28qlFTMfXqlFmmQYJ90zH3DfR6PR0Pdw/GegLVTWtAK5w6lNBihkMmHMfRPw53D5KoCUytAX1M79+FL9+7OLA3CnvTIS0smKap0d+5L14oFNKemgu6Bbl2c+lt1hX+TvXCFCZ2AIlKZatzJpNBPB5Hs9lEtVqFbdtaJ8Ito88ctGKxuI+Sp9WIBDOdTt/OZrMol8uo1+tzlNtQxITXfyUYtvn5+VkqWiGcyefzj4O5Xx9ItHsmdOWEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALtSURBVBgZTcFLaFxVAIDh/5577jwzj0wSUmqMtKIiBltbbJ1FUCxVoQu3FrHGVRU3BVcKrkTcKOhCUOtOAyJ23WIQtFawpoooZWKJpnbsNJN5PzP3PO5xArPo93nOOfasXCgfAz48mE8UhzpiqCN0FLFrog7QA+qABVpAA/gC+FYyERlz/NC+qeIbT85xt4GKckMV5Voju6A09ELLzXqfi38PTgLnJBORMfPZmMeectsSeB7SA19CPBAsxgW+EAQ+PLaQZH8uXTj/S+UDwYTVOitxmAh6yqOjoR1CZwSdETR2Yadv2fPm6i2KB9IszQZzkgkVmvnLZcuP21VeO1rgs+tdAu1YOZxlKiHw8fA9iADPdvn5nxa/3epUBGOH39sqjETu2UJG4oUwDB2RcmRSHuevdtjpWgZhxEBH4KDaDflobbNrlVoRh97demHpgfTth+5J5ZpNw5kjWQxw6mCa7aYlk4bPr7X54XqfkfGIHNjAYpQ6cOH1x9fEw/cnP13M+Ik7bc3ZYxniMR9PQCElObmYptox7E97XK0MscbhHJgwxKrQMiZ+v9Y9u3knHBUCn08ut6m2DQJHe6C5WOqQl4KbVcXR2QSxwENbS38wNEapLmNi4/0Hv/r3zxvHN0p1YnGP1e/r4ODr9TbZlKBTU7xSnKG4lCUZQKMfYkJVvfT2c44xyVjKr6lpEUI3g3UOPIE1lu6O5aUTcyRjPjhISUGttYtVYYUJuXxudRZ4p/jIvZx+eoHvSopmz/Ly8jyJwBFIkD7EfMimYLM8xChVZUJapU4Ap34tbdHalfRDh7aOUHsoE2FsROQchVyOV5/Zx3ZjiFWqxoS0Wh95/qlHk2+9+AR3sw60dSgDOPj4UoVUAL3+EKt1gwlptd7arnf4cq1EfipJPpsgn46TS8fJpGLEY4K4FJxenicuodbsYbX+jwkZGfPNlfWNhSvrG/cBM8AMMA1MA7lELAgSiYBsOkk+m+KPv8o3gJ+Y+B9yFXCQeyJWrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEPSURBVDjLxZM7TsNQFERPrIielg5FFNkVy6FhN6wiG4hC5AoJVkAR+84MhWM75FNRcKWRXnPP3N9bJOEv0fDHWAK8vn1NZSghAgUsIwcpWFAlXp4fFxcAgIf7O5LgQBxskI0NPkLaz7pegRLsIdnOiUDyAHDoe90AiDnhzHVMtkJVbgDKlK67WkEG23QV9vt9bGOb9Xq9WAJUeXY7c53eBvVitXoiCdvtdq6gaoBccx3bsUMJJNE0DbZnQNcLaXnV1TpCEuR5iJJmQF/m/eObOvY/DNXT/pUQmwDj5Y4VkORCbdtGUrqum3Q4HCZVVTabTZLMh3QakkhC09y+9F8tnIdtdrsd47puCWDx77/xB7F6hU6PdBGYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLvVO/a9tAFD5ZdWwZg11w2iR1idMhxhm8ZOlS3K1rlwwZRD2EQCd7KIUOpmvoj7E4BBxElw72kMFLh5osBkEp3fwXlMY4TlRJtk4/7kffqW6wcDMFevDxTu/u+/S9d3cS5xzdZMTQDcet6xY6nc7jIAh2AU9830eAz4BP9Xr9dH6f9K8S2u22IL8rFovb6XQaEULQeDxGuq5/A5EXjUbjdMFBt9tdA9I+YAewWiqVbieTSWRZVigg5uVyebvf7+/C9kUBUN7P5/OvM5kMopQiz/OQYRhoZj/MpVIpkd+r1WoJyB02m019XmBH2J1OpwhjfEUEN1fRtm1UqVRipmk+6/V6ghYRCCHIruuGfxQk4URE8S3WJ5MJyuVyYv40coywsT0cDv+cbSyGHMcJhRRFCcEYQ5IkoWw2i0ajkRA4ifQABI4Gg0FYyszNV4AMeDQr4TtAATwEnEBjDxeOsaadvYnJSGEUYRFdj2PGmTLxOSaEKZ7LMCVccWzy8svBJo6U8Pz458pWPlF1A97aXE1UL2zS2rgbr54bQevBnXj114XfKkDevPQO/pIjDuofz94TymU3YNQnXMYeozRgUAKjxGdyABH6KLsOfaV/2MKRt7B39OPe+nJcPbeIVlheUg0j0AorS6p5GWj31xKqZRJtfSOlAvntPPnaq/xfX+NvE6ltVjnyz4AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPpZExCgIxEEVfZI/jGWy8gFewX6w9h7C1V1iwXRsvYCN4DUEEJ3HzLbIRF4zNZsq8/+bDOPH/zZgKVABHASzdVj0vAp6A4bH60CBEp5s6iV9TZZWAjULO0rqvFekbdq7QQUQisFZKG08Mw+prMwL2JUOkJwIr2Sd/cSMgGdqyIZVcDIbUJBDqR+6QgFPJAGcA5spZz32A3eRrvgFwMGHf7+AlJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpdPbT9IBAMXx/qR6qNbWUy89WS5rmVtutbZalwcNgyRLLMyuoomaZpRQCt5yNRELL0TkBSXUTBT5hZSXQPwBAvor/fZGazlb6+G8nIfP0znbgG3/kz+Knsbb+xxNV63DLxVLHzqV0vCrfMluzFmw1OW8ePEwf8+WgM1UXDnapVgLePr5Nj9DJBJGFEN8+TzKqL2RzkenV4yl5ws2BXob1WVeZxXhoB+PP0xzt0Bly0fKTePozV5GphYQPA46as+gU5/K+w2w6Ev2Ol/KpNCigM01R2uPgDcQIRSJEYys4JmNoO/y0tbnY9JlxnA9M15bfHZHCnjzVN4x7TLz6fMSJqsPgLAoMvV1niSQBGIbUP3Ki93t57XhItVXjulTQHf9hfk5/xgGyzQTgQjx7xvE4nG0j3UsiiLR1VVaLN3YpkTuNLgZGzRSq8wQUoD16flkOPSF28/cLCYkwqvrrAGXC1UYWtuRX1PR5RhgTJTI1Q4wKwzwWHk4kQI6a04nQ99mUOlczMYkFhPrBMQoN+7eQ35Nhc01SvA7OEMSFzTv8c/0UXc54xfQcj/bNzNmRmNy0zctMpeEQFSio/cdvqUICz9AiEPb+DLK2gE+2MrR5qXPpoAn6mxdr1GBwz1FiclDcAPCEkTXIboByz8guA75eg8WxxDtFZloZIdNKaDu5rnt9UVHE5POep6Zh7llmsQlLBNLSMTiEm5hGXXDJ6qb3zJiLaIiJy1Zpjy587ch1ahOKJ6XHGGiv5KeQSfFun4ulb/josZOYY0di/0tw9YCquX7KZVnFW46Ze2V4wU1ivRYe1UWI1Y1vgkDvo9PGLIoabp7kIrctJXSS8eKtjyTtuDErrK8jIYHuQf8VbK0RJUsLfEg94BfIztkLMvP3v3XN/5rfgIYvAvmgKE6GAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZM7aJNhFIaf77/k/9OkJpBWjSWtaUEREVEXL6uoiIOLULCigyi4VRy8gHQo4uIsuIhOOuigCJKCLWpx8kLRQqFWhV4SQ1PTNGn+5Ls4RGlrq/jyLd9wHs57znvEvafvbmktTlZq2g8kq2VWfl0HfJe7Z4/v7gVwtBE9xw6kWn3fF0LY/EtVDUrWefxi/AzQAFQC7XmeL+4PzVFllpIYI73hO2G3iDSawnyYT+Mxmsw2HBJcOpFGaSF+Q52aBMuysQTUrCzplu94oW8UgxJSSRzPozOV5MtEhHioBa1XduUAaMCyBIHJE3Ln+LFYJFBValIiTRnP8ygHYRJhC4NZMZglgBAYqQlUnaoMWKwH1LREaUDUMVrhWAJjVk7VAjCmAfBppVSOYHAJtCKQCiFClEtRoqFN2LYFRqy2YEzDQtRuYyqbI+bP0BSx8IRkodBELpskGevEscSqzThmOcBdz6bwLibfDxKPTiOUwq220t7VQ9RPorT+MxZLHYzNnkNpjdKaLUGefakONDAxk+P5whW2f5xj6/gko7fnSTcnmjN38pcPZeRNxxiDAI40ggWAveMHlfIs/swILfvP0TOcYV39DVtOX8VLb2dxJGONvhroHzjolh2xRl5VOI4KxwlauhoJzDxgz6le/M9D8LKfpliczR0ddmHM9Dq+K4roemznhr0gxC+U+f0AeJvP4W9Mw9GLS977kthabHZCjnj4aHBiX02ZHcasfQOd0URz5cMzK/LkAsFilgpQmrdRNtPC/K1qmV53t/WFmiPXUgnpONYkpbzka85W9aq5/l8AgOHu9svlwvR5W4kOZZspA7cPZ+SNn/95GW/b/Tx4AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH4SURBVDjLlZM7i2JBEIUd4/kJu7D+g4FZxjXSRFHQwMBsMxFFE8VEMVEDhRURRREDTY18pAYKirHJBAui0YJv8fp+jme7mrmDjvtsONzuqq7vdp2mJQAkbHxgemR6+os+MUmpRpTkFfC42+2E4/H4cjqd8CuxPJLJZPw9RAQ8UfFqtcJ6vX7TfD7HbDbDcDjkkH6/j1QqdQWhcUcA2rDdbrHf7/mXtFwuIQgCRqMRB2w2G9BPMpkMh9wAqFgUAahgsVhgPB7ftPTqyd0VgLXxtoHm1LfYymQy4Sfp9Xq/B7zXJYROQn5Mp9N/B1xCqB3yhED/BSAdDgfuC0FIfwSQy5VKBdFoFLlcDpFIBJ1Oh3sgxuhrMpkSCoXi/uYas9ks4vE4BoMBut0u6vU6X7OrQ7vd5rFms8ljer3+2xWgVqvB5/Oh9fyMcDgMg8EAi8WCRCIBr9fL5xSjHEHcbrdwBYjFYgiFQhxAzmu1WlSrVbRaLTQaDRQKBR6jHAGCweD2EnDO5/NwOp0cEAgEoFarodFoYDQauWhOMb/ffyaA1WqdiW/hM3N5zXp8sdls9GhQLpdRLBaRTqfhcrng8Xj4nGKlUunMzF2wdr6LgI8EkUqlX2Qy2Vd2zJ7ZbN7Y7fa9w+E4qFQqv1wud7D1mmKU0+l0P5RK5cNPtqSTQgo+48AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLjY/Na1R3GIWf+zV3JolJ40iMptZMGrGtVLoQpK66qagLV0VwI3XThS4EQQQ31Y34F7gQFOqqdCMtdGGCRXAhQmskgVSNmYAOmkySmczHvTP33t/vfbsUkyl44OwOD+dxVJXNSWfHJ1X0oSqjKuKpkKjoPMK1/m8rv38wVtUt7cx81sre3VWN51Tbj1Ub05qt3NXmo92vNm99ekStDPifHILuWzB1yOq44TbEyOebtz0BYkGSCk62AdrFdpYgcbFmq+7/PFBs8x+ylftI0kbiBkHxMGLgIx8IbjhGMPglmiwjQR+igjWyFZDM7B1U0XkVGVXBU6uJow6m9S+mNod229i4RWHiYG8FsXLFH7k0Fuw8CdoFG4VZtEj84hqFHUfQ/DJeWAc12IxeAL3sjxwH0wTbBNvGL4yQRet47jzaaWGjFoEzgs16KFgDSISaNmiKJKuQdjBGyA1NovkqNqyxOrtB5S/D4u1ArKcV4ObRKXPDFyPYaAG78RRJV9DkDd7gBDZVktpzNI5Ye9Ygqo1x6MzPhKUDTmd2as/8o+nrT84WJlybKU5QxCuU8Pu/wB/4BtRiMiUc3kdu+y7e/F1l8rtT5Bcf4vxymr7yPcb3Fp24Zn70rREc1yWLF9DuOzRdIRw7gUnvkUVr2HoVUxfyoyU4cfG9+9VdSJvAtxm/ddZmTuW3fYUEw6DjxOtlvHA7tm83+Z0H8IZeEj/7k/4/zpF0lomBVtNDC07Hu/BD4VM3N3jMzQ/g+A5ZWqO1+pJWZeFB4/Xz+vqLpzt8vy+qvqqGbuCSeRGNdaW87OEPuVNO+ddiSQw/iZXvreVrMcyJ1Wmx3Dp4vr4EsHR7uFSby9/ZKK8dISKnBdKg6D0e2J87+x98zpgrhVsXPQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIrSURBVDjLjdNPSNRBFMDx764aarTaZqmb9mcXDyaF9IeS/kBCUR6kbt3MU9gxCjp1iujgpQ4eutS9SxAUS1Barm6EYnRYTEPNpaAtbXPd/f2Zea/Doij+wQfDMA/mM2/eMKgqWxk/29p0vXyQLcbL7u518wFVXV6kUim11mKMYWk2xpDJZEgkEkQiEWKxGJ2dnYGlPaUrNd/3iUajAKyEVZX29nZUlXg8vqqCVYAxBoB348WbWQUrICpYC5cOGVzX3RjwPA9V5Wjd/LqNhOqtAcn0TkQFI8UKjAUR5WqrwXGczQGAE/W/15z+OHmd5EyOJu/axoDruqgqA9NhrCpGQGyxF3nf0FDTzIj7lCt9fRUvbk4X1gBZ+xdV5UxjhkfDXaj4eGLwjCESbqK57iQLziKf08ncud5w1fvbc7ll4E6y58C26nIuawcighGPCy1dWBWsWATlR3aWww2nyXmF4Mj3geyR+8HwMiAiB4NlJaSyX9ijERzjYVWY+TOBLwYjPr71+ecu0Np4lpyfD36cGvwTBLiVuBHCBt7uKqvhTfo1IoJjHIw11Ib2URfaT31VlLKSCnbv2MvobIKhb4n5vMfxUgBrbI81ohO58cB2L0Q8/Yq8cXg23IsnHo5xidW0cCp6kU8zg/RP9mttZevY0N3RsSLwvPwhQADIYxlnkggdq57rQ+EJgWAFQ1+HOOZ2BMJztefXfKbNInovsGilpLIgNvrrgU4t5f8DTGqAX1cDO6cAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHESURBVDjLY/j//z8DJRjO8F3q3d9ypOF/9b7y9x7zXAXQFTpPcaiv2VX+v2Bzznv7HlsFDAM857sJFOzIuT/hRO//wMW+81E0T3JQAGls29f8377Lph6rC0DYfZZLQOfh1v9tB5v/u0x1coCJB8zzW9+xv/1/xOKw8zi9AMPBSwPX9xzu+h+/KhqsGOjcgMZddf+rt1X+t26xNCBoAMS5eUDntvx3meDYn7Qy7n7rrsb/9h22/XgDERkDbS1o2d3wv31vy//+A73/S9YXvbesNRcg2gAQLtlU8H/KoUn/e/d1/89YnnafYDSC/T8vcH/ppqL/xRsK/tdvr/0/6cCE/9MPTf3fsr35f/byjP9Zy9L/5y3PeYnTgIBJ/g1+E3wbfPu8G5IWJR7o39v3v3h1wfvIuZEHnJudGhwbHBrs6+0aiPKCe4dbQ/XGqv/Ji5KeOzY6NBDlBd8pPvtzVmb9z16Z8b9hc/3/CXv7//fv7vtfu6Hqf8r8pP9J8xP/A124D6cBbm1uDa6tLg0g54bNDD3Qs6v7f/ayjM9BUwIPWFdaNViWWzZYlJsT5wW7WtuGnGXZ/8Nnht23rLAkzgsU5UZyMQAcp633iiwCvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFESURBVBgZBcG9S9RxAAfg565DI51uCBocpGhoqM1VaAjByXAImvoXDtr6D4JAaG2oyXtpKJGEltYcGntDErEhEI3kvDP7fb+fnqcVAAAAQAeg39XLqsVcyl62bTw8AkTE5tqb8WHOU1MzzUFej1+uR4SIzeWPOcu/TPI7JznNecZ5ngcrEa3YnJ/7fHehY6Kqqiq+eedgP7cH4zZ6dxZmnamKoiqGnpjTXcxj2tSVq/4qGkXRGOlrfDcvK7TJ0qypoiiKob5G9cWsukSHoCiqamQgiiqKoE12p2YUxVBf0aiK6ybs0qbu/HJZMTRQFEWjuOFU3aFNnn06vLCnr1EURbHq1PF+ntIKXiz/+fDTFV/90HHNTWdOTO69fU8rYH0tr7rzc2YUF8aOx3m0NYJWAPe76VmttzK1bzsbW0dAKwAAAID/tYu/URIDsoEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLlZNbSBRRGMe/2XRWZ2/D7G4sSuYaKVurhMZaIRbm6iaGERSSbz0EPfTSQ4j0ZNRLQq8WPaQgPfQaIWmUJWwrSYolkW2ul7S0Rrbcy+zM7vQ/EovJ2uXAj/+c833nu5xzhtN1nXKN+h6Jc1Sqma/fhPHn574cpG2GYTuDt9quHbe0U0vRiZrqXvHZfwXoHqnTfaZWg8ceII90jPy7mo5W9Vjv5fLltrZwa6RJLzbVkstWQys/FiiakEng7TQ6N0iD7x4vhK+mSjb7522NmFb56PRqKF+OyYLbcQQlFtCT8H0aW5ygHUTiX1uYX75WL690C/PRScwyZDDoNCtPU1vlKB0ueGBpvXy76o8BTpUmu1x5CpGWT6Rn0CMrk6fIdIQcXJwaSjMXfjuDqampXk3T6gGpqsqDMq/Xy918eoaUtEJriSjF1QQdiHcmTjYcKhweHo6nUqk5RVEIumrARs3pdHoQzIOFKzzPc8Fg8GWj2EW1+qX209IN8lPn2d0OoXBoaOiuyWQSksnk9YqKCg+ClHGhUGgPx3EfYrFYMQLIYB9YgnEnywTc+I5Ai6CfoS6wZjQal2RZfmTw+Xzh9fX176jgExxaYBhHBr8gCJPQgNlsfg1thr6FPWCz2Zg2ut1u1sKLjXcwiIHJeRhYBeXQZWgJ9COrAMyyOWDrTpyTDCLovm3jFpDhzqYKJlkGq9X6imUURZFVFJAkaQLzJugbBGlGgCUwln2J/f39KgwWOJWy04WWQ2fAXvAezm6wCFzIvB9c7Ovrq8u+RGzIAwk4068ryoJNWdh149ApnU4/zPkv/Mvo6OjgmQ4MDKR+Apt6owU5Oz7IAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHVSURBVDjLjZPLaiJBFIZNHmJWCeQdMuT1Mi/gYlARBRUkao+abHUhmhgU0QHtARVxJ0bxhvfGa07Of5Iu21yYFPyLrqrz1f+f6rIRkQ3icca6ZF39RxesU1VnAVyuVqvJdrvd73Y7+ky8Tk6n87cVYgVcoXixWNByuVSaTqc0Ho+p1+sJpNvtksvlUhCb3W7/cf/w+BSLxfapVIqSySRlMhnSdZ2GwyHN53OaTCbU7/cFYBgG4RCPx/MKub27+1ur1Xqj0YjW6zWxCyloNBqUSCSkYDab0WAw+BBJeqLFtQpvGoFqAlAEaZomuc0ocAQnnU7nALiJ3uh8whgnttttarVaVCgUpCAUCgnQhMAJ+gG3CsDZa7xh1mw2ZbFSqYgwgsGgbDQhcIWeAHSIoP1pcGeNarUqgFKpJMLw+/0q72azkYhmPAWIRmM6AGbXc7kc5fN5AXi9XgWACwAguLEAojrfsVGv1yV/sVikcrksAIfDIYUQHEAoPgLwT3GdzWYNdBfXh3xwApDP5zsqtkoBwuHwaSAQ+OV2u//F43GKRCLEc5ROpwVoOngvBXj7jU/wwZPPX72DT7RXgDfIT27QEgvfKea9c3m9FsA5IN94zqbw9M9fAEuW+zzj8uLvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHXSURBVDjLzZNNi9pQFIbzA+YXDP0zLV3Nb3E9a3d1JQh+g7oQLaKCimL8QGKiMdF0OjUTjB+N0fi9Ghim7aa8vScwglBKabvohZfccM95zntObjgA3N+I+2cARVGuJEnydNjief5LpVLpFAoFTyaTufotgCiKtw8POizrMzaOjfnMhCz3kUgkbn8JkGX5utvtelut1telNYf+ScPHDzL0+yEW8wnC4fCT3+/3+Hy+nzrhBEHwTiYTvCRrQwma2sVIFXCnDaAqA7TbbdRqtcdSqZTIZrOvLwCNRsNY2RbGrKI2FN1kddCB3OtAFAU4joPT6YTj8cjas5DP58epVOrtGcCGZVD1+zuFJYusYh/9noQe03a7xW63w3q9drXf77FYLPCerTOA7b00LMMYYzRS3YDD4eCKksmBbdtYLpfuk5zkcrnvyWSyFAwG33DMzjUblJcNymDtfKMAqkbBlEwu6J0AJNoT3DRNRKPR6sVE2RUwCUCJq9XKDd5sNmfAixOaBbUTj8efLwD1ev3dbDZzDymR9tQSuSAgfa3pdOqe6boO1gJ/AWA371W1Wg00m801gznlcpkvFoutdDp9CoVCx1gsJjFpkUjkORAI8KztG+7/+Zn+VD8AV2IaSQGFiWoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLfZNbSFNxHMcX9WLgQ1h0kXrp/lhQdjGIEotegiCKiiIjjSx88SEpzZRIpWKFnGmCOubAS1YkmZlpXnLedtrUIpdTJ9N53Jnb2cy55fbt9z9OmQke+Jz/4fy+3+//rgCgCOfik7qjRD7BE3bCSQwQKlb7Xx9ujCQ4wv9Jb0H/qIRh0Ycxz19YHdP4zI+C1UKayCUBIXOdtmkAc4EgrBLwpsuN6l43Ohw+eEkUIFiNaZh2IWQhgGMFlx/y4yG1ptmF0vYpGF0BBOkfNZAC8/VQCCcH0MchImBx+KHRiTCJ86JavReqLyIGpyGPYIJeHmp9jGCQBQSYV+69nuZX2yuhqNmOwiY7+qzA7wlAZ/LQdGbhmAUECpBoKM45wE3Uz68JxwIMRosL6rZJChCg+irgPS+hsnWQCWyM121meMg0RqMxTQHGsTkYLRKrG1iA+MP6h3oWUEjmVxTSafaw4jgRHWI8tTweN0v2oarHJdNnnWEacTFA1SiAa5hAfoMNXUPLA+6UHcejmku4ULAHZZ0O9IYFGAwjTnCNNtlcQekmMYgU7THc1RxGkvoAEor348Hb86jsfoHUqrM4pdwCfti1OAV5EduHvDAKwOgMYHYDyZoYvOM5VOvzZWN5txLKhlSodXm4pY1HTM5aCvjILW6jn7ZGoD365QT0NuAGzZeZn9enILcuGY9rE5FZcx1ZH5JQ0JKNK6Wx2PlwlX/JQbLTdhntQKsFuFy0FxVdSmg7nkHdnofibzkUchuqliwkak9jd0aUMzpNEbHsKFvdQXynEZwr2I4zL7ciTrkRsU/X4WrJEXDNmUjQxJN5s/tE1r31K14mfkTCT5sP/eOz6DG7cDA3CtfUJ7ErfdNkXHZG1LLbuMJ1ZvA70iO82+6vxoY0xZpw/T9xhOmhB93shgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK4SURBVDjLbZJfSFNhGMaf72znbGfNaTRboKViYQUqmFp0IxVEFyMpoaQVBCWhV3kRdBPdCN2kiBBRgURdpBddCDIwIYoILcwyJEJiC8tIJZuzze387TmLxGxn57dzOO/3PN/75xOdnZ3TlmWVkYW+vr5K5LlaWlo+6LpeaRhGLBqN7lkfc1O40zTNh+Ria2urnc+AYocecmxjzE2hh5yku158ocfwSh5ohg3NAtqKb2G7Hzh3ecxNcRPZu9FAovA9uU1mXst31ZS6rEq+oGqrQTWOGrVQ/a5qmvaJ3CdT/2VAYYA0EaNQfocXqQnUu7ohmVUYWTqBqUQ1NO28wd1Pk8J8BjqJM1gd8gANW/xIaB34la7B0vJRzKwUO/VbxFkT2mggIpHINA0eMxgO95bXKcIHg7/J4bMooGFaM7DZr+DbwiqEBPh9Lli2wM/kKp6+ndvvNCdAmkOhUO3Ilbk150BjBocbq9Bc58fw+Fdci/wzPTx4tgjLEq8cgyQZisfjRtX1oX0qp6CbwPzzcSytGLnFoxPzCB8ozb1n+EljfDGhQQgLEjurkAriGs/eQNKMweICSRJw8VTopoXu9jruZsMkLAA+t4VsNotkSoObQpkZVBCxfgpeWUImq6Nr8DPoBYNGFnFOmm3zn7dPZgYULpNBIjtTOM6T4wt2wOBuWdOAS5KZqhvMh08XhRINBDg6jtfIZVBL8RlSfihYZitCha6WIprWhUxhe7iAZppz5nK72qzb61Zw89EsfiRTOQNq9XuKovQ/uTq/1mVzt1OvzIpX0T95CUHfDmYhYTH9BW0NvXzzIp3904MYDe6kUqk3AwMD9X8NTnWN2eXbgJB/BUdqG1GklOSSSGRKsHWTAZ/CUygERK4hea769tGXu0rVg0WeIqYcYBk6hGVRYMISaXycjWEhqeM3NCmjdDDSuwAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxCcMwEAXQAxcuIoIFAUMgqtypcyXSqBIYNy4M0gSZQBNoAm2QCW6DTOBFbg1HTo6QyqW5QsU9vj4HK+wPHAJ88uhxDiuMwaFFk/qksUOF7cAJnmb8+rKmFXiN8sxgpomBwb6A7qUe7e2vw0Tj4qKNJvaLLkDRhRoS+QdGcpxQwml7pRaxpiowcGQZdHilVssoyu9VhsjAkmGgsCEZT1Rv/RHuH2BTqYa6xKlQmqPIda6ekGA47tT78wZ72Oy4vOPLEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpZPtT5JhFMafrW997I9rscA+FFu2QRurtlw5cQ4InLpwBogIPNFSiNJ4C+JVkj0QTBHQKFPQlJfwlanY1tXz3ARkn2jd27Wz++yc33XOvd0UAOp/RNGR/X5zeH9rOlTDVKAK3fsqJrxlqN27GHPuYHh+G4rXRQzZNjEws47Hli/oo/PxNsAU3qvWT3/gX3TPuHrWBhiC30nSktXDtKLB1NI4NKkxqBMqjDByPFkcxNBCPwbCfXgUeEBq705m0AZM+qsk2e3hau88W+4ANOy+XPLFQrkrcbW31KkOYJx9rBaAOzPR0gVHW6x593q9cDgcqB6e4sZoogMYdXzD0ck5ZhfLsHGKVfAqVoadKcMdzcLr82PuwwZCoRACgQCWVzdhoK2gaVpDAMNzWzhkAXamQpze/I4t13w+j2AwiFwuh7W1NXg8HmQyGSgUCshkssuU3F7AQf0c84kK3n68KFc4hXQ6DavVCqlUCqVSSdaIx+NQq9UGMsHg7Ab2jxtwp5rOvqUqia3CUqnEObWn0mp1KBaLcLlckMvloPpfrhOAl230/SGLxQK3241CoQC9Xg9nskKk1emQzWZZkBZCoRBU3/NP2GMBgXTTObjSjI1GA8lkEgzDwO/3E4iObXY6nYhEIhCJRHoWcIW6b1pF7egMlYNT7NROUKzU8XX3GJ+3D2E0GgmAm4Zbh2s0mUyIRqMcAGKx+BIlMeSiYu1K/fbEMm4+TaFnJIHrSgZX5TFIZNPo7e1Fj9QOs9kMlUqFaw9pCASCnzwe7x15xG6/rUQiAZ/Px9/5XyhZOMVGKlOdAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVBgZBcFNiFVVAADg75x777z50RmdDJG0phpTIwq1cqP9IBqlLaxNpYVSVIvahLVLCqFFoGEZQkQhgdGilUghaqRNIKgUZEmQlCBlmmOm772Zd+85fV/IOVuz7ejmgeHWxhgsRz8CCMiBnNQp/Xbln3w4XJ18/die9dMAIefssXcmjn326vIlMYZZmUIGIGfILl7r2Xfiir/OTbV//unM6Hd71k9BCbEIi/rKYtbpvxUxBAI50eSkrrNOr/HQwplW3FE6ni4O5rR48sFXDsz+dve6qQghhBk556KviKpIGSgiRSAEooBk3nCf9ffNMzbeGiiHhz6F8NSO1WdTHh2bNZhCk4Nl44+7fP2Sb37cK6NVzdCk2rplz9j0wEtaVandnbbpvZP1wbdXVSVOvfzI5ls7rT/9fvmMUyf3q1PbsoX3mG5q7XZHMmp8wdOOn6ulNG3VbS2hjDVEbPzw64PNDXnc8NCwRXfNU8ZBl65e1m53lcVcW9a8b3hoRH9fob+vkkVCBPHz1w5NtZsne19M7LVkYLWZ/QPGF92i2+mq69ILa3caqFqqMuorCq0ySsgZiNBuHy6+//WIXQe2u3/OBk3ZceeSu031Jp3+45CyoCqCMgZlETWJJgHx3jduevFa5+NqxeKVchXs3P+WRxc8a9Il88du99WJDzy/a0zIQRmDIgb9VdDUGURsI5s4fcQvZ3/QmW58cuQjT4w9Z2TmbKM3L7D01pUyUiajKqJ6ugbliXfPz3/4zYnOvq3L+y9eq8C/1y/4cmK7691JIUQjgzeqIlUMIOWsN5VACXXdaBoARobm2rJ2NwAAgJyyXrcGEeqplOqUMgAAAABAWcZUN6mGEnrd5sJQXzFH6A3lnKNMAowMlCBnBqooBKkqwn9Nnc5DCSHkHWu3Ht0QQlia5UEAmYwsAxl0U0qnymgf/A8eWStYAg6kAQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALpSURBVDjLdZNrSFNhGMf/Z9uZnjldy+lKKF2ThsqULgZdLAIrKTHKMLvYhS4fgiKLoi/Rx6LID0aIaRAUpQSFEcIMiS6mhoFmN0duVpo6azd1m+852+lZSeSlF36fHv7/532e//ty5eXl7yKRSCrhqqysNGOWU1xc/EEURbMkSY7GxsaMf2sqEqaHw+HbxOHS0lJ5NgMSR6kgCqbXVCSMIbaTu5h0qEKKVcSASTJYBDiSdB0LtEDZyVYVidcRmdMNFCR8S1QR9tf8DWFc8AkKjUGQBYPgRLagE4YExthn4hbRNeMGJEwg1hGSju/Ei/EOLFdehSJsgc29DV1eKxg7IFH3nYRuNgORcFLRaowBchO18LJjGAtkw+3bCPtoUnT+COFcnRU299zdJSu1Voz/eAYuNLA/OhubNMjaZDRDzWkgwYRx3QiQcgcRTsRNxrAnPxC3d/O2+YIhDzrTEnidFnxqqr0cNUggthqNxhzbmYFZMlBgZUYwY/++kmydfgXcvR+pCUN8wjxoExfqogZ+osHpdEqWCw3LBEpBDAOMAj1kqEaK3AellK7WmwswMVgHtYbDl85PEEPsZyg4tkpBm1UTJkLZNnER/rADkXA0e2BkxA1e4qBPL0Toew043gNeG4/YQO+w6B/Mzz3+wB414CcNuD8pnIBX7MG84UewxvqgSy9CaKAKCl4E86fB9bRtlI0GCpeeetL5e0C6vo+oJ/hoCkX0csxiGXbMeY7krC1gQ7VQqmVM+FPR39wakYKB7MWn2zv+xkidc0i8m0hbb0iVld3fkavawElcMga7r0GfrEbIvQBfm1tCJRVdsfZ+b9+UFZOBSNTwPK9pOjfMaT56uMw1RxHz7SXsDS3otLnx4p4NVx72nu1zBbwzMiKxg6j2eDxv6urquJ7PQxJ7/ximnDzExVkw0NE9dr7e+eV+u6uS/szP6QacLE/9gCVr5waXLjKqVmSYIPMTr4KukYOFl9468J/zC7f3tq13JhENAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHfSURBVDjLpZO9a5NhFMV/bxowYvNRjf1IoCDo0KFJBVHEVbeCi5N/gM6KruLi6KiDKA6KIC6CQwdtBxfRrUGHFlTQIlikjTFpkua55zo8r7aDipALd3keOOdwzrmJuzPMZF/cOPFXBMmRHJMTTJiJYCIEESy+ZQGqczPIDNxxd/AMDriBu+MSCkJmSA4CJ8Pym+UIIAs0177S3Wz9F3O+WGCiMrmjwM3pbrZ4fvo17kR237XAtcolRvdOA+L+9TscHB/HTGQAlLqwuHWbxa1b9JMVTBDSHRi82qijbgPXNsGEpx5kouYo+2jpI/3kCUudiwzUJBgMAoQAjf4ZFtZP0mq/x0xIYPJUQQoQLHAsX8fMeNk7y4DVCGKw0q7ytHmByx/u/lYgOVnJUbBomAa8azWYr5b50unRGZln48ccYzrH5/VTtHuTKIxQk8dUdgMEE/XyN2YPTFHJHaZWFPIan/KriEccqT5ExJi15FiwWCSTo+CYiYk9h5CL4NvIhSOmctOxCwgh3J3vauAWnc8GEzInt2+U3s1nuEWwmPlOByzthuSUSyV+XUDWTOAJxbEyhcJ+pPgxc/4KnbUFQOTKx3n74B5uQhI4JEkMMHl8ddZ3d/tfzH+aZNhrzDDk/ARfG6G/LNZPQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLVdNNaBx1GMfx78zO7Lu765qQWIPteqiH+IKCjTmkClIVPHi0pVDSXBT0sGhLUOvJl0OL4AuVBC+CLXpoD1KqweBBWFFajOChSTU20q2h6e66nX2Znfm/ejCJ8Qff6+fy8DjWWgCmz9f3AR/cV0pPhtIQSoM0hoEyAdAFmoAG2kAL+Bz41mNzRqmJh0fzk689MczO9YUphsIU25EeExK6sebPZo9v/ugfAKo7gZFC0gGgflvjOw6eAwkPUr7LvSmXhOviJ+CRsQy7irnyp5fW33e3AC1loWQilIGucAgkdDoRQQRBBK0B3OppAF4/e53JSo4HhvzhbSAfBiP7v5pHHZ2mH2kqJ2cZ+uxjwqBPNzb0IstAgAEc3eGna22WrgfrLoA4Ol2eXfrimZw3QDoeYWyRePh0GZ0/RdTu0o8NfWnAwkYn5sPF1Y4WYtoVR44cNGH01+iwXzT1FvVj76CApUNVxI2ApNNn77EZUrXviZSDsaB9jRKicv7lxxZdM4jm433jabO0Asdn6eTLOC7oQpnfX3gFfrmKnBjnnrmTuFJiLag4RotYA7gmHLyY+LoWmcounBNvYm81cLEkgyaVuXdRe+7GuVijPlPFSfpIren1Q6WE6AC42YsXvjy9e//EtdXbyHyKyqszYOH+946TKHiEbcOVuXMEUwfI+NDqxahYbCy89awFcAEWhvaKj6YO48WQaDTAcXGbDcIA1k6cQuaKYCHruTTaA7SI17eu501Vzw4Bbz84OU6veobvlgW5rubHTy6Q9i2+B8nEvxWysFoPUUJsbANaiKeA535eXqM98OjFFqktsXQQyqC0wVhLuVjkpadHudkK0UI0/gOkfPT5Jx/KvHH48f/9gLYgtUUowMLphXWyPnR7IVrK1k5g7WYz4MziMqV8hlIhTSmXophLcUc2SSrpkvJcDk2NkPKg8XcXLeWNbcAoda52eWWsdnllN3DXZnduVkwnfT+d9inkMpQKWX69Wv8N+GEL+AdfSH+n2ppttwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPtS1NxFMfPH+Arwb+jFz1Q9GK+aLBXkWQvgoRehRDYAyxEY2StB8SILBJnWZY4HyhDrbR06YssW3O54dRNr7a2Zbq2u3u33bt7b347LhhqYlA/OJwfB87nd873nB8BoP+xPwK6i4q0EbLl3tC4MkRGdpCMzEsalwfIJvVR0Y4ATjZpwyToQSuMlR7o4gj05GtosQ4o01aIz0lIPCPTtgB9hMo0jwlG1MFJXVCjdcgKVcgETyETqoLytRGqcBepURNWuqhsE4BLLs4Nk2x8d0JbbcbQncNorzHD3VkOt/No/j54y4z07Dkoi61Y7iA51k7FBQD3a9dDtfyyE2qkOp8guCry/vf9RN6LHw8xpBaStxaRNrIXACyW14j3IfftGpSlM8guVCIzdxLpwHHIU2WQPBZOLkXy3X6IHyzILrYh3EreAiDzinKGPMp9XoC/7xL8/TfhH9hi/Q3w9dYgMbaHAQ4stpBYAKRfkKgnB/n184hO9SMZCUCMzW2y9VjE48SPt7tY3GYsNJNcAPB8vfpKLwOqIS5046euYesxNBXxqQau4ADSoQeYbdzQAs/Xng3YoMbuQQqchppa4vDahvQ1KPFpxF37WMBKrL63wd+wQcTEUyqJ95Cshp+wgBch+SqQCXdCk4LQUjOQ5x1c+l4W8AhSgSb46kmevEolmxaJl6M84TIjO9/EItVDmjzGqh/kknezL2XoWSR9jRC6LfDYqXzbVeblMPN8haTbiozwiKfyGMqXVsjBFiyPWfH5BgmfrpBlx88UfkhFS/epTnDQRKiJMHOb1vud8F6nOvflv3ymf7Ff4B/4xZL2LgEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKcSURBVDjLrZNLTBNRFIbHBQujG1mauDEuTIysNOpCiDZKZINRSYwoLIhGE18LYxHjgigRVCINRlEjYqZqKChP8dVObQMptAhtp522MPZBQR6lLdLACG3n984NmBgjLvQkf+7m/t/955w5DADmX8T8V4DP58siYr1eLysIAut2u1tdLlcrz/Osw+Fg7XY7OzAwkPUbYGhoKJsYQ36/H9PT04hGo1SxWIyekUiEanJyEgQKm80Wslqt2RRAzCpiluPxOCJjI+jv1MFYX4O2SjVelZ+naq8qhfGpBp+7msmdMKamptDb2ytbLBaVEntQMSeTSXrx7sHtf1TjhW3wPj+K4bYK2J/sh7XtRoghcWYNBgNkWUaKQD7UVUF7qRj3j6ugObST6kHRPujv5GGcU2PG2QkkxhB3NsOiOSwzWq12dGJiApIkIZVK0XNxcZFKSUY/TWxCTCjHQrgd459uY55/jVSwG3zDGZmpra3VYakSiQRI96EAfzZO7EDMdQ3p+W7MfzmLqPUcPGwJnA2nYH7z4hmTk5OTuwxQmkPGBlEUEQwG4Xc0IsZfQVqyYE4shjRSiFmhDIGGfHS/I802GtcymZmZu5ZfV8yBQADhcBi8uR7jNvWSuQhS6Bi+ua5CfJiHsMsMjuOidIwZGRk7yCgH0+k0jawAhB4WwvvLJLYZUqAE30dOYIYkGa47gK+iEx6PB6TxFymA1GoF0tLSIhAQPr68BXdXGRxvazDaV4C5QCGi9lIMP85HJCTQHhGz8Zc/kdQqojUmk6lZV6UCZoPwPjoCrmw9esirPdW58PVzSmyZmHUrLtP1k1uSC5Z7WOjToK9iD5pObwLXrlXMKb1ev+Gv21iwe510s3hz0lB5IKmv3mvqUG/duNI2/gDNuAiQNZy2IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJmSURBVDjLfZPLb8xRFMc/9/ebqVHvEkaiqTJCEIkNmy4shKY2FhIkliwk4ploV00jQhNLQSz9BSxY6CBNtBWbBgsh3lrVd3U6j/v73cexmGk7Kpzkm3Nucs/nfM9NrhIRANzZM8L2ndhsFrEWcQ5vDL6Sk83NyJNuljx9rKiKxGxR3SRVjd7a8tlaJDYsjHmAsYi1+CjCW1sGWTtXJ/4BCOYAsUGiCBoacFGEjyJcFOG0RmUy+GIJieP/OIjNFfKv25OHfpI8Og41Ed4LrhjgJ77huyfLd/4FSJx7MSg6yLPp/FJqtyIEBL6EMtP43Dvi1M28P6QHFwKUiGD7NuxFeEDmVlrC5Xg7CXYGcQXEaVAKnCHf3zbsYg6nT8jLP95AnGmj/nJaEisR+wtcCXG6ogI+GkV8gdSW02mTo+2vFbyNm8IluxCbQ7yuKKpII76IN1MEtWsxBZr+BnhXFwQJxJfARxXpeTnNaO97RvseUvyRWPMxm/gO3D7QZTvLAOdBLPh43vrsdKcZ7ftA8bNh97FLLGrcQelNV/3b59mr2f3JQlBewU2KmUbELLBe1sCzfjL7jpD61I26d5zaz/fZ2LA6FCUXyg6M7nETLw8HK7Yh1fZdOduJIql0I7RcnN+9Yz2hVxsDAKfpzPdfH/Z6AsIUIhZxFSd4wlWLKb56BB3riVoVU62K3MgYLpQhNfsbf95Vp5zhyrI9J9PJus2gBLEFXDzNwKNeCp9mqF/tSASDzIxZvo6EzmhpnwMAfLmh9sbTtFlNk7PUmQh0kUldoKcmXDdUmhpvCZ1qcKH8ELhzsMte+w2tS8iXJ5jooAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHlSURBVDjLpVPLShxBFD3T3WOUUUGYByhkI+50o6Bmo3ErAVG3Qvb5giyThets8gmC+DYQzEaGBMUnBhQRJAEXQuZJ8Mlodz28t6rbGY2b4IXqU1XcOvfc01UxrTWeEx5/ptbOssQzILVylVKQChCMkucagrA6JKTQtK+uJyc6Gg2B0npwvLfJ+Z/KH2Z+J+4VEJs5nFh4B3BLUhCrBILAzv1bmvvAbWD2rt9nCSRqCCIfCFtTdFjYoUVIwgQ0BJEc5UxmIGoJuGkTMeBPiQ4qq4R8MEpkhJSSyZhMPyQA/4XP33L6qhLoKGbW8wZnNwoG5zftennLYum8ot9+2uWpVRBQBTISc5tFsBmu62BxqwjPBb7sFNFQ52DlZwnxOOFeAe3pevihB07UArvguTGMv0rDo92x/jQoHyO9aZM43J2y2GNbEEJVCVgBt80Hv+5RJdLFFR0nZpAjwqXtQmh3LQGxcT9xkvymJ/WwIiEridajfVZB4oVXJeBbx+FSxdX98oOK2YMyAoV/lER/zrP9COsB0Q11JfH9sIzXnUn8IBwkfBzHp+dUrOYtGA+ohc6Xjcj9raA904CT/BXaWupM8lOhwssXXiR98XH6V7NPRHzDeEjyJTCPRzxJcHZ5kzdX77nP+Q6ZHT+VaotBJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJASURBVDjLhZLNa9NwGMe/WRKXpp19L6WrdVsZHgq9aBF2cFDRDi8WxJPssqMXDx4H+xuGFDz1YC+eBvUgnWDc0FqoL+CmHlylthurdWqG7bY0zUvtL5CSxYOBh+f5/fJ8P89LQg0GA9ifu68XMzOB8INJ/kL8WKGwf/y5WW817z/KrBXtuZQdMBRfuz5z+emcb4E97LvwtXsG3aMOfiiP1Y0Pwu3ineenIGN24nm//+GsN8U2dQ3bf4BnByJe0luIhsKM1+Fatecz9ovZs9NT7+QaPFoKG3sStOgOPrFPQP92YtoTif4XoOkyTmTgTUvHN5EBdxKFo7sEyr2Jnlr7Z1+jEarVqlCpVAa7P0U6pEg4kmqgxjgcfPdAP9xDnAPqu7/oQqEwyOfzwinAUDzvcDjSyWQSVzxZ7Oy/RSZE45JXw9w5BTeTW/jSfo+l1D1ks1kEAoF0LpdLj0ZQVXXF5/Oh3W4jPD6Ji+O3UNxeg6q9AsP28bHVwo2pRfBdHo1GA/F4HPV6fXkofUGVy+V5nuc3Y7EYOp0O+v3+yIZgkM9MURRomgbLspiYmIDT6YQgCAR2lVEUZSUYDGLojSSO4wwz/w/irbGu6+j1ekgkEqjVassMqSJJEkRRhCzLoyRN0wxvns07cmYYBm632+iQANKkMmnZTLAL7GfiXS4X6TpNRjBIxMyq1sp2iPnO1DGm0BTbIfZRzJ2Q2AAQkt/vH1WyJpjLI7F1ocQikcgIsF4qlRbMlqwjWWPrmJau1/8CtF7RM3ksOU0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF8SURBVBgZBcFNiIwBAAbgN5etvQiJOPiuyk/YwqLk52v9NbTtarDGNpbhoCknHKgtOXxDIU60mVI4OOxVbtuchaTkoByUMpoc/NTjeSIi0irPd5q9U/2J/uHe7s7mUkQkImeLi1VrcM+cZ56oXLJusKZaVohEThcz3fve+Oaz1+bdctdNNUPdFBKZqu54658v2q54pKvlsmt2SCWpleODl75aMKvtu3MWNJ02oymDlCk7N7zwR9tHc9pm/TDtpHFNa6WT0d4d930y54E583inoe6YmhHpZX3/oVnP/fTKvF/+emzKpJo9tkk/Rf+2q9qe+uC39x5rqBt30E4bpJ+lvUuuaLmg5ZymhhMm1OwzarX0sqiz33UN06Y1TKmbcNSY7UYMSycpM5hxxnF1dZPG1YzZaZOVMkgZSbXOpGMOOeKIA/baaqNVhqSSSIp01xhV2mWrLTZZa7Eh6aaQiKRIlcESK6y23LAhGaRKIRIRkZTppJd++umlk1JE5D9AhzZjNC9N+QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE4SURBVCjPfZFNS4JBFIX9UfOfpl306XZ+QYhG9UJtiihq4cJNQdQsIulLKhs/CAlNy9JRX+slKel0nFdCjOJsLvc8c+6dmQgi/+unKIqCyuucNTarb9SVGAOKsmAaCNCn3lBHxlzIEYC23wPQQxc+3lkFOPXTcggw3AzsNlqwVBMNh2hzKByQV4NGClGneWoOK+yUkFIOyOmAsVFcurMveMYZZrlJC7vaAbe2jw6B0HxEDPeYYfWBLeuALIE2g8/ZrNKexhGBOjPWQ+Bad7lSEhNs7tGewiQWeZ8y1sIRGVXFF80nxtewSeAOFXziBF64ZFocmw63rlFVPGADRR6owDOeGD7Ugdz3m2y+uhyfp8vw/IQceeqk3DEZjgg4uwSNhInJsc/aFqtqWS/ZuI3pBRUXv37zL30Ddxx1NEzXzZIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjL3VNNaJIBGBaCDnXqVlEQO0ixrE1a26G2uYU0tyVaA2lsHtS5HzuYhTkl0CHZmpT/0coO0UVS6AdrkCPFkC0am+ambea2GjOYuubmN9vG0/eNLl1s0K0XHnh53h8eXp6XBoD2L6D9Jwuqq6v3dnd3X9fr9Rmn0wmNRjMnk8kqSewn8wTFUTWqh+r9YwGTydzd1NTUbzKZkEqlkEgk4Pf7odVqv6jV6kA8Hl+nuGAwCNfgVcSeCjD9XI/xR2xM2ErbaeXl5RcUCsVyNBrNCAQCb2Nj46ZEIoHZbIZKpQKVU5xVWzu+OKzEcvgVkFtANvwMoYHzKUpBv06nIywWi5TL5e6pqanJ+Xw+jI2NIRAIwO12Q9lZQWSiNwuFry+w+O4O8hEPNmeDiDzuIGgMBqNLKpVm7Xb7NT6fP8RisX6y2WzweLxtKDrOIB3RYCsfRD4hQ3r0CqaeiBAebFsaNfPotGNkNDc3TxmNxqzL5Up7PB44HA7I5XLYDEJkIipsESGszQhBzLdiZbIXM47apY/Gc2XbR6TT6btI2WUcDicpFotXe3p6CBKFu3KmdfGD8vdwO4i5y/jxSY1pa91qxFBxuqgPvH0HLk6+URS28gEQSRHW59uwTCqZttXnYwNVR4oa6WHXYVHU24uJ1/fwbaQFa8lWpMdv4LOV9T1mrCr5qxNdt+uBlVnEHlzCcO9BvL/fAL/u1ELYUHl8R1buk5RuFEJWFEZMGNGz4BIfyg2pTpzc8S+0nN1H3BIe3fAZGjbeGuv8L5WMkmK/8AtkdLda3u0iOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADESURBVCjPvdCxqcMwFIXhw/MDF3HgqRIErEqdOlcijSqDcZPCYE+QCTSBJsgGmeBu4AmyyFnjpnjCZcrwtx+nOFB8Dl8Ba1lllWVTzNsoSWIZQnh6cdOxsHKRf58kUhF2X9xueYCFtwqiDFT4XmHvZj/AjfNrzCnHPLwCFa63cmaXDzBzrAtBPBUK03d7y2aqYGSqwMuFNpi7ou1/iVxBYqzAyR9NPrG9NuGHuCqgSCXKIGFTuM2Kke7RluaJB6bvXf25N1fx7E1Sq2rLAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVBgZBcHPi5RlHADwz/POOzu7o21bIWVsiiAR1kYdJOwHdAgKO3QQDMqCTv4XdQikg1BCUnTQCIK6REVdOnWTClIRjAwNCdFy1t1xdnZm3nee59vnkyICAOSTJyu5HCsdR6PESju4fXG6vvFBOxzOVd7r7tn7Zju4vbF58dJnk7Y9VQMAaNu3PbTr03rtyR6hGqw/N/3u+6ct9mYrrx5+cXHfXpHLzqVffn3/2pnPl2oAgNJfPN5de7xnNGK8re733Xf0yCFtq2oKl/+UcO/aE1K3+1YNAJBTtdptC+sbRGHzrqruUDLDIaUw3mbnDlFKrwYAyFujmbZhe8w8kzOzGfM5udDMmGyjaPM86is/HrywuHzgQEoVWKh0ujf2WFjewfUb5DklyC2TGbMpqw+7c/6CzeHdH+oU1WOPPH+2m1IiyPtvWf/oQ/es7ra0Z5Wr19gYkVt6XQ486s6li37/+tvfxpPJido8pkrTm936RG46VMv6x9YMf7rhvzNn7T78soUqsT3R7Fzyx6mPjfdv5eF4/NqRweBmrU0VlHkfYevaOcPL5+nhFa6XL+mhB/TfqfWtdJ796spNqJWqo+oY/X1Fc+cfZbbtgYOvW3nqDUlS5q1mMKEU3fsX1Mv7/HX6GQC1OUnHrhfeJTJRkDWDb8hjZEkjTDSDic6OEwCg1kZEZM2/X6AQgUwUES3RijIhjykTAAC1JgqBIAqRRTTEnGhEmZK3lTwSeQsFANRmUaREFBFzoqXMRJkRU1GmooxF3qJMUAGAOtrSy+NN0oNSSuiITiXpgKRCIhJqeTICAHXMZj9fPf3SIYEEAAAACCSUcg7gf+9HV+4TlzZTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLpZNPSFRhFMV/33vfzDjOvBmlRkuz0THKIjGN2qSrFkFEBUFBG1fhtkW7aB1UUNDCyIJaRC3aRAXWxkroHxpCRGaY2uS/GWfUGUfffPPe+1poUbvCs77n3HPvuVdorVkP5P8Ujz3ae0IVtj80w80U5l4i7MlO8a8OfvQmTsvAyXvBjR1EG1pZGHvD8PNbs/JCz7u+snKrdS5fCi3ZjuFp8NC4nsbTGldrmq234kx7p4hWtJEd/YxfKKzIJsoq4zEZq4zWdR3bHimWtCgLmH91FYDKvEKlM0QThyhOP8BfLpgYGsb1/Fwe25c0UjknoRxP3OubJjmnKBQ1ExmPZNYjOdaHSvUSbTyMPdWD8M3jC1tgz2Hu7WK5YvdWo1B0RcBnULs5wvPBFAtLJaojgpXxx5QvPCO67Sj2ZDeGr4TK1TP1YoiB6vPE6psAhFy2HQASm8IIDb0DKdo3DOLLvaaq/Qhq5hamX2Mvxpnp/8DgtmtsrGtE6FWeUbDd1TxNSNSEiWaeYWbfo9wapj9ex8OmkK0l2f+JgcQVahsaCf4RviysrCoJAU7JwTd9n13Hb/PlwTlG+l8T2NqCPZ9mvu0ivnAMQztIn/y9ZWO56KIBpRxms3lGvqVRn57Q0NJBKLSDyaFR9IFLNDXvoX6zRXYhj+c4aA1ogVwuOtr1tEhl8tTFLO58TXH1Zjf7dzbgj7fQfOou/sgWPDSy3I+ssphK51ipCIL2tCxkJ8eLyok3bQmKcNAQN54mMdZGEkKsOfUQvw4DSbzS8sZn8iqX/jEl1VJ64uDZ3sqAFQrJgCmkNDFMgWmAYQgMucpb00KAdh2lVhbnM+nR5Hex3m80WCd+AqUYHPPwkaN5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC5SURBVDjLY/j//z8DJZhh1ADsBjjsspIC4gb77ZZX7TdbXLVda9Zgs8xEihQDGmZfm/7/0KOD/3ff3/V/6plJ/y3mGjYQbYD9NsurBx4e+D/10tT/nWc6/i+5sui/+RS9q0QbYLfB/OrWO1v+d5/p+t96qvn/3Auz/pt0aRNvgPVyk4appyf+X3xl4f/ZF2b+n3Co579+mSrxXrCcZyhlMV2/wbRP56pRq+ZV3SLlBq1EOanRlEgjAwAXIuIDq5qm/AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZNNSFRRFMd/b96Mb0ZHEbFPTfqQNKpFkVZYFO1MSFpEkBAYhBht2rnKHIogCNq0qIX2QdHOKFHJooIKlDIrykxLM0VzbMYZx9F57360GC0lpgOHc7j3/H8czrnX0FqzYKefVOuDm8rpDr1CaoVUct4VQglKcvfQdP8W7WeeGQsaN4tMOAKlk8VSSYRS8/Gv27ZYLMG1BGALtAZHSmwp2BgJc/T7V2zpIOT8XcJJDXBsgUU6lsuLIwV7JyfZLvysjEawTB8+7cex/w8IfBrqZY1VyAphsn5mGrW6jLLxMOu8RXS/68GxRSAl4O6x5vrnn54GJkZCHJgxYMNhZG4JJeEwE/1B2jpbA28uva9frDG01nC7zIfLLEJjApyPumpqsq2TWVtqkY4b60cz9/peP6xaldNAsgTEXJATL4aTgJulI+QU52kM0Bq0Qi7fTcKdj4pNYooprHg/xlwo2bR0IDaGKxo+ngRcXHMIoe+o/bV+WXgEFQ0iopOo6SAqPoW2E6AVRlo6JgL3hxa8gwMPyPBUGX8e0tm8QhQtamdlUaKgEhkeR8bDqHgEPRNFGxpLhPC/fSyJiXqaxi8sHWJgdAC/Z4frc3uze+ojWtnouRl0Io4Ss7g9bvy9T0PYunxB/M8WqBuKkZ3V4ZoeQgsHhANKgjMf09wxro12pFwjAKa3QmYXJ1OPwGtGcPmykcpC5iwroKF4a2pA4y4f2jgg/Wvxfmsj81HjQPrLthuZwU4scxqRtQ6kUZEaINU+mZHv87SeI62r6zpCb+PqSLVnbLg8o6d1VM/OgqOXAJb8RiJTeeaX8UF+2ado/Nn+5/zyUDt1RZu9fe+vICldLPkNkalgK6EwqgIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLY/j//z8DJRiFozbrLk/aqkc76/a8eDft2Ou/Ew69+lm/8/n7pMUPTsuXXlAgaAAIK/fe9Kg7/ubmsaff/h99/O2/48y7q+Tyz2vKZJ5hJGiAUucNRv0JNycuuvLho/WU24tytz67aNl5fZFM8mlhoryg0HAlcePNz7+06670y2aftaja8fy224SbW6SzL1lrNt+aY95776BJ593dJq13dpu13jqoWXptGUJz1WXVkp0vrs48/e6NTNoZM+n4kzpTDr5+7T/l9gHpzAvOyhU3J/vMe/w5e+OL/5lrXvzXKb2xTjz2QhncAKOWqzM3X//0Z97Jdx8mHHj1YsbB128P3Pz0P3bW3TNiXgfk9BturQ+Y9+ifU+/du4nLnvyXiD7fLBZ+lo0BGEAswACKXXLm3We/aXf2SoYejZQIPBws7ncwb+qeF29TZt+9LJlwNiNmydP/tm13LwNtdY+Y+/i/TNT5XnAYAANIL3vN40uTDrx6JRF0xBDmIlHPvepJM+5czJh174Hb5Pvv3SbceykWdd4aaGtQ5MyH/1UTLywDG9Cx8/n3aQdf/W/e+uxL8ozb20CCIu57jIN7bpxcdujN/+hJ9/4nLnnyXyzibC1YLuS0d/jU+/+1ky9swZoOkDHQuTHR8x//T1705H/MnIf/ffvu/Q+ffO9/ytyH/7XiLmwR9DoijFtz9Hkz6/qbl716736Tizo/XSTgZIGw34kc9ajz65JnPvivF3/+oIDbYQ2cBmhmX1qTMO/Rf7Hgk83C/ie4YOKCnkeCXSpvfNCLPn+A3+WgEoZGYCAZi4aeKXZvu/PBo+3OV6CtwUI+x1nBmj2OKAJtbXCrvPbVNufSYz6nA/EYBrh33v3k23f3v2/Pnf8+HXf+G6VdPAa0lRMkZ5Zy8aJXzY1/QPzfq/rGf/fyaz8ZKM3OABiskbcwY1E6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG/SURBVDjLjZK9T8JQFMVZTUyc3IyJg4mDi87+GyYu6qB/gcZdFxkkJM66qJMGSNRBxDzigJMRQ1jQ4EcQ+SgVKB+FtuL13EdJxNDq8Ev7Xu85797T51nwhqeAH5w6cAxWwDgReX7jwYfdaCIraroptB7NLlVQrOoiGEsL1G06GZyxuILicsMUH3VTlOqGKNUMUdTacj+j1Nng0NGAT2WxYosK1bbIVVoiW27J9V8G57WWKVSczMV5iK+Tudv1vVh5yXdlLQN+os4AFZss2Ob82CCgQmhYHSnmkzf2b6rIhTAaaT2aXZALIRdCLgRtkA1WfYG4iKcVYX52JIs7EYvFmJ8wGiEXQi6EXAhdyn2MxQaPcg68zIETTvzyLsPzWnwqixVbhFwI3RFykes+A9vkIBKX4jCoIxdCLrI4/0OcUXXK4/1dbbDBS088xGGCCzAJCsiF2lanT8xdKNhHXvRarLFBqmcwCrbAhL32+kP3lHguETKRsNlbqUFPeY2OoikW62DNM+jf2ibzQNN0g5ALC75AGiT59oIReQ+cDGyTB+TC4jaYGXiRXMTD3AFogVmnOjeDMRAC025duo7wH74BwZ8JlHrTPLcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABhSURBVCjPY/jPgB8y0FHBkb37/+/6v+X/+v8r/y/ei0XB3v+H4HDWfywKtgAl1oLhof8TsClYA5SAgEP/27EpWIxkQj02BbOQ3FCGTcGEdV3/W4B6K/+X/M9fNzAhSbYCAMiTH3pTNa+FAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLpVPJqiJBEHwf1f/UH+DydBTtLxBRUAS9eFH04MGTINIHUQQRt3I5eHBfW20XFBVzKgq75TGPNwxTEFSTXREZmVn1QUQf/4M/Av1+X+r1ekq321U7nY7GGNNarZbabDaVer0u/SjAyTIns/V6TefzmR6Ph8DpdKLFYkG1Wo1Vq1X5W4EXWb9er4SF/XA4kK7rdLlcRAyilUpFL5fL8heBl21mkHe7HW23W1ouV7Tf72mz2RBcGSKqqrJCoSCZArxexThgkEejMbndbrLb7S+xpQDWYDCgbDarmAK8WSqUYVXTNJrNZoJos9nJ6fzFd5uIow/oBwTT6bRqCrTbbQ3Ngl0c/Px0CDKIgMPhJKvVKsqAi9vtRolEQjMF+JiEAOzj0Gq1Mi0jKxxNp1MBw0U8Hn8LNBoNFR1HGSAhKzICFotFwOVy0WQyEZMZDocUi8XeJfD5Kvj5fD5FBq/XS4qikMfjMXfERqMR3e93KpVKFIlE3k3kc5WKxSJDD7AMuxAdj8eCiKxIgG9OZhzSl4uUz+flXC6nY+Y4eDwehZv5fC4uEzJDhBP1YDAof3uVM5mMnEqlGC9JNA49Qc2YO788xInM7/fLPz6mZDIpRaNRJRwOq6FQSAsEAhonqT6fT+Hf0l9f47/iN5+1McdPrPQwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxdO9SwJhHAdwIdpqrKmxNZqKuEUhSIyixCI0yjPv1PM1z8KDEonrOPF8OzcVhYoCh2gXp/wzcnmGgiDX1m+PQsZR9EJEw5fnWX6f5/e8mQCYfhPTnwHZbMapKPL9jwFNy47QYllVlWdZPsGXQKGQZwqF3CC5nMbQ4rt6vYabm2uk08fvAOLfHzcA+byGclmHrhdRKhVxcXGGZrOJ8/MzSMlDA0B8MZ7sBqYMgKZl0Oncot1uo9VqodFoQJZlCuoQ49EhQLgo98SHQDZYiaw4J4YA3Suuri6hqioURUEqlYIoinR+ikhEGACP664ucfGLj04PyPKWoStT/6BqtQp4nofb7YbD4YDNZoMg+Gl8r0CP2HcW6QhiWTMCR0cSqtUKJCmJWCwKu30dZrOZYjvw+71vW7BuCr3VTZB5q0hmLWND4OAgjkQiRotDg5bDYWGAeDxu2pXHeIhzS0EyY540dBDfDzOhYIAJBDjG59tjeJ7t9qFkUgTHse+vcXph9NOHRFcd4bysQvP8EfDtp0yhbZqH//tM380L5ZG0STFOrDMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJYSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZnPJdYnXVbbA436Le49Aa4Afp5u///ZGAJ+c3AIg5T4DXT0stjpuULj1nmD9xmW6x1nWu2z2W+6RenBcbxIHmga6XgBujl7vw/R1TDAabZscNommOn0UeHLsNFDj2GPDBxh37DDrtJ+u8x0oFu9vb/liU6khal2jPNS3UfAem3FmU6Gej+tqjX5rBo0rln1qI9GdWArG3/jTI0/Q0z1N3UAyxdgTQ4NQpreMjCFAqpOoHZRvnqUhpROhmmxRo8cAO0M7f8187Y/F8rYxMQb/yvlbYBiNf/1wTh1HX/NUA4ZS0Ur/mvkbwajOEGUIIBf5BxjDvwFIUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLjZJpSNNxHMb/VhTUi3pjVFoyj+wyPDG1sDUTE7ES1zCPuXRbZjZrSk63qVPzKNuc+ncmHmPOeU3nkYkEmnjhlVdaBPoiddGbMDEoj6clZEYlvnhe/fh8+P4eHgIAsVWE/kdY4wVWC7NqE0yXUZZLeebFvs7mu3+9bwnzvE1pMyrK6lzFYWxOYaSFbFuCYqaxfK7OEfOtbHzty8a81g1zmqOYKLD4vC0B6b8/Wz/SioVuEssjSiz2kJh93YL2FLuZbQn8vG9wJssfrH0ZrcXqVB2WJnTQd8ghCbmo/aeAQ7Vi5bMuLciDqSBDacsRDJtB+cPI73otHx8akqFvFKFLcRdn2adbnGLP7PtDwHSzpOWzPFZlgVRsTomUh9zCVGTmiZD4JBYNb8qR1i6Bjdi6zJZ/fO+GQMqw73oWcQ11SWGYrBBCzadDHkyDguuB0hEhotSuYJfaIX0gGjVvixGti4JLhBO5IchjWNS8b9f8VZgmngrpcBzClY5IbroJhuIE4nq5YJGhmCZ9/18YT30B91TnwFU6gFVsC2E9HdUDOYipuYrL0kMIkDIwX+TzW7DDIUeQJ4jaKCxS5QzdMAntUN46WDkgg+xlDJS9Wbit9oRT+p61riIf9jps5FYZ7scfWuz4CDyq1kJUokGY4b8/4adtPGS2RiKthYOkJhYkz7lQdKYgqOw8rBKJFYLiraDTec1LjVOrSJ0E2P1ASAcQWHQSVf0yqA0LVPZkoaQ7wyC5g4JOCThqL1BExCcTAWFLjKU6rgzW5oJfrwezFWDq1hCoWcP1AnNcyTEFTXoQbo8PIKTUFeSrJNxSecJMROgPC4hT6zuYyXGfr027jwBxHzhtAOuF4QIdENwIBDUDjIxpiPnpsE/dBaaSBrMEYtYAW28s8Z2K69Ii8Yt3ppfrHKMHQBWPGTIOqnAU7vFDsPCqmsmNCU+yFBt9O5awE8YCgrJ5vT8AXgaV02he+4MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALMSURBVDjLfZNLaJRnFIaf779PMuYPmSSjCUmYKBXREBLwEhUXIm2otlRBN1WsIoJLRcRdN0VEcKWgC1trV7pQBHGjokKrYBFNWsQk2gwpphNzGWcymcx//T4XIWpQ++4OHJ7zcnhfcenGk9NSiu9nA+n4ER9LLRxNAxyTiwe+6z4MYEgldm/b0NLgOI4QQuf/5EmIo5Brd1/+AMwBZn1p27Yjfrv/Bo8pSmKQTHqchFkkUpL8dIJnL12q1AoMUhzdmSGWQsxDjSACTdPRBATaGJn6cWxrhKJfIoojDNumvWUJ2eFqaq16pFzoygCQgKYJfDWBZb6hUCnixx5BFBGpMrZtU/YTpBIaCrXgMe8BQqAiiR+HeJFPJfQJZEQsARGiZEy79SeFmz/yVbLD7f/luBLe6F4DQKk5gEMDpXIOpZv4skwQxZh6gnIpydq6SXob8yTqd+NmuihklzNw68Kp9wBNkNSbGR17jevkqKrWsEXETL6KVGmGXWvqqXG7yf/zHEsELKpZTDLV6hrqQ4DZSFOii1dP71Gb/A8Rx2Rsm+2bV1PbvgU/dxmrSjDSN0DoBVNeZWb9OweDUweJpSSWki/8CXpa2hBmkabOLtylX+ONnkezIsxkG5qXVeG0t2X1kdtDhlIKAfTOBQsAvaNAYfg+y5qW4i77Fm/0HJoZEUxnmHzQx6Pq/eU9B3b0AWjiE3n1J4dIORaNK7cSjF1AtxT+dBuv/3iM3XuWopWJ53c1xxRFZEhneh2di3tY9O8r0pUioWwm9/cZJB7lfDOTjwao++Ycdk0KQxfvLhqWIa5cvTfcE8SqQylIZ391dx76mcHLRxn6/SF2aydePidHWg/Plh8UYkMvYGpcmgcIpRba/+ngqvDY/kMGWkzfneuMZF/MuA11G7880d//qYJ9BNi1qa7S3Z421qzIoEz/YWV8Yt+2k38Nf66hbwFu+Dui0xbh3gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLjZPdT1JhHMetvyO3/gfLKy+68bLV2qIAq7UyG6IrdRPL5hs2U5FR0MJIAqZlh7BVViI1kkyyiPkCyUtztQYTYbwJE8W+Pc8pjofK1dk+OxfP+X3O83srAVBCIc8eQhmh/B/sJezm4niCsvX19cTm5uZWPp/H3yDnUKvVKr6ELyinwWtra8hkMhzJZBLxeBwrKyusJBwOQ6PRcJJC8K4DJ/dXM04DOswNqNOLybsRo9N6LCy7kUgkEIlEWEE2mwX9iVar/Smhglqd8IREKwya3qhg809gPLgI/XsrOp/IcXVMhqnFSayurv6RElsT6ZCoov5u1fzUVwvcKRdefVuEKRCA3OFHv2MOxtlBdFuaMf/ZhWg0yt4kFAoVCZS3Hd1gkpOwRt9h0LOES3YvamzPcdF7A6rlPrSbpbhP0kmlUmw9YrHYtoDku2T6pEZ/2ICXEQ8kTz+g2TkNceAKKv2nIHachn6qBx1MI5t/Op1mRXzBd31AiRafBp1vZyEcceGCzQ6p24yjEzocGT6LUacS0iExcrkcK6Fsp6AXLRnmFOjyPMIZixPHmAAOGxZQec2OQyo7zpm6cNN6GZ2kK1RAofPAr8GA4oUMrdNNkIw/wPFhDwSjX3Dwlg0CQy96HreiTlcFZsaAjY0NNvh3QUXtHeHcoKMNA7NjqLd8xHmzDzXDRvRO1KHtngTyhzL4SHeooAAnKMxBtUYQbGWa0Dc+AsWzSVy3qkjeItLCFsz4XoNMaRFFAm4SyTXbmQa2YHQSGacR/pAXO+zGFif4JdlHCpShBzstEz+YfJtmt5cnKKWS/1jnAnT1S38AGTynUFUTzJcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJXSURBVDjLlZDhS1NhFIeF/oJBEK5ISiIJsaxkTAQTR8wSacY0xdlmbZqkTZ3cmmKprU3naltOd2u5UtFSAiuSaAUVGEKDvphtXuVu79xttfB7Ef16FwRhG+mH8+H9Hc7zPuekAUj7u9omQ2ieIGj0hqB1B76s76+vf4KmCeFh3wzBxekYVGykYdMALbsEtZsfrR+NQ+mK5m8KUOchUNk/vqlk41srB6MosxLDhgHqkdhAw/AilKb3/YrO+cKqQQK5OTS2IYDKE9uvcQZQ3u0vSrz1r7T3au/3obh3Zf6/gGp3dEjpJFCYPuC4Tdimf33Wa39ngfVtLxS3ulHuKdkid1RFi52EOWInvgIb8eVbyZTUHNYlPWLj89M2y9wVzC7PoPNZO446rn8/NrQKzVgMBVaCmhEBFx58RgW7igM9vC6pVvWkot842wL73CyUtwVox2OQ9hFLopd3lbdovAJOuaPY17HCpNytxFH0rfXxC9TejUHS8/JnnokXJfKcLp7VUIsyZxh7GE6XajhaaJJCYszFQeNl5Fxy/aC6vuwuHiecEVx7EkcWs4yMVk6U0kBiDouorq+Cqp50/db172W4qTN3BDTRlXbqg/6kR/xTuT28v4oVoBxeRVYHxySyXQaOKR0Io8QaxvbzASYlgOrKZDYCy9OvyDYuI9PAiajubvrrSsu4gMM0E9cHZCkBVFdXeiOM3kdxlDkiyGxbQpZhCXJLCPrRT6i5GcGhdg7iukVZUgC9rojqshn6IHY0BxO6fvG5AEN/ZcTaxTU6uJZet8CmqxdEvwDWpa/ASC8BSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKbSURBVBgZBcFNiFVlGADg5/vOuffOdcb5cbKcjUn5V7poFJEiKMKybDYFgdSmKAiiokW1aNHSXWQQuGwR2KJFq2hTkFqUEbZRMzQIJS1nbPxjnHvvOd/b86SI8OSHx1/uT/ZeyslujCGBhEhE0ZTy5/Vr8V26ufzeiSMLQ4AUEQ4c+vHE52/tfiDnNB1UAoAICIu3R47+et0/FwcrZ0+fW/fDkYUB1JCrtK1bV9NnrqpySiSi0EbRNOHOqPX4lrX2bq2dLItromxffuzNr2eOffrsIENKaSIiqm6VdTJ1ospUiZTIEoq5ya6FPXM2be7168nxz6De+c7vhx+a39h/48tF8zN9nYqfrtyx956+4aj49swVMxPTtsyuc+9EpdepbXp41rGf/3oBL+ZmEKfunqiNBfv3TDl+acXqMDyxa8rlxaEUvH5gvQvXkpMXG9+fX9HrVFKdG8iKX26sFM/vGFen7PbSsq29WpWT01eW7Ns2Z02v0utWxrqVsW5HyKQM6mht7lX8duGOj7+5ZPv96y3913r/i8sU9j86Y9QGKUttEjkURAB1jMq4YClluWV6NUlTterSooN7N8opqasgEkFI2kJbgBxDvWiTs+evOvTKg/qdZDgqbq0Uj+yaBEmSIqlzUuVkrJO0TYC6jGKuSnSa0O9mf1weuNHe9PTWDUqEErSFQAki0amyZtiAOrVp6tz5qw6/ep8miqlOdnG59cy+WSWAKlOhkxMoEUaDAvKFr3Z+MBhdX51eW4PXDm7wyds7AAAAQJQwWm1AhmZQSlNKAAAAAADUdS5NWxqoYbTa/jvere6SRuMRkQUFMNWvQQT9TpaS0qnSrbYpf0MNKcVHT717/LmU0nyINQCCQAggwGop5VSdHYX/AYn4JwmEykruAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDDkFmyVWv14kh1PBeoll31f/n/ytUw6rgtUSi76s+L/x/8z/Vd8KFbEomPt16f/1/1f+X/S/7X/qeSwK+v63/K/6X/g/83/S/5hvQywkAdMGCdCoabZeAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLjZNfa9NQGIdnP4cDv8Nkn8PL6UfwSgQZOoSBYkUvZLN1lMFArQyHrsIuWkE3ug2t1K3O0LXrZotdlzZp0qZp/qc9P8852qyyigs8F8nJ7znveZN3DMAYg14XKROUyf9wiRIKckOCCcdxNN/3+71eD6Og64hEInPDkmHBJAsbhgHTNAM6nQ7a7TYkSeKSer2OaDQaSAbhC7efJGY28gZWPrUQTyt4l2lCKLfR7XahaRpkWeYCy7LANonFYr8lqzt26PUXIxzf7pCfioeS5EI2fVQkG+GVH0hlRVqFjmazeeZIvCc0PBXf1ohu96GZBEnBQMMmcAjgeH3cWRKQyTf4URRF4ZWIongqoOFURXZpUEOt1YNm+BzDI6AeFKo6IqsF3g9d13k/VFU9FSytK9V8zUJiR0WbBh+/2cVich+trodvNQeFEwvTsa/8C7Dzs54wUSBYeN+ofq+ageDZmoBX64dQdRcbByaEqoGbTzPwPA+u63IJIxDMrR2nDkUTR6oPxSJ8ZxYuNlxsHtnYLal48DIH+om5gMGqCQSP3lam7i+XSMfp40AFsjWCrbKHdMlGpeng2uxHpHM1XgGDhf8S3Fsuhe4+3w9PL+6RvbKGguhAODaRLSq4OvsBL5JFvutAMCAQDH6kK9fnZyKJAm4tZHFj/jMexnPYzJ3w0kdxRsBu6EPyrzkYQT8Q/JFcpqWabOE8Yfpul0/vkGCcSc4xzgPY6I//AmC87eKq4rrzAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALGSURBVDjLpZNdSNNRGMZ330V2GXXVRXVTICRd2IVIIFGSoJDWRUssRREJiswP1La16aab3x8tyoWl+T11tqmYmJbZh61pfvWFKZmoqZmp236dv1MxKrrowMP5n/95n+d5z3veIwNk/4PND1dz8z5nY2P0al1d0nJVVdhSebnXxt5cYeGO2ezsmGmtduyLUtnxOTn5+C8CLosl1tnQMONsseJsa2WlvpbF0lLHgtHoPVdQsHfWYLB/M91mtbuTH1YL0+lqxuLi7nyIitomkQOd5jrcQwMwMgQDDhgdZqW9jbn8/I8zen3/ktjHYYdHD0GISDEz+kzeyuVK2arZbHU/fwovn0FTI5jNUFMj1r24ertxdgpSbw/cugU3b0JREZSZcD59zHBo6Lhsubr6k3tkEKzNUCecagW5shLu3vUIPmgCo1GgBAoKBPIg24DrSRdvgoIWZKJYX9yD/VAvyBUVUH4PTCaPY8k6KU+QcnIEUQ8ZGaBR4+psp//YsTnZosk06nK8gmrhWnrbk+YGMTcXDAbQ6SA9HVQquJYG1xW4ujqw+/svyBZu3Cherr4PPV2e9La6abXCUQNKJaSmQnISXL4kjljGpEpBn69vsexrXt6emays90uSiFClpNDjJEFxTRBT1ohWVSSXc09zIesk51RH0YYd+v7Cx2fXWh9MqdUHJ1NTe+ezM3FJV1UjCphwFRITIP4KDSlnSas8R6Mjn74JG/qWaE7pD3A4ZqdusxMn4uO3j128qPgYHT0/byyGZnGdyUIkLpZwTQD1rw3UD4ijiaFrPY++NVISWPqtt9+Fhx8aOXPm8VSSILfboNXCiURvLA4jW4fZni8J/PmBDIWEeA0EBuY6AgLc4xFyjsTsdmpt4aht8jWy2ir/ewZbYffzCxaVjhOBymDdfjJtEWvO0iytf6nBvyCCNQLzUtrrs0b6/xNhTevE6BlD4wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEUSURBVCjPXdFNSsMAEIbh0Su4teAdIgEvJB5C14K4UexCEFQEKfivtKIIIlYQdKPiDUTRKtb0x6ZJ+volraEJ3+zmycwkMczGzTE3lwkbxeLE5XTqQfTIjhIm6bCy9E/icoOoyR4v7PLDN+8ibxQHxGzE3JBfHrgUalDnQ6BNk1WRFPjs66kDNTxqg0Uh5qYg4IkrjrS9pTWfmvKaBaGaNU4EY+Lpkq88eKZKmTAhbd3i5UFZg0+TzV1d1FZy4FCpJCAQ8DUnA86ZpciiXjbQhK7aObDOGnNsUkra/WRAiQXdvSwWpBkGvQpnbHHMRvqRlCgBqkm/dd2745YbtofafsOcPiiMTc1fzNzHma4O/XLHCtgfTLBbxm6KrMIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKzSURBVBgZBcFfqN5zHADg5/P9/d53/87OmdnU2jIttiGJEZO1SSh2YcWFXHCBEpIibsiVO3GhlhIXascF7maoiY200iSbIYZxmv3/55yd877v7/vxPJGZ7nplz6MLxuc9XMIGzEeAQAZZjWr9/eyp3B3nz7ywd/vWAUBkpntf+2bv+89suLqUWJI0EoBMSCf+G9rx3Vn/Hpmb+enAz0u/3r51DlooTazrt82Sg8c1JYIgK11Wo1G6OOxsuWqxW9a29tUTC7OuP7P56Z2XfPXWfXMFImIsM5t+U/QKbdAUmiCCIlCtGO/bevMKV1w5b0E7vug9KJAEFJSgRCgRSoQSoTTh6OmLVo8NXbM0PL7xUk2veRBagEzahhAyQu2SEtqGfha/nUqDOlLrwKY180RbRtBCJok2ipQSUUIgK9kUetXS39421h12sW4hVoECiYoISoQSoUSIDL0m9EoYO/KB1Uv/tmbzI5z+zFo/FChQR2RSkchMpFIoEeb/87FV7Zcm1t1k+q9degtWemr1F/1dz655qIVaU2aSpAQggd65703cep9u5qD5y1aZ7f6xesu1yszx7S10lS7JSgWQoCbD/krDM38qzUlRpvXHTzI747+jc00LdZRqple/HwipBplh5ewhD3rHxKKhOppV6lnKYjkc+HHysF9/OfVEC6NRp+tYMd5z42VFTZYd2+ny6Q+t3bhRDj4X3QUHPh0YTs9Z0g9vTj0wnJx8abKF0Vyto1pz0Ilvpzo10mPnPrF+0x0GJ7dr2wk/ftn5qPeks9ff443bSz343Ldz0MJwtju2qN8se/G6waLMLJL2h0Y0U5p5yx36YkZv3ZNevu1+Eer8frnQjeoUtBCRr9/9/J5tEXFDyoWwbXm/vfuPfc350yPvHr5zdGj/4s7kbpitte5vix3wP04jPQSDxpk/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALjSURBVDjLfZNfSN11FMA/3/v7ea/36prXWWirTZdlKtiC6CGi4BLVCqJB2/BFNmKMfInVQw8RK4lVD/VoEL2UWL0Za8HQJHNL5ya17lZz4aItXb957/V6r9v13t/3z+nBNBm0A4dzXs7n/FciAsCz747LgRdambyyiDOCtQ5rHc46jHE8ft8W+gd/Yrr/JcUG8dccZy3OCUb/G2hWrTWraoxgjeVWiaw569m0xYSW9qrT9NxxFB1atLarwNsBnLHcLGnu3hRDh5ZU4mseqb9Mo8xw7+Y4N0oVrL1tBbbv7PnrNMR8OpNFdkTTROpTPFU7yl01UaZ+nsMZ2/e/gPEPdh258Humbyod8Gjie/ymPUTqHqMzMsKZc1c4fynouzi4/8itABWe2hYX8drEiecE3vqx59ChrhMHt3UdhEiU8OpXDJz0vtnXkX5HJIJzgtWlTNOehasAqjLWOCeJ9q0iICKIEyLJJyCxHdF5RBfQuTS2tICgcFoTLv9JuJjtaXlFBnyTC3pdEAx6Hb21/tZuJAxwYR6ns2BLoBxVd+4k6m/CGU1h+gvy09ljxBgCUCJCYUC1Osvx6IO727x7XkTC64i5ibgSYldAeQTfTRP88AuVpbJYT+aA/qeHzftq7RLzX6paB5/HH3pjt4rV40wesSVwZTKT8yxfyvJAai+xlk5W0sP8dnLE5mcuHl7fQrJbbqh4zYguzCIKEIdCgVj+Gp3k/tReqi+PoT7rJvHHEM3bt3ii5LC/cSVC9fNVyZ0o5eOMQS9dI9rQjM4WqW5sgede++8H3m7Cc6p5HZAbaog7IeXVdVA48yG5iYlZFKdq2lr3e3UJSue+peZYL5WVgBKwXPSwHtc2XKJ5UtXuiGeOv05mbOITo3m4/T05sDQzu6u6nuVfT4/zdzlO0asiv6iYnVdWoH99iPOfqpfLC7xZztLb+ZGc2Nja1KtqcyWTHC3nil2eUb71ZF7g42eGzdF/AONCmjwFNk4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALWSURBVBgZBcHLi1V1AADg73fuuXMd5947jzuO+WgSylIhdROEJNFIkBptclmEuza1yPBfyHWLKBcJLdq0KFBMEotKxCBSNDVJ0xzHxzyqM/ec+z739H3hwKH95xozjblSqQQAAgCAIAACBvnQ8uLy93FjpjH3+ccnhCgYDPsACIJCIYBWP0VQFJFiWCjkPjx6ZC4ulUpyA6H/pezsJZPnWpaOzhqrVd28ecGN7LgHS4lare7xSqIUl61mHe8cKJTjkgggSVYk20espqnWmevS9KE0TYXuJd12U7vV1Gun2u3UoJMJYYggDoDx8XUUfWvfn+Kj31TenDazYaPR/m3twVa1iZqRUiQuj0hbHSF0EURAkCSJNG36bya3OjnQ/uoW+VDR+lm/m2o1M/1uS7eT6XVbQihADDA+PkPRNzFel7y7w+SnKwYvb1CZ7prtrShXn7S2UlIeKWu2elglEBFAp9OVpS3JaqI5lvv3WTpf/KXIO6LeaZ12qtfNdLLUsJcJIIgDYHR0QrWeGa/XQfmtLUY/OC/On7KxcU1ntG1T9YrKyJJe+65S9LaAOACaSSZNu8j8uvDIvX5k/TO5507ctHAw83j+M1fvzUvbbb120ws7KgJiIQioTzxhddB1udVyt1c2NTnl0b5g3+mBk38OtWvL5vbutXlqqx+ufeOn37+WDesiKIrCL/N3nLp13f1/VnQ6HWmaSbtdF7cVbjx6YPe2XfIot2vDq/LQ9+LzeywP74oCWoPMUt5XGakaGx23pjKmuqZqy3xi8/0FS9mKcqh6Y/t74Mi+456e2akwFBGEEKmpq4aaSj5qbahaf2PRxoW2O3t2Sporrj244NjZw+DYd4fdXrwiEokHg1ye5zZN7bapQQBB2IpXmA7B/seJi1dO2bPzJSevfmIkxM5f/tGUWeH1Qwe/XTcz/VqpHCMIgAAAeDj8w/Lwb0MDkVjDrGhx8sz/ABdNCpr3mlcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHaSURBVDjLlZO7a1NRHMfzfzhIKQ5OHR1ddRRBLA6lg4iTd5PSas37YR56Y2JiHgg21uoFxSatCVFjbl5iNBBiMmUJgWwZhCB4pR9/V4QKfSQdDufF5/v7nu85xwJYprV0Oq0kk8luIpEw4vG48f/eVDiVSikCTobDIePxmGg0yokEBO4OBgNGoxH5fJ5wOHwygVgsZpjVW60WqqqWzbVgMIjf78fn8xlTBcTy736/T7VaJRQKfQoEArqmafR6Pdxu9/ECkUjkglje63Q6NBoNisUihUKBcrlMpVLB6XR2D4df3VQnmRstsWzU63WazSZmX6vV0HWdUqmEw+GY2Gw25SC8dV1l1wrZNX5s3qLdbpPL5fB6vXumZalq2O32rtVqVQ6GuGnCd+HbFnx9AZrC+MkSHo/np8vlmj/M7f4ks6yysyawgB8fwPv70HgKG8v8cp/7fFRO/+AllewqNJ/DhyBsi9A7J1QTkF4E69mXRws8u6ayvSJwRqoG4K2Md+ygxyF5FdbPaMfdlIXUZfiyAUWx/OY25O4JHBP4CtyZ16a9EwuRi1CXs+5K1ew6lB9DXERX517P8tEsPDzfNIP6C5YeQewSrJyeCd4P0bnwXYISy3MCn5oZNtsf3pH46e7XBJcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGSSURBVDjLlZO7S8NQGMVb/weRgoI4iIuCVuoiuBfBwUFwaosPqJODk5OLBVutSlMsuDg4OVWkYO3o4Cha/BNS+qLP9K3HnEtT07f94HATcs8v33eSawBgUGtSlVmVZYimVY3Ro8nQBJgrlUq2Xq9/NxoN9JL6HD6f76oTogEsNBeLRSiK0lIul0Mmk0E8HheQWCwGSZLaICwjAdxQLpdRrVbFShUKBWSzWSQSCQEolUrgSwKBgIB0AWjWRAAN+XweyWSya6RmJsY2gDpGawOvObc2SiqVEp3Istwf0Ck9hJ0wj3Q6/X+AHsJxmAlBIwGoWq0mciGEGhnALkJvDzgK2LB3sQH7mRWrjtmbgQCaNAVf73HyYMdTVMK7HIb3xYkt7zxWDkyeoQC273BbEfy8RPDrGixPZBfeyD4B5aFfgVo/XkQoegt9PX5IBEAP+OmXwdrhDNxhB1xhmzC7nm1/HTR/x2U1ZUXd3PMw+YOn2PTM4Ty8I97MlfcigyZgipBBR3lhe/zO4jQpbJvrkn3CT+8vh7avwsYhJlIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLxVNLTxNRFP7udDp9TCEtFSzloUBwY4FUF0ZjVDYsTDSw0/gjXBii/gk2GjZudO1G4wONK40CGkQSRKTybqGAfVHa6dy5M/d6WwMhccnCk3yLk3u+L9+55xwihMBRQsERQz2crK+vX3Txyn1SyfXDMnyE24AjwR0Q4qLQw1M82H4vGo1+3OeQ/RZSqdQTV2XnhkKzmqaoYJaJQj4P27LgcQGNdTocRmFzyWiJv2zqil0/EJDkt67C0oAGhtTmJpLpHEwSAPNEwBwCy+bQ7W1EsYlYWxiKdMSjvbPhniu96tra2ohmbAxovILZxCq0E5dh6M1g0jllAqYEZRw7lhRp1ZDdewW9tILAykRPingfk9Ti7BbJJ47viiC645cwNm2gYPAaefhWH4TgGB79JoU4vG6Cu0MNyMx/Bv8+hkzJtlWWW27yRfrQ0dhS+4sq0aAOqHQgOK8JGJbMKZf9/h1asPssyv56sBejqupuinEtEHI5jgNFURCuA5JZB6a0fPvBF1BLClbsmoPT7X5wKVqrbWhFqDMmFFHcKLLiNmzbBmMM7WEFAY2jbDCUJbFsMpQkjgUI4ifVWk21lqaXoBQ2mMJ94adi6wes5AxoMYOw7uBcl4JTEQFVULhhId5GcO2MJtuUEykXQRc+gb1/hLTl/VobY2JmctyfnTvvUwlEqCMPvdGEHrKgevj+wlTrxO8VL1+ebLaSc1gwA2kj9bPlYJGmPrx7bm0lrkbIrhrwewFPPbjbj+pzdSPtUh7YXsRqpiT2gp1T9NfEhcGR1zY5fEzjo3c8ud3SIKV0SJrp1wgCLjiS7/CKaU5LPCOcj918+Gb+n1X+b9f4B22tbKhgZZpBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJQSURBVDjLjZNvSBNxGMeX9O+FOAkaLbehozdGRGiMQqTIlEqJMIig3oxl0YxcgYt6FUZRryLYwpFWCr2wXgjBIMJMYhFjgZSiEXOg5c5N593udne7u+2+3V3tT22SBx/uxe/5fu7uuefRAdCpKJdJoVHB9h9qFSryuSJBYzqdpiRJymYyGZRDOYfH43lULCkW2NRwKpUCy7J5kskkSJJELBbTJARBwOv15iW58AZVoBbwPA9BELS7CsMwoCgK8XhcE3AcB/UhPp/vtyQnGBi03pYXjyAbPQuRD2sSbmUFVN9NLJ5ux9DryZJP0nqiChzjl48Oh9oYRPTAXBVksgnS0hRWu7uxXG/EfL0ZZ9yjGHgb1t4kGo0WBO6AvcUVsFP9oTZZjlQCP7ZA/r4JpHM3lup2Im6pRsRai2PX/GjoDWEk8BWJRKIg6P147mfP+CW63d16RUyOQP5SA6rLAsKyA0TNNizvM4D9/A4Tk2Ec7nuPE0+vgqbpgqBnzLl6vv8N3+x4eEsS0mAvHAJhMoAw6kHUVUF4rkeWHAKXZtA15kDL6C6tkXmBffiZs/P+NE7dC4pBhwsJY6USVjBtBO/bCswrbfq2GS+Ce9DwyooHoRvaPPzVxI67IVfHnQA+2JqQMFQgur0anP8J5IVmYEopmdbh5YQO1wMu0BxdKlB/44GLg48/HT8J8uBesH6/ViDxC5DnWiHPWjAz0wleYCGKokaJIDdI/6JMZ1nWEshr7UEZsnnBH8l+ZfpY9WA9YaWW0ba3SGBWJetY5xzq6pt/AY6/mKmzshF5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFiSURBVBgZpcEhbpRRGIXh99x7IU0asGBJWEIdCLaAqcFiCArFCkjA0KRJF0EF26kkFbVVdEj6/985zJ0wBjfp8ygJD6G3n358fP3m5NvtJscJYBObchEHx6QKJ6SKsnn6eLm7urr5/PP76cU4eXVy/ujouD074hDHd5s6By7GZknb3P7mUH+WNLZGKnx595JDvf96zTQSM92vRYA4lMEEO5RNraHWUDH3FV48f0K5mAYJk5pQQpqIgixaE1JDKtRDd2OsYfJaTKNcTA2IBIIesMAOPdDUGYJSqGYml5lGHHYkSGhAJBBIkAoWREAT3Z3JLqZhF3uS2EloQCQ8xLBxoAEWO7aZxros7EgISIIkwlZCY6s1OlAJTWFal5VppMzUgbAlQcIkiT0DXSI2U2ymYZs9AWJL4n+df3pncsI0bn5dX344W05dhctUFbapZcE2ToiLVHBMbGymS7aUhIdoPNBf7Jjw/gQ77u4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACoSURBVCjPY/jPAIMMCgxmYKiAEAOKwhmMDGZ//v/5/+M/qhI0BW/+gxQBlTDiUPDl/3v8Cn7//4VfwR/cVkB8kfI27S0WR+7rm/ui70X7i9YX88O7whtflANh7ouUPqgCBsbZLyBGAq1hRLBiX4BZiODBxgIpgAWPOYM/BgukGCl4En9jsswYkIIHKIzBgiiABg9QGINlxoAUPEBhDJYZwhdmDDZYWAoAtTEEdnXdy7IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLTdJNaFxVGMbx/znnzkwm05lJ0xlm7FeIbW3UxDotVoOEFkTMotKFK+mmOxfdRMWFggutOxGquHOnBFw4CIq0WEEsihJNBEWKUmuTYMjXJPM9c8+957wubNM88G5/8Dy8SkQAuFhdPg1ceXBoYLIbebqRJ/KeXuwbQAvYBBywDdSAT4CvA+7Gx/GTJ8p7Jl89U2R3Otbnu9bnt/vuoI2gFTrubLa5+nfnWWBmN1DKJRUAy3VHQikCBSaAVEJzOKUxWpMwUDmYZn8+M/zR3Mp7+h7goiiXCSD20LKKRgT1EBr9/6/Wg/W2A+D12SUmRzOMFxLFYBcwnE1qOiF0+g6tFQFgDGgDBoVR4AHlmvx0e5uFpcbKfcDaUj5taPRiuqGgtWA0aKcwGgyCMYAY1poh71+/1QQu7lSIrR0p5RI0+kIMWAHrFNaBavxCZukdbNjCC7iEI7Z2tHrpiev3N7DhSDmfomMFpcEohQaM75GrVSmWJkhvfIkIxGGIs6ED0ADTl6+lcXEyldBYBxoBPIInvX2V4VKF3AMVzNo3dGp/0u5049ja5g4Qh7aYUqDvjoSAApLhCgOrX5EtDOGaX1B+9EXWfptFbH/92pvTsgM4Gw4GeAINRitQGgRSq1VKx89Df4G5j2fZM9Sjt/wjj6d+796rrqdmZguxtZdPjx1mtSncWXNstRyu9ivDqk52bxcf/gPice2fGT37Cs9kvy/PfTCZBTAHTp57Xpx7rWejxK0NxeJqndv/1ji28SFHTkxh/AISb7H/kQLiuyQHU6STx5P1xfn+oadf+i5wUXTy/NnH0m9ceGrn/zf++Jze1gSD2U1cuwbKMF+9yakXHsb3/6L40HMs3ogu3Xh7/DNTnpg+ujefOVdrRSytd1hv9mn/8BajZ15GBwaVOIQeGONAZQo9MIZKHiHIHCOZPZrZvPltSVUuXCkAM8AIsA/Y9+74p6eMRFq8KPGCeA/iwYN3sWhxVnnnRWT+P1A8aPl/RBTPAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMtSURBVDjLVZNLa1xlAIafc5szk8xkMkkm5MKY2EpT2qa2MTVCmoLS2gq6EKooimAW7iQb/0I2bgTRIog0oFW7KQpCS7VqrSmmJGlSQtswqWlLLmbGmcmcZM6cy/edz00r6bt8eXh4N6+mlGJnxiZHR4APgSNAFjCBKjClInXm05Gzl3by2mPB2OSoCUwAp1/LHbcziSyO24gbgJAegg2urF8UUsifhZBvfvXK99v/C8YmRy3gt8G2/cMv517E8Wx8ApYcjZiyKbkRSgQkcFn3rzG9Nn1LhOLYt2/8UNUfLZkYaN0zfLRrkLIMCHUNIXTqIoZLjLJvU/ASrFQtnko+z2BH38HAD78DMConHh4FPn5nz6vGgqyxTp16JNj2kpR9C8eD/OoW1VoNO1NCS+d5oW0vV27f2PX11MS8MTR6+JOTXUMHNCPBui5AtdMpk8xsGNQ9ndur20TxCnbPIn5TnmJUwaxIDrTm9Jn7d1tM4EiuqZs5d41iXGefsZsIwYNCgOfVSXconJbLLEWb4CuahU2+6HO8d4DQF/0m0NpgNvLAXaPgu6QadrEZpKhUItJZj/aMS1EewvHnsdUWW/+WKG82kEykCAPRbCqlNE1B4DsocpiW5OJfIVoiyfqSQFdNdGXrpLZGcFZDPKYJg2VQCiGEZkoRlZ3A6W41mknFn2WlaOKFFrG4Tbw9wb2/S3g3miHySLdbNDd2kzYKVGpVpIiqugjF7P3yQ55pyLFWmCSyVokZPqHnEoYmsWQGuyWOGdexNIkRFOnqbGN5bRngjh4G4rMLd6+KnmQW012lWrpOJuNjCh9LU9i6gRkEZHIrpNv/QK8vcijXz5lfLijgS+PmuYV75+fPDXr1Wt9znfsouy5x+2miuoltW1iawBJV0o0/wT8lBvbv5WZ+gaWNlasz43MfmQChH777e37uT78eHDx5+BiLBROjqhDaFmGkQ1KS6+mlr7+XX2evc+nWVB54+4kznfr8pZQIxXkRyhPvDb9vIjtQqgFN12hLO2yUZ/ni8o8SuAa8NTM+t/GE4HGGx4del0J+IGXUH8ko86iuAneAszPjc9/s5P8DuO6ZcsXuRqAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLjdNNSJRBHMfx7zzP7uKTGtLqSoeCCEKigiBQI0qkpEuHTp4svXjyYp2COhedDTok9g577aAlhtUhPBi+RLVlaBhr69uumuvus8/M/DusbikdnNvAzPDhP7+fEhHGx8cv/h66N6CXk+j5GVr6EvXsbi2osbGxE8aY9zbIl7sYFu93cr73065uh0Kh+lA8Hk80NjZ2lX3u76uIAgJBEGw7aK1FRLbtPc8DYIdAs9DTSdODCbqfTxMWIZfP4UU8rBEwYA1YbdGBsDa9vlISRCb7+ypjAhaUUoSAu211hFznv/z0aoGuG6OEWltb64wxPbamDVdpVl+/QSkFRgi7DjcffmU1bzga85iay1EZdqmqcJmY3gDAicfjiWQy2bU49JiNsWeICEopxAoC5H0hIooDtR6ZrKWmKkTeN0hhc5B/BVdwlSYzVBTI5hzLgKwvjEysEBQsc/M+6Yyh4Vg5796u/yN49Yjsh6cggohgChaAwBd+bRiW0gFVSjE1Z3CU0HK6dqfgKi6azOAwABIICGRzFscXLpyJMpFYY81Yzp7aS7Qqsn0G8/0PWR99gjUUBQE4LpiC5VA0zKWm/QhQKZrmhhiuo3YK2nHQLA8Mo5QiyFuW0j53uutAIJfXXG8/XPrGxbRffGArB87Ii76KmAWzmbbAcu32R3LrObwyD2tBrEUExArWKtS2JBby5Q6aH7c6uDz4HWstxhi01vi+TyqVorq6mlgsVlIopYpd0FofP/nl5fSefR4iMDMzg9YarXWpB47jkEqlmJ2dxXEcCoViENRWSTqORM8drIg0J7PBz95vy5O7rfMfwdWGR/X6rdQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEPSURBVDjLxZM7TsNQFERPrIielg5FFNkVy6FhN6wiG4hC5AoJVkAR+84MhWM75FNRcKWRXnPP3N9bJOEv0fDHWAK8vn1NZSghAgUsIwcpWFAlXp4fFxcAgIf7O5LgQBxskI0NPkLaz7pegRLsIdnOiUDyAHDoe90AiDnhzHVMtkJVbgDKlK67WkEG23QV9vt9bGOb9Xq9WAJUeXY7c53eBvVitXoiCdvtdq6gaoBccx3bsUMJJNE0DbZnQNcLaXnV1TpCEuR5iJJmQF/m/eObOvY/DNXT/pUQmwDj5Y4VkORCbdtGUrqum3Q4HCZVVTabTZLMh3QakkhC09y+9F8tnIdtdrsd47puCWDx77/xB7F6hU6PdBGYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLlZLNS5RRFMafe9/3vjPOjI1jaKKEVH40tGgRBWEibfoPQoKkVdtoEQQF4T/QqkVtWrSTFrVsF1FgJbWpIAh1k2PNh+PrfL4f95zTQk0HHKkDD/cc7vP8uHCuEhF0q/KnmXNgGR248PZFN4/GISXMC8L89DBPV0Dp4/SsazJjrtfb9/vdxfn/BgjzY5M8Aq8nBya+V3h93vtnQHFxat4kszntJAAAxus1YvnZQV5V/jyTEZarwnwFLGeFZdT0ZFOJdD84qoCDOpQ7grZfRNj020JSEOKvwvxGiF+q0tL0N5PuO+Mk0nC0B0BDsYCCImyzAIktBBloMwKJLSgKYcMAcdhC2KpVlIig+H5qxcv0n0xmj4Gbq+BwC2wtJLbgHUlMEFJwUpMIGpto16u+kJzSACAk+WCzvNbe+AVljkOYIcQQou3TbvdOJo+g4aNdqzaF+PT43HJVA8DQpcVIiPPtaqlEUQzlDELsTpgYwgTAQIjQqlUCtpQfn1spdmxh+PJSQyw9CrbKgM7tvcISQAxlBhC3GuCYXk3cWP25m3M7dk88qbWBRDVApaATOSjPBdXXwYEP5QyCgvjE/kwHgInHtHYBnYA2owhrPiiuw0sOw3EZFEagIB7qChDiYaUcNIoFtP1KxCTPhWiDw7WbXk9vKpnOgsI4exjg6Mbq96YQPxm79uPOvqvbXx4O3KrF6w8osv2df17kr5YXJq7vnw/S0v3k7Ie7xtud/wAaRnP+Cw8iKQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHOSURBVDjLpZOxa1RBEIe/d/e8FKeFEA2IGBWCICZYBSESBCFglUDSCJZaRBBbK1HQ0s4/QQlCgoKdoBA9sVBshCBETCNRiUUg5PDt7MxY7HuXdxgEycKwyzJ88/vN7Gbuzl5WDvDozeZtd66p21EzQw2iGaqGmhPVaqFodNTs/f0rI+M5gLnfmB0/MPg/le88+TLWU6BmgwDtpevgDhrBFETSORQgAQoBEbZvvUJEB2qAqg8ORw6BxRQeS0gBUkAMsPIdAIm60wNVKwEZrG+AW1JilpRotQNDQwCEOiCWgIXhe1w+f/if3hffrXMhxH4Fooa5kzdT0rNPi3TWlrl6bp7PP1d4ufqCiyNTzIzOUYiz1RWCJECjsuBA3swAmBmdoxu6APza3uDB9EM6a8sAFFEJYsRoOwBRww3yxt+Su6FLq9nqAQuxst11QDTcnX2lhc7XVO3jtw8cOzjMzafzTJ26RJUL0B7Ia020dNlsJAsTJyaZODlZziVj+swsWZb1AarJJUCMeCnn8esfaWruiIKoEtQIkry3mlUx+qfg7owd389prd6+9/7CbsvMrfaQ/O3dhdWzQa0tUZGoaDREjahxV8Dm1u/nANlev/MfAjw0JrMu09AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEXSURBVDjLY/j//z8DJZhhmBpg2POQn2wDDDof8HvOe3osYtXzDzCxuM2vP3gvfn4MJIfXAP22e0Ies58eK9r2+r//3Kf3YOIhq17eK9v95j9ITrv2jhBWA/Ra7kVEr375vXDrq/9+s57eUy+4IY0kJx2w6Nk9kFzE0uffgXIRKAboNtxlC1/+/GPljjdABc9+q+ZcM0Z3qmb5LWOQXOmml/8DZz7+qJB0hQ3FBerFNyNC5z/9nrXqxX+Pvgf35OMuSSPJSXtPfXQPJBc089F3oFwE1jBQTLkiZNtw51jq4qf/XVvuwsPAa9Kjexkrnv8HyclFXxTCGwsyERf4LctvHvPuvAePBf8pDz/Y1N45BpIbKUmZFAwAR3nW32nUrY0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLhZHLaxNRGMUjaRDBjQtBxAdZFEQE/wEFUaurLm1FfEGzENwpturG6qIFrYUKXbUudOODNqIiTWqvFEwXKo1UUVRqS2NM0kmaZPKYPKbJ8XzTiUQxceDH3HvnO+e73xnH8X7fLjJInjbgEekiOwA4/sbBD0Ov5sIqY5SVXiO/Rpospw01HphXrOttZPBMxCkWJ3NltZItq3i2pOKZklrWi9Z5SMuKwf2GBtJVxJotiqWLKpIqqHCyYO3/Z/A8UyirBDtLcZTi6Y+RdxdHAsnTAy/NM0TerCuRlE2Y9El+YjCWoLBkViyxdL40OpNmLuBo0Gvk12AuYC5gLqB2XAw8A2NBFZzXVHm1YnHq1qQpYs4PjgbmAuYC5gLe0jrnWGLwzZqDi33ksSTunw3JvKZ0FbFmi5gLeDswF2v/h4Ftcm8yaIl9JMtcwFys4midOJQwEOX6ZyInBos18QYJk0yQVhJjLiiald/iTw+GMHN2N6YOuTB9YieCozfE4EvNYDO5Ttz2vn/Q+x5zC3EwEyw9GcaH7v0ovLiN6mcf8g8v4O35vRg+edTr+Ne/tU2OEV03SvB3uGFQjDvtQM8moM+N+M0D8B92LjQ0sE2+MhdMHXShOutF/ZO6toXnLdVm4o1yA1KYOLI+lrvbBVBU7HYgSZbOOeFvc4abGWwjXrLndefW3jeeVjPS44Z2xYXvnnVQ7S2rvjbn1aYj1BPo3H6ZHRfl2nz/ELGc/wJRo/MQHUFwBgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLjZO9apVBEIaf2f2iRxMJUfEHFEStBCtRC0sLSzsbEcFCrQQVL0AvQAgkd2FhZyOkNRAsrERQRMFwonDM/35nd/a1OCfHRKI4MEwx7LMvM++YJADM7ARwFIj8O5aAL5IqAJIYQi6klH7mnL2Uot0ypaSZmZlp4BQQJO0AXMo5+9ramtbX10e5vLysXq+nbrerUooWFxc1Ozs7gjRD+TasIcZICIFaK7nCSomkYlAinQydiUlu3rr9IDZjdv/e3ecmaQtwsZQyv9F3Pq8ZH1eNzSzGGzEenA4txw8eYH+ETgNjASb2Npeb7dNZ+A5vfzTkKvYE6EQIDgEjhDGWeqvsC06jwvEjhwEYAR6+/PBo7pshREDkAKVCFQwQYBGMQCdGNot+A57O5ye56noqQgwa0USJRqngMg7vNcZiZLNAJbDSH3zcPFuoU1n2uHWFKDEAi2hw/iCcnTTOTRm1DjbmLlYzpKHypnVdzc5Uv4IJXKIKbpwxrhyz0XzMDEnEGJkM4lAz6DV953TfZX2HiihVXDsZuHLMtvwxMpyZUWvdYcsmuazvCn2XXIPBnRjf6d3toBDCjl5oXbQOrWOtQ3Lx6msdyd6qf+Y2AL3WZcnFpotUxJtuZfqd//XxEFABQip6nQYqLLlIDq2LF5+cO3OZ9z3tdpHV3TcAt23nfHJ4zoH/CweWfgFQJVPOGSHTggAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLbVNbSJNhGH7+7z9scyqepi6JobKmE5ZigSWpYV5UskYZkRJk0lVeVN5GF96EF0kXZXRVFHWTKynqKijFQmvqTYRMcWuYodtS59zxP/T9vwdc9P08vP93eJ738L0foygKdkbb7bHLhlxdF2HQSqcM/RJQGEiSqFsNK0PjA429+GcwewVO3fmcetZbzxOqsLOs2mA0hReeNSz5EvE5rzd/9P7p5A6H7FVjWSLyLIFvlYN/jcVcmMGPFaDcZITr0D6UW/UGLtf4eC8nQ0BRw95eJAyzi99/4rBkp3H1SCFYnj3/X4H+/n4DlSBqyByrggFLU1HtPI1kMiBCx7NgOEbu7u42ZAhQcg81K9S9oKbOMUTb4CmZoxHoBBZ6CoWu0oiEZDK50tHR0aOlTQhpM5vNL5ubm4WxnwrOHDYjlqaeKFGR1VSo6qYHBeEnMBTWYsSzipsd9cLy8rJzcHDwC0dF7jY0NKC4uBgHIw9wb+B9xjXxrIz22kWYatox7r6F+oQJVus1uFwuBAKBh6qAzW63a4edTidsNluGwGbgLa1DNXLNdagqGUGptQ1FRUUahoeHKzhJkgQK7bDf79c2QqHQVoHEEAwr71BxtBNS5A1M9k6EJl5DTJ8EQ1isr68zRBRFLCwsaFCJtECIRqMUG7SDPqK46iyQmMbXp8+RnRdHVtKHec/ILodLp9NYXFzUPMZiMaiCqVQKurQfBUYeOfkx6t0HtaJS9BvKW/ow++ERopZcBIPBLQGVoA69Xg+3200rr6DRNI28E5cgxyYpN476czbIqSXojV6Yba2Y932CyiWULEciEU1ATaG6xoHjjhxU1rQgKycERQzT/mQx9cpLT8iQE16YDlhAfo2hNEcB63A4ymZnZ4WZmZmSzeou3LjQhLWJAViaroPQlmT4/SD6KpTVHdMsI1SCM1qhy7YgPzz6PeM1XhmalDjaWhc3+sBK9CXLyjbkbWz9EykZhzpXlKm/wwxDbisZJhAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIdSURBVDjLpZNPSFRxEMc/b9/P9b9uu5qWVG6soERCIringi6J5wKhTl2CvFQnQQi9dO3QoUudOkSHLkUQniL/ENWyrSRbUqC9dc1dXUXxubvvzft1sF1d6iA4MMwMzHznO8OMobXmKOLjiHJkALWysjIKXAXwPA+tNZ7nVaiI/GP/6jMjnU67LS0tJsDBfZT8/9mSn0gkRGmtzaqqKh7GhKK9zcb392hnB19rD8fD5xlq+EEkEmF0chM7X8TeLWLnHV7cjCAipjrYte/bI9z0J5Ysi8WsjR6bA8BxHCYu1eJ51eWxAEQEVQoAnLYLXOzt4LJfMfP5KwnTLCdOTU1VLG9wcHAPQET2il2Pj5mTKLVBQ1MTseIAuVweGvYAotFouXuJdQWDTWuB1vBZXqo+cr+K1AT9tO8slxPjTybwxV8jqxYSCNJ17S7S3LvPoKN+i/n1AF4wwLE2P/mtPI1eFqgl+/YprWsxum6MUB0+x+7cJMmZ5xhtSxjJZFJ3d3dXzGfbNoVCoUx5/k6Ugesj1P58B8vT0BxgTZ0h9mFhn4FlWWQyGUKhEJ2dndTV1ZUBZdWipj0MQ/f2L3D8BGpzHSUiyXg83iMi9Pf3G7OzszqVSlVeX3MQ+8sb6l/dprD7GxvY3jJxGwOucZhvnB7uGPc31o+dCrlK+VJsZ10WV01x8vq+cdh3nhk+PbqTS98yxTgjpl7W8PjKpPvgD7bjUD5Jjh8/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKTSURBVDjLjZNLSJRRFMd/95uHOmrjo0zM0RTR7EFvg4oeEtQiKoRcRBRFaKs2QatW0cIeFCRUWERBgYsWFYQUUfawh20GW+SDHIcSdaRSq5n5vu/e77aYnD6JosO9nHvh3t85/3vuEVpr+vr6tOM4OI6DUgqlFFLKtHdP27bTvrGxUXgBlFKUlJQyMTUFWkNqgNZoQGudXqM1+fl5dHTcByANmJic5MiFLv7HzjSvxrKs3wAp5a+QUBoqIyfgJzQnm8wML0lbY0sHW4HS8Lo7jHY0pmkCYADYtp1KExBCEE9KRieSxE2F1iCVxpIOpkyd0ZqZGdi2jTOdnxAIIfgWlzjaJC/bh9frwXA05XSzZ2UHnoFBNuU+pefilX1pgHZSCOGCJCyFZTtkB/xUZz1jS2GUrNl7CVYsZyJSQ+/Dq6fTAFwShBApCKCFYJ7xnG21MWYF1/Hlw3v8wiJ3VjE5hWVBL6T0GB4DgOhQZMaLLyocYPdai7zKbZgj7fgDgmi4l+8/JNqaWpoG+H1eWg4tQymNz+cjNjZGnmeAUDBBsGoHyeHLGH6JL6ecDBnldmQex1uu908DznV2Ptno+mUFufEXkepNZfXBql0khy9h+CTWVAUjnW/UvU/l/bG49xaAmC6f226eari2Ymnl/gUbdxrW2A2ExyI5Wcr4s+6ESvxYWHP01VC6aG5Aa2vrHPE5HKtfU4wURRQWdJFf5Cc5GWK0q4f2wVD8xNnL2e5ghntjmuaquYEoC9c3kfHxBf13uwg/+EL/4zDlDecpmr840NzcvNV95w8JJ5uWOMcOHhYYivCjOwwORXiXtZmvdiZSyrdtbW11/wQ0bihIrKic662rrUD7zJeJ2PiB7S09g39rrJ+Ib2CJHdkBMQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANpSURBVDjLfdPdb1N1AMbx5/ScvtHTZbSwDcrWlXXIUOdkZiRmioQXSYgX82p4YUKMkJjswpkRjCJckUWDhBCZGoJhYrwYMIUQzbhReZOZLtvqateVgdKVjYV2W3t+b+fl5wWSwI3fP+CT5+ZRpJR43LHkYZ1bopsJsZMJ2sYEB+NsmDLxkyo2HamUnd7Pd0cInkh5DBwdP7SZm+KbjZXtMVXzwVRsVPlXYiqXwoWJ7/siypdJYVo9Qth7Tu1t+PUp4LOxgx117viFcGA1ZsRDjJZTUKULL+sv4rvfvy74rY62oLJtuC2uhybuLuHv++U3B/Y3DwKA69PRgyEmWH+VXoeRcga/LdzEgrmIuD+Kudl7MAz6cUBu/WBdlS9UvdyHxlU6KBX9Ow7cCAGAi3Da3Vq5Wc/SHFJkEsRiWKmGoDM3fhg/NxpRT9xi1Nwbrw0gnWcIVXjRuCaoM0K7/wOMXarbi2Q5DWFxVLh0NFesx3DmOmiJdZlcO96yNqgK00HuoUBmlqMmHACjbBcAaISyDVyx4IKCFv051Hsj+Gc6i0Q2cToW7F9NKW+NhP24mSEghg1jyUZTxA3OaAwANIMSWu1b4WkPvoS5/D30jRwtcEMcP1R84+TkYkIbCjyTfVBkz2tQQAwH0nHAhQZBmfpoAaF3/vjrRsulPwfnOeW9+++vGdhaCLwtycTkKyTx2qUNPWDcBiES1LARXu7GzIMyBKfZR4BBz/44fr7vWK7x8rpFtVsSmjLX1upK5jacUhmUUhBmIz51FtunzmDZwh0s+MIImdEi8C60wWzLaUloryT0hNkQ9ZgNUTi2DW0kCRgGOOGIpL7FRvtnNL2zD97Ys6DjQ4hevfLqlW3uLpcsG5pTKr/FN7V6RGMMdDINx6BwygZsg4IzgvDYKazf0gHf7V+gnNmNZdODqI+GVanI913uL07OOyVjj3IrAUyk4a5ZBYcS2JTCpgyCMgRLM/DVxICui0BvAfhwGpqRhuoo9RoA+M8PnCu1b9mhjqW+shvqY071CoAwSMbBBUVRDQgyetkTuPgeOJ0FAVBaUmGryCtPvrHY9IJuc9EjhdjpCLNNWlZzTSGfvNYZOewJBj6qDVua5sqhNG/h7pxqm0x+8hTwf13vrDtgFPL7VFuJ2qqckUDf60PWkX8BnoTdhvAVaYUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLjZM9T9tQFIYpQ5eOMBKlW6eWIQipa8RfQKQghEAKqZgKFQgmFn5AWyVDCipVQZC2EqBWlEqdO2RCpAssQBRsx1+1ndix8wFvfW6wcUhQsfTI0j33PD7n+N4uAF2E+/S5RFwG/8Njl24/LyCIOI6j1+v1y0ajgU64cSSTybdBSVAwSMmmacKyLB/DMKBpGkRRZBJBEJBKpXyJl/yABLTBtm1Uq1X2JsrlMnRdhyRJTFCpVEAfSafTTUlQoFs1luxBAkoolUqQZbmtJTYTT/AoHInOfpcwtVtkwcSBgrkDGYph+60oisIq4Xm+VfB0+U/P0Lvj3NwPGfHPTcHMvoyFXwpe7UmQtAqTUCU0D1VVbwTPVk5jY19Fe3ZfQny7CE51WJDXqpjeEUHr45ki9rIqa4dmQiJfMLItGEs/FcQ2ucbRmdnSYy5vYWyLx/w3EaMfLmBaDpMQvuDJ65PY8Dpnz3wpYmLtApzcrIAqmfrEgdZH1grY/a36w6Xz0DKD8ES25/niYS6+wWE8mWfByY8cXmYEJFYLkHUHtVqNQcltAvoLD3v7o/FUHsNvzlnwxfsCEukC/ho3yUHaBN5Buo17Ojtyl+DqrnvQgUtfcC0ZcAdkUeA+ye7eMru9AUGIJPe4zh509UP/AAfNypi8oj/mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEjSURBVDjLxVM7TsRADPVEK4oVSrGU1FyCjltwADrOQhOJe1DsMbbfYjsQ2g4h5cvM2MaeT1BIJNBSYMl69iTv+TOJYWb4ixWnEquqCpVX3x887bqxJSQAkgwRwEvsE97drM0wDLAooHZxXgBlsiAmJDl4ecPwTtd1ywJaXsmZqLFP5JBHPrRtuyyQ29Xq2nIU44mYWtM0ywJKOr7TOC9hjIOAOvwgcHu9Nr+5hYnAw/bI81EYvLTgBJ1lsA7BORIkeLy/MnVdTzu43JwFJPmwdFGjgNcRxH0BXsj757i8mQBzWhaqK4EDGZ1gyvV8+KD5LeRqPmCKQ/UYo3oSJ6L5DqwlOLz2ghiq6pzOxvZ1fuQvYra+73PrfJKXZcmK5t/+xmyf9PZAc1Cvzt0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK4SURBVBgZBcFfaFV1AADg7/zO2Zy7A3fVebdEQ2yCoeVfmmhQGlRgmCg0sEAoeivvWy/BiigYvoi9hPYgEfQYKGVgiIhaaJPSVlC6hU7v9Pon166755577+n7ovRtvZ3LjUiUAQQEAAQAQBO3HWrc8HHSudyIwRfLShuJOwgJUUSIiAIhIkSIiRAhb3H7Urnz++MSibLSRtKY/s3EuPsH9y4TAnFAIEYUyHN6FrNkA0uOlxMQdxC6WL8bsJusxt+nuPYdrVlE5DkiHk7TtYg2QRtRwuMKV79l4hy1Kh0Fnn6dVw/zxBAgIsuoZzQbNEgEhIjHFX7/mhCRBBavY92bLFjOcwe4fIRrp0ibNFKyFnWCgID+zez9iu2f8NQuZiY4/QE3zgIb3qW0jjSl3iRr0iBoQ0yEjgJ9q3l2H68cpncFY1/wzxlgywHyedQzshZ1goAID37j5PuMHaFWpaObbR/Ss5Szh5idprOHNTupN8naNEgEhEAemLurfv20cxfGXElXKi7qc/9en709tyz88XNfTixSLBY99JJnJqu2pbFEGyLiXLap7JsT5/2Xd9r31htqtZqpqSnHf0p136l6bd9+cRyrVCrGxsbcbKySgJDTt8aFyYbrlX/tGR527NP3nJ+c0z8wYO3atSYezbl48KDp6WlbV5Zs27vfyckdEiBi7q5fxy8pFAqgvHrGmT8bhoeHFYtFs7OzqtWqo0ePKj8/6BcUehdKNJA30TJw/5yfHw2A0cvztNoNo6OjCoUCqNVq8mZm9MRFO97ZqnrrpvijQb365w8pDpo/v9vZ8WnpXGrV+i02DW21bNkyrVZLqVQyNDTkhe3bDawY9Nf4VdfGrzyI0pf1dvYb0a/cajE52+Oz25t1L3lSx7wu7Zw9d36wMJtzbOkurSjI0rp7lamZBTMPdv4PY0MOogadRGMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLlZLdTxJQGMa96K4/oPUHdFfrpntyZrXsoq25tlbroi6qi7ZuYsuZ0UXRWiv72NS0gjIgDQ1LS0wkwU/UVEREUkEIBBFE+V48ve/ZICza7OLZOTt739/znHPeEgAlhZpyB8+MLa58HHL63H2zy4muycVku8UZahl2TNJ688/6wsbd31yBLps3BNdqFCvrMYRjSURIvOdzzdAcmozWhTaLc+8WADXvHHb6RhYCEdEU2kiIJu/aBtwEywE3k2lQKjz8NB7Sjs7vygPMDu9ddogmUliNxsWaSGfwM5sViqcy+BHeFCl4r6YkzwzTnXlA9/SSh924md25qFDszMnmfGuga4pEd3QjiTxAN/49xY0c10MgjsuOuSssBdfh8IdBSUG1AibTDmbzAHrhZab6IzHQq6N3xo3+LyqY+1phMmig/9AISolm8yyMdo9IcKtt6HcC+h653uoScTsJ0K65jw5yYrWOOISrol6Kht4pcUV+g0efJwx5ADXtUA3a7aMLflHQoa0VzfTSoHMBUClqwL9EM4Lrb01JOt+zZQ7ob/c/N1qDDGEHBugKxO6mOS+qWswZRb/t9F+DxCLHAzQovsfdEyAYXn6d4cHBa7r7NXU/brwbiCpNtsNFJzEnaqp4KjufblDU4XbtJVTJL+BqjQynyvZl6e8P/nOUC1UtvehWNr+BUqlGXX0T7j14gpMVZcFitUUB0ivnBvQ9PQgEgrBYxvBC8QqVxyXz2wboVfKzlSeOxsrLD2VLSyXZY0ck8feN1Ze3Dfgf/QJBCig+4GhFlwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpVO7a1NRGP/dm9ubpGlMioGiLdFBHCyFtksHZ6tiQZAMEbqZwTGgkw7B3cmugoOL/0ATujadlIZchCwGWlERF5XbNOc+zsPvnNvUQmMWAx8f5+b8Ht/jWEop/M/POXvodDpvOOebcRw7lEHZRBRFOr+rVCoPxxJ4nlcgwOtisVhJp6cREghSwngjh7OzRezstKp0Ok/Q7XbvaHCpVJrP5XI4OPwGrS6lglSSiBQEkYVhOL4Eutwql8vmwFiAmMAfvX0ikKdxa/2uKWMsga7RdV34vp8oC4Ebi8tGXZ2o60b/04FmFgTSl/RAtHWv+4GyMOr6v0v37k92kPRKmcuaYHFp1aiPXKgJPbBHzIkDbZlIxEn9dgRf/UT6+wGezRxCvXqsxNMN/xzBKVj8bZwm2vq0gha7jedf1oCpLHBxgZTsqUe96gzFpiHQ1kbbqC2b8ckkz81lca1gwc24oPEAEcWx0Fd/2Zbztuo9+GEc6CmkUqmk7rMuIglOFfIhfWccKiTwkIPx2CmggCAILmgH79vtNgaDAfL5PDLZNG2gZYhiAvKQSjsmhwE1m+ngBAzJTEx7E2bsWq221u/3N5rN5v7e3i7SroWrVxZQLs9DDEmdaQIYIAJyEQmwIMBRNEAcxclbqNfr25S2G43Geq/Xe0mjXdJLJS6/AM9RbwIaJyP700TCpdlY3z4CCxmsSc955clnZSnznnDz967KOrC+Dp2wc104yh6mZJzlfwCf3q+o0qkR9wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLlZPdT9JRGMe5qFu2Lrt1a63LWv9ATRdN5xvLsnLRipzZpIVpigjyIs3XAOUHgopoWkggP5QXSRJwJQmtm/IlAWtt3XXTfubS+nZ+P1eby6ldPGdn5+zzfb7Pc57DA8DbL9rjrYxuVsXf7W5fuC2mYawpE7QRJZpDDfz/EngYVTN9qR4EPvlgXjCiKVCPWvou/0ACxDJjSbIwDefqMPxrEzC87IDUW4Pq8Vv8PQVaX7Qw5qQRgY9ePP0wDMeSFfWTUkxmPeiI61DlFOP6SAV/VwFtRMFQCwb4CdwW10IbVcK+aMHgohmPlwdBZ11oCctx1X5p/R8B9Uzzuum1ntj1Iv1tGRtb3zH2dgSa2eZtOOOCMizD5cGyzR0lGBNdx1TP5T96E4+4WttiWg6mYr3Ifk1DF1PBmxmHYlrGZkbFUDku2oSHOAFjolOuIpZ65rs5+MmKg9hWcJlZWB1UbsOhRjYz5r/MoSn4AKWWQg0nwFoyzndhijRobGWIq3XgPQU1sa2LqjCRHoc81IBK9w0OnvscRWQtBGFfEc4b8o7wNDMKOwnY3lDwZZ+h1idB/zsThpf6CezkstVN3yNwHFMrNGqCVRvlA2UQ6POkud1nTvE0EcVR1gU7JNSCnrPrWLRtw+RM7BKBXnJDP9eOYqogVNAj0Av0uTk7mtjov2+1p2yQ0hIYXnXCs+qEzF+HC9YSyIiIsK84XWTKP5tvPHdi11GupSXHW8JNW+FMAHdclSCCKDEX/iKdDgotRY17jTu31LhvHybT5RGPin5K3NWs1c0yW+lp0umc/T7b383NUdHJa44rSfJU+Qf54n/iNzi8zBtL0z1zAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFrSURBVDjLpZO/SmNREMZ/uVxFCGy7L+AjpAgoIUW4hZjCCDZCbCQgVlY+gaDNLghibbmy2EgQTCOp8gaWYmFrpbE4Z+azuPe6UVE2ZGBgzoHz/Zk5U5HELFFZ2/uzu9ysHT2OVZUAd+SOuSEXLkdmuITMMHd+zIfn29uH/YtfGydpbal2PLdQTX4uTEVcfR7bMXCSjoOS8ePT1NJfghKAVCYONhenBtg+vCcHkAOwcwOnTRiNRkjCzHD3TwmQZRnmlgNQTOG0mSPX6/V3TJNTmqw9FgAl0tY1nGUwHA4xM2KMbyom1Uii0+ng5oUFz1HPshy50Wh8yTp59tJCWaxfwt9VMRgMiDG+y48Kut3uWz/SGAKQP5ZEq9X6lrmMGGJhofCyclGhvyb6/T4hBEIIxBgJIXyaQq/XQ6WC8vJqHSCh3W7/1z/wQlH6cHd/vvM7bLgZbv86biWzhNyQFXvhTsF5DlCZdRsTZoxXOgYqlSAcLRcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK1SURBVDjLbZJtSFNxFIcHgjAQgr6VhBSFIhhJQa842JdeLBMyVIpSSUtFZpIIaqa5UNTpUKebmR82FZmmzpXiHKawhqKUlUVQCEEE1ZfQmFg3n85VLN8uHC738H9+5/mfTQNoNtR4S7iUidHmacYtCl6zwnD1NEMPTPSWhG8+vxnOEzDAZBe8ckm5YaYfnjtgzAI9+QGcuXlbA8ZbghmzDTHRDi965HAzDFYiU6H/LvQWgKsERmuhrxAeXhmi+XLw/4DRZjOTAqsBw9WKgHrR1f6b1JGtxZ6up+2aQo+EOTLBfM60GjBqieJZvcJEp0ysUOgvDaOvKER0jaLrpz3Tjz3NiDU5BFtCGA0XFJxyiyqdQuWJSA0jJjO+NtEzq7p6+gpC6c6b42k5dOVCZ5a8b4M1fo76s6FU6/USAq1XwRht0ojue/ztq3fruaMV3W7cZYiuk5YkHY3xOtF14siQqTHdVB3Xcv8wYgaF4W81oruEX7bszFWbQaIbwHEL0dVNTU3F+Xy+SNHV0RAL5UcClB4MoigCOnIkYN8Pjegu4Xski0lXt6vFmqjqfqPLcErg316v9xdNCWdE9xP3oqDggJbC/atXK967oJHtfuBxPqIbEN1g0Y1Rtyuwg5lh+OjB6XTaDY3JxYbGpJ8ZtRdJNeqWO0uj1QC5gjXZILoZspgdaz+bwDtl8oLb7V4WeLncWjBf1p3Kk1kLM1881I1kkVgXRaohdECz5a8sJXCTwArfX8LXKa5Xnsb1xozrXT3qU+NNp857k6PZuxa3gw8J/EedbLfbfTabzXe+KJrB2VbWPwOvLWrA1ukCewVeFLh1rXcyZ49S7UmjwpOyAlcMp2xvIHCswJ8FLl7fl4PGSzURmDw3Viarb/Vb+jUbAgRuEThuu73I4cpj2bsDqrbUvPqt9v8CPKvGd70s+8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHhSURBVDjLpZI9SJVxFMZ/r2YFflw/kcQsiJt5b1ije0tDtbQ3GtFQYwVNFbQ1ujRFa1MUJKQ4VhYqd7K4gopK3UIly+57nnMaXjHjqotnOfDnnOd/nt85SURwkDi02+ODqbsldxUlD0mvHw09ubSXQF1t8512nGJ/Uz/5lnxi0tB+E9QI3D//+EfVqhtppGxUNzCzmf0Ekojg4fS9cBeSoyzHQNuZxNyYXp5ZM5Mk1ZkZT688b6thIBenG/N4OB5B4InciYBCVyGnEBHO+/LH3SFKQuF4OEs/51ndXMXC8Ajqknrcg1O5PGa2h4CJUqVES0OO7sYevv2qoFBmJ/4gF4boaOrg6rPLYWaYiVfDo0my8w5uj12PQleB0vcp5I6HsHAUoqUhR29zH+5B4IxNTvDmxljy3x2YCYUwZVlbzXJh9UKeQY6t2m0Lt94Oh5loPdqK3EkjzZi4MM/Y9Db3MTv/mYWVxaqkw9IOATNR7B5ABHPrZQrtg9sb8XDKa1+QOwsri4zeHD9SAzE1wxBTXz9xtvMc5ZU5lirLSKIz18nJnhOZjb22YKkhd4odg5icpcoyL669TAAujlyIvmPHSWXY1ti1AmZ8mJ3ElP1ips1/YM3H300g+W+51nc95YPEX8fEbdA2ReVYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMGSURBVDjLVZNLaFx1GMV//3vnzkymk5lEm/GRzWgVOkVcWRcRLK2YVHwg1geFQJfJIgWhmy7UQl24bcxQGjcqRHfiQikmiIKGKEWE1NqkQmjStNVOZ5J53Ll37v/porQkZ33OD77vcIRzjp0yV94bBTFmnRvBqIqVkbDFl+qksn/Lm1+eLx7644edfnEfYC6/VsYvTDkTTXild/PWBysUziqE9xiEGyRr1dBZOWtkuzr4am39AcAsHy3j7flYlN4et2mN6f6MlWs4tYV1D5F59CzdWzOkCy/jy4TuXx/MGRV/OPSOWveEEJ6x/kkxdGxci1X01jQ2XgRzG4hB1cGlUI2rdDZn6MoNspUz46anpwC8xu/H3xLkJm26i21/j7Mt4N5ZwhMgQuT2LxQOfIaJPXq1eXSQxygmNi+IUS8/PDbpP/F+TgRP4hjCWbvrqV4QoJsXSO5cZPDAOWSrQVT/lcLzn+RlmzHP3fg0b5Nr6M4i6UfO4KQPO5sRApFOkTS+wFlFas9heturuHQRIxnxsHK/9T1U4ytMvIkInsMZA9zjOOsAgUj5xP/9RtD/LKqzjcFHSyqe0RFYg3UC3bqMlzuINfZB2FqwBox2aJVgDTgDVktUDJ7VvRUnDU4MosKreH3PYHoaoyxGg5GgI40K+yjsO0747xIiO4CQEUmXFc9ptUQSIdJPITt/Ejz8ItY7TLIVI1sJSTOi195LoXKO8NYlZPMS6fzT6LBG0mVJbH8rRq1x32QPVvOdm+dxci/9+04h/Aw6uoufKeFI07w+T3NtjqDYT7F8gn+mT4cy5lhq4E27UP9azLp27VRQOEKv/hN3lycRYhjnBtBJEy3vgDEExSLZwRfQtWt0t5h95Tu34AEYSbW5eHYurfvJDU/QVzoCGYGxGwi/RVB8nNzwIYrlE/ixZnn68zkrqO4a042qKJuQKWOYGDp6Ou/6Slg/g9MGl4So5m2uzFTDXptZl6H6xkW3vgtwX6sfidGkxZhVjKiEShJBErEiE5aMZv71H93CTv//ct+662PTZOEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpVPPaxNREP7ebna3bX62aZMmYnVLxZRSior1IFVIC1at3uo1ePRQ8CB4EDyr/4AHFS8SCl4FC9IQf1WRhmij2Ei1Dabp0rSxRsMmm23WnZWEWBQPHRjmvcd83zfz3htmGAZ2Yxx2abb6Ip1Oz25vb4dNh67rqFarDdc0reGVSoViLBKJjBKOUQsm+KQoivGuri4raac1tykIAuLxODKZzOjU1FTMqsBUvO7xeKAoCiRJaoCagbTOZrNwuVyQZZlEr5nHMZZKpSx1r9eLYrH4R7nUCgEZY+B5Hm3VBfDLT8A7BlHaeIq1rdpNlkwmZwOBQJgSCVRXbY7k3I8YWgpLaO0cgVs+hK3lV0jN3NdsBCqVSsjn89YFUXKtVgNdJkXaO2sJhHo0OA4cR+HzR4hMg9PVDXfnHhsRhEmJiAhktmSVzHG/X9jXuoKjwy3w9I6jsjYNsY0h83YRVZ1D9J2ZRqrUKzkR1J32HcISxoYFePrOopy7AyZ8g+BwgldzqOyfwGbJgI0I6iAqORQKWRGFNzjSL8Hddx7l1dvgBB1aUYbybB6L9tPwt/qtP2IR0AsQQf3C1NxzuPwqfAPnoCl3wYsGyt/3Yf1FAsWBy/BL7QgGg1aVLBqNPjb7H6//MmwkET7WDZ354O14iXafaIL34ms8gQefgthUuUbFptgM2zlMD2+NGZOX7iE9fQW5lTlIPUPQ1/O5dpE/NXj19fv/DlN6SdG1D48gD43Abj+I1fnUz7KqnfkbuDELzXbhRId6uNdvG+6XYQiVOXU9f3HixsKXf03jL2qvd7dZXvRWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLjZNfa9NQGIdnP4cDv8Nkn8PL6UfwSgQZOoSBYkUvZLN1lMFArQyHrsIuWkE3ug2t1K3O0LXrZotdlzZp0qZp/qc9P8852qyyigs8F8nJ7znveZN3DMAYg14XKROUyf9wiRIKckOCCcdxNN/3+71eD6Og64hEInPDkmHBJAsbhgHTNAM6nQ7a7TYkSeKSer2OaDQaSAbhC7efJGY28gZWPrUQTyt4l2lCKLfR7XahaRpkWeYCy7LANonFYr8lqzt26PUXIxzf7pCfioeS5EI2fVQkG+GVH0hlRVqFjmazeeZIvCc0PBXf1ohu96GZBEnBQMMmcAjgeH3cWRKQyTf4URRF4ZWIongqoOFURXZpUEOt1YNm+BzDI6AeFKo6IqsF3g9d13k/VFU9FSytK9V8zUJiR0WbBh+/2cVich+trodvNQeFEwvTsa/8C7Dzs54wUSBYeN+ofq+ageDZmoBX64dQdRcbByaEqoGbTzPwPA+u63IJIxDMrR2nDkUTR6oPxSJ8ZxYuNlxsHtnYLal48DIH+om5gMGqCQSP3lam7i+XSMfp40AFsjWCrbKHdMlGpeng2uxHpHM1XgGDhf8S3Fsuhe4+3w9PL+6RvbKGguhAODaRLSq4OvsBL5JFvutAMCAQDH6kK9fnZyKJAm4tZHFj/jMexnPYzJ3w0kdxRsBu6EPyrzkYQT8Q/JFcpqWabOE8Yfpul0/vkGCcSc4xzgPY6I//AmC87eKq4rrzAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVBgZpcG/S9RxHMfx5/f8fPXyrMyOhGgoWrLJ4m6Ii2hrCyRwiKa2fg06aKNjLRVHQkNEtOnQUNReg5RLBJHUEhe4iEiUnj8+3/f7lR/j/gDz8cgksRfZyNjMrfMXa/dX2qpIgDtyx9yQC5cjM1xCZpg7B7rj2sLC4uTLB6PTodaoNfNypTRYZjcqa21rAtOhHVVqr6yyW+tRJbYFmRi71M9u3X3aIgmSk8zPz/Oi5yg9eZnBrpOYZxQOheDaoSec7W/xe2uAua+naTQamBtJQKKj6H3Ot83v7IunGOoap6xjRIe3v67yc+MdR0pLZFlG4oWRBHOjoy9b50Q50Nf9heg3iXEIbZ3h8+ow75cv4JvGxP6PJG5OEuSiozbQQ54fpxIOYtrgjy2xaa8Rb3BEXM/JWldI3I0kuBtJvV6nTp3E3emQRIcqQodF4u4koYiRarWKxA7xjwSSSCQQYA5ZBuU8o4gFSZA5yfVXyyTPLldZ/TRK0js8w725KZLJc1PkE3fY8egxcmfH7eYH/Y+R8RltIyz+aM3eeBhH3Qw3x8xwdyxG3B2XkBsy4XLkjjvJLNsySexFiT36C4QDM7+0SJboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJASURBVDjLhZLNa9NwGMe/WRKXpp19L6WrdVsZHgq9aBF2cFDRDi8WxJPssqMXDx4H+xuGFDz1YC+eBvUgnWDc0FqoL+CmHlylthurdWqG7bY0zUvtL5CSxYOBh+f5/fJ8P89LQg0GA9ifu68XMzOB8INJ/kL8WKGwf/y5WW817z/KrBXtuZQdMBRfuz5z+emcb4E97LvwtXsG3aMOfiiP1Y0Pwu3ineenIGN24nm//+GsN8U2dQ3bf4BnByJe0luIhsKM1+Fatecz9ovZs9NT7+QaPFoKG3sStOgOPrFPQP92YtoTif4XoOkyTmTgTUvHN5EBdxKFo7sEyr2Jnlr7Z1+jEarVqlCpVAa7P0U6pEg4kmqgxjgcfPdAP9xDnAPqu7/oQqEwyOfzwinAUDzvcDjSyWQSVzxZ7Oy/RSZE45JXw9w5BTeTW/jSfo+l1D1ks1kEAoF0LpdLj0ZQVXXF5/Oh3W4jPD6Ji+O3UNxeg6q9AsP28bHVwo2pRfBdHo1GA/F4HPV6fXkofUGVy+V5nuc3Y7EYOp0O+v3+yIZgkM9MURRomgbLspiYmIDT6YQgCAR2lVEUZSUYDGLojSSO4wwz/w/irbGu6+j1ekgkEqjVassMqSJJEkRRhCzLoyRN0wxvns07cmYYBm632+iQANKkMmnZTLAL7GfiXS4X6TpNRjBIxMyq1sp2iPnO1DGm0BTbIfZRzJ2Q2AAQkt/vH1WyJpjLI7F1ocQikcgIsF4qlRbMlqwjWWPrmJau1/8CtF7RM3ksOU0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLpZPrS5NhGIf9W7YvBYOkhlkoqCklWChv2WyKik7blnNris72bi6dus0DLZ0TDxW1odtopDs4D8MDZuLU0kXq61CijSIIasOvv94VTUfLiB74fXngup7nvrnvJABJ/5PfLnTTdcwOj4RsdYmo5glBWP6iOtzwvIKSWstI0Wgx80SBblpKtE9KQs/We7EaWoT/8wbWP61gMmCH0lMDvokT4j25TiQU/ITFkek9Ow6+7WH2gwsmahCPdwyw75uw9HEO2gUZSkfyI9zBPCJOoJ2SMmg46N61YO/rNoa39Xi41oFuXysMfh36/Fp0b7bAfWAH6RGi0HglWNCbzYgJaFjRv6zGuy+b9It96N3SQvNKiV9HvSaDfFEIxXItnPs23BzJQd6DDEVM0OKsoVwBG/1VMzpXVWhbkUM2K4oJBDYuGmbKIJ0qxsAbHfRLzbjcnUbFBIpx/qH3vQv9b3U03IQ/HfFkERTzfFj8w8jSpR7GBE123uFEYAzaDRIqX/2JAtJbDat/COkd7CNBva2cMvq0MGxp0PRSCPF8BXjWG3FgNHc9XPT71Ojy3sMFdfJRCeKxEsVtKwFHwALZfCUk3tIfNR8XiJwc1LmL4dg141JPKtj3WUdNFJqLGFVPC4OkR4BxajTWsChY64wmCnMxsWPCHcutKBxMVp5mxA1S+aMComToaqTRUQknLTH62kHOVEE+VQnjahscNCy0cMBWsSI0TCQcZc5ALkEYckL5A5noWSBhfm2AecMAjbcRWV0pUTh0HE64TNf0mczcnnQyu/MilaFJCae1nw2fbz1DnVOxyGTlKeZft/Ff8x1BRssfACjTwQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLhVNdSJNRGH6++enSTc3Rl9Y0KzRcoSHShURERRldlLGLMsqrCO2iLuwuL7qKLr0MoQvDHJigJkEbG5mGdzKU1PnvN7I2Fgu33Or7W+858YkrpRee8x7ec97n/TtHyGQyCAQCVtJXCS2GYdSQribQ1vhEeon0C0KgublZx18i+P3+43TJI0lSXVlZGWw2GwoKCsCINzY2kEwmEQ6HEYvFPpLtptvtXs9i8Pl872VZZuEyu4mqqplgMJh57O1Ya/e25jByExZaTpSWluJ/4nQ6kdZSTlXRAtvtIkXmTNPT07Db7RwlJSVYSS7infwGa8llaJoOTdXhLCwX7Zr97C3PdW9fy2BTFoHD4WB1IhKJIJH3HZPKBA4UOXHh4GXoGR0GQTd0vk+l0peuPW9aGm7zVolmLSyyKIoUTUMgPoN9uRIk635MRYNY+bYMVVFRXlTBz0PhBf/Ifd9FloHFzIAdULM4FhMh7jiyMIREfBOte9vwtLEL65+/anNyaFz5qTSdf3Y6P6sEXdc5CcO9Qw85UTQaRfJHktvYnTzFqpPzOV/HmEG+6awMzOgmyRahquHtlyF+p0FoTJCz/s8UGExHk1DRflHjDAxHBpBSNrldURQ0djaMUT/O0DgZuSyySPF4HPQS+QTS6fQfZksuBuQ+5BXlQFDzceflDWqkJh2tOCydqq/H7Pw8xsYnvILH47lC7P0ul8tWWVkJq9UKQRBw99VtFBcW4+Sx2q3xmeNcWl2F3z86qWv6I4Gl29vbe4RIOglui8VSzP4CK2dQfo09ksgf0kxoDhpPm/VG/0DOT1Z7wqOcYLt0d3cXknMVwaCmhjzRHi+l7pjqmq3b8Y1v/xg7ofZBTY6rvbp/t/PfI0AjgZ0qo+wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLpVPPaxNBFP6SXZuYZWlsQbQhqRFsD1ahVgUPIuhBEDyKAU+ehB49FQTpQbwKggj+Cx6UgigloJQsqJcWCykppJVqTILi2iRms7szO86baVMFD4U8eMyP975vvvdmJiaEwCAWx4A2MIHpOM/+W0MUMekCQtDIpQdgjINzJqOhnDOEYQiTksfGTvWB1BMhoh3XBDQnkt0xiijGsbZW1ARkvt9WAB3UCRrEd0C7rhUlk7ZU4GkCzRwhlUojmz2DbtdFs1lBLndO7odYXV3A1NR1GIaJ9fW3cN0ttc+YjzhjYZ+ZwJub72WgJ8FnsbHhoNP5gXz+gkquVIrykBEQhvNQKpAE1BSqkzbIWq06qlUHnudicvIyLGsE9XoZtn0YExNXsL1dU7l0KB1kRpGnOquJoIKcc5TLb1TS9PQNZDKnsfToFuIrH+DXpPxhG73zl8BTPkySQfI5D1RTZmYKSloQdKTcURXbevEYhxpfcOLmLBL5k/A+LaJcKiJtSAVUm1YQYHn5+T+d7vvLJ7h4ew7J6jtg6QFSw2kcy42jUfoI0/d91dFEwvrr2vbundae+wvJI3ng2t29Fzh/FAc7ASnwZL2vVWfpdQnhy1Gol0ckpO546gC6K69gLczC9xroSoJ2y0DPGkJsP7+xVMjMD9nWvewoM834V7S/M3xuGjzsifux/X5np5Cb+/3z2x2Dx8a5IWoS9fTqInv4B7QMlwnqx2E+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ7SURBVDjLbZPLa1RJFIe/e9MdExXRJhIHTcQXjIkd3PhAR3EWulPxL3AhiCsFcSG4HVyIS/cj4krFjYqCQRONqPhgNkbxgcRAAoomHdvOvVXn4eKmYxw9UFRR1PnO71d1KnF39h37t9fdLztM4GxzHHfAnWLy2WEaiXnt/eCFU6sBShQHDjv8We3pTj5+quHeTIICZrjBZO0b07ljXlrFTBQA2Fnt6Ur+7uui+48qXhAwt6KqFdWXLp7P/LYS2/cf4ScA7kuqvSu5+fQtExMN3AwAa6pwx82ZnGqQ5YG5MWOBpNRaYt2GlaztrKAK7oaZo+qoGWLOdBa5dGXgdwBH1Rj5OEVrWibLMmIeECv2hRZK5VY6FszD3H8DAEwN0Uie5xzYvLaQX6jD3Tl/9xWxrcz/8n8oiGpoFERTLg4Mk0dB1FExhIRGepKx8Tokh34CpE2AiBFiJBh4Oo+k3A7ldqzcjrW0kklgRcd6FvedI2mxXy6RKIpkQh4VUWMyHMUsEkwIIiyvrGP9si18zb7xZe99dp6tLLx34kt91oKoEfNIHpWohlhgd+9B1A01xXDGaqNUV2ynHqZ59mGw1vdPWinNtRBDARBzMg2oGyOf3xBNEItEjUzlX9nYtYN6bKSP3w99LjUbJogiuZBHI5qRWYao0LmoGzFF3RivfaCycBnPRx/w4N3QpyDsmb0DVUeDFhbMaHjO+YdnCRbIJLCmo4etq/fwZGSIOy8GNU/YNXbah2ctkKZs2tKHJwmqjuhVTB1Rx9W5PvoXSdrO/ZfP8Cebr4313xue2we3b914dKj4eXP6H4eZdX2Vcvf1AEvGj/f/13/mQPMZvwOnSeJok49LlgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLlZLNi1JhFMaHiP6AvN0Ls4vob2jauYiIFoGBtnFlG1fSws1gDBdXLhIhdaEuvILfjtfK0cyvRflBeHWUEBW1nHGKpmkcpWw+ani6r9DCutn0wuGFl/P8znPOeZcALP0ekUhE7vf7HR6PZ+ByuQZ2u91hsVjkUrl/PITDYbnP5xMajQb6/T46nQ5KpRJMJpNgNBrlkoB4PL7M8zwbCoWaXq93RMStVguVSgXlchmCICCXy8FgMDgkAdFolK1Wq+j1emi326jX6ygUCsjn80ilUkgkEigWi9Dr9ac6nY7TarUrc4BAINDsdruo1WpzQtEZRDiCwSDE1pDJZBCLxaDRaLg5gDispnhmvRKrJJFU/SUWBwqO4+B2u5HNZqFWq8dzAKfTyRIh6ZVAksnkrDpxkk6nIW4F4nxmrghMpVLNO7Barctms5m12Wx46bw23XRf/TF5JsP4qQwHT2QYRWXYW7+Ix6vXT5VKJadQKFYk1/g1x5z/kmUU0+otnHy04Hi4hu8HHD4n6elegr7/z38wyTA3xy+Y7mHvAb69UWDauI0PiSuQEkoCRil663CwhuMddlad3EfbD/F+4zIWAvaf0+dEm48+bdDYjdMYC3dn4snmvYViya9MYoe/NNx/fQdb69R4EKGYMwOGPHVhO0qt7r66gXdhKrJIKAkQq6nehqijflCmOov4ry38T/wEpFjkJMz8PioAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLfZJtSFNRGMenRkgY1BKiL30yEkqJrCjrgxBB5Qtmyy3NcGoUuqD5skEm+ZZizpTUmZEw33ML06lzGoQKtRRETXM2Z1LOTBs6LNNw9/w7d+IiuevAj3vO4fx/z+E5lweAtxVRvp5Pqaf8psAF3RQfngtBa1OvCet2Bq5Ge/80K5nkCntR7AwhsP0imF8msCwRfF4k+GQlmFxgYF7YEKerDJzV90vKexwHZm0EX2hw6juBaZ6B8RuDsa8MRiwbggL1IP57A7b6NK36kYbH5xiM0vCwhRXYHYKMmnd/gwlH+dvunPTOehy623ZLlrfO9oCVbA72JsMzjEPK2QP5Gb5UGewJxcXtKBLsQ2JKBkR5OkfHq/QfnKKlH2uONd0f/ecVioM8OzXyC+hRRKFAeBC3A3dAfHwn7ob71tCD5rnFlc3gKiVjM+cUlEbsqZ4xqLE81IT3Lx6gXyXDUMsjpGQqRip1Y2zwJ0W6tWfOyZUQQepEYxpZHW8FTFqsGdvRX5dORLlaKw0mcP0vTsHekAYPXkDFE3VxNplU3cREXQrMdRKoCnOI+5Gycu9zlR4uBbvON7l5nNbkykunGL0VkGvfQqo2QFJtwLNhIDHfZHc/UZvpFVThxik4FfEwNS2nDc+NBMkDwI0+4LoeiNQAV+sJcrsIxMnNJDD0noxTMFt4CAPqUiSp5xHbAcRoCIQ1BBFVBGFPAYFiAYPNSkxl+4JTYFYGv6mVxyBU2oe4LiC+GxDrKPR7rQU4G9eBl/ejMVEW1sspMDUk8V+VxPsHRDZkHbjcZvGL7lrxj+pe8xN2rviEa63HLlUVvS6JPWxqlPC5BH8A3ojcdBpMJSoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLjZNLSFRhGIYn1IULF+2CiJA2tWob1CIKa+WqoghaRBERrYKS2kSLCoKIQmbQKAwLSs3FRDbeM03TmmnGG3kZc3ScizPjzJnRuTlznr7/eGFMgg485xzO977v//2XYwJMhZx7aDssVAsOISREhQnBomp/6wuNZYJZyLbaPYzOafwOZ1hIrOKNLNPumEPV1jVlWwLWzbY33RPk8jpeDZqH4rwfjvMtkiElorygakqjtBshGwFmVYhlMa6EqOt7YtT1L+GK5dHlmzzQ8mv19RCzESAvh4S8J5KlfiDMZHhN1GJPYekMM72M0UFAbgl5ZhS6rgLyymuM3ibzaxnWeN4ToqY7xIgXpgIwMJmQ6aSJpCEoAZq0Es1BXGhbWxOzCnC6PDFe9S1KQBDL5yBWh0ZD77QS+BVNfW4SYlqQbiaXwLWQw+XRVN2pAsJj3hUZOUiNmGslZNCdUEWfsHsd30QgjVUWtfFHzGDEm1Sa8GaApSuIuSNAdYefoZntASPzSRrtGq8Ho0KE4YIAp3M2irnLb5jfSfpkWEe1vTGFhl43fS+f0nXhAB3HS2g9s5evlnubUzAWsX8mhSsIc0lwx4UYTCymGfWl6a+rxnnzCKmPj9HHbay8vcH36wd5cvFU7+Y2ZmVrgrJHv6Jg98MXD7RP5/gwluHT2X0kxcyzSqjaCQ/KCT06SsuJ0oUtBykk2+UKQa+Y26Z0rOOrNLlSRtu6vZnCK3p3Fx3HivVtR9kb1/kpHbRP5bCOZGhyJrGd3sPyi0sgpvQtE0uC52oRrRVF3n/+TI5ZjXF/xliDgdr7DF7Zj6+qnMXbJbgv76Czsjhnqyi6Y/qP31nhqL12vr/lZKlPtS0jzyuz0v8BvOcGre/IsB0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZNNSFRRFMd/b96Mb0ZHEbFPTfqQNKpFkVZYFO1MSFpEkBAYhBht2rnKHIogCNq0qIX2QdHOKFHJooIKlDIrykxLM0VzbMYZx9F57360GC0lpgOHc7j3/H8czrnX0FqzYKefVOuDm8rpDr1CaoVUct4VQglKcvfQdP8W7WeeGQsaN4tMOAKlk8VSSYRS8/Gv27ZYLMG1BGALtAZHSmwp2BgJc/T7V2zpIOT8XcJJDXBsgUU6lsuLIwV7JyfZLvysjEawTB8+7cex/w8IfBrqZY1VyAphsn5mGrW6jLLxMOu8RXS/68GxRSAl4O6x5vrnn54GJkZCHJgxYMNhZG4JJeEwE/1B2jpbA28uva9frDG01nC7zIfLLEJjApyPumpqsq2TWVtqkY4b60cz9/peP6xaldNAsgTEXJATL4aTgJulI+QU52kM0Bq0Qi7fTcKdj4pNYooprHg/xlwo2bR0IDaGKxo+ngRcXHMIoe+o/bV+WXgEFQ0iopOo6SAqPoW2E6AVRlo6JgL3hxa8gwMPyPBUGX8e0tm8QhQtamdlUaKgEhkeR8bDqHgEPRNFGxpLhPC/fSyJiXqaxi8sHWJgdAC/Z4frc3uze+ojWtnouRl0Io4Ss7g9bvy9T0PYunxB/M8WqBuKkZ3V4ZoeQgsHhANKgjMf09wxro12pFwjAKa3QmYXJ1OPwGtGcPmykcpC5iwroKF4a2pA4y4f2jgg/Wvxfmsj81HjQPrLthuZwU4scxqRtQ6kUZEaINU+mZHv87SeI62r6zpCb+PqSLVnbLg8o6d1VM/OgqOXAJb8RiJTeeaX8UF+2ado/Nn+5/zyUDt1RZu9fe+vICldLPkNkalgK6EwqgIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLpZPNS1RhFMaff2EWLWo5tGnRaqCFRBAM0cZFwVSQpVHNQAWVMQwaSSZWtimLiKnsO5lEjKzs4y1zRK3oItfMj1FnnJkaUtNrjo45H3eejpCKNa5anMX73vs855zfOS9I4n9i2SHbCpvph8q8A9PNcCzcz76EM9EETj+DmmqENaeBiJ3mRyuzQy5mwyVMKqiFbzNN0MxgKZOd2zj5GMZE/ZL5ooHZAntGW89s7Bw5Ws25llWcfQHrzHPYE/51ZOQ0M4Fiitj4UQdbzhZSb+FJ63ZypJqp7p0UsTf+FN6kvoMMl3GmNY9jj+BckcF8/HoFldLzpZIqxhthJPVdkr2cifdb5sXefyAKLFvyzVJJAssisIxstILZ0DEyeJzpHifHfNBGamFZ+C9yC7bhG7BBxCrZZqWQpoiNP6S1TMBFDh4gA0VMdxfy+0NosftQX+8gGKkBY741HLoGhbnXUOZwKTn+gGa4nOlBN9MDxdJzCTmwj+wvEKPDTPUc5Zx+kOk+NxmqZOJTIXsviYGQVgKLAos/n0CbbIAS0ir1eY9kF4O+3UzpBYzehhaugQpdR3DwKth7EeyqEoO/oYzXwyKwDDN0ipme/VKFi0l9L8M3oYW8SwxWnIKI1XT7Vqb6i/ntLoLTHdulhROcUJsZuJJjCsvEPpyf8m8io5U0VB6FtFNIe6da84XFEcYaNrDzLDw5DUZ9cEwqm6zxGWYGPBTShogtQtoerV0rLA5JKy5+ubya7SdzbKKMyRG7ByPeIfvebKfAWszUdQFavKOI0bqNbCuF4XfneAvzIaStQrpOxEpIL746rQKOD2VQbSXwtLiXg/wNTNvAOhsl8oEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGBSURBVDjLY/j//z8DJZhhcBoQMuUBJxCzkWxAeXl5PYiOm/toTtDEB0U5OTkCqamp/XFxcfvDwsISYOpsbGwUjI2N12tpaQUgazYoKSn5D8QJgRPuqdevf/nKp+MOf3R0tEJISMh/Ly+vBGTL1NXVC1BcADQgobi4eH5ubu59ED9o4r05Hs23WkBsd3f3+XZ2dudhalVUVBxkZGQUUAwoLCx0ADpZAejk/0AnB7g13JTOX/z4lW3pVWmgkw0sLCz+A53sAFIrKSkZgBIG+fn5AZmZmQIgNtDJ+4ODg/eD2Pbl19odK65Ogzp5v7y8/HxxcXEFAQEBBxQD0tPTAxISEhwiIiIcAgICEry9vf8DnexgnnNJKHbGvVcGyedVgE5OUFZW/s/HxzcfJRaATnYAOtkBWRDo5PvAUAa7Qj/xfIV1waUVIDY3N/d9NjY2lMAEObkA6GS4nywtLRUMDAzqgU6uBzrZQTv2DKdX442r6uGnhVhYWAoYGBgEhkBSpqsBAOTifxrCztZUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMxSURBVBgZdcFraFtlAAbg9zvnO5fcTk7Smda2SRvbLbau69aSUXWdE4rTuTlBnUxkYzgUFX9VLKJ4mQoyEMShwqygqKWKjKEDYSiuk152payKTdvFZZCmSdauTXNyTs4ln/vhjxLc85D1n82BASAMcqcqfPDgeu+BWpmXzl3XUqNThWPJtHbc55MRUCSUNQeT78WwFnWKNsAAw6oYaUryFUrErOEYl+a0C8mU/o2iyvD6ZNwOdW6aYAIPn8z1PBBx7x88OX8k0iBvpgyCKIv3KiH3DoFBqlgMt9gA3sAaHCs5KK9anr425UhzUKrnjUqqK+SK1MhcoKxZNTLPHdwYdb1W76cvLGZMEVU43aigRRUON/po15Wp5cvtdeKzDQp/j+RUmAeVWp9I1NlZbaxYsPP6sjWEKtTv4h55KB58e/z84vDpM9m3WMmULNP5VA25tzTdrXYspPSvbiwYo7FWz8dHdxzfkxhaucx7O6DdGAEx0gfpgb7QywEvnwsoVPPAXlIa3H13BD0BItKwV7AKJcLO3hkSor01vwZ3xdR3Xev2wB/dguV/Ypg+PXiU+j10Lw84AVUgstfFVsr0t1MXV8ObN/l6rKKd4xkb2Bkd3fDitqzkV+/H0tW/IRITPqUO3pqIn/I8caaTJfx+ocBMwQXKkbbWJvn1ZKLwcypZeuf7p97cFO/u+VZteRjlzDBEN0FqchqWYS4aevE+bva6gZ/OLCOTtznKk8fr1gmfuCWuZTFbHrt0eH94a3f8O7X1UWLMfwEi3ITg9UEuXc1ahUxf/JUTM3Rm3kJ92AVR4CjAnnbLXC1z2OyTjT/0ehr3feRvfQxG+nNwgg2zEEV+ZHzV0Uu7u/rPTeIWwhhDtV/er3+iOf7MUGz7XtHMfg3CmzBWGpE/e153dK091j9+Df/hUOXLlyLPNXUf+tFiYTEzdQwVGNCWGpAbmcg5hrYx1j9+DWtQVFGaNwy2b3seieFXMfPHGKRIJ+xcYj4g8js7BiaSqMKhSmJuwTb/OoVoZy88nhjSF6eKhm7u6hiY+BP/gzDGsNa+7UG9665aurUtCiaUx/Rc/tDuD68kcRv/AvFKVJouQOXGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKNSURBVDjLlZJfSFNxFMf3FD1kT/VSTz2l1EtE14h6SbB6Ch9CqCgYbI3F2Kabf3A6F/vncOxuNre5Ob3MK7U5mgtDZQ9uOpdzhehAmbAUfetJGIRs+e33u5C0nEQPhwvnnu/5nt/nHBEAUa1Q8vfwOtSIZ/4GtHiu/DytTnTaD0WosRz7Ooz3WRaPnJf/v8Er7iaiX96C/2xHk+MifudDoRCCwSBGRkbgdrufi9LpNGgsLi5iYWEBav4+5Nxd6D48wbtVFsG0FS/G7uCW+Tyu9dcJteVyGfv7+2BZNi9aWlpCpVLB4eGhEJKxGzB8fIrwqhNsQgPTJzmGk/14yTXhuv5C5eDgAFtbW3A4HN9sNptclEqlhMTe3h4ymQx2d3fR6q2HJvIYXMYGT+oNxKFmMlUrpqamkM/nEYlEMDAw0HTMIJFIYHl5GTMzM0wymUQ0GmUesJcg45sh5R+iQV+XpmKXy8XwPC+832g01h83mJ2dxfr6usCgWCxifn4ehe0CGMtZtLhvHztPTExgbW2NuqOvr+9c1RZisRhKpRLm5uZASDPxeJw6MXRcAouhYovFwgQCASrGiTWSQl02m0WhUAAVb25uIhwOY2NjgzYUnP1+P3K5HLq6uo5q3gHHcRgdHYXX68XQ0BAlDUIaJpMJBoMBer0e09PT0Gg0R/88pFrR2dl5pr29HUql8ntVg/Hx8atkPJ/H46GkYbfbYbVaKWnBtaenBx0dHWhraxPeLpfLS1UNCCwd/TqdTtXg4OAOEav+dler1SqFQrFDxCqpVPqjqgG5aR0hLaxrZWUFk5OTAunu7m5otVoQMXw+n3DGpBZisXi7JgOz2SzA6u3tPTGBTCZTSSQSKsaf+V/YTMmdVR+nAQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI3SURBVDjLfZM7aFRBGIW/mXt3swmuaMjGBwqCBlQsRPCB2GknCIpgJSKKkNZGxM7CQrSw0Ngp2vsoLBS0srERUSMiKkFRYkLMO7t778x/LO7VxFdOMWc4//xn5j8wThL/wqnz9w6BrgIrhQNBuSzEQMp/odtnjm7t6m00cC5FQG4OK2rEkHHuyuP+/xpIdDV6GvRfvsWGvr5feuIdn96+4sLpfkxikReA9yl969exZecuEp/gkwreeyqJxwzMFjEwCQM6OmrUOpfAH1kJEU2k7x5sf1Fbunmzc/73sg4QDJ6/HmZUQ4UaiwQ+v/nKsb0QzEid/Ma1e25UnFuQtHPEh3eQwCdVfNJRBlBSpYaAEIyUoBaWdbSHB4hZAn4pztUJ0UAwMjT413gjQ4Og/eTRSMmdl2XErIpMWPMT+ew3zm4bofnsETePGDBUZmBYFsl2V5vgOkM0UpxqFppkc6Bslnx6ivrGY1Qbq1ixehnOuWIsqeCkzucnJ5KKz2KMmkzJPWlnL8s2nQQMJISxJP/I+8EHxDCLxRkUZpA1qfYe58uHMS7dvT8uOJySS4otbO4lipMoTqMwQbfGWd49CWGi1KdQnKVzTUqlNmwPrx1tAKS0kSxg+SgKk8XhMFHux1GYKpsLAylAez7QlExyRBS+l43ljb/MpuebrVWMGRYYKLPxMDfWlc9U61jdSxWwOqgHxTaQIV+w85HYakmZtecNWu2LH68f3IHYh6O+2N9AgHuaYbr9U/oB0sFcUlVzMrwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLhZHfT1JhHMb9F7ptXXXR2lw/Llp3blnNZauLtmwtp15oWsu6oJZ5bKyFQiGIEIRIKoEsJtikWM1JmiQhtpieo3ISUoEINiJNE2SgT5x3ZiVZ3+15v3t/PJ89+755APJ4PJ64s7MzZDKZYDabYbFY0NvbSzq35867u7uh1WpjfD5fwXl+iixqtXoi2xfw/0ppNJrPOQC9Xp/O9vXTvCf4l7jKJkUOgIvH1bmGPlQ1D6Na+gY1Micut77FFcUoapVj5I4rnU6XCzAYDJuAmqz50hbzNdUvQJfu8d8BmUwGMzMz8Hq9oGkaHo8HbrcbTqcTDocDQ0ND+B62gzWeh8/ahPGOIkyo8ssJYCMWmXxLSwtYloXRaIRYLCag6I3rmKUKERmswyJtA5bDWKAtcElORAmgo4MMBqFQCIFAAH6/Hz6fj6RhGAasuw3xqTtIhZ4h8roZCeYpMvMjYLqqkwSgaW8nAKvVCrlcjmAwSNLIZDLM0ibEJ29jLTGCxMdaxMeuwmuoBK0t+zKmOLOHAFQqFQFEo1FEIhGEw2GSZp4x4ytTj7WkCyv+CiSDpViapjCnORJ9Lz1+cHOIcrmCAGw2G5RKJYHY9HxE3tVtmMuRDFzAt8kGsKoifJAcPvTHLzRLJAQQi8WI2FEjpvtvZmM7kJyrxGqwDIvZJH7NSTyUCnK/USgUpocdjnW73Y6+R3xMvaAw8bIVn9wlWJkrRXz8FrzqUxgZ6FsXikSJHABFUYxA0LgiFIrQc/8YsDQPtv0sBqmdcLYVY0BQgAfCetwVNK5m37pyAL9LcDE/nXIpkXLL4W4qRE/VruX++v0Htr7bFlBSsCMpqtibfnWvOG2XHh1+Xrdv93ZmTj8Aff0H4WdEl0kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLfZPLa1RnGIef75zv3OLEDObWqcaYYJUWgqa40MmilioE2kI3XVXRFsmqUAqi/4G7brpxpaLgpUIEcaEW23RbKRYqASfKJOIlMbfJZDyTc/kuXaS1BmNfeBcv/Hjeuzh/494PxoivmpkJU8WbZteGnoTQ49yxLz78HkAaKw59NtTTGYahEMLl/ywxoFXOtV8fHQVWAc3UBEEQigu/1UhYoCEq9HXPEnl1lDUsLkeMP2qjxb6PpJ3jX/ahjRD/QmWmwHFcHAGZM0NfxyyB/5h62kBphQwC+ntKTFY3UPQ7MGZtVRLAAI4jSO0cvldjaaVOqhMypVA2JggC4jSiPXKw2DWD+Q8gBFYZUp2TqJSVPCUzCm0AkWONRjoCa+2bFVi7CgjppBFPY12P1MRkSuO5EXGjQKtfYjC/RH53li1Jvw+DADivAI6g4G7m2Uw3yUKBFruJVrEJtdjOzJMSZa9K+YMapfIRBrvuh/dO7RgGkPZ1gNfFu9EgT/8co1h4jtAaL+nk455eDvRVadt5kPjxTTZs7BVqa3305nf9x161UFkYQRuDNoYd6Rz7enoxQHX6BZG9QXHgW3RznLBjC4l+Sumj3S0qrp2W1loEMLx6WAC4A0s04wXC6b/oKI9QmLpDXpvCcecRToy/cR6SJi+nU1eKde5VR0V0VMT4Hu88vIgXWYyawTFL4LRi84wHVyrJeGV5RIaeqGPytl3de0GIf1CWpHqLZOoXuvYMYbOfEbrBg9spMk3Ic20nqsuHDl+eHJW+FD+NjlX3ZdoOvL7i/eJ64b2hT9xs/jRStjE+ltm7zU8TubWc++QXj57cP7qay9p1/cm14d/TF6dsXPnc/vFjuXHm6+2H19PJt33e88n5O8v1sW3NxXhlYmLuxDdnH15dT/c3MC9g0QGCji8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIWSURBVDjLjZNPSBRRHMf32rVTdFOsDkJEhODNLGqXukgJpmiEURBGdEnbskNktrhCRQuaLEEikUhlbK5EiZmxjbWwfxvL0dHdtdlCx3VtZxyaed/eG5qwZct98DnM4/f9vN/M+40NgK1Y5p7tPTY9UIeZ4Q6EvIcQ9pQ3FR1O+kvqpbFWZCI+YG0RK5EhBNz2dFHhxIvSWjl+TdOSzyGNd0GJPoE+P4nogzPqpuGUv8wux64ahjIJZbYFy1Pnwfc3I9LXuDR1t2bnf8PC0xKHHL0MQw0gJ5yEmmhA9pMTYm9VOth9cA+rsdV1jm6lDFA0Cizabl6H9KH1d7gJ6kI9VmNXIHiqs5/dFfusQ5hg+PGbL/ipG7CWxPvAv7wEQ5mAKjZjPdGIDO2E9xwmgS7Hjo1dMoFuEIKMQvAtS8C9eoT4iBNh/22kuFrkxAYsh9ow661Bp9fHuqv4S9DiGTdPTa8SfM0QDLoOANl5TN8/jjHndrzrceCt2w71uwDXYJAJjhQULNJwQia4cXY3tMA9aNwdcB37MXRuF4Ih3qwpKLBegbUvLhGcqN6GW6fK8dp1FBP9F/AxvoBwSjcF7Q/fM0FlvsD8iEyycbFuQknDFLPl40QWnqFsyRdY16hbV+gdjf8Rraytm890P0opy5+VggNECwVJzllBldL+r2ErFO7uHYmx4A/Kxc1GPT9cSpmjnC72L/0FRS76cD+dhSEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGBSURBVDjLY/j//z8DJZhhcBoQMuUBJxCzkWxAeXl5PYiOm/toTtDEB0U5OTkCqamp/XFxcfvDwsISYOpsbGwUjI2N12tpaQUgazYoKSn5D8QJgRPuqdevf/nKp+MOf3R0tEJISMh/Ly+vBGTL1NXVC1BcADQgobi4eH5ubu59ED9o4r05Hs23WkBsd3f3+XZ2dudhalVUVBxkZGQUUAwoLCx0ADpZAejk/0AnB7g13JTOX/z4lW3pVWmgkw0sLCz+A53sAFIrKSkZgBIG+fn5AZmZmQIgNtDJ+4ODg/eD2Pbl19odK65Ogzp5v7y8/HxxcXEFAQEBBxQD0tPTAxISEhwiIiIcAgICEry9vf8DnexgnnNJKHbGvVcGyedVgE5OUFZW/s/HxzcfJRaATnYAOtkBWRDo5PvAUAa7Qj/xfIV1waUVIDY3N/d9NjY2lMAEObkA6GS4nywtLRUMDAzqgU6uBzrZQTv2DKdX442r6uGnhVhYWAoYGBgEhkBSpqsBAOTifxrCztZUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG5SURBVBgZpcG7b41xAMfhz/v2SJ1qI2nVedXtD0ClsdpIdDARBlKRaEIMLP4OCZNYJGIQl0EQiYnJytSRRA8nLnGrSy+/z1dHObH1eapLL86FVUlIQgyX91+v+I+zT2aiQcUSVGpWdQa3sL29kxhMmovPZ0Ofs09momkQOu2GzlAHi9RJSEJnsGFrewct1vU09LOIxd6m9jhbh7cxULVQqWPo/X7Pm4U3DFcb2L1xkij9imFq8z5GWiN0v3d5/fk1pUhtQimlefezy2CrTZUKS+hnkQTWt4bofuuiNhapknDh2ZnEoEElhmvTNyv+cere8ahosIjKnZkHVZWEtahZo5o1qlmjFqtmH52MBouoaLh17G7FP47cOJwYLKJB5fH5p1U9++hkLDYDGWDX2B4mx6ewSD9LmJzYy66J3ahomumrB1NbRNMbWz/Ot99fWV5ZwiL9VBbLEl9+fWHT8DhV6KnUFmmGJhgdHOXH4gKv3r9EpZ9F5ubnWFpeobOxw+jwGDG0ivJn+Q/zi/N8XPhAKTZqjz4aiovN/Ke3PUshBhOqE7ePRsUiGlTun35Y8R+HrhxIDCbEkIS/gKBKja+GF3wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLfVJNaFNBEP5e8tLXkKqtSa0kVYKplFIsFNSTIgiFhoL04FnsQYTSW66BkIcezMlTD1LQS7wWjIdA6qEVKq1ixAqSWBqMFWJ/EtvUtMnb9+LM1kispAvD7s7M983Mt6vU63U01uiDhfrErT68+VqEJeowTUuaRSaEhWsBN6bj7/Fu+rbSwKhoWpZpwrLqEMYfoDjcTXFogkmF2QyBrfnyt5phQtRM+DQT1901GHQ2yCcJjyOwKPirYsB7QpOggY4aBtwqTioGzp1yYq9SpSLHdmDqb1d+wKOp6DvdBrejhq6uLgy5LZxxtWEpvc5F9JYEC4+CkU/ZTX3pYwEXnAbO9vSgs7MTbqWMpQ/fsJIp6J/jdyPNGIVfIZ1OO4UQ/WR2wzDw9PXP+6OD2r0rQxdlUqFQwPNXXxLDXhHleK1GuhjGZigUykuC5eXldYfD4eP5iEQat26z2VCtVqGqKjY2NrC1tcVAGd/d3UWxWLwjn5Gck/v7+3Gfz9fBLe/s7KBSqUjjAkzcQ+MEAgFomsYFkcvlXhBuVml8pFQq1UeOl16vt7+9vR3lclkCOc7GPsuykEwmTcqLRKPRh/+IODIyskqzXc5ms7Pcpt1ulwA2JqARGVyknGAD/N8rjI+P71FCant7WxKwBrwriiJJSI89XddTLZ+RFyWNeTwe2bLL5cLBwYEUlM+0nyflL7UkmJmZcVIHN3t7e5HP55FIJFbn5+efLS4uolQqwe/3s+BjLQkIfKO7u9tJs7LST+g+HIlEJjKZTDAej39nPY4SqEfa962treUIOBkOh5MNfywWS05NTQ3Ozc09pj9wtRnzGyK4jfbwxX10AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHiSURBVDjLpZPLquJAEIbPQ+Wd8gAZnTirPIGIgiLoxo2iCxeuBJGgoggq3trLwoX3a9R4QVGxpv/mJCJzOMMwDUVCur+/qv7qfBDRx//EHx/6/b7U6/W0brerdzodgzFmtFotvdlsavV6XfpWgMMyh9l6vabz+UyPx0PE6XSixWJBtVqNVSoV+UuBT9i8Xq+EhefhcCDTNOlyuYhvEC2Xy2apVJLfBD7LZha82+1ou91SPp8nwzBos9kQqrJEdF1n2WxWsgV4v5p1wIIBOp0/KZfLCXi5XIrAGgwGlEqlNFuAm6VDGaUCtLI6HE4RPKOA4QP8QIJEIqHbAu1224BZ+/1ewMi4Wq047BDhcv2iarVKs9lMCN1uN4pGo4YtwMckBFC+BeMgYFV1kaL8EHvT6dSuIhKJvAQajYYOx9GG1SsOqqr6Bk8mEzGZ4XBI4XD41QKfr4bN5/MpwPl8LspVFEXA2BuPxzQajeh+v1OxWKRgMPgykc9VKhQKDB5gIRsCsAUiKxLgncOMh/R2kTKZjJxOp024j4PH49GuBpcJmSHCQdPn88lfXuVkMinH43HGWxItwBP0jLljlBxkHo9H/vZnisViUigU0gKBgO73+w2v12twSHe73Rp/l/76N/5r/AZGRj/URbdFDAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLbVJBaxNBGH2bpEkTmxi1NTRKTZtoQUHEWz0Igj2I4kG9eVNQhEBO7bEHc+yv8JAiHnr2B4gFqVrQRhObljQolBSTJqZJdnZmfbNr2rU68DEz33zfm/fejGHbNrxjaWlpRCk1J6WcYZxkgPGTsWJZ1mIul/vlrTe8AIVC4Qqbl5PJ5GQsFoPP5wP36PV6qNfr2OIg0L35+fm1fwDYPMLDj+l0OmOaJmq1Gjqdjr4dgUAAiUTCqSsWixvMXV5YWOjqvW+AxOSz8fHxjBAC5XJ5s91up7gO6tDrUqn0QwOTXYZSsoO+wGDB5EwkEkGlUgGb7mSz2apHajWfz9+sVqvFVCrl1P4PYExr5m16vYUjQ+c0O11DtmN/ebD95pG9UpnGzl7Y0Xz30ir8toAtLdiWG0JIvFi76piaGG7g9plVTD/5YLgMCPLg/g0YtMTwhznfApRBfsP6kAYJSKuN57Md5oXTsvHy7aEEfZMutHZfIRAahWGMsHAICMeZVsD+HmTrG8zudyhrH+HJLGyz7wEgRSh9k4nm+nvqPIb4xWuovV5k/2lMXJ9F8+s6ARqIpk6QsIQtTC+AcGTYpBqfvgBfcJTuKMi+xKfdMCZgIp6eRK8TYu2+w2oA4PwDm+5qVK218XmNLN7xxILqKfS7pGqTWekLmuVtV65STs8hA73RqJQQP5+CP3KKACamHj7FlGBDawfH00kEW0MuA8o9AmA6qMrSHqwTIAoM08hAkHkN0ES3UYfotBGdiNFu5cr2AmgJobOPET7nhxEMuU/o40soSjO7iHbbVNgnUen6pY0/AOCTbC7PuV44H0f8Cetg5g9zP5aU7loDcfwGcrKyzYdvwUUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGxSURBVDjLpVM9a8JQFL0vUUGFfowFpw4dxM2vf9G5newv6OIvEDoVOnUQf0G7CEYQHVzUVZQoaKFugoW20EUaTd5L+u6NSQORdvDC5dyEd+499ySPOY4Dh0TEK8rl8n0mk7lOJBIpVVWBMUaJAzCFEMA5B8MwPpfL5VOlUrklonegWq3qEr+c/2Nbq9VWHs9XkEwm0xLUy/Lzn5KbD1exaDR6FlpBURSq4/E4HJ2c4jMwmYpcw6vf31be2bAHQTPVHYEFyAr7VeEACzfAQKPuSmlCy7LINBcteifSx3ROWutzlCAZ3Z9Op9ButyEWi8F8Poder0drXTQ1SNUeqalt22EFQrgvC4UC5HI5mow1EjA/SjdEjEQiYAd+HV8BF5xwNBpBo9EgBZPJBDqdDimYzWbQ7XapmeA8rIDLiRjFYpEm4zTEfD7v19lslhSgJ2EFXBAOh0Oo1+vk/ng8Bk3TyBtd16HVarkrCRFWYFqmrwAzqMDzBhMVWNaeFSzT5P3BQJXI3G+9P14XC8c0t5tQg/V6/dLv9c+l3ATDFrvL5HZyCBxpv5Rvboxv3eOxQ6/zD+IbEqvBQWgxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVBgZBcFNaNUFAADw3//jbe/t6d6cc2/kUpeXsEgUsSSiKIzAQxDdvCgdulgagmBXLx4K7BgRWamnOgSDIj3EusRangwlbVvOyba25tvH23v/z36/oCxLcOr7uaO48sxA9Vg7LbTTQloUtrKihXUsI8cqVvAtfo4Biix78eDItmPnX90FADaTotFOisZqJx9NUta7udnlDT/+vXkc52KAIsua/T0BmHuSqwSBOCCK6a2E9vSGojBUiTg0WvNUoz74xeTjT0OAPE376zFZwXoSaKU86dLq0OqwssXSRg4uXn/o2Fjd80OVXTFAnqaD23tCm102O7kwDMSIIsKISCAKKBDka36bXnX7YetxDJAnSbNRi7S2Mu1uKQxLUUiYB6KQSCmKUEYW17o+u/lgDadigCxJ9jb7K1qdUgYlUR4IS+RsPfhFliaeGzkhr+SyJBv74aOX/wsB8qS7d6TRazMpBSFREAjWH0lmflV21lR7e/T19fl3acmbAw+9MzT7CQRlWXrr0k+1OArb3104bvKfVKEE6fSEffv2mZ+f12w2hWFodnbW6Oio8fFxRVHUY8i6ya56vSoMKKAkCAi279bpdCwvL5uYmFCr1Rw4cEC73Vav1786c+ZMO4Q86fbFCnFIFAYEoY17tzSiTcPDw+7fv+/1kxe9e/q8R/PzRkZG7N+///Tly5fL+JVz14dw6eizeyyslWYXc/UqnVZLFEWazabh4WG1Kv19lGVgfX3d3Nyc6elpcZ4kb+DEH3dnrG7FNrqlNC8V2UEjG/MGBxeMjY2ZHP/aVFDa8/RuKysr7ty58yUuxHmaHn77tRdqH598CQDkJde+mcKAhYUFRw4f1Ol0zMzMaDQa8F6tVns/ztN0ZmG55drNuwa21Qz0Vw3UezXqvQYGh1y9etUHH5419fukxcVFy2XTrVufl1mW3bxx40YeHDp5ZQjnsBc7sRM7sAONak+lUq1WHKrds7S05M/yyF84efva2Sn4HxcNUm7wsX3qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJSSURBVDjLnZPPaxNBFMe/s0mTVJuWtI21JFhB60UUKmJB8aJo8WBBRREEb179Azx7EepBvVjBmygeKpaCYIV6EhHxJBTspRRj1Cpq22R/zMzO+J1JA8VLpcMub3ZmPu9935u3wlqLrYyxhycuKq0ng/85fHXmUvXy1LljG+Bxwk8qA4MlsZkCwnulVPullM+k0mNKqQLh5zvLOzJLtdrapgoIlwhPVcuVgPAs4emhStXD3D4kbsw+8hKMNTCpQWr40qpUQ8kUiVIIdQ22cwE9xSIaYYjP9WUEyVFo1YlsbuU0Roc7N8S00MbSSctqWqUtFlff4fXSBKwROLPrLnJiAA/mviPbxlZDzehYhwykB42HJa3VBzDSfcuv//hdQm+XQdTQLQeGhTx1sIjp938wfrgH+Y7ACeFjMV+L8ebTGs4f6cfTt8CF0T5MzHxBoUPARIqpaO0j5bOC+RoP33+1DCGA2zNfUe3rwL7BPCq9OWzPBdhdzqMZp4h41jSpoJloxM4BPV453odsIODW3PU2khSsKWvU5QQhJtQgHPriBrDNFEEjskgk8+F758U3n28YGw+4SCkdfVwKsVAPCaVwbRPRQawsTCIRrEQSMWG30YoMRtbr306Bxb2Xdfxc015B97YMJq8NQ3FuEwtx8ua8PTtSQu1XAsnFhAoS1aq8m0t/E63bUL4/Wtc71J/H3ONFZFfp2UkqFjKQrENBCag8D2laHUAZ6yHXXPTjG82pa/8BYs/1DzaOKNnnxE3p5k5eyj6mJei/qcBX9J8htvo7t8dfFzerp+lA/ogAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLpdNdSFNhHMdx6YVIhaALC8GLoFcso5dVRHVRFFQISlJeVFYQgdKKiEprldrmS8KgWYK2raZGbaOcafamLVxq6qxs5qxIHYpkUiYsmVvn2zmnGBbkhbv48Ryeh//n+Z/D/4QBYaHkvweagxujb6cttzlOLuqtP7Wgx3I0tjr38Gp9TnIMYu6L2TEh8DkjQhgzJSL0tSC4rAR0K+i8EId/9BtPLq2RERnQ7Fs7xZs/4643b/qYN3caXrWY7KkEGnQw2AkjA9DnhN5G7FU38DzVUHYiTgIOyUBByqqI0ZyZ9bSUgNMIzeL6/iF4mqDrAQy8+b3fdJUipYK+51q0KfMkIFoG9EeWLfRlRrbLQFkilCZAbSa0ikU9DvHmF+KznmHzcZ81XcGHe0qpmOBHtB2bn+BXz/HQoofyJLi1B+qy4FU59Iutd9WIXRXTWaEbthdsprtG9TfgzJirFhza7zxWgXkvWPbDMzW8NcPXbvhYC+5qWiv1vDPtpvHKNglwBYEvmshK8YaA3LphOzw6B+134JOdQKvx54gx6YfPGO9/XZ4uAxXn10tAdhAYzY94KTQWQlupGBNCRyW+QgVDqkih7fJOp79em9x/84BhZUwULsMuilNjJWBTELAol5R0qKK8Q1nhwmBmuOA+PdtnTl3cMH4mxIIt19OWyh2Mf/8JB+kfIM92cUNIgLu5KD4kQC6uK9gaHOFJAdaz6yTgzGSAa3/+QmmdNf7sF2A4ynPOLQFtAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLTdJNaFxVGMbx/znnzkwm05lJ0xlm7FeIbW3UxDotVoOEFkTMotKFK+mmOxfdRMWFggutOxGquHOnBFw4CIq0WEEsihJNBEWKUmuTYMjXJPM9c8+957wubNM88G5/8Dy8SkQAuFhdPg1ceXBoYLIbebqRJ/KeXuwbQAvYBBywDdSAT4CvA+7Gx/GTJ8p7Jl89U2R3Otbnu9bnt/vuoI2gFTrubLa5+nfnWWBmN1DKJRUAy3VHQikCBSaAVEJzOKUxWpMwUDmYZn8+M/zR3Mp7+h7goiiXCSD20LKKRgT1EBr9/6/Wg/W2A+D12SUmRzOMFxLFYBcwnE1qOiF0+g6tFQFgDGgDBoVR4AHlmvx0e5uFpcbKfcDaUj5taPRiuqGgtWA0aKcwGgyCMYAY1poh71+/1QQu7lSIrR0p5RI0+kIMWAHrFNaBavxCZukdbNjCC7iEI7Z2tHrpiev3N7DhSDmfomMFpcEohQaM75GrVSmWJkhvfIkIxGGIs6ED0ADTl6+lcXEyldBYBxoBPIInvX2V4VKF3AMVzNo3dGp/0u5049ja5g4Qh7aYUqDvjoSAApLhCgOrX5EtDOGaX1B+9EXWfptFbH/92pvTsgM4Gw4GeAINRitQGgRSq1VKx89Df4G5j2fZM9Sjt/wjj6d+796rrqdmZguxtZdPjx1mtSncWXNstRyu9ivDqk52bxcf/gPice2fGT37Cs9kvy/PfTCZBTAHTp57Xpx7rWejxK0NxeJqndv/1ji28SFHTkxh/AISb7H/kQLiuyQHU6STx5P1xfn+oadf+i5wUXTy/NnH0m9ceGrn/zf++Jze1gSD2U1cuwbKMF+9yakXHsb3/6L40HMs3ogu3Xh7/DNTnpg+ujefOVdrRSytd1hv9mn/8BajZ15GBwaVOIQeGONAZQo9MIZKHiHIHCOZPZrZvPltSVUuXCkAM8AIsA/Y9+74p6eMRFq8KPGCeA/iwYN3sWhxVnnnRWT+P1A8aPl/RBTPAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFGSURBVDjLY/j//z8DJZhhcBtwa5ou062Zhp0PV7udvjVNO5lkA25M1Cx4czL//+/PJ/8/3xX+9myrqgfRBtycppf26mDs398fFv//cKXh/5vjdf/vLg74ui1PMZIoA+4utF7/893K/z+e1f3/8WLW/w8X6/5/e9Tw/+YM+w9EGXBrpknbl7ud/789yPr//VHx/2/34/9/uxX6/2y9xWe8BtycqmvycJXbqac7Au59uhn3/9ttv//f70b//3oDqLlB7/uiCAXcXrg1wyDm7jyrc98ezfz/9U7w/2833f6fmWD+5Xyz6YtLLWYvlscpBOMNxIerPc7/eLbw/6dLFv+/XXP/f3aK9deZ0cpJO4KleA/EyfISjMbH6zxO/nzZ9v/rTd//ZyZZfZ6bqBJLUkI62WvSenW+68vTvVYPlqarhg2DvEAMBgD1ZuZTUbWrEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB+SURBVCjPpVHbCYAwDLyIIzmEX07hCH64nAOIuo1Sq+CZ1ueXVsyRBJrc5aBCPEeEvwuxK9XtDn0Si/ZU9gUg2Z/dYEuiuxSI5mRtwyuEIR5KOpVZYRUjjMLVVkIVCk6YPPdg1/LNQ87xdtl4JauaQ7CHjAfXeK5FH+7h9bNWB/9J3PASf8kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALzSURBVBgZpcFdSN11GMDx7/+cv06Px3ePujrqNHG6RYxazbEaxdquuinoIiLqtoIQ1nUrogiqXdTdroLIIroJ2l1GDW0uNzWcHdGpO2tTm1M3X875v/ye5+kIuwi6Cfp8PDPj//Bf+OB8XbYp/UtNqjyLeWCKmCFxTBjGxHFMFISEYYgrhkhQJCoG3F3dWMrnFp71O5qrp44ebMt2tjSwS83YJWqoGmKGiCJqiAiiRizC+OQfDT+Hmzn/wcaqbCaVZDa/ghPhytR1+h/rZWxilkMPt+NiZeLqdfr69jE8PEXbvmZElJ5sLZnWvfW+54GaUZb0WN9WCs6jIGWsF2J+Gp1DRFFLEFFJ6JWzdmeTjmw9ThXP8/De/fJXS7giCTW8RJKjj+5nIypHVBE1VMGJ4lSp8QsMDY0Rbq/hopjVW5v4l6bzr/Rm7KPG2qpkJpNtSZZXektzOZZW1oic4JwgosQCJ595gu4DXTo/vTW1vLWp13K/nfXMjF1vnv1h8MgjnS/1dnVQm06xvznBP7311XGCeJvu1KdMjM2c//rj15+jJEHJi+9/395Yl36+JdNIJJDew7+ELibb1Mf4xhv41bXHuM9/+vQ3XlrD73qf7KnA88FLUFPhMTB4HDNHpI7IOR6o76av9QhbwQ6/F0/XHT4x+t7loc/OeGbG2+cuyInHexJ/bRmdrdUc604zMNjPyYOvIqaICoqxcu8m9VXNXFz4kSs3LhC4sM6nJIg0sXznLvPLOwRhE0Oj0wQaIabk1+aI1eE0JpaYzXCLQ21PsR0XuLQ4vOZT4uKYWJTIOWYWbiJqBGUBThwtNe04FcSU5Xs3aEi3Mv7nCKOz41Y0DvuUBFFEsRjR1rQHcT5qxq3VkC8ufkKkEYGLeKjpAP1dpxjLDzNybYzmuZfjkW/PTfqULE5enSncXu0tq6hCxaGqJOMzpFxEhTNqTBgvDuAlKhnJXWZv/jXW59c/p8QzM/6Lrne8HdFkqqjSdftDW+S+vwHrxbCSH7ilcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLdZPfS5NRGMf9B/wL+keCbr3wStArL/RKEdQLCxGEGqLJgkQx0A31IsUmKRbohSxds2Ws0ja3ynLzR20sdb1be3/YptPt03OmSRN64fOel/f5Pt/znPOcUwFU/Ev9A/ctYUQICpqQESKCU8Wu6/9NrBQcQv5FIMbnuMG31Ck/rDMS6WNWgnFU7FJTWWZwmex2rUY4LxRJGPB83eTZR5N36VNyIioIKqY0SvvX5K+BQwX0PKXHEvW0T2fS/4uwXqAo/2TAKFzEL00cJQP5uCkUYuk8029TRFMXoqVADufLFLvHlCo4kpcl46miWFQGBZVbmn1Z1rf00WDCpzG2qvEpATtH8DZqyXJOSJ9AUgwMKSVzDqawfLEnDmUQCsd0pt78FIMkzldJFoMGc2u7SnComH+zhyVJTqeTr9oZ4R/nhGOGioeUQWor8VtmTjImyeNi8n7PUsED4cYlB+MTE3i9XoYejTC3npYqs0qTujJwepM4PEeMeA5Z3y83eDw5ic/nwzAMPB4P9+0PCcWsK4NQ6HsGh/ewlDz7QZeNLKLKVuW7XC78fj+WZbG1tUUmk2FhYYG7th7q7Uvhq0307+cIJyGehT1T0GFmZoaNjQ2y2SzxeJxIJEI0GkXXdZRxc3MzV23MS2uS0qPtDAQO4XUMpqafMCFrHx0dZXh4mIGBAex2O729vdy+fYeGhsZs2UHSpF1hDdYkeXmnyOKXM+bDOWaDWVwbFk8DJuuxfPlBun6UE2aRTalgZeecwcFB+vr6sNlsdHV10d7eTmtrK42NjdTW1uZqamr472UKfjfo7+/H7XZjmibb29sEAgE2NzfRNI2hoSGqq6vLr+b163zP1lPs7u6ms7OTjo4O2traaGlpoampibq6urOqqqrjPwDsCp2+T9HiAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKiSURBVDjLlVJbTNJRGOehXtl6dD20tbV66cGtrfnUU7WW09Sl3TRsokucuGGZInIXRRAFEQhMBNMCUkEDuWiKrTC1uTJvqVQP9dZDDW1p/TrnT2u5XNbZvp2d75zf5fvOxwLA2i2aJuoTqjEZe6e7XcHqqCJhnWmHclSCumA1+78IGsblidszbQi8G4R5yoDaQBUqfRXsfyIglhOWaQr2wbXihP/NAPRPNBB4y8FzF7P/SlD/SJowTxsQeOvF/ddOOBatqBoSYCjeD82ECtddXBR257N3JFCOihOmKT38BKyeUEI5LoF9wYLOBTPuLnXCF/dAGhbhiv3C+h8E8pG69fZnrcSuF6ufl/BlawO9s91QjNUlwWseSMJCXOrM3dxWgmGy+ZAsIvpqnGxhalVHlQzYFDUi/nEVqqgM3jU3xCEhVUZ+10Xk2XL2MASGSa1IRiy1xXQM+N6yg9gWM8oULB+WJMHBGqqM2IfHqB2+hWxLhoIhoJYMsWY8JA3qXe5iar0zb4Kc2FaNyzCw6oYoWA1eVwEE5gIUN2eioPEUMhpP4Iz+5D6WYkRsJwHbcxMG4w9QOchHx6t2OBc7CNjFqPG7CyF1F2JozojZ9yHowqXI0x1FWsUBJ0sxKk6hLuiQmKZaGbuOBVsSTHJcDwcc9Wl4X7bAO68HXZoIF7pICY7zUjaYJtb4b1jtMzYIfHzon2rRv+KC0H8T561ZEBKSdGEq/HM2/L58L4yUIPkVlT7+YWm4diu8FkCZpwSEEFnmjO+k08M5lsyatLL9G02ha1CFOAxYFeRsd1DeV7qXTFc/t4fzjd/HwzlT+mauLfsY6fRBek8eKnI0R6ANFTHKdKdnktf8GqKiHk7qVcflafJVZ3cab/K4gcQnavvn3kDzPwBTBMCdhxN/5wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZM7aBRhEMd/3+7t7W7OmJjnxRjDKUYNnPEJHjZqo4WIEAQhFhY+asVGsLIUbGwVRMFGfKDpRWzEqCEKIko0GlQ0MV4e5u5279sZi+AjRh0Yhml+zPznP+Zy/+A5EdNXiiWILAtD57deCgKPS4f3bTwOkBI1B/ds62gOgsAY4/K/qAgktsrNu8OHgDlAKRLf9wNz5V6RChPMmJfkWscIvSmsCl+nQ54P11Gja0nRyMn9ORIx5gc0FVtwHBfHQOx8Itc0hp9+x1Q0g00sKd9nRUcbI28y1KebEJk/VQpAAMcxRDpO2isyWZ4iSirE1mJ1Ft/3mY1CGkMHRecJ8wtgDGqFKKlSsRHlakQslkQAU0UlIeUYVOer6gCozgECmpmZzaB4RJIQ2QRj0rRUXI6tGiXjlUHNPwCOYZHbzodPrVQmFlGjDdSaBkyxgbzOsKZrO93+/QWXcfR3gNfC0nADxaEi9ukIDL0lP/mF3MqdLG7bwDJ9gJ1+vVBEVXg5cZREhESErmicQkcn6oJTE1PbVE8yfYdl6/oYH76GYe8vgKpigN1zxgLAzU9Smv1C5v1dsvkDUBlk4Optth45xbvRBzT4OQ82z61g/uLXJKxHPJfMkhXULikh0QiokHx7RG77Cdqn+4OB84VaACfwzBRSpad1Kz3ZAuuyBfItm6kbfUj98vVI6RkqZTb1rkbijwTBKzq7dzg2io8DmIu3Bs+KmkKcaP7Hidui++ktnRJmu0KSbwOoxjy58YJNvWsxbh2Eu3h88fSYiuwwfxoDYOB84X2+72q767xFbfGPFR3ccDWfnw/xqv/M9dTfvs5GcTB4obesoqjIb6k/KyKoavY7re8z/KbjU2AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHdSURBVDjLjZNPaxNBGIdrLwURLznWgkcvIrQhRw9FGgy01IY0TVsQ0q6GFkT0kwjJId9AP4AHP4Q9FO2hJ7El2+yf7OzMbja7Sf0578QdNybFLjwszLu/Z2femZkDMEfI54FkRVL4Dw8l8zqXEawMBgM2HA6vR6MRZiHraDabH7KSrKBA4SAIEIahxvd9eJ6HbrerJKZpotVqaUkavkMC+iCKIsRxrN6EEAKMMViWpQT9fh/0k3a7PZZkBUPmqXAKCSjAOYdt21NLUj1JBYW7C6vi6BC8vKWKQXUXQcNA5Nh6KY7jqJl0Op1JwY/Hi7mLp/lT/uoA/OX2WLC3C9FoQBwfILKulIRmQv1wXfevwHmyuMPXS5Fv1MHrFSTmhSomnUvw/Spo3C+vg3/+pJZDPSGRFvilNV+8PUZvoziKvn+d3LZvJ/BelMDevIZXK2EQCiUhtMDM53bY5rOIGXtwjU3EVz/HM5Az8eplqPFKEfzLR91cOg8TPTgr3MudFx+d9owK7KMNVfQOtyQ1OO9qiHsWkiRRUHhKQLuwfH9+1XpfhVVfU0V3//k4zFwdzjIlSA/Sv8jTOZObBL9uugczuNaCP5K8bFBIhduE5bdC3d6MYIkkt7jOKXT1l34DkIu9e0agZjoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFuSURBVBgZBcG/S1RxAADwz3teyp3XFUUWNVSoRGQR3dLQIESBbUZt9gekm9XW2lRbNDv0gxbJWoJoCcT+ABskTgcDDwLpOD19d+/73rfPJ4kAANaejUx03t5eBZIIgKe34r3JB7OTVVvZuzf9lderiKIoip7MLba+xY24H4v4N36PC635uSgFIJ2/Pz7ppH19w66aHk/nqQCfk8LU1BWJAyMyo3Y1bV2nwpeh8nxxthg+Vm+ZUFVKHDjhK1UqlJeK52E61LOkasOhRDAic8EWKp/qxaupmdOO6Fi3bVyiEAQdA6Th7tjMGYcyDTcdtWlUoqYtypHmjy/atadrX6JpU5QaMhDlSPNTFX9kMj0H6rr+gYFCjnSw3XNZ2y9dPfT1lUq5UkA6+Phb3TU3NJArHFeKhtTkSBc+rC//0NBQVbNmwphzGu5oCztUGDz8udydbSrlVmI9eSkIirzYKZokESw+yl+EdtgL75eWAID/yIWfXhcZhKEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGOSURBVDjLlZPNapNBFIafSdOvtbFgSi1dREEtguDSnTfStbgW9A6y9BICinfkRosRFw1mE5BoS4rNzPlzEfOrYjJwOGfzPvO+h5kUEWx6zt6+eO1ur8x0VN9E+Ondyy/udlLdPua8d8ZBrdIZoN1uh7szLTOb9WePgxpOdXjMzXsnuDlx/gGRzAxgZrRaLQBSSks94iPNJ0+BRL4aYpKJcER0GbAqns5mhptRRgNMC1Aj3P50sChanFULboJpwbUAiXCnlPEcoKr/BJgWQhWXMnEQE4DKmNrfHKyW/L7ZJBNyzVGzR4RSSp4DFh2sOhEpmCpWMo0bPzi4NWR76xqR/0SYA8a4ZkwyF9+3cD0kl8HyEqeA1fwpJUrJuAouGRNhmOvgjkhZD6AynuxABdNMSnXcHdU1AUXyRCwZl0JKTsQGAJFJhL3mHVwFzT8hBpgpqdPpRLfbpd/vL73/xX56v0djf5+d3QbV7h7b1Q6jqwu+fn7/La3znd88v3tkpg/M5JGZPnS3Vq1enZrky19GcE/tIr8QhwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLbZPLb01RFIe/c3pbvdU2RYsmfUS1KrdaqkGQCANDzyZMjEhEYiBiYGCkf4LExEQiDDxiQARh4DWoegxERG4IQkQ8cnsb2rPP3mstg6OlcleyspKdtb71++2dHZkZ24+c7TOzywYljA2GYQaYkRWbSRWPd+V398+d6ALIkTUcNFjeX+iIvn4rYzY9BBlMMYXx8i+mnKGWW8KfyACwqb/QHm0ZaKejtR/LCKhptlWz7S1NddTV5ti44xCzAJjN6+/r5ObTN5RKk5gqADqtwgxTY3xiksSl/Bt/LBDlanL0rOike9F8RMBMUTVEDFElqDGVeC5duVcJYIgoH75OUBNXkyQJ3qUEzc4DVeSqa2ieOwc1qwAAVJQgHuccu9Z2Z/IzdVj5Gd/eXuSF7OW/+b8KvCjiA0Fizt97hfOBIEYsCduar7C0Zwul4iPM8rMA8TQgBCX1nlTB4jlE1XmozlOof0nnkg00tg7Smo7R3jheCQA+CCEJOC8kQUi8kJcv9DJKQ3MTMnGNtoF9bG17TVVcSYEo3vkM4AXvhYI9pK1vNyTPGTt3gfqmKZbVf2R1m6tswacZIA3KAimyclFEw7xJ1L0DU+TnE7o2H2NXocTYqfUNMwA1Iw1CcAHnldSnrJbbNHWsQidfYDrF0HAvmn6mtrbI4MZhgkuPzroDEUNSwXmh24/S2zNIXcN3LPyAqIpnV4uAokmRlmWdiPOHH4ysKMw8I3HMmnUDWBQx9OkuLYXTEL8nbmwBjLX7d864rsovpWvr8YXF6yMnpwF3bt0YPZD9PGNoeZnHZ/ZgapjqrBppkNgkRRUzW/wbVUOsic+TyncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGKSURBVCjPPVFNSwJRFH1SPyR00V+xIqJVREIEUm6VFm1ahFvLiiI/oE1QRlQgUtgHlKhp41dlokVFpKmjo41M69MZlbi8d+Gec8897z4BoYcwREdj67fJsHqunkp728cjvToR/UoYs66I9og6OvjEA0o41FzeXWOfkB+6CZQIqajhGz/MRWQRh+dg3USCMNyvvbG3xVDQ5JFRJkXFNZZ8JNyZw1qbfTrUZuhwk1mihktbGRNxd45QqxvtroqMBip4pZcYHB4Rkhr44oh2H9bzJ/srHBLEYkoE1RZF5X8PLZ4qnmm3SqsOlQSpC1X6KhU+ssacwxlvW0ccSWnObOCdkK7ygUcSmijQ5BNsKeH1FMnOkK2wWOCtII9LDlCxBeuWCJh3tTynKVRJItG1meUOyqTMaTMT3KTTdwUNUYa+i3uCMvcSgR+2VTFAwo5xcz/EV6dps06VKLu/EMDUyeRw/7NcRoffqcXp+4I2X+DB9K/VbTH9/6Yey6MLfrtkV62d2cz8hmVcDPbqfy6NlFRFHkA7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJfSURBVDjLpZNrSFNhGMelD34op67Lp4I+RKBREkUNIR2po7LOztlxbY1amstyXWw2m06b6Ra1llpqBJrlJdNFVyqxixZmIQ5npVE20DCkYqaDDBVy77+zDQbCmEUffvC8L/x/z/Pw8oYACPkfAl5mKmWl+cJFMMTzoNsUBnXsQqhk4qt/JVCrUosMVBQs2yJg5igWhUMbH4a0uKVQ7VWUzSnQswJc4II6LqT1Eg6NkI99GyPArF1M5hRoBZGkpTIPI60WdFYexO4NfKTGLoEidhl2rotEmXbXgqCCqj3LXa6P7Rjrvo7vr2thr8/B4P1ijPa3ojFjxURf3aHQoIJqxWrbuK0Jzp5bmHzbzGH11uP2ZlSnx/QEXcGaxM5/tnlrx5NMAaZ7ajD1/p6XyTc38FwjgFWY/KJRKOUFFJQnpfE7RFSNk6Ux5fiEvmPJaMnd7sVT/7J14ytDozMx+WJ9nCJylsCcIp03oNHWfpMwgOMD0PUSaKoFrlSAVJwDMRfCfe0ySPcrfGEY8iCBKq1LpEL9grYtjJGky4BHd3xwQVRagBIjcDofKMgGjh8AuVQCd4kJP9Nk5K6IPusX9J6MmnE+zANOnQAsRT7OFPjO+iwgOwNQK+FWSoAsFcYeF6IrJ3raL3hniCbjT40gSm6FqnIQLkg8XXWHQTT7QXRH4OYm8HT/IWfhajPBlruK+AX9DUf1dv3K3zOcYDSFBs4XB2SEZuCgGPQWxkxzGdOsV/hsVfPa5dI1TSLl8AArJ0M0iyGxBIOUBI4dLPrFMnI7QTHRyqasH76p5gX9jf/CH9NZtVjmGMuRAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLhZNfSN1lGMc/7+939ORU1C0iszwSG2duOFqNBQ2meJUoY4MixiiKiCCGMMauZYJ00252uYIuRlsgKJRsDLE/VBIhu3B/knVmInpy/jnrpB71fX+/99uFO3KkrAfei/fh+Xx4eJ/nNZIoRtx9Vq6xCTs0hCTwHnmPJOQ9ya4u+PYHKkdumSKToCQURVvFRXBLUhRZV4oQbBO4aBOIYxTHBOlVyt6Y3brL+/8RWIesJdi3D8UxiWN5glfrYM8yQToN6+vI2v8U9JrZLGFTE+HLKcwLqwS72wmOGRKpFP7X35B1vTsKktev9ZD9o5epacJX1gga3iKofQ2lsmjiAXow2Vt773ZPKWMk4X5KVUhhWl6hF/j+5z5U2+IHZUcvQFCOnf4SNzD+tVrDi1KA9yJ2hYX6N+enjSTs9/Uz2tXcIPFkCiKoOw67Usg9Ri6PWxonLswjDN457PIUNrf4jpFEYcCc8I4vwgMfVSUaTiM7h7eP8S4HcQEUgUlgEtX4yJEfu0Zu7O5XJDljiouUv2r2+pih8v2n0uHzJ5F9hKJV5AsoXgMTEuWyzN3sj+0yPYcuq2/bI9a8rQxJjqz/Pjjo/7oPEtIG8hsgiyHk0Tf9ObdBRxH+xxTqTmvFVFQOu3wGGUAegwFtLhEhKy2faHjHMQKIpzrL6l7CmASKImwuiynbTVBeQ/kzzzbeuWhaSuu3/YWlwacrvGgPaw+Q/+USS6OjGQw/Vqb3vlu9v41k/UFyD+c6gTv/2kEcR62m6sWKhaHzLHw3eiVyHG7+WO/9OZHpmBz4bNauWdZX6dzesrR1Zj7l/Uwfk3fP8XppXhI/d1MzcobPb5ziXmn+b0pcjPW7AMpFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcHLjxN1AADg79eZttvddttll+WxIGrAV4QYTbxoYsSLgjc5arx68qCGf8G7J+NBEg8e9GqURDEmEiOJAWNUwIi8sryWDbSdmc60Mx2/Lxw78caZ1fXVo1EUAYAAACAIgICymrt/7/6P8er66tHPPzklNIJyPgNAENRqAWSzBEFdN9TzWq3y0ckPj8ZRFKmUwuxL6fcXrJzJbJ18xFKv6/LlX1xMP3Nra6jXW3Z3eyiKm0Zp7t1jtWYcaQAMh9uGT7eMkkR2+m9JcluSJEJxQTEZm2Rj00liMkmUeSqEOYI4APr9ndQzi+/v4OPz2m+tWd+zV2d2xaQ8pDfoaUUNcbMlyXIhFAgaQDAcDiXJ2MP1ymilNPn6X6q5OvvZrEhk49SsyBR5alpkQqhBDNDvr1PPDPrLhu89Y+XTbeUre7TXCo9MtzW7+y22I81W0zibYkSgQQB5XkiTzHA0NF6qPHiC/Iv/1FWuMf1WPklMi1SeJubTVABBHACdzkB3OdVfXgbNtx/V+eCsuDpg7+pf8s7ERvcP7daW6eSaqPGOgDgAxsNUkhRI/bZ5x41Zw66DlSdPXbZ5PLUr+kYx+slg8Yj2uW1hNRPQEIKA5cFuFgZ+z0rXpk2DwU53XjtgX7xisrXXoDuycX1B54dLbrQqdbMFYqjr2rmbV13YvKTb7cnzXJKkkqLw61MNh7+6Ijl/3eZK0+3nHzdqBvtbbRAHZGVqq5ppt7qWOn15MdVd6Or/ed2+W5lWkwfPHnbzsZZ2e8HStKCuQUwQQkPPsknItKuOxdC16+I9rc2Jqy8dURxMvHz2oX/27xa1m5irZqWAuCwrVVXZ2PGcjVUCCMIhvMpaCCC8OPdCNBMttESNSDWvlFUlvHni+Hc719dej5oxggAIAAAIAIGyrGzd3Tr9P5JrNp8Zt4rCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJKSURBVDjLjZNLSNVBFIe/+d97LdTCK2ki3qJLBipE9KBWtZAkW4ebFkEF7nLZroWQBBVGbgpa9FhJ65BCIUGxl9EmwSJLKzMl8IF2//M4p8W16zVbeJjhzGLmO7/fmRmjqoyPj6uIICKEEAgh4L0v5OLpnCvktrY2kwQIIVBbW8f84iKoQn6AKgqoamGNKul0BX19TwAoAOYXFrh0e5jNxPX2I1hr1wDe+9WSUJfZRXlpCZmqMrZuSZJzivOCCxAUXrx6h4oSxzEAEYBzLi8TMMawkvPMzOdYiQOq4INivRD7/B5V1itwziF/9RmDMYalFY9oTEVZimQyQSSKrgJEZSNAJY8wRZDfNmCdUFZaQiIREZl8DZU1QMECRRaMMXkIoMawEgfmpJ1pdxYTeeRfC9ZaokQEwOSXz//tfFVTzO7qBhb3XkWixxsBJakk1y4eIAQllUpxZ/Q8Kg4rHus9tZX1NNQcZSm3zOX+FhrdmbxiVaW3t/emc+5E0SurHNv+cM/JpnMEFYIEBGVm4RvpsmpGJvoZnRrUnLdp8/f6iqO7u7vjffrRrdP7LzD56yNOPF4cLjiiqITqbXUMTTzl5eehkCw+2NPTU+Wcm62v38fozxw+eHZu34WXQFDhx8IUleU1vP06zPCnoTnraVkHiOP4cCaTobX1FPfvdfBg5AZWLDlvye5o5Fi2hdeTQwx8eDZjPc3TXTq2wUJnZ+cb59yhf3/hYPVdDu4+zvMPA9+t0DzdpeOFJm4mslfMcpBE6W8J2dkuLdz1H8DrioJLLPMsAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJzSURBVBgZBcFdaJVlAADg532/75zN/XSstrM1YVBUpEmtycigG4sQu7FBl0VE5GUdooiuRj/3RRdddBNE94FgFkJqehPBQLLInEMHbXZmDvd7vr/z9Twhe8v+5rQFqQ6AiAiACAAoseqLfMXHaXPagseOdUwcIWkQU0IgBkIkBmJAQkBAXbH6W6f5w2mpVMfEEbKEyTkSdP/kziIxkkREEoRIXTMyRnuW9ulOCpIGcZBn5gHzFDtcP8fSGaptBOoagY3bDD5In6iPkLK7xu/fs3yZnXUawxx6hRNfMnUUECgKegVlTk4qIgZ217j6HTGQRsZmmHmN1jTPvsvi1yydIyvJM4qKHlFExOQcr37LC5/y6Ek2l/n5Q1Z+AWZPMTFDltErKUpyUn1ICGgMM36Q8YMcmufyZy7dLHT/uW47GzDQeFNr9g3HL7wuFhU9UhEBd69w9h3ah3linuFxl8ZO2SyGPD01Im0kuvdyG1uZi49/4FjvJ3KiiBipI3tdVs5z/iNuXXB7e8AjE0M2smBts1KGxIH2qG7rSfKKnFQfAknN0fdpjLBykcVvbLc+0Ww2lFmpX5OVtcE0UdYpZUVOCmLN+GGm5oC65OpZQ+2GvKgUFWW/BnVgd2eHsiYnAoG9dYpdYP0GWebA3jVbe5XRfamhwdR9Qw1rdwv1f9esbt2jJJWjLlHx43s0WqxcISs99cdXljZPuvHQi/o1Wzs9xb9/eX68a3WzqWi1hPptn3v5REd7jhJVQVFRVBQVeUVRUVZU3NrccmffoAcenvH3r2fKkB23vzlpwaSOPkr0kCNHDyVylMi5ef+o5edeKqu6n/4PaywNA5LOKLcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcFNiJRlAADg532/b2Z2Z9fdUdfWUlwNooJIFNryEEUSBAVCVy9eIrwJngqCwI4Jdg46VBIdukRQtBAdOliUHQ0qlbXE9afdmXVn5vt7v54ntG0Lznx1axWXHh/MnBhXybhKqpRM6jTENu6jwSYe4DN8nwOkun7+6P75E+df2gcAdsq0OC7T4ua0OVhWbBeNm/cf+vbvnVdxLgdIdb280A3g1lajE4I8kOX0OtGhXpTFqJNx7OCsxxbn9nz8y+2LEaCpqoW5nDqxXQbDiq2C4ZThlAcT7j5swDuX1504MueZpc6+HKCpqj27utFOwc60EWOQI8uIGZkgCySEZuTK9U1X14e3c4CmLJcXZzPDSW1ctGJsZZHYBFkk08oytJmNUeGjtb9GOJMD1GW5srzQMZy2any99qddPcZlbfd81+27EyEy38882u/aHE0Wfvj932EO0JTFyv7FnmsbjRCZjKdeWX3SqePzvrnyj/dOPw0APv3xnpTCzxFeu/DdrKbu9jpR2RC1xkXlv+0arP26AWBaMyq4t1UKIYlQF+W+XiAGErTEGGQtVZNcPHtcSq0mtTJJP0+KojDaKeXQlEU/n+vKI1kMmhTMdKJpUfngy5tioG6S1CQt2ralpd9J8hfPXV7ChdWnDrkzat3caMzNUKdW0dSy2EEraIQQtKnVtkldV8qyljdleRKv/3bths1J7mHRqprW9rjSCbmzb+xSpxKRljYkM3nXh1+sezDakTdVdfzUy8/Ovnv6BQDw5vs/yXQkE59cfdtS/5Aguje+5a3nLolmjItS3lTVjTv3hz5fu2YwP2uwMGMw15PnmcP7WZ7fdvLoqkH3AJGt6QGPzNX6XfIQhGOnLy3hHFawF3uxO/aPHH5iZU9n0BuYyRfUqRJSEtpGCmN/rF93d1T5H4CHTHMseNtCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANsSURBVDjLdZNrTNNnGMWb+M3wRaObc/plSxYToiZzc94quCGCVRfMnwYtUiyuUhUQKqtcCmhatAgEaKlcBNFSBYQ5lSIgQ0GFttRCL0BBoAVUVFKo/UtLBXJsiZp5+3CS98N7fjnnyfNQAFDeK1uf6nVGm5CSquS28VqPzMY0RcweVjDawmqC+QevZi6IvfJk4f//e/ThkalL8RFqTg7dHqhFo6UJiuEGdLzU4oq2HISMJo0pH+VwLpqHIgoHfD4DZHQlB1V0l+GOpRFl/VdxXMsH91Eqavr+xd5LO62MkuIfI0vN1tLWcXAvD4IQ6YI+AESdyYtPq0+QzcPNEBklYKmjEa6KxvmeUkhbxNgh3cZhXxiSZteOQWEgUXDnBWhpHeR23sPF8wB3X4Gi/xaKTJfBVEchpI2NeE0aZFoZ/MU+naxC489h4r7Zmzo7shrGUaWy4fgFE6hRTYJ5QHxLZGe9uRFRmkTsc5vZyjjI+isQVREJavpvWw7kme5nK56hWmODpPIaTPIQPL4hRFeJP3T53mGUo/XhrhuWOsRokiDS56Gyrwbn6kXYJPi1hJHbS3f3dVQqJ1FcXYaxZh5s+lqAfIpJfTXaMwOeU8Kv023K52pc67sOyd08+GZtsm48/UtKfeypJbnx5cvcffU1dXKMG9PgGr2JsXvn4DD8g1nLAxgusp0Uunx3p/hujqfvS5+MDXGKWGLlNJOZ5AymW6doe1bzMnLMViMfc44HcAweg9U9p15ZBJTSgzPqvKCfKLuK/Lh+uVS2IZ71vYv9V9Z0aChJpiTjdcg+jGZ6cyYMCZhztmNqgAnnCAP2nkTo82kgGAnF80Oc+fvEojfHjha6WCzXa6EAkxUyWOVlGGRuwVgH7505DM7h/XhlTEK3JBB+BH/qO9+MpfOAN0c4S92RSXthPiaq5Hh2Kgn94mj0KuLcsVvhNEdgeuQAbO4kPZIA+IcWYNnWs8RHm+jYSxAki4WJVD406Wx01yVCdzsHT1TBmDIzYO06iUc5NKzfnTbyLTU94Iu3YN/su/3Vug1DVaI/ALsFpiICzYnL8bAgELX8za4/6dzz31CFXl89Jo8mVq3xEhzynnO1S+BS5UIl3IaqQyvIhoQ1az81fhHgUTB1kfMMc9XMf2cDZ5qyfm+5xVv9w9fMHr0Fh4yy26byoRwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGtSURBVDjLpZO/a5NhFIWfL1bNoFQdREMRRAo62CqIhOImWRz8A9xcNU4uFd1asEs3cXDxX+ggFkTQoZRsUrGDCDpoY4VSEoPRku+e4/B9+UUyFHqnM9zzcM77chPbHGQKHHAmumL51c9eFNkYiAAMlpAhlOkQLNw5lwwBAEonj2CMBQYsI4MHIBJ8/dUeTRA2dm4Q2MbO0+QgyUgmOmMqRGQRsZFyY1drGNIJjQIcyhYNkrDIDeoZu8A0HQNIBQqjfClb7mr1kxiUehSgVITc6+mBzs4rdZOk4wBpChHq9R+GQLP1luaf9/zda9Bq73HrUf3J66cbi31ABBET+avnRmdfudNYpThZo3LtOlOnpnm3uULt09ZCuVo6UegnMBFGKUQ4+5UQaZitnRWuXJwlCsHs2QqRdChfngO43weECZlUzrWIyJLstrY5nBzj9qUHADy8+YILp2cAigNvID5/b/c6S8JhBOz+brBZX2ejvsZ85SVLb+5SPHQU4F+yn2ssV0uLU+cnH8/N3GD6zFW+bH9g/eMaP741l5P9nnO5WloC7gHHgRbwvPasPv8fJZl0Xd9fi4EAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLhZJdSJNhGIYHkjAQgk49CMMwJKPIkyIcDIJSFA+UkqKDQM0y/CFRdKmlMVGWQ1O3ZR5sKjKXP4wSayyFJYpSdhAEhRDYQXUSGAvry6t7mYU/1cHDBy/vdT/X87yfCTBtqmlPispBuGeB6S6DkNNgsm2BiVsORupTtt7fClcKjDI3BC/GVUFYHIOnPpjqgkBVFH955faAaU88U+4JZvvhWUCXe+BhC+oKY9dhpBrG6yF8G0Zr4e65CXry4/8EhHuczAmOBUy2GQKt0jX/7jRwxYy30ErfBYOAwnwl4Mx0rAeEu9J40mEwO6iOdoOxxr2M1iVIt1m6M/SXzOC92IyrIAF33l46sw38mqLVYtByPNXEY4eTSJ/0nDFdK6PViQxXLvGgCYbKYfCyvhXgyl2i43QibVarQqD3PDQfcZik+4qZ/vXZAtfM0h0meAPp+vGctXAn1yJdP74idc0YpvWYmZtHkRnUprw0SXeVGW3ZXx47jJNuFN8lpGuZn5/PiUQiqdK10JkFTelRGg/FUXcABq4qYN8nk3RXidzTYgpj2zXjOhPT/cBQ2QnB30Kh0Fe6805J9y0NaVC930xt8vpotqQVk7b7mvtVSDcq3XjpZsS2K9jH4iS8eYTf7/f+fA1b8kF13SVwmZb0WIBGcBWUSbdIi9m98WyC96jzSjAYXBO85vV637nd7oRNP50tyaLKN237lVWCuwUbfHwO7+cRbLS3t9t3ursTfFjw91+dI4IjgtfsdvvnhoaG5P8GCA4J/iK4d+NMsE/wSk1Nzcg/AwRnCV4WbNt6UXBjRUXFVGlp6cm/Bgj2CM7ZadZYCc4uLi7OVMVtnP0A9SbJ2btHXdYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLfZNLaFx1HIW/e2fuzJ00w0ymkpQpiUKfMT7SblzU4kayELEptRChUEFEqKALUaRUV2YhlCLYjYq4FBeuiqZgC6FIQzBpEGpDkzHNs5PMTJtmHnfu6//7uSh2IYNnffg23zmWqtIpd395YwiRL1Q0qyIfD56cmOvUs/4LWJg40auiH6jI+7v3ncybdo2Hy9ebKvqNGrn03Nj1+x0Bi1dHHVV9W0U+ye4d2d83+Ca2GJrlGZx0gkppkkfrsysqclFFvh8++3v7CWDh6ugIohfSPcPH+w6fwu05ABoSby9yb3Kc/mePYXc9TdCqslWapVGdn1Zjxo++O33Fujtx4gdEzj61f8xyC8/jN2rsVOcxYZOoVSZtBewZOAT+NonuAWw3S728wFZpFm975cekGjlz8NXLVtSo0SxPImGdtFfFq5epr21wdOxrnMwuaC2jrRJWfYHdxRfIFeDWr0unkyrSUqxcyk2TLQzQrt6hqydPvidDBg/8VTAp8DegvYa3OU1z+SbuM6dQI62kioAAVgondwAnncWvzCDNCk4CLO9vsJVw8xqN+iPiTB5SaTSKURGSaoTHHgxoAMlduL1HiFMZXP8BsvkbO1GD2O3GpLOIF0KsSBijxmCrMY+FqgGJQDzQgGT3XrJ7DuI5EKZd4iDG+CHG84m8AIki1Ai2imRsx4FEBtQHCUB8MG1wi8QKGhjEC4mbAVHTx8kNYSuoiGurkRtLN76ivb0K6SIkusCEoBEgaCQYPyT2QhKpAXKHTiMmQ2lmChWZTrw32v9TsLOyVlu8Nhi2G4Vs32HsTC9IA2KPRuU2Erp097+O5RRYvz3H1r3JldivfY7IR0+mfOu7l3pV5EM1cq744mi+OPwaRD71tSk0Vsp3/uLB6s2minyrIpeOf7a00fFMf1w+MqRGzqvIW/teecdqV5a5P/8ncXv9ZxUdf/lCae5/3/hvpi4OjajIp4ikVOTLY+cXr3Tq/QPcssKNXib9yAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF+SURBVDjLnZOxalRBFIa/e3djWGyE1GJhlcogRLCwshPrgI2NjaCktZZUCVaB5A1s8gI2PkMKGwu3CIIgKGuuu5ts7pzzH4t7k5tZSVw8MDPMmcPHnP+fKSKCFzsfXz1+uLp9PIubEoSEJJI3q0nIHFMw4IRPn7+/fv/26R5AH+DR+upub2lQrixBRBBARDsARRABiub8zth2gQ4wTVFO6hMioi2CIJDIcueg8cxL2ugDuAWbT26zaLx8d0QGMPcriyMAuhb6vYI6pRxQVeMrAUUBUFAUULS56sfo4rwESNfcIIO1azLPb3A0/Hq4/+HW/V+n4Arkjlwkc9yFyfHkuMRyTJHpMAOsP7i31lsesHKjs+qy8vMu/K7qtQwwPlNZzSZIlz2Pv/cBUjCdtzElsfXs7sI2brz5kotodr2I3cuMRsRkOcBd/1a/m/CzuXdw/HO0mIWtj5NqlAO+DYcHz7dmG26GJ8dSan5fXSNv7JMbYSJZDcHBBfi8r/+NP5dvHwJcdb23AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLjZJNiI1RGMd/59x35l5T7x2DGRGJ0CBfpUlRJMlCSRZsUExTsxpr1lIWyupakIUFFnbSNAnJRlJMhhmM7zHkcr/vvO95zzmPxR3urHRPnc7p6fx/z/88/ZWI0Mp6m9ukSQXn0wu698Q/py6vGXx5FQARaWmPX1p3Ov9kSJLKE5keOfLr2bk1+0UE1YqDsVzfxZ4NvUNdm/fp2tdJbMVTejdan3j6oj9oxX6QTvd1bjygXX2MzKJlRO4rS3Zt6bC1Qq4lgDP2U1L4uEOn8ihdoz2bh6hOdTpOqYk7255nsuvXK6XnSIS4MvnFT5cGM+GS80G2Y2G4Mrsi0EWUDvGJYfzmRDQ2Xj4ZKNG9y3dea1NKgTTEKEXx1a1VheKV4e7th5WYEZT7zuvhKkE975S11Tfvy6eO3fhwO8BKhDfp+HsOZ1KgsygVMjP1kKW7jyuTzxEEnUw8snRsGGB130E3eXfft6NnPtwG0CRKizc40454jat9ZubHfbz5gUpNkUp3M/6gjursYXHXKKRMuw5k+b8BoyTj7QymDmJqJJUyYe8JurauBaBtwSBbBpqzUcF8cDpoAhJNMK+H+ev6AQ8iCB5vprDFe4grIbaE2DLiqmSWnYW4mZ2ARERchK+PNh67CmKL+KSAuBLY4my9jLgaSAzJnIwQI+ItPvnZ6ORKiC3O3guzncv/ACIW4rkAI6JwiP09Kyw2bbsSYitNsY8a37RzAGJ8wdZ/dSTV9hAfapE28CHIIsTFgEF041Ta4aJIxPi4CYjiC+8vH+pD2Isi/G+mBVCPDV6u/y39AQ7XjBmT8uenAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLjZO/S8NAFMe/l8Q0ASUUXRwK9R9wFDfdunV19Q9wcmg3/wHp4FLo4CA4Ce3o6OLWUZwKpbRLMdDFCKH5dd73SkvQkvTgeLnLe5/3vXfvhJQSu4xutyuDIEC73Rb5fQM7jizLMBwO/+1b+UWv1+soRZdCiGO1PFJzT33r4Hq9DsuyigFRFN02Gg1UKpWNc5qmehJimmYxgE6e5+GsX4VrZQgzHlfiwI7xdP5VroAOzCZMidaFgGVIENH5sPAdZeUAwzAQxzGECrSpVt0Qq0ygErKbAh5DqOC7dxWj0gtKEGSl5QAWiYCX009t18Wj9UxvK8DYBugHz3hN+hiNRnp9+PAINlzpLawBTedqlflkpcC/uUYVKFewrsF4PNZ2MpnozLPZbJOg9AgMYNdx0BJUq9U2CQoBvEYGzOdz2LYN3/fhOA4Wi4UG839hDVTf/4RhuJ9XwLdAy/5Qr1EWAqbT6f1gMGgul0sdmAMjSRK4rvv2F/ALQmi5wbpDa1QAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALTSURBVDjLpZN9LBRgHMf1R/NPuo7Uam0aaV7G2uSvYki6c4hhWZe3mJw6i9FxnMj7RUNeIzYvnUtLuXKGXDV2yMm9JK10iDHlvOTuvN6369Zs1kZbf3y2Z8/2+ezZ8zw/PQB6/8NfG1H2B1n5JMPlAsoBsEkEsFyISqqdccY/Ba7ZGTJKvYiaygBDVGi570tEtjsBMY77NRRbo7RdA2UUAmq0IlsrZVN+Q0SmhzHinQ1xxY6wuGsg23Ef2sqSMclno7cqBtFOxoh1PYLr500RcYa4Vpvgqb9joDLIZE498wmLPWWY6rgHMfc25C9zoZCLwIk0Wxxttr800hCAz88zMfTQDeIS66BtgSKqVbei/xFmB5qgGuJoadStFSIO+BkWX6e7GFiQvAB+TmFe8gTCPNLMlnyY0rDX/GxULYd+GisDVVDLmnWo3jdAwLbFd2nK5uq3Fky/vguV9Ck2xrohrYlQ62Rjd46+EamedozUCdnEMrhJXmhM8tTRnucChYyFTVU3VKM3MNdPx8e6MEgqA3/0F/mc1DMic/cYuHFDTDy6MTypQv0kECsDaH1AVocACmkiNtVCKL8EQz1BxdIwE/IKpxlRvusp3SVa+1Z7u/qx0dS7gXIxQBdqECnQIJXzDNPvGH/kIKjHL2NRlgRZoRtiIyJTt15hMNliY5aXgOJqHkL4QFgrwKrjQdp2S3vst1DLw7AyEYgF7UlGSi5gtiUewjjLta2AmGWpUbTfQUBEDTI6lIgr4uBDKxNifgEm+/yhlFMxN5QASakPAsNLMd+Zjn6GlWYrIK2lJ4oSzddDQ7PW7UMEeJx7Dlgaw8gDP3Qxj6KnnAx+DhkuflWghzOVgym2K1onfdtHkjfSDFKYGUbHvXnlaeE2WBUWY7WvEH2Zzqi/agYHcq7ixMWW9pvRqYfGuTSDHafR34Gozg62WH+VQ17vzHd5w2PYmO40zr8A5dG3M3vHNHcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpZNPSFRRFMa/NzPaPNSpsDQVF4JUi3YtomW0MBCchbSxhS3chAS6mJpFBYmugpjSRS5cWAQFSUmBGIYiCbYYbOyfOAqKgwgqRNF79953zzktxoEspyAvnM095/zOdy/fcUQE+zmhYomOl23J9mcXw/8N0J5u8z09+C+AU3hC58Tl+kDbVqODpkCb09UVNUeNMciuLt0b757q+ivgyuv2s4EOrteW1cZj0YOIlrpw4ECRxvsvGWSXlvpme9M39gKEN84s1xtt+o5XnojXHapDAAsWxpa3BUcc5NZz2NzYfLf+NV567lQs+8cfKN+0HnNr4pVlR6CshlYai6tZGN8inZnD4kJ2YO7ux2sAUjef5NzfARHlqabyynIoq/DN+47x6fE1rYKRQJvzRgfpD/cXrgIAszSySAJAz24Fnr7wNjOD529eYGxyDL6nR2Z7093KN0+1CjoKhcwMIk4mhlcadkkQkaLxYNJvGJjwRkUEiYcr0v8qJ11Dy6O/1uzpg6Fp5Q5OqVuW5JMlaQEAIoYbBg6XhVs6BxebixppaFo1W8Z8VYVz+2R1xLWU94klxg9FiIYBaznV0f/ZBYBIoXF4RjdYklTMdVoqDjgoCQOBFRDn89YyfMMgZlTFShrXtv0EgJ7I41njWpKEJUlWx0JueakDQwITACQAcV4BEUGZEAqKiDh56U7mUcSSzFuSRsvA6jbBksBSfjKxYKcflhgr2wpMvHMvLrOknP2u80/X2WfmmbX8IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE8SURBVDjLpVM9SwNREJzTpx4JaGMn/oJrRMtU/g2xsLD1F/gDbK0lpaAgNmJnI1YWasBOELs0QgQDfsQ4Mxb3vEvgipwuLAsLszszb19iG/+JsHf6dDU3g9WXdzdtABIsAQZowjJkwSRkwyQoYX52+PYx8F0w0FrPFqfuuwP0P1W5ZW2hi9vXpViXsXOyieOtw+b1zUMr2T16tGnYBizYhqR8a2QjquxRkAjJsIhgGhsrg4q9CYDpmGWMerZ//oxgC1mW/clAnl0gIE6UqvXbLlIqJTYaDeibCBRrAX97ACAKwXIt4KgHEhEUGdQBlgOE4Khd0sTAMQZkzoDkxMBiAI1g5gzSNK39jJYQJKHT6SBN00KGpDFGVfJ6vR5kIyQetg8uh9tiH+IIMNb8hPOzNV2cuATAX+3kv9/5B7T5iPkmloFJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL0SURBVDjLhZNbSNNhGMb/EqGGUEEUUhgWUkmWQpFZ1oUkdZNQhFAeMkktQY288EgeKk+l05zHdI41tZNO5mHTEJ3OmTrPh8imTvM0tTxs6qbb07c/OTSjLp7v4uV9frzw8aMGWI9MSAJI+CQyEiWJtiv7AZoZbqh9fl3LD7+sLA46Lcv3seQz3fcFpLiamQCg9KHIcuNIVRwmmphQdORhtoeNma4CTLXkYlyUgdHqFMjK4tDLCUUjwwslIZdAAI0GQD8nrGsDMC3NJXmNSUk2vtczMSJIhoyXgIGiaHTkPobohTsNYLibdxkA4m65tVRch29VOegrjEQL0xu1cS4gZ4OcDZbvUWR5WyDH/ySKYm8iJz0e6dwqawNA/9QOagTSMTVml9awotFhdU2HOdU6+iZW0CZfxvCsGrIZNcrbZ5BeOSzYKBsA+gj7l0uF/SrdCFlWrmoxMb+GgclVDJGi+OsiMoWjulcVwyWby1sA+vA6FuzLOuZln2VLGP2hocuVnXPIEMoH0yqG7P8sbwNspLBJ0dAuV6JteAlMgVykn/lzzqnus+zgmWdj+l9AcdO0pHNMCSkBpJUPNehn3iw7VTT/NlyzjsOFedj0r4BC8bQDr1Uh7x5dQiDXEQFvzsOPfQZeebaIKL2Fd62pCH7vgispB7SOSXvNtgA4DVO8D83TuiHFCv0T5GTw2jPwUZpOF4tbGWB8CgZbkgg/rjPOxhlrbWKNdtPlAtGksKZnDuPzGqjUWmjWdSAn0+Xk6kAkCPzxrNIHUXwvxFT4IksUC7eCi7B6Qq1TRTU91tyGCdT1/4RicY0ua3XAndwTeNvCALf5JdhNicgXxxPIQ2SKYuDDvQrLSEpxMJSypV3oFWahUSKG5MssxmaWsaDS4EbmEVxLPQSnlP24kLQHHiwHZNRH4R7HGcfCjNTmoZT1Npn+5YLd053wZDvhVLgxQjx2STfbaNCZKCwjCit/K0y7QBTWEoWVVhGUziJ8B4LumkZv1vkXO/PSRSy+XJ4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKESURBVDjLpZO7axRhFMV/38zsy+xuEt2Q50bYgChGUBAVxUbRRlS0sxJsbP0HFAQJ1jYqtlqYTlARNZoiPlELCxVd0LgxwcnuxmT2MfPN97BIxAcIggcu91EcLudwhLWW/4HDf8I7feXZw/Sq3JZqEHc0QuUYCwaLNhZjLdpajFneV8oidBy3FquVd+Wy19PdWTx5eF0+iq1Ip9zf2MWfs1ju7Ui57UgPHDsfhY6/pEpSGXHt4RyVqqQZWaZrhkrdMPPNMLdo8ANLtWmJNczUJBduzrHQjJxcT3HEaUZapBIOg/157r70+daI6c0LEi4kXUHSEyQ96MoIakuS8amvdK3Os6YrBSCcVqgAKPVlGerNc+eFz0IQU8g6JD1IutCZFtQDyfiUT2FNntJgFrFintMM9bKaLpQGsvR0r+L6ZIV6IOlMC3JpQS2QnL99gHcLhygNZMl4v9jYbC9/IASoWJH2DMODXdx67jNTDZmphtx46hNbxVBhAxcnRkl6P5X1WpHGAlIqvtYDir05kskElx8c4c19jTQKqRUD3SNs6NtOEDY5e2MtV0+UwQq8VqSsNlb4tYBiT45MOgEWlJHs23gcbQ3aaAyW2cUKm4Z20ZBtDl4s0Ofcs16z/uVTJNXa9UMZkc04QjgaBwiVRFvDdO0DsVEoExPrmKUoYHNxN424xfOPu/FkY35676k73alcR4eXcoXnuTiuoL8YekorevPDKKPR1jC3+JnV2T5eVR7xrFyOE2/PPRF/C9PRSyUdSok0klBJRgobnR2l/bz4/JiJ93dfS8W22TEbiX9N4+g5Z37r8J7C5PuJl9Kwc3bMSoB/JiidEfPauIW20Ql/zKof9+9pyFaERzUY+QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAENSURBVDjLpZM/SwNREMTnxBRpFYmctaKCfwrBSCrRLuL3iEW6+EEUG8XvIVjYWNgJdhFjIXamv3s7u/ssrtO7hFy2fcOPmd03SYwR88xi1cPgpRdjjDB1mBquju+TMt1CFcDd0V7q4GilAwpnd2A0qCvcHRSdHUBqAYgOyaUGIBQAc4fkNSJIIGgGj4ZQx4EEAY3waPUiSC5FhLoOQkbQCJvioPQfnN2ctpuNJugKNUWYsMR/gO71yYPk8tRaboGmoCvS1RQ7/c1sq7f+OBUQcjkPGb9+xmOoF6ckCQb9pmj3rz6pKtPB5e5rmq7tmxk+hqO34e1or0yXTGrj9sXGs1Ib73efh1WaZN46/wI8JLfHaN24FwAAAABJRU5ErkJggg==",TRUE
diff --git a/src/util/README.txt b/src/util/README.txt
deleted file mode 100644
index 8fe3ea31b..000000000
--- a/src/util/README.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-This directory is for utilities used for building / packaging / releasing
-ESAPI.
-
-========================
-
-Jim Manico's instructions for creating changelog.txt:
-
-This is an ECLIPSE plug-in feature, not a SVN feature.
-
-I use the SUBCLIPSE plugin.
-
-Right click project root
-
-TEAM -> SHOW HISTORY
-
-Then from the history table, I see a list of history entries that represent
-our checking.
-
-I select a few rows, right click, then pick CHANGELOG.
-
-
-(Note: The SVN Subversive plug-in does NOT support this.)
\ No newline at end of file
diff --git a/src/util/esapi-release.sh b/src/util/esapi-release.sh
deleted file mode 100755
index d89d3b3cc..000000000
--- a/src/util/esapi-release.sh
+++ /dev/null
@@ -1,215 +0,0 @@
-#!/bin/sh
-# Purpose: Prepare an ESAPI release.
-#
-# Usage: esapi-release.sh esapi_svn_dir
-#   where,  esapi_svn_dir   is the directory where you retrieved the ESAPI
-#                           SVN tree to and built ESAPI via Maven or Eclipse.
-#                           This directory _must_ already exist.
-#                           There should be a 'src' and 'target' directories
-#                           under this directory and the 'target' directory
-#                           is where we will build the ESAPI zip file that
-#                           you then will be placed into the owasp-esapi-java
-#                           project hosting on Google Code.
-#
-# Assumptions:  Maven (mvn) is available in $PATH. If not, modify PATH
-#               in script (see 'Tunable Parameters') accordingly.
-#
-#               The correct version has been set / updated in pom.xml for
-#               the 'esapi' <artifactId> and this has been committed to SVN.
-#
-#               All tests pass. We skip the running of all the JUnit tests.
-#               (See the call to mvn and the -Dmaven.test.skip=true argument.)
-#
-# Bugs: This is going to be a bitch to write as a DOS .bat script. I should
-#       have my head examined for termites! What *was* I thinking???
-#
-#       Need to figure out how to create changelog.txt using 'svn log' command.
-#
-#############################################################################
-#
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2010 - The OWASP Foundation
-#
-# ESAPI is published by OWASP under the BSD license. You should read and
-# accept the LICENSE before you use, modify, and/or redistribute this software.
-#
-# Author: kevin.w.wall@gmail.com
-############################################################################
-
-#
-# Tunable parameters
-#
-#PATH=$PATH:/path/to/maven
-zipcmd=zip          # Is there something better for Linux?
-                    # This doesn't seem to have very good compression.
-unzipcmd=unzip
-# clean=clean         # Comment out if you don't Maven to do 'clean'. Will speed
-                    # things up a little bit.
-#esapiConfig=.esapi	# Sub-directory where ESAPI.properties resides
-esapiConfig=esapi	# Sub-directory where ESAPI.properties resides
-
-#
-# Non-tunable parameters
-#
-PROG="${0##*/}"
-USAGE="Usage: $PROG esapi_svn_dir"
-tmpdir="/tmp/$PROG.$RANDOM-$$"
-esapi_release_dir="$tmpdir/esapi_release_dir"
-
-    # This is the directory under esapi_svn_dir where the log4j and ESAPI
-    # properties files are located as well as the $esapiConfig/* config files.
-    # Note that formerly used to be under src/main/resources, but it since
-    # has been moved because where it was previously was causing problems with
-    # Sonatype's Nexus. That particular problem may have been resolved, but it
-    # it was, the ESAPI configuration stuff has never been moved back.
-configDir="configuration"
-
-# Cause the 'echo' builtin to interpret backslash-escaped characters.
-# If KornShell is installed as /bin/sh, this command won't be available,
-# but for ksh, 'echo' already works the way we want it to anyhow.
-shopt -s xpg_echo 2>/dev/null
-
-if [[ $# -eq 1 ]]
-then
-    esapi_svn_dir="$1"
-else
-    echo >&2 "$USAGE"
-    # Note: exit code '2' is standard for a simple usage error, w/ no other
-    #       error message. Unfortunaely, no one (at least the GNU folks)
-    #       seem to follow this convention any longer and all use 1. We're
-    #       sticking with old school, 'cuz I'm an old guy. ;-)
-    exit 2
-fi
-
-# A few simple directory sanity checks. The 1st check is VERY unlikely to fail.
-[[ $esapi_svn_dir == $esapi_release_dir ]] &&
-    { echo >&2 "$PROG: ESAPI SVN directory same as tmp dir!\n$USAGE"; exit 1; }
-[[ ! -d $esapi_svn_dir ]] &&
-    { echo >&2 "$PROG: ESAPI SVN directory, $esapi_svn_dir, does not exist or not a directory."; exit 1; }
-[[ ! -d $esapi_svn_dir/src/main ]] &&
-    { echo >&2 "$PROG: Wrong directory specified??? Missing 'src/main' directory: $esapi_svn_dir/src/main - does not exist or not a directory."; exit 1; }
-[[ -f "$esapi_svn_dir"/pom.xml ]] ||
-    { echo 2>&1 "$PROG: missing pom.xml. Looks like $esapi_svn_dir is not the SVN dir.";
-      echo 2>&1 "USAGE"; exit 1; }
-
-mkdir $tmpdir || exit 1 # Exit if it already exists.
-trap "rm -fr $tmpdir" EXIT  # We probably want this skipped if the mkdir fails
-umask 022
-mkdir $tmpdir/esapi_release_dir || exit 1
-
-# Create an intermediate distribution zip file. The zip file will be
-# left in the 'target' directory and named according to what <version>
-# is in the pom.xml file for the 'esapi' <artifactId>. For release
-# candidates, it will be something like this:
-#       esapi-2.0_RC7-SNAPSHOT-dist.zip
-# and inside of it, the ESAPI jar would be named 'esapi-2.0_RC7-SNAPSHOT.jar'.
-cd "$esapi_svn_dir"
-tmpout=$tmpdir/mvn.out
-echo "Running mvn to create intermediate zip file.\nPlease wait; this probably will take awhile..."
-rm -f target/esapi-*.zip target/esapi-*.jar
-mvn $clean site -Pdist -Dmaven.test.skip=true >$tmpout 2>&1
-if [[ $? != 0 ]]
-then    echo >&2 "$PROG: Maven failed to build distribution zip file"
-        echo >&2 "\tSee results in: $tmpout"
-        trap - EXIT    # Clear exit trap so stuff not removed.
-        exit 1
-else    rm $tmpout
-        echo "Maven completed successfully."
-fi
-
-jarfile=$(ls target/esapi-*.jar 2>&-)
-if [[ -n "$jarfile" && -r $jarfile ]]
-then    jarfile=$PWD/$jarfile
-else    echo >&2 "$PROG: Can't find ESAPI jar file created by Maven."
-        exit 1
-fi
-# OK, now we need to adjust the jar file. We don't want the properties in
-# the ESAPI jar as too many people have complained about the ESAPI.properties
-# and other stuff there. Also, we want to delete settings.xml and
-# owasp-esapi-dev.jks. We might add the latter once we start signing the
-# jar.
-jartmpdir=$tmpdir/esapi-jar
-mkdir $jartmpdir
-cd $jartmpdir || exit
-jar xf "$jarfile"
-rm -fr ${esapiConfig:?}
-rm -f properties/* log4j.*
-rm -f settings.xml owasp-esapi-dev.jks
-# TODO: This part would need some work if we sign or seal the ESAPI jar as
-#       that creates a special MANIFEST.MF file and other special files and
-#       it's not clear they will be merely copied by the simply jar command
-#       below.
-jar cf "$jarfile" .
-
-# Now work on the zip file.
-cd "$esapi_svn_dir"
-zipfile=$(ls target/esapi-*.zip 2>&-)
-if [[ -n "$zipfile" && -r $zipfile ]]
-then    zipfile="$esapi_svn_dir"/$zipfile   # 'target/' already included.
-else    echo >&2 "$PROG: Can't find ESAPI zip file created by Maven."
-        exit 1
-fi
-[[ -s $zipfile ]] ||
-    { echo 2>&1 "$PROG: zip file $zipfile has 0 size."; exit 1; }
-$unzipcmd -q "$zipfile" -d "$esapi_release_dir" || exit 1
-cd "$esapi_release_dir" || exit 1
-
-# 1) Combine the two license files into one and make it a DOS .txt
-#    file so those do don't have real editors (i.e., notepad newbs) can
-#    read it just by clicking on it. Generally reading DOS text files on *nix
-#    is never a problem.
-( echo "\t\tESAPI Source Code:\n\n"; cat LICENSE; echo "\n\n=========================\n\n\t\tESAPI Documentation:\n\n"; cat LICENSE-CONTENT ) >LICENSE.txt
-rm LICENSE LICENSE-CONTENT
-unix2dos -q LICENSE.txt
-
-# 2) Patch up the 'configuration' directory. Need to copy owasp-esapi-dev.jks
-#    here as well as the $esapiConfig directory. Also need to populate the
-#    properties subdirectory. Not sure where the settings.xml file should
-#    go, or even if we should leave it here; will copy it to 'configuration'
-#    directory.
-
-# Note: Not sure why this is now needed. Something must have changed in the
-# pom.xml that requires this, but have recently found that even the
-# configuration directory does not exist.
-if [[ ! -d "$configDir" ]]
-then    mkdir -p "$configDir"/properties ||
-    { echo >&2 "$PROG: Missing '$configDir' directory and cannot create it!"; exit 1; }
-fi
-cp -p "$esapi_svn_dir"/resources/owasp-esapi-dev.jks configuration/
-cp -p "$esapi_svn_dir"/resources/settings.xml configuration/
-cp -r -p "$esapi_svn_dir"/"$configDir"/$esapiConfig configuration/$esapiConfig/
-cp -p "$esapi_svn_dir"/"$configDir"/properties/* configuration/properties/
-
-# 3) Create the changelog.txt which should be the changes since the
-#    last release.
-##TODO  - Not sure how to do this, but their must be a way since the Subclipse
-#         Eclipse plugin is able to do it somehow. We can use 'svn log' if
-#         we can figure out the starting and ending SVN revisions. (See
-#         http://www.bernzilla.com/item.php?id=613 for details.)
-echo "$PROG: Skipping creation of changelog.txt in zip file."
-echo "\tManually create changelog.txt and add it to the final zip file."
-
-# 4) Copy the pom.xml there. It doesn't get created by the Maven goal.
-cp -p "$esapi_svn_dir"/pom.xml .
-
-# 5) Update zip file w/ new, updated ESAPI jar file.
-cp -p "$jarfile" .
-
-# 6) Fix up permissions so when zip is extracted, it comes out sane.
-chmod -R a+r,go-w .
-
-# Now we take the contents of the ESAPI release directory and re-zip it.
-# We can't use the 'freshen' option here because that has to be run
-# from the same directory (which would be the ESAPI SVN directory).
-rm "$zipfile"
-cd "$esapi_release_dir"
-$zipcmd -q -r $zipfile .
-
-cd /    # In case some weird 'rm' command (from EXIT trap) prevents us from
-        # removing directory that we are under. I could see something like
-        # that happen with Cygwin and Windows.
-echo "Zip file at: $zipfile\nPlease check it for accuracy before releasing."
-exit 0
diff --git a/suppressions.xml b/suppressions.xml
new file mode 100644
index 000000000..ba522ec54
--- /dev/null
+++ b/suppressions.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- OWASP Dependency Check suppression file for ESAPI. -->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+
+        <!-- NOTE: These 4 suppression rules are redundant. Will decide later which one to keep. -->
+    <suppress>
+        <notes><![CDATA[
+            CVE-2017-10355 in library xercesImpl-2.12.2.jar, which is a transitive dependency, pulled in via AntiSamy.
+            It is a Denial of Service vulnerability with a CVSSv3 score of 5.9.
+
+            We are suppressing this because it is believed by the ESAPI and AntiSamy teams that it is a false positive.
+            Dependency Check itself doesn't flag this and neither does Snyk. Dependency Check reports it because it is reported
+            directly by Sonatype's OSS Index. For futher details, see
+            https://ossindex.sonatype.org/vulnerability/CVE-2017-10355?component-type=maven&component-name=xerces/xercesImpl
+            and https://github.com/OSSIndex/vulns/issues/328#issuecomment-1287175491.
+
+            OSS Index seems to have the wrong CPE. They have 'cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*', whereas the CPE IDs
+            associated with NVD are 'cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*' and
+            'cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*'. (Note: as of Nov 2024, none of the CPEs even mention Xerces, but
+            rather seem to only refer to the JREs.)
+
+            Note also that this has been reported as GitHub issue # 4614 for OWASP Dependency Check. For details, see
+            https://github.com/jeremylong/DependencyCheck/issues/4614
+            ]]></notes>
+        <sha1>f051f988aa2c9b4d25d05f95742ab0cc3ed789e2</sha1>
+       <cpe>cpe:/a:apache:xerces-j</cpe>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+            CVE-2017-10355 in xercesImpl. See above for details.
+       ]]></notes>
+       <sha1>f051f988aa2c9b4d25d05f95742ab0cc3ed789e2</sha1>
+       <cpe>cpe:/a:apache:xerces2_java</cpe>
+   </suppress>
+   <suppress>
+        <notes><![CDATA[
+            CVE-2017-10355 in xercesImpl. See above for details.
+
+            This is the one that matches the OSS Index
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/xerces/xercesImpl@.*$</packageUrl>
+        <vulnerabilityName>CVE-2017-10355</vulnerabilityName> 
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+            FP per Dependency Check GitHub issue #4614
+        ]]></notes>
+        <cve>CVE-2017-10355</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+            FP per Depencency Check GitHub Issue #6704
+            pkg:maven/commons-configuration/commons-configuration@1.10
+        ]]></notes>
+        <sha1>2b36e4adfb66d966c5aef2d73deb6be716389dc9</sha1>
+        <vulnerabilityName>CVE-2024-29131</vulnerabilityName>
+   </suppress>
+    <suppress>
+        <notes><![CDATA[
+            FP per Depencency Check GitHub Issue #6704
+            pkg:maven/commons-configuration/commons-configuration@1.10
+        ]]></notes>
+        <sha1>2b36e4adfb66d966c5aef2d73deb6be716389dc9</sha1>
+        <vulnerabilityName>CVE-2024-29133</vulnerabilityName>
+   </suppress>
+</suppressions>
diff --git a/versionRuleset.xml b/versionRuleset.xml
new file mode 100644
index 000000000..4edec3360
--- /dev/null
+++ b/versionRuleset.xml
@@ -0,0 +1,55 @@
+<ruleset comparisonMethod="maven"
+         xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 https://www.mojohaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
+<rules>
+    <rule groupId="*" artifactId="*" comparisonMethod="maven">
+      <!--
+            This regex is intended to restrict version updates to the last stable releases of dependencies and plugins.
+
+            Any version that does not contain the stable maven-plugin version naming scheme (EG "-M7"),
+                but does contain letters a-zA-Z (and optional digits after)
+       -->
+       <ignoreVersions>
+          <ignoreVersion type="regex">^(?!.[\s\S]*-M\d*).[\s\S]*.*[a-zA-Z]\d.*$</ignoreVersion>
+       </ignoreVersions>
+    </rule>
+    <!--
+         xml-apis has a screwy version structure where the 2.x versions are older than the 1.x versions (check the dates in maven!).
+            we are explicitly ignoring all of the 2.x version lineage of the project.
+    -->
+    <rule groupId="xml-apis" artifactId="xml-apis" comparisonMethod="maven">
+       <ignoreVersions>
+          <ignoreVersion type="regex">2.*</ignoreVersion>
+       </ignoreVersions>
+    </rule>
+    <!--
+         Mockito is bound to v.3.x until powermock gets updated
+         Prevent auto-update of mockito based on that expectation
+
+         https://github.com/powermock/powermock/issues/1109
+    -->
+    <rule groupId="org.mockito" artifactId="mockito-core" comparisonMethod="maven">
+       <ignoreVersions>
+          <ignoreVersion type="regex">^0{0,1}[4-9].*</ignoreVersion>
+       </ignoreVersions>
+    </rule>
+    <rule groupId="javax.servlet" artifactId="javax.servlet-api" comparisonMethod="maven">
+       <ignoreVersions>
+          <ignoreVersion type="regex">^0{0,1}[4-9].*</ignoreVersion>
+       </ignoreVersions>
+    </rule>
+  </rules>
+</ruleset>
+<!--
+###########################
+RE-USABLE REGEX REFERENCES
+###########################
+   Keep in mind that regexes are used as exclusions:
+   Anything that *DOES NOT MATCH IS VALID FOR UPDATE*
+
+#####  REGEX ##############
+^0{0,1}[4-9].*
+###########################
+Occassionally we need to couple to a major version of an artifact.
+  This REGEX is an example of how to tie to the latest artifact of major versions 0,1,2,or 3
+ -->